NBG4604 Wireless N Gigabit Managed Router IMPORTANT! Default Login Details LAN IP Address READ CAREFULLY BEFORE USE. https://192.168.1.1 User Name admin Password 1234 KEEP THIS GUIDE FOR FUTURE REFERENCE. IMPORTANT! Version 1.00 Editionwww.zyxel.com 5, 4/2012 www.zyxel.
IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. Graphics in this book may differ slightly from the product due to differences in operating systems, operating system versions, or if you installed updated firmware/software for your device. Every effort has been made to ensure that the information in this manual is accurate. Related Documentation • Quick Start Guide The Quick Start Guide shows how to connect the NBG4604 and configure it using the Web Configurator wizard.
Contents Overview Contents Overview User’s Guide ........................................................................................................................... 13 ...................................................................................................................................................15 Introduction ................................................................................................................................15 Connection Wizard .......................
Contents Overview 4 NBG4604 User’s Guide
Table of Contents Table of Contents Contents Overview .................................................................................................................. 3 Table of Contents ..................................................................................................................... 5 Part I: User’s Guide ................................................................................13 Chapter 1 .......................................................................................
Table of Contents Chapter 3 The Web Configurator ............................................................................................................ 37 3.1 Overview ..............................................................................................................................37 3.2 Login Accounts .....................................................................................................................37 3.3 Accessing the Web Configurator ..................................
Table of Contents 6.2 What You Can Do ................................................................................................................72 6.3 What You Should Know .......................................................................................................72 6.3.1 Wireless Security Overview ........................................................................................72 6.4 General Wireless LAN Screen .......................................................................
Table of Contents 9.1 Overview ............................................................................................................................ 111 9.2 What You Can Do .............................................................................................................. 111 9.3 What You Need To Know ................................................................................................... 111 9.4 General Screen ...................................................................
Table of Contents Chapter 14 Static Route ........................................................................................................................... 141 14.1 Overview ..........................................................................................................................141 14.2 What You Can Do ............................................................................................................141 14.3 IP Static Route Screen ........................................
Table of Contents 17.5 Technical Reference .........................................................................................................167 17.5.1 Using UPnP in Windows XP Example ....................................................................167 17.5.2 Web Configurator Easy Access ..............................................................................170 Chapter 18 System ..............................................................................................................
Table of Contents 23.1 Power, Hardware Connections, and LEDs .......................................................................195 23.2 NBG4604 Access and Login ............................................................................................196 23.3 Internet Access ................................................................................................................198 23.4 Resetting the NBG4604 to Its Factory Defaults .............................................................
Table of Contents 12 NBG4604 User’s Guide
P ART I User’s Guide 13
C HA PT ER 1 Introduction 1.1 Overview This chapter introduces the main features and applications of the NBG4604. The NBG4604 extends the range of your existing wired network without additional wiring, providing easy network access to mobile users. You can set up a wireless network with other IEEE 802.11b/g/n compatible devices. A range of services such as a firewall and content filtering are also available for secure Internet computing. 1.
Chapter 1 Introduction • WAN. Connect to a broadband modem/router for Internet access. Figure 1 NBG4604 Network 1.3 Ways to Manage the NBG4604 Use any of the following methods to manage the NBG4604. • WPS (Wi-Fi Protected Setup). You can use the WPS button or the WPS section of the Web Configurator to set up a wireless network with your ZyXEL Device. • Web Configurator. This is recommended for everyday management of the NBG4604 using a (supported) web browser. 1.
Chapter 1 Introduction 1.5 LEDs Figure 2 Front Panel The following table describes the LEDs and the WPS button. Table 1 Front Panel LEDs and WPS Button LED COLOR STATUS DESCRIPTION POWER Green On The NBG4604 is receiving power and functioning properly. Off The NBG4604 is not receiving power. On The NBG4604 is ready, but is not sending/ receiving data through the wireless LAN. Blinking The NBG4604 is sending/receiving data through the wireless LAN.
Chapter 1 Introduction 1.6 The WPS Button Your NBG4604 supports WiFi Protected Setup (WPS), which is an easy way to set up a secure wireless network. WPS is an industry standard specification, defined by the WiFi Alliance. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually. Each WPS connection works between two devices. Both devices must support WPS (check each device’s documentation to make sure).
Chapter 1 Introduction 4 Make sure the screws are fastened well enough to hold the weight of the NBG4604 with the connection cables. 5 Align the holes on the back of the NBG4604 with the screws on the wall. Hang the NBG4604 on the screws.
Chapter 1 Introduction 20 NBG4604 User’s Guide
C HA PT ER 2 Connection Wizard 2.1 Wizard Setup This chapter provides information on the wizard setup screens in the Web Configurator. The Web Configurator’s wizard setup helps you configure your device to access the Internet. Refer to your ISP (Internet Service Provider) checklist in the Quick Start Guide to know what to enter in each field. Leave a field blank if you don’t have that information. 1 After you access the NBG4604 Web Configurator, click the Go to Wizard setup hyperlink.
Chapter 2 Connection Wizard 2 Choose a language by clicking on the language’s button. The screen will update. Click the Next button to proceed to the next screen. Figure 5 Select a Language 3 Read the on-screen information and click Next. Figure 6 Welcome to the Connection Wizard 2.2 Connection Wizard: STEP 1: System Information System Information contains administrative and system-related information. 2.2.1 System Name System Name is for identification purposes.
Chapter 2 Connection Wizard To view (or set) your computer name in Windows, right click over My Computer on your desktop, then select Properties. When the System Properties window opens, select the Computer Name tab. Figure 7 Computer Name 2.2.2 Domain Name The Domain Name entry is what is propagated to the DHCP clients on the LAN. If you leave this blank, the domain name obtained by DHCP from the ISP is used.
Chapter 2 Connection Wizard The following table describes the labels in this screen. Table 3 Wizard Step 1: System Information LABEL DESCRIPTION System Name System Name is a unique name to identify the NBG4604 in an Ethernet network. Enter a descriptive name. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes "-" and underscores "_" are accepted. Domain Name Type the domain name (if you know it) here.
Chapter 2 Connection Wizard The following table describes the labels in this screen. Table 4 Wizard Step 2: Wireless LAN LABEL DESCRIPTION Name (SSID) Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN. If you change this field on the NBG4604, make sure all wireless stations use the same SSID in order to access the network. Security Select a Security level from the drop-down list box.
Chapter 2 Connection Wizard 2.3.1 Extend (WPA-PSK or WPA2-PSK) Security Choose Extend (WPA-PSK) or Extend (WPA2-PSK) security in the Wireless LAN setup screen to set up a Pre-Shared Key. Figure 10 Wizard Step 2: Extend (WPA-PSK or WPA2-PSK) Security The following table describes the labels in this screen. Table 5 Wizard Step 2: Extend (WPA-PSK or WPA2-PSK) Security LABEL DESCRIPTION Pre-Shared Key Type from 8 to 63 case-sensitive ASCII or 64 HEX characters.
Chapter 2 Connection Wizard This wizard screen varies according to the connection type that you select. Figure 11 Wizard Step 3: ISP Parameters. The following table describes the labels in this screen, Table 6 Wizard Step 3: ISP Parameters CONNECTION TYPE DESCRIPTION Ethernet Select the Ethernet option when the WAN port is used as a regular Ethernet. PPPoE Select the PPP over Ethernet option for a dial-up connection. If your ISP gave you an IP address and/or subnet mask, then select PPTP.
Chapter 2 Connection Wizard 2.4.2 PPPoE Connection Point-to-Point Protocol over Ethernet (PPPoE) functions as a dial-up connection. PPPoE is an IETF (Internet Engineering Task Force) standard specifying how a host personal computer interacts with a broadband modem (for example DSL, cable, wireless, etc.) to achieve access to high-speed data networks. For the service provider, PPPoE offers an access and authentication method that works with existing access control systems (for instance, RADIUS).
Chapter 2 Connection Wizard Table 7 Wizard Step 3: PPPoE Connection LABEL DESCRIPTION Password Type the password associated with the user name above. Back Click Back to return to the previous screen. Next Click Next to continue. Exit Click Exit to close the wizard screen without saving. 2.4.
Chapter 2 Connection Wizard The following table describes the fields in this screen Table 8 Wizard Step 3: PPTP Connection LABEL DESCRIPTION ISP Parameters for Internet Access Connection Type Select PPTP from the drop-down list box. To configure a PPTP client, you must configure the User Name and Password fields for a PPP connection and the PPTP parameters for a PPTP connection. User Name Type the user name given to you by your ISP. Password Type the password associated with the User Name above.
Chapter 2 Connection Wizard The following table describes the labels in this screen Table 9 Wizard Step 3: Your IP Address LABEL DESCRIPTION Get automatically from your ISP Select this option If your ISP did not assign you a fixed IP address. This is the default selection. If you choose this option, skip directly to Section 2.4.9 on page 34. Use fixed IP address provided by your ISP Select this option if you were given IP address and/or DNS server settings by the ISP.
Chapter 2 Connection Wizard addresses, follow their instructions in selecting the IP addresses and the subnet mask. If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise. Let's say you select 192.
Chapter 2 Connection Wizard 2.4.8 WAN IP and DNS Server Address Assignment The following wizard screen allows you to assign a fixed WAN IP address and DNS server addresses. Figure 16 Wizard Step 3: WAN IP and DNS Server Addresses The following table describes the labels in this screen Table 11 Wizard Step 3: WAN IP and DNS Server Addresses LABEL DESCRIPTION WAN IP Address Assignment My WAN IP Address Enter your WAN IP address in this field.
Chapter 2 Connection Wizard 2.4.9 WAN MAC Address Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. Table 12 Example of Network Properties for LAN Servers with Fixed IP Addresses Choose an IP address 192.168.1.2-192.168.1.32; 192.168.1.65-192.168.1.254. Subnet mask 255.255.255.0 Gateway (or default route) 192.168.1.
Chapter 2 Connection Wizard 2.5 Connection Wizard Complete Click Finish to complete the wizard setup. Figure 18 Connection Wizard Complete Well done! You have successfully set up your NBG4604 to operate on your network and access the Internet.
Chapter 2 Connection Wizard 36 NBG4604 User’s Guide
C HA PT ER 3 The Web Configurator 3.1 Overview This chapter describes how to access the NBG4604 Web Configurator and provides an overview of its screens. The Web Configurator is an HTML-based management interface that allows easy setup and management of the NBG4604 via Internet browser. Use Internet Explorer 7.0 and later or Firefox 1.5 and later. The recommended screen resolution is 1024 by 768 pixels. In order to use the Web Configurator you need to allow: • Web browser pop-up windows from your device.
Chapter 3 The Web Configurator 3.3 Accessing the Web Configurator 1 Make sure your NBG4604 hardware is properly connected and prepare your computer or computer network to connect to the NBG4604 (refer to the Quick Start Guide). 2 Launch your web browser. 3 Type "http://192.168.1.1" as the website address. Your computer must be in the same subnet in order to access this website address. 4 If you are logging in with the “admin” account, type “1234” (default) as the password.
Chapter 3 The Web Configurator 5 You should see a screen asking you to change your password (highly recommended) as shown next. Type a new password (and retype it to confirm) and click Apply or click Ignore. Note: The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the NBG4604 if this happens. 6 Select the setup mode you want to use.
Chapter 3 The Web Configurator 3.4 Resetting the NBG4604 If you forget your password or IP address, or you cannot access the Web Configurator, you will need to use the RESET button at the back of the NBG4604 to reload the factory-default configuration file. This means that you will lose all configurations that you had previously saved, the password will be reset to “1234” and the IP address will be reset to “192.168.1.1”. 3.4.1 Procedure to Use the Reset Button 1 Make sure the power LED is on.
Chapter 3 The Web Configurator (For information on the status screen in AP Mode see Chapter 4 on page 50.) Figure 21 Status Screen (Router Mode) The following table describes the icons shown in the Status screen. Table 14 Status Screen Icon Key ICON DESCRIPTION Click this icon to open the setup wizard. Click this icon to view copyright and a link for related product information. Click this icon at any time to exit the Web Configurator.
Chapter 3 The Web Configurator The following table describes the labels shown in the Status screen. Table 15 Web Configurator Status Screen (Router Mode) LABEL DESCRIPTION Device Information System Name This is the System Name you enter in the Maintenance > System > General screen. It is for identification purposes. Firmware Version This is the firmware version and the date created. WAN Information - MAC Address This shows the WAN Ethernet adapter MAC Address of your device.
Chapter 3 The Web Configurator Table 15 Web Configurator Status Screen (Router Mode) (continued) LABEL DESCRIPTION - Bandwidth Management This shows whether bandwidth management is active or not. - UPnP This shows whether UPnP is active or not. Interface Status Interface This displays the NBG4604 port types. The port types are: WAN, LAN and WLAN. Status For the LAN and WAN ports, this field displays Down (line is down) or Up (line is up or connected).
Chapter 3 The Web Configurator Table 16 Screens Summary LINK TAB FUNCTION General Use this screen to configure wireless LAN. MAC Filter Use the MAC filter screen to configure the NBG4604 to block access to devices or block the devices from accessing the NBG4604. Advanced This screen allows you to configure advanced wireless settings. QoS Use this screen to configure Wi-Fi Multimedia Quality of Service (WMM QoS).
Chapter 3 The Web Configurator Table 16 Screens Summary LINK TAB FUNCTION Static Route IP Static Route Use this screen to configure IP static routes. Bandwidth MGMT General Use this screen to configure a bandwidth management service type. Advanced Use this screen to configure bandwidth management for specific types of applications. WWW Use this screen to configure through which interface(s) and from which IP address(es) users can use HTTP to manage the NBG4604.
Chapter 3 The Web Configurator server, the NBG4604 provides the TCP/IP configuration for the clients. If DHCP service is disabled, you must have another DHCP server on that network, or else the computer must be manually configured. Click the DHCP Table (Details...) hyperlink in the Status screen. Read-only information here relates to your DHCP status. The DHCP table shows current DHCP client information (including IP Address, Host Name and MAC Address) of all network clients using the NBG4604’s DHCP server.
Chapter 3 The Web Configurator "system up time". The Poll Interval(s) field is configurable and is used for refreshing the screen. Figure 23 Summary: Packet Statistics The following table describes the labels in this screen. Table 18 Summary: Packet Statistics LABEL DESCRIPTION Port This is the NBG4604’s port type. Status For the LAN ports, this displays the port speed and duplex setting or Down when the line is disconnected.
Chapter 3 The Web Configurator network or computer with a wireless network card) has connected successfully to the AP (or wireless router) using the same SSID, channel and security settings. Figure 24 Summary: Wireless Association List The following table describes the labels in this screen. Table 19 Summary: Wireless Association List 48 LABEL DESCRIPTION # This is the index number of an associated wireless station. MAC Address This field displays the MAC address of an associated wireless station.
C HA PT ER 4 AP Mode 4.1 Overview This chapter discusses how to configure settings while your NBG4604 is set to AP Mode. Many screens that are available in Router Mode are not available in AP Mode. Note: See Chapter 5 on page 57 for an example of setting up a wireless network in AP mode. Use your NBG4604 as an AP if you already have a router or gateway on your network. In this mode your device bridges a wired network (LAN) and wireless LAN (WLAN) in the same subnet. See the figure below for an example.
Chapter 4 AP Mode 2 To set your NBG4604 to AP Mode, go to Maintenance > Sys OP Mode > General and select Access Point. Figure 26 Maintenance > Sys OP Mode > General 3 A pop-up appears providing information on this mode. Click OK in the pop-up message window. (See Section 21.4 on page 191 for more information on the pop-up.) Click Apply. Your NBG4604 is now in AP Mode. Note: You have to log in to the Web Configurator again when you change modes. 4.3 Status Screen (AP Mode) Click on Status.
Chapter 4 AP Mode The following table describes the labels shown in the Status screen. Table 20 Status Screen (AP Mode) LABEL DESCRIPTION Device Information System Name This is the System Name you enter in the Maintenance > System > General screen. It is for identification purposes. Firmware Version This is the firmware version and the date created. LAN Information - MAC Address This shows the LAN Ethernet adapter MAC Address of your device. - IP Address This shows the LAN port’s IP address.
Chapter 4 AP Mode Table 20 Status Screen (AP Mode) (continued) LABEL DESCRIPTION Rate For the LAN ports, this displays the port speed and duplex setting or N/A when the line is disconnected. For the WLAN, it displays the maximum transmission rate when the WLAN is enabled and N/A when the WLAN is disabled. Summary Packet Statistics Use this screen to view port status and packet specific statistics.
Chapter 4 AP Mode Table 21 Menu: AP Mode LINK Wireless LAN LAN TAB FUNCTION General Use this screen to configure wireless LAN. MAC Filter Use the MAC filter screen to configure the NBG4604 to block access to devices or block the devices from accessing the NBG4604. Advanced This screen allows you to configure advanced wireless settings. QoS Use this screen to configure Wi-Fi Multimedia Quality of Service (WMM QoS).
Chapter 4 AP Mode 4.4 Configuring Your Settings Use this section to configure your NBG4604 settings while in AP Mode. 4.4.1 LAN Settings Click Network > LAN to see the screen below. Note: If you change the IP address of the NBG4604 in the screen below, you will need to log into the NBG4604 again using the new IP address. Figure 29 Network > LAN > IP The table below describes the labels in the screen.
Chapter 4 AP Mode • See Chapter 18 on page 173 for information on configuring your maintenance settings. 4.5 Logging in to the Web Configurator in AP Mode 1 Connect your computer to the LAN port of the NBG4604. 2 The default IP address of the NBG4604 is “192.168.1.2”. In this case, your computer must have an IP address in the range between “192.168.1.3” and “192.168.1.254”. 3 Click Start > Run on your computer in Windows. 4 Type “cmd” in the dialog box.
Chapter 4 AP Mode 56 NBG4604 User’s Guide
C HA PT ER 5 Tutorials 5.1 Overview This chapter provides tutorials for your NBG4604 as follows: • How to Connect to the Internet from an AP • Configure Wireless Security Using WPS on both your NBG4604 and Wireless Client • Enable and Configure Wireless Security without WPS on your NBG4604 • Bandwidth Management for your Network 5.
Chapter 5 Tutorials There are two WPS methods for creating a secure connection. This tutorial shows you how to do both. • Push Button Configuration (PBC) - create a secure wireless network simply by pressing a button. See Section 5.2.1.1 on page 58.This is the easier method. • PIN Configuration - create a secure wireless network simply by entering a wireless client's PIN (Personal Identification Number) in the NBG4604’s interface. See Section 5.2.1.2 on page 59.
Chapter 5 Tutorials The following figure shows you an example to set up wireless network and security by pressing a button on both NBG4604 and wireless client (the NWD210N in this example). Figure 31 Example WPS Process: PBC Method NBG4604 Wireless Client WITHIN 2 MINUTES SECURITY INFO COMMUNICATION 5.2.1.2 PIN Configuration When you use the PIN configuration method, you need to use both NBG4604’s configuration interface and the client’s utilities.
Chapter 5 Tutorials The following figure shows you the example to set up wireless network and security on NBG4604 and wireless client (ex. NWD210N in this example) by using PIN method.
Chapter 5 Tutorials 5.2.2 Enable and Configure Wireless Security without WPS on your NBG4604 This example shows you how to configure wireless security settings with the following parameters on your NBG4604. SSID SSID_Example3 Channel 6 Security WPA-PSK (Pre-Shared Key: ThisismyWPA-PSKpre-sharedkey) Follow the steps below to configure the wireless settings on your NBG4604.
Chapter 5 Tutorials 5 Open the Status screen. Verify your wireless and wireless security settings under Device Information and check if the WLAN connection is up under Interface Status. Figure 34 Tutorial: Status Screen 5.2.2.1 Configure Your Notebook Note: We use the ZyXEL M-302 wireless adapter utility screens as an example for the wireless client. The screens may vary for different models. 62 1 The NBG4604 supports IEEE 802.11b, IEEE 802.11g and IEEE 802.11n wireless clients.
Chapter 5 Tutorials 4 Select SSID_Example3 and click Connect. Figure 35 Connecting a Wireless Client to a Wireless Network t 5 Select WPA-PSK and type the security key in the following screen. Click Next. Figure 36 Security Settings 6 The Confirm Save window appears. Check your settings and click Save to continue.
Chapter 5 Tutorials 7 Check the status of your wireless connection in the screen below. If your wireless connection is weak or you have no connection, see the Troubleshooting section of this User’s Guide. Figure 38 Link Status If your connection is successful, open your Internet browser and enter http:// www.zyxel.com or the URL of any other web site in the address bar. If you are able to access the web site, your wireless connection is successfully configured. 5.
Chapter 5 Tutorials In the following screen, you set the priorities for VoIP and e-mail. Figure 39 Tutorial: Priority Queue Click Enable for the VoIP (SIP) service and set priority to High. Do the same for E-mail. For the rest of the applications, click Enable if you need these services and set the priority to Low. Note: You can also leave the Enable field blank for the rest of the applications. In doing so, the NBG4604 does not apply bandwidth management to these services. 5.3.
Chapter 5 Tutorials To add the MSN Messenger service in the Priority Queue: 1 Click Enable in one of the fields for additional services. 2 Add MSN as the service name. 3 Set the priority for this to High. 4 For the port, choose TCP from the drop-down menu and enter 1863 in the Specific Port field. Your priority table should now have the VoIP, E-mail and MSN Messenger services priorities set to High. 5.3.
Chapter 5 Tutorials Enter the following values for each service you want to add. For this tutorial, you need to add each of the following service (see table below) and click Apply. Table 23 Services and Values SERVICES FIELDS REAL AUDIO RTSP VDO LIVE FTP Active Check this to turn on this bandwidth management rule. Direction Select Both applies bandwidth management to traffic that the NBG4604 forwards to both the LAN and the WAN. Select To WAN LAN IP Range Enter 192.168.1.1 ~ 192.168.1.33.
Chapter 5 Tutorials 68 NBG4604 User’s Guide
P ART II Technical Reference 69
C HA PT ER 6 Wireless LAN 6.1 Overview This chapter discusses how to configure the wireless network settings in your NBG4604. See the appendices for more detailed information about wireless networks. The following figure provides an example of a wireless network. Figure 43 Example of a Wireless Network The wireless network is the part in the blue circle. In this wireless network, devices A and B are called wireless clients.
Chapter 6 Wireless LAN 6.2 What You Can Do • Use the General screen (Section 6.4 on page 75) to enable the Wireless LAN, enter the SSID and select the wireless security mode. • Use the MAC Filter screen (Section 6.5 on page 81) to allow or deny wireless stations based on their MAC addresses from connecting to the NBG4604. • Use the Advanced screen (Section 6.6 on page 83) to allow intra-BSS networking and set the RTS/CTS Threshold. • Use the QoS screen (Section 6.
Chapter 6 Wireless LAN 6.3.1.1 SSID Normally, the AP acts like a beacon and regularly broadcasts the SSID in the area. You can hide the SSID instead, in which case the AP does not broadcast the SSID. In addition, you should change the default SSID to something that is difficult to guess. This type of security is fairly weak, however, because there are ways for unauthorized devices to get the SSID. In addition, unauthorized devices can still see the information that is sent in the wireless network. 6.3.1.
Chapter 6 Wireless LAN Unauthorized devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network. Furthermore, there are ways for unauthorized wireless users to get a valid user name and password. Then, they can use that user name and password to use the wireless network. Local user databases also have an additional limitation that is explained in the next section. 6.3.1.
Chapter 6 Wireless LAN WPA2 (depending on the type of wireless network login) and select the WPA Compatible option in the NBG4604. Many types of encryption use a key to protect the information in the wireless network. The longer the key, the stronger the encryption. Every wireless client in the wireless network must have the same key. 6.3.1.5 WPS WiFi Protected Setup (WPS) is an industry standard specification, defined by the WiFi Alliance.
Chapter 6 Wireless LAN The following table describes the general wireless LAN labels in this screen. Table 25 Network > Wireless LAN > General LABEL DESCRIPTION Enable Wireless LAN Click the check box to activate wireless LAN. Enable Wireless LAN #1 Set the number of wireless LANs to enable on this device, up to a maximum of 4. Name(SSID) (Service Set IDentity) The SSID identifies the Service Set with which a wireless station is associated.
Chapter 6 Wireless LAN Table 25 Network > Wireless LAN > General LABEL DESCRIPTION Security Mode Select No Security, Static WEP, WPA-PSK, or WPA2-PSK to add security on this wireless network. The wireless clients which want to associate to this network must have same wireless security settings as this device. After you select to use a security, additional options appears in this screen. See 6.4.2 and 6.4.3 sections.
Chapter 6 Wireless LAN The following table describes the labels in this screen. Table 26 Network > Wireless LAN > General: No Security LABEL DESCRIPTION Security Mode Choose No Security from the drop-down list box. Apply Click Apply to save your changes back to the NBG4604. Reset Click Reset to reload the previous configuration for this screen. 6.4.
Chapter 6 Wireless LAN In order to configure and enable WEP encryption; click Network > Wireless LAN to display the General screen. Select Static WEP from the Security Mode list. Figure 46 Network > Wireless LAN > General: Static WEP The following table describes the wireless LAN security labels in this screen. Table 27 Network > Wireless LAN > General: Static WEP LABEL DESCRIPTION WEP Encryption Select 64-bit WEP or 128-bit WEP to enable data encryption.
Chapter 6 Wireless LAN Table 27 Network > Wireless LAN > General: Static WEP LABEL DESCRIPTION ASCII Select this option in order to enter ASCII characters as WEP key. Hex Select this option in order to enter hexadecimal characters as a WEP key. The preceding "0x", that identifies a hexadecimal key, is entered automatically. Key 1 to Key 4 The WEP keys are used to encrypt data. Both the NBG4604 and the wireless stations must use the same WEP key for data transmission.
Chapter 6 Wireless LAN The following table describes the labels in this screen. Table 28 Network > Wireless LAN > General: WPA-PSK/WPA2-PSK LABEL DESCRIPTION WPA Compatible This check box is available only when you select WPA2-PSK in the Security Mode field. Select the check box to have both WPA2 and WPA wireless clients be able to communicate with the NBG4604 even when the NBG4604 is using WPA2-PSK. Pre-Shared Key WPA-PSK/WPA2-PSK uses a simple common password for authentication.
Chapter 6 Wireless LAN To change your NBG4604’s MAC filter settings, click Network > Wireless LAN > MAC Filter. The screen appears as shown. Figure 48 Network > Wireless LAN > MAC Filter The following table describes the labels in this menu. Table 29 Network > Wireless LAN > MAC Filter LABEL DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering. Filter Action Define the filter action for the list of MAC addresses in the MAC Address table.
Chapter 6 Wireless LAN 6.6 Wireless LAN Advanced Screen Use this screen to allow intra-BSS networking and set the RTS/CTS Threshold. Click Network > Wireless LAN > Advanced. The screen appears as shown. Figure 49 Network > Wireless LAN > Advanced The following table describes the labels in this screen.
Chapter 6 Wireless LAN Table 30 Network > Wireless LAN > Advanced LABEL DESCRIPTION CTS Protection When set to None, the NBG4604 protects wireless communication against interference. When set to Always, the NBG4604 improves performance within mixed wireless modes. Select Auto to let the NBG4604 determine whether to turn this feature on or off in the current environment. Tx Power This field controls the transmission power of the NBG4604.
Chapter 6 Wireless LAN The following table describes the labels in this screen. Table 31 Network > Wireless LAN > QoS LABEL DESCRIPTION WMM QoS Policy Select Default to have the NBG4604 automatically give a service a priority level according to the ToS value in the IP header of packets it sends. WMM QoS (Wifi MultiMedia Quality of Service) gives high priority to voice and video, which makes them run more smoothly.
Chapter 6 Wireless LAN 6.7.1 Application Priority Configuration Use this screen to edit a WMM QoS application entry. Click the edit icon under Modify. The following screen displays. Figure 51 Network > Wireless LAN > QoS: Application Priority Configuration See Appendix E on page 251 for a list of commonly-used services and destination ports. The following table describes the fields in this screen.
Chapter 6 Wireless LAN Table 32 Network > Wireless LAN > QoS: Application Priority Configuration LABEL DESCRIPTION Dest Port This displays the port the selected service uses. Type a port number in the field provided if you want to use a different port to the default port. Priority Select a priority from the drop-down list box. Apply Click Apply to save your changes back to the NBG4604. Cancel Click Cancel to return to the previous screen. 6.
Chapter 6 Wireless LAN Table 33 Network > Wireless LAN > WPS LABEL DESCRIPTION Status This displays Configured when the NBG4604 has connected to a wireless network using WPS or when Enable WPS is selected and wireless or wireless security settings have been changed. The current wireless and wireless security settings also appear in the screen.
Chapter 6 Wireless LAN The following table describes the labels in this screen. Table 34 Network > Wireless LAN > WPS Station LABEL DESCRIPTION Push Button Use this button when you use the PBC (Push Button Configuration) method to configure wireless stations’s wireless settings. Click this to start WPS-aware wireless station scanning and the wireless security information synchronization.
Chapter 6 Wireless LAN The following table describes the labels in this screen. Table 35 Network > Wireless LAN > Scheduling LABEL DESCRIPTION Enable Wireless LAN Scheduling Select this to enable Wireless LAN scheduling. Action Select On or Off to specify whether the Wireless LAN is turned on or off. This field works in conjunction with the Day and Except for the following times fields. Day Select Everyday or the specific days to turn the Wireless LAN on or off.
Chapter 6 Wireless LAN Click Network > Wireless LAN > WDS tab. The following screen opens with the Basic Setting set to Disabled, and Security Mode set to No Security. Figure 55 Network > Wireless LAN > WDS The following table describes the labels in this screen. Table 36 Network > Wireless LAN > WDS LABEL DESCRIPTION WDS Setup Basic Settings Select the operating mode for your NBG4604. • • AP + Bridge - The NBG4604 functions as a bridge and access point simultaneously.
Chapter 6 Wireless LAN 6.11.1 Security Mode: Static WEP Use this screen to configure the Static WEP security for your NBG4604 when it is in AP + Bridge or Bridge Only mode. Figure 56 Network > Wireless LAN > WDS (Static WEP) The following table describes the labels in this screen. Refer to Table 36 on page 91 for descriptions of other fields in this screen.
Chapter 6 Wireless LAN Table 37 Network > Wireless LAN > WDS (Static WEP) LABEL DESCRIPTION Authentication Method There are two types of WEP authentication namely, Open System and Shared Key. Open system is implemented for ease-of-use and when security is not an issue. The wireless station and the AP or peer computer do not share a secret key. Thus the wireless stations can associate with any AP or peer computer and listen to any transmitted data that is not encrypted.
Chapter 6 Wireless LAN The following table describes the labels in this screen. Refer to Table 36 on page 91 for descriptions of other fields in this screen. Table 38 Network > Wireless LAN > WDS (WPA-PSK/WPA2-PSK) 94 LABEL DESCRIPTION Pre-Shared Key Type a pre-shared key from 8 to 63 case-sensitive ASCII characters (including spaces and symbols).
C HA PT ER 7 WAN 7.1 Overview This chapter discusses the NBG4604’s WAN screens. Use these screens to configure your NBG4604 for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks (such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations.
Chapter 7 WAN 7.3 What You Need To Know The information in this section can help you configure the screens for your WAN connection, as well as enable/disable some advanced features of your NBG4604. 7.3.1 Configuring Your Internet Connection Encapsulation Method Encapsulation is used to include data from an upper layer protocol into a lower layer protocol. To set up a WAN connection to the Internet, you need to use the same encapsulation method used by your ISP (Internet Service Provider).
Chapter 7 WAN WAN MAC Address The MAC address screen allows users to configure the WAN port's MAC address by either using the factory default or cloning the MAC address from a computer on your LAN. Choose Factory Default to select the factory assigned default MAC Address. Otherwise, click Clone the computer's MAC address - IP Address and enter the IP address of the computer on the LAN whose MAC you are cloning. Once it is successfully configured, the address will be copied to configuration file.
Chapter 7 WAN 7.3.3 NetBIOS over TCP/IP NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dialup services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls. However it may sometimes be necessary to allow NetBIOS packets to pass through to the WAN in order to find a computer on the WAN. 7.3.4 Auto-Bridge In the rear panel of your NBG4604, you can see four LAN ports (1 to 4) and one WAN port.
Chapter 7 WAN 7.4 Internet Connection Use this screen to change your NBG4604’s Internet access settings. Click Network > WAN. The screen differs according to the encapsulation you choose. 7.4.1 Ethernet Encapsulation This screen displays when you select Ethernet encapsulation. Figure 61 Network > WAN > Internet Connection: Ethernet Encapsulation The following table describes the labels in this screen.
Chapter 7 WAN Table 39 Network > WAN > Internet Connection: Ethernet Encapsulation LABEL DESCRIPTION IP Address Enter your WAN IP address in this field if you selected Use Fixed IP Address. IP Subnet Mask Enter the IP Subnet Mask in this field. Gateway IP Address Enter a Gateway IP Address (if your ISP gave you one) in this field. DNS Servers First DNS Server Select From ISP if your ISP dynamically assigns DNS server information (and the NBG4604's WAN IP address).
Chapter 7 WAN One of the benefits of PPPoE is the ability to let you access one of multiple network services, a function known as dynamic service selection. This enables the service provider to easily create and offer new IP services for individuals. Operationally, PPPoE saves significant effort for both you and the ISP or carrier, as it requires no specific configuration of the broadband modem at the customer site.
Chapter 7 WAN Table 40 Network > WAN > Internet Connection: PPPoE Encapsulation LABEL DESCRIPTION Password Type the password associated with the user name above. Retype to Confirm Type your password again to make sure that you have entered is correctly. Nailed-Up Connection Select Nailed-Up Connection if you do not want the connection to time out. Idle Timeout This value specifies the time in minutes that elapses before the router automatically disconnects from the PPPoE server.
Chapter 7 WAN This screen displays when you select PPTP encapsulation. Figure 63 Network > WAN > Internet Connection: PPTP Encapsulation The following table describes the labels in this screen.
Chapter 7 WAN Table 41 Network > WAN > Internet Connection: PPTP Encapsulation LABEL DESCRIPTION Password Type the password associated with the User Name above. Retype to Confirm Type your password again to make sure that you have entered is correctly. Nailed-up Connection Select Nailed-Up Connection if you do not want the connection to time out. Idle Timeout This value specifies the time in minutes that elapses before the NBG4604 automatically disconnects from the PPTP server.
Chapter 7 WAN Table 41 Network > WAN > Internet Connection: PPTP Encapsulation LABEL DESCRIPTION Clone the computer’s MAC address - IP Address Select Clone the computer's MAC address - IP Address and enter the IP address of the computer on the LAN whose MAC you are cloning. Once it is successfully configured, the address will be copied to the rom file. It will not change unless you change the setting or upload a different ROM file.
Chapter 7 WAN The following table describes the labels in this screen. Table 42 Network > WAN > Advanced LABEL DESCRIPTION Multicast Setup Multicast Check this to enable multicasting. This applies to traffic routed from the WAN to the LAN. Leaving this blank may cause incoming traffic to be dropped or sent to all connected network devices.
C HA PT ER 8 LAN 8.1 Overview This chapter describes how to configure LAN settings. A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building. The LAN screens can help you configure a LAN DHCP server, manage IP addresses, and partition your physical network into logical networks.
Chapter 8 LAN 8.3 What You Need To Know The actual physical connection determines whether the NBG4604 ports are LAN or WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next. Figure 66 LAN and WAN IP Addresses The LAN parameters of the NBG4604 are preset in the factory with the following values: • IP address of 192.168.1.1 with subnet mask of 255.255.255.0 (24 bits) • DHCP server enabled with 32 client IP addresses starting from 192.
Chapter 8 LAN 8.4 LAN IP Screen Use this screen to change your basic LAN settings. Click Network > LAN. Figure 67 Network > LAN > IP The following table describes the labels in this screen. Table 43 Network > LAN > IP LABEL DESCRIPTION Get from DHCP Server Select this to have your NBG4604 receive its IP address automatically from a DHCP server. User Defined LAN IP Select this to manually enter the IP address and Subnet Mask as they were provided to you by your network administrator.
Chapter 8 LAN 110 NBG4604 User’s Guide
C HA PT ER 9 DHCP Server 9.1 Overview DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the NBG4604’s LAN as a DHCP server or disable it. When configured as a server, the NBG4604 provides the TCP/IP configuration for the clients. If DHCP service is disabled, you must have another DHCP server on your LAN, or else the computer must be manually configured. 9.
Chapter 9 DHCP Server 9.4 General Screen Use this screen to enable the DHCP server. Click Network > DHCP Server. The following screen displays. Figure 68 Network > DHCP Server > General The following table describes the labels in this screen. Table 44 Network > DHCP Server > General LABEL DESCRIPTION Enable DHCP Server Enable or Disable DHCP for LAN. IP Pool Starting Address This field specifies the first of the contiguous addresses in the IP address pool for LAN.
Chapter 9 DHCP Server To change your NBG4604’s static DHCP settings, click Network > DHCP Server > Advanced. The following screen displays. Figure 69 Network > DHCP Server > Advanced The following table describes the labels in this screen. Table 45 Network > DHCP Server > Advanced LABEL DESCRIPTION Static DHCP Table # This is the index number of the static IP table entry (row). MAC Address Type the MAC address (with colons) of a computer on your LAN.
Chapter 9 DHCP Server Table 45 Network > DHCP Server > Advanced LABEL DESCRIPTION First DNS Server Select From ISP if your ISP dynamically assigns DNS server information (and the NBG4604's WAN IP address). The field to the right displays the (read-only) DNS server IP address that the ISP assigns. Second DNS Server Select User-Defined if you have the IP address of a DNS server. Enter the DNS server's IP address in the field to the right. If you chose User-Defined, but leave the IP address set to 0.0.0.
Chapter 9 DHCP Server The following screen displays. Figure 70 Network > DHCP Server > Client List The following table describes the labels in this screen. Table 46 Network > DHCP Server > Client List LABEL DESCRIPTION # This is the index number of the host computer. IP Address This field displays the IP address relative to the # field listed above. Host Name This field displays the computer host name.
Chapter 9 DHCP Server 116 NBG4604 User’s Guide
C HA PT ER 10 Network Address Translation (NAT) 10.1 Overview This chapter discusses how to configure NAT on the NBG4604. NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet. For example, the source address of an outgoing packet, used within one network is changed to a different IP address known within another network. Each packet has two addresses – a source address and a destination address.
Chapter 10 Network Address Translation (NAT) Note: You must create a firewall rule in addition to setting up NAT, to allow traffic from the WAN to be forwarded through the NBG4604. 10.2 What You Can Do • Use the General screen (Section 10.3 on page 118) to enable NAT and set a default server. • Use the Application screen (Section 10.4 on page 119) to change your NBG4604’s port forwarding settings. • Use the Advanced screen (Section 10.5 on page 122) to change your NBG4604’s trigger port settings. 10.
Chapter 10 Network Address Translation (NAT) Table 47 Network > NAT > General LABEL Server IP Address DESCRIPTION In addition to the servers for specified services, NAT supports a default server. A default server receives packets from ports that are not specified in the Application screen. If you do not assign a Default Server IP address, the NBG4604 discards all packets received for ports that are not specified in the Application screen or remote management.
Chapter 10 Network Address Translation (NAT) Refer to Appendix E on page 251 for port numbers commonly used for particular services. Figure 73 Network > NAT > Application The following table describes the labels in this screen. Table 48 Network > NAT > Application LABEL DESCRIPTION Add Application Rule Active Select the check box to enable this rule and the requested service can be forwarded to the host with a specified internal IP address.
Chapter 10 Network Address Translation (NAT) Table 48 Network > NAT > Application (continued) LABEL DESCRIPTION Application Rules Summary # This is the number of an individual port forwarding server entry. Active This icon is turned on when the rule is enabled. Name This field displays a name to identify this rule. Local Start/End Port This field displays the port number(s). Public Start/End Port Server IP Address This field displays the inside IP address of the server.
Chapter 10 Network Address Translation (NAT) 10.5 NAT Advanced Screen Some services use a dedicated range of ports on the client side and a dedicated range of ports on the server side. With regular port forwarding you set a forwarding port in NAT to forward a service (coming in from the server on the WAN) to the IP address of a computer on the client side (LAN). The problem is that port forwarding only forwards a service to a single LAN IP address.
Chapter 10 Network Address Translation (NAT) The following table describes the labels in this screen. Table 49 Network > NAT > Advanced LABEL DESCRIPTION # This is the rule index number (read-only). Name Type a unique name (up to 15 characters) for identification purposes. All characters are permitted - including spaces. Incoming Incoming is a port (or a range of ports) that a server on the WAN uses when it sends out a particular service.
Chapter 10 Network Address Translation (NAT) 2 Port 7070 is a “trigger” port and causes the NBG4604 to record Jane’s computer IP address. The NBG4604 associates Jane's computer IP address with the "incoming" port range of 6970-7170. 3 The Real Audio server responds using a port number ranging between 6970-7170. 4 The NBG4604 forwards the traffic to Jane’s computer IP address. 5 Only Jane can connect to the Real Audio server until the connection is closed or times out.
C HA PT ER 11 Dynamic DNS 11.1 Overview Dynamic Domain Name Service (DDNS) services let you use a fixed domain name with a dynamic IP address. Users can always use the same domain name instead of a different dynamic IP address that changes each time to connect to the NBG4604 or a server in your network. Note: The NBG4604 must have a public global IP address and you should have your registered DDNS account information on hand.
Chapter 11 Dynamic DNS 11.2 Dynamic DNS Screen To change your NBG4604’s DDNS, click Network > DDNS. The screen appears as shown. Figure 76 Network > Dynamic DNS The following table describes the labels in this screen. Table 50 Network > Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Enable Dynamic DNS Select this check box to use dynamic DNS. Service Provider Select the name of your Dynamic DNS service provider.
Chapter 11 Dynamic DNS Table 50 Network > Dynamic DNS (continued) LABEL DESCRIPTION Host Name The host name is the domain name that the DDNS service will map to your dynamic global IP address. Type the host name fully qualified, for example, ‘yourhost.mydomain.net’. You can specify up to two host names in the field separated by a comma (","). User Name Type the user name that you used when you registered with the DDNS service. Password Type the password associated with the DDNS user name.
Chapter 11 Dynamic DNS 128 NBG4604 User’s Guide
C HA PT ER 12 Firewall 12.1 Overview Use these screens to enable and configure the firewall that protects your NBG4604 and your LAN from unwanted or malicious traffic. Enable the firewall to protect your LAN computers from attacks by hackers on the Internet and control access between the LAN and WAN. By default the firewall: • allows traffic that originates from your LAN computers to go to all of the networks. • blocks traffic that originates on the other networks from going to the LAN.
Chapter 12 Firewall 12.2 What You Can Do • Use the General screen (Section 12.4 on page 131) to enable or disable the NBG4604’s firewall. • Use the Access Control Rule (Section 12.5 on page 131) screen to view the configured access control rules and add, edit or remove a rule. • Use the Services screen (Section 12.6 on page 134) screen enable service blocking, enter/delete/modify the services you want to block and the date/time you want to block them. 12.
Chapter 12 Firewall 12.4 General Firewall Screen Use this screen to enable or disable the NBG4604’s firewall, and set up firewall logs. Click Security > Firewall to open the General screen. Figure 78 Security > Firewall > General The following table describes the labels in this screen. Table 51 Security > Firewall > General LABEL DESCRIPTION Enable Firewall Select this check box to activate the firewall.
Chapter 12 Firewall The following table describes the labels in this screen. Table 52 Firewall > Access Control Rule LABEL DESCRIPTION Application Rules Summary Packet Direction This displays the direction of traffic (WAN to WAN) to which this rule applies. The NBG4604 stops computers on the WAN from managing the NBG4604 or using the NBG4604 as a gateway to communicate with other computers on the WAN. # This is your firewall rule number.
Chapter 12 Firewall 12.5.1 Add/Edit an ACL Rule Click Add New ACL Rule or the Edit icon next to an existing ACL rule in the Access Control screen. The following screen displays. Figure 80 Access Control Rule: Add/Edit The following table describes the labels in this screen. Table 53 Access Control Rule: Add/Edit LABEL DESCRIPTION Access Control Rule setup Active Select the check box to enable the rule. Clear the check box to disable the rule. Rule Name Enter a descriptive name for the rule.
Chapter 12 Firewall 12.6 Services Screen If an outside user attempts to probe an unsupported port on your NBG4604, an ICMP response packet is automatically returned. This allows the outside user to know the NBG4604 exists. Use this screen to prevent the ICMP response packet from being sent. This keeps outsiders from discovering your NBG4604 when unsupported ports are probed.
Chapter 12 Firewall Table 54 Security > Firewall > Services LABEL DESCRIPTION Apply Click Apply to save the settings. Reset Click Reset to start configuring this screen again.
Chapter 12 Firewall 136 NBG4604 User’s Guide
C HA PT ER 13 Content Filtering 13.1 Overview This chapter provides a brief overview of content filtering using the embedded web GUI. Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering is the ability to block certain web features or specific URL keywords. 13.2 What You Can Do Use the Filter (Section 13.4 on page 138) screen to restrict web features, add keywords for blocking and designate a trusted computer. 13.
Chapter 13 Content Filtering Keyword Blocking URL Checking The NBG4604 checks the URL’s domain name (or IP address) and file path separately when performing keyword blocking. The URL’s domain name or IP address is the characters that come before the first slash in the URL. For example, with the URL www.zyxel.com.tw/news/ pressroom.php, the domain name is www.zyxel.com.tw. The file path is the characters that come after the first slash in the URL. For example, with the URL www.zyxel.com.tw/news/pressroom.
Chapter 13 Content Filtering The following table describes the labels in this screen. Table 55 Security > Content Filter > Filter LABEL DESCRIPTION Enable URL Keyword Blocking The NBG4604 can block Web sites with URLs that contain certain keywords in the domain name or IP address. For example, if the keyword "bad" was enabled, all sites containing this keyword in the domain name or IP address will be blocked, e.g., URL http:// www.website.com/bad.html would be blocked.
Chapter 13 Content Filtering For example, with the URL www.zyxel.com.tw/news/pressroom.php, content filtering only searches for keywords within www.zyxel.com.tw. Full Path URL Checking Full path URL checking has the NBG4604 check the characters that come before the last slash in the URL. For example, with the URL www.zyxel.com.tw/news/pressroom.php, full path URL checking searches for keywords within www.zyxel.com.tw/news/.
C HA PT ER 14 Static Route 14.1 Overview This chapter shows you how to configure static routes for your NBG4604. Each remote node specifies only the network to which the gateway is directly connected, and the NBG4604 has no knowledge of the networks beyond. For instance, the NBG4604 knows about network N2 in the following figure through remote node Router 1.
Chapter 14 Static Route 14.3 IP Static Route Screen Use this screen to view existing static route rules. Click Management > Static Route to open the IP Static Route screen. The following screen displays. Figure 84 Management > Static Route > IP Static Route The following table describes the labels in this screen. Table 56 Management > Static Route > IP Static Route LABEL DESCRIPTION # This is the index number of an individual static route. The first entry is for the default route and not editable.
Chapter 14 Static Route 14.3.1 Static Route Setup Screen To edit a static route, click the edit icon under Modify. The following screen displays. Fill in the required information for each static route. Figure 85 Management > Static Route > IP Static Route: Static Route Setup The following table describes the labels in this screen. Table 57 Management > Static Route > IP Static Route: Static Route Setup LABEL DESCRIPTION Route Name Enter the name of the IP static route.
Chapter 14 Static Route 144 NBG4604 User’s Guide
C HA PT ER 15 Bandwidth Management 15.1 Overview This chapter contains information about configuring bandwidth management and editing rules. ZyXEL’s Bandwidth Management allows you to specify bandwidth management rules based on an application. In the figure below, uplink traffic goes from the LAN device (A) to the WAN device (B). Bandwidth management is applied before sending the packets out to the WAN. Downlink traffic comes back from the WAN device (B) to the LAN device (A).
Chapter 15 Bandwidth Management 15.3 What You Need To Know You can limit an application’s uplink or downlink bandwidth. This limit keeps the traffic from using up too much of the out-going interface’s bandwidth. This way you can make sure there is bandwidth for other applications.
Chapter 15 Bandwidth Management The following table describes the labels in this screen. Table 58 Management > Bandwidth MGMT > General LABEL DESCRIPTION Service Management Bandwidth Management Type This field allows you to have NBG4604 apply bandwidth management. Select Priority Queue or Bandwidth Allocation to enable bandwidth management. • • Select Priority Queue to allocate bandwidth based on the predefined priority assigned to an application. Refer to Section 15.5 on page 147.
Chapter 15 Bandwidth Management Click Management > Bandwidth MGMT > Advanced to open the bandwidth management Advanced screen. Figure 88 Management > Bandwidth MGMT > Advanced The following table describes the labels in this screen. Table 59 Management > Bandwidth MGMT > Advanced LABEL DESCRIPTION Priority Queue 148 Local IP Address Enter the IP address of the computer to which bandwidth management does not apply.
Chapter 15 Bandwidth Management Table 59 Management > Bandwidth MGMT > Advanced (continued) LABEL DESCRIPTION # This is the number of an individual bandwidth management rule. Enable Select this check box to have the NBG4604 apply this bandwidth management rule. Service This is the name of the service. You can also enter the name (up to 10 keyboard characters) of a service you want to add in the priority queue (for example, Messenger). Priority Select a priority from the drop down list box.
Chapter 15 Bandwidth Management 15.5.1 Priority Levels Traffic with a higher priority gets through faster while traffic with a lower priority is dropped if the network is congested. The following describes the priorities that you can apply to traffic that the NBG4604 forwards out through an interface. • High - Typically used for voice traffic or video that is especially sensitive to jitter (jitter is the variations in delay). • Low - This is typically used for all other traffic that are not time-sensitive.
Chapter 15 Bandwidth Management LABEL DESCRIPTION Port Range Enter the range of ports for which the bandwidth management rule applies. Policy Select Max or Min and specify the maximum or minimum bandwidth allowed for the rule in bits per second in the field below. Rate (bps) Type or select the maximum or minimum bandwidth allowed (refer to the field above) for the rule in bits per second. If you type the amount of bandwidth, the selection automatically becomes User Defined.
Chapter 15 Bandwidth Management Table 61 Media Bandwidth Management Setup: Services (continued) SERVICE DESCRIPTION BitTorrent BitTorrent is a free P2P (peer-to-peer) sharing tool allowing you to distribute large software and media files using ports 6881 to 6889. BitTorrent requires you to search for a file with a searching engine yourself.
C HA PT ER 16 Remote Management 16.1 Overview This chapter provides information on the Remote Management screens. Remote management allows you to determine which services/protocols can access which NBG4604 interface (if any) from which computers. You may manage your NBG4604 from a remote location via: • LAN only • LAN and WAN Note: When you configure remote management to allow management from the LAN and WAN in the options above, you still need to configure a firewall rule to allow access.
Chapter 16 Remote Management • Use the ACS screen (Section 16.8 on page 160) to configure set up the ACS server information on your NBG4604. 16.3 What You Need To Know To disable remote management of a service, select Disable in the corresponding Server Access field. You may only have one remote management session running at a time. 16.3.1 Remote Management Limitations Remote management over LAN or WAN will not work when: 1 You have disabled that service in one of the remote management screens.
Chapter 16 Remote Management 16.4 WWW Screen To change your NBG4604’s World Wide Web settings, click Management > Remote MGMT to display the WWW screen. Figure 90 Management > Remote MGMT > WWW The following table describes the labels in this screen Table 62 Management > Remote MGMT > WWW LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
Chapter 16 Remote Management 16.5 The Telnet Screen You can use Telnet to access the NBG4604’s command line interface. Specify which interfaces allow Telnet access and from which IP address the access can come. Click Management > Remote MGMT > Telnet tab to display the screen as shown. Figure 91 Management > Remote Management > Telnet The following table describes the labels in this screen.
Chapter 16 Remote Management and configuration file maintenance for details. To use this feature, your computer must have an FTP client. Use this screen to specify which interfaces allow FTP access and from which IP address the access can come. To change your NBG4604’s FTP settings, click Management > Remote MGMT > FTP. The screen appears as shown. Figure 92 Management > Remote Management > FTP The following table describes the labels in this screen.
Chapter 16 Remote Management (SNMPv1) and version two (SNMPv2c). The next figure illustrates an SNMP management operation. Figure 93 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the NBG4604). An agent translates the local management information from the managed device into a form compatible with SNMP.
Chapter 16 Remote Management • Set - Allows the manager to set values for object variables within an agent. • Trap - Used by the agent to inform the manager of some events. 16.7.1 Configuring SNMP To change your NBG4604’s SNMP settings, click Management > Remote MGMT > SNMP tab. The screen appears as shown. Use this screen to configure your SNMP settings. Figure 94 Management > Remote MGMT > SNMP The following table describes the labels in this screen.
Chapter 16 Remote Management Table 65 Management > Remote MGMT > SNMP (continued) LABEL DESCRIPTION SNMP Settings Enable SNMP Select this to enable SNMP on this device. SNMP version Select the SNMP version that corresponds the SNMP used by the server. Read Community Enter the SNMP read community information here. Set Community Enter the SNMP get community information here. System Location Enter the SNMP system location. System Contact Enter the SNMP system contact.
Chapter 16 Remote Management octets in a MAC address and uniquely identifies the manufacturer of a network device. STUN STUN allows a device to find the public IP address assigned by a NAT router and/ or a firewall between it and the public Internet. 16.9 ACS Screen The ACS screen allows you to set up the ACS server information on your NBG4604 so it can be remotely updated. Only use information provided by your network administrator. You can also upload encrypted security certificates to your NBG4604.
Chapter 16 Remote Management Click Management > Remote MGMT > ACS to open this screen. Figure 96 Management > Remote MGMT > ACS The following table describes the labels in this screen. Table 66 Management > Remote MGMT > ACS LABEL DESCRIPTION ACS Server Setup URL Enter the URL of the ACS server. Account Name Enter the login name used by the NBG4604 to log into the ACS server. Password Enter the password for the account used to log into the ACS server.
Chapter 16 Remote Management Table 66 Management > Remote MGMT > ACS (continued) LABEL DESCRIPTION Manufacturer Oui Enter the manufacturer organizational unit identifier. This number must consist of a 3-octet MAC address. Product Class Enter the product class if this was provided by the network adminstrator. Otherwise, leave it at its default setting. Model Name This displays the model name. In this case, it is ‘NBG4604’ and cannot be edited.
Chapter 16 Remote Management 16.10 Technical Reference TR-069 is an abbreviation of “Technical Reference 069”, a protocol designed to facilitate the remote management of Customer Premise Equipement (CPE), such as the NBG4604. It can be managed over a WAN by means of an Auto Configuration Server (ACS). TR-069 is based on sending Remote Procedure Calls (RPCs) between the ACS and the client device. RPCs are sent in Extensible Markup Language (XML) format over HTTP or HTTPS.
C HA PT ER 17 Universal Plug-and-Play (UPnP) 17.1 Overview This chapter introduces the UPnP feature in the Web Configurator. Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network. In turn, a device can leave a network smoothly and automatically when it is no longer in use.
Chapter 17 Universal Plug-and-Play (UPnP) • Dynamic port mapping • Learning public IP addresses • Assigning lease times to mappings Windows Messenger is an example of an application that supports NAT traversal and UPnP. See the NAT chapter for more information on NAT. Cautions with UPnP The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues.
Chapter 17 Universal Plug-and-Play (UPnP) The following table describes the labels in this screen. Table 67 Management > UPnP > General LABEL DESCRIPTION Enable the Universal Plug and Play (UPnP) Feature Select this check box to activate UPnP. Be aware that anyone could use a UPnP application to open the Web Configurator's login screen without entering the NBG4604's IP address (although you must still enter the password to access the Web Configurator).
Chapter 17 Universal Plug-and-Play (UPnP) 2 Right-click the icon and select Properties. Figure 99 Network Connections 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created.
Chapter 17 Universal Plug-and-Play (UPnP) 4 You may edit or delete the port mappings or click Add to manually add port mappings. Figure 101 Internet Connection Properties: Advanced Settings Figure 102 Internet Connection Properties: Advanced Settings: Add Note: When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 5 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Chapter 17 Universal Plug-and-Play (UPnP) 6 Double-click on the icon to display your current Internet connection status. Figure 104 Internet Connection Status 17.5.2 Web Configurator Easy Access With UPnP, you can access the web-based configurator on the NBG4604 without finding out the IP address of the NBG4604 first. This comes helpful if you do not know the IP address of the NBG4604. Follow the steps below to access the Web Configurator. 170 1 Click Start and then Control Panel.
Chapter 17 Universal Plug-and-Play (UPnP) 3 Select My Network Places under Other Places. Figure 105 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your NBG4604 and select Invoke. The Web Configurator login screen displays.
Chapter 17 Universal Plug-and-Play (UPnP) 6 Right-click on the icon for your NBG4604 and select Properties. A properties window displays with basic information about the NBG4604.
C HA PT ER 18 System 18.1 Overview This chapter provides information on the System screens. See the chapter about wizard setup for more information on the next few screens. 18.2 What You Can Do • Use the General screen (Section 18.3 on page 173) to enter a name to identify the NBG4604 in the network and set the password. • Use the Time Setting screen (Section 18.4 on page 175) to change your NBG4604’s time and date. 18.
Chapter 18 System The following table describes the labels in this screen. Table 68 Maintenance > System > General LABEL DESCRIPTION System Setup System Name System Name is a unique name to identify the NBG4604 in an Ethernet network. It is recommended you enter your computer’s “Computer name” in this field (see the chapter about wizard setup for how to find your computer’s name). This name can be up to 30 alphanumeric characters long.
Chapter 18 System 18.4 Time Setting Screen To change your NBG4604’s time and date, click Maintenance > System > Time Setting. The screen appears as shown. Use this screen to configure the NBG4604’s time based on your local time zone. Figure 109 Maintenance > System > Time Setting he following table describes the labels in this screen. Table 69 Maintenance > System > Time Setting LABEL DESCRIPTION Current Time and Date Current Time This field displays the time of your NBG4604.
Chapter 18 System Table 69 Maintenance > System > Time Setting LABEL DESCRIPTION New Time This field displays the last updated time from the time server or the last time configured manually. (hh:mm:ss) When you set Time and Date Setup to Manual, enter the new time in this field and then click Apply. New Date (yyyy/mm/dd) This field displays the last updated date from the time server or the last date configured manually.
Chapter 18 System Table 69 Maintenance > System > Time Setting LABEL DESCRIPTION End Date Configure the day and time when Daylight Saving Time ends if you selected Daylight Savings. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the last Sunday of October. Each time zone in the United States stops using Daylight Saving Time at 2 A.M. local time.
Chapter 18 System 178 NBG4604 User’s Guide
C HA PT ER 19 Logs 19.1 Overview This chapter contains information about configuring general log settings and viewing the NBG4604’s logs. The Web Configurator allows you to look at all of the NBG4604’s logs in one location. 19.2 What You Can Do • Use the View Log screen (Section 19.4 on page 180) to see the logs for the categories such as system maintenance, system errors, access control, allowed or blocked web sites, blocked web features, and so on. • Use the Log Settings screen (Section 19.
Chapter 19 Logs 19.4 View Log Screen Use the View Log screen to see the logged messages for the NBG4604. Options include logs about system maintenance, system errors, access control, allowed or blocked web sites, blocked web features (such as ActiveX controls, Java and cookies), attacks (such as DoS) and IPSec. Log entries in red indicate system error logs. The log wraps around and deletes the old entries after it fills. Click a column heading to sort the entries.
Chapter 19 Logs 19.5 Log Settings Screen Use this screen to send copies of the NBG4604 syslog files to a dedicated syslog server. For information on setting up a syslog server, consult the documentation that came with your syslog server product. Click Maintenance > Logs > Log Settings to open this screen. Figure 111 Maintenance > Logs > Log Settings The following table describes the labels in this screen.
Chapter 19 Logs 182 NBG4604 User’s Guide
C HA PT ER 20 Tools 20.1 Overview This chapter shows you how to upload a new firmware, upload or save backup configuration files and restart the NBG4604. 20.2 What You Can Do • Use the Firmware screen (Section 20.3 on page 183) to upload firmware to your NBG4604. • Use the Configuration screen (Section 20.4 on page 186) to view information related to factory defaults, backup configuration, and restoring configuration. • Use the Restart screen (Section 20.5 on page 188) to have the NBG4604 reboot. 20.
Chapter 20 Tools Click Maintenance > Tools. Follow the instructions in this screen to upload firmware to your NBG4604. Figure 112 Maintenance > Tools > Firmware The following table describes the labels in this screen. Table 72 Maintenance > Tools > Firmware LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse... to find it. Browse... Click Browse... to find the .bin file you want to upload. Remember that you must decompress compressed (.
Chapter 20 Tools The NBG4604 automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 114 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen. If the upload was not successful, the following screen will appear. Click Return to go back to the Firmware screen.
Chapter 20 Tools 20.4 Configuration Screen Click Maintenance > Tools > Configuration. Information related to factory defaults, backup configuration, and restoring configuration appears as shown next. Figure 116 Maintenance > Tools > Configuration 20.4.1 Backup Configuration Backup configuration allows you to back up (save) the NBG4604’s current configuration to a file on your computer.
Chapter 20 Tools 20.4.2 Restore Configuration Restore configuration allows you to upload a new or previously saved configuration file from your computer to your NBG4604. Table 73 Maintenance Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse... to find it. Browse... Click Browse... to find the file you want to upload. Remember that you must decompress compressed (.ZIP) files before you can upload them.
Chapter 20 Tools If the upload was not successful, the following screen will appear. Click Return to go back to the Configuration screen. Figure 119 Configuration Restore Error 20.4.3 Back to Factory Defaults Pressing the Reset button in this section clears all user-entered configuration information and returns the NBG4604 to its factory defaults. You can also press the RESET button on the rear panel to reset the factory defaults of your NBG4604.
C HA PT ER 21 Sys OP Mode 21.1 Overview The Sys OP Mode (System Operation Mode) function lets you configure whether your NBG4604 is a router or AP. You can choose between Router Mode and AP Mode depending on your network topology and the features you require from your device. See Section 1.1 on page 15 for more information on which mode to choose. Note: The Sys OP Mode screen is read-only if you are accessing from the admin level account . 21.2 What You Can Do Use the General screen (Section 21.
Chapter 21 Sys OP Mode 21.3 What You Need to Know Router A router connects your local network with another network, such as the Internet. The router has two IP addresses, the LAN IP address and the WAN IP address. Figure 121 LAN and WAN IP Addresses in Router Mode AP An AP extends one network and so has just one IP address. All Ethernet ports on the AP have the same IP address. To connect to the Internet, another device, such as a router, is required.
Chapter 21 Sys OP Mode 21.4 General Screen Use this screen to select how you connect to the Internet. Figure 123 Maintenance > Sys OP Mode > General If you select Router Mode, the following pop-up message window appears. Figure 124 Maintenance > Sys Op Mode > General: Router • In this mode there are both LAN and WAN ports. The LAN Ethernet and WAN Ethernet ports have different IP addresses. • The DHCP server on your device is enabled and allocates IP addresses to other devices on your local network.
Chapter 21 Sys OP Mode The following table describes the labels in the General screen. Table 74 Maintenance > Sys OP Mode > General LABEL DESCRIPTION System Operation Mode Router Select Router if your device routes traffic between a local network and another network such as the Internet. This mode offers services such as a firewall or content filter. Access Point Select Access Point if your device bridges traffic between clients on the same network. Apply Click Apply to save your settings.
C HA PT ER 22 Language 22.1 Language Screen Use this screen to change the language for the Web Configurator display. Click the language you prefer. The Web Configurator language changes after a while without restarting the NBG4604.
Chapter 22 Language 194 NBG4604 User’s Guide
C HA PT ER 23 Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • NBG4604 Access and Login • Internet Access • Resetting the NBG4604 to Its Factory Defaults • Wireless Router/AP Troubleshooting 23.1 Power, Hardware Connections, and LEDs The NBG4604 does not turn on. None of the LEDs turn on.
Chapter 23 Troubleshooting 3 Inspect your cables for damage. Contact the vendor to replace any damaged cables. 4 Disconnect and re-connect the power adaptor to the NBG4604. 5 If the problem continues, contact the vendor. 23.2 NBG4604 Access and Login I don’t know the IP address of my NBG4604. 1 The default IP address is 192.168.1.1.
Chapter 23 Troubleshooting 2 If this does not work, you have to reset the device to its factory defaults. See Section 23.4 on page 199. I cannot see or access the Login screen in the Web Configurator. 1 Make sure you are using the correct IP address. • The default IP address is 192.168.1.1. • If you changed the IP address (Section 4.4.1 on page 54), use the new IP address.
Chapter 23 Troubleshooting 2 This can happen when you fail to log out properly from your last session. Try logging in again after 5 minutes. 3 Disconnect and re-connect the power adaptor or cord to the NBG4604. 4 If this does not work, you have to reset the device to its factory defaults. See Section 23.4 on page 199. 23.3 Internet Access I cannot access the Internet. 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide.
Chapter 23 Troubleshooting 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.5 on page 17. 2 Reboot the NBG4604. 3 If the problem continues, contact your ISP. The Internet connection is slow or intermittent. 1 There might be a lot of traffic on the network. Look at the LEDs, and check Section 1.5 on page 17.
Chapter 23 Troubleshooting 2 Press the RESET button for longer than 1 second to restart/reboot the NBG4604. 3 Press the RESET button for longer than five seconds to set the NBG4604 back to its factory-default configurations. If the NBG4604 restarts automatically, wait for the NBG4604 to finish restarting, and log in to the Web Configurator. The password is “1234”. If the NBG4604 does not restart automatically, disconnect and reconnect the NBG4604’s power. Then, follow the directions above again. 23.
Chapter 23 Troubleshooting Make sure that you select the Enable URL Keyword Blocking check box in the Content Filtering screen. Make sure that the keywords that you type are listed in the Keyword List. If a keyword that is listed in the Keyword List is not blocked when it is found in a URL, customize the keyword blocking using commands. See the Customizing Keyword Blocking URL Checking section in the Content Filter chapter. I can access the Internet, but I cannot open my network folders.
Chapter 23 Troubleshooting 202 NBG4604 User’s Guide
A PPENDIX A IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts. Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks.
Appendix A IP Addresses and Subnetting The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. Figure 127 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask.
Appendix A IP Addresses and Subnetting Table 75 Subnet Mask - Identifying Network Number Network Number 1ST OCTET: 2ND OCTET: 3RD OCTET: 4TH OCTET (192) (168) (1) (2) 11000000 10101000 00000001 Host ID 00000010 By convention, subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits.
Appendix A IP Addresses and Subnetting As these two IP addresses cannot be used for individual hosts, calculate the maximum number of possible hosts in a network as follows: Table 77 Maximum Host Numbers SUBNET MASK HOST ID SIZE 8 bits 24 bits 255.0.0.0 16 bits 255.255.0.0 24 bits 255.255.255.0 29 bits 255.255.255.
Appendix A IP Addresses and Subnetting Subnetting You can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons. In this example, the company network address is 192.168.1.0. The first three octets of the address (192.168.
Appendix A IP Addresses and Subnetting The following figure shows the company network after subnetting. There are now two sub-networks, A and B. Figure 129 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 27 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address). 192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127 with mask 255.255.255.
Appendix A IP Addresses and Subnetting Each subnet contains 6 host ID bits, giving 26 - 2 or 62 hosts for each subnet (a host ID of all zeroes is the subnet itself, all ones is the subnet’s broadcast address). Table 79 Subnet 1 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address (Decimal) 192.168.1. 0 IP Address (Binary) 11000000.10101000.00000001. 00000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.0 Lowest Host ID: 192.168.1.
Appendix A IP Addresses and Subnetting Table 82 Subnet 4 (continued) LAST OCTET BIT VALUE IP/SUBNET MASK NETWORK NUMBER Subnet Address: 192.168.1.192 Lowest Host ID: 192.168.1.193 Broadcast Address: 192.168.1.255 Highest Host ID: 192.168.1.254 Example: Eight Subnets Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet.
Appendix A IP Addresses and Subnetting The following table is a summary for subnet planning on a network with a 16-bit network number. Table 85 16-bit Network Number Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. HOSTS PER NO. SUBNETS SUBNET 1 255.255.128.0 (/17) 2 32766 2 255.255.192.0 (/18) 4 16382 3 255.255.224.0 (/19) 8 8190 4 255.255.240.0 (/20) 16 4094 5 255.255.248.0 (/21) 32 2046 6 255.255.252.0 (/22) 64 1022 7 255.255.254.0 (/23) 128 510 8 255.255.255.
Appendix A IP Addresses and Subnetting that you entered. You don't need to change the subnet mask computed by the NBG4604 unless you are instructed to do otherwise. Private IP Addresses Every machine on the Internet must have a unique address. If your networks are isolated from the Internet (running only between two branch offices, for example) you can assign any IP addresses to the hosts without problems.
A PPENDIX B Pop-up Windows, JavaScript and Java Permissions In order to use the Web Configurator you need to allow: • Web browser pop-up windows from your device. • JavaScript (enabled by default). • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary. Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device.
Appendix B Pop-up Windows, JavaScript and Java Permissions 1 In Internet Explorer, select Tools, Internet Options, Privacy. 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 131 Internet Options: Privacy 3 Click Apply to save this setting. Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps.
Appendix B Pop-up Windows, JavaScript and Java Permissions 2 Select Settings…to open the Pop-up Blocker Settings screen. Figure 132 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1.
Appendix B Pop-up Windows, JavaScript and Java Permissions 4 Click Add to move the IP address to the list of Allowed sites. Figure 133 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScript If pages of the Web Configurator do not display properly in Internet Explorer, check that JavaScript are allowed.
Appendix B Pop-up Windows, JavaScript and Java Permissions 1 In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 134 Internet Options: Security 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default).
Appendix B Pop-up Windows, JavaScript and Java Permissions 6 Click OK to close the window. Figure 135 Security Settings - Java Scripting Java Permissions 218 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected.
Appendix B Pop-up Windows, JavaScript and Java Permissions 5 Click OK to close the window. Figure 136 Security Settings - Java JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for
Appendix B Pop-up Windows, JavaScript and Java Permissions 3 Click OK to close the window.
A PPENDIX C Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer. Windows 3.1 requires the purchase of a thirdparty TCP/IP application package.
Appendix C Setting up Your Computer’s IP Address Windows 95/98/Me Click Start, Settings, Control Panel and double-click the Network icon to open the Network window. Figure 138 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add. 2 Select Adapter and then click Add.
Appendix C Setting up Your Computer’s IP Address 3 Select Microsoft from the list of manufacturers. 4 Select TCP/IP from the list of network protocols and then click OK. If you need Client for Microsoft Networks: 1 Click Add. 2 Select Client and then click Add. 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click OK. 5 Restart your computer so the changes you made take effect.
Appendix C Setting up Your Computer’s IP Address 3 Click the DNS Configuration tab. • If you do not know your DNS information, select Disable DNS. • If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in). Figure 140 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways.
Appendix C Setting up Your Computer’s IP Address 3 Select your network adapter. You should see your computer's IP address, subnet mask and default gateway. Windows 2000/NT/XP The following example figures use the default Windows XP GUI theme. 1 Click start (Start in Windows 2000/NT), Settings, Control Panel.
Appendix C Setting up Your Computer’s IP Address 2 In the Control Panel, double-click Network Connections (Network and Dialup Connections in Windows 2000/NT). Figure 142 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties.
Appendix C Setting up Your Computer’s IP Address 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 144 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). • If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields.
Appendix C Setting up Your Computer’s IP Address • Click Advanced. Figure 145 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: • In the IP Settings tab, in IP addresses, click Add. • In TCP/IP Address, type an IP address in IP address and a subnet mask in Subnet mask, and then click Add.
Appendix C Setting up Your Computer’s IP Address • Click OK when finished. Figure 146 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
Appendix C Setting up Your Computer’s IP Address If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. Figure 147 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT).
Appendix C Setting up Your Computer’s IP Address Macintosh OS 8/9 1 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/ IP Control Panel.
Appendix C Setting up Your Computer’s IP Address 2 Select Ethernet built-in from the Connect via list. Figure 149 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your Prestige in the Router address box.
Appendix C Setting up Your Computer’s IP Address Macintosh OS X 1 Click the Apple menu, and click System Preferences to open the System Preferences window. Figure 150 Macintosh OS X: Apple Menu 2 Click Network in the icon bar. • Select Automatic from the Location list. • Select Built-in Ethernet from the Show list. • Click the TCP/IP tab. 3 For dynamically assigned settings, select Using DHCP from the Configure list.
Appendix C Setting up Your Computer’s IP Address 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your Prestige in the Router address box. 5 Click Apply Now and close the window. 6 Turn on your Prestige and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the Network window.
Appendix C Setting up Your Computer’s IP Address 2 Double-click on the profile of the network card you wish to configure. The Ethernet Device General screen displays as shown. Figure 153 Red Hat 9.0: KDE: Ethernet Device: General • If you have a dynamic IP address click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields.
Appendix C Setting up Your Computer’s IP Address 5 Click the Devices tab. 6 Click the Activate button to apply the changes. The following screen displays. Click Yes to save the changes in all screens. Figure 155 Red Hat 9.0: KDE: Network Configuration: Activate 7 After the network card restart process is complete, make sure the Status is Active in the Network Configuration screen.
Appendix C Setting up Your Computer’s IP Address • If you have a static IP address, enter static in the BOOTPROTO= field. Type IPADDR= followed by the IP address (in dotted decimal notation) and type NETMASK= followed by the subnet mask. The following example shows an example where the static IP address is 192.168.1.10 and the subnet mask is 255.255.255.0. Figure 157 Red Hat 9.0: Static IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=static IPADDR=192.168.1.10 NETMASK=255.255.255.
Appendix C Setting up Your Computer’s IP Address 23.5.1 Verifying Settings Enter ifconfig in a terminal screen to check your TCP/IP properties. Figure 160 Red Hat 9.0: Checking TCP/IP Properties [root@localhost]# ifconfig eth0 Link encap:Ethernet HWaddr 00:50:BA:72:5B:44 inet addr:172.23.19.129 Bcast:172.23.19.255 Mask:255.255.255.
A PPENDIX D Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an Ad-hoc network or Independent Basic Service Set (IBSS).
Appendix D Wireless LANs with each other. When Intra-BSS is disabled, wireless station A and B can still access the wired network but cannot communicate with each other. Figure 162 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN.
Appendix D Wireless LANs An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless stations within the same ESS must have the same ESSID in order to communicate. Figure 163 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels available depend on your geographical area.
Appendix D Wireless LANs wireless gateway, but out-of-range of each other, so they cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other. Figure 164 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel.
Appendix D Wireless LANs Fragmentation Threshold A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes) that can be sent in the wireless network before the AP will fragment the packet into smaller data frames. A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference.
Appendix D Wireless LANs several intermediate rate steps between the maximum and minimum data rates. The IEEE 802.11g data rate and modulation are as follows: Table 86 IEEE 802.11g DATA RATE (MBPS) MODULATION 1 DBPSK (Differential Binary Phase Shift Keyed) 2 DQPSK (Differential Quadrature Phase Shift Keying) 5.5 / 11 CCK (Complementary Code Keying) 6/9/12/18/24/36/ 48/54 OFDM (Orthogonal Frequency Division Multiplexing) IEEE 802.1x In June 2001, the IEEE 802.
Appendix D Wireless LANs Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication: • Access-Request Sent by an access point requesting authentication. • Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access. • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access.
Appendix D Wireless LANs However, MD5 authentication has some weaknesses. Since the authentication server needs to get the plaintext passwords, the passwords must be stored. Thus someone other than the authentication server may access the password file. In addition, it is possible to impersonate an authentication server as MD5 authentication method does not perform mutual authentication. Finally, MD5 authentication method does not support data encryption with dynamic session key.
Appendix D Wireless LANs If this feature is enabled, it is not necessary to configure a default encryption key in the Wireless screen. You may still configure and store keys here, but they will not be used while Dynamic WEP is enabled. Note: EAP-MD5 cannot be used with dynamic WEP key exchange For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption.
Appendix D Wireless LANs TKIP regularly changes and rotates the encryption keys so that the same encryption key is never used twice. The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients. This all happens in the background automatically.
Appendix D Wireless LANs 23.5.2 WPA(2)-PSK Application Example A WPA(2)-PSK application looks as follows. 1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters (including spaces and symbols). 2 The AP checks each wireless client's password and (only) allows it to join the network if the password matches. 3 The AP derives and distributes keys to the wireless clients.
Appendix D Wireless LANs Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. MAC address filters are not dependent on how you configure these security features. Table 88 Wireless Security Relational Matrix AUTHENTICATION METHOD/ KEY MANAGEMENT PROTOCOL ENCRYPTIO ENTER IEEE 802.
A PPENDIX E Services The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like. • Protocol: This is the type of IP protocol used by the service. If this is TCP/ UDP, then the service uses the same port number with TCP and UDP. If this is User-Defined, the Port(s) is the IP protocol number, not the port number.
Appendix E Services Table 89 Examples of Services (continued) 252 NAME PROTOCOL PORT(S) DESCRIPTION FTP TCP 20 TCP 21 File Transfer Program, a program to enable fast transfer of files, including large files that may not be possible by e-mail. H.323 TCP 1720 NetMeeting uses this protocol. HTTP TCP 80 Hyper Text Transfer Protocol - a client/ server protocol for the world wide web. HTTPS TCP 443 HTTPS is a secured http session often used in e-commerce.
Appendix E Services Table 89 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION POP3 TCP 110 Post Office Protocol version 3 lets a client computer get e-mail from a POP3 server through a temporary connection (TCP/IP or other). POP3S TCP 995 This is a more secure version of POP3 that runs over SSL. PPTP TCP 1723 Point-to-Point Tunneling Protocol enables secure transfer of data over public networks. This is the control channel.
Appendix E Services Table 89 Examples of Services (continued) 254 NAME PROTOCOL PORT(S) DESCRIPTION SSDP UDP 1900 The Simple Service Discovery Protocol supports Universal Plug-and-Play (UPnP). SSH TCP/UDP 22 Secure Shell Remote Login Program. STRM WORKS UDP 1558 Stream Works Protocol. SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server. TACACS UDP 49 Login Host Protocol used for (Terminal Access Controller Access Control System).
A PPENDIX F Legal Information Copyright Copyright © 2012 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
Appendix F Legal Information This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This device generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
Appendix F Legal Information implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser. To obtain the services of this warranty, contact your vendor. You may also refer to the warranty policy for the region in which you bought the device at http://www.zyxel.com/ web/support_warranty_info.php.
Appendix F Legal Information [Portuguese] ZyXEL declara que este equipamento está conforme com os requisitos essenciais e outras disposições da Directiva 1999/5/EC. [Slovenian] ZyXEL izjavlja, da je ta oprema v skladu z bistvenimi zahtevami in ostalimi relevantnimi določili direktive 1999/5/EC. [Slovak] ZyXEL týmto vyhlasuje, že zariadenia spĺňa základné požiadavky a všetky príslušné ustanovenia Smernice 1999/5/EC.
Appendix F Legal Information The Belgian Institute for Postal Services and Telecommunications (BIPT) must be notified of any outdoor wireless link having a range exceeding 300 meters. Please check http:// www.bipt.be for more details. Draadloze verbindingen voor buitengebruik en met een reikwijdte van meer dan 300 meter dienen aangemeld te worden bij het Belgisch Instituut voor postdiensten en telecommunicatie (BIPT). Zie http://www.bipt.be voor meer gegevens.
Appendix F Legal Information Notes: 1. Although Norway, Switzerland and Liechtenstein are not EU member states, the EU Directive 1999/5/EC has also been implemented in those countries. 2. The regulatory limits for maximum output power are specified in EIRP. The EIRP level (in dBm) of a device can be calculated by adding the gain of the antenna used(specified in dBi) to the output power available at the connector (specified in dBm).
Appendix F Legal Information • Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a new one. • Do not use the device outside, and make sure all the connections are indoors. There is a remote risk of electric shock from lightning. • Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device. • Antenna Warning! This device meets ETSI and FCC certification requirements when using the included antenna(s). Only use the included antenna(s).
Appendix F Legal Information 262 NBG4604 User’s Guide
Index Index A ACL rule 133 ACS 160 Configuration backup 186 reset the factory defaults 188 restore 187 Alert 179 content filtering 137 by keyword (in URL) 138 by web feature 137 alternative subnet mask notation 206 copyright 255 AP 15 CPU usage 42, 51 AP (Access Point) 241 CTS (Clear to Send) 242 AP Mode menu 52 overview 49 status screen 50 D Address Assignment 96 AP+Bridge 15 Auto-bridge 106 Daylight saving 176 DDNS service providers 126 B DHCP 45, 111 DHCP server see also Dynamic Host Con
Index Dynamic Host Configuration Protocol 111 Dynamic WEP Key Exchange 246 Guide Quick Start 2 DynDNS 126 DynDNS see also DDNS 126 H E Hidden Node 241 EAP Authentication 245 Hyper Text Transfer Protocol 151 HTTP 151 e-mail 86 Encryption 247 encryption 74 and local (user) database 74 key 75 WPA compatible 74 ESS 240 ESSID 200 Extended Service Set 240 Extended wireless security 26 I IANA 212 IBSS 239 IEEE 802.
Index Link type 43, 51 local (user) database 73 and encryption 74 O Operating Channel 42, 51 Local Area Network 107 operating mode 15 Log 180 other documentation 2 M P MAC 81 P2P 152 MAC address 73, 97 cloning 34, 97 peer-to-peer 152 MAC address filter 73 MAC address filtering 81 MAC filter 81 Management Information Base (MIB) 158 managing the device good habits 16 using the Web Configurator. See Web Configurator. using the WPS. See WPS.
Index Remote management 153 and NAT 154 and the firewall 153 limitations 154 remote management session 154 system timeout 154 remote management FTP 156 Telnet 156 Reset button 40, 188 Reset the device 40 Restore configuration 187 RFC 3489 161 Roaming 83 RTS (Request To Send) 242 RTS Threshold 241, 242 RTS/CTS Threshold 72, 83 S safety warnings 260 Scheduling 89 Security Parameters 250 Service and port numbers 152 Service Set 76 Service Set IDentification 76 Static Route 142 Status 40 subnet 203 Subnet Ma
Index V VPN 102 W WAN IP address assignment 31 WAN (Wide Area Network) 95 WAN advanced 105 WAN IP address 31 WAN IP address assignment 33 WAN MAC address 97 warranty 256 note 256 Web Configurator 16 how to access 38 Overview 37 Web configurator navigating 40 WEP Encryption 79 WEP encryption 78 WEP key 78 Wireless association list 47 wireless channel 200 wireless LAN 200 wireless LAN scheduling 89 Wireless LAN wizard 24 Wireless network basic guidelines 72 channel 72 encryption 74 example 71 MAC address fi
Index complete 35 Internet connection 26 system information 22 wireless LAN 24 WLAN Interference 241 Security Parameters 250 World Wide Web 151 WPA compatible 74 WPA, WPA2 247 WPS 16 WWW 86, 151 X Xbox Live 152 268 NBG4604 User’s Guide