Page 1 NBG420N Wireless N Router User’s Guide Version 3.60 3/2008 Edition 1 DEFAULT LOGIN IP Address http://192.168.1.1 Password 1234 www.zyxel.com...
Page 3: About This User's Guide
Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan.
Page 4: Document Conventions
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. Warnings tell you about things that could harm you or your device. Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.
Page 5 Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The NBG420N icon is not an exact representation of your device. NBG420N Server Telephone Modem NBG420N User’s Guide Computer Notebook computer DSLAM Firewall Switch Router Document Conventions...
Page 6: Safety Warnings
Safety Warnings For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. •...
Page 7 Safety Warnings NBG420N User’s Guide...
Page 8 Safety Warnings NBG420N User’s Guide...
Page 9: Table Of Contents
Introduction ... 29 Getting to Know Your NBG420N ... 31 The WPS Button ... 35 Introducing the Web Configurator ... 37 Connection Wizard ... 49 AP Mode ... 65 Tutorials ... 73 Network ... 87 Wireless LAN ... 89 WAN ...117 LAN ...
Page 10 Contents Overview NBG420N User’s Guide...
Page 11: Table Of Contents
About This User's Guide ... 3 Document Conventions... 4 Safety Warnings... 6 Contents Overview ... 9 Table of Contents... 11 List of Figures ... 19 List of Tables... 25 Part I: Introduction... 29 Chapter 1 Getting to Know Your NBG420N... 31 1.1 Overview ...
Page 12 Table of Contents 3.5.2 Summary: Any IP Table ... 44 3.5.3 Summary: Bandwidth Management Monitor 3.5.4 Summary: DHCP Table 3.5.5 Summary: Packet Statistics 3.5.6 Summary: VPN Monitor ... 47 3.5.7 Summary: Wireless Station Status Chapter 4 Connection Wizard ... 49 4.1 Wizard Setup ...
Page 13 6.1.1 How to Connect to the Internet from an AP ... 73 6.1.2 Configure Wireless Security Using WPS on both your NBG420N and Wireless Client 73 6.1.3 Enable and Configure Wireless Security without WPS on your NBG420N ... 76 6.1.4 Configure Your Notebook ... 78 6.2 Site-To-Site VPN Tunnel Tutorial ...
Page 14 Table of Contents 7.11 Accessing the iPod Touch Web Configurator ...114 7.11.1 Accessing the iPod Touch Web Configurator ...115 Chapter 8 WAN... 117 8.1 WAN Overview ...117 8.2 WAN MAC Address ...117 8.3 Multicast ...117 8.4 Internet Connection ...118 8.4.1 Ethernet Encapsulation ...118 8.4.2 PPPoE Encapsulation ...119 8.4.3 PPTP Encapsulation ...
Page 15 11.4.1 Game List Example ... 141 11.5 Trigger Port Forwarding ... 142 11.5.1 Trigger Port Forwarding Example ... 142 11.5.2 Two Points To Remember About Trigger Ports ... 143 11.6 NAT Advanced Screen ... 143 Chapter 12 Dynamic DNS ... 147 12.1 Dynamic DNS Introduction ...
Page 16 Table of Contents 15.1 IPSec VPN Overview ... 165 15.1.1 What You Can Do in the IPSec VPN Screens ... 165 15.1.2 What You Need To Know About IPSec VPN ... 166 15.1.3 IKE SA (IKE Phase 1) Overview ... 166 15.1.4 IPSec SA (IKE Phase 2) Overview 15.2 The General Screen ...
Page 17 18.1.2 Remote Management and NAT ... 210 18.1.3 System Timeout ... 210 18.2 WWW Screen ... 210 18.3 Telnet ...211 18.4 Telnet Screen ...211 18.5 FTP Screen ... 212 18.6 DNS Screen ... 212 Chapter 19 Universal Plug-and-Play (UPnP)... 215 19.1 Introducing Universal Plug and Play ...
Page 18 Table of Contents Chapter 23 Configuration Mode ... 257 Chapter 24 Sys Op Mode ... 259 24.1 Overview ... 259 24.1.1 Router ... 259 24.1.2 AP ... 259 24.2 Selecting System Operation Mode ... 260 Chapter 25 Language ... 263 25.1 Language Screen ...
Page 19: List Of Figures
List of Figures List of Figures Figure 1 Secure Wireless Internet Access in Router Mode ... 31 Figure 2 Wireless Internet Access in AP Mode ... 32 Figure 3 Front Panel ... 33 Figure 4 Change Password Screen ... 38 Figure 5 Selecting the setup mode ...
Page 20 List of Figures Figure 39 Status: AP Mode ... 78 Figure 40 Connecting a Wireless Client to a Wireless Network t ... 79 Figure 41 Security Settings ... 79 Figure 42 Confirm Save ... 79 Figure 43 Link Status ... 80 Figure 44 Site-To-Site VPN Tunnel ...
Page 21 List of Figures Figure 82 Any IP Example ... 129 Figure 83 Network > LAN > IP ... 130 Figure 84 Network > LAN > IP Alias ... 131 Figure 85 Network > LAN > Advanced ... 131 Figure 86 Network > DHCP > General ...
Page 22 List of Figures Figure 125 Management > Bandwidth MGMT > Monitor ... 207 Figure 126 Management > Remote MGMT > WWW ... 210 Figure 127 Management > Remote MGMT > Telnet ...211 Figure 128 Management > Remote MGMT > FTP ... 212 Figure 129 Management >...
Page 23 List of Figures Figure 168 Pop-up Blocker ... 279 Figure 169 Internet Options: Privacy ... 280 Figure 170 Internet Options: Privacy ... 281 Figure 171 Pop-up Blocker Settings ... 281 Figure 172 Internet Options: Security ... 282 Figure 173 Security Settings - Java Scripting ... 283 Figure 174 Security Settings - Java ...
Page 24 List of Figures NBG420N User’s Guide...
Page 25: List Of Tables
Table 1 Features Available in Router Mode vs. AP Mode ... 32 Table 2 Front Panel LEDs ... 33 Table 3 Status Screen Icon Key ... 40 Table 4 Web Configurator Status Screen Table 5 Screens Summary ... 42 Table 6 Summary: DHCP Table ... 45 Table 7 Summary: Packet Statistics ...
Page 26 List of Tables Table 39 Scheduling ... 108 Table 40 Login Screen ... 109 Table 41 System Status screen ...111 Table 42 Port Forwarding ...114 Table 43 Network > WAN > Internet Connection: Ethernet Encapsulation ...119 Table 44 Network > WAN > Internet Connection: PPPoE Encapsulation ... 121 Table 45 Network >...
Page 27 List of Tables Table 82 Management > Remote MGMT > DNS ... 213 Table 83 Management > UPnP > General ... 216 Table 84 Maintenance > System > General ... 229 Table 85 Maintenance > System > Time Setting ... 231 Table 86 Maintenance >...
Page 28 List of Tables Table 125 Eight Subnets ... 290 Table 126 24-bit Network Number Subnet Planning ... 291 Table 127 16-bit Network Number Subnet Planning ... 291 Table 128 IEEE 802.11g ... 313 Table 129 Comparison of EAP Authentication Types ... 316 Table 130 Wireless Security Relational Matrix ...
Page 29: Introduction
Introduction Getting to Know Your NBG420N (31) The WPS Button (35) Introducing the Web Configurator (37) Connection Wizard (49) AP Mode (65) Tutorials (73)
Page 31: Getting To Know Your Nbg420N
H A P T E R Getting to Know Your NBG420N This chapter introduces the main features and applications of the NBG420N. 1.1 Overview The NBG420N acts as either an access point (AP) or a secure broadband router for all data passing between the Internet and your local network.
Page 32: Ap Mode
Chapter 1 Getting to Know Your NBG420N 1.3 AP Mode Select AP Mode if you already have a router or gateway on your network which provides network services such as a firewall or bandwidth management. The following figure shows computers in a WLAN connecting to the NBG420N, which acts as an access point (A).
Page 33: Ways To Manage The Nbg420N
1.5 Ways to Manage the NBG420N Use any of the following methods to manage the NBG420N. • Web Configurator. This is recommended for everyday management of the NBG420N using a (supported) web browser. • Command Line Interface. Line commands are mostly used for troubleshooting by service engineers.
Page 34 Chapter 1 Getting to Know Your NBG420N Table 2 Front Panel LEDs (continued) COLOR LAN 1-4 Green Amber Green Amber WLAN Green Green STATUS DESCRIPTION The NBG420N has a successful 10MB Ethernet connection. Blinking The NBG420N is sending/receiving data. The NBG420N has a successful 100MB Ethernet connection.
Page 35: The Wps Button
H A P T E R 2.1 Overview Your NBG420N supports WiFi Protected Setup (WPS), which is an easy way to set up a secure wireless network. WPS is an industry standard specification, defined by the WiFi Alliance. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually.
Page 36 Chapter 2 The WPS Button NBG420N User’s Guide...
Page 37: Introducing The Web Configurator
H A P T E R This chapter describes how to access the NBG420N web configurator and provides an overview of its screens. 3.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy setup and management of the NBG420N via Internet browser.
Page 38: Figure 4 Change Password Screen
Chapter 3 Introducing the Web Configurator 4 Type "1234" (default) as the password and click Login. In some versions, the default password appears automatically - if this is the case, click Login. 5 You should see a screen asking you to change your password (highly recommended) as shown next.
Page 39: Resetting The Nbg420N
Figure 5 Selecting the setup mode 3.3 Resetting the NBG420N If you forget your password or IP address, or you cannot access the web configurator, you will need to use the RESET button at the back of the NBG420N to reload the factory-default configuration file.
Page 40: Figure 6 Web Configurator Status Screen
Chapter 3 Introducing the Web Configurator Figure 6 Web Configurator Status Screen The following table describes the icons shown in the Status screen. Table 3 Status Screen Icon Key ICON DESCRIPTION Click this icon to open the setup wizard. Click this icon to view copyright and a link for related product information. Click this icon at any time to exit the web configurator.
Page 41 Table 4 Web Configurator Status Screen (continued) LABEL DESCRIPTION WAN Information - MAC Address This shows the WAN Ethernet adapter MAC Address of your device. - IP Address This shows the WAN port’s IP address. - IP Subnet Mask This shows the WAN port’s subnet mask. - DHCP This shows the WAN port’s DHCP role - Client or None.
Page 42: Navigation Panel
Chapter 3 Introducing the Web Configurator Table 4 Web Configurator Status Screen (continued) LABEL DESCRIPTION Status For the LAN and WAN ports, this field displays Down (line is down) or Up (line is up or connected). For the WLAN, it displays Up when the WLAN is enabled or Down when the WLAN is disabled.
Page 43 Table 5 Screens Summary LINK IP Alias Advanced DHCP General Server Advanced Client List General Application Advanced DDNS General Security Firewall General Services Content Filter Filter Schedule General SA Monitor Management Static Route IP Static Route Bandwidth General MGMT Advanced Monitor Remote MGMT...
Page 44: Summary: Any Ip Table
Chapter 3 Introducing the Web Configurator Table 5 Screens Summary LINK System General Time Setting Logs View Log Log Settings Tools Firmware Configuration Restart Wake On Config Mode General Sys OP General Mode Language 3.5.2 Summary: Any IP Table This screen displays the IP address of each computer that is using the NBG420N via the any IP feature.
Page 45: Summary: Dhcp Table
Figure 8 Summary: BW MGMT Monitor 3.5.4 Summary: DHCP Table DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the NBG420N’s LAN as a DHCP server or disable it. When configured as a server, the NBG420N provides the TCP/IP configuration for the clients.
Page 46: Summary: Packet Statistics
Chapter 3 Introducing the Web Configurator 3.5.5 Summary: Packet Statistics Click the Packet Statistics (Details...) hyperlink in the Status screen. Read-only information here includes port status, packet specific statistics and the "system up time". The Poll Interval(s) field is configurable and is used for refreshing the screen. Figure 10 Summary: Packet Statistics The following table describes the labels in this screen.
Page 47: Summary: Vpn Monitor
3.5.6 Summary: VPN Monitor Click the VPN Monitor (Details...) hyperlink in the Status screen. This screen displays read- only information about the active VPN connections. Click the Refresh button to update the screen. A Security Association (SA) is the group of security settings related to a specific VPN tunnel.
Page 48: Table 9 Summary: Wireless Association List
Chapter 3 Introducing the Web Configurator The following table describes the labels in this screen. Table 9 Summary: Wireless Association List LABEL MAC Address Association Time Refresh DESCRIPTION This is the index number of an associated wireless station. This field displays the MAC address of an associated wireless station. This field displays the time a wireless station first associated with the NBG420N’s WLAN network.
Page 49: Connection Wizard
H A P T E R This chapter provides information on the wizard setup screens in the web configurator. 4.1 Wizard Setup The web configurator’s wizard setup helps you configure your device to access the Internet. Refer to your ISP (Internet Service Provider) checklist in the Quick Start Guide to know what to enter in each field.
Page 50: Connection Wizard: Step 1: System Information
Chapter 4 Connection Wizard Figure 14 Select a Language 3 Read the on-screen information and click Next. Figure 15 Welcome to the Connection Wizard 4.2 Connection Wizard: STEP 1: System Information System Information contains administrative and system-related information. 4.2.1 System Name System Name is for identification purposes.
Page 51: Domain Name
4.2.2 Domain Name The Domain Name entry is what is propagated to the DHCP clients on the LAN. If you leave this blank, the domain name obtained by DHCP from the ISP is used. While you must enter the host name (System Name) on each individual computer, the domain name can be assigned from the NBG420N via DHCP.
Page 52: Figure 17 Wizard Step 2: Wireless Lan
Chapter 4 Connection Wizard Figure 17 Wizard Step 2: Wireless LAN The following table describes the labels in this screen. Table 11 Wizard Step 2: Wireless LAN LABEL DESCRIPTION Name (SSID) Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN.
Page 53: Basic (Wep) Security
4.3.1 Basic (WEP) Security Choose Basic (WEP) to setup WEP Encryption parameters. Figure 18 Wizard Step 2: Basic (WEP) Security The following table describes the labels in this screen. Table 12 Wizard Step 2: Basic (WEP) Security LABEL DESCRIPTION Passphrase Type a Passphrase (up to 32 printable characters) and click Generate.
Page 54: Extend (Wpa-Psk Or Wpa2-Psk) Security
Chapter 4 Connection Wizard Table 12 Wizard Step 2: Basic (WEP) Security LABEL DESCRIPTION Next Click Next to proceed to the next screen. Exit Click Exit to close the wizard screen without saving. 4.3.2 Extend (WPA-PSK or WPA2-PSK) Security Choose Extend (WPA-PSK) or Extend (WPA2-PSK) security in the Wireless LAN setup screen to set up a Pre-Shared Key.
Page 55: Ethernet Connection
Figure 20 Wizard Step 3: ISP Parameters. The following table describes the labels in this screen, Table 14 Wizard Step 3: ISP Parameters CONNECTION TYPE Ethernet PPPoE PPTP 4.4.1 Ethernet Connection Choose Ethernet when the WAN port is used as a regular Ethernet. Continue to on page Figure 21 Wizard Step 3: Ethernet Connection 4.4.2 PPPoE Connection...
Page 56: Pptp Connection
Chapter 4 Connection Wizard One of the benefits of PPPoE is the ability to let end users access one of multiple network services, a function known as dynamic service selection. This enables the service provider to easily create and offer new IP services for specific users. Operationally, PPPoE saves significant effort for both the subscriber and the ISP/carrier, as it requires no specific configuration of the broadband modem at the subscriber’s site.
Page 57: Figure 23 Wizard Step 3: Pptp Connection
The NBG420N supports one PPTP server connection at any given time. Figure 23 Wizard Step 3: PPTP Connection The following table describes the fields in this screen Table 16 Wizard Step 3: PPTP Connection LABEL DESCRIPTION ISP Parameters for Internet Access Connection Type Select PPTP from the drop-down list box.
Page 58: Your Ip Address
Chapter 4 Connection Wizard Table 16 Wizard Step 3: PPTP Connection LABEL Next Exit 4.4.4 Your IP Address The following wizard screen allows you to assign a fixed IP address or give the NBG420N an automatically assigned IP address depending on your ISP. Figure 24 Wizard Step 3: Your IP Address The following table describes the labels in this screen Table 17 Wizard Step 3: Your IP Address...
Page 59: Ip Address And Subnet Mask
You can obtain your IP address from the IANA, from an ISP or have it assigned by a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses.
Page 60: Wan Ip And Dns Server Address Assignment
Chapter 4 Connection Wizard 2 If the ISP did not give you DNS server information, leave the DNS Server fields set to 0.0.0.0 in the Wizard screen and/or set to From ISP in the WAN > Internet Connection screen for the ISP to dynamically assign the DNS server IP addresses. 4.4.8 WAN IP and DNS Server Address Assignment The following wizard screen allows you to assign a fixed WAN IP address and DNS server addresses.
Page 61: Wan Mac Address
4.4.9 WAN MAC Address Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. Table 20 Example of Network Properties for LAN Servers with Fixed IP Addresses Choose an IP address Subnet mask Gateway (or default route)
Page 62: Connection Wizard: Step 4: Bandwidth Management
Chapter 4 Connection Wizard 4.5 Connection Wizard: STEP 4: Bandwidth management Bandwidth management allows you to control the amount of bandwidth going out through the NBG420N’s WAN, LAN or WLAN port and prioritize the distribution of the bandwidth according to the traffic type. This helps keep one service from using all of the available bandwidth and shutting out other users.
Page 63: Figure 28 Connection Wizard Save
Chapter 4 Connection Wizard Figure 28 Connection Wizard Save Follow the on-screen instructions and click Finish to complete the wizard setup. Figure 29 Connection Wizard Complete Well done! You have successfully set up your NBG420N to operate on your network and access the Internet.
Page 64 Chapter 4 Connection Wizard NBG420N User’s Guide...
Page 65: Ap Mode
H A P T E R This chapter discusses how to configure settings while your NBG420N is set to AP Mode. Many screens that are available in Router Mode are not available in AP Mode. Chapter 6 on page 73 AP mode.
Page 66: The Status Screen In Ap Mode
Chapter 5 AP Mode Maintenance > Sys OP Mode > General Figure 31 3 A pop-up appears providing information on this mode. Click OK in the pop-up message window. (See Section 24.2 on page 260 Apply. Your NBG420N is now in AP Mode. You do not have to log in again or restart your device when you change modes.
Page 67: Table 23 Web Configurator Status Screen
The following table describes the labels shown in the Status screen. Table 23 Web Configurator Status Screen LABEL DESCRIPTION Device Information System Name This is the System Name you enter in the Maintenance > System > General screen. It is for identification purposes. Firmware Version This is the firmware version and the date created.
Page 68: Navigation Panel
Chapter 5 AP Mode Table 23 Web Configurator Status Screen (continued) LABEL DESCRIPTION Rate For the LAN ports, this displays the port speed and duplex setting or N/A when the line is disconnected. For the WLAN, it displays the maximum transmission rate when the WLAN is enabled and N/A when the WLAN is disabled.
Page 69: Configuring Your Settings
Table 24 Screens Summary LINK Wireless General MAC Filter Advanced WPS Station Scheduling Maintenance System General Time Setting Logs View Log Log Settings Tools Firmware Configuration Restart Wake On Config Mode General Sys OP General Mode Language 5.4 Configuring Your Settings 5.4.1 LAN Settings Use this section to configure your LAN settings while in AP Mode.
Page 70: Figure 34 Network > Lan > Ip
Chapter 5 AP Mode If you change the IP address of the NBG420N in the screen below, you will need to log into the NBG420N again using the new IP address. Figure 34 Network > LAN > IP The table below describes the labels in the screen. Table 25 Network >...
Page 71: Wlan And Maintenance Settings
LABEL DESCRIPTION Apply Click Apply to save your changes to the NBG420N. Reset Click Reset to reload the previous configuration for this screen. 5.4.2 WLAN and Maintenance Settings The configuration of wireless and maintenance settings in AP Mode is the same as for Router Mode.
Page 72 Chapter 5 AP Mode NBG420N User’s Guide...
Page 73: Tutorials
H A P T E R 6.1 Wireless Tutorials 6.1.1 How to Connect to the Internet from an AP This section gives you an example of how to set up an access point (AP) and wireless client (a notebook (B), in this example) for wireless communication. B can access the Internet through the AP wirelessly.
Page 74 Chapter 6 Tutorials 6.1.2.1 Push Button Configuration (PBC) 1 Make sure that your NBG420N is turned on and that it is within range of your computer. 2 Make sure that you have installed the wireless client (this example uses the NWD210N) driver and utility in your notebook.
Page 75: Figure 36 Example Wps Process: Pbc Method
Figure 36 Example WPS Process: PBC Method Wireless Client 6.1.2.2 PIN Configuration When you use the PIN configuration method, you need to use both NBG420N’s configuration interface and the client’s utilities. 1 Launch your wireless client’s configuration utility. Go to the WPS settings and select the PIN method to get a PIN number.
Page 76: Enable And Configure Wireless Security Without Wps On Your Nbg420N
Chapter 6 Tutorials Figure 37 Example WPS Process: PIN Method Wireless Client 6.1.3 Enable and Configure Wireless Security without WPS on your NBG420N This example shows you how to configure wireless security settings with the following parameters on your NBG420N. SSID WITHIN 2 MINUTES Authentication by PIN...
Page 77: Figure 38 Network > Wireless Lan > General
Channel Security WPA-PSK (Pre-Shared Key: ThisismyWPA-PSKpre-sharedkey) Follow the steps below to configure the wireless settings on your NBG420N. The instructions require that your hardware is connected (see the Quick Start Guide) and you are logged into the web configurator through your LAN connection (see 37).
Page 78: Configure Your Notebook
Chapter 6 Tutorials Figure 39 Status: AP Mode 6.1.4 Configure Your Notebook We use the ZyXEL M-302 wireless adapter utility screens as an example for the wireless client. The screens may vary for different models. 1 The NBG420N supports IEEE 802.11b, IEEE 802.11g and IEEE 802.11n wireless clients.
Page 79: Figure 40 Connecting A Wireless Client To A Wireless Network T
Figure 40 Connecting a Wireless Client to a Wireless Network t 5 Select WPA-PSK and type the security key in the following screen. Click Next. Figure 41 Security Settings 6 The Confirm Save window appears. Check your settings and click Save to continue. Figure 42 Confirm Save 7 Check the status of your wireless connection in the screen below.
Page 80: Site-To-Site Vpn Tunnel Tutorial
Chapter 6 Tutorials Figure 43 Link Status 8 If your connection is successful, open your Internet browser and enter www.zyxel.com access the web site, your wireless connection is successfully configured. 6.2 Site-To-Site VPN Tunnel Tutorial Bob and Jack want to setup a VPN connection between their offices. Bob and Jack each have a NBG420N router and a static WAN IP address.
Page 81: Configuring Bob's Nbg420N Vpn Settings
Table 26 Site-To-Site VPN Tunnel Settings (continued) SETTING BOB’S NBG420N Local ID Type Local Content 1.1.1.1 Secure Gateway 2.2.2.2 Address Peer ID Type Peer Content 2.2.2.2 Encapsulation Tunnel Mode IPSec Protocol Pre-Shared Key ThisIsMySecretKey Encryption 3DES Algorithm Authentication SHA1 Algorithm 6.2.1 Configuring Bob’s NBG420N VPN Settings To configure these settings Bob uses the NBG420N web configurator.
Page 82: Figure 47 Remote Policy
Chapter 6 Tutorials End/Mask text box. This value is the same as Jack only wants Bob to access this single IP address. Figure 47 Remote Policy 5 Enter the IP address “1.1.1.1” in the My IP Address text box. This is Bob’s WAN IP address.
Page 83: Configuring Jack's Nbg420N Vpn Settings
Figure 50 VPN Summary 6.2.2 Configuring Jack’s NBG420N VPN Settings To configure these settings Jack uses the NBG420N web configurator. 1 Log into the NBG420N web configurator and click VPN > Modify icon. This displays the VPN Rule Setup (basic) screen. 2 Select the Active checkbox to enable the VPN rule after it has been created.
Page 84: Checking The Vpn Connection
Chapter 6 Tutorials 6 Select IP as the Local ID Type. This is the type of content that will be used to identify Jack’s NBG420N. Enter the IP address “2.2.2.2” in the Local Content text box. This identifies Jack’s NBG420N to Bob’s NBG420N. 7 Enter the IP address “1.1.1.1”...
Page 85: Figure 57 Pinging Jack's Local Ip Address
Chapter 6 Tutorials Figure 57 Pinging Jack’s Local IP Address Pinging is successful which means a VPN tunnel has been established between Bob and Jack’s NBG420Ns. Congratulations! To check this VPN connection click VPN > SA Monitor in the web configurator. Figure 58 SA Monitor If pinging is not successful check the VPN settings on both devices and try again.
Page 86 Chapter 6 Tutorials NBG420N User’s Guide...
Page 87: Network
Network Wireless LAN (89) WAN (117) LAN (127) DHCP (133) Network Address Translation (NAT) (137) Dynamic DNS (147)
Page 89: Wireless Lan
H A P T E R This chapter discusses how to configure the wireless network settings in your NBG420N. See the appendices for more detailed information about wireless networks. 7.1 Wireless Network Overview The following figure provides an example of a wireless network. Figure 59 Example of a Wireless Network The wireless network is the part in the blue circle.
Page 90: Wireless Security Overview
Chapter 7 Wireless LAN • Every wireless client in the same wireless network must use security compatible with the Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network. 7.2 Wireless Security Overview The following sections introduce different types of wireless security you can set up in the wireless network.
Page 91: Encryption
If your AP does not provide a local user database and if you do not have a RADIUS server, you cannot set up user names and passwords for your users. Unauthorized devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network.
Page 92: Roaming
Chapter 7 Wireless LAN When you select WPA2 or WPA2-PSK in your NBG420N, you can also select an option (WPA Compatible) to support WPA as well. In this case, if some wireless clients support WPA and some support WPA2, you should set up WPA2-PSK or WPA2 (depending on the type of wireless network login) and select the WPA Compatible option in the NBG420N.
Page 93: Requirements For Roaming
Figure 60 Roaming Example The steps below describe the roaming process. 1 Wireless station Y moves from the coverage area of access point AP 1 to that of access point AP 2. 2 Wireless station Y scans and detects the signal of access point AP 2. 3 Wireless station Y sends an association request to access point AP 2.
Page 94: Wmm Qos
Chapter 7 Wireless LAN 7.4.1 WMM QoS WMM (Wi-Fi MultiMedia) QoS (Quality of Service) ensures quality of service in wireless networks. It controls WLAN transmission priority on packets to be transmitted over the wireless network. WMM QoS prioritizes wireless traffic according to delivery requirements. WMM QoS is a part of the IEEE 802.11e QoS enhancement to certified Wi-Fi wireless networks.
Page 95: Figure 61 Network > Wireless Lan > General
Figure 61 Network > Wireless LAN > General The following table describes the general wireless LAN labels in this screen. Table 29 Network > Wireless LAN > General LABEL DESCRIPTION Enable Click the check box to activate wireless LAN. Wireless LAN Name(SSID) (Service Set IDentity) The SSID identifies the Service Set with which a wireless station is associated.
Page 96: No Security
Chapter 7 Wireless LAN Table 29 Network > Wireless LAN > General LABEL DESCRIPTION Apply Click Apply to save your changes back to the NBG420N. Reset Click Reset to reload the previous configuration for this screen. See the rest of this chapter for information on the other labels in this screen. 7.5.1 No Security Select No Security to allow wireless stations to communicate with the access points without any data encryption.
Page 97: Figure 63 Network > Wireless Lan > General: Static Wep
Your NBG420N allows you to configure up to four 64-bit or 128-bit WEP keys but only one key can be enabled at any one time. In order to configure and enable WEP encryption; click Network > Wireless LAN to display the General screen.
Page 98: Wpa-Psk/Wpa2-Psk
Chapter 7 Wireless LAN Table 31 Network > Wireless LAN > General: Static WEP LABEL DESCRIPTION Key 1 to Key 4 The WEP keys are used to encrypt data. Both the NBG420N and the wireless stations must use the same WEP key for data transmission. If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F").
Page 99: Wpa/Wpa2
The following table describes the labels in this screen. Table 32 Network > Wireless LAN > General: WPA-PSK/WPA2-PSK LABEL DESCRIPTION WPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field. Select the check box to have both WPA2 and WPA wireless clients be able to communicate with the NBG420N even when the NBG420N is using WPA2-PSK or WPA2.
Page 100: Figure 65 Network > Wireless Lan > General: Wpa/Wpa2
Chapter 7 Wireless LAN Figure 65 Network > Wireless LAN > General: WPA/WPA2 The following table describes the labels in this screen. Table 33 Network > Wireless LAN > General: WPA/WPA2 LABEL WPA Compatible ReAuthentication Timer (in seconds) Idle Timeout DESCRIPTION This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field.
Page 101: Mac Filter
Table 33 Network > Wireless LAN > General: WPA/WPA2 LABEL DESCRIPTION Group Key Update The Group Key Update Timer is the rate at which the AP (if using WPA-PSK/ Timer WPA2-PSK key management) or RADIUS server (if using WPA/WPA2 key management) sends a new group key out to all clients.
Page 102: Wireless Lan Advanced Screen
Chapter 7 Wireless LAN Figure 66 Network > Wireless LAN > MAC Filter The following table describes the labels in this menu. Table 34 Network > Wireless LAN > MAC Filter LABEL DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering. Filter Action Define the filter action for the list of MAC addresses in the MAC Address table.
Page 103: Quality Of Service (Qos) Screen
Figure 67 Network > Wireless LAN > Advanced The following table describes the labels in this screen. Table 35 Network > Wireless LAN > Advanced LABEL DESCRIPTION Roaming Configuration Enable Select this option if your network environment has multiple APs and you want your Roaming wireless device to be able to access the network as you move between wireless networks.
Page 104: Figure 68 Network > Wireless Lan > Qos
Chapter 7 Wireless LAN Figure 68 Network > Wireless LAN > QoS The following table describes the labels in this screen. Table 36 Network > Wireless LAN > QoS LABEL WMM QoS Policy Name Service Dest Port Priority Modify Apply DESCRIPTION Select Default to have the NBG420N automatically give a service a priority level according to the ToS value in the IP header of packets...
Page 105: Application Priority Configuration
7.8.1 Application Priority Configuration Use this screen to edit a WMM QoS application entry. Click the edit icon under Modify. The following screen displays. Figure 69 Network > Wireless LAN > QoS: Application Priority Configuration Appendix F on page 321 following table describes the fields in this screen.
Page 106: Wifi Protected Setup
Chapter 7 Wireless LAN 7.9 WiFi Protected Setup WiFi Protected Setup (WPS) is an industry standard specification, defined by the WiFi Alliance. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually. Depending on the devices in your network, you can either press a button (on the device itself, or in its configuration utility) or enter a PIN (Personal Identification Number) in the devices.
Page 107: Wps Station Screen
7.9.2 WPS Station Screen Use this screen when you want to add a wireless station using WPS. To open this screen, click Network > Wireless LAN > WPS Station tab. Note: After you click Push Button on this screen, you have to press a similar button in the wireless station utility within 2 minutes.
Page 108: Ipod Touch Web Configurator
Chapter 7 Wireless LAN Figure 72 Scheduling The following table describes the labels in this screen. Table 39 Scheduling LABEL Enable Wireless LAN Scheduling WLAN Status Except for the following times (24-Hour Format) Apply Reset 7.10 iPod Touch Web Configurator The iPod Touch web configurator displays when you are connecting to the NBG420N wirelessly with an iPod Touch device through a web browser.
Page 109: Login Screen
1 Make sure the Wireless LAN on the NBG420N is enabled and that you know the security settings (if any). To do this check the Wireless LAN > General screen in the web configurator from your computer. 2 On the iPod Touch’s main screen press Settings > Wi-fi and from the list press the NBG420N’s network name (SSID) to connect to it.
Page 110: System Status
Chapter 7 Wireless LAN 7.10.2 System Status After successfully logging into the iPod Touch web configurator the System Status screen displays. Your changes in the iPod Touch web configurator are saved automatically after pressing a button. If you are going to use the WPS (Wi-Fi Protected Setup) function in the iPod Touch Web Configurator it is recommended to configure your WPS settings first from your computer.
Page 111: Figure 74 System Status Screen
Figure 74 System Status screen The following table describes the labels in this screen. Table 41 System Status screen LABEL DESCRIPTION Logout Press this to logout of the iPod Touch web configurator. IP Address This field displays the NBG420N’s LAN (Local Area Network) IP address. IP Address This field displays the NBG420N’s WAN IP address.
Page 112: Wps In Progress
Chapter 7 Wireless LAN Table 41 System Status screen LABEL Channel PIN Number Push Button Client Number This field displays the number of wireless clients on the network. Security Firewall URL Filtering Management Port Forwarding Activated Rule This field displays the currently activated port forwarding rules. 7.10.3 WPS in Progress After pressing Push Button in the System Status screen the WPS in Progress screen will display.
Page 113: Port Forwarding
Figure 75 WPS In Progress 7.10.4 Port Forwarding After pressing the Details button in the System Status screen the port forwarding screen will display. Use this screen to change the status of port forwarding rules that have been set up in the web configurator from your computer.
Page 114: Accessing The Ipod Touch Web Configurator
Chapter 7 Wireless LAN Figure 76 Port Forwarding The following table describes the labels in this screen. Table 42 Port Forwarding LABEL Rule Port Status 7.11 Accessing the iPod Touch Web Configurator To access the iPod Touch web configurator through your iPod Touch you must first connect it to the NBG420N’s wireless network.
Page 115: Accessing The Ipod Touch Web Configurator
If you have not configured your wireless settings yet you can do so by using the Wizard in the web configurator you access from your computer. Click the Wizard icon or the Go To Wizard Setup web link you see after logging into the web configurator from your computer.
Page 116 Chapter 7 Wireless LAN If the login screen does not display properly, check that you are accessing the correct IP address. Also check your iPod Touch web browser’s security settings as they may affect how the page displays. 4 If you wish to login automatically in the future make sure the Auto Login checkbox is selected.
Page 117: Wan
H A P T E R This chapter describes how to configure WAN settings. 8.1 WAN Overview See the chapter about the connection wizard for more information on the fields in the WAN screens. 8.2 WAN MAC Address The MAC address screen allows users to configure the WAN port's MAC address by either using the factory default or cloning the MAC address from a computer on your LAN.
Page 118: Internet Connection
Chapter 8 WAN The NBG420N supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP-v2). At start up, the NBG420N queries all directly connected networks to gather group membership. After that, the NBG420N periodically updates this information. IP multicasting can be enabled/disabled on the NBG420N LAN and/or WAN interfaces in the web configurator (LAN;...
Page 119: Pppoe Encapsulation
The following table describes the labels in this screen. Table 43 Network > WAN > Internet Connection: Ethernet Encapsulation LABEL DESCRIPTION Encapsulation You must choose the Ethernet option when the WAN port is used as a regular Ethernet. Service Type Choose from Standard, RR-Telstra (RoadRunner Telstra authentication method), RR-Manager (Roadrunner Manager authentication method), RR-Toshiba (Roadrunner Toshiba authentication method) or Telia Login.
Page 120: Figure 79 Network > Wan > Internet Connection: Pppoe Encapsulation
Chapter 8 WAN For the service provider, PPPoE offers an access and authentication method that works with existing access control systems (for example Radius). One of the benefits of PPPoE is the ability to let you access one of multiple network services, a function known as dynamic service selection.
Page 121: Table 44 Network > Wan > Internet Connection: Pppoe Encapsulation
The following table describes the labels in this screen. Table 44 Network > WAN > Internet Connection: PPPoE Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation The PPP over Ethernet choice is for a dial-up connection using PPPoE. The NBG420N supports PPPoE (Point-to-Point Protocol over Ethernet).
Page 122: Pptp Encapsulation
Chapter 8 WAN Table 44 Network > WAN > Internet Connection: PPPoE Encapsulation LABEL DESCRIPTION Set WAN MAC Select this option and enter the MAC address you want to use. Address Apply Click Apply to save your changes back to the NBG420N. Reset Click Reset to begin configuring this screen afresh.
Page 123: Figure 80 Network > Wan > Internet Connection: Pptp Encapsulation
Figure 80 Network > WAN > Internet Connection: PPTP Encapsulation The following table describes the labels in this screen. Table 45 Network > WAN > Internet Connection: PPTP Encapsulation LABEL ISP Parameters for Internet Access Encapsulation User Name NBG420N User’s Guide DESCRIPTION Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a...
Page 124 Chapter 8 WAN Table 45 Network > WAN > Internet Connection: PPTP Encapsulation LABEL Password Retype to Confirm Nailed-up Connection Idle Timeout PPTP Configuration Server IP Address Connection ID/Name Get automatically from Use Fixed IP Address My IP Address My IP Subnet Mask WAN IP Address Assignment Get automatically from...
Page 125: Advanced Wan Screen
8.5 Advanced WAN Screen To change your NBG420N’s advanced WAN settings, click Network > WAN > Advanced. The screen appears as shown. Figure 81 Network > WAN > Advanced The following table describes the labels in this screen. Table 46 WAN > Advanced LABEL Multicast Setup Multicast...
Page 126 Chapter 8 WAN Table 46 WAN > Advanced LABEL Enable Auto-bridge mode Apply Reset DESCRIPTION Select this option to have the NBG420N switch to bridge mode automatically when the NBG420N gets a WAN IP address in the range of 192.168.x.y (where x and y are from zero to nine) no matter what the LAN IP address is.
Page 127: Lan
H A P T E R This chapter describes how to configure LAN settings. 9.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building.
Page 128: Ip Address And Subnet Mask
Chapter 9 LAN 9.2.2 IP Address and Subnet Mask Refer to the IP address and subnet mask section in the Connection Wizard chapter for this information. 9.2.3 Multicast Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network).
Page 129: Figure 82 Any Ip Example
Figure 82 Any IP Example The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the NBG420N’s IP address. You must enable NAT to use the Any IP feature on the NBG420N. Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network.
Page 130: Lan Ip Screen
Chapter 9 LAN 9.3 LAN IP Screen Use this screen to change your basic LAN settings. Click Network > LAN. Figure 83 Network > LAN > IP The following table describes the labels in this screen. Table 47 Network > LAN > IP LABEL LAN TCP/IP IP Address...
Page 131: Advanced Lan Screen
Network > LAN > IP Alias Figure 84 The following table describes the labels in this screen. Table 48 Network > LAN > IP Alias LABEL DESCRIPTION IP Alias 1,2 Select the check box to configure another LAN network for the NBG420N. IP Address Enter the IP address of your NBG420N in dotted decimal notation.
Page 132: Table 49 Network > Lan > Advanced
Chapter 9 LAN The following table describes the labels in this screen. Table 49 Network > LAN > Advanced LABEL Multicast Any IP Setup Active Windows Networking (NetBIOS over TCP/IP): NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls.
Page 133: Dhcp
H A P T E R 10.1 DHCP DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the NBG420N’s LAN as a DHCP server or disable it. When configured as a server, the NBG420N provides the TCP/IP configuration for the clients.
Page 134: Dhcp Advanced Screen
Chapter 10 DHCP Table 50 Network > DHCP > General LABEL Apply Reset 10.3 DHCP Advanced Screen This screen allows you to assign IP addresses on the LAN to specific individual computers based on their MAC addresses. You can also use this screen to configure the DNS server information that the NBG420N sends to the DHCP clients.
Page 135: Client List Screen
Table 51 Network > DHCP > Advanced LABEL DESCRIPTION DNS Server DNS Servers The NBG420N passes a DNS (Domain Name System) server IP address (in the Assigned by DHCP order you specify here) to the DHCP clients. The NBG420N only passes this Server information to the LAN DHCP clients when you select the Enable DHCP Server check box.
Page 136: Figure 88 Network > Dhcp > Client List
Chapter 10 DHCP Figure 88 Network > DHCP > Client List The following table describes the labels in this screen. Table 52 Network > DHCP > Client List LABEL IP Address Host Name MAC Address Reserve Apply Refresh DESCRIPTION This is the index number of the host computer. This field displays the IP address relative to the # field listed above.
Page 137: Network Address Translation (Nat)
H A P T E R Network Address Translation This chapter discusses how to configure NAT on the NBG420N. 11.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet. For example, the source address of an outgoing packet, used within one network is changed to a different IP address known within another network.
Page 138: Configuring Servers Behind Port Forwarding Example
Chapter 11 Network Address Translation (NAT) Many residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location.
Page 139: Nat Application Screen
The following table describes the labels in this screen. Table 53 Network > NAT > General LABEL DESCRIPTION Enable Network Network Address Translation (NAT) allows the translation of an Internet protocol Address address used within one network (for example a private IP address used in a local Translation network) to a different IP address known within another network (for example a public IP address used on the Internet).
Page 140: Figure 91 Network > Nat > Application
Chapter 11 Network Address Translation (NAT) Figure 91 Network > NAT > Application The following table describes the labels in this screen. Table 54 NAT Application LABEL Game List Update A game list includes the pre-defined service name(s) and port number(s). You can File Path Browse...
Page 141: Game List Example
Table 54 NAT Application (continued) LABEL DESCRIPTION Port Type a port number(s) to be forwarded. To specify a range of ports, enter a hyphen (-) between the first port and the last port, such as 10-20. To specify two or more non-consecutive port numbers, separate them by a comma without spaces, such as 123,567.
Page 142: Trigger Port Forwarding
Chapter 11 Network Address Translation (NAT) Figure 92 Game List Example version=1 1;name=Battlefield 1942;port=14567,22000,23000-23009,27900,28900 2;name=Call of Duty;port=28960 3;name=Civilization IV;port=2056 4;name=Diablo I and II;port=6112-6119,4000 5;name=Doom 3;port=27666 6;name=F.E.A.R;port=27888 7;name=Final Fantasy XI;port=25,80,110,443,50000-65535 8;name=Guild Wars;port=6112,80 9;name=Half Life;port=6003,7002,27005,27010,27011,27015 10;name=Jedi Knight III: Jedi Academy;port=28060-28062,28070-28081 11;name=Need for Speed: Hot Pursuit 2;port=1230,8511- 8512,27900,28900,61200-61230 12;name=Neverwinter Nights;port=5120-5300,6500,27900,28900 13;name=Quake 2;port=27910...
Page 143: Two Points To Remember About Trigger Ports
Figure 93 Trigger Port Forwarding Process: Example 1 Jane requests a file from the Real Audio server (port 7070). 2 Port 7070 is a “trigger” port and causes the NBG420N to record Jane’s computer IP address. The NBG420N associates Jane's computer IP address with the "incoming" port range of 6970-7170.
Page 144: Figure 94 Network > Nat > Advanced
Chapter 11 Network Address Translation (NAT) Figure 94 Network > NAT > Advanced The following table describes the labels in this screen. Table 55 Network > NAT > Advanced LABEL Max NAT/Firewall Session Per User Port Triggering Rules Name DESCRIPTION Type a number ranging from 1 to 2048 to limit the number of NAT/firewall sessions that a host can create.
Page 145 Table 55 Network > NAT > Advanced LABEL DESCRIPTION Incoming Incoming is a port (or a range of ports) that a server on the WAN uses when it sends out a particular service. The NBG420N forwards the traffic with this port (or range of ports) to the client computer on the LAN that requested the service.
Page 146 Chapter 11 Network Address Translation (NAT) NBG420N User’s Guide...
Page 147: Dynamic Dns
H A P T E R 12.1 Dynamic DNS Introduction Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect.
Page 148: Figure 95 Dynamic Dns
Chapter 12 Dynamic DNS Figure 95 Dynamic DNS The following table describes the labels in this screen. Table 56 Dynamic DNS LABEL Enable Dynamic DNS Service Provider Dynamic DNS Type Host Name User Name Password Token Enable Wildcard Option Enable off line option IP Address Update Policy: Use WAN IP Address Dynamic DNS server...
Page 149 Table 56 Dynamic DNS LABEL Apply Reset NBG420N User’s Guide DESCRIPTION Click Apply to save your changes back to the NBG420N. Click Reset to begin configuring this screen afresh. Chapter 12 Dynamic DNS...
Page 150 Chapter 12 Dynamic DNS NBG420N User’s Guide...
Page 151: Security
Security Firewall (153) Content Filtering (161) IPSec VPN (165)
Page 153: Firewall
H A P T E R This chapter gives some background information on firewalls and explains how to get started with the NBG420N’s firewall. 13.1 Introduction to ZyXEL’s Firewall 13.1.1 What is a Firewall? Originally, the term “firewall” referred to a construction technique designed to prevent the spread of fire from one room to another.
Page 154: Guidelines For Enhancing Security With Your Firewall
Chapter 13 Firewall The NBG420N is installed between the LAN and a broadband modem connecting to the Internet. This allows it to act as a secure gateway for all data passing between the Internet and the LAN. The NBG420N has one Ethernet WAN port and four Ethernet LAN ports, which are used to physically separate the network into two areas.The WAN (Wide Area Network) port attaches to the broadband (cable or DSL) modem to the Internet.
Page 155: General Firewall Screen
1 A computer on the LAN initiates a connection by sending a SYN packet to a receiving server on the WAN. 2 The NBG420N reroutes the packet to Gateway A, which is in Subnet 2. 3 The reply from the WAN goes to the NBG420N. 4 The NBG420N then sends it to the computer on the LAN in Subnet 1.
Page 156: Services Screen
Chapter 13 Firewall Table 57 Security > Firewall > General LABEL Apply Reset 13.4 Services Screen Click Security > Firewall > Services. The screen appears as shown next. If an outside user attempts to probe an unsupported port on your NBG420N, an ICMP response packet is automatically returned.
Page 157: The Add Firewall Rule Screen
Table 58 Security > Firewall > Services LABEL DESCRIPTION Do not respond to Select this option to prevent hackers from finding the NBG420N by probing for requests for unused ports. If you select this option, the NBG420N will not respond to port unauthorized request(s) for unused ports, thus leaving the unused ports and the NBG420N services...
Page 158: Figure 99 Security > Firewall > Services > Adding A Rule
Chapter 13 Firewall Figure 99 Security > Firewall > Services > Adding a Rule The following table describes the labels in this screen. Table 59 Security > Firewall > Services > Adding a Rule LABEL Active Address Type IP Address Start IP Address End IP Address IP Pool List...
Page 159 Table 59 Security > Firewall > Services > Adding a Rule LABEL DESCRIPTION Available Services This is a list of pre-defined services (ports) you may prohibit your LAN computers from using. Select the port you want to block using the drop-down list and click Add to add the port to the Blocked Services field.
Page 160 Chapter 13 Firewall NBG420N User’s Guide...
Page 161: Content Filtering
H A P T E R This chapter provides a brief overview of content filtering using the embedded web GUI. 14.1 Introduction to Content Filtering Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering is the ability to block certain web features or specific URL keywords.
Page 162: Figure 100 Security > Content Filter > Filter
Chapter 14 Content Filtering Figure 100 Security > Content Filter > Filter The following table describes the labels in this screen. Table 60 Security > Content Filter > Filter LABEL Trusted Computer IP Address Restrict Web Features ActiveX Java Cookies Web Proxy Keyword Blocking Enable URL...
Page 163: Schedule
Table 60 Security > Content Filter > Filter LABEL DESCRIPTION Keyword Type a keyword in this field. You may use any character (up to 64 characters). Wildcards are not allowed. You can also enter a numerical IP address. Keyword List This list displays the keywords already added.
Page 164: Customizing Keyword Blocking Url Checking
Chapter 14 Content Filtering Table 61 Security > Content Filter > Schedule LABEL Apply Reset 14.6 Customizing Keyword Blocking URL Checking You can use commands to set how much of a website’s URL the content filter is to check for keyword blocking.
Page 165: Ipsec Vpn
H A P T E R 15.1 IPSec VPN Overview A virtual private network (VPN) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing. It is used to transport traffic over the Internet or any insecure network that uses TCP/IP for communication.
Page 166: What You Need To Know About Ipsec Vpn
Chapter 15 IPSec VPN 15.1.2 What You Need To Know About IPSec VPN A VPN tunnel is usually established in two phases. Each phase establishes a security association (SA), a contract indicating what security parameters the NBG420N and the remote IPSec router will use.
Page 167: Ipsec Sa (Ike Phase 2) Overview
You can usually provide a static IP address or a domain name for the remote IPSec router as well. Sometimes, you might not know the IP address of the remote IPSec router (for example, telecommuters). In this case, you can still set up the IKE SA, but only the remote IPSec router can initiate an IKE SA.
Page 168: Vpn Rule Setup (Basic)
Chapter 15 IPSec VPN The following table describes the fields in this screen. Table 62 Security > VPN > General LABEL DESCRIPTION This is the VPN policy index number. Active This field displays whether the VPN policy is active or not. This icon is turned on when the rule is enabled.
Page 169: Figure 105 Ipsec Fields Summary
Chapter 15 IPSec VPN Figure 105 IPSec Fields Summary Use this screen to configure a VPN rule. Figure 106 Security > VPN > General > Rule Setup: IKE (Basic) NBG420N User’s Guide...
Page 170: Table 63 Security > Vpn > Rule Setup: Ike (Basic)
Chapter 15 IPSec VPN The following table describes the labels in this screen. Table 63 SECURITY > VPN > Rule Setup: IKE (Basic) LABEL Property Active Keep Alive NAT Traversal IPSec Keying Mode DNS Server (for IPSec VPN) Local Policy Local Address Local Address End /Mask...
Page 171 Table 63 SECURITY > VPN > Rule Setup: IKE (Basic) (continued) LABEL DESCRIPTION Remote Policy Remote IP addresses must be static and correspond to the remote IPSec router's configured local IP addresses. The remote fields do not apply when the Secure Gateway IP Address field is configured to 0.0.0.0.
Page 172 Chapter 15 IPSec VPN Table 63 SECURITY > VPN > Rule Setup: IKE (Basic) (continued) LABEL Secure Gateway Address Peer ID Type Peer Content IPSec Algorithm Encapsulation Mode IPSec Protocol DESCRIPTION Type the WAN IP address or the domain name (up to 31 characters) of the IPSec router with which you're making the VPN connection.
Page 173: Vpn Rule Setup (Advanced)
Table 63 SECURITY > VPN > Rule Setup: IKE (Basic) (continued) LABEL DESCRIPTION Pre-Shared Key Type your pre-shared key in this field. A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. It is called "pre-shared" because you have to share it with another party before you can communicate with them over a secure connection.
Page 174: Figure 107 Security > Vpn > General > Rule Setup: Ike (Advanced)
Chapter 15 IPSec VPN Figure 107 Security > VPN > General > Rule Setup: IKE (Advanced) NBG420N User’s Guide...
Page 175: Table 64 Security > Vpn > Rule Setup: Ike (Advanced)
The following table describes the labels in this screen. Table 64 Security > VPN > Rule Setup: IKE (Advanced) LABEL DESCRIPTION Property Active Select this check box to activate this VPN policy. Keep Alive Select this check box to have the NBG420N automatically reinitiate the SA after the SA lifetime times out, even if there is no traffic.
Page 176 Chapter 15 IPSec VPN Table 64 Security > VPN > Rule Setup: IKE (Advanced) (continued) LABEL Local Address End / Mask Local Port Start Local Port End Remote Policy Remote Address Remote Address End /Mask Remote Port Start Remote Port End Authentication Method My IP Address...
Page 177 Table 64 Security > VPN > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Local Content When you select IP in the Local ID Type field, type the IP address of your computer in the Local Content field. The NBG420N automatically uses the IP address in the My IP Address field (refer to the My IP Address field description) if you configure the Local Content field to 0.0.0.0 or leave it blank.
Page 178 Chapter 15 IPSec VPN Table 64 Security > VPN > Rule Setup: IKE (Advanced) (continued) LABEL IKE Phase 1 Negotiation Mode Encryption Algorithm Select which key size and encryption algorithm to use in the IKE SA. Choices Authentication Algorithm SA Life Time (Seconds) Key Group Pre-Shared Key...
Page 179: Vpn Rule Setup (Manual)
Table 64 Security > VPN > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Authentication Select which hash algorithm to use to authenticate packet data in the IPSec SA. Algorithm Choices are SHA1 and MD5. SHA1 is generally considered stronger than MD5, but it is also slower.
Page 180: Figure 108 Security > Vpn > General > Rule Setup: Manual
Chapter 15 IPSec VPN 15.2.3.3 Authentication and the Security Parameter Index (SPI) For authentication, the NBG420N and remote IPSec router use the SPI, instead of pre-shared keys, ID type and content. The SPI is an identification number. Note: The NBG420N and remote IPSec router must use the same SPI. Figure 108 Security >...
Page 181 Table 65 Security > VPN > Rule Setup: Manual (continued) LABEL DESCRIPTION IPSec Keying Select IKE or Manual from the drop-down list box. IKE provides more protection Mode so it is generally recommended. Manual is a useful option for troubleshooting if you have problems using IKE key management.
Page 182 Chapter 15 IPSec VPN Table 65 Security > VPN > Rule Setup: Manual (continued) LABEL DESCRIPTION Remote Address For a single IP address, enter a (static) IP address on the network behind the remote IPSec router. For a specific range of IP addresses, enter the beginning (static) IP address, in a range of computers on the network behind the remote IPSec router.
Page 183: The Sa Monitor Screen
Table 65 Security > VPN > Rule Setup: Manual (continued) LABEL DESCRIPTION Enable Replay As a VPN setup is processing intensive, the system is vulnerable to Denial of Detection Service (DoS) attacks The IPSec receiver can detect and reject old or duplicate packets to protect against replay attacks.
Page 184: Vpn And Remote Management
Chapter 15 IPSec VPN The following table describes the labels in this screen. Table 66 Security > VPN > SA Monitor LABEL Name Encapsulation IPSec Algorithm Refresh 15.4 VPN and Remote Management You can allow someone to use a service (like Telnet or HTTP) through a VPN tunnel to manage the NBG420N.
Page 185: Ipsec Vpn Technical Reference
15.5 IPSec VPN Technical Reference IKE SA Proposal The IKE SA proposal is used to identify the encryption algorithm, authentication algorithm, and Diffie-Hellman (DH) key group that the NBG420N and remote IPSec router use in the IKE SA. In main mode, this is done in steps 1 and 2, as illustrated below. Figure 111 IKE SA: Main Negotiation Mode, Steps 1 - 2: IKE SA Proposal The NBG420N sends a proposal to the remote IPSec router.
Page 186: Figure 113 Ike Sa: Main Negotiation Mode, Steps 5 - 6: Authentication
Chapter 15 IPSec VPN Authentication Before the NBG420N and remote IPSec router establish an IKE SA, they have to verify each other’s identity. This process is based on pre-shared keys and router identities. In main mode, the NBG420N and remote IPSec router authenticate each other in steps 5 and 6, as illustrated below.
Page 187: Table 68 Vpn Example: Mismatching Id Type And Content
In the following example, the ID type and content do not match so the authentication fails and the NBG420N and the remote IPSec router cannot establish an IKE SA. Table 68 VPN Example: Mismatching ID Type and Content NBG420N Local ID type: E-mail Local ID content: tom@yourcompany.com Peer ID type: IP Peer ID content:...
Page 188: Figure 114 Vpn/Nat Example
Chapter 15 IPSec VPN Figure 114 VPN/NAT Example If router A does NAT, it might change the IP addresses, port numbers, or both. If router X and router Y try to establish a VPN tunnel, the authentication fails because it depends on this information.
Page 189: Figure 115 Vpn: Transport And Tunnel Mode Encapsulation
These modes are illustrated below. Figure 115 VPN: Transport and Tunnel Mode Encapsulation Original Packet Transport Mode Packet Tunnel Mode Packet In tunnel mode, the NBG420N uses the IPSec protocol to encapsulate the entire IP packet. As a result, there are two IP headers: •...
Page 190: Additional Ipsec Vpn Topics
Chapter 15 IPSec VPN Additional IPSec VPN Topics This section discusses other IPSec VPN topics that apply to either IKE SAs or IPSec SAs or both. Relationships between the topics are also highlighted. SA Life Time SAs have a lifetime that specifies how long the SA lasts until it times out. When an SA times out, the NBG420N automatically renegotiates the SA in the following situations: •...
Page 191: Figure 116 Private Dns Server Example
Chapter 15 IPSec VPN The following figure depicts an example where one VPN tunnel is created from an NBG420N at branch office (B) to headquarters (HQ). In order to access computers that use private domain names on the HQ network, the NBG420N at B uses the Intranet DNS server in headquarters.
Page 192 Chapter 15 IPSec VPN NBG420N User’s Guide...
Page 193: Management
Management Static Route Screens (195) Bandwidth Management (199) Remote Management (209) Universal Plug-and-Play (UPnP) (215)
Page 195: Static Route Screens
H A P T E R This chapter shows you how to configure static routes for your NBG420N. 16.1 Static Route Overview The NBG420N usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the NBG420N send data to devices not reachable through the default gateway, use static routes.
Page 196: Static Route Setup Screen
Chapter 16 Static Route Screens Figure 118 Management > Static Route > IP Static Route The following table describes the labels in this screen. Table 69 Management > Static Route > IP Static Route LABEL Name Active Destination Gateway Modify 16.2.1 Static Route Setup Screen To edit a static route, click the edit icon under Modify.
Page 197: Figure 119 Management > Static Route > Ip Static Route: Static Route Setup
Figure 119 Management > Static Route > IP Static Route: Static Route Setup The following table describes the labels in this screen. Table 70 Management > Static Route > IP Static Route: Static Route Setup LABEL DESCRIPTION Route Name Enter the name of the IP static route. Leave this field blank to delete this static route.
Page 198 Chapter 16 Static Route Screens NBG420N User’s Guide...
Page 199: Bandwidth Management
H A P T E R Bandwidth Management This chapter contains information about configuring bandwidth management, editing rules and viewing the NBG420N’s bandwidth management logs. 17.1 Bandwidth Management Overview ZyXEL’s Bandwidth Management allows you to specify bandwidth management rules based on an application and/or subnet.
Page 200: Application And Subnet-Based Bandwidth Management
Chapter 17 Bandwidth Management The following figure shows LAN subnets. You could configure one bandwidth class for subnet A and another for subnet B. Figure 120 Subnet-based Bandwidth Management Example 17.4 Application and Subnet-based Bandwidth Management You could also create bandwidth classes based on a combination of a subnet and an application.
Page 201: Predefined Bandwidth Management Services
Table 72 Bandwidth Management Priorities PRIORITY LEVELS: TRAFFIC WITH A HIGHER PRIORITY GETS THROUGH FASTER WHILE TRAFFIC WITH A LOWER PRIORITY IS DROPPED IF THE NETWORK IS CONGESTED. 17.6 Predefined Bandwidth Management Services The following is a description of the services that you can select and to which you can apply media bandwidth management using the wizard screens.
Page 202: Default Bandwidth Management Classes And Priorities
Chapter 17 Bandwidth Management 17.7 Default Bandwidth Management Classes and Priorities If you enable bandwidth management but do not configure a rule for critical traffic like VoIP, the voice traffic may then get delayed due to insufficient bandwidth. With the automatic traffic classifier feature activated, the NBG420N automatically assigns a default bandwidth management class and priority to traffic that does not match any of the user-defined rules.
Page 203: Bandwidth Management Advanced Configuration
The following table describes the labels in this screen. Table 75 Management > Bandwidth MGMT > General LABEL DESCRIPTION Enable Bandwidth Select this check box to have the NBG420N apply bandwidth management. Management Enable bandwidth management to give traffic that matches a bandwidth rule priority over traffic that does not match a bandwidth rule.
Page 204: Table 76 Management > Bandwidth Mgmt > Advanced
Chapter 17 Bandwidth Management The following table describes the labels in this screen. Table 76 Management > Bandwidth MGMT > Advanced LABEL Check my upstream bandwidth Upstream Bandwidth (kbps) Application List Enable Service Priority Advanced Setting User-defined Service Enable Direction Service Name Priority Modify...
Page 205: Rule Configuration With The Pre-Defined Service
17.9.1 Rule Configuration with the Pre-defined Service To edit a bandwidth management rule for the pre-defined service in the NBG420N, click the Edit icon in the Application List table of the Advanced screen. The following screen displays. Figure 123 Bandwidth Management Rule Configuration: Pre-defined Service The following table describes the labels in this screen.
Page 206: Bandwidth Management Monitor
Chapter 17 Bandwidth Management Figure 124 Management > Bandwidth MGMT > Advanced: User-defined Service Rule Configuration The following table describes the labels in this screen Table 78 Management > Bandwidth MGMT > Advanced: User-defined Service Rule Configuration LABEL BW Budget Destination Address Destination...
Page 207: Figure 125 Management > Bandwidth Mgmt > Monitor
Chapter 17 Bandwidth Management Figure 125 Management > Bandwidth MGMT > Monitor NBG420N User’s Guide...
Page 208 Chapter 17 Bandwidth Management NBG420N User’s Guide...
Page 209: Remote Management
H A P T E R This chapter provides information on the Remote Management screens. 18.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which NBG420N interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
Page 210: Remote Management And Nat
Chapter 18 Remote Management 1 You have disabled that service in one of the remote management screens. 2 The IP address in the Secured Client IP Address field does not match the client IP address. If it does not match, the NBG420N will disconnect the session immediately. 3 There is already another remote management session with an equal or higher priority running.
Page 211: Telnet
LABEL DESCRIPTION Secured Client IP A secured client is a “trusted” computer that is allowed to communicate with the Address NBG420N using this service. Select All to allow any computer to access the NBG420N using this service. Choose Selected to just allow the computer with the IP address that you specify to access the NBG420N using this service.
Page 212: Ftp Screen
Chapter 18 Remote Management 18.5 FTP Screen You can use FTP (File Transfer Protocol) to upload and download the NBG420N’s firmware and configuration files. To use this feature, your computer must have an FTP client. To change your NBG420N’s FTP settings, click Management > Remote MGMT > FTP. The screen appears as shown.
Page 213: Figure 129 Management > Remote Mgmt > Dns
Figure 129 Management > Remote MGMT > DNS The following table describes the labels in this screen. Table 82 Management > Remote MGMT > DNS LABEL DESCRIPTION Server Port The DNS service port number is 53 and cannot be changed here. Server Access Select the interface(s) through which a computer may send DNS queries to the NBG420N.
Page 214 Chapter 18 Remote Management NBG420N User’s Guide...
Page 215: Universal Plug-And-Play (Upnp)
H A P T E R Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 19.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
Page 216: Upnp And Zyxel
Chapter 19 Universal Plug-and-Play (UPnP) When a UPnP device joins a network, it announces its presence with a multicast message. For security reasons, the NBG420N allows multicast messages on the LAN only. All UPnP-enabled devices may communicate freely with each other without additional configuration.
Page 217: Installing Upnp In Windows Example
Table 83 Management > UPnP > General LABEL Apply Reset 19.4 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP. 19.4.0.1 Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me. 1 Click Start and Control Panel.
Page 218: Figure 132 Add/Remove Programs: Windows Setup: Communication: Components
Chapter 19 Universal Plug-and-Play (UPnP) Figure 132 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel.
Page 219: Figure 134 Windows Optional Networking Components Wizard
Figure 134 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Figure 135 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. NBG420N User’s Guide Chapter 19 Universal Plug-and-Play (UPnP)
Page 220: Figure 136 Network Connections
Chapter 19 Universal Plug-and-Play (UPnP) 19.4.0.2 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the NBG420N. Make sure the computer is connected to a LAN port of the NBG420N.
Page 221: Figure 137 Internet Connection Properties
Chapter 19 Universal Plug-and-Play (UPnP) Figure 137 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings. NBG420N User’s Guide...
Page 222: Figure 138 Internet Connection Properties: Advanced Settings
Chapter 19 Universal Plug-and-Play (UPnP) Figure 138 Internet Connection Properties: Advanced Settings Figure 139 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Page 223: Figure 140 System Tray Icon
Figure 140 System Tray Icon 7 Double-click on the icon to display your current Internet connection status. Figure 141 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the NBG420N without finding out the IP address of the NBG420N first.
Page 224: Figure 142 Network Connections
Chapter 19 Universal Plug-and-Play (UPnP) Figure 142 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your NBG420N and select Invoke. The web configurator login screen displays. NBG420N User’s Guide...
Page 225: Figure 143 Network Connections: My Network Places
Chapter 19 Universal Plug-and-Play (UPnP) Figure 143 Network Connections: My Network Places 6 Right-click on the icon for your NBG420N and select Properties. A properties window displays with basic information about the NBG420N. Figure 144 Network Connections: My Network Places: Properties: Example NBG420N User’s Guide...
Page 226 Chapter 19 Universal Plug-and-Play (UPnP) NBG420N User’s Guide...
Page 227: Maintenance And Troubleshooting
Maintenance and Troubleshooting System (229) Logs (233) Tools (251) Configuration Mode (257) Sys Op Mode (259) Language (263) Troubleshooting (265)
Page 229: System
H A P T E R This chapter provides information on the System screens. 20.1 System Overview See the chapter about wizard setup for more information on the next few screens. 20.2 System General Screen Click Maintenance > System. The following screen displays. Figure 145 Maintenance >...
Page 230: Time Setting Screen
Chapter 20 System Table 84 Maintenance > System > General LABEL Administrator Inactivity Timer Password Setup Old Password New Password Retype to Confirm Apply Reset 20.3 Time Setting Screen To change your NBG420N’s time and date, click Maintenance > System > Time Setting. The screen appears as shown.
Page 231: Table 85 Maintenance > System > Time Setting
The following table describes the labels in this screen. Table 85 Maintenance > System > Time Setting LABEL DESCRIPTION Current Time and Date Current Time This field displays the time of your NBG420N. Each time you reload this page, the NBG420N synchronizes the time with the time server.
Page 232 Chapter 20 System Table 85 Maintenance > System > Time Setting LABEL End Date Apply Reset DESCRIPTION Configure the day and time when Daylight Saving Time ends if you selected Daylight Savings. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the last Sunday of October.
Page 233: Logs
H A P T E R This chapter contains information about configuring general log settings and viewing the NBG420N’s logs. Refer to the appendices for example log message explanations. 21.1 View Log The web configurator allows you to look at all of the NBG420N’s logs in one location. Click Maintenance >...
Page 234: Log Settings
Chapter 21 Logs The following table describes the labels in this screen. Table 86 Maintenance > Logs > View Log LABEL Display Email Log Now Refresh Clear Log Time Message Source Destination Note 21.2 Log Settings You can configure the NBG420N’s general log settings in one location. Click Maintenance >...
Page 235: Figure 148 Maintenance > Logs > Log Settings
Figure 148 Maintenance > Logs > Log Settings The following table describes the labels in this screen. Table 87 Maintenance > Logs > Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
Page 236 Chapter 21 Logs Table 87 Maintenance > Logs > Log Settings LABEL Send Alerts To SMTP Authentication User Name Password Log Schedule Day for Sending Log Use the drop down list box to select which day of the week to send the logs. Time for Sending Clear log after sending mail...
Page 237: Log Descriptions
21.3 Log Descriptions This section provides descriptions of example log messages. Table 88 System Maintenance Logs LOG MESSAGE Time calibration is successful Time calibration failed WAN interface gets IP:%s DHCP client IP expired DHCP server assigns%s Successful WEB login WEB login failed Successful TELNET login TELNET login failed Successful FTP login...
Page 238: Table 89 System Error Logs
Chapter 21 Logs Table 89 System Error Logs LOG MESSAGE %s exceeds the max. number of session per host! setNetBIOSFilter: calloc error readNetBIOSFilter: calloc error WAN connection is down. Table 90 Access Control Logs LOG MESSAGE Firewall default policy: [TCP | UDP | IGMP | ESP | GRE | OSPF] <Packet Direction>...
Page 239: Table 92 Packet Filter Logs
Table 91 TCP Reset Logs (continued) LOG MESSAGE Firewall session time out, sent TCP RST Exceed MAX incomplete, sent TCP RST Access block, sent TCP Table 92 Packet Filter Logs LOG MESSAGE [TCP | UDP | ICMP | IGMP | Generic] packet filter matched (set:%d, rule:%d) Table 93 ICMP Logs...
Page 240: Table 94 Cdr Logs
Chapter 21 Logs Table 94 CDR Logs LOG MESSAGE board%d line%d channel%d, call%d,%s C01 Outgoing Call dev=%x ch=%x%s board%d line%d channel%d, call%d,%s C02 OutCall Connected%d%s board%d line%d channel%d, call%d,%s C02 Call Terminated Table 95 PPP Logs LOG MESSAGE ppp:LCP Starting ppp:LCP Opening ppp:CHAP Opening ppp:IPCP...
Page 241: Table 98 Attack Logs
Table 97 Content Filtering Logs (continued) LOG MESSAGE %s: Proxy mode detected %s:%s %s(cache hit) %s:%s(cache hit) %s: Trusted Web site Waiting content filter server timeout DNS resolving failed Creating socket failed The NBG420N cannot issue a query because TCP/IP socket creation Connecting to content filter server fail License key is invalid The external content filtering license key is invalid.
Page 242: Table 99 Ipsec Logs
Chapter 21 Logs Table 98 Attack Logs (continued) LOG MESSAGE teardrop UDP teardrop ICMP (type:%d, code:%d) illegal command TCP NetBIOS TCP ip spoofing - no routing entry [TCP | UDP | IGMP | ESP | GRE | OSPF] ip spoofing - no routing entry ICMP (type:%d, code:%d) vulnerability ICMP...
Page 243 Table 100 IKE Logs (continued) LOG MESSAGE Verifying Local ID failed: IKE Packet Retransmit Failed to send IKE Packet Too many errors! Deleting SA Phase 1 IKE SA process done Duplicate requests with the same cookie IKE Negotiation is in process The router has already started negotiating with the peer for No proposal chosen Local / remote IPs of incoming request conflict...
Page 244 Chapter 21 Logs Table 100 IKE Logs (continued) LOG MESSAGE No known phase 1 ID type found ID type mismatch. Local / Peer: <Local ID type/Peer ID type> ID content mismatch Configured Peer ID Content: <Configured Peer ID Content> Incoming ID Content: <Incoming Peer ID Content>...
Page 245: Table 101 Pki Logs
Table 100 IKE Logs (continued) LOG MESSAGE Rule [%d] Phase 1 ID mismatch The listed rule’s IKE phase 1 ID did not match between the Rule [%d] Phase 1 hash mismatch Rule [%d] Phase 1 preshared key mismatch Rule [%d] Tunnel built successfully Rule [%d] Peer's public key not found...
Page 246: Table 102 802.1X Logs
Chapter 21 Logs Table 101 PKI Logs (continued) LOG MESSAGE Rcvd user cert: <subject name> Rcvd CRL <size>: <issuer name> Rcvd ARL <size>: <issuer name> Failed to decode the received ca cert Failed to decode the received user cert Failed to decode the received CRL Failed to decode the received ARL...
Page 247: Table 103 Acl Setting Notes
Table 102 802.1X Logs (continued) LOG MESSAGE User logout because of user deassociation. User logout because of no authentication response from user. User logout because of idle timeout expired. User logout because of user request. Local User Database does not support authentication method.
Page 248: Table 105 Syslog Logs
Chapter 21 Logs Table 104 ICMP Notes (continued) TYPE CODE Table 105 Syslog Logs LOG MESSAGE <Facility*8 + Severity>Mon dd hr:mm:ss hostname src="<srcIP:srcPort>" dst="<dstIP:dstPort>" msg="<msg>" note="<note>" devID="<mac address last three numbers>" cat="<category> DESCRIPTION Source route failed Source Quench A gateway may discard internet datagrams if it does not have the buffer space needed to queue the datagrams for output to the next network on the route to the destination network.
Page 249: Table 106 Rfc-2408 Isakmp Payload Types
The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC for detailed information on each type. Table 106 RFC-2408 ISAKMP Payload Types LOG DISPLAY PROP TRANS CER_REQ HASH NONCE NOTFY NBG420N User’s Guide PAYLOAD TYPE Security Association Proposal...
Page 250 Chapter 21 Logs NBG420N User’s Guide...
Page 251: Tools
H A P T E R This chapter shows you how to upload a new firmware, upload or save backup configuration files and restart the NBG420N. 22.1 Firmware Upload Screen Find firmware at www.zyxel.com “*.bin” extension, e.g., “NBG420N.bin”. The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes.
Page 252: Configuration Screen
Chapter 22 Tools Figure 150 Upload Warning The NBG420N automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 151 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen. If the upload was not successful, the following screen will appear.
Page 253: Backup Configuration
Figure 153 Maintenance > Tools > Configuration 22.2.1 Backup Configuration Backup configuration allows you to back up (save) the NBG420N’s current configuration to a file on your computer. Once your NBG420N is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes.
Page 254: Back To Factory Defaults
Chapter 22 Tools Figure 154 Configuration Restore Successful The NBG420N automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 155 Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default NBG420N IP address (192.168.1.1).
Page 255: Wake On Lan
Click Maintenance > Tools > Restart. Click Restart to have the NBG420N reboot. This does not affect the NBG420N's configuration. Figure 157 Maintenance > Tools > Restart 22.4 Wake On LAN Wake On LAN (WoL) allows you to remotely turn on a device on the network. To use this feature the remote hardware (for example the network adapter on your computer) must support Wake On LAN using the “Magic Packet”...
Page 256 Chapter 22 Tools NBG420N User’s Guide...
Page 257: Configuration Mode
H A P T E R Click Maintenance > Config Mode to open the following screen. This screen allows you to hide or display the advanced screens of some features or the advanced features, such as MAC filter or static route. Basic is selected by default and you cannot see the advanced screens or features.
Page 258: Table 111 Advanced Configuration Options
Chapter 23 Configuration Mode Table 111 Advanced Configuration Options CATEGORY Network Security Management Maintenance In AP Mode many screens will not be available. See more information. LINK Wireless LAN MAC Filter Advanced Scheduling Advanced IP Alias Advanced DHCP Server Advanced Advanced Firewall Services...
Page 259: Sys Op Mode
H A P T E R 24.1 Overview The Sys Op Mode (System Operation Mode) function lets you configure whether your NBG420N is a router or AP. You can choose between Router Mode and AP Mode depending on your network topology and the features you require from your device. See page 31 for more information on which mode to choose.
Page 260: Selecting System Operation Mode
Chapter 24 Sys Op Mode Figure 161 IP Address in AP Mode 24.2 Selecting System Operation Mode Use this screen to select how you connect to the Internet. Figure 162 Maintenance > Sys OP Mode > General If you select Router Mode, the following pop-up message window appears. Figure 163 Maintenance >...
Page 261: Figure 164 Maintenance > Sys Op Mode > General: Ap
Figure 164 Maintenance > Sys Op Mode > General: AP • In AP Mode all Ethernet ports have the same IP address. • All ports on the rear panel of the device are LAN ports, including the port labeled WAN. There is no WAN port.
Page 262 Chapter 24 Sys Op Mode NBG420N User’s Guide...
Page 263: Language
H A P T E R Use this screen to change the language for the web configurator display. 25.1 Language Screen Click the language you prefer. The web configurator language changes after a while without restarting the NBG420N. Figure 165 Language NBG420N User’s Guide Language...
Page 264 Chapter 25 Language NBG420N User’s Guide...
Page 265: Troubleshooting
H A P T E R This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • NBG420N Access and Login • Internet Access •...
Page 266: Nbg420N Access And Login
Chapter 26 Troubleshooting 26.2 NBG420N Access and Login I don’t know the IP address of my NBG420N. 1 The default IP address is 192.168.1.1. 2 If you changed the IP address and have forgotten it, you might get the IP address of the NBG420N by looking up the IP address of the default gateway for your computer.
Page 267 2 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide. 3 Make sure your Internet browser does not block pop-up windows and has JavaScripts and Java enabled. See 4 Make sure your computer is in the same subnet as the NBG420N. (If you know that there are routers between your computer and the NBG420N, skip this step.) •...
Page 268: Internet Access
Chapter 26 Troubleshooting See the troubleshooting suggestions for configurator. Ignore the suggestions about your browser. 26.3 Internet Access I cannot access the Internet. 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide. 2 Make sure you entered your ISP account information correctly in the wizard.
Page 269: Resetting The Nbg420N To Its Factory Defaults
interfering with the wireless network (for example, microwaves, other wireless networks, and so on). 3 Reboot the NBG420N. 4 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions • Check the settings for bandwidth management. If it is disabled, you might consider activating it.
Page 270: Advanced Features
Chapter 26 Troubleshooting 4 Make sure your computer (with a wireless adapter installed) is within the transmission range of the NBG420N. 5 Check that both the NBG420N and your wireless station are using the same wireless and wireless security settings. 6 Make sure traffic between the WLAN and the LAN is not blocked by the firewall on the NBG420N.
Page 271: Appendices And Index
Appendices and Index Product Specifications and Wall-Mounting Instructions (273) Pop-up Windows, JavaScripts and Java Permissions (279) IP Addresses and Subnetting (285) Setting up Your Computer’s IP Address (293) Wireless LANs (309) Services (321) Legal Information (325) Customer Support (329) Index (335)
Page 273: Appendix A Product Specifications And Wall-Mounting Instructions
P P E N D I X Product Specifications and Wall- Mounting Instructions The following tables summarize the NBG420N’s hardware and firmware features. Table 113 Hardware Features Dimensions (W x D x H) Weight Power Specification Ethernet ports 4-5 Port Switch LEDs Reset Button WPS button...
Page 274: Table 114 Firmware Features
Appendix A Product Specifications and Wall-Mounting Instructions Table 114 Firmware Features FEATURE Default IP Address Default Subnet Mask Default Password DHCP Pool Wireless Interface Default Wireless SSID Default Wireless IP Address Wireless LAN: Same as LAN (192.168.1.1) Default Wireless Subnet Mask Default Wireless DHCP Pool Size...
Page 275: Table 115 Feature Specifications
Table 114 Firmware Features FEATURE IPSec VPN Bandwidth Management Wireless LAN Scheduler Time and Date Port Forwarding DHCP (Dynamic Host Configuration Protocol) Dynamic DNS Support IP Multicast IP Alias Logging and Tracing PPPoE PPTP Encapsulation Universal Plug and Play (UPnP) Table 115 Feature Specifications FEATURE Number of Static Routes...
Page 276: Table 116 Standards Supported
Appendix A Product Specifications and Wall-Mounting Instructions The following list, which is not exhaustive, illustrates the standards supported in the NBG420N. Table 116 Standards Supported STANDARD RFC 867 RFC 868 RFC 1058 RFC 1112 RFC 1305 RFC 1631 RFC 1723 RFC 2236 RFC 2516 RFC 2766...
Page 277: Figure 166 Wall-Mounting Example
Be careful to avoid damaging pipes or cables located inside the wall when drilling holes for the screws. 3 Do not screw the screws all the way into the wall. Leave a small gap of about 0.5 cm between the heads of the screws and the wall. 4 Make sure the screws are snugly fastened to the wall.
Page 278: Figure 167 Masonry Plug And M4 Tap Screw
Appendix A Product Specifications and Wall-Mounting Instructions Figure 167 Masonry Plug and M4 Tap Screw NBG420N User’s Guide...
Page 279: Appendix B Pop-Up Windows, Javascripts And Java Permissions
P P E N D I X Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Internet Explorer 6 screens are used here.
Page 280: Figure 169 Internet Options: Privacy
Appendix B Pop-up Windows, JavaScripts and Java Permissions 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 169 Internet Options: Privacy 3 Click Apply to save this setting. Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps.
Page 281: Figure 170 Internet Options: Privacy
Figure 170 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 171 Pop-up Blocker Settings NBG420N User’s Guide Appendix B Pop-up Windows, JavaScripts and Java Permissions...
Page 282: Figure 172 Internet Options: Security
Appendix B Pop-up Windows, JavaScripts and Java Permissions 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.
Page 283: Figure 173 Security Settings - Java Scripting
Figure 173 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window.
Page 284: Figure 175 Java (Sun)
Appendix B Pop-up Windows, JavaScripts and Java Permissions JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Figure 175 Java (Sun) NBG420N User’s Guide...
Page 285: Appendix C Ip Addresses And Subnetting
P P E N D I X IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network.
Page 286: Figure 176 Network Number And Host Id
Appendix C IP Addresses and Subnetting Figure 176 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation).
Page 287: Table 118 Subnet Masks
Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Table 118 Subnet Masks BINARY OCTET 8-bit mask 11111111 16-bit mask 11111111 24-bit mask 11111111...
Page 288: Figure 177 Subnetting Example: Before Subnetting
Appendix C IP Addresses and Subnetting Table 120 Alternative Subnet Mask Notation (continued) SUBNET MASK 255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.248 255.255.255.252 Subnetting You can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons.
Page 289: Figure 178 Subnetting Example: After Subnetting
Figure 178 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 2 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address).
Page 290: Table 122 Subnet 2
Appendix C IP Addresses and Subnetting Table 122 Subnet 2 IP/SUBNET MASK IP Address IP Address (Binary) Subnet Mask (Binary) Subnet Address: 192.168.1.64 Broadcast Address: 192.168.1.127 Table 123 Subnet 3 IP/SUBNET MASK IP Address IP Address (Binary) Subnet Mask (Binary) Subnet Address: 192.168.1.128 Broadcast Address:...
Page 291: Table 126 24-Bit Network Number Subnet Planning
Table 125 Eight Subnets (continued) SUBNET SUBNET ADDRESS Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 126 24-bit Network Number Subnet Planning NO. “BORROWED” HOST BITS The following table is a summary for subnet planning on a network with a 16-bit network number.
Page 292: Configuring Ip Addresses
Appendix C IP Addresses and Subnetting Table 127 16-bit Network Number Subnet Planning (continued) NO. “BORROWED” HOST BITS Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
Page 293: Appendix D Setting Up Your Computer's Ip Address
P P E N D I X Setting up Your Computer’s IP All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer.
Page 294: Figure 179 Windows 95/98/Me: Network: Configuration
Appendix D Setting up Your Computer’s IP Address Figure 179 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
Page 295: Figure 180 Windows 95/98/Me: Tcp/Ip Properties: Ip Address
Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • If your IP address is dynamic, select Obtain an IP address automatically. • If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields.
Page 296: Figure 181 Windows 95/98/Me: Tcp/Ip Properties: Dns Configuration
Appendix D Setting up Your Computer’s IP Address Figure 181 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window.
Page 297: Figure 182 Windows Xp: Start Menu
Figure 182 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 183 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. NBG420N User’s Guide Appendix D Setting up Your Computer’s IP Address...
Page 298: Figure 184 Windows Xp: Control Panel: Network Connections: Properties
Appendix D Setting up Your Computer’s IP Address Figure 184 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 185 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Page 299: Figure 186 Windows Xp: Internet Protocol (Tcp/Ip) Properties
Figure 186 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
Page 300: Figure 187 Windows Xp: Advanced Tcp/Ip Properties
Appendix D Setting up Your Computer’s IP Address Figure 187 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
Page 301: Figure 188 Windows Xp: Internet Protocol (Tcp/Ip) Properties
Figure 188 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT).
Page 302: Figure 189 Macintosh Os 8/9: Apple Menu
Appendix D Setting up Your Computer’s IP Address Figure 189 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 190 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: NBG420N User’s Guide...
Page 303: Figure 191 Macintosh Os X: Apple Menu
• From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your Prestige in the Router address box. 5 Close the TCP/IP Control Panel.
Page 304: Figure 192 Macintosh Os X: Network
Appendix D Setting up Your Computer’s IP Address Figure 192 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. •...
Page 305: Figure 193 Red Hat 9.0: Kde: Network Configuration: Devices
Make sure you are logged in as the root administrator. Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. 1 Click the Red Hat button (located on the bottom left corner), select System Setting and click Network.
Page 306: Figure 194 Red Hat 9.0: Kde: Ethernet Device: General
Appendix D Setting up Your Computer’s IP Address Figure 194 Red Hat 9.0: KDE: Ethernet Device: General • If you have a dynamic IP address click Automatically obtain IP address settings with and select dhcp from the drop down list. •...
Page 307: Figure 196 Red Hat 9.0: Kde: Network Configuration: Activate
Figure 196 Red Hat 9.0: KDE: Network Configuration: Activate 7 After the network card restart process is complete, make sure the Status is Active in the Network Configuration screen. Using Configuration Files Follow the steps below to edit the network configuration files and set your computer IP address.
Page 308: Verifying Settings
Appendix D Setting up Your Computer’s IP Address 2 If you know your DNS server IP address(es), enter the DNS server information in the resolv.conf two DNS server IP addresses are specified. Figure 199 Red Hat 9.0: DNS Settings in resolv.conf nameserver 172.23.5.1 nameserver 172.23.5.2 3 After you edit and save the configuration files, you must restart the network card.
Page 309: Appendix E Wireless Lans
P P E N D I X Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an Ad-hoc network or Independent Basic Service Set (IBSS).
Page 310: Figure 203 Basic Service Set
Appendix E Wireless LANs Figure 203 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN.
Page 311: Figure 204 Infrastructure Wlan
Figure 204 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference.
Page 312: Figure 205 Rts/Cts
Appendix E Wireless LANs Figure 205 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
Page 313: Table 128 Ieee 802.11G
If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Preamble Type A preamble is used to synchronize the transmission timing in your wireless network.
Page 314: Types Of Radius Messages
Appendix E Wireless LANs • User based identification that allows for roaming. • Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and accounting management on a network RADIUS server. • Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional authentication methods to be deployed with no changes to the access point or the wireless stations.
Page 315: Types Of Authentication
In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password, they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is also encrypted to protect the network from unauthorized access.
Page 316: Table 129 Comparison Of Eap Authentication Types
Appendix E Wireless LANs PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication.
Page 317 Key differences between WPA(2) and WEP are improved data encryption and user authentication. Encryption Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. In addition to TKIP, WPA2 also uses Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption.
Page 318: Wpa(2)-Psk Application Example
Appendix E Wireless LANs 26.6.2 WPA(2)-PSK Application Example A WPA(2)-PSK application looks as follows. 1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters (including spaces and symbols).
Page 319: Table 130 Wireless Security Relational Matrix
Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. MAC address filters are not dependent on how you configure these security features. Table 130 Wireless Security Relational Matrix AUTHENTICATION METHOD/ KEY MANAGEMENT PROTOCOL...
Page 320 Appendix E Wireless LANs NBG420N User’s Guide...
Page 321: Table 131 Examples Of Services
P P E N D I X The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like.
Page 322: Appendix F Services
Appendix F Services Table 131 Examples of Services (continued) NAME H.323 HTTP HTTPS ICMP IGMP (MULTICAST) User-Defined IMAP4 IMAP4S MSN Messenger NetBIOS NEW-ICQ NEWS NNTP PING POP3 POP3S PPTP PROTOCOL PORT(S) DESCRIPTION 1720 NetMeeting uses this protocol. Hyper Text Transfer Protocol - a client/ server protocol for the world wide web.
Page 323 Table 131 Examples of Services (continued) NAME PROTOCOL PPTP_TUNNEL User-Defined (GRE) RCMD REAL_AUDIO REXEC RLOGIN ROADRUNNER TCP/UDP RTELNET RTSP TCP/UDP SFTP SMTP SMTPS SNMP TCP/UDP SNMP-TRAPS TCP/UDP SQL-NET SSDP TCP/UDP STRM WORKS SYSLOG TACACS TELNET NBG420N User’s Guide Appendix F Services PORT(S) DESCRIPTION PPTP (Point-to-Point Tunneling Protocol)
Page 324 Appendix F Services Table 131 Examples of Services (continued) NAME TFTP VDOLIVE PROTOCOL PORT(S) DESCRIPTION Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). 7000 A videoconferencing solution.
Page 326 Appendix G Legal Information If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures: 1 Reorient or relocate the receiving antenna.
Page 327: Zyxel Limited Warranty
3 Select the certification you wish to view from this page. ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever...
Page 328 Appendix G Legal Information NBG420N User’s Guide...
Page 329: Appendix H Customer Support
• Sales E-mail: sales@zyxel.com.tw • Telephone: +886-3-578-3942 • Fax: +886-3-578-2439 • Web: www.zyxel.com, www.europe.zyxel.com • Regular Mail: ZyXEL Communications Corp., 6 Innovation Road II, Science Park, Hsinchu 300, Taiwan China - ZyXEL Communications (Beijing) Corp. • Support E-mail: cso.zycn@zyxel.cn • Sales E-mail: sales@zyxel.cn •...
Page 330 Czech Republic • E-mail: info@cz.zyxel.com • Telephone: +420-241-091-350 • Fax: +420-241-091-359 • Web: www.zyxel.cz • Regular Mail: ZyXEL Communications, Czech s.r.o., Modranská 621, 143 01 Praha 4 - Modrany, Ceská Republika Denmark • Support E-mail: support@zyxel.dk • Sales E-mail: sales@zyxel.dk •...
Page 331 Germany • Support E-mail: support@zyxel.de • Sales E-mail: sales@zyxel.de • Telephone: +49-2405-6909-69 • Fax: +49-2405-6909-99 • Web: www.zyxel.de • Regular Mail: ZyXEL Deutschland GmbH., Adenauerstr. 20/A2 D-52146, Wuerselen, Germany Hungary • Support E-mail: support@zyxel.hu • Sales E-mail: info@zyxel.hu • Telephone: +36-1-3361649 •...
Page 332 • Support Telephone: +1-800-978-7222 • Sales E-mail: sales@zyxel.com • Sales Telephone: +1-714-632-0882 • Fax: +1-714-632-0858 • Web: www.zyxel.com • Regular Mail: ZyXEL Communications Inc., 1130 N. Miller St., Anaheim, CA 92806- 2001, U.S.A. Norway • Support E-mail: support@zyxel.no • Sales E-mail: sales@zyxel.no •...
Page 333 • Support E-mail: support@zyxel.es • Sales E-mail: sales@zyxel.es • Telephone: +34-902-195-420 • Fax: +34-913-005-345 • Web: www.zyxel.es • Regular Mail: ZyXEL Communications, Arte, 21 5ª planta, 28033 Madrid, Spain Sweden • Support E-mail: support@zyxel.se • Sales E-mail: sales@zyxel.se • Telephone: +46-31-744-7700 •...
Page 334 • Sales E-mail: sales@zyxel.co.uk • Telephone: +44-1344-303044, 08707-555779 (UK only) • Fax: +44-1344-303034 • Web: www.zyxel.co.uk • FTP: ftp.zyxel.co.uk • Regular Mail: ZyXEL Communications UK Ltd., 11 The Courtyard, Eastern Road, Bracknell, Berkshire RG12 2XB, United Kingdom (UK) NBG420N User’s Guide...
Page 335: Index
active protocol and encapsulation ActiveX address resolution protocol (ARP) and transport mode Alert alternative subnet mask notation any IP note AP (Access Point) AP Mode menu overview status screen AP network Asymmetrical routes and IP alias see also triangle routes authentication algorithms 185, 190 and active protocol...
Page 336 Index DNS server see also Domain name system DNS (Domain Name System) DNS Server For VPN Host DNS server Domain name vs host name. see also system name Domain Name System duplex setting 42, 68 Dynamic DNS Dynamic Host Configuration Protocol Dynamic WEP Key Exchange DynDNS Wildcard EAP Authentication...
Page 337 SA life time IKE SA. See also VPN. Independent Basic Service Set Install UPnP Windows Me Windows XP Internet Assigned Numbers Authority See IANA Internet connection Ethernet PPPoE. see also PPP over Ethernet PPTP WAN connection Internet connection wizard Internet Group Multicast Protocol Internet Protocol Security.
Page 338 Index and VPN overview port forwarding see also Network Address Translation server sets NAT session NAT Traversal NAT traversal Navigation Panel 42, 68 navigation panel 42, 68 NetBIOS 125, 132 see also Network Basic Input/Output System Network Address Translation 137, 139 Network Basic Input/Output System Operating Channel 41, 67...
Page 339 Scheduling security associations. See VPN. Security Parameters Service and port numbers Service Set Service Set IDentification Service Set IDentity. See SSID. services and port numbers and protocols Session Initiated Protocol Simple Mail Transfer Protocol SMTP SNMP SSID 41, 67, 89, 95 Static DHCP Static Route Status...
Page 340 Index Overview Web configurator navigating web configurator Web Proxy WEP Encryption WEP encryption WEP key Wi-Fi Multimedia QoS Wildcard Windows Networking Wireless association list wireless channel wireless LAN wireless LAN scheduling Wireless LAN wizard Wireless network basic guidelines channel encryption example MAC address filter overview...

This manual is also suitable for:

Nbg-420n - v3.60

ZyXEL Communications ZyXEL NBG420N User Manual

Chapter 1 Getting to Know Your NBG420N

Chapter 2 The WPS Button

Chapter 3 Introducing the Web Configurator

Chapter 4 Connection Wizard

Chapter 5 AP Mode

Chapter 6 Tutorials

Chapter 7 Wireless LAN

Chapter 8 WAN

Chapter 9 LAN

Chapter 10 DHCP

Chapter 11 Network Address Translation (NAT)

Chapter 12 Dynamic DNS

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications ZyXEL NBG420N

Summary of Contents for ZyXEL Communications ZyXEL NBG420N