Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan.
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. Warnings tell you about things that could harm you or your device. Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.
Page 5
Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The NBG420N icon is not an exact representation of your device. NBG420N Server Telephone Modem NBG420N User’s Guide Computer Notebook computer DSLAM Firewall Switch Router Document Conventions...
Safety Warnings For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. •...
Introduction ... 29 Getting to Know Your NBG420N ... 31 The WPS Button ... 35 Introducing the Web Configurator ... 37 Connection Wizard ... 49 AP Mode ... 65 Tutorials ... 73 Network ... 87 Wireless LAN ... 89 WAN ...117 LAN ...
About This User's Guide ... 3 Document Conventions... 4 Safety Warnings... 6 Contents Overview ... 9 Table of Contents... 11 List of Figures ... 19 List of Tables... 25 Part I: Introduction... 29 Chapter 1 Getting to Know Your NBG420N... 31 1.1 Overview ...
Page 12
Table of Contents 3.5.2 Summary: Any IP Table ... 44 3.5.3 Summary: Bandwidth Management Monitor 3.5.4 Summary: DHCP Table 3.5.5 Summary: Packet Statistics 3.5.6 Summary: VPN Monitor ... 47 3.5.7 Summary: Wireless Station Status Chapter 4 Connection Wizard ... 49 4.1 Wizard Setup ...
Page 13
6.1.1 How to Connect to the Internet from an AP ... 73 6.1.2 Configure Wireless Security Using WPS on both your NBG420N and Wireless Client 73 6.1.3 Enable and Configure Wireless Security without WPS on your NBG420N ... 76 6.1.4 Configure Your Notebook ... 78 6.2 Site-To-Site VPN Tunnel Tutorial ...
Page 14
Table of Contents 7.11 Accessing the iPod Touch Web Configurator ...114 7.11.1 Accessing the iPod Touch Web Configurator ...115 Chapter 8 WAN... 117 8.1 WAN Overview ...117 8.2 WAN MAC Address ...117 8.3 Multicast ...117 8.4 Internet Connection ...118 8.4.1 Ethernet Encapsulation ...118 8.4.2 PPPoE Encapsulation ...119 8.4.3 PPTP Encapsulation ...
Page 15
11.4.1 Game List Example ... 141 11.5 Trigger Port Forwarding ... 142 11.5.1 Trigger Port Forwarding Example ... 142 11.5.2 Two Points To Remember About Trigger Ports ... 143 11.6 NAT Advanced Screen ... 143 Chapter 12 Dynamic DNS ... 147 12.1 Dynamic DNS Introduction ...
Page 16
Table of Contents 15.1 IPSec VPN Overview ... 165 15.1.1 What You Can Do in the IPSec VPN Screens ... 165 15.1.2 What You Need To Know About IPSec VPN ... 166 15.1.3 IKE SA (IKE Phase 1) Overview ... 166 15.1.4 IPSec SA (IKE Phase 2) Overview 15.2 The General Screen ...
Page 17
18.1.2 Remote Management and NAT ... 210 18.1.3 System Timeout ... 210 18.2 WWW Screen ... 210 18.3 Telnet ...211 18.4 Telnet Screen ...211 18.5 FTP Screen ... 212 18.6 DNS Screen ... 212 Chapter 19 Universal Plug-and-Play (UPnP)... 215 19.1 Introducing Universal Plug and Play ...
Page 18
Table of Contents Chapter 23 Configuration Mode ... 257 Chapter 24 Sys Op Mode ... 259 24.1 Overview ... 259 24.1.1 Router ... 259 24.1.2 AP ... 259 24.2 Selecting System Operation Mode ... 260 Chapter 25 Language ... 263 25.1 Language Screen ...
List of Figures List of Figures Figure 1 Secure Wireless Internet Access in Router Mode ... 31 Figure 2 Wireless Internet Access in AP Mode ... 32 Figure 3 Front Panel ... 33 Figure 4 Change Password Screen ... 38 Figure 5 Selecting the setup mode ...
Page 20
List of Figures Figure 39 Status: AP Mode ... 78 Figure 40 Connecting a Wireless Client to a Wireless Network t ... 79 Figure 41 Security Settings ... 79 Figure 42 Confirm Save ... 79 Figure 43 Link Status ... 80 Figure 44 Site-To-Site VPN Tunnel ...
Page 21
List of Figures Figure 82 Any IP Example ... 129 Figure 83 Network > LAN > IP ... 130 Figure 84 Network > LAN > IP Alias ... 131 Figure 85 Network > LAN > Advanced ... 131 Figure 86 Network > DHCP > General ...
Introduction Getting to Know Your NBG420N (31) The WPS Button (35) Introducing the Web Configurator (37) Connection Wizard (49) AP Mode (65) Tutorials (73)
H A P T E R Getting to Know Your NBG420N This chapter introduces the main features and applications of the NBG420N. 1.1 Overview The NBG420N acts as either an access point (AP) or a secure broadband router for all data passing between the Internet and your local network.
Chapter 1 Getting to Know Your NBG420N 1.3 AP Mode Select AP Mode if you already have a router or gateway on your network which provides network services such as a firewall or bandwidth management. The following figure shows computers in a WLAN connecting to the NBG420N, which acts as an access point (A).
1.5 Ways to Manage the NBG420N Use any of the following methods to manage the NBG420N. • Web Configurator. This is recommended for everyday management of the NBG420N using a (supported) web browser. • Command Line Interface. Line commands are mostly used for troubleshooting by service engineers.
Page 34
Chapter 1 Getting to Know Your NBG420N Table 2 Front Panel LEDs (continued) COLOR LAN 1-4 Green Amber Green Amber WLAN Green Green STATUS DESCRIPTION The NBG420N has a successful 10MB Ethernet connection. Blinking The NBG420N is sending/receiving data. The NBG420N has a successful 100MB Ethernet connection.
H A P T E R 2.1 Overview Your NBG420N supports WiFi Protected Setup (WPS), which is an easy way to set up a secure wireless network. WPS is an industry standard specification, defined by the WiFi Alliance. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually.
Page 36
Chapter 2 The WPS Button NBG420N User’s Guide...
H A P T E R This chapter describes how to access the NBG420N web configurator and provides an overview of its screens. 3.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy setup and management of the NBG420N via Internet browser.
Chapter 3 Introducing the Web Configurator 4 Type "1234" (default) as the password and click Login. In some versions, the default password appears automatically - if this is the case, click Login. 5 You should see a screen asking you to change your password (highly recommended) as shown next.
Figure 5 Selecting the setup mode 3.3 Resetting the NBG420N If you forget your password or IP address, or you cannot access the web configurator, you will need to use the RESET button at the back of the NBG420N to reload the factory-default configuration file.
Chapter 3 Introducing the Web Configurator Figure 6 Web Configurator Status Screen The following table describes the icons shown in the Status screen. Table 3 Status Screen Icon Key ICON DESCRIPTION Click this icon to open the setup wizard. Click this icon to view copyright and a link for related product information. Click this icon at any time to exit the web configurator.
Page 41
Table 4 Web Configurator Status Screen (continued) LABEL DESCRIPTION WAN Information - MAC Address This shows the WAN Ethernet adapter MAC Address of your device. - IP Address This shows the WAN port’s IP address. - IP Subnet Mask This shows the WAN port’s subnet mask. - DHCP This shows the WAN port’s DHCP role - Client or None.
Chapter 3 Introducing the Web Configurator Table 4 Web Configurator Status Screen (continued) LABEL DESCRIPTION Status For the LAN and WAN ports, this field displays Down (line is down) or Up (line is up or connected). For the WLAN, it displays Up when the WLAN is enabled or Down when the WLAN is disabled.
Page 43
Table 5 Screens Summary LINK IP Alias Advanced DHCP General Server Advanced Client List General Application Advanced DDNS General Security Firewall General Services Content Filter Filter Schedule General SA Monitor Management Static Route IP Static Route Bandwidth General MGMT Advanced Monitor Remote MGMT...
Chapter 3 Introducing the Web Configurator Table 5 Screens Summary LINK System General Time Setting Logs View Log Log Settings Tools Firmware Configuration Restart Wake On Config Mode General Sys OP General Mode Language 3.5.2 Summary: Any IP Table This screen displays the IP address of each computer that is using the NBG420N via the any IP feature.
Figure 8 Summary: BW MGMT Monitor 3.5.4 Summary: DHCP Table DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the NBG420N’s LAN as a DHCP server or disable it. When configured as a server, the NBG420N provides the TCP/IP configuration for the clients.
Chapter 3 Introducing the Web Configurator 3.5.5 Summary: Packet Statistics Click the Packet Statistics (Details...) hyperlink in the Status screen. Read-only information here includes port status, packet specific statistics and the "system up time". The Poll Interval(s) field is configurable and is used for refreshing the screen. Figure 10 Summary: Packet Statistics The following table describes the labels in this screen.
3.5.6 Summary: VPN Monitor Click the VPN Monitor (Details...) hyperlink in the Status screen. This screen displays read- only information about the active VPN connections. Click the Refresh button to update the screen. A Security Association (SA) is the group of security settings related to a specific VPN tunnel.
Chapter 3 Introducing the Web Configurator The following table describes the labels in this screen. Table 9 Summary: Wireless Association List LABEL MAC Address Association Time Refresh DESCRIPTION This is the index number of an associated wireless station. This field displays the MAC address of an associated wireless station. This field displays the time a wireless station first associated with the NBG420N’s WLAN network.
H A P T E R This chapter provides information on the wizard setup screens in the web configurator. 4.1 Wizard Setup The web configurator’s wizard setup helps you configure your device to access the Internet. Refer to your ISP (Internet Service Provider) checklist in the Quick Start Guide to know what to enter in each field.
Chapter 4 Connection Wizard Figure 14 Select a Language 3 Read the on-screen information and click Next. Figure 15 Welcome to the Connection Wizard 4.2 Connection Wizard: STEP 1: System Information System Information contains administrative and system-related information. 4.2.1 System Name System Name is for identification purposes.
4.2.2 Domain Name The Domain Name entry is what is propagated to the DHCP clients on the LAN. If you leave this blank, the domain name obtained by DHCP from the ISP is used. While you must enter the host name (System Name) on each individual computer, the domain name can be assigned from the NBG420N via DHCP.
Chapter 4 Connection Wizard Figure 17 Wizard Step 2: Wireless LAN The following table describes the labels in this screen. Table 11 Wizard Step 2: Wireless LAN LABEL DESCRIPTION Name (SSID) Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN.
Chapter 4 Connection Wizard Table 12 Wizard Step 2: Basic (WEP) Security LABEL DESCRIPTION Next Click Next to proceed to the next screen. Exit Click Exit to close the wizard screen without saving. 4.3.2 Extend (WPA-PSK or WPA2-PSK) Security Choose Extend (WPA-PSK) or Extend (WPA2-PSK) security in the Wireless LAN setup screen to set up a Pre-Shared Key.
Figure 20 Wizard Step 3: ISP Parameters. The following table describes the labels in this screen, Table 14 Wizard Step 3: ISP Parameters CONNECTION TYPE Ethernet PPPoE PPTP 4.4.1 Ethernet Connection Choose Ethernet when the WAN port is used as a regular Ethernet. Continue to on page Figure 21 Wizard Step 3: Ethernet Connection 4.4.2 PPPoE Connection...
Chapter 4 Connection Wizard One of the benefits of PPPoE is the ability to let end users access one of multiple network services, a function known as dynamic service selection. This enables the service provider to easily create and offer new IP services for specific users. Operationally, PPPoE saves significant effort for both the subscriber and the ISP/carrier, as it requires no specific configuration of the broadband modem at the subscriber’s site.
The NBG420N supports one PPTP server connection at any given time. Figure 23 Wizard Step 3: PPTP Connection The following table describes the fields in this screen Table 16 Wizard Step 3: PPTP Connection LABEL DESCRIPTION ISP Parameters for Internet Access Connection Type Select PPTP from the drop-down list box.
Chapter 4 Connection Wizard Table 16 Wizard Step 3: PPTP Connection LABEL Next Exit 4.4.4 Your IP Address The following wizard screen allows you to assign a fixed IP address or give the NBG420N an automatically assigned IP address depending on your ISP. Figure 24 Wizard Step 3: Your IP Address The following table describes the labels in this screen Table 17 Wizard Step 3: Your IP Address...
You can obtain your IP address from the IANA, from an ISP or have it assigned by a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses.
Chapter 4 Connection Wizard 2 If the ISP did not give you DNS server information, leave the DNS Server fields set to 0.0.0.0 in the Wizard screen and/or set to From ISP in the WAN > Internet Connection screen for the ISP to dynamically assign the DNS server IP addresses. 4.4.8 WAN IP and DNS Server Address Assignment The following wizard screen allows you to assign a fixed WAN IP address and DNS server addresses.
4.4.9 WAN MAC Address Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. Table 20 Example of Network Properties for LAN Servers with Fixed IP Addresses Choose an IP address Subnet mask Gateway (or default route)
Chapter 4 Connection Wizard 4.5 Connection Wizard: STEP 4: Bandwidth management Bandwidth management allows you to control the amount of bandwidth going out through the NBG420N’s WAN, LAN or WLAN port and prioritize the distribution of the bandwidth according to the traffic type. This helps keep one service from using all of the available bandwidth and shutting out other users.
Chapter 4 Connection Wizard Figure 28 Connection Wizard Save Follow the on-screen instructions and click Finish to complete the wizard setup. Figure 29 Connection Wizard Complete Well done! You have successfully set up your NBG420N to operate on your network and access the Internet.
H A P T E R This chapter discusses how to configure settings while your NBG420N is set to AP Mode. Many screens that are available in Router Mode are not available in AP Mode. Chapter 6 on page 73 AP mode.
Chapter 5 AP Mode Maintenance > Sys OP Mode > General Figure 31 3 A pop-up appears providing information on this mode. Click OK in the pop-up message window. (See Section 24.2 on page 260 Apply. Your NBG420N is now in AP Mode. You do not have to log in again or restart your device when you change modes.
The following table describes the labels shown in the Status screen. Table 23 Web Configurator Status Screen LABEL DESCRIPTION Device Information System Name This is the System Name you enter in the Maintenance > System > General screen. It is for identification purposes. Firmware Version This is the firmware version and the date created.
Chapter 5 AP Mode Table 23 Web Configurator Status Screen (continued) LABEL DESCRIPTION Rate For the LAN ports, this displays the port speed and duplex setting or N/A when the line is disconnected. For the WLAN, it displays the maximum transmission rate when the WLAN is enabled and N/A when the WLAN is disabled.
Table 24 Screens Summary LINK Wireless General MAC Filter Advanced WPS Station Scheduling Maintenance System General Time Setting Logs View Log Log Settings Tools Firmware Configuration Restart Wake On Config Mode General Sys OP General Mode Language 5.4 Configuring Your Settings 5.4.1 LAN Settings Use this section to configure your LAN settings while in AP Mode.
Chapter 5 AP Mode If you change the IP address of the NBG420N in the screen below, you will need to log into the NBG420N again using the new IP address. Figure 34 Network > LAN > IP The table below describes the labels in the screen. Table 25 Network >...
LABEL DESCRIPTION Apply Click Apply to save your changes to the NBG420N. Reset Click Reset to reload the previous configuration for this screen. 5.4.2 WLAN and Maintenance Settings The configuration of wireless and maintenance settings in AP Mode is the same as for Router Mode.
H A P T E R 6.1 Wireless Tutorials 6.1.1 How to Connect to the Internet from an AP This section gives you an example of how to set up an access point (AP) and wireless client (a notebook (B), in this example) for wireless communication. B can access the Internet through the AP wirelessly.
Page 74
Chapter 6 Tutorials 6.1.2.1 Push Button Configuration (PBC) 1 Make sure that your NBG420N is turned on and that it is within range of your computer. 2 Make sure that you have installed the wireless client (this example uses the NWD210N) driver and utility in your notebook.
Figure 36 Example WPS Process: PBC Method Wireless Client 6.1.2.2 PIN Configuration When you use the PIN configuration method, you need to use both NBG420N’s configuration interface and the client’s utilities. 1 Launch your wireless client’s configuration utility. Go to the WPS settings and select the PIN method to get a PIN number.
Chapter 6 Tutorials Figure 37 Example WPS Process: PIN Method Wireless Client 6.1.3 Enable and Configure Wireless Security without WPS on your NBG420N This example shows you how to configure wireless security settings with the following parameters on your NBG420N. SSID WITHIN 2 MINUTES Authentication by PIN...
Channel Security WPA-PSK (Pre-Shared Key: ThisismyWPA-PSKpre-sharedkey) Follow the steps below to configure the wireless settings on your NBG420N. The instructions require that your hardware is connected (see the Quick Start Guide) and you are logged into the web configurator through your LAN connection (see 37).
Chapter 6 Tutorials Figure 39 Status: AP Mode 6.1.4 Configure Your Notebook We use the ZyXEL M-302 wireless adapter utility screens as an example for the wireless client. The screens may vary for different models. 1 The NBG420N supports IEEE 802.11b, IEEE 802.11g and IEEE 802.11n wireless clients.
Figure 40 Connecting a Wireless Client to a Wireless Network t 5 Select WPA-PSK and type the security key in the following screen. Click Next. Figure 41 Security Settings 6 The Confirm Save window appears. Check your settings and click Save to continue. Figure 42 Confirm Save 7 Check the status of your wireless connection in the screen below.
Chapter 6 Tutorials Figure 43 Link Status 8 If your connection is successful, open your Internet browser and enter www.zyxel.com access the web site, your wireless connection is successfully configured. 6.2 Site-To-Site VPN Tunnel Tutorial Bob and Jack want to setup a VPN connection between their offices. Bob and Jack each have a NBG420N router and a static WAN IP address.
Chapter 6 Tutorials End/Mask text box. This value is the same as Jack only wants Bob to access this single IP address. Figure 47 Remote Policy 5 Enter the IP address “1.1.1.1” in the My IP Address text box. This is Bob’s WAN IP address.
Figure 50 VPN Summary 6.2.2 Configuring Jack’s NBG420N VPN Settings To configure these settings Jack uses the NBG420N web configurator. 1 Log into the NBG420N web configurator and click VPN > Modify icon. This displays the VPN Rule Setup (basic) screen. 2 Select the Active checkbox to enable the VPN rule after it has been created.
Chapter 6 Tutorials 6 Select IP as the Local ID Type. This is the type of content that will be used to identify Jack’s NBG420N. Enter the IP address “2.2.2.2” in the Local Content text box. This identifies Jack’s NBG420N to Bob’s NBG420N. 7 Enter the IP address “1.1.1.1”...
Chapter 6 Tutorials Figure 57 Pinging Jack’s Local IP Address Pinging is successful which means a VPN tunnel has been established between Bob and Jack’s NBG420Ns. Congratulations! To check this VPN connection click VPN > SA Monitor in the web configurator. Figure 58 SA Monitor If pinging is not successful check the VPN settings on both devices and try again.
H A P T E R This chapter discusses how to configure the wireless network settings in your NBG420N. See the appendices for more detailed information about wireless networks. 7.1 Wireless Network Overview The following figure provides an example of a wireless network. Figure 59 Example of a Wireless Network The wireless network is the part in the blue circle.
Chapter 7 Wireless LAN • Every wireless client in the same wireless network must use security compatible with the Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network. 7.2 Wireless Security Overview The following sections introduce different types of wireless security you can set up in the wireless network.
If your AP does not provide a local user database and if you do not have a RADIUS server, you cannot set up user names and passwords for your users. Unauthorized devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network.
Chapter 7 Wireless LAN When you select WPA2 or WPA2-PSK in your NBG420N, you can also select an option (WPA Compatible) to support WPA as well. In this case, if some wireless clients support WPA and some support WPA2, you should set up WPA2-PSK or WPA2 (depending on the type of wireless network login) and select the WPA Compatible option in the NBG420N.
Figure 60 Roaming Example The steps below describe the roaming process. 1 Wireless station Y moves from the coverage area of access point AP 1 to that of access point AP 2. 2 Wireless station Y scans and detects the signal of access point AP 2. 3 Wireless station Y sends an association request to access point AP 2.
Chapter 7 Wireless LAN 7.4.1 WMM QoS WMM (Wi-Fi MultiMedia) QoS (Quality of Service) ensures quality of service in wireless networks. It controls WLAN transmission priority on packets to be transmitted over the wireless network. WMM QoS prioritizes wireless traffic according to delivery requirements. WMM QoS is a part of the IEEE 802.11e QoS enhancement to certified Wi-Fi wireless networks.
Figure 61 Network > Wireless LAN > General The following table describes the general wireless LAN labels in this screen. Table 29 Network > Wireless LAN > General LABEL DESCRIPTION Enable Click the check box to activate wireless LAN. Wireless LAN Name(SSID) (Service Set IDentity) The SSID identifies the Service Set with which a wireless station is associated.
Chapter 7 Wireless LAN Table 29 Network > Wireless LAN > General LABEL DESCRIPTION Apply Click Apply to save your changes back to the NBG420N. Reset Click Reset to reload the previous configuration for this screen. See the rest of this chapter for information on the other labels in this screen. 7.5.1 No Security Select No Security to allow wireless stations to communicate with the access points without any data encryption.
Your NBG420N allows you to configure up to four 64-bit or 128-bit WEP keys but only one key can be enabled at any one time. In order to configure and enable WEP encryption; click Network > Wireless LAN to display the General screen.
Chapter 7 Wireless LAN Table 31 Network > Wireless LAN > General: Static WEP LABEL DESCRIPTION Key 1 to Key 4 The WEP keys are used to encrypt data. Both the NBG420N and the wireless stations must use the same WEP key for data transmission. If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F").
The following table describes the labels in this screen. Table 32 Network > Wireless LAN > General: WPA-PSK/WPA2-PSK LABEL DESCRIPTION WPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field. Select the check box to have both WPA2 and WPA wireless clients be able to communicate with the NBG420N even when the NBG420N is using WPA2-PSK or WPA2.
Chapter 7 Wireless LAN Figure 65 Network > Wireless LAN > General: WPA/WPA2 The following table describes the labels in this screen. Table 33 Network > Wireless LAN > General: WPA/WPA2 LABEL WPA Compatible ReAuthentication Timer (in seconds) Idle Timeout DESCRIPTION This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field.
Table 33 Network > Wireless LAN > General: WPA/WPA2 LABEL DESCRIPTION Group Key Update The Group Key Update Timer is the rate at which the AP (if using WPA-PSK/ Timer WPA2-PSK key management) or RADIUS server (if using WPA/WPA2 key management) sends a new group key out to all clients.
Chapter 7 Wireless LAN Figure 66 Network > Wireless LAN > MAC Filter The following table describes the labels in this menu. Table 34 Network > Wireless LAN > MAC Filter LABEL DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering. Filter Action Define the filter action for the list of MAC addresses in the MAC Address table.
Figure 67 Network > Wireless LAN > Advanced The following table describes the labels in this screen. Table 35 Network > Wireless LAN > Advanced LABEL DESCRIPTION Roaming Configuration Enable Select this option if your network environment has multiple APs and you want your Roaming wireless device to be able to access the network as you move between wireless networks.
Chapter 7 Wireless LAN Figure 68 Network > Wireless LAN > QoS The following table describes the labels in this screen. Table 36 Network > Wireless LAN > QoS LABEL WMM QoS Policy Name Service Dest Port Priority Modify Apply DESCRIPTION Select Default to have the NBG420N automatically give a service a priority level according to the ToS value in the IP header of packets...
7.8.1 Application Priority Configuration Use this screen to edit a WMM QoS application entry. Click the edit icon under Modify. The following screen displays. Figure 69 Network > Wireless LAN > QoS: Application Priority Configuration Appendix F on page 321 following table describes the fields in this screen.
Chapter 7 Wireless LAN 7.9 WiFi Protected Setup WiFi Protected Setup (WPS) is an industry standard specification, defined by the WiFi Alliance. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually. Depending on the devices in your network, you can either press a button (on the device itself, or in its configuration utility) or enter a PIN (Personal Identification Number) in the devices.
7.9.2 WPS Station Screen Use this screen when you want to add a wireless station using WPS. To open this screen, click Network > Wireless LAN > WPS Station tab. Note: After you click Push Button on this screen, you have to press a similar button in the wireless station utility within 2 minutes.
Chapter 7 Wireless LAN Figure 72 Scheduling The following table describes the labels in this screen. Table 39 Scheduling LABEL Enable Wireless LAN Scheduling WLAN Status Except for the following times (24-Hour Format) Apply Reset 7.10 iPod Touch Web Configurator The iPod Touch web configurator displays when you are connecting to the NBG420N wirelessly with an iPod Touch device through a web browser.
1 Make sure the Wireless LAN on the NBG420N is enabled and that you know the security settings (if any). To do this check the Wireless LAN > General screen in the web configurator from your computer. 2 On the iPod Touch’s main screen press Settings > Wi-fi and from the list press the NBG420N’s network name (SSID) to connect to it.
Chapter 7 Wireless LAN 7.10.2 System Status After successfully logging into the iPod Touch web configurator the System Status screen displays. Your changes in the iPod Touch web configurator are saved automatically after pressing a button. If you are going to use the WPS (Wi-Fi Protected Setup) function in the iPod Touch Web Configurator it is recommended to configure your WPS settings first from your computer.
Figure 74 System Status screen The following table describes the labels in this screen. Table 41 System Status screen LABEL DESCRIPTION Logout Press this to logout of the iPod Touch web configurator. IP Address This field displays the NBG420N’s LAN (Local Area Network) IP address. IP Address This field displays the NBG420N’s WAN IP address.
Chapter 7 Wireless LAN Table 41 System Status screen LABEL Channel PIN Number Push Button Client Number This field displays the number of wireless clients on the network. Security Firewall URL Filtering Management Port Forwarding Activated Rule This field displays the currently activated port forwarding rules. 7.10.3 WPS in Progress After pressing Push Button in the System Status screen the WPS in Progress screen will display.
Figure 75 WPS In Progress 7.10.4 Port Forwarding After pressing the Details button in the System Status screen the port forwarding screen will display. Use this screen to change the status of port forwarding rules that have been set up in the web configurator from your computer.
Chapter 7 Wireless LAN Figure 76 Port Forwarding The following table describes the labels in this screen. Table 42 Port Forwarding LABEL Rule Port Status 7.11 Accessing the iPod Touch Web Configurator To access the iPod Touch web configurator through your iPod Touch you must first connect it to the NBG420N’s wireless network.
If you have not configured your wireless settings yet you can do so by using the Wizard in the web configurator you access from your computer. Click the Wizard icon or the Go To Wizard Setup web link you see after logging into the web configurator from your computer.
Page 116
Chapter 7 Wireless LAN If the login screen does not display properly, check that you are accessing the correct IP address. Also check your iPod Touch web browser’s security settings as they may affect how the page displays. 4 If you wish to login automatically in the future make sure the Auto Login checkbox is selected.
H A P T E R This chapter describes how to configure WAN settings. 8.1 WAN Overview See the chapter about the connection wizard for more information on the fields in the WAN screens. 8.2 WAN MAC Address The MAC address screen allows users to configure the WAN port's MAC address by either using the factory default or cloning the MAC address from a computer on your LAN.
Chapter 8 WAN The NBG420N supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP-v2). At start up, the NBG420N queries all directly connected networks to gather group membership. After that, the NBG420N periodically updates this information. IP multicasting can be enabled/disabled on the NBG420N LAN and/or WAN interfaces in the web configurator (LAN;...
The following table describes the labels in this screen. Table 43 Network > WAN > Internet Connection: Ethernet Encapsulation LABEL DESCRIPTION Encapsulation You must choose the Ethernet option when the WAN port is used as a regular Ethernet. Service Type Choose from Standard, RR-Telstra (RoadRunner Telstra authentication method), RR-Manager (Roadrunner Manager authentication method), RR-Toshiba (Roadrunner Toshiba authentication method) or Telia Login.
Chapter 8 WAN For the service provider, PPPoE offers an access and authentication method that works with existing access control systems (for example Radius). One of the benefits of PPPoE is the ability to let you access one of multiple network services, a function known as dynamic service selection.
The following table describes the labels in this screen. Table 44 Network > WAN > Internet Connection: PPPoE Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation The PPP over Ethernet choice is for a dial-up connection using PPPoE. The NBG420N supports PPPoE (Point-to-Point Protocol over Ethernet).
Chapter 8 WAN Table 44 Network > WAN > Internet Connection: PPPoE Encapsulation LABEL DESCRIPTION Set WAN MAC Select this option and enter the MAC address you want to use. Address Apply Click Apply to save your changes back to the NBG420N. Reset Click Reset to begin configuring this screen afresh.
Figure 80 Network > WAN > Internet Connection: PPTP Encapsulation The following table describes the labels in this screen. Table 45 Network > WAN > Internet Connection: PPTP Encapsulation LABEL ISP Parameters for Internet Access Encapsulation User Name NBG420N User’s Guide DESCRIPTION Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a...
Page 124
Chapter 8 WAN Table 45 Network > WAN > Internet Connection: PPTP Encapsulation LABEL Password Retype to Confirm Nailed-up Connection Idle Timeout PPTP Configuration Server IP Address Connection ID/Name Get automatically from Use Fixed IP Address My IP Address My IP Subnet Mask WAN IP Address Assignment Get automatically from...
8.5 Advanced WAN Screen To change your NBG420N’s advanced WAN settings, click Network > WAN > Advanced. The screen appears as shown. Figure 81 Network > WAN > Advanced The following table describes the labels in this screen. Table 46 WAN > Advanced LABEL Multicast Setup Multicast...
Page 126
Chapter 8 WAN Table 46 WAN > Advanced LABEL Enable Auto-bridge mode Apply Reset DESCRIPTION Select this option to have the NBG420N switch to bridge mode automatically when the NBG420N gets a WAN IP address in the range of 192.168.x.y (where x and y are from zero to nine) no matter what the LAN IP address is.
H A P T E R This chapter describes how to configure LAN settings. 9.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building.
Chapter 9 LAN 9.2.2 IP Address and Subnet Mask Refer to the IP address and subnet mask section in the Connection Wizard chapter for this information. 9.2.3 Multicast Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network).
Figure 82 Any IP Example The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the NBG420N’s IP address. You must enable NAT to use the Any IP feature on the NBG420N. Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network.
Chapter 9 LAN 9.3 LAN IP Screen Use this screen to change your basic LAN settings. Click Network > LAN. Figure 83 Network > LAN > IP The following table describes the labels in this screen. Table 47 Network > LAN > IP LABEL LAN TCP/IP IP Address...
Network > LAN > IP Alias Figure 84 The following table describes the labels in this screen. Table 48 Network > LAN > IP Alias LABEL DESCRIPTION IP Alias 1,2 Select the check box to configure another LAN network for the NBG420N. IP Address Enter the IP address of your NBG420N in dotted decimal notation.
Chapter 9 LAN The following table describes the labels in this screen. Table 49 Network > LAN > Advanced LABEL Multicast Any IP Setup Active Windows Networking (NetBIOS over TCP/IP): NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls.
H A P T E R 10.1 DHCP DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the NBG420N’s LAN as a DHCP server or disable it. When configured as a server, the NBG420N provides the TCP/IP configuration for the clients.
Chapter 10 DHCP Table 50 Network > DHCP > General LABEL Apply Reset 10.3 DHCP Advanced Screen This screen allows you to assign IP addresses on the LAN to specific individual computers based on their MAC addresses. You can also use this screen to configure the DNS server information that the NBG420N sends to the DHCP clients.
Table 51 Network > DHCP > Advanced LABEL DESCRIPTION DNS Server DNS Servers The NBG420N passes a DNS (Domain Name System) server IP address (in the Assigned by DHCP order you specify here) to the DHCP clients. The NBG420N only passes this Server information to the LAN DHCP clients when you select the Enable DHCP Server check box.
Chapter 10 DHCP Figure 88 Network > DHCP > Client List The following table describes the labels in this screen. Table 52 Network > DHCP > Client List LABEL IP Address Host Name MAC Address Reserve Apply Refresh DESCRIPTION This is the index number of the host computer. This field displays the IP address relative to the # field listed above.
H A P T E R Network Address Translation This chapter discusses how to configure NAT on the NBG420N. 11.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet. For example, the source address of an outgoing packet, used within one network is changed to a different IP address known within another network.
Chapter 11 Network Address Translation (NAT) Many residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location.
The following table describes the labels in this screen. Table 53 Network > NAT > General LABEL DESCRIPTION Enable Network Network Address Translation (NAT) allows the translation of an Internet protocol Address address used within one network (for example a private IP address used in a local Translation network) to a different IP address known within another network (for example a public IP address used on the Internet).
Chapter 11 Network Address Translation (NAT) Figure 91 Network > NAT > Application The following table describes the labels in this screen. Table 54 NAT Application LABEL Game List Update A game list includes the pre-defined service name(s) and port number(s). You can File Path Browse...
Table 54 NAT Application (continued) LABEL DESCRIPTION Port Type a port number(s) to be forwarded. To specify a range of ports, enter a hyphen (-) between the first port and the last port, such as 10-20. To specify two or more non-consecutive port numbers, separate them by a comma without spaces, such as 123,567.
Figure 93 Trigger Port Forwarding Process: Example 1 Jane requests a file from the Real Audio server (port 7070). 2 Port 7070 is a “trigger” port and causes the NBG420N to record Jane’s computer IP address. The NBG420N associates Jane's computer IP address with the "incoming" port range of 6970-7170.
Chapter 11 Network Address Translation (NAT) Figure 94 Network > NAT > Advanced The following table describes the labels in this screen. Table 55 Network > NAT > Advanced LABEL Max NAT/Firewall Session Per User Port Triggering Rules Name DESCRIPTION Type a number ranging from 1 to 2048 to limit the number of NAT/firewall sessions that a host can create.
Page 145
Table 55 Network > NAT > Advanced LABEL DESCRIPTION Incoming Incoming is a port (or a range of ports) that a server on the WAN uses when it sends out a particular service. The NBG420N forwards the traffic with this port (or range of ports) to the client computer on the LAN that requested the service.
H A P T E R 12.1 Dynamic DNS Introduction Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect.
Chapter 12 Dynamic DNS Figure 95 Dynamic DNS The following table describes the labels in this screen. Table 56 Dynamic DNS LABEL Enable Dynamic DNS Service Provider Dynamic DNS Type Host Name User Name Password Token Enable Wildcard Option Enable off line option IP Address Update Policy: Use WAN IP Address Dynamic DNS server...
Page 149
Table 56 Dynamic DNS LABEL Apply Reset NBG420N User’s Guide DESCRIPTION Click Apply to save your changes back to the NBG420N. Click Reset to begin configuring this screen afresh. Chapter 12 Dynamic DNS...
Page 150
Chapter 12 Dynamic DNS NBG420N User’s Guide...
H A P T E R This chapter gives some background information on firewalls and explains how to get started with the NBG420N’s firewall. 13.1 Introduction to ZyXEL’s Firewall 13.1.1 What is a Firewall? Originally, the term “firewall” referred to a construction technique designed to prevent the spread of fire from one room to another.
Chapter 13 Firewall The NBG420N is installed between the LAN and a broadband modem connecting to the Internet. This allows it to act as a secure gateway for all data passing between the Internet and the LAN. The NBG420N has one Ethernet WAN port and four Ethernet LAN ports, which are used to physically separate the network into two areas.The WAN (Wide Area Network) port attaches to the broadband (cable or DSL) modem to the Internet.
1 A computer on the LAN initiates a connection by sending a SYN packet to a receiving server on the WAN. 2 The NBG420N reroutes the packet to Gateway A, which is in Subnet 2. 3 The reply from the WAN goes to the NBG420N. 4 The NBG420N then sends it to the computer on the LAN in Subnet 1.
Chapter 13 Firewall Table 57 Security > Firewall > General LABEL Apply Reset 13.4 Services Screen Click Security > Firewall > Services. The screen appears as shown next. If an outside user attempts to probe an unsupported port on your NBG420N, an ICMP response packet is automatically returned.
Table 58 Security > Firewall > Services LABEL DESCRIPTION Do not respond to Select this option to prevent hackers from finding the NBG420N by probing for requests for unused ports. If you select this option, the NBG420N will not respond to port unauthorized request(s) for unused ports, thus leaving the unused ports and the NBG420N services...
Chapter 13 Firewall Figure 99 Security > Firewall > Services > Adding a Rule The following table describes the labels in this screen. Table 59 Security > Firewall > Services > Adding a Rule LABEL Active Address Type IP Address Start IP Address End IP Address IP Pool List...
Page 159
Table 59 Security > Firewall > Services > Adding a Rule LABEL DESCRIPTION Available Services This is a list of pre-defined services (ports) you may prohibit your LAN computers from using. Select the port you want to block using the drop-down list and click Add to add the port to the Blocked Services field.
H A P T E R This chapter provides a brief overview of content filtering using the embedded web GUI. 14.1 Introduction to Content Filtering Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering is the ability to block certain web features or specific URL keywords.
Chapter 14 Content Filtering Figure 100 Security > Content Filter > Filter The following table describes the labels in this screen. Table 60 Security > Content Filter > Filter LABEL Trusted Computer IP Address Restrict Web Features ActiveX Java Cookies Web Proxy Keyword Blocking Enable URL...
Table 60 Security > Content Filter > Filter LABEL DESCRIPTION Keyword Type a keyword in this field. You may use any character (up to 64 characters). Wildcards are not allowed. You can also enter a numerical IP address. Keyword List This list displays the keywords already added.
Chapter 14 Content Filtering Table 61 Security > Content Filter > Schedule LABEL Apply Reset 14.6 Customizing Keyword Blocking URL Checking You can use commands to set how much of a website’s URL the content filter is to check for keyword blocking.
H A P T E R 15.1 IPSec VPN Overview A virtual private network (VPN) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing. It is used to transport traffic over the Internet or any insecure network that uses TCP/IP for communication.
Chapter 15 IPSec VPN 15.1.2 What You Need To Know About IPSec VPN A VPN tunnel is usually established in two phases. Each phase establishes a security association (SA), a contract indicating what security parameters the NBG420N and the remote IPSec router will use.
You can usually provide a static IP address or a domain name for the remote IPSec router as well. Sometimes, you might not know the IP address of the remote IPSec router (for example, telecommuters). In this case, you can still set up the IKE SA, but only the remote IPSec router can initiate an IKE SA.
Chapter 15 IPSec VPN The following table describes the fields in this screen. Table 62 Security > VPN > General LABEL DESCRIPTION This is the VPN policy index number. Active This field displays whether the VPN policy is active or not. This icon is turned on when the rule is enabled.
Chapter 15 IPSec VPN The following table describes the labels in this screen. Table 63 SECURITY > VPN > Rule Setup: IKE (Basic) LABEL Property Active Keep Alive NAT Traversal IPSec Keying Mode DNS Server (for IPSec VPN) Local Policy Local Address Local Address End /Mask...
Page 171
Table 63 SECURITY > VPN > Rule Setup: IKE (Basic) (continued) LABEL DESCRIPTION Remote Policy Remote IP addresses must be static and correspond to the remote IPSec router's configured local IP addresses. The remote fields do not apply when the Secure Gateway IP Address field is configured to 0.0.0.0.
Page 172
Chapter 15 IPSec VPN Table 63 SECURITY > VPN > Rule Setup: IKE (Basic) (continued) LABEL Secure Gateway Address Peer ID Type Peer Content IPSec Algorithm Encapsulation Mode IPSec Protocol DESCRIPTION Type the WAN IP address or the domain name (up to 31 characters) of the IPSec router with which you're making the VPN connection.
Table 63 SECURITY > VPN > Rule Setup: IKE (Basic) (continued) LABEL DESCRIPTION Pre-Shared Key Type your pre-shared key in this field. A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. It is called "pre-shared" because you have to share it with another party before you can communicate with them over a secure connection.
The following table describes the labels in this screen. Table 64 Security > VPN > Rule Setup: IKE (Advanced) LABEL DESCRIPTION Property Active Select this check box to activate this VPN policy. Keep Alive Select this check box to have the NBG420N automatically reinitiate the SA after the SA lifetime times out, even if there is no traffic.
Page 176
Chapter 15 IPSec VPN Table 64 Security > VPN > Rule Setup: IKE (Advanced) (continued) LABEL Local Address End / Mask Local Port Start Local Port End Remote Policy Remote Address Remote Address End /Mask Remote Port Start Remote Port End Authentication Method My IP Address...
Page 177
Table 64 Security > VPN > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Local Content When you select IP in the Local ID Type field, type the IP address of your computer in the Local Content field. The NBG420N automatically uses the IP address in the My IP Address field (refer to the My IP Address field description) if you configure the Local Content field to 0.0.0.0 or leave it blank.
Page 178
Chapter 15 IPSec VPN Table 64 Security > VPN > Rule Setup: IKE (Advanced) (continued) LABEL IKE Phase 1 Negotiation Mode Encryption Algorithm Select which key size and encryption algorithm to use in the IKE SA. Choices Authentication Algorithm SA Life Time (Seconds) Key Group Pre-Shared Key...
Table 64 Security > VPN > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Authentication Select which hash algorithm to use to authenticate packet data in the IPSec SA. Algorithm Choices are SHA1 and MD5. SHA1 is generally considered stronger than MD5, but it is also slower.
Chapter 15 IPSec VPN 15.2.3.3 Authentication and the Security Parameter Index (SPI) For authentication, the NBG420N and remote IPSec router use the SPI, instead of pre-shared keys, ID type and content. The SPI is an identification number. Note: The NBG420N and remote IPSec router must use the same SPI. Figure 108 Security >...
Page 181
Table 65 Security > VPN > Rule Setup: Manual (continued) LABEL DESCRIPTION IPSec Keying Select IKE or Manual from the drop-down list box. IKE provides more protection Mode so it is generally recommended. Manual is a useful option for troubleshooting if you have problems using IKE key management.
Page 182
Chapter 15 IPSec VPN Table 65 Security > VPN > Rule Setup: Manual (continued) LABEL DESCRIPTION Remote Address For a single IP address, enter a (static) IP address on the network behind the remote IPSec router. For a specific range of IP addresses, enter the beginning (static) IP address, in a range of computers on the network behind the remote IPSec router.
Table 65 Security > VPN > Rule Setup: Manual (continued) LABEL DESCRIPTION Enable Replay As a VPN setup is processing intensive, the system is vulnerable to Denial of Detection Service (DoS) attacks The IPSec receiver can detect and reject old or duplicate packets to protect against replay attacks.
Chapter 15 IPSec VPN The following table describes the labels in this screen. Table 66 Security > VPN > SA Monitor LABEL Name Encapsulation IPSec Algorithm Refresh 15.4 VPN and Remote Management You can allow someone to use a service (like Telnet or HTTP) through a VPN tunnel to manage the NBG420N.
15.5 IPSec VPN Technical Reference IKE SA Proposal The IKE SA proposal is used to identify the encryption algorithm, authentication algorithm, and Diffie-Hellman (DH) key group that the NBG420N and remote IPSec router use in the IKE SA. In main mode, this is done in steps 1 and 2, as illustrated below. Figure 111 IKE SA: Main Negotiation Mode, Steps 1 - 2: IKE SA Proposal The NBG420N sends a proposal to the remote IPSec router.
Chapter 15 IPSec VPN Authentication Before the NBG420N and remote IPSec router establish an IKE SA, they have to verify each other’s identity. This process is based on pre-shared keys and router identities. In main mode, the NBG420N and remote IPSec router authenticate each other in steps 5 and 6, as illustrated below.
In the following example, the ID type and content do not match so the authentication fails and the NBG420N and the remote IPSec router cannot establish an IKE SA. Table 68 VPN Example: Mismatching ID Type and Content NBG420N Local ID type: E-mail Local ID content: tom@yourcompany.com Peer ID type: IP Peer ID content:...
Chapter 15 IPSec VPN Figure 114 VPN/NAT Example If router A does NAT, it might change the IP addresses, port numbers, or both. If router X and router Y try to establish a VPN tunnel, the authentication fails because it depends on this information.
These modes are illustrated below. Figure 115 VPN: Transport and Tunnel Mode Encapsulation Original Packet Transport Mode Packet Tunnel Mode Packet In tunnel mode, the NBG420N uses the IPSec protocol to encapsulate the entire IP packet. As a result, there are two IP headers: •...
Chapter 15 IPSec VPN Additional IPSec VPN Topics This section discusses other IPSec VPN topics that apply to either IKE SAs or IPSec SAs or both. Relationships between the topics are also highlighted. SA Life Time SAs have a lifetime that specifies how long the SA lasts until it times out. When an SA times out, the NBG420N automatically renegotiates the SA in the following situations: •...
Chapter 15 IPSec VPN The following figure depicts an example where one VPN tunnel is created from an NBG420N at branch office (B) to headquarters (HQ). In order to access computers that use private domain names on the HQ network, the NBG420N at B uses the Intranet DNS server in headquarters.
H A P T E R This chapter shows you how to configure static routes for your NBG420N. 16.1 Static Route Overview The NBG420N usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the NBG420N send data to devices not reachable through the default gateway, use static routes.
Chapter 16 Static Route Screens Figure 118 Management > Static Route > IP Static Route The following table describes the labels in this screen. Table 69 Management > Static Route > IP Static Route LABEL Name Active Destination Gateway Modify 16.2.1 Static Route Setup Screen To edit a static route, click the edit icon under Modify.
Figure 119 Management > Static Route > IP Static Route: Static Route Setup The following table describes the labels in this screen. Table 70 Management > Static Route > IP Static Route: Static Route Setup LABEL DESCRIPTION Route Name Enter the name of the IP static route. Leave this field blank to delete this static route.
H A P T E R Bandwidth Management This chapter contains information about configuring bandwidth management, editing rules and viewing the NBG420N’s bandwidth management logs. 17.1 Bandwidth Management Overview ZyXEL’s Bandwidth Management allows you to specify bandwidth management rules based on an application and/or subnet.
Chapter 17 Bandwidth Management The following figure shows LAN subnets. You could configure one bandwidth class for subnet A and another for subnet B. Figure 120 Subnet-based Bandwidth Management Example 17.4 Application and Subnet-based Bandwidth Management You could also create bandwidth classes based on a combination of a subnet and an application.
Table 72 Bandwidth Management Priorities PRIORITY LEVELS: TRAFFIC WITH A HIGHER PRIORITY GETS THROUGH FASTER WHILE TRAFFIC WITH A LOWER PRIORITY IS DROPPED IF THE NETWORK IS CONGESTED. 17.6 Predefined Bandwidth Management Services The following is a description of the services that you can select and to which you can apply media bandwidth management using the wizard screens.
Chapter 17 Bandwidth Management 17.7 Default Bandwidth Management Classes and Priorities If you enable bandwidth management but do not configure a rule for critical traffic like VoIP, the voice traffic may then get delayed due to insufficient bandwidth. With the automatic traffic classifier feature activated, the NBG420N automatically assigns a default bandwidth management class and priority to traffic that does not match any of the user-defined rules.
The following table describes the labels in this screen. Table 75 Management > Bandwidth MGMT > General LABEL DESCRIPTION Enable Bandwidth Select this check box to have the NBG420N apply bandwidth management. Management Enable bandwidth management to give traffic that matches a bandwidth rule priority over traffic that does not match a bandwidth rule.
Chapter 17 Bandwidth Management The following table describes the labels in this screen. Table 76 Management > Bandwidth MGMT > Advanced LABEL Check my upstream bandwidth Upstream Bandwidth (kbps) Application List Enable Service Priority Advanced Setting User-defined Service Enable Direction Service Name Priority Modify...
17.9.1 Rule Configuration with the Pre-defined Service To edit a bandwidth management rule for the pre-defined service in the NBG420N, click the Edit icon in the Application List table of the Advanced screen. The following screen displays. Figure 123 Bandwidth Management Rule Configuration: Pre-defined Service The following table describes the labels in this screen.
H A P T E R This chapter provides information on the Remote Management screens. 18.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which NBG420N interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
Chapter 18 Remote Management 1 You have disabled that service in one of the remote management screens. 2 The IP address in the Secured Client IP Address field does not match the client IP address. If it does not match, the NBG420N will disconnect the session immediately. 3 There is already another remote management session with an equal or higher priority running.
LABEL DESCRIPTION Secured Client IP A secured client is a “trusted” computer that is allowed to communicate with the Address NBG420N using this service. Select All to allow any computer to access the NBG420N using this service. Choose Selected to just allow the computer with the IP address that you specify to access the NBG420N using this service.
Chapter 18 Remote Management 18.5 FTP Screen You can use FTP (File Transfer Protocol) to upload and download the NBG420N’s firmware and configuration files. To use this feature, your computer must have an FTP client. To change your NBG420N’s FTP settings, click Management > Remote MGMT > FTP. The screen appears as shown.
Figure 129 Management > Remote MGMT > DNS The following table describes the labels in this screen. Table 82 Management > Remote MGMT > DNS LABEL DESCRIPTION Server Port The DNS service port number is 53 and cannot be changed here. Server Access Select the interface(s) through which a computer may send DNS queries to the NBG420N.
H A P T E R Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 19.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
Chapter 19 Universal Plug-and-Play (UPnP) When a UPnP device joins a network, it announces its presence with a multicast message. For security reasons, the NBG420N allows multicast messages on the LAN only. All UPnP-enabled devices may communicate freely with each other without additional configuration.
Table 83 Management > UPnP > General LABEL Apply Reset 19.4 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP. 19.4.0.1 Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me. 1 Click Start and Control Panel.
Chapter 19 Universal Plug-and-Play (UPnP) Figure 132 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel.
Figure 134 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Figure 135 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. NBG420N User’s Guide Chapter 19 Universal Plug-and-Play (UPnP)
Chapter 19 Universal Plug-and-Play (UPnP) 19.4.0.2 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the NBG420N. Make sure the computer is connected to a LAN port of the NBG420N.
Chapter 19 Universal Plug-and-Play (UPnP) Figure 137 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings. NBG420N User’s Guide...
Chapter 19 Universal Plug-and-Play (UPnP) Figure 138 Internet Connection Properties: Advanced Settings Figure 139 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Figure 140 System Tray Icon 7 Double-click on the icon to display your current Internet connection status. Figure 141 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the NBG420N without finding out the IP address of the NBG420N first.
Chapter 19 Universal Plug-and-Play (UPnP) Figure 142 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your NBG420N and select Invoke. The web configurator login screen displays. NBG420N User’s Guide...
Chapter 19 Universal Plug-and-Play (UPnP) Figure 143 Network Connections: My Network Places 6 Right-click on the icon for your NBG420N and select Properties. A properties window displays with basic information about the NBG420N. Figure 144 Network Connections: My Network Places: Properties: Example NBG420N User’s Guide...
H A P T E R This chapter provides information on the System screens. 20.1 System Overview See the chapter about wizard setup for more information on the next few screens. 20.2 System General Screen Click Maintenance > System. The following screen displays. Figure 145 Maintenance >...
Chapter 20 System Table 84 Maintenance > System > General LABEL Administrator Inactivity Timer Password Setup Old Password New Password Retype to Confirm Apply Reset 20.3 Time Setting Screen To change your NBG420N’s time and date, click Maintenance > System > Time Setting. The screen appears as shown.
The following table describes the labels in this screen. Table 85 Maintenance > System > Time Setting LABEL DESCRIPTION Current Time and Date Current Time This field displays the time of your NBG420N. Each time you reload this page, the NBG420N synchronizes the time with the time server.
Page 232
Chapter 20 System Table 85 Maintenance > System > Time Setting LABEL End Date Apply Reset DESCRIPTION Configure the day and time when Daylight Saving Time ends if you selected Daylight Savings. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the last Sunday of October.
H A P T E R This chapter contains information about configuring general log settings and viewing the NBG420N’s logs. Refer to the appendices for example log message explanations. 21.1 View Log The web configurator allows you to look at all of the NBG420N’s logs in one location. Click Maintenance >...
Chapter 21 Logs The following table describes the labels in this screen. Table 86 Maintenance > Logs > View Log LABEL Display Email Log Now Refresh Clear Log Time Message Source Destination Note 21.2 Log Settings You can configure the NBG420N’s general log settings in one location. Click Maintenance >...
Figure 148 Maintenance > Logs > Log Settings The following table describes the labels in this screen. Table 87 Maintenance > Logs > Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
Page 236
Chapter 21 Logs Table 87 Maintenance > Logs > Log Settings LABEL Send Alerts To SMTP Authentication User Name Password Log Schedule Day for Sending Log Use the drop down list box to select which day of the week to send the logs. Time for Sending Clear log after sending mail...
21.3 Log Descriptions This section provides descriptions of example log messages. Table 88 System Maintenance Logs LOG MESSAGE Time calibration is successful Time calibration failed WAN interface gets IP:%s DHCP client IP expired DHCP server assigns%s Successful WEB login WEB login failed Successful TELNET login TELNET login failed Successful FTP login...
Table 97 Content Filtering Logs (continued) LOG MESSAGE %s: Proxy mode detected %s:%s %s(cache hit) %s:%s(cache hit) %s: Trusted Web site Waiting content filter server timeout DNS resolving failed Creating socket failed The NBG420N cannot issue a query because TCP/IP socket creation Connecting to content filter server fail License key is invalid The external content filtering license key is invalid.
Chapter 21 Logs Table 98 Attack Logs (continued) LOG MESSAGE teardrop UDP teardrop ICMP (type:%d, code:%d) illegal command TCP NetBIOS TCP ip spoofing - no routing entry [TCP | UDP | IGMP | ESP | GRE | OSPF] ip spoofing - no routing entry ICMP (type:%d, code:%d) vulnerability ICMP...
Page 243
Table 100 IKE Logs (continued) LOG MESSAGE Verifying Local ID failed: IKE Packet Retransmit Failed to send IKE Packet Too many errors! Deleting SA Phase 1 IKE SA process done Duplicate requests with the same cookie IKE Negotiation is in process The router has already started negotiating with the peer for No proposal chosen Local / remote IPs of incoming request conflict...
Page 244
Chapter 21 Logs Table 100 IKE Logs (continued) LOG MESSAGE No known phase 1 ID type found ID type mismatch. Local / Peer: <Local ID type/Peer ID type> ID content mismatch Configured Peer ID Content: <Configured Peer ID Content> Incoming ID Content: <Incoming Peer ID Content>...
Table 100 IKE Logs (continued) LOG MESSAGE Rule [%d] Phase 1 ID mismatch The listed rule’s IKE phase 1 ID did not match between the Rule [%d] Phase 1 hash mismatch Rule [%d] Phase 1 preshared key mismatch Rule [%d] Tunnel built successfully Rule [%d] Peer's public key not found...
Chapter 21 Logs Table 101 PKI Logs (continued) LOG MESSAGE Rcvd user cert: <subject name> Rcvd CRL <size>: <issuer name> Rcvd ARL <size>: <issuer name> Failed to decode the received ca cert Failed to decode the received user cert Failed to decode the received CRL Failed to decode the received ARL...
Table 102 802.1X Logs (continued) LOG MESSAGE User logout because of user deassociation. User logout because of no authentication response from user. User logout because of idle timeout expired. User logout because of user request. Local User Database does not support authentication method.
Chapter 21 Logs Table 104 ICMP Notes (continued) TYPE CODE Table 105 Syslog Logs LOG MESSAGE <Facility*8 + Severity>Mon dd hr:mm:ss hostname src="<srcIP:srcPort>" dst="<dstIP:dstPort>" msg="<msg>" note="<note>" devID="<mac address last three numbers>" cat="<category> DESCRIPTION Source route failed Source Quench A gateway may discard internet datagrams if it does not have the buffer space needed to queue the datagrams for output to the next network on the route to the destination network.
The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC for detailed information on each type. Table 106 RFC-2408 ISAKMP Payload Types LOG DISPLAY PROP TRANS CER_REQ HASH NONCE NOTFY NBG420N User’s Guide PAYLOAD TYPE Security Association Proposal...
H A P T E R This chapter shows you how to upload a new firmware, upload or save backup configuration files and restart the NBG420N. 22.1 Firmware Upload Screen Find firmware at www.zyxel.com “*.bin” extension, e.g., “NBG420N.bin”. The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes.
Chapter 22 Tools Figure 150 Upload Warning The NBG420N automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 151 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen. If the upload was not successful, the following screen will appear.
Figure 153 Maintenance > Tools > Configuration 22.2.1 Backup Configuration Backup configuration allows you to back up (save) the NBG420N’s current configuration to a file on your computer. Once your NBG420N is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes.
Chapter 22 Tools Figure 154 Configuration Restore Successful The NBG420N automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 155 Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default NBG420N IP address (192.168.1.1).
Click Maintenance > Tools > Restart. Click Restart to have the NBG420N reboot. This does not affect the NBG420N's configuration. Figure 157 Maintenance > Tools > Restart 22.4 Wake On LAN Wake On LAN (WoL) allows you to remotely turn on a device on the network. To use this feature the remote hardware (for example the network adapter on your computer) must support Wake On LAN using the “Magic Packet”...
H A P T E R Click Maintenance > Config Mode to open the following screen. This screen allows you to hide or display the advanced screens of some features or the advanced features, such as MAC filter or static route. Basic is selected by default and you cannot see the advanced screens or features.
Chapter 23 Configuration Mode Table 111 Advanced Configuration Options CATEGORY Network Security Management Maintenance In AP Mode many screens will not be available. See more information. LINK Wireless LAN MAC Filter Advanced Scheduling Advanced IP Alias Advanced DHCP Server Advanced Advanced Firewall Services...
H A P T E R 24.1 Overview The Sys Op Mode (System Operation Mode) function lets you configure whether your NBG420N is a router or AP. You can choose between Router Mode and AP Mode depending on your network topology and the features you require from your device. See page 31 for more information on which mode to choose.
Chapter 24 Sys Op Mode Figure 161 IP Address in AP Mode 24.2 Selecting System Operation Mode Use this screen to select how you connect to the Internet. Figure 162 Maintenance > Sys OP Mode > General If you select Router Mode, the following pop-up message window appears. Figure 163 Maintenance >...
Figure 164 Maintenance > Sys Op Mode > General: AP • In AP Mode all Ethernet ports have the same IP address. • All ports on the rear panel of the device are LAN ports, including the port labeled WAN. There is no WAN port.
Page 262
Chapter 24 Sys Op Mode NBG420N User’s Guide...
H A P T E R Use this screen to change the language for the web configurator display. 25.1 Language Screen Click the language you prefer. The web configurator language changes after a while without restarting the NBG420N. Figure 165 Language NBG420N User’s Guide Language...
Page 264
Chapter 25 Language NBG420N User’s Guide...
H A P T E R This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • NBG420N Access and Login • Internet Access •...
Chapter 26 Troubleshooting 26.2 NBG420N Access and Login I don’t know the IP address of my NBG420N. 1 The default IP address is 192.168.1.1. 2 If you changed the IP address and have forgotten it, you might get the IP address of the NBG420N by looking up the IP address of the default gateway for your computer.
Page 267
2 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide. 3 Make sure your Internet browser does not block pop-up windows and has JavaScripts and Java enabled. See 4 Make sure your computer is in the same subnet as the NBG420N. (If you know that there are routers between your computer and the NBG420N, skip this step.) •...
Chapter 26 Troubleshooting See the troubleshooting suggestions for configurator. Ignore the suggestions about your browser. 26.3 Internet Access I cannot access the Internet. 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide. 2 Make sure you entered your ISP account information correctly in the wizard.
interfering with the wireless network (for example, microwaves, other wireless networks, and so on). 3 Reboot the NBG420N. 4 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions • Check the settings for bandwidth management. If it is disabled, you might consider activating it.
Chapter 26 Troubleshooting 4 Make sure your computer (with a wireless adapter installed) is within the transmission range of the NBG420N. 5 Check that both the NBG420N and your wireless station are using the same wireless and wireless security settings. 6 Make sure traffic between the WLAN and the LAN is not blocked by the firewall on the NBG420N.
Appendices and Index Product Specifications and Wall-Mounting Instructions (273) Pop-up Windows, JavaScripts and Java Permissions (279) IP Addresses and Subnetting (285) Setting up Your Computer’s IP Address (293) Wireless LANs (309) Services (321) Legal Information (325) Customer Support (329) Index (335)
P P E N D I X Product Specifications and Wall- Mounting Instructions The following tables summarize the NBG420N’s hardware and firmware features. Table 113 Hardware Features Dimensions (W x D x H) Weight Power Specification Ethernet ports 4-5 Port Switch LEDs Reset Button WPS button...
Appendix A Product Specifications and Wall-Mounting Instructions Table 114 Firmware Features FEATURE Default IP Address Default Subnet Mask Default Password DHCP Pool Wireless Interface Default Wireless SSID Default Wireless IP Address Wireless LAN: Same as LAN (192.168.1.1) Default Wireless Subnet Mask Default Wireless DHCP Pool Size...
Table 114 Firmware Features FEATURE IPSec VPN Bandwidth Management Wireless LAN Scheduler Time and Date Port Forwarding DHCP (Dynamic Host Configuration Protocol) Dynamic DNS Support IP Multicast IP Alias Logging and Tracing PPPoE PPTP Encapsulation Universal Plug and Play (UPnP) Table 115 Feature Specifications FEATURE Number of Static Routes...
Appendix A Product Specifications and Wall-Mounting Instructions The following list, which is not exhaustive, illustrates the standards supported in the NBG420N. Table 116 Standards Supported STANDARD RFC 867 RFC 868 RFC 1058 RFC 1112 RFC 1305 RFC 1631 RFC 1723 RFC 2236 RFC 2516 RFC 2766...
Be careful to avoid damaging pipes or cables located inside the wall when drilling holes for the screws. 3 Do not screw the screws all the way into the wall. Leave a small gap of about 0.5 cm between the heads of the screws and the wall. 4 Make sure the screws are snugly fastened to the wall.
P P E N D I X Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Internet Explorer 6 screens are used here.
Appendix B Pop-up Windows, JavaScripts and Java Permissions 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 169 Internet Options: Privacy 3 Click Apply to save this setting. Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps.
Figure 170 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 171 Pop-up Blocker Settings NBG420N User’s Guide Appendix B Pop-up Windows, JavaScripts and Java Permissions...
Appendix B Pop-up Windows, JavaScripts and Java Permissions 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.
Figure 173 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window.
Appendix B Pop-up Windows, JavaScripts and Java Permissions JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Figure 175 Java (Sun) NBG420N User’s Guide...
P P E N D I X IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network.
Appendix C IP Addresses and Subnetting Figure 176 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation).
Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Table 118 Subnet Masks BINARY OCTET 8-bit mask 11111111 16-bit mask 11111111 24-bit mask 11111111...
Appendix C IP Addresses and Subnetting Table 120 Alternative Subnet Mask Notation (continued) SUBNET MASK 255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.248 255.255.255.252 Subnetting You can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons.
Figure 178 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 2 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address).
Table 125 Eight Subnets (continued) SUBNET SUBNET ADDRESS Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 126 24-bit Network Number Subnet Planning NO. “BORROWED” HOST BITS The following table is a summary for subnet planning on a network with a 16-bit network number.
Appendix C IP Addresses and Subnetting Table 127 16-bit Network Number Subnet Planning (continued) NO. “BORROWED” HOST BITS Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
P P E N D I X Setting up Your Computer’s IP All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer.
Appendix D Setting up Your Computer’s IP Address Figure 179 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • If your IP address is dynamic, select Obtain an IP address automatically. • If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields.
Appendix D Setting up Your Computer’s IP Address Figure 181 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window.
Figure 182 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 183 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. NBG420N User’s Guide Appendix D Setting up Your Computer’s IP Address...
Appendix D Setting up Your Computer’s IP Address Figure 184 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 185 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Figure 186 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
Appendix D Setting up Your Computer’s IP Address Figure 187 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
Figure 188 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT).
Appendix D Setting up Your Computer’s IP Address Figure 189 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 190 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: NBG420N User’s Guide...
• From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your Prestige in the Router address box. 5 Close the TCP/IP Control Panel.
Appendix D Setting up Your Computer’s IP Address Figure 192 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. •...
Make sure you are logged in as the root administrator. Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. 1 Click the Red Hat button (located on the bottom left corner), select System Setting and click Network.
Appendix D Setting up Your Computer’s IP Address Figure 194 Red Hat 9.0: KDE: Ethernet Device: General • If you have a dynamic IP address click Automatically obtain IP address settings with and select dhcp from the drop down list. •...
Figure 196 Red Hat 9.0: KDE: Network Configuration: Activate 7 After the network card restart process is complete, make sure the Status is Active in the Network Configuration screen. Using Configuration Files Follow the steps below to edit the network configuration files and set your computer IP address.
Appendix D Setting up Your Computer’s IP Address 2 If you know your DNS server IP address(es), enter the DNS server information in the resolv.conf two DNS server IP addresses are specified. Figure 199 Red Hat 9.0: DNS Settings in resolv.conf nameserver 172.23.5.1 nameserver 172.23.5.2 3 After you edit and save the configuration files, you must restart the network card.
P P E N D I X Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an Ad-hoc network or Independent Basic Service Set (IBSS).
Appendix E Wireless LANs Figure 203 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN.
Figure 204 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference.
Appendix E Wireless LANs Figure 205 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Preamble Type A preamble is used to synchronize the transmission timing in your wireless network.
Appendix E Wireless LANs • User based identification that allows for roaming. • Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and accounting management on a network RADIUS server. • Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional authentication methods to be deployed with no changes to the access point or the wireless stations.
In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password, they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is also encrypted to protect the network from unauthorized access.
Appendix E Wireless LANs PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication.
Page 317
Key differences between WPA(2) and WEP are improved data encryption and user authentication. Encryption Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. In addition to TKIP, WPA2 also uses Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption.
Appendix E Wireless LANs 26.6.2 WPA(2)-PSK Application Example A WPA(2)-PSK application looks as follows. 1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters (including spaces and symbols).
Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. MAC address filters are not dependent on how you configure these security features. Table 130 Wireless Security Relational Matrix AUTHENTICATION METHOD/ KEY MANAGEMENT PROTOCOL...
Page 320
Appendix E Wireless LANs NBG420N User’s Guide...
P P E N D I X The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like.
Appendix F Services Table 131 Examples of Services (continued) NAME H.323 HTTP HTTPS ICMP IGMP (MULTICAST) User-Defined IMAP4 IMAP4S MSN Messenger NetBIOS NEW-ICQ NEWS NNTP PING POP3 POP3S PPTP PROTOCOL PORT(S) DESCRIPTION 1720 NetMeeting uses this protocol. Hyper Text Transfer Protocol - a client/ server protocol for the world wide web.
Page 324
Appendix F Services Table 131 Examples of Services (continued) NAME TFTP VDOLIVE PROTOCOL PORT(S) DESCRIPTION Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). 7000 A videoconferencing solution.
ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved.
Page 326
Appendix G Legal Information If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures: 1 Reorient or relocate the receiving antenna.
3 Select the certification you wish to view from this page. ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever...
Page 328
Appendix G Legal Information NBG420N User’s Guide...
active protocol and encapsulation ActiveX address resolution protocol (ARP) and transport mode Alert alternative subnet mask notation any IP note AP (Access Point) AP Mode menu overview status screen AP network Asymmetrical routes and IP alias see also triangle routes authentication algorithms 185, 190 and active protocol...
Page 336
Index DNS server see also Domain name system DNS (Domain Name System) DNS Server For VPN Host DNS server Domain name vs host name. see also system name Domain Name System duplex setting 42, 68 Dynamic DNS Dynamic Host Configuration Protocol Dynamic WEP Key Exchange DynDNS Wildcard EAP Authentication...
Page 337
SA life time IKE SA. See also VPN. Independent Basic Service Set Install UPnP Windows Me Windows XP Internet Assigned Numbers Authority See IANA Internet connection Ethernet PPPoE. see also PPP over Ethernet PPTP WAN connection Internet connection wizard Internet Group Multicast Protocol Internet Protocol Security.
Page 338
Index and VPN overview port forwarding see also Network Address Translation server sets NAT session NAT Traversal NAT traversal Navigation Panel 42, 68 navigation panel 42, 68 NetBIOS 125, 132 see also Network Basic Input/Output System Network Address Translation 137, 139 Network Basic Input/Output System Operating Channel 41, 67...
Page 339
Scheduling security associations. See VPN. Security Parameters Service and port numbers Service Set Service Set IDentification Service Set IDentity. See SSID. services and port numbers and protocols Session Initiated Protocol Simple Mail Transfer Protocol SMTP SNMP SSID 41, 67, 89, 95 Static DHCP Static Route Status...
Page 340
Index Overview Web configurator navigating web configurator Web Proxy WEP Encryption WEP encryption WEP key Wi-Fi Multimedia QoS Wildcard Windows Networking Wireless association list wireless channel wireless LAN wireless LAN scheduling Wireless LAN wizard Wireless network basic guidelines channel encryption example MAC address filter overview...