ZyXEL Communications NBG-318S - V3.60 User Manual

Powerline ethernet series

Table of Contents

Quick Links

Download this manual

NBG318S Series

Powerline Ethernet Series

User's Guide

Version 3.60

1/2008

Edition 3

DEFAULT LOGIN

IP Address http://192.168.1.1

Password

1234

www.zyxel.com

Table of Contents

Troubleshooting

Summary of Contents for ZyXEL Communications NBG-318S - V3.60

Page 1 NBG318S Series Powerline Ethernet Series User’s Guide Version 3.60 1/2008 Edition 3 DEFAULT LOGIN IP Address http://192.168.1.1 Password 1234 www.zyxel.com...
Page 3: About This User's Guide
• Supporting Disk Refer to the included CD for support documents. • ZyXEL Web Site Please refer to www.zyxel.com for additional support documentation and product certifications. User Guide Feedback Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead.
Page 4: Document Conventions
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. Warnings tell you about things that could harm you or your device. Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.
Page 5 Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The NBG318S icon is not an exact representation of your device. NBG318S Computer Notebook computer Server DSLAM Firewall Telephone Switch Router Modem NBG318S User’s Guide...
Page 6: Safety Warnings
Safety Warnings Safety Warnings For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. •...
Page 7 Safety Warnings NBG318S User’s Guide...
Page 8 Safety Warnings NBG318S User’s Guide...
Page 9: Table Of Contents
Table of Contents Table of Contents About This User's Guide ......................3 Document Conventions......................4 Safety Warnings........................6 Table of Contents........................9 Contents Overview ......................... 17 List of Figures ......................... 19 List of Tables........................... 25 Part I: Introduction................. 29 Chapter 1 Getting to Know Your NBG318S....................
Page 10 Table of Contents Chapter 4 Introducing the Web Configurator ..................43 4.1 Web Configurator Overview ....................43 4.2 Accessing the Web Configurator ..................43 4.3 Resetting the NBG318S ...................... 45 4.3.1 Procedure to Use the Reset Button ................45 4.4 Navigating the Web Configurator ..................
Page 11 Table of Contents 6.3 Configuring the Wireless Client ................... 75 6.3.1 Connecting to a Wireless LAN ................... 75 Part II: Network..................79 Chapter 7 Wireless LAN........................... 81 7.1 Wireless Network Overview ....................81 7.2 Wireless Security Overview ....................82 7.2.1 SSID ........................... 82 7.2.2 MAC Address Filter ....................
Page 12 Table of Contents Chapter 9 LAN............................115 9.1 LAN Overview ........................115 9.1.1 IP Pool Setup ......................115 9.1.2 System DNS Servers ....................115 9.2 LAN TCP/IP ........................115 9.2.1 Factory LAN Defaults ....................115 9.2.2 IP Address and Subnet Mask ..................116 9.2.3 Multicast ........................116 9.2.4 Any IP ........................116 9.3 LAN IP Screen ........................118 9.4 LAN IP Alias ........................118...
Page 13 13.2 Dynamic DNS Screen ....................145 Part III: Security..................149 Chapter 14 Firewall........................... 151 14.1 Introduction to ZyXEL’s Firewall ..................151 14.1.1 What is a Firewall? ....................151 14.1.2 Stateful Inspection Firewall ..................151 14.1.3 About the NBG318S Firewall ................. 151 14.1.4 Guidelines For Enhancing Security With Your Firewall ..........
Page 14 19.1.1 How do I know if I'm using UPnP? ................. 183 19.1.2 NAT Traversal ......................183 19.1.3 Cautions with UPnP ....................183 19.2 UPnP and ZyXEL ......................184 19.3 UPnP Screen ........................184 19.4 Installing UPnP in Windows Example ................185...
Page 15 Table of Contents Part V: Maintenance and Troubleshooting ........195 Chapter 20 System ........................... 197 20.1 System Overview ......................197 20.2 System General Screen ....................197 20.3 Time Setting Screen ......................198 Chapter 21 Logs ............................201 21.1 View Log ......................... 201 21.2 Log Settings ........................
Page 16 Table of Contents 26.8 Advanced Features ......................236 Part VI: Appendices and Index ............237 Appendix A Product Specifications and Wall-Mounting Instructions ........239 Appendix B Pop-up Windows, JavaScripts and Java Permissions ........245 Appendix C IP Addresses and Subnetting ................251 Appendix D Setting up Your Computer’s IP Address ............
Page 17: Contents Overview
Contents Overview Contents Overview Introduction ..........................29 Getting to Know Your NBG318S ....................31 The WPS Button ........................37 ..............................37 The ENCRYPT Button ....................... 39 Introducing the Web Configurator ....................43 Connection Wizard ........................55 Tutorial ............................73 Network ........................... 79 Wireless LAN ..........................
Page 18 Contents Overview NBG318S User’s Guide...
Page 19: List Of Figures
Figure 35 Network > Wireless LAN > General ..................74 Figure 36 Network > Wireless LAN > General ..................74 Figure 37 AP: Status: WLAN Station Status ................... 75 Figure 38 ZyXEL Utility: Security Settings ..................... 76 NBG318S User’s Guide...
Page 20 List of Figures Figure 39 ZyXEL Utility: Confirm Save ....................77 Figure 40 ZyXEL Utility: Link Info ......................77 Figure 41 Example of a Wireless Network ..................... 81 Figure 42 How WPS works ........................87 Figure 43 WPS: Example Network Step 1 ....................88 Figure 44 WPS: Example Network Step 2 ....................
Page 21 List of Figures Figure 82 Using IP Alias to Solve the Triangle Route Problem ............153 Figure 83 Security > Firewall > General l ..................... 153 Figure 84 Security > Firewall > Services ..................... 154 Figure 85 Security > Content Filter > Filter ..................158 Figure 86 Security >...
Page 22 List of Figures Figure 125 Configuration Restore Successful ..................218 Figure 126 Temporarily Disconnected ....................218 Figure 127 Configuration Restore Error ....................218 Figure 128 Maintenance > Tools > Restart ..................219 Figure 129 Maintenance > Config Mode > General ................221 Figure 130 Maintenance >...
Page 23 List of Figures Figure 168 Red Hat 9.0: DNS Settings in resolv.conf ................ 274 Figure 169 Red Hat 9.0: Restart Ethernet Card .................. 274 Figure 170 Red Hat 9.0: Checking TCP/IP Properties ................ 274 Figure 171 Peer-to-Peer Communication in an Ad-hoc Network ............275 Figure 172 Basic Service Set .......................
Page 24 List of Figures NBG318S User’s Guide...
Page 25: List Of Tables
List of Tables List of Tables Table 1 NBG318S Front Panel LEDs ....................33 Table 2 NBG318S v2 Front Panel LEDs ....................34 Table 3 Time ENCRYPT Button is Pressed and Action ................. 42 Table 4 Status Screen Icon Key ......................46 Table 5 Web Configurator Status Screen ...................
Page 26 List of Tables Table 39 Network > WAN > Internet Connection: PPTP Encapsulation ..........112 Table 40 WAN > Advanced ........................114 Table 41 Network > LAN > IP .......................118 Table 42 Network > LAN > IP Alias ......................119 Table 43 Network > LAN > Advanced ....................120 Table 44 Network >...
Page 27 List of Tables Table 82 TCP Reset Logs ........................206 Table 83 Packet Filter Logs ......................... 207 Table 84 ICMP Logs ..........................207 Table 85 CDR Logs ..........................208 Table 86 PPP Logs ..........................208 Table 87 UPnP Logs ..........................208 Table 88 Content Filtering Logs ......................
Page 28 List of Tables NBG318S User’s Guide...
Page 29: Part I Introduction
Introduction Getting to Know Your NBG318S (31) The WPS Button (37) The ENCRYPT Button (39) Introducing the Web Configurator (43) Connection Wizard (55) Tutorial (73)
Page 31: Getting To Know Your Nbg318S
H A P T E R Getting to Know Your NBG318S This chapter introduces the main features and applications of the NBG318S. 1.1 Overview The NBG318S is the ideal secure HomePlug AV wireless firewall router for all data passing between the Internet and your local network. 1.1.1 Secure Broadband Internet Access Connect a broadband modem to your NBG318S for shared Internet access protected by firewall and content filtering.
Page 32: Homeplug Av
Chapter 1 Getting to Know Your NBG318S Figure 2 WLAN Application Example 1.1.3 HomePlug AV Connect to other HomePlug AV compatible devices through your home electrical wiring. A HomePlug AV network is capable of up to 200Mbps data transfer without the need for network cables.
Page 33: Good Habits For Managing The Nbg318S
Chapter 1 Getting to Know Your NBG318S • ENCRYPT: You can use the ENCRYPT button to set up a powerline network with your NBG318S. • Web Configurator. This is recommended for everyday management of the NBG318S using a (supported) web browser. •...
Page 34: Table 2 Nbg318S V2 Front Panel Leds
Chapter 1 Getting to Know Your NBG318S Table 1 NBG318S Front Panel LEDs (continued) ICON COLOR STATUS DESCRIPTION HomePlug Green The NBG318S has a successful HomePlug AV connection. Blinking The NBG318S is sending/receiving data. The HomePlug AV connection is not ready, or failed. Green The NBG318S has a successful WAN connection.
Page 35 Chapter 1 Getting to Know Your NBG318S Table 2 NBG318S v2 Front Panel LEDs (continued) ICON COLOR STATUS DESCRIPTION HomePlug Green The NBG318S v2 has a successful HomePlug AV connection at 40 Mbps. Blinking The NBG318S v2 is sending/receiving data at over 40 Mbps.
Page 36 Chapter 1 Getting to Know Your NBG318S NBG318S User’s Guide...
Page 37: Chapter 2 The Wps Button
H A P T E R The WPS Button 2.1 Overview Your NBG318S supports WiFi Protected Setup (WPS), which is an easy way to set up a secure wireless network. WPS is an industry standard specification, defined by the WiFi Alliance. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually.
Page 38 Chapter 2 NBG318S User’s Guide...
Page 39: Chapter 3 The Encrypt Button
H A P T E R The ENCRYPT Button Use the ENCRYPT button to automatically set up a secure powerline connection between your powerline devices. 3.1 ENCRYPT Button Overview The ENCRYPT button allows you to set up a secure powerline connection with other HomePlug AV compliant powerline devices which also support the ENCRYPT feature.
Page 40: Figure 5 Encrypt Connection Procedure
Chapter 3 The ENCRYPT Button Figure 5 ENCRYPT Connection Procedure press 2 seconds press 2 seconds within 2 minutes 5 Repeat step in this section for the other powerline device you wish to connect. This must be done within 120 seconds of pressing the ENCRYPT button on the NBG318S. 6 Check the lights on the two powerline devices.
Page 41: Setting Up Multiple Networks
Chapter 3 The ENCRYPT Button 9 If you disconnected your computer or modem (or any other networking product connected to your powerline device) in step of this section, you can now reconnect them. This sets up your powerline network between your powerline devices. 3.3 Setting Up Multiple Networks You can use the ENCRYPT button to set up multiple powerline networks using your existing powerline network.
Page 42: Encrypt Button Behavior
Chapter 3 The ENCRYPT Button Figure 8 Two Separate Powerline Networks Congratulations. You now have two separate powerline networks as shown above. If the HomePlug ( ) lights on both powerline devices do not light up, the powerline devices are not connected. Repeat the connection process, making certain you press the ENCRYPT buttons for the correct time and within two minutes of each other.
Page 43: Introducing The Web Configurator
H A P T E R Introducing the Web Configurator This chapter describes how to access the NBG318S web configurator and provides an overview of its screens. 4.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy setup and management of the NBG318S via Internet browser.
Page 44: Figure 9 Change Password Screen
Chapter 4 Introducing the Web Configurator Figure 9 Change Password Screen The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the NBG318S if this happens. 6 Select the setup mode you want to use.
Page 45: Resetting The Nbg318S
Chapter 4 Introducing the Web Configurator 4.3 Resetting the NBG318S If you forget your password or cannot access the web configurator, you will need to use the RESET button at the back of the NBG318S to reload the factory-default configuration file. This means that you will lose all configurations that you had previously saved, and the password will be reset to “1234”.
Page 46: Figure 10 Web Configurator Status Screen
Chapter 4 Introducing the Web Configurator Figure 10 Web Configurator Status Screen The following table describes the icons shown in the Status screen. Table 4 Status Screen Icon Key ICON DESCRIPTION Click this icon to open the setup wizard. Click this icon to view copyright and a link for related product information. Click this icon at any time to exit the web configurator.
Page 47 This shows what percentage of the heap memory the NBG318S is using. Heap memory refers to the memory that is not used by ZyNOS (ZyXEL Network Operating System) and is thus available for running processes like NAT and the firewall.
Page 48: Navigation Panel
Chapter 4 Introducing the Web Configurator Table 5 Web Configurator Status Screen (continued) LABEL DESCRIPTION - Configuration Mode This shows whether the advanced screens of each feature are turned on (Advanced) or not (Basic). Interface Status Interface This displays the NBG318S port types. The port types are: WAN, LAN, WLAN and HomePlug AV.
Page 49 Chapter 4 Introducing the Web Configurator Table 6 Screens Summary LINK FUNCTION Wireless General Use this screen to configure wireless LAN. MAC Filter Use the MAC filter screen to configure the NBG318S to block access to devices or block the devices from accessing the NBG318S.
Page 50: Summary: Any Ip Table
Chapter 4 Introducing the Web Configurator Table 6 Screens Summary LINK FUNCTION Remote Use this screen to configure through which interface(s) and from MGMT which IP address(es) users can use HTTP to manage the NBG318S. Telnet Use this screen to configure through which interface(s) and from which IP address(es) users can use Telnet to manage the NBG318S.
Page 51: Summary: Bandwidth Management Monitor
Chapter 4 Introducing the Web Configurator 4.4.4 Summary: Bandwidth Management Monitor Select the BW MGMT Monitor (Details...) hyperlink in Status screen. View the bandwidth usage of the WAN configured bandwidth rules. This is also shown as bandwidth usage over the bandwidth budget for each rule. The gray section of the bar represents the percentage of unused bandwidth and the blue color represents the percentage of bandwidth in use.
Page 52: Summary: Packet Statistics
Chapter 4 Introducing the Web Configurator Table 7 Summary: DHCP Table (continued) LABEL DESCRIPTION MAC Address This field shows the MAC address of the computer with the name in the Host Name field. Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
Page 53: Summary: Wireless Station Status
Chapter 4 Introducing the Web Configurator Table 8 Summary: Packet Statistics LABEL DESCRIPTION Poll Interval(s) Enter the time interval for refreshing statistics in this field. Set Interval Click this button to apply the new poll interval you entered in the Poll Interval(s) field.
Page 54: Table 10 Summary: My Homeplug Network
Chapter 4 Introducing the Web Configurator The following table describes the labels in this screen. Table 10 Summary: My Homeplug Network LABEL DESCRIPTION Site Your NBG318S is the Local device. All other devices on your network will be Remote. MAC Address This field displays the MAC address of a HomePlug AV device detected by your NBG318S.
Page 55: Chapter 5 Connection Wizard
H A P T E R Connection Wizard This chapter provides information on the wizard setup screens in the web configurator. 5.1 Wizard Setup The web configurator’s wizard setup helps you configure your device to access the Internet. Leave a field blank if you don’t have that information. You can access the Wizard by clicking the Wizard icon in the web configurator or when you first log in as follows.
Page 56: Connection Wizard: Step 1: System Information
Chapter 5 Connection Wizard Figure 18 Select a Language 4 Read the on-screen information and click Next. Figure 19 Welcome to the Connection Wizard 5.2 Connection Wizard: STEP 1: System Information System Information contains administrative and system-related information. 5.2.1 System Name System Name is for identification purposes.
Page 57: Domain Name
Chapter 5 Connection Wizard 5.2.2 Domain Name The Domain Name entry is what is propagated to the DHCP clients on the LAN. If you leave this blank, the domain name obtained by DHCP from the ISP is used. While you must enter the host name (System Name) on each individual computer, the domain name can be assigned from the NBG318S via DHCP.
Page 58: Figure 21 Wizard Step 2: Wireless Lan
Chapter 5 Connection Wizard Figure 21 Wizard Step 2: Wireless LAN The following table describes the labels in this screen. Table 12 Wizard Step 2: Wireless LAN LABEL DESCRIPTION Name (SSID) Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN.
Page 59: Auto Security
Chapter 5 Connection Wizard 5.3.1 Auto Security Choose Auto to automatically generate a WPA-PSK pre-shared key. A window appears displaying the key. Make sure you write down the key! You will need it later to connect other wireless devices to your network. Figure 22 Popup Pre-Shared Key 5.3.2 Basic (WEP) Security Choose Basic (WEP) to set up WEP Encryption parameters.
Page 60: Figure 23 Wizard Step 2: Basic (Wep) Security
Chapter 5 Connection Wizard Figure 23 Wizard Step 2: Basic (WEP) Security The following table describes the labels in this screen. Table 13 Wizard Step 2: Basic (WEP) Security LABEL DESCRIPTION Passphrase Type a Passphrase (up to 32 printable characters) and click Generate. The NBG318S automatically generates a WEP key.
Page 61: Extend (Wpa-Psk Or Wpa2-Psk) Security
Chapter 5 Connection Wizard 5.3.3 Extend (WPA-PSK or WPA2-PSK) Security Choose Extend (WPA-PSK) or Extend (WPA2-PSK) security in the Wireless LAN setup screen to set up a Pre-Shared Key. Figure 24 Wizard Step 2: Extend (WPA-PSK or WPA2-PSK) Security The following table describes the labels in this screen. Table 14 Wizard Step 2: Extend (WPA-PSK or WPA2-PSK) Security LABEL DESCRIPTION...
Page 62: Ethernet Connection
Chapter 5 Connection Wizard Figure 25 Wizard Step 3: ISP Parameters. The following table describes the labels in this screen, Table 15 Wizard Step 3: ISP Parameters CONNECTION TYPE DESCRIPTION Ethernet Select the Ethernet option when the WAN port is used as a regular Ethernet. PPPoE Select the PPP over Ethernet option for a dial-up connection.
Page 63: Pptp Connection
Chapter 5 Connection Wizard One of the benefits of PPPoE is the ability to let end users access one of multiple network services, a function known as dynamic service selection. This enables the service provider to easily create and offer new IP services for specific users. Operationally, PPPoE saves significant effort for both the subscriber and the ISP/carrier, as it requires no specific configuration of the broadband modem at the subscriber’s site.
Page 64: Figure 28 Wizard Step 3: Pptp Connection
Chapter 5 Connection Wizard The NBG318S supports one PPTP server connection at any given time. Figure 28 Wizard Step 3: PPTP Connection The following table describes the fields in this screen Table 17 Wizard Step 3: PPTP Connection LABEL DESCRIPTION ISP Parameters for Internet Access Connection Type Select PPTP from the drop-down list box.
Page 65: Your Ip Address
Chapter 5 Connection Wizard Table 17 Wizard Step 3: PPTP Connection LABEL DESCRIPTION Next Click Next to continue. Exit Click Exit to close the wizard screen without saving. 5.4.4 Your IP Address The following wizard screen allows you to assign a fixed IP address or give the NBG318S an automatically assigned IP address depending on your ISP.
Page 66: Ip Address And Subnet Mask
Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa, for instance, the IP address of www.zyxel.com is 204.217.0.2. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it.
Page 67: Wan Ip And Dns Server Address Assignment
Chapter 5 Connection Wizard 2 If the ISP did not give you DNS server information, leave the DNS Server fields set to 0.0.0.0 in the Wizard screen and/or set to From ISP in the WAN > Internet Connection screen for the ISP to dynamically assign the DNS server IP addresses. 5.4.8 WAN IP and DNS Server Address Assignment The following wizard screens allows you to assign a fixed WAN IP address and DNS server addresses.
Page 68: Wan Mac Address
Chapter 5 Connection Wizard The following table describes the labels in this screen Table 20 Wizard Step 3: WAN IP and DNS Server Addresses LABEL DESCRIPTION WAN IP Address Assignment My WAN IP Address Enter your WAN IP address in this field. The WAN IP address should be in the same subnet as your DSL/Cable modem or router.
Page 69: Connection Wizard: Step 4: Bandwidth Management
Chapter 5 Connection Wizard Figure 31 Wizard Step 3: WAN MAC Address The following table describes the fields in this screen. Table 22 Wizard Step 3: WAN MAC Address LABEL DESCRIPTION Factory Default Select Factory Default to use the factory assigned default MAC address. Clone the Select this option and enter the IP address of the computer on the LAN whose computer’s MAC...
Page 70: Connection Wizard Complete
Chapter 5 Connection Wizard The following fields describe the label in this screen. Table 23 Wizard Step 4: Bandwidth Management LABEL DESCRIPTION Enable BM for all traffic Select the check box to have the NBG318S apply bandwidth management automatically to traffic going out through the NBG318S’s WAN, LAN, HomePlug AV or WLAN port.
Page 71 Chapter 5 Connection Wizard Well done! You have successfully set up your NBG318S to operate on your network and access the Internet. NBG318S User’s Guide...
Page 72 Chapter 5 Connection Wizard NBG318S User’s Guide...
Page 73: Chapter 6 Tutorial
H A P T E R Tutorial This chapter gives you examples of how to set up a wireless access point and a wireless client for wireless communication using some example settings. 6.1 Example Parameters SSID SSID_Example3 Channel Security WPA-PSK (Pre-Shared Key: ThisismyWPA-PSKpre-sharedkey) 802.11 mode IEEE 802.11b/g...
Page 74: Figure 35 Network > Wireless Lan > General
Chapter 6 Tutorial Figure 35 Network > Wireless LAN > General 4 Make sure the Enable Wireless LAN check box is selected. 5 Enter SSID_Example3 as the SSID and select a channel. 6 Set security mode to WPA-PSK and enter ThisismyWPA-PSKpre-sharedkey in the Pre-Shared Key field.
Page 75: Configuring The Wireless Client
This section describes how to connect the wireless client to a network. 6.3.1 Connecting to a Wireless LAN The following sections show you how to join a wireless network using the ZyXEL utility, as in the following diagram. The wireless client is labelled C and the access point is labelled AP.
Page 76: Figure 38 Zyxel Utility: Security Settings
Chapter 6 Tutorial 1 Open the ZyXEL utility and click the Site Survey tab to open the screen shown next. 2 The wireless client automatically searches for available wireless networks. Click Scan if you want to search again. If no entry displays in the Available Network List, that means there is no wireless network available within range.
Page 77: Figure 39 Zyxel Utility: Confirm Save
Chapter 6 Tutorial Figure 39 ZyXEL Utility: Confirm Save 5 The ZyXEL utility returns to the Link Info screen while it connects to the wireless network using your settings. When the wireless link is established, the ZyXEL utility icon in the system tray turns green and the Link Info screen displays details of the active connection.
Page 78 Chapter 6 Tutorial NBG318S User’s Guide...
Page 79: Part Ii: Network
Network Wireless LAN (81) WAN (105) LAN (115) HomePlug AV (121) DHCP (131) Network Address Translation (NAT) (135) Dynamic DNS (145)
Page 81: Chapter 7 Wireless Lan
H A P T E R Wireless LAN This chapter discusses how to configure the wireless network settings in your NBG318S. See the appendices for more detailed information about wireless networks. 7.1 Wireless Network Overview The following figure provides an example of a wireless network. Figure 41 Example of a Wireless Network The wireless network is the part in the blue circle.
Page 82: Wireless Security Overview
Chapter 7 Wireless LAN • Every wireless client in the same wireless network must use security compatible with the Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network. 7.2 Wireless Security Overview The following sections introduce different types of wireless security you can set up in the wireless network.
Page 83: Encryption
Chapter 7 Wireless LAN If your AP does not provide a local user database and if you do not have a RADIUS server, you cannot set up user names and passwords for your users. Unauthorized devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network.
Page 84: Quality Of Service
Chapter 7 Wireless LAN When you select WPA2 or WPA2-PSK in your NBG318S, you can also select an option (WPA Compatible) to support WPA as well. In this case, if some wireless clients support WPA and some support WPA2, you should set up WPA2-PSK or WPA2 (depending on the type of wireless network login) and select the WPA Compatible option in the NBG318S.
Page 85: Wps Overview
Chapter 7 Wireless LAN 7.4 WPS Overview WPS allows you to quickly set up a secure network with other WPS enabled devices, much more easily than manually configuring wireless connections and security through a web configurator. Your NBG318S uses WPS to set up a secure connection with other WPS enabled wireless devices in two ways.
Page 86: How Wps Works
Chapter 7 Wireless LAN 5 On a computer connected to the wireless client, try logging into the NBG318S’s web configurator. If you can connect, WPS was successful. If you cannot connect, check the list of associated wireless clients in the AP’s configuration utility.
Page 87: Figure 42 How Wps Works
Chapter 7 Wireless LAN Figure 42 How WPS works ACTIVATE ACTIVATE WITHIN 2 MINUTES WPS HANDSHAKE ENROLLEE REGISTRAR SECURE TUNNEL SECURITY INFO COMMUNICATION The roles of registrar and enrollee last only as long as the WPS setup process is active (two minutes).
Page 88: Figure 43 Wps: Example Network Step 1
Chapter 7 Wireless LAN Figure 43 WPS: Example Network Step 1 ENROLLEE REGISTRAR SECURITY INFO CLIENT 1 In step 2, you add another wireless client to the network. You know that Client 1 supports registrar mode, but it is better to use AP1 for the WPS handshake with the new client since you must connect to the access point anyway in order to use the network.
Page 89: Limitations Of Wps
Chapter 7 Wireless LAN Figure 45 WPS: Example Network Step 3 EXISTING CONNECTION CLIENT 1 REGISTRAR CLIENT 2 ENROLLEE 7.4.3 Limitations of WPS WPS has some limitations of which you should be aware. • WPS works in Infrastructure networks only (where an AP and a wireless client communicate).
Page 90: General Wireless Lan Screen
Chapter 7 Wireless LAN 7.5 General Wireless LAN Screen If you are configuring the NBG318S from a computer connected to the wireless LAN and you change the NBG318S’s SSID, channel or security settings, you will lose your wireless connection when you press Apply to confirm.
Page 91: No Security
Chapter 7 Wireless LAN 7.5.1 No Security Select No Security to allow wireless stations to communicate with the access points without any data encryption. If you do not enable any wireless security on your NBG318S, your network is accessible to any wireless networking device that is within range. Figure 47 Network >...
Page 92: Figure 48 Network > Wireless Lan > General: Static Wep
Chapter 7 Wireless LAN If the WPS is enabled, WEP encryption is not available from the drop-down menu. Disable WPS for the WEP screen to appear. Figure 48 Network > Wireless LAN > General: Static WEP The following table describes the wireless LAN security labels in this screen. Table 28 Network >...
Page 93: Wpa-Psk/Wpa2-Psk
Chapter 7 Wireless LAN Table 28 Network > Wireless LAN > General: Static WEP LABEL DESCRIPTION Key 1 to Key 4 The WEP keys are used to encrypt data. Both the NBG318S and the wireless stations must use the same WEP key for data transmission. If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F").
Page 94: Wpa/Wpa2
Chapter 7 Wireless LAN Table 29 Network > Wireless LAN > General: WPA-PSK/WPA2-PSK LABEL DESCRIPTION ReAuthentication Specify how often wireless stations have to resend usernames and passwords in Timer (in order to stay connected. Enter a time interval between 10 and 9999 seconds. The seconds) default time interval is 1800 seconds (30 minutes).
Page 95: Figure 50 Network > Wireless Lan > General: Wpa/Wpa2
Chapter 7 Wireless LAN Figure 50 Network > Wireless LAN > General: WPA/WPA2 The following table describes the labels in this screen. Table 30 Network > Wireless LAN > General: WPA/WPA2 LABEL DESCRIPTION WPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field.
Page 96: Mac Filter
Chapter 7 Wireless LAN Table 30 Network > Wireless LAN > General: WPA/WPA2 LABEL DESCRIPTION Group Key Update The Group Key Update Timer is the rate at which the AP (if using WPA-PSK/ Timer WPA2-PSK key management) or RADIUS server (if using WPA/WPA2 key management) sends a new group key out to all clients.
Page 97: Wireless Lan Advanced Screen
Chapter 7 Wireless LAN Figure 51 Network > Wireless LAN > MAC Filter The following table describes the labels in this menu. Table 31 Network > Wireless LAN > MAC Filter LABEL DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering. Filter Action Define the filter action for the list of MAC addresses in the MAC Address table.
Page 98: Figure 52 Network > Wireless Lan > Advanced
Chapter 7 Wireless LAN Figure 52 Network > Wireless LAN > Advanced The following table describes the labels in this screen. Table 32 Network > Wireless LAN > Advanced LABEL DESCRIPTION Roaming Configuration Enable Select this option if your network environment has multiple APs and you want your Roaming wireless device to be able to access the network as you move between wireless networks.
Page 99: Quality Of Service (Qos) Screen
Chapter 7 Wireless LAN Table 32 Network > Wireless LAN > Advanced LABEL DESCRIPTION Super G Mode Use this field to enable or disable the Super G function. Super G mode is available only if you select 802.11g or 802.11b/g in the 802.11 Mode field. Super G provides higher data transmission rates than 802.11g.
Page 100: Application Priority Configuration
Chapter 7 Wireless LAN The following table describes the labels in this screen. Table 33 Network > Wireless LAN > QoS LABEL DESCRIPTION Enable WMM QoS Select this to turn on WMM QoS (Wireless MultiMedia Quality of Service). The NBG318S assigns priority to packets based on the 802.1q or DSCP information in their headers.
Page 101: Wps Screen
Chapter 7 Wireless LAN Figure 54 Network > Wireless LAN > QoS: Application Priority Configuration Appendix F on page 287 for a list of commonly-used services and destination ports. The following table describes the fields in this screen. Table 34 Network > Wireless LAN > QoS: Application Priority Configuration LABEL DESCRIPTION Application Priority Configuration...
Page 102: Figure 55 Network > Wireless > Wps
Chapter 7 Wireless LAN WPS allows you to quickly set up a secure network with other WPS enabled devices, much more easily than manually configuring wireless connections and security through a web configurator. Your NBG318S uses WPS to set up a secure connection with other WPS enabled wireless devices in two ways.
Page 103: Wps Station Screen
Chapter 7 Wireless LAN Table 35 Network > Wireless LAN > WPS LABEL DESCRIPTION Apply Click this to save your changes to the NBG318S. Refresh Click this to reload the information in this screen. 7.10 WPS Station Screen Use this screen to set up a WPS connection using the Push Button Configuration (PBC) method.
Page 104 Chapter 7 Wireless LAN NBG318S User’s Guide...
Page 105: Chapter 8 Wan
H A P T E R This chapter describes how to configure WAN settings. 8.1 WAN Overview See the chapter about the connection wizard for more information on the fields in the WAN screens. 8.2 WAN MAC Address The MAC address screen allows users to configure the WAN port's MAC address by either using the factory default or cloning the MAC address from a computer on your LAN.
Page 106: Internet Connection
Chapter 8 WAN The NBG318S supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP-v2). At start up, the NBG318S queries all directly connected networks to gather group membership. After that, the NBG318S periodically updates this information. IP multicasting can be enabled/disabled on the NBG318S LAN and/or WAN interfaces in the web configurator (LAN;...
Page 107: Table 37 Network > Wan > Internet Connection: Ethernet Encapsulation
Chapter 8 WAN The following table describes the labels in this screen. Table 37 Network > WAN > Internet Connection: Ethernet Encapsulation LABEL DESCRIPTION Encapsulation You must choose the Ethernet option when the WAN port is used as a regular Ethernet.
Page 108: Pppoe Encapsulation
Chapter 8 WAN Table 37 Network > WAN > Internet Connection: Ethernet Encapsulation LABEL DESCRIPTION Set WAN MAC Select this option and enter the MAC address you want to use. Address Apply Click Apply to save your changes back to the NBG318S. Reset Click Reset to begin configuring this screen afresh.
Page 109: Figure 58 Network > Wan > Internet Connection: Pppoe Encapsulation
Chapter 8 WAN Figure 58 Network > WAN > Internet Connection: PPPoE Encapsulation The following table describes the labels in this screen. Table 38 Network > WAN > Internet Connection: PPPoE Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation The PPP over Ethernet choice is for a dial-up connection using PPPoE.
Page 110: Pptp Encapsulation
Chapter 8 WAN Table 38 Network > WAN > Internet Connection: PPPoE Encapsulation LABEL DESCRIPTION Password Type the password associated with the user name above. Retype to Type your password again to make sure that you have entered is correctly. Confirm Nailed-Up Select Nailed-Up Connection if you do not want the connection to time out.
Page 111: Figure 59 Network > Wan > Internet Connection: Pptp Encapsulation
Chapter 8 WAN PPTP supports on-demand, multi-protocol and virtual private networking over public networks, such as the Internet. This screen displays when you select PPTP encapsulation. Figure 59 Network > WAN > Internet Connection: PPTP Encapsulation NBG318S User’s Guide...
Page 112: Table 39 Network > Wan > Internet Connection: Pptp Encapsulation
Chapter 8 WAN The following table describes the labels in this screen. Table 39 Network > WAN > Internet Connection: PPTP Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-based networks.
Page 113: Advanced Wan Screen
Chapter 8 WAN Table 39 Network > WAN > Internet Connection: PPTP Encapsulation LABEL DESCRIPTION First DNS Server Select From ISP if your ISP dynamically assigns DNS server information (and the NBG318S's WAN IP address). The field to the right displays the (read- Second DNS Server only) DNS server IP address that the ISP assigns.
Page 114: Table 40 Wan > Advanced
Chapter 8 WAN The following table describes the labels in this screen. Table 40 WAN > Advanced LABEL DESCRIPTION Multicast Setup Multicast Select IGMP V-1, IGMP V-2 or None. IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data.
Page 115: Chapter 9 Lan
H A P T E R This chapter describes how to configure LAN settings. 9.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building.
Page 116: Ip Address And Subnet Mask
Chapter 9 LAN 9.2.2 IP Address and Subnet Mask Refer to the IP address and subnet mask section in the Connection Wizard chapter for this information. 9.2.3 Multicast Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network).
Page 117: Figure 61 Any Ip Example
Chapter 9 LAN Figure 61 Any IP Example The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the NBG318S’s IP address. You must enable NAT to use the Any IP feature on the NBG318S.
Page 118: Lan Ip Screen
Chapter 9 LAN 9.3 LAN IP Screen Use this screen to change your basic LAN settings. Click Network > LAN. Figure 62 Network > LAN > IP The following table describes the labels in this screen. Table 41 Network > LAN > IP LABEL DESCRIPTION LAN TCP/IP...
Page 119: Advanced Lan Screen
Chapter 9 LAN Network > LAN > IP Alias Figure 63 The following table describes the labels in this screen. Table 42 Network > LAN > IP Alias LABEL DESCRIPTION IP Alias 1,2 Select the check box to configure another LAN network for the NBG318S. IP Address Enter the IP address of your NBG318S in dotted decimal notation.
Page 120: Table 43 Network > Lan > Advanced
Chapter 9 LAN The following table describes the labels in this screen. Table 43 Network > LAN > Advanced LABEL DESCRIPTION Multicast Select IGMP V-1 or IGMP V-2 or None. IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data.
Page 121: Chapter 10 Homeplug Av
H A P T E R HomePlug AV This chapter introduces the main applications and management of the powerline feature. 10.1 Overview The NBG318S is a HomePlug AV compliant powerline Ethernet adapter. The NBG318S and other HomePlug AV powerline adapters in your network communicate with each other by sending and receiving information over your home’s electrical wiring.
Page 122: Privacy And Powerline Adapters
In this User’s Guide the electrical wiring network may be referred to as the “powerline network”. Your NBG318S is only compatible with ZyXEL HomePlug AV products with the latest firmware. You can upgrade your other ZyXEL HomePlug AV products by downloading the latest firmware from the ZyXEL website (www.zyxel.com).
Page 123: Setting Up Multiple Powerline Networks
Chapter 10 HomePlug AV Figure 66 Powerline Network Scenario NMK1 NMK1 NMK2 NMK1 NMK1 NMK1 NMK2 NMK1 NMK1 NMK1 NMK2 NMK1 In both cases the powerline adapters reside on the same electrical circuit. In scenario A all the powerline adapters can communicate with each other. In scenario B only the adapters with the same NMK can receive and unscramble communication between each other.
Page 124: Configuring Your Homeplug Av Devices
Chapter 10 HomePlug AV Figure 67 Two Private Powerline Networks on One Circuit Password 1 Password 1 Password 2 Password 2 10.3 Configuring Your HomePlug AV Devices Click on Network > HomePlug to see the screen below. Use this screen to set up a HomePlug AV network and to check the status of HomePlug AV devices on your electrical circuit.
Page 125: Table 44 Network > Homeplug > Network Settings
Chapter 10 HomePlug AV The following table describes the labels in the screen. Table 44 Network > HomePlug > Network Settings LABEL DESCRIPTION Network Name This section lets you set the name of your network and to make it either public or private. The Network Name performs the same function as a network password.
Page 126: Homeplug Av Qos
Chapter 10 HomePlug AV LABEL DESCRIPTION Member Action This field shows the Edit icon and the Delete icon. Click on Edit to add a device to the network or to edit details such as the device’s Nickname. Click on Delete to remove the device from the network. If you want to set up a second network, remove the devices from My HomePlug Network that you want to keep in your first network before you set the new Network Name for the second network.
Page 127: Qos Based On Ip Or Mac Address
Chapter 10 HomePlug AV • You can configure your NBG318S to give priority to powerline network traffic depending on its destination (MAC Address or IP Port Number Priority). • You can also map the priority settings (VLAN or ToS priority settings) of traffic from outside your powerline network to priority settings for your powerline network (Priority Mapping).
Page 128: Qos Based On Traffic Type
Chapter 10 HomePlug AV Figure 70 Prioritized Traffic Between Your Home Powerline Network and the Internet Internet The following mappings are suggestions only. VLAN and ToS priority settings may not map exactly to Homeplug AV priority settings. Priority settings for VLAN Tags and ToS bits range from 0 to 7 with 7 as the highest.
Page 129: Figure 71 Network > Homeplug > Qos
Chapter 10 HomePlug AV IGMP is assigned highest priority as it controls multicast services such as IGMP managed Multicast Stream which allows streamed traffic such as video or VoIP. Unicast, Multicast/ Broadcast require less priority than the traffic that manages them. Select Network >...
Page 130 Chapter 10 HomePlug AV Table 48 Network > HomePlug > Edit LABEL DESCRIPTION Rule Name Type a descriptive name for a priority rule. You can enter up to 31 characters containing “0”~”9”, “a”~”z”, “A”~”Z”, “_” or -. Spaces are allowed. MAC Address Type the MAC (Media Access Control) address or IP address of a device on or IP Port...
Page 131: Chapter 11 Dhcp
H A P T E R DHCP 11.1 DHCP DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the NBG318S as a DHCP server or disable it. When configured as a server, the NBG318S provides the TCP/IP configuration for the clients.
Page 132: Dhcp Server Advanced Screen
Chapter 11 DHCP 11.3 DHCP Server Advanced Screen This screen allows you to assign IP addresses on the LAN to specific individual computers based on their MAC addresses. You can also use this screen to configure the DNS server information that the NBG318S sends to the DHCP clients. Every Ethernet device has a unique MAC (Media Access Control) address.
Page 133: Client List Screen
Chapter 11 DHCP Table 50 Network > DHCP Server > Advanced LABEL DESCRIPTION First DNS Server Select From ISP if your ISP dynamically assigns DNS server information (and the NBG318S's WAN IP address). The field to the right displays the (read-only) Second DNS DNS server IP address that the ISP assigns.
Page 134: Table 51 Network > Dhcp Server > Client List
Chapter 11 DHCP The following table describes the labels in this screen. Table 51 Network > DHCP Server > Client List LABEL DESCRIPTION This is the index number of the host computer. IP Address This field displays the IP address relative to the # field listed above. Host Name This field displays the computer host name.
Page 135: Network Address Translation (Nat)
H A P T E R Network Address Translation (NAT) This chapter discusses how to configure NAT on the NBG318S. 12.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet.
Page 136: Configuring Servers Behind Port Forwarding Example
Chapter 12 Network Address Translation (NAT) Many residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location.
Page 137: Nat Application Screen
Chapter 12 Network Address Translation (NAT) The following table describes the labels in this screen. Table 52 Network > NAT > General LABEL DESCRIPTION Enable Network Network Address Translation (NAT) allows the translation of an Internet protocol Address address used within one network (for example a private IP address used in a local Translation network) to a different IP address known within another network (for example a public IP address used on the Internet).
Page 138: Figure 77 Network > Nat > Application
Chapter 12 Network Address Translation (NAT) Figure 77 Network > NAT > Application The following table describes the labels in this screen. Table 53 NAT Application LABEL DESCRIPTION Game List Update A game list includes the pre-defined service name(s) and port number(s). You can edit and upload it to the NBG318S to replace the existing entries in the second field next to Service Name.
Page 139: Game List Example
Chapter 12 Network Address Translation (NAT) Table 53 NAT Application (continued) LABEL DESCRIPTION Port Type a port number(s) to be forwarded. To specify a range of ports, enter a hyphen (-) between the first port and the last port, such as 10-20. To specify two or more non-consecutive port numbers, separate them by a comma without spaces, such as 123,567.
Page 140: Trigger Port Forwarding
Chapter 12 Network Address Translation (NAT) Figure 78 Game List Example version=1 1;name=Battlefield 1942;port=14567,22000,23000-23009,27900,28900 2;name=Call of Duty;port=28960 3;name=Civilization IV;port=2056 4;name=Diablo I and II;port=6112-6119,4000 5;name=Doom 3;port=27666 6;name=F.E.A.R;port=27888 7;name=Final Fantasy XI;port=25,80,110,443,50000-65535 8;name=Guild Wars;port=6112,80 9;name=Half Life;port=6003,7002,27005,27010,27011,27015 10;name=Jedi Knight III: Jedi Academy;port=28060-28062,28070-28081 11;name=Need for Speed: Hot Pursuit 2;port=1230,8511- 8512,27900,28900,61200-61230 12;name=Neverwinter Nights;port=5120-5300,6500,27900,28900 13;name=Quake 2;port=27910...
Page 141: Two Points To Remember About Trigger Ports
Chapter 12 Network Address Translation (NAT) Figure 79 Trigger Port Forwarding Process: Example 1 Jane requests a file from the Real Audio server (port 7070). 2 Port 7070 is a “trigger” port and causes the NBG318S to record Jane’s computer IP address.
Page 142: Figure 80 Network > Nat > Advanced
Chapter 12 Network Address Translation (NAT) Figure 80 Network > NAT > Advanced The following table describes the labels in this screen. Table 54 Network > NAT > Advanced LABEL DESCRIPTION Max NAT/Firewall Type a number ranging from 1 to 2048 to limit the number of NAT/firewall sessions Session Per User that a host can create.
Page 143 Chapter 12 Network Address Translation (NAT) Table 54 Network > NAT > Advanced LABEL DESCRIPTION Incoming Incoming is a port (or a range of ports) that a server on the WAN uses when it sends out a particular service. The NBG318S forwards the traffic with this port (or range of ports) to the client computer on the LAN that requested the service.
Page 144 Chapter 12 Network Address Translation (NAT) NBG318S User’s Guide...
Page 145: Chapter 13 Dynamic Dns
H A P T E R Dynamic DNS 13.1 Dynamic DNS Introduction Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect.
Page 146: Figure 81 Dynamic Dns
Chapter 13 Dynamic DNS Figure 81 Dynamic DNS The following table describes the labels in this screen. Table 55 Dynamic DNS LABEL DESCRIPTION Enable Dynamic DNS Select this check box to use dynamic DNS. Service Provider Select the name of your Dynamic DNS service provider. Dynamic DNS Type If you have selected WWW.DynDNS.ORG as your DNS Service Provider, you can select the type of service that you are registered for.
Page 147 Chapter 13 Dynamic DNS Table 55 Dynamic DNS LABEL DESCRIPTION Use specified IP Type the IP address of the host name(s). Use this if you have a static IP Address address. Apply Click Apply to save your changes back to the NBG318S. Reset Click Reset to begin configuring this screen afresh.
Page 148 Chapter 13 Dynamic DNS NBG318S User’s Guide...
Page 149: Part Iii: Security
Security Firewall (151) Content Filtering (157)
Page 151: Chapter 14 Firewall
This chapter gives some background information on firewalls and explains how to get started with the NBG318S’s firewall. 14.1 Introduction to ZyXEL’s Firewall 14.1.1 What is a Firewall? Originally, the term “firewall” referred to a construction technique designed to prevent the spread of fire from one room to another.
Page 152: Guidelines For Enhancing Security With Your Firewall
Chapter 14 Firewall The NBG318S is installed between the LAN and a broadband modem connecting to the Internet. This allows it to act as a secure gateway for all data passing between the Internet and the LAN. The NBG318S has one Ethernet WAN port and four Ethernet LAN ports, which are used to physically separate the network into two areas.The WAN (Wide Area Network) port attaches to the broadband (cable or DSL) modem to the Internet.
Page 153: General Firewall Screen
Chapter 14 Firewall 1 A computer on the LAN initiates a connection by sending a SYN packet to a receiving server on the WAN. 2 The NBG318S reroutes the packet to Gateway A, which is in Subnet 2. 3 The reply from the WAN goes to the NBG318S. 4 The NBG318S then sends it to the computer on the LAN in Subnet 1.
Page 154: Services Screen
Chapter 14 Firewall Table 56 Security > Firewall > General LABEL DESCRIPTION Select whether to create a log for packets that are traveling in the selected direction when the packets are blocked or forwarded. To log packets related to firewall rules, make sure that Access Control under Log is selected in the Logs >...
Page 155 Chapter 14 Firewall Table 57 Security > Firewall > Services LABEL DESCRIPTION Do not respond to Select this option to prevent hackers from finding the NBG318S by probing for requests for unused ports. If you select this option, the NBG318S will not respond to port unauthorized request(s) for unused ports, thus leaving the unused ports and the NBG318S services...
Page 156 Chapter 14 Firewall NBG318S User’s Guide...
Page 157: Chapter 15 Content Filtering
H A P T E R Content Filtering This chapter provides a brief overview of content filtering using the embedded web GUI. 15.1 Introduction to Content Filtering Internet content filtering allows you to create and enforce Internet access policies tailored to your needs.
Page 158: Figure 85 Security > Content Filter > Filter
Chapter 15 Content Filtering Figure 85 Security > Content Filter > Filter The following table describes the labels in this screen. Table 58 Security > Content Filter > Filter LABEL DESCRIPTION Trusted Computer To enable this feature, type an IP address of any one of the computers in your IP Address network that you want to have as a trusted computer.
Page 159: Schedule
Chapter 15 Content Filtering Table 58 Security > Content Filter > Filter LABEL DESCRIPTION Keyword Type a keyword in this field. You may use any character (up to 64 characters). Wildcards are not allowed. You can also enter a numerical IP address. Keyword List This list displays the keywords already added.
Page 160: Customizing Keyword Blocking Url Checking
Full path URL checking has the NBG318S check the characters that come before the last slash in the URL. For example, with the URL www.zyxel.com.tw/news/pressroom.php, full path URL checking searches for keywords within www.zyxel.com.tw/news/. Use the ip urlfilter customize actionFlags 6 [disable | enable] command to extend (or not extend) the keyword blocking search to include the URL's full path.
Page 161: Part Iv: Management
Management Static Route Screens (163) Bandwidth Management (167) Remote Management (177) Universal Plug-and-Play (UPnP) (183)
Page 163: Chapter 16 Static Route Screens
H A P T E R Static Route Screens This chapter shows you how to configure static routes for your NBG318S. 16.1 Static Route Overview Each remote node specifies only the network to which the gateway is directly connected, and the NBG318S has no knowledge of the networks beyond.
Page 164: Static Route Setup Screen
Chapter 16 Static Route Screens Figure 88 Management > Static Route > IP Static Route The following table describes the labels in this screen. Table 60 Management > Static Route > IP Static Route LABEL DESCRIPTION This is the index number of an individual static route. The first entry is for the default route and not editable.
Page 165: Figure 89 Management > Static Route > Ip Static Route: Static Route Setup
Chapter 16 Static Route Screens Figure 89 Management > Static Route > IP Static Route: Static Route Setup The following table describes the labels in this screen. Table 61 Management > Static Route > IP Static Route: Static Route Setup LABEL DESCRIPTION Route Name...
Page 166 Chapter 16 Static Route Screens NBG318S User’s Guide...
Page 167: Chapter 17 Bandwidth Management
NBG318S’s bandwidth management logs. 17.1 Bandwidth Management Overview ZyXEL’s Bandwidth Management allows you to specify bandwidth management rules based on an application and/or subnet. You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth rules.
Page 168: Application And Subnet-Based Bandwidth Management
Chapter 17 Bandwidth Management The following figure shows LAN subnets. You could configure one bandwidth class for subnet A and another for subnet B. Figure 90 Subnet-based Bandwidth Management Example 17.4 Application and Subnet-based Bandwidth Management You could also create bandwidth classes based on a combination of a subnet and an application.
Page 169: Predefined Bandwidth Management Services
Chapter 17 Bandwidth Management Table 63 Bandwidth Management Priorities PRIORITY LEVELS: TRAFFIC WITH A HIGHER PRIORITY GETS THROUGH FASTER WHILE TRAFFIC WITH A LOWER PRIORITY IS DROPPED IF THE NETWORK IS CONGESTED. Typically used for “excellent effort” or better than best effort and would include important business traffic that can tolerate some delay.
Page 170: Services And Port Numbers
Chapter 17 Bandwidth Management 17.6.1 Services and Port Numbers The commonly used services and port numbers are shown in Appendix F on page 287. 17.6.2 Default Bandwidth Management Classes and Priorities If you enable bandwidth management but do not configure a rule for critical traffic like VoIP, the voice traffic may then get delayed due to insufficient bandwidth.
Page 171: Bandwidth Management Advanced Configuration
Chapter 17 Bandwidth Management The following table describes the labels in this screen. Table 66 Management > Bandwidth MGMT > General LABEL DESCRIPTION Enable Bandwidth Select this check box to have the NBG318S apply bandwidth management. Management Enable bandwidth management to give traffic that matches a bandwidth rule priority over traffic that does not match a bandwidth rule.
Page 172: Rule Configuration With The Pre-Defined Service
Chapter 17 Bandwidth Management The following table describes the labels in this screen. Table 67 Management > Bandwidth MGMT > Advanced LABEL DESCRIPTION Check my Click the Detection button to check the size of your upstream bandwidth. upstream bandwidth Upstream Enter the amount of bandwidth in kbps (2 to 100,000) that you want to allocate for Bandwidth (kbps) traffic.
Page 173: Rule Configuration With The User-Defined Service
Chapter 17 Bandwidth Management Figure 93 Management > Bandwidth MGMT > Advanced: Rule Configuration The following table describes the labels in this screen. Table 68 Management > Bandwidth MGMT > Advanced: Application Rule Configuration LABEL DESCRIPTION This is the number of an individual bandwidth management rule. Enable Select an interface’s check box to enable bandwidth management on that interface.
Page 174: Bandwidth Management Monitor
Chapter 17 Bandwidth Management Figure 94 Management > Bandwidth MGMT > Advanced: User-defined Service Rule Configuration The following table describes the labels in this screen Table 69 Management > Bandwidth MGMT > Advanced: User-defined Service Rule Configuration LABEL DESCRIPTION BW Budget Select Maximum Bandwidth or Minimum Bandwidth and specify the maximum or minimum bandwidth allowed for the rule in kilobits per second.
Page 175: Figure 95 Management > Bandwidth Mgmt > Monitor
Chapter 17 Bandwidth Management Figure 95 Management > Bandwidth MGMT > Monitor NBG318S User’s Guide...
Page 176 Chapter 17 Bandwidth Management NBG318S User’s Guide...
Page 177: Chapter 18 Remote Management
H A P T E R Remote Management This chapter provides information on the Remote Management screens. 18.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which NBG318S interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
Page 178: Remote Management And Nat
Chapter 18 Remote Management 1 You have disabled that service in one of the remote management screens. 2 The IP address in the Secured Client IP Address field does not match the client IP address. If it does not match, the NBG318S will disconnect the session immediately. 3 There is already another remote management session with an equal or higher priority running.
Page 179: Telnet Screen
Chapter 18 Remote Management Figure 97 Telnet Configuration on a TCP/IP Network 18.4 Telnet Screen To change your NBG318S’s Telnet settings, click Management > Remote MGMT > Telnet. The following screen displays. Figure 98 Management > Remote MGMT > Telnet The following table describes the labels in this screen.
Page 180: Ftp Screen
Chapter 18 Remote Management 18.5 FTP Screen You can upload and download the NBG318S’s firmware and configuration files using FTP, please see the chapter on firmware and configuration file maintenance for details. To use this feature, your computer must have an FTP client. To change your NBG318S’s FTP settings, click Management >...
Page 181: Figure 100 Management > Remote Mgmt > Dns
Chapter 18 Remote Management Figure 100 Management > Remote MGMT > DNS The following table describes the labels in this screen. Table 73 Management > Remote MGMT > DNS LABEL DESCRIPTION Server Port The DNS service port number is 53 and cannot be changed here. Server Access Select the interface(s) through which a computer may send DNS queries to the NBG318S.
Page 182 Chapter 18 Remote Management NBG318S User’s Guide...
Page 183: Universal Plug-And-Play (Upnp)
H A P T E R Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 19.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
Page 184: Upnp And Zyxel
All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. 19.2 UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum UPnP™ Implementers Corp. (UIC). ZyXEL's UPnP implementation supports Internet Gateway Device (IGD) 1.0.
Page 185: Installing Upnp In Windows Example
Chapter 19 Universal Plug-and-Play (UPnP) Table 74 Management > UPnP > General LABEL DESCRIPTION Apply Click Apply to save the setting to the NBG318S. Cancel Click Cancel to return to the previously saved settings. 19.4 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP.
Page 186: Figure 103 Add/Remove Programs: Windows Setup: Communication: Components
Chapter 19 Universal Plug-and-Play (UPnP) Figure 103 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel.
Page 187: Figure 105 Windows Optional Networking Components Wizard
Chapter 19 Universal Plug-and-Play (UPnP) Figure 105 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Figure 106 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next.
Page 188: Figure 107 Network Connections
Chapter 19 Universal Plug-and-Play (UPnP) 19.4.0.2 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the NBG318S. Make sure the computer is connected to a LAN port of the NBG318S.
Page 189: Figure 108 Internet Connection Properties
Chapter 19 Universal Plug-and-Play (UPnP) Figure 108 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings. NBG318S User’s Guide...
Page 190: Figure 109 Internet Connection Properties: Advanced Settings
Chapter 19 Universal Plug-and-Play (UPnP) Figure 109 Internet Connection Properties: Advanced Settings Figure 110 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Page 191: Figure 111 System Tray Icon
Chapter 19 Universal Plug-and-Play (UPnP) Figure 111 System Tray Icon 7 Double-click on the icon to display your current Internet connection status. Figure 112 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the NBG318S without finding out the IP address of the NBG318S first.
Page 192: Figure 113 Network Connections
Chapter 19 Universal Plug-and-Play (UPnP) Figure 113 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your NBG318S and select Invoke. The web configurator login screen displays. NBG318S User’s Guide...
Page 193: Figure 114 Network Connections: My Network Places
Chapter 19 Universal Plug-and-Play (UPnP) Figure 114 Network Connections: My Network Places 6 Right-click on the icon for your NBG318S and select Properties. A properties window displays with basic information about the NBG318S. Figure 115 Network Connections: My Network Places: Properties: Example NBG318S User’s Guide...
Page 194 Chapter 19 Universal Plug-and-Play (UPnP) NBG318S User’s Guide...
Page 195: Part V: Maintenance And Troubleshooting
Maintenance and Troubleshooting System (197) Logs (201) Tools (215) Configuration Mode (221) Sys Op Mode (223) Language (227) Troubleshooting (229)
Page 197: Chapter 20 System
H A P T E R System This chapter provides information on the System screens. 20.1 System Overview See the chapter about wizard setup for more information on the next few screens. 20.2 System General Screen Click Maintenance > System. The following screen displays. Figure 116 Maintenance >...
Page 198: Time Setting Screen
Chapter 20 System Table 75 Maintenance > System > General LABEL DESCRIPTION Administrator Type how many minutes a management session can be left idle before the Inactivity Timer session times out. The default is 5 minutes. After it times out you have to log in with your password again.
Page 199: Table 76 Maintenance > System > Time Setting
Chapter 20 System The following table describes the labels in this screen. Table 76 Maintenance > System > Time Setting LABEL DESCRIPTION Current Time and Date Current Time This field displays the time of your NBG318S. Each time you reload this page, the NBG318S synchronizes the time with the time server.
Page 200 Chapter 20 System Table 76 Maintenance > System > Time Setting LABEL DESCRIPTION End Date Configure the day and time when Daylight Saving Time ends if you selected Daylight Savings. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the last Sunday of October.
Page 201: Chapter 21 Logs
H A P T E R Logs This chapter contains information about configuring general log settings and viewing the NBG318S’s logs. Refer to the appendices for example log message explanations. 21.1 View Log The web configurator allows you to look at all of the NBG318S’s logs in one location. Click Maintenance >...
Page 202: Log Settings
Chapter 21 Logs The following table describes the labels in this screen. Table 77 Maintenance > Logs > View Log LABEL DESCRIPTION Display The categories that you select in the Log Settings page (see Section 21.2 on page 202) display in the drop-down list box. Select a category of logs to view;...
Page 203: Figure 119 Maintenance > Logs > Log Settings
Chapter 21 Logs Figure 119 Maintenance > Logs > Log Settings The following table describes the labels in this screen. Table 78 Maintenance > Logs > Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
Page 204 Chapter 21 Logs Table 78 Maintenance > Logs > Log Settings LABEL DESCRIPTION Send Alerts To Alerts are real-time notifications that are sent as soon as an event, such as a DoS attack, system error, or forbidden web access attempt occurs. Enter the E- mail address where the alert messages will be sent.
Page 205: Log Descriptions
Chapter 21 Logs 21.3 Log Descriptions This section provides descriptions of example log messages. Table 79 System Maintenance Logs LOG MESSAGE DESCRIPTION The router has adjusted its time based on information from Time calibration is the time server. successful The router failed to get information from the time server. Time calibration failed A WAN interface got a new IP address from the DHCP, WAN interface gets IP:%s...
Page 206: Table 80 System Error Logs
Chapter 21 Logs Table 80 System Error Logs LOG MESSAGE DESCRIPTION This attempt to create a NAT session exceeds the maximum %s exceeds the max. number of NAT session table entries allowed to be created per number of session per host.
Page 207: Table 83 Packet Filter Logs
Chapter 21 Logs Table 82 TCP Reset Logs (continued) LOG MESSAGE DESCRIPTION The router sent a TCP reset packet when a dynamic firewall Firewall session time session timed out. out, sent TCP RST The default timeout values are as follows: ICMP idle timeout: 3 minutes UDP idle timeout: 3 minutes TCP connection (three way handshaking) timeout: 270 seconds...
Page 208: Table 85 Cdr Logs
Chapter 21 Logs Table 85 CDR Logs LOG MESSAGE DESCRIPTION The router received the setup requirements for a call. “call” is board%d line%d channel%d, the reference (count) number of the call. “dev” is the device call%d,%s C01 Outgoing Call type (3 is for dial-up, 6 is for PPPoE, 10 is for PPTP). dev=%x ch=%x%s "channel"...
Page 209: Table 89 Attack Logs
Chapter 21 Logs Table 88 Content Filtering Logs (continued) LOG MESSAGE DESCRIPTION The router detected proxy mode in the packet. %s: Proxy mode detected The content filter server responded that the web site is in the blocked category list, but it did not return the category type. The content filter server responded that the web site is in the blocked %s:%s category list, and returned the category type.
Page 210: Table 90 Pki Logs
Chapter 21 Logs Table 89 Attack Logs (continued) LOG MESSAGE DESCRIPTION The firewall detected an UDP teardrop attack. teardrop UDP The firewall detected an ICMP teardrop attack. For type and code teardrop ICMP (type:%d, details, see Table 93 on page 212.
Page 211: Table 91 802.1X Logs
Chapter 21 Logs Table 90 PKI Logs (continued) LOG MESSAGE DESCRIPTION The router received a corrupted certification authority certificate from Failed to decode the the LDAP server whose address and port are recorded in the Source received ca cert field. The router received a corrupted user certificate from the LDAP server Failed to decode the whose address and port are recorded in the Source field.
Page 212: Table 92 Acl Setting Notes
Chapter 21 Logs Table 91 802.1X Logs (continued) LOG MESSAGE DESCRIPTION A user tried to use an authentication method that the Local User Database does not local user database does not support (it only supports support authentication method. EAP-MD5). There is no response message from the RADIUS server, No response from RADIUS.
Page 213: Table 94 Syslog Logs
Chapter 21 Logs Table 93 ICMP Notes (continued) TYPE CODE DESCRIPTION Redirect datagrams for the Type of Service and Network Redirect datagrams for the Type of Service and Host Echo Echo message Time Exceeded Time to live exceeded in transit Fragment reassembly time exceeded Parameter Problem Pointer indicates the error...
Page 214 Chapter 21 Logs Table 95 RFC-2408 ISAKMP Payload Types (continued) LOG DISPLAY PAYLOAD TYPE Signature Nonce NONCE Notification NOTFY Delete Vendor ID NBG318S User’s Guide...
Page 215: Chapter 22 Tools
NBG318S. 22.1 Firmware Upload Screen Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a “*.bin” extension, e.g., “NBG318S.bin”. The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot.
Page 216: Configuration Screen
Chapter 22 Tools After you see the Firmware Upload In Process screen, wait two minutes before logging into the NBG318S again. Figure 121 Upload Warning The NBG318S automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 122 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen.
Page 217: Backup Configuration
Chapter 22 Tools Figure 124 Maintenance > Tools > Configuration 22.2.1 Backup Configuration Backup configuration allows you to back up (save) the NBG318S’s current configuration to a file on your computer. Once your NBG318S is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes.
Page 218: Back To Factory Defaults
Chapter 22 Tools Figure 125 Configuration Restore Successful The NBG318S automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 126 Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default NBG318S IP address (192.168.1.1).
Page 219: Figure 128 Maintenance > Tools > Restart
Chapter 22 Tools Click Maintenance > Tools > Restart. Click Restart to have the NBG318S reboot. This does not affect the NBG318S's configuration. Figure 128 Maintenance > Tools > Restart NBG318S User’s Guide...
Page 220 Chapter 22 Tools NBG318S User’s Guide...
Page 221: Chapter 23 Configuration Mode
H A P T E R Configuration Mode Click Maintenance > Config Mode to open the following screen. This screen allows you to hide or display the advanced screens of some features or the advanced features, such as MAC filter or static route. Basic is selected by default and you cannot see the advanced screens or features.
Page 222: Table 99 Advanced Configuration Options
Chapter 23 Configuration Mode Table 99 Advanced Configuration Options CATEGORY LINK Network Wireless LAN MAC Filter Advanced Advanced IP Alias Advanced DHCP Server Advanced Advanced Security Firewall Services Content Filter Schedule Management Static Route IP Static Route Bandwidth MGMT Advanced Monitor Remote MGMT Telnet...
Page 223: Chapter 24 Sys Op Mode
H A P T E R Sys Op Mode 24.1 Selecting System Operation Mode Use this screen to select how you connect to the Internet. Figure 130 Maintenance > Sys OP Mode > General The figure below shows devices connecting to the Internet through a DSL connection. Select Router(Ethernet WAN) in the screen if you connect to the Internet as shown in diagram.
Page 224: Figure 132 System Operation Mode: Access Point
Chapter 24 Sys Op Mode Figure 132 System Operation Mode: Access Point The figure below shows a network connecting to the Internet through a HomePlug connection. Select Router(HomePlug WAN) in the screen if you connect to the Internet as shown in the diagram.
Page 225 Chapter 24 Sys Op Mode If you select the incorrect System Operation Mode you cannot connect to the Internet. NBG318S User’s Guide...
Page 226 Chapter 24 Sys Op Mode NBG318S User’s Guide...
Page 227: Chapter 25 Language
H A P T E R Language Use this screen to select the language in which the web configurator displays. 25.1 Selecting Language Click Maintenance > Language. The following screen displays. Figure 134 Maintenance > Language Click the button for language you want to use. The web configurator reloads and displays in the selected language.
Page 228 Chapter 25 Language NBG318S User’s Guide...
Page 229: Chapter 26 Troubleshooting
H A P T E R Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • NBG318S Access and Login • Internet Access •...
Page 230: Nbg318S Access And Login
Chapter 26 Troubleshooting 26.2 NBG318S Access and Login I forgot the IP address for the NBG318S. 1 The default IP address is 192.168.1.1. 2 If you changed the IP address and have forgotten it, you might get the IP address of the NBG318S by looking up the IP address of the default gateway for your computer.
Page 231: Internet Access
Chapter 26 Troubleshooting 6 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions • Try to access the NBG318S using another service, such as Telnet. If you can access the NBG318S, check the remote management settings and firewall rules to find out why the NBG318S does not respond to HTTP.
Page 232 Chapter 26 Troubleshooting 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide. 2 Make sure you entered your ISP account information correctly in the wizard. These fields are case-sensitive, so make sure [Caps Lock] is not on. 3 If you are trying to access the Internet wirelessly, make sure the wireless settings in the wireless client are the same as the settings in the AP.
Page 233: Resetting The Nbg318S To Its Factory Defaults
Chapter 26 Troubleshooting • Check the settings for QoS. If it is disabled, you might consider activating it. If it is enabled, you might consider raising or lowering the priority for some applications. 26.4 Resetting the NBG318S to Its Factory Defaults If you reset the NBG318S, you lose all of the changes you have made.
Page 234: Homeplug Av Troubleshooting
Chapter 26 Troubleshooting 26.6 HomePlug AV Troubleshooting I cannot start my powerline device. Check your power supply is working. Powerline adapters operate from the power supplied by your home wiring and cannot operate without a working power supply. Remove the powerline adapter from the outlet.
Page 235: Encrypt Button Problems
Chapter 26 Troubleshooting 3 Your powerline adapters may be placed close to electrical devices such as electrical insect-killers which produce radio waves. These may interfere with the powerline signals. Move the adapters further away from such electrical devices. 4 Your wiring may be old and/or low quality or with a long wiring path. 26.7 ENCRYPT Button Problems This section applies only to NBG318Ss with the ENCRYPT button.
Page 236: Advanced Features
Chapter 26 Troubleshooting 26.8 Advanced Features I can log in, but I cannot see some of the screens or fields in the Web Configurator. You may be accessing the Web Configurator in Basic mode. Some screens and fields are available only in Advanced mode. Use the Maintenance > Config Mode screen to select Advanced mode.
Page 237: Part Vi: Appendices And Index
Appendices and Index Product Specifications and Wall-Mounting Instructions (239) Pop-up Windows, JavaScripts and Java Permissions (245) IP Addresses and Subnetting (251) Setting up Your Computer’s IP Address (259) Wireless LANs (275) Services (287) Legal Information (291) Customer Support (295) Index (301)
Page 239: Appendix A Product Specifications And Wall-Mounting Instructions
P P E N D I X Product Specifications and Wall- Mounting Instructions The following tables summarize the NBG318S’s hardware and firmware features. Table 101 Hardware Features Dimensions (W x D x H) 162 x 118 x 35 mm Power Specification 120-240 VAC, 50/60 Hz Ethernet ports Auto-negotiating:...
Page 240: Table 102 Firmware Features
Maximum number of powerline networks on one electrical circuit is 4. Firmware Upgrade Download new firmware (when available) from the ZyXEL web site and use the web configurator, an FTP or a TFTP tool to put it on the NBG318S.
Page 241 Firewall You can configure firewall on the ZyXEL Device for secure Internet access. When the firewall is on, by default, all incoming traffic from the Internet to your network is blocked unless it is initiated from your network.
Page 242: Table 103 Standards Supported
Appendix A Product Specifications and Wall-Mounting Instructions The following list, which is not exhaustive, illustrates the standards supported in the NBG318S. Table 103 Standards Supported STANDARD DESCRIPTION RFC 867 Daytime Protocol RFC 868 Time Protocol. RFC 1112 IGMP v1 RFC 1305 Network Time Protocol (NTP version 3) RFC 1631 IP Network Address Translator (NAT)
Page 243: Figure 135 Wall-Mounting Example
Appendix A Product Specifications and Wall-Mounting Instructions Be careful to avoid damaging pipes or cables located inside the wall when drilling holes for the screws. 3 Do not screw the screws all the way into the wall. Leave a small gap of about 0.5 cm between the heads of the screws and the wall.
Page 244: Figure 136 Masonry Plug And M4 Tap Screw
Appendix A Product Specifications and Wall-Mounting Instructions Figure 136 Masonry Plug and M4 Tap Screw NBG318S User’s Guide...
Page 245: Appendix B Pop-Up Windows, Javascripts And Java Permissions
P P E N D I X Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Internet Explorer 6 screens are used here.
Page 246: Figure 138 Internet Options: Privacy
Appendix B Pop-up Windows, JavaScripts and Java Permissions 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 138 Internet Options: Privacy 3 Click Apply to save this setting. Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps.
Page 247: Figure 139 Internet Options: Privacy
Appendix B Pop-up Windows, JavaScripts and Java Permissions Figure 139 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 140 Pop-up Blocker Settings NBG318S User’s Guide...
Page 248: Figure 141 Internet Options: Security
Appendix B Pop-up Windows, JavaScripts and Java Permissions 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.
Page 249: Figure 142 Security Settings - Java Scripting
Appendix B Pop-up Windows, JavaScripts and Java Permissions Figure 142 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected.
Page 250: Figure 144 Java (Sun)
Appendix B Pop-up Windows, JavaScripts and Java Permissions JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Figure 144 Java (Sun) NBG318S User’s Guide...
Page 251: Appendix C Ip Addresses And Subnetting
P P E N D I X IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network.
Page 252: Figure 145 Network Number And Host Id
Appendix C IP Addresses and Subnetting Figure 145 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation).
Page 253: Table 105 Subnet Masks
Appendix C IP Addresses and Subnetting Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks Table 105 Subnet Masks BINARY DECIMAL 4TH OCTET OCTET...
Page 254: Figure 146 Subnetting Example: Before Subnetting
Appendix C IP Addresses and Subnetting Table 107 Alternative Subnet Mask Notation (continued) ALTERNATIVE LAST OCTET LAST OCTET SUBNET MASK NOTATION (BINARY) (DECIMAL) 255.255.255.192 1100 0000 255.255.255.224 1110 0000 255.255.255.240 1111 0000 255.255.255.248 1111 1000 255.255.255.252 1111 1100 Subnetting You can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons.
Page 255: Figure 147 Subnetting Example: After Subnetting
Appendix C IP Addresses and Subnetting Figure 147 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 2 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address).
Page 256: Table 109 Subnet 2
Appendix C IP Addresses and Subnetting Table 109 Subnet 2 LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.65 192.168.1.64 Broadcast Address: Highest Host ID: 192.168.1.126 192.168.1.127 Table 110 Subnet 3...
Page 257: Table 113 24-Bit Network Number Subnet Planning
Appendix C IP Addresses and Subnetting Table 112 Eight Subnets (continued) SUBNET LAST BROADCAST SUBNET FIRST ADDRESS ADDRESS ADDRESS ADDRESS Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 113 24-bit Network Number Subnet Planning NO.
Page 258 Appendix C IP Addresses and Subnetting Table 114 16-bit Network Number Subnet Planning (continued) NO. “BORROWED” NO. HOSTS PER SUBNET MASK NO. SUBNETS HOST BITS SUBNET 255.255.255.252 (/30) 16384 255.255.255.254 (/31) 32768 Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
Page 259: Appendix D Setting Up Your Computer's Ip Address
P P E N D I X Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer.
Page 260: Figure 148 Windows 95/98/Me: Network: Configuration
Appendix D Setting up Your Computer’s IP Address Figure 148 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
Page 261: Figure 149 Windows 95/98/Me: Tcp/Ip Properties: Ip Address
Appendix D Setting up Your Computer’s IP Address Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • If your IP address is dynamic, select Obtain an IP address automatically. •...
Page 262: Figure 150 Windows 95/98/Me: Tcp/Ip Properties: Dns Configuration
Appendix D Setting up Your Computer’s IP Address Figure 150 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window.
Page 263: Figure 151 Windows Xp: Start Menu
Appendix D Setting up Your Computer’s IP Address Figure 151 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 152 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. NBG318S User’s Guide...
Page 264: Figure 153 Windows Xp: Control Panel: Network Connections: Properties
Appendix D Setting up Your Computer’s IP Address Figure 153 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 154 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Page 265: Figure 155 Windows Xp: Internet Protocol (Tcp/Ip) Properties
Appendix D Setting up Your Computer’s IP Address Figure 155 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
Page 266: Figure 156 Windows Xp: Advanced Tcp/Ip Properties
Appendix D Setting up Your Computer’s IP Address Figure 156 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
Page 267: Figure 157 Windows Xp: Internet Protocol (Tcp/Ip) Properties
Appendix D Setting up Your Computer’s IP Address Figure 157 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window.
Page 268: Figure 158 Macintosh Os 8/9: Apple Menu
Appendix D Setting up Your Computer’s IP Address Figure 158 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 159 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: NBG318S User’s Guide...
Page 269: Figure 160 Macintosh Os X: Apple Menu
Appendix D Setting up Your Computer’s IP Address • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your Prestige in the Router address box. 5 Close the TCP/IP Control Panel.
Page 270: Figure 161 Macintosh Os X: Network
Appendix D Setting up Your Computer’s IP Address Figure 161 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. •...
Page 271: Figure 162 Red Hat 9.0: Kde: Network Configuration: Devices
Appendix D Setting up Your Computer’s IP Address Make sure you are logged in as the root administrator. Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. 1 Click the Red Hat button (located on the bottom left corner), select System Setting and click Network.
Page 272: Figure 163 Red Hat 9.0: Kde: Ethernet Device: General
Appendix D Setting up Your Computer’s IP Address Figure 163 Red Hat 9.0: KDE: Ethernet Device: General • If you have a dynamic IP address click Automatically obtain IP address settings with and select dhcp from the drop down list. •...
Page 273: Figure 165 Red Hat 9.0: Kde: Network Configuration: Activate
Appendix D Setting up Your Computer’s IP Address Figure 165 Red Hat 9.0: KDE: Network Configuration: Activate 7 After the network card restart process is complete, make sure the Status is Active in the Network Configuration screen. Using Configuration Files Follow the steps below to edit the network configuration files and set your computer IP address.
Page 274: Verifying Settings
Appendix D Setting up Your Computer’s IP Address 2 If you know your DNS server IP address(es), enter the DNS server information in the file in the directory. The following figure shows an example where resolv.conf /etc two DNS server IP addresses are specified. Figure 168 Red Hat 9.0: DNS Settings in resolv.conf nameserver 172.23.5.1 nameserver 172.23.5.2...
Page 275: Appendix E Wireless Lans
P P E N D I X Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an Ad-hoc network or Independent Basic Service Set (IBSS).
Page 276: Figure 172 Basic Service Set
Appendix E Wireless LANs Figure 172 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN.
Page 277: Figure 173 Infrastructure Wlan
Appendix E Wireless LANs Figure 173 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference.
Page 278: Figure 174 Rts/Cts
Appendix E Wireless LANs Figure 174 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
Page 279: Table 115 Ieee 802.11G
Appendix E Wireless LANs If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Preamble Type A preamble is used to synchronize the transmission timing in your wireless network.
Page 280 Appendix E Wireless LANs • User based identification that allows for roaming. • Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and accounting management on a network RADIUS server. • Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional authentication methods to be deployed with no changes to the access point or the wireless stations.
Page 281 Appendix E Wireless LANs In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password, they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is also encrypted to protect the network from unauthorized access.
Page 282: Table 116 Comparison Of Eap Authentication Types
Appendix E Wireless LANs PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication.
Page 283 Appendix E Wireless LANs Key differences between WPA(2) and WEP are improved data encryption and user authentication. Encryption Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. In addition to TKIP, WPA2 also uses Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption.
Page 284: Wpa(2)-Psk Application Example
Appendix E Wireless LANs 26.8.2 WPA(2)-PSK Application Example A WPA(2)-PSK application looks as follows. 1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters (including spaces and symbols).
Page 285: Table 117 Wireless Security Relational Matrix
Appendix E Wireless LANs Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. MAC address filters are not dependent on how you configure these security features. Table 117 Wireless Security Relational Matrix AUTHENTICATION ENCRYPTIO...
Page 286 Appendix E Wireless LANs NBG318S User’s Guide...
Page 287: Table 118 Examples Of Services
7648 A popular videoconferencing solution from White Pines Software. TCP/UDP 24032 TCP/UDP Domain Name Server, a service that matches web names (e.g. www.zyxel.com) to IP numbers. User-Defined The IPSEC ESP (Encapsulation Security (IPSEC_TUNNEL) Protocol) tunneling protocol uses this service. FINGER...
Page 288: Appendix F Services
Appendix F Services Table 118 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION H.323 1720 NetMeeting uses this protocol. HTTP Hyper Text Transfer Protocol - a client/ server protocol for the world wide web. HTTPS HTTPS is a secured http session often used in e-commerce.
Page 289 Appendix F Services Table 118 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION PPTP_TUNNEL User-Defined PPTP (Point-to-Point Tunneling Protocol) (GRE) enables secure transfer of data over public networks. This is the data channel. RCMD Remote Command Service. REAL_AUDIO 7070 A streaming audio service that enables real time sound over the web.
Page 290 Appendix F Services Table 118 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION TFTP Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE 7000 A videoconferencing solution.
Page 291: Appendix G Legal Information
Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others.
Page 292 This Class B digital apparatus complies with Canadian ICES-003. Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada. Viewing Certifications 1 Go to http://www.zyxel.com. 2 Select your product on the ZyXEL home page to go to that product's page. NBG318S User’s Guide...
Page 293 Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.
Page 294 Appendix G Legal Information NBG318S User’s Guide...
Page 295: Appendix H Customer Support
• Sales E-mail: sales@zyxel.co.cr • Telephone: +506-2017878 • Fax: +506-2015098 • Web: www.zyxel.co.cr • FTP: ftp.zyxel.co.cr • Regular Mail: ZyXEL Costa Rica, Plaza Roble Escazú, Etapa El Patio, Tercer Piso, San José, Costa Rica Czech Republic • E-mail: info@cz.zyxel.com • Telephone: +420-241-091-350 •...
Page 296 • E-mail: info@zyxel.fr • Telephone: +33-4-72-52-97-97 • Fax: +33-4-72-52-19-20 • Web: www.zyxel.fr • Regular Mail: ZyXEL France, 1 rue des Vergers, Bat. 1 / C, 69760 Limonest, France Germany • Support E-mail: support@zyxel.de • Sales E-mail: sales@zyxel.de • Telephone: +49-2405-6909-69 •...
Page 297 • Sales E-mail: sales@zyxel.in • Telephone: +91-11-30888144 to +91-11-30888153 • Fax: +91-11-30888149, +91-11-26810715 • Web: http://www.zyxel.in • Regular Mail: India - ZyXEL Technology India Pvt Ltd., II-Floor, F2/9 Okhla Phase -1, New Delhi 110020, India Japan • Support E-mail: support@zyxel.co.jp •...
Page 298 • Support E-mail: support@zyxel.com.sg • Sales E-mail: sales@zyxel.com.sg • Telephone: +65-6899-6678 • Fax: +65-6899-8887 • Web: http://www.zyxel.com.sg • Regular Mail: ZyXEL Singapore Pte Ltd., No. 2 International Business Park, The Strategy #03-28, Singapore 609930 Spain • Support E-mail: support@zyxel.es • Sales E-mail: sales@zyxel.es •...
Page 299 • Support E-mail: support@zyxel.co.th • Sales E-mail: sales@zyxel.co.th • Telephone: +662-831-5315 • Fax: +662-831-5395 • Web: http://www.zyxel.co.th • Regular Mail: ZyXEL Thailand Co., Ltd., 1/1 Moo 2, Ratchaphruk Road, Bangrak-Noi, Muang, Nonthaburi 11000, Thailand. Ukraine • Support E-mail: support@ua.zyxel.com • Sales E-mail: sales@ua.zyxel.com •...
Page 300 Appendix H Customer Support NBG318S User’s Guide...
Page 301: Index
Index Index Numerics Certificate Authority certifications notices 802.11 Mode viewing changing the NMK Channel 47, 277 Interference channel command interface Access point Configuration See also AP. backup ActiveX reset the factory defaults address resolution protocol (ARP) restore Alert contact information alternative subnet mask notation Content Filtering Days and Times...
Page 302 Firewall IP address Firewall overview dynamic guidelines IP alias ICMP packets network security IP packet transmission Stateful inspection Broadcast ZyXEL device firewall Multicast Unicast Firmware upload file extension IP Pool using HTTP firmware version Fragmentation Threshold 98, 278 33, 180 FTP.
Page 303 Index IP pool setup changing LAN overview LAN Setup LAN setup LAN TCP/IP Link type local (user) database Operating Channel and encryption operating temperature Local Area Network Output Power peer-to-peer MAC address 82, 105 cloning 68, 105 Point-to-Point Protocol over Ethernet 62, 108 MAC address filter Point-to-Point Tunneling Protocol...
Page 304 Index and remote node overview Status RADIUS storage temperature Shared Secret Key subnet RADIUS Message Types Subnet Mask RADIUS Messages subnet mask 66, 252 RADIUS server subnetting registration Summary product Bandwidth management monitor related documentation DHCP table Remote management Packet statistics and NAT Wireless station status and the firewall...
Page 305 Index weaknesses Wireless tutorial User Name Wizard setup Bandwidth management complete Internet connection system information wireless LAN WLAN VoIP Interference Security Parameters WMM priorities World Wide Web WPA compatible WPA, WPA2 101, 169 IP address assignment WAN advanced WAN IP address WAN IP address assignment WAN MAC address warranty...
Page 306 Index NBG318S User’s Guide...

This manual is also suitable for:

Nbg-318s Nbg318s v2

ZyXEL Communications NBG-318S - V3.60 User Manual

Chapter 1 Getting to Know Your NBG318S

Chapter 2 The WPS Button

Chapter 3 The ENCRYPT Button

Chapter 4 Introducing the Web Configurator

Chapter 5 Connection Wizard

Chapter 6 Tutorial

Chapter 7 Wireless LAN

Chapter 8 WAN

Chapter 9 LAN

Chapter 10 Homeplug AV

Chapter 11 DHCP

Chapter 12 Network Address Translation (NAT)

Chapter 13 Dynamic DNS

Chapter 14 Firewall

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications NBG-318S - V3.60

Summary of Contents for ZyXEL Communications NBG-318S - V3.60