• Supporting Disk Refer to the included CD for support documents. • ZyXEL Web Site Please refer to www.zyxel.com for additional support documentation and product certifications. User Guide Feedback Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead.
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. Warnings tell you about things that could harm you or your device. Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.
Page 5
Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The NBG460N icon is not an exact representation of your device. NBG460N Computer Notebook computer Server DSLAM Firewall Telephone Switch Router Modem NBG460N User’s Guide...
Safety Warnings Safety Warnings For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. •...
Contents Overview Contents Overview Introduction ..........................29 Getting to Know Your NBG460N ....................31 The WPS Button ........................35 Introducing the Web Configurator ....................37 Connection Wizard ........................49 AP Mode ............................ 65 Tutorials ............................. 73 Network ........................... 87 Wireless LAN ..........................89 WAN ............................117 LAN ............................
Table of Contents Table of Contents About This User's Guide ......................3 Document Conventions......................4 Safety Warnings........................6 Contents Overview ........................9 Table of Contents........................11 List of Figures ......................... 19 List of Tables........................... 25 Part I: Introduction................. 29 Chapter 1 Getting to Know Your NBG460N....................
Page 12
Table of Contents 3.5.2 Summary: Any IP Table ....................44 3.5.3 Summary: Bandwidth Management Monitor ............44 3.5.4 Summary: DHCP Table ................... 45 3.5.5 Summary: Packet Statistics ..................46 3.5.6 Summary: VPN Monitor ..................... 47 3.5.7 Summary: Wireless Station Status .................
Page 13
Table of Contents 6.1.1 How to Connect to the Internet from an AP ............... 73 6.1.2 Configure Wireless Security Using WPS on both your NBG460N and Wireless Client 73 6.1.3 Enable and Configure Wireless Security without WPS on your NBG460N ....76 6.1.4 Configure Your Notebook ...................
Page 14
Table of Contents 7.11 Accessing the iPod Touch Web Configurator ..............114 7.11.1 Accessing the iPod Touch Web Configurator ............115 Chapter 8 WAN............................117 8.1 WAN Overview ........................117 8.2 WAN MAC Address ......................117 8.3 Multicast ..........................117 8.4 Internet Connection ......................118 8.4.1 Ethernet Encapsulation .....................118 8.4.2 PPPoE Encapsulation ....................119 8.4.3 PPTP Encapsulation ....................
Page 15
12.2 Dynamic DNS Screen ....................147 Part III: Security..................151 Chapter 13 Firewall........................... 153 13.1 Introduction to ZyXEL’s Firewall ..................153 13.1.1 What is a Firewall? ....................153 13.1.2 Stateful Inspection Firewall ..................153 13.1.3 About the NBG460N Firewall ................. 153 13.1.4 Guidelines For Enhancing Security With Your Firewall ..........
Page 16
Table of Contents 15.1 IPSec VPN Overview ....................... 165 15.1.1 What You Can Do in the IPSec VPN Screens ............165 15.1.2 What You Need To Know About IPSec VPN ............166 15.1.3 IKE SA (IKE Phase 1) Overview ................166 15.1.4 IPSec SA (IKE Phase 2) Overview ..............
Page 17
19.1.1 How do I know if I'm using UPnP? ................. 215 19.1.2 NAT Traversal ......................215 19.1.3 Cautions with UPnP ....................215 19.2 UPnP and ZyXEL ......................216 19.3 UPnP Screen ........................216 19.4 Installing UPnP in Windows Example ................217 Part V: Maintenance and Troubleshooting ........
Page 18
Table of Contents Chapter 23 Configuration Mode ......................257 Chapter 24 Sys Op Mode ......................... 259 24.1 Overview .......................... 259 24.1.1 Router ........................259 24.1.2 AP .......................... 259 24.2 Selecting System Operation Mode .................. 260 Chapter 25 Language ..........................263 25.1 Language Screen ......................
List of Figures List of Figures Figure 1 Secure Wireless Internet Access in Router Mode ..............31 Figure 2 Wireless Internet Access in AP Mode ..................32 Figure 3 Front Panel ..........................33 Figure 4 Change Password Screen ......................38 Figure 5 Selecting the setup mode .......................
Page 20
List of Figures Figure 39 Status: AP Mode ........................78 Figure 40 Connecting a Wireless Client to a Wireless Network t ............79 Figure 41 Security Settings ........................79 Figure 42 Confirm Save .......................... 79 Figure 43 Link Status ..........................80 Figure 44 Site-To-Site VPN Tunnel ......................
Page 21
List of Figures Figure 82 Any IP Example ........................129 Figure 83 Network > LAN > IP ......................130 Figure 84 Network > LAN > IP Alias ....................131 Figure 85 Network > LAN > Advanced ....................131 Figure 86 Network > DHCP > General ....................
List of Tables List of Tables Table 1 Features Available in Router Mode vs. AP Mode ..............32 Table 2 Front Panel LEDs ........................33 Table 3 Status Screen Icon Key ......................40 Table 4 Web Configurator Status Screen ................... 40 Table 5 Screens Summary ........................
Page 26
List of Tables Table 39 Scheduling ..........................108 Table 40 Login Screen ......................... 109 Table 41 System Status screen ......................111 Table 42 Port Forwarding ........................114 Table 43 Network > WAN > Internet Connection: Ethernet Encapsulation ...........119 Table 44 Network > WAN > Internet Connection: PPPoE Encapsulation ..........121 Table 45 Network >...
Page 27
List of Tables Table 82 Management > Remote MGMT > DNS ................. 213 Table 83 Management > UPnP > General ................... 216 Table 84 Maintenance > System > General ..................229 Table 85 Maintenance > System > Time Setting ................. 231 Table 86 Maintenance >...
Page 28
List of Tables Table 125 Eight Subnets ........................290 Table 126 24-bit Network Number Subnet Planning ................291 Table 127 16-bit Network Number Subnet Planning ................291 Table 128 IEEE 802.11g ........................313 Table 129 Comparison of EAP Authentication Types ................316 Table 130 Wireless Security Relational Matrix ..................
Introduction Getting to Know Your NBG460N (31) The WPS Button (35) Introducing the Web Configurator (37) Connection Wizard (49) AP Mode (65) Tutorials (73)
H A P T E R Getting to Know Your NBG460N This chapter introduces the main features and applications of the NBG460N. 1.1 Overview The NBG460N acts as either an access point (AP) or a secure broadband router for all data passing between the Internet and your local network.
Chapter 1 Getting to Know Your NBG460N 1.3 AP Mode Select AP Mode if you already have a router or gateway on your network which provides network services such as a firewall or bandwidth management. The following figure shows computers in a WLAN connecting to the NBG460N, which acts as an access point (A).
Chapter 1 Getting to Know Your NBG460N 1.5 Ways to Manage the NBG460N Use any of the following methods to manage the NBG460N. • Web Configurator. This is recommended for everyday management of the NBG460N using a (supported) web browser. •...
Page 34
Chapter 1 Getting to Know Your NBG460N Table 2 Front Panel LEDs (continued) COLOR STATUS DESCRIPTION LAN 1-4 Green The NBG460N has a successful 10/100MB Ethernet connection. Blinking The NBG460N is sending/receiving data. Amber The NBG460N has a successful 1000MB Ethernet connection.
H A P T E R The WPS Button 2.1 Overview Your NBG460N supports WiFi Protected Setup (WPS), which is an easy way to set up a secure wireless network. WPS is an industry standard specification, defined by the WiFi Alliance.
Page 36
Chapter 2 The WPS Button NBG460N User’s Guide...
H A P T E R Introducing the Web Configurator This chapter describes how to access the NBG460N web configurator and provides an overview of its screens. 3.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy setup and management of the NBG460N via Internet browser.
Chapter 3 Introducing the Web Configurator 4 Type "1234" (default) as the password and click Login. In some versions, the default password appears automatically - if this is the case, click Login. 5 You should see a screen asking you to change your password (highly recommended) as shown next.
Chapter 3 Introducing the Web Configurator Figure 5 Selecting the setup mode 3.3 Resetting the NBG460N If you forget your password or IP address, or you cannot access the web configurator, you will need to use the RESET button at the back of the NBG460N to reload the factory-default configuration file.
Chapter 3 Introducing the Web Configurator Figure 6 Web Configurator Status Screen The following table describes the icons shown in the Status screen. Table 3 Status Screen Icon Key ICON DESCRIPTION Click this icon to open the setup wizard. Click this icon to view copyright and a link for related product information. Click this icon at any time to exit the web configurator.
Page 41
This shows what percentage of the heap memory the NBG460N is using. Heap memory refers to the memory that is not used by ZyNOS (ZyXEL Network Operating System) and is thus available for running processes like NAT and the firewall.
Chapter 3 Introducing the Web Configurator Table 4 Web Configurator Status Screen (continued) LABEL DESCRIPTION Status For the LAN and WAN ports, this field displays Down (line is down) or Up (line is up or connected). For the WLAN, it displays Up when the WLAN is enabled or Down when the WLAN is disabled.
Page 43
Chapter 3 Introducing the Web Configurator Table 5 Screens Summary LINK FUNCTION Use this screen to configure LAN IP address and subnet mask. IP Alias Use this screen to partition your LAN interface into subnets. Advanced Use this screen to enable other advanced properties. DHCP General Use this screen to enable the NBG460N’s DHCP server.
Chapter 3 Introducing the Web Configurator Table 5 Screens Summary LINK FUNCTION System General Use this screen to view and change administrative settings such as system and domain names, password and inactivity timer. Time Setting Use this screen to change your NBG460N’s time and date. Logs View Log Use this screen to view the logs for the categories that you...
Chapter 3 Introducing the Web Configurator Figure 8 Summary: BW MGMT Monitor 3.5.4 Summary: DHCP Table DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the NBG460N’s LAN as a DHCP server or disable it.
Chapter 3 Introducing the Web Configurator 3.5.5 Summary: Packet Statistics Click the Packet Statistics (Details...) hyperlink in the Status screen. Read-only information here includes port status, packet specific statistics and the "system up time". The Poll Interval(s) field is configurable and is used for refreshing the screen. Figure 10 Summary: Packet Statistics The following table describes the labels in this screen.
Chapter 3 Introducing the Web Configurator 3.5.6 Summary: VPN Monitor Click the VPN Monitor (Details...) hyperlink in the Status screen. This screen displays read- only information about the active VPN connections. Click the Refresh button to update the screen. A Security Association (SA) is the group of security settings related to a specific VPN tunnel.
Chapter 3 Introducing the Web Configurator The following table describes the labels in this screen. Table 9 Summary: Wireless Association List LABEL DESCRIPTION This is the index number of an associated wireless station. MAC Address This field displays the MAC address of an associated wireless station. Association Time This field displays the time a wireless station first associated with the NBG460N’s WLAN network.
H A P T E R Connection Wizard This chapter provides information on the wizard setup screens in the web configurator. 4.1 Wizard Setup The web configurator’s wizard setup helps you configure your device to access the Internet. Refer to your ISP (Internet Service Provider) checklist in the Quick Start Guide to know what to enter in each field.
Chapter 4 Connection Wizard Figure 14 Select a Language 3 Read the on-screen information and click Next. Figure 15 Welcome to the Connection Wizard 4.2 Connection Wizard: STEP 1: System Information System Information contains administrative and system-related information. 4.2.1 System Name System Name is for identification purposes.
Chapter 4 Connection Wizard 4.2.2 Domain Name The Domain Name entry is what is propagated to the DHCP clients on the LAN. If you leave this blank, the domain name obtained by DHCP from the ISP is used. While you must enter the host name (System Name) on each individual computer, the domain name can be assigned from the NBG460N via DHCP.
Chapter 4 Connection Wizard Figure 17 Wizard Step 2: Wireless LAN The following table describes the labels in this screen. Table 11 Wizard Step 2: Wireless LAN LABEL DESCRIPTION Name (SSID) Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN.
Chapter 4 Connection Wizard Table 12 Wizard Step 2: Basic (WEP) Security LABEL DESCRIPTION Next Click Next to proceed to the next screen. Exit Click Exit to close the wizard screen without saving. 4.3.2 Extend (WPA-PSK or WPA2-PSK) Security Choose Extend (WPA-PSK) or Extend (WPA2-PSK) security in the Wireless LAN setup screen to set up a Pre-Shared Key.
Chapter 4 Connection Wizard Figure 20 Wizard Step 3: ISP Parameters. The following table describes the labels in this screen, Table 14 Wizard Step 3: ISP Parameters CONNECTION TYPE DESCRIPTION Ethernet Select the Ethernet option when the WAN port is used as a regular Ethernet. PPPoE Select the PPP over Ethernet option for a dial-up connection.
Chapter 4 Connection Wizard One of the benefits of PPPoE is the ability to let end users access one of multiple network services, a function known as dynamic service selection. This enables the service provider to easily create and offer new IP services for specific users. Operationally, PPPoE saves significant effort for both the subscriber and the ISP/carrier, as it requires no specific configuration of the broadband modem at the subscriber’s site.
Chapter 4 Connection Wizard The NBG460N supports one PPTP server connection at any given time. Figure 23 Wizard Step 3: PPTP Connection The following table describes the fields in this screen Table 16 Wizard Step 3: PPTP Connection LABEL DESCRIPTION ISP Parameters for Internet Access Connection Type Select PPTP from the drop-down list box.
Chapter 4 Connection Wizard Table 16 Wizard Step 3: PPTP Connection LABEL DESCRIPTION Next Click Next to continue. Exit Click Exit to close the wizard screen without saving. 4.4.4 Your IP Address The following wizard screen allows you to assign a fixed IP address or give the NBG460N an automatically assigned IP address depending on your ISP.
Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa, for instance, the IP address of www.zyxel.com is 204.217.0.2. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it.
Chapter 4 Connection Wizard 2 If the ISP did not give you DNS server information, leave the DNS Server fields set to 0.0.0.0 in the Wizard screen and/or set to From ISP in the WAN > Internet Connection screen for the ISP to dynamically assign the DNS server IP addresses. 4.4.8 WAN IP and DNS Server Address Assignment The following wizard screen allows you to assign a fixed WAN IP address and DNS server addresses.
Chapter 4 Connection Wizard 4.4.9 WAN MAC Address Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. Table 20 Example of Network Properties for LAN Servers with Fixed IP Addresses Choose an IP address 192.168.1.2-192.168.1.32;...
Chapter 4 Connection Wizard 4.5 Connection Wizard: STEP 4: Bandwidth management Bandwidth management allows you to control the amount of bandwidth going out through the NBG460N’s WAN, LAN or WLAN port and prioritize the distribution of the bandwidth according to the traffic type. This helps keep one service from using all of the available bandwidth and shutting out other users.
Chapter 4 Connection Wizard Figure 28 Connection Wizard Save Follow the on-screen instructions and click Finish to complete the wizard setup. Figure 29 Connection Wizard Complete Well done! You have successfully set up your NBG460N to operate on your network and access the Internet.
H A P T E R AP Mode This chapter discusses how to configure settings while your NBG460N is set to AP Mode. Many screens that are available in Router Mode are not available in AP Mode. Chapter 6 on page 73 for an example of setting up a wireless network in AP mode.
Chapter 5 AP Mode Maintenance > Sys OP Mode > General Figure 31 3 A pop-up appears providing information on this mode. Click OK in the pop-up message window. (See Section 24.2 on page 260 for more information on the pop-up.) Click Apply.
This shows what percentage of the heap memory the NBG460N is using. Heap memory refers to the memory that is not used by ZyNOS (ZyXEL Network Operating System) and is thus available for running processes like NAT and the firewall.
Chapter 5 AP Mode Table 23 Web Configurator Status Screen (continued) LABEL DESCRIPTION Rate For the LAN ports, this displays the port speed and duplex setting or N/A when the line is disconnected. For the WLAN, it displays the maximum transmission rate when the WLAN is enabled and N/A when the WLAN is disabled.
Chapter 5 AP Mode Table 24 Screens Summary LINK FUNCTION Wireless General Use this screen to configure wireless LAN. MAC Filter Use the MAC filter screen to configure the NBG460N to block access to devices or block the devices from accessing the NBG460N.
Chapter 5 AP Mode If you change the IP address of the NBG460N in the screen below, you will need to log into the NBG460N again using the new IP address. Figure 34 Network > LAN > IP The table below describes the labels in the screen. Table 25 Network >...
Chapter 5 AP Mode LABEL DESCRIPTION Apply Click Apply to save your changes to the NBG460N. Reset Click Reset to reload the previous configuration for this screen. 5.4.2 WLAN and Maintenance Settings The configuration of wireless and maintenance settings in AP Mode is the same as for Router Mode.
H A P T E R Tutorials 6.1 Wireless Tutorials 6.1.1 How to Connect to the Internet from an AP This section gives you an example of how to set up an access point (AP) and wireless client (a notebook (B), in this example) for wireless communication. B can access the Internet through the AP wirelessly.
Page 74
Chapter 6 Tutorials 6.1.2.1 Push Button Configuration (PBC) 1 Make sure that your NBG460N is turned on and that it is within range of your computer. 2 Make sure that you have installed the wireless client (this example uses the NWD210N) driver and utility in your notebook.
Chapter 6 Tutorials Figure 36 Example WPS Process: PBC Method NBG460N Wireless Client WITHIN 2 MINUTES SECURITY INFO COMMUNICATION 6.1.2.2 PIN Configuration When you use the PIN configuration method, you need to use both NBG460N’s configuration interface and the client’s utilities. 1 Launch your wireless client’s configuration utility.
Chapter 6 Tutorials Figure 37 Example WPS Process: PIN Method Wireless Client NBG460N WITHIN 2 MINUTES Authentication by PIN SECURITY INFO COMMUNICATION 6.1.3 Enable and Configure Wireless Security without WPS on your NBG460N This example shows you how to configure wireless security settings with the following parameters on your NBG460N.
Chapter 6 Tutorials Channel Security WPA-PSK (Pre-Shared Key: ThisismyWPA-PSKpre-sharedkey) Follow the steps below to configure the wireless settings on your NBG460N. The instructions require that your hardware is connected (see the Quick Start Guide) and you are logged into the web configurator through your LAN connection (see Section 3.2 on page 37).
Figure 39 Status: AP Mode 6.1.4 Configure Your Notebook We use the ZyXEL M-302 wireless adapter utility screens as an example for the wireless client. The screens may vary for different models. 1 The NBG460N supports IEEE 802.11b, IEEE 802.11g and IEEE 802.11n wireless clients.
Chapter 6 Tutorials Figure 40 Connecting a Wireless Client to a Wireless Network t 5 Select WPA-PSK and type the security key in the following screen. Click Next. Figure 41 Security Settings 6 The Confirm Save window appears. Check your settings and click Save to continue. Figure 42 Confirm Save 7 Check the status of your wireless connection in the screen below.
8 If your connection is successful, open your Internet browser and enter http:// www.zyxel.com or the URL of any other web site in the address bar. If you are able to access the web site, your wireless connection is successfully configured.
Chapter 6 Tutorials End/Mask text box. This value is the same as Jack only wants Bob to access this single IP address. Figure 47 Remote Policy 5 Enter the IP address “1.1.1.1” in the My IP Address text box. This is Bob’s WAN IP address.
Chapter 6 Tutorials Figure 50 VPN Summary 6.2.2 Configuring Jack’s NBG460N VPN Settings To configure these settings Jack uses the NBG460N web configurator. 1 Log into the NBG460N web configurator and click VPN > Modify icon. This displays the VPN Rule Setup (basic) screen. 2 Select the Active checkbox to enable the VPN rule after it has been created.
Chapter 6 Tutorials 6 Select IP as the Local ID Type. This is the type of content that will be used to identify Jack’s NBG460N. Enter the IP address “2.2.2.2” in the Local Content text box. This identifies Jack’s NBG460N to Bob’s NBG460N. 7 Enter the IP address “1.1.1.1”...
Chapter 6 Tutorials Figure 57 Pinging Jack’s Local IP Address Pinging is successful which means a VPN tunnel has been established between Bob and Jack’s NBG460Ns. Congratulations! To check this VPN connection click VPN > SA Monitor in the web configurator. Figure 58 SA Monitor If pinging is not successful check the VPN settings on both devices and try again.
H A P T E R Wireless LAN This chapter discusses how to configure the wireless network settings in your NBG460N. See the appendices for more detailed information about wireless networks. 7.1 Wireless Network Overview The following figure provides an example of a wireless network. Figure 59 Example of a Wireless Network The wireless network is the part in the blue circle.
Chapter 7 Wireless LAN • Every wireless client in the same wireless network must use security compatible with the Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network. 7.2 Wireless Security Overview The following sections introduce different types of wireless security you can set up in the wireless network.
Chapter 7 Wireless LAN If your AP does not provide a local user database and if you do not have a RADIUS server, you cannot set up user names and passwords for your users. Unauthorized devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network.
(bridge tables are updated) and maximum AP efficiency. The AP deletes records of wireless stations that associate with other APs (Non-ZyXEL APs may not be able to perform this). 802.1x authentication information is not exchanged (at the time of writing).
Chapter 7 Wireless LAN Figure 60 Roaming Example The steps below describe the roaming process. 1 Wireless station Y moves from the coverage area of access point AP 1 to that of access point AP 2. 2 Wireless station Y scans and detects the signal of access point AP 2. 3 Wireless station Y sends an association request to access point AP 2.
Chapter 7 Wireless LAN 7.4.1 WMM QoS WMM (Wi-Fi MultiMedia) QoS (Quality of Service) ensures quality of service in wireless networks. It controls WLAN transmission priority on packets to be transmitted over the wireless network. WMM QoS prioritizes wireless traffic according to delivery requirements. WMM QoS is a part of the IEEE 802.11e QoS enhancement to certified Wi-Fi wireless networks.
Chapter 7 Wireless LAN Figure 61 Network > Wireless LAN > General The following table describes the general wireless LAN labels in this screen. Table 29 Network > Wireless LAN > General LABEL DESCRIPTION Enable Click the check box to activate wireless LAN. Wireless LAN Name(SSID) (Service Set IDentity) The SSID identifies the Service Set with which a wireless...
Chapter 7 Wireless LAN Table 29 Network > Wireless LAN > General LABEL DESCRIPTION Apply Click Apply to save your changes back to the NBG460N. Reset Click Reset to reload the previous configuration for this screen. See the rest of this chapter for information on the other labels in this screen. 7.5.1 No Security Select No Security to allow wireless stations to communicate with the access points without any data encryption.
Chapter 7 Wireless LAN Your NBG460N allows you to configure up to four 64-bit or 128-bit WEP keys but only one key can be enabled at any one time. In order to configure and enable WEP encryption; click Network > Wireless LAN to display the General screen.
Chapter 7 Wireless LAN Table 31 Network > Wireless LAN > General: Static WEP LABEL DESCRIPTION Key 1 to Key 4 The WEP keys are used to encrypt data. Both the NBG460N and the wireless stations must use the same WEP key for data transmission. If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F").
Chapter 7 Wireless LAN The following table describes the labels in this screen. Table 32 Network > Wireless LAN > General: WPA-PSK/WPA2-PSK LABEL DESCRIPTION WPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field.
Chapter 7 Wireless LAN Figure 65 Network > Wireless LAN > General: WPA/WPA2 The following table describes the labels in this screen. Table 33 Network > Wireless LAN > General: WPA/WPA2 LABEL DESCRIPTION WPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field.
Chapter 7 Wireless LAN Table 33 Network > Wireless LAN > General: WPA/WPA2 LABEL DESCRIPTION Group Key Update The Group Key Update Timer is the rate at which the AP (if using WPA-PSK/ Timer WPA2-PSK key management) or RADIUS server (if using WPA/WPA2 key management) sends a new group key out to all clients.
Chapter 7 Wireless LAN Figure 66 Network > Wireless LAN > MAC Filter The following table describes the labels in this menu. Table 34 Network > Wireless LAN > MAC Filter LABEL DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering. Filter Action Define the filter action for the list of MAC addresses in the MAC Address table.
Chapter 7 Wireless LAN Figure 67 Network > Wireless LAN > Advanced The following table describes the labels in this screen. Table 35 Network > Wireless LAN > Advanced LABEL DESCRIPTION Roaming Configuration Enable Select this option if your network environment has multiple APs and you want your Roaming wireless device to be able to access the network as you move between wireless networks.
Chapter 7 Wireless LAN Figure 68 Network > Wireless LAN > QoS The following table describes the labels in this screen. Table 36 Network > Wireless LAN > QoS LABEL DESCRIPTION WMM QoS Policy Select Default to have the NBG460N automatically give a service a priority level according to the ToS value in the IP header of packets it sends.
Chapter 7 Wireless LAN 7.8.1 Application Priority Configuration Use this screen to edit a WMM QoS application entry. Click the edit icon under Modify. The following screen displays. Figure 69 Network > Wireless LAN > QoS: Application Priority Configuration Appendix F on page 321 for a list of commonly-used services and destination ports.
Chapter 7 Wireless LAN 7.9 WiFi Protected Setup WiFi Protected Setup (WPS) is an industry standard specification, defined by the WiFi Alliance. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually. Depending on the devices in your network, you can either press a button (on the device itself, or in its configuration utility) or enter a PIN (Personal Identification Number) in the devices.
Chapter 7 Wireless LAN 7.9.2 WPS Station Screen Use this screen when you want to add a wireless station using WPS. To open this screen, click Network > Wireless LAN > WPS Station tab. Note: After you click Push Button on this screen, you have to press a similar button in the wireless station utility within 2 minutes.
Chapter 7 Wireless LAN Figure 72 Scheduling The following table describes the labels in this screen. Table 39 Scheduling LABEL DESCRIPTION Enable Wireless Select this to enable Wireless LAN scheduling. LAN Scheduling WLAN Status Select On or Off to specify whether the Wireless LAN is turned on or off. This field works in conjunction with the Day and Except for the following times fields.
Chapter 7 Wireless LAN 1 Make sure the Wireless LAN on the NBG460N is enabled and that you know the security settings (if any). To do this check the Wireless LAN > General screen in the web configurator from your computer. 2 On the iPod Touch’s main screen press Settings >...
Chapter 7 Wireless LAN 7.10.2 System Status After successfully logging into the iPod Touch web configurator the System Status screen displays. Your changes in the iPod Touch web configurator are saved automatically after pressing a button. If you are going to use the WPS (Wi-Fi Protected Setup) function in the iPod Touch Web Configurator it is recommended to configure your WPS settings first from your computer.
Chapter 7 Wireless LAN Figure 74 System Status screen The following table describes the labels in this screen. Table 41 System Status screen LABEL DESCRIPTION Logout Press this to logout of the iPod Touch web configurator. IP Address This field displays the NBG460N’s LAN (Local Area Network) IP address. IP Address This field displays the NBG460N’s WAN IP address.
Chapter 7 Wireless LAN Table 41 System Status screen LABEL DESCRIPTION Channel This field displays the channel the NBG460N’s Wireless LAN operates on. This will display as disabled if auto channel selection mode is on. PIN Number This field displays the NBG460N’s WPS (Wi-Fi Protected Setup) PIN number. WPS allows you to connect wireless clients to your wireless LAN easily.
To go back to the System Status screen press the ZyXEL logo at the top of the page. To see any changes on the System Status screen you will need to refresh the page first.
Chapter 7 Wireless LAN Figure 76 Port Forwarding The following table describes the labels in this screen. Table 42 Port Forwarding LABEL DESCRIPTION This is the number of an individual port forwarding entry. Rule This column displays the configured port forwarding rules. To configure a new rule you must use the web configurator from your computer.
Chapter 7 Wireless LAN If you have not configured your wireless settings yet you can do so by using the Wizard in the web configurator you access from your computer. Click the Wizard icon or the Go To Wizard Setup web link you see after logging into the web configurator from your computer.
Page 116
Chapter 7 Wireless LAN If the login screen does not display properly, check that you are accessing the correct IP address. Also check your iPod Touch web browser’s security settings as they may affect how the page displays. 4 If you wish to login automatically in the future make sure the Auto Login checkbox is selected.
H A P T E R This chapter describes how to configure WAN settings. 8.1 WAN Overview See the chapter about the connection wizard for more information on the fields in the WAN screens. 8.2 WAN MAC Address The MAC address screen allows users to configure the WAN port's MAC address by either using the factory default or cloning the MAC address from a computer on your LAN.
Chapter 8 WAN The NBG460N supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP-v2). At start up, the NBG460N queries all directly connected networks to gather group membership. After that, the NBG460N periodically updates this information. IP multicasting can be enabled/disabled on the NBG460N LAN and/or WAN interfaces in the web configurator (LAN;...
Chapter 8 WAN The following table describes the labels in this screen. Table 43 Network > WAN > Internet Connection: Ethernet Encapsulation LABEL DESCRIPTION Encapsulation You must choose the Ethernet option when the WAN port is used as a regular Ethernet.
Chapter 8 WAN For the service provider, PPPoE offers an access and authentication method that works with existing access control systems (for example Radius). One of the benefits of PPPoE is the ability to let you access one of multiple network services, a function known as dynamic service selection.
Chapter 8 WAN The following table describes the labels in this screen. Table 44 Network > WAN > Internet Connection: PPPoE Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation The PPP over Ethernet choice is for a dial-up connection using PPPoE. The NBG460N supports PPPoE (Point-to-Point Protocol over Ethernet).
Chapter 8 WAN Table 44 Network > WAN > Internet Connection: PPPoE Encapsulation LABEL DESCRIPTION Set WAN MAC Select this option and enter the MAC address you want to use. Address Apply Click Apply to save your changes back to the NBG460N. Reset Click Reset to begin configuring this screen afresh.
Chapter 8 WAN Figure 80 Network > WAN > Internet Connection: PPTP Encapsulation The following table describes the labels in this screen. Table 45 Network > WAN > Internet Connection: PPTP Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-based networks.
Page 124
Chapter 8 WAN Table 45 Network > WAN > Internet Connection: PPTP Encapsulation LABEL DESCRIPTION Password Type the password associated with the User Name above. Retype to Confirm Type your password again to make sure that you have entered is correctly. Nailed-up Connection Select Nailed-Up Connection if you do not want the connection to time out.
Chapter 8 WAN 8.5 Advanced WAN Screen To change your NBG460N’s advanced WAN settings, click Network > WAN > Advanced. The screen appears as shown. Figure 81 Network > WAN > Advanced The following table describes the labels in this screen. Table 46 WAN >...
Page 126
Chapter 8 WAN Table 46 WAN > Advanced LABEL DESCRIPTION Enable Auto-bridge Select this option to have the NBG460N switch to bridge mode automatically mode when the NBG460N gets a WAN IP address in the range of 192.168.x.y (where x and y are from zero to nine) no matter what the LAN IP address is. This might happen if you put the NBG460N behind a NAT router that assigns it this IP address.
H A P T E R This chapter describes how to configure LAN settings. 9.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building.
Chapter 9 LAN 9.2.2 IP Address and Subnet Mask Refer to the IP address and subnet mask section in the Connection Wizard chapter for this information. 9.2.3 Multicast Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network).
Chapter 9 LAN Figure 82 Any IP Example The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the NBG460N’s IP address. You must enable NAT to use the Any IP feature on the NBG460N.
Chapter 9 LAN 9.3 LAN IP Screen Use this screen to change your basic LAN settings. Click Network > LAN. Figure 83 Network > LAN > IP The following table describes the labels in this screen. Table 47 Network > LAN > IP LABEL DESCRIPTION LAN TCP/IP...
Chapter 9 LAN Network > LAN > IP Alias Figure 84 The following table describes the labels in this screen. Table 48 Network > LAN > IP Alias LABEL DESCRIPTION IP Alias 1,2 Select the check box to configure another LAN network for the NBG460N. IP Address Enter the IP address of your NBG460N in dotted decimal notation.
Chapter 9 LAN The following table describes the labels in this screen. Table 49 Network > LAN > Advanced LABEL DESCRIPTION Multicast Select IGMP V-1 or IGMP V-2 or None. IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data.
H A P T E R DHCP 10.1 DHCP DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the NBG460N’s LAN as a DHCP server or disable it. When configured as a server, the NBG460N provides the TCP/IP configuration for the clients.
Chapter 10 DHCP Table 50 Network > DHCP > General LABEL DESCRIPTION Apply Click Apply to save your changes back to the NBG460N. Reset Click Reset to begin configuring this screen afresh. 10.3 DHCP Advanced Screen This screen allows you to assign IP addresses on the LAN to specific individual computers based on their MAC addresses.
Chapter 10 DHCP Table 51 Network > DHCP > Advanced LABEL DESCRIPTION DNS Server DNS Servers The NBG460N passes a DNS (Domain Name System) server IP address (in the Assigned by DHCP order you specify here) to the DHCP clients. The NBG460N only passes this Server information to the LAN DHCP clients when you select the Enable DHCP Server check box.
Chapter 10 DHCP Figure 88 Network > DHCP > Client List The following table describes the labels in this screen. Table 52 Network > DHCP > Client List LABEL DESCRIPTION This is the index number of the host computer. IP Address This field displays the IP address relative to the # field listed above.
H A P T E R Network Address Translation (NAT) This chapter discusses how to configure NAT on the NBG460N. 11.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet.
Chapter 11 Network Address Translation (NAT) Many residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location.
Chapter 11 Network Address Translation (NAT) The following table describes the labels in this screen. Table 53 Network > NAT > General LABEL DESCRIPTION Enable Network Network Address Translation (NAT) allows the translation of an Internet protocol Address address used within one network (for example a private IP address used in a local Translation network) to a different IP address known within another network (for example a public IP address used on the Internet).
Chapter 11 Network Address Translation (NAT) Figure 91 Network > NAT > Application The following table describes the labels in this screen. Table 54 NAT Application LABEL DESCRIPTION Game List Update A game list includes the pre-defined service name(s) and port number(s). You can edit and upload it to the NBG460N to replace the existing entries in the second field next to Service Name.
Chapter 11 Network Address Translation (NAT) Table 54 NAT Application (continued) LABEL DESCRIPTION Port Type a port number(s) to be forwarded. To specify a range of ports, enter a hyphen (-) between the first port and the last port, such as 10-20. To specify two or more non-consecutive port numbers, separate them by a comma without spaces, such as 123,567.
Chapter 11 Network Address Translation (NAT) Figure 93 Trigger Port Forwarding Process: Example 1 Jane requests a file from the Real Audio server (port 7070). 2 Port 7070 is a “trigger” port and causes the NBG460N to record Jane’s computer IP address.
Chapter 11 Network Address Translation (NAT) Figure 94 Network > NAT > Advanced The following table describes the labels in this screen. Table 55 Network > NAT > Advanced LABEL DESCRIPTION Max NAT/Firewall Type a number ranging from 1 to 2048 to limit the number of NAT/firewall sessions Session Per User that a host can create.
Page 145
Chapter 11 Network Address Translation (NAT) Table 55 Network > NAT > Advanced LABEL DESCRIPTION Incoming Incoming is a port (or a range of ports) that a server on the WAN uses when it sends out a particular service. The NBG460N forwards the traffic with this port (or range of ports) to the client computer on the LAN that requested the service.
H A P T E R Dynamic DNS 12.1 Dynamic DNS Introduction Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect.
Chapter 12 Dynamic DNS Figure 95 Dynamic DNS The following table describes the labels in this screen. Table 56 Dynamic DNS LABEL DESCRIPTION Enable Dynamic DNS Select this check box to use dynamic DNS. Service Provider Select the name of your Dynamic DNS service provider. Dynamic DNS Type Select the type of service that you are registered for from your Dynamic DNS service provider.
Page 149
Chapter 12 Dynamic DNS Table 56 Dynamic DNS LABEL DESCRIPTION Apply Click Apply to save your changes back to the NBG460N. Reset Click Reset to begin configuring this screen afresh. NBG460N User’s Guide...
Page 150
Chapter 12 Dynamic DNS NBG460N User’s Guide...
This chapter gives some background information on firewalls and explains how to get started with the NBG460N’s firewall. 13.1 Introduction to ZyXEL’s Firewall 13.1.1 What is a Firewall? Originally, the term “firewall” referred to a construction technique designed to prevent the spread of fire from one room to another.
Chapter 13 Firewall The NBG460N is installed between the LAN and a broadband modem connecting to the Internet. This allows it to act as a secure gateway for all data passing between the Internet and the LAN. The NBG460N has one Ethernet WAN port and four Ethernet LAN ports, which are used to physically separate the network into two areas.The WAN (Wide Area Network) port attaches to the broadband (cable or DSL) modem to the Internet.
Chapter 13 Firewall 1 A computer on the LAN initiates a connection by sending a SYN packet to a receiving server on the WAN. 2 The NBG460N reroutes the packet to Gateway A, which is in Subnet 2. 3 The reply from the WAN goes to the NBG460N. 4 The NBG460N then sends it to the computer on the LAN in Subnet 1.
Chapter 13 Firewall Table 57 Security > Firewall > General LABEL DESCRIPTION Select whether to create a log for packets that are traveling in the selected direction when the packets are blocked (Log All) or forwarded (Log Forward). Or select Not Log to not log any records. To log packets related to firewall rules, make sure that Access Control under Log is selected in the Logs >...
Chapter 13 Firewall Table 58 Security > Firewall > Services LABEL DESCRIPTION Do not respond to Select this option to prevent hackers from finding the NBG460N by probing for requests for unused ports. If you select this option, the NBG460N will not respond to port unauthorized request(s) for unused ports, thus leaving the unused ports and the NBG460N services...
Chapter 13 Firewall Figure 99 Security > Firewall > Services > Adding a Rule The following table describes the labels in this screen. Table 59 Security > Firewall > Services > Adding a Rule LABEL DESCRIPTION Active Select this check box to turn the rule on. Address Type Do you want your rule to apply to packets with a particular (single) IP, a range of IP addresses (for example 192.168.1.10 to 192.169.1.50), a pool of IP address or...
Page 159
Chapter 13 Firewall Table 59 Security > Firewall > Services > Adding a Rule LABEL DESCRIPTION Available Services This is a list of pre-defined services (ports) you may prohibit your LAN computers from using. Select the port you want to block using the drop-down list and click Add to add the port to the Blocked Services field.
H A P T E R Content Filtering This chapter provides a brief overview of content filtering using the embedded web GUI. 14.1 Introduction to Content Filtering Internet content filtering allows you to create and enforce Internet access policies tailored to your needs.
Chapter 14 Content Filtering Figure 100 Security > Content Filter > Filter The following table describes the labels in this screen. Table 60 Security > Content Filter > Filter LABEL DESCRIPTION Trusted Computer To enable this feature, type an IP address of any one of the computers in your IP Address network that you want to have as a trusted computer.
Chapter 14 Content Filtering Table 60 Security > Content Filter > Filter LABEL DESCRIPTION Keyword Type a keyword in this field. You may use any character (up to 64 characters). Wildcards are not allowed. You can also enter a numerical IP address. Keyword List This list displays the keywords already added.
Full path URL checking has the NBG460N check the characters that come before the last slash in the URL. For example, with the URL www.zyxel.com.tw/news/pressroom.php, full path URL checking searches for keywords within www.zyxel.com.tw/news/. Use the ip urlfilter customize actionFlags 6 [disable | enable] command to extend (or not extend) the keyword blocking search to include the URL's full path.
H A P T E R IPSec VPN 15.1 IPSec VPN Overview A virtual private network (VPN) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing. It is used to transport traffic over the Internet or any insecure network that uses TCP/IP for communication.
Chapter 15 IPSec VPN 15.1.2 What You Need To Know About IPSec VPN A VPN tunnel is usually established in two phases. Each phase establishes a security association (SA), a contract indicating what security parameters the NBG460N and the remote IPSec router will use.
Chapter 15 IPSec VPN You can usually provide a static IP address or a domain name for the remote IPSec router as well. Sometimes, you might not know the IP address of the remote IPSec router (for example, telecommuters). In this case, you can still set up the IKE SA, but only the remote IPSec router can initiate an IKE SA.
Chapter 15 IPSec VPN The following table describes the fields in this screen. Table 62 Security > VPN > General LABEL DESCRIPTION This is the VPN policy index number. Active This field displays whether the VPN policy is active or not. This icon is turned on when the rule is enabled.
Chapter 15 IPSec VPN The following table describes the labels in this screen. Table 63 SECURITY > VPN > Rule Setup: IKE (Basic) LABEL DESCRIPTION Property Active Select this check box to activate this VPN policy. Keep Alive Select this check box to have the NBG460N automatically reinitiate the SA after the SA lifetime times out, even if there is no traffic.
Page 171
Chapter 15 IPSec VPN Table 63 SECURITY > VPN > Rule Setup: IKE (Basic) (continued) LABEL DESCRIPTION Remote Policy Remote IP addresses must be static and correspond to the remote IPSec router's configured local IP addresses. The remote fields do not apply when the Secure Gateway IP Address field is configured to 0.0.0.0.
Page 172
Chapter 15 IPSec VPN Table 63 SECURITY > VPN > Rule Setup: IKE (Basic) (continued) LABEL DESCRIPTION Secure Gateway Type the WAN IP address or the domain name (up to 31 characters) of the IPSec Address router with which you're making the VPN connection. Set this field to 0.0.0.0 if the remote IPSec router has a dynamic WAN IP address (the IPSec Keying Mode field must be set to IKE).
Chapter 15 IPSec VPN Table 63 SECURITY > VPN > Rule Setup: IKE (Basic) (continued) LABEL DESCRIPTION Pre-Shared Key Type your pre-shared key in this field. A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. It is called "pre-shared" because you have to share it with another party before you can communicate with them over a secure connection.
Chapter 15 IPSec VPN The following table describes the labels in this screen. Table 64 Security > VPN > Rule Setup: IKE (Advanced) LABEL DESCRIPTION Property Active Select this check box to activate this VPN policy. Keep Alive Select this check box to have the NBG460N automatically reinitiate the SA after the SA lifetime times out, even if there is no traffic.
Page 176
Chapter 15 IPSec VPN Table 64 Security > VPN > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Local Address End / When the local IP address is a single address, type it a second time here. Mask When the local IP address is a range, enter the end (static) IP address, in a range of computers on the LAN behind your NBG460N.
Page 177
Chapter 15 IPSec VPN Table 64 Security > VPN > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Local Content When you select IP in the Local ID Type field, type the IP address of your computer in the Local Content field. The NBG460N automatically uses the IP address in the My IP Address field (refer to the My IP Address field description) if you configure the Local Content field to 0.0.0.0 or leave it blank.
Page 178
Chapter 15 IPSec VPN Table 64 Security > VPN > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION IKE Phase 1 Negotiation Mode Select Main or Aggressive from the drop-down list box. Multiple SAs connecting through a secure gateway must have the same negotiation mode. Encryption Algorithm Select which key size and encryption algorithm to use in the IKE SA.
Chapter 15 IPSec VPN Table 64 Security > VPN > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Authentication Select which hash algorithm to use to authenticate packet data in the IPSec SA. Algorithm Choices are SHA1 and MD5. SHA1 is generally considered stronger than MD5, but it is also slower.
Chapter 15 IPSec VPN 15.2.3.3 Authentication and the Security Parameter Index (SPI) For authentication, the NBG460N and remote IPSec router use the SPI, instead of pre-shared keys, ID type and content. The SPI is an identification number. Note: The NBG460N and remote IPSec router must use the same SPI. Figure 108 Security >...
Page 181
Chapter 15 IPSec VPN Table 65 Security > VPN > Rule Setup: Manual (continued) LABEL DESCRIPTION IPSec Keying Select IKE or Manual from the drop-down list box. IKE provides more protection Mode so it is generally recommended. Manual is a useful option for troubleshooting if you have problems using IKE key management.
Page 182
Chapter 15 IPSec VPN Table 65 Security > VPN > Rule Setup: Manual (continued) LABEL DESCRIPTION Remote Address For a single IP address, enter a (static) IP address on the network behind the remote IPSec router. For a specific range of IP addresses, enter the beginning (static) IP address, in a range of computers on the network behind the remote IPSec router.
Chapter 15 IPSec VPN Table 65 Security > VPN > Rule Setup: Manual (continued) LABEL DESCRIPTION Enable Replay As a VPN setup is processing intensive, the system is vulnerable to Denial of Detection Service (DoS) attacks The IPSec receiver can detect and reject old or duplicate packets to protect against replay attacks.
Chapter 15 IPSec VPN The following table describes the labels in this screen. Table 66 Security > VPN > SA Monitor LABEL DESCRIPTION This is the security association index number. Name This field displays the identification name for this VPN policy. Encapsulation This field displays Tunnel or Transport mode.
Chapter 15 IPSec VPN 15.5 IPSec VPN Technical Reference IKE SA Proposal The IKE SA proposal is used to identify the encryption algorithm, authentication algorithm, and Diffie-Hellman (DH) key group that the NBG460N and remote IPSec router use in the IKE SA.
Chapter 15 IPSec VPN Authentication Before the NBG460N and remote IPSec router establish an IKE SA, they have to verify each other’s identity. This process is based on pre-shared keys and router identities. In main mode, the NBG460N and remote IPSec router authenticate each other in steps 5 and 6, as illustrated below.
Chapter 15 IPSec VPN In the following example, the ID type and content do not match so the authentication fails and the NBG460N and the remote IPSec router cannot establish an IKE SA. Table 68 VPN Example: Mismatching ID Type and Content NBG460N REMOTE IPSEC ROUTER Local ID type: E-mail...
Chapter 15 IPSec VPN Figure 114 VPN/NAT Example If router A does NAT, it might change the IP addresses, port numbers, or both. If router X and router Y try to establish a VPN tunnel, the authentication fails because it depends on this information.
Chapter 15 IPSec VPN These modes are illustrated below. Figure 115 VPN: Transport and Tunnel Mode Encapsulation Original Packet IP Header Data Header Transport Mode Packet IP Header AH/ESP Data Header Header Tunnel Mode Packet IP Header AH/ESP IP Header Data Header Header...
Chapter 15 IPSec VPN Additional IPSec VPN Topics This section discusses other IPSec VPN topics that apply to either IKE SAs or IPSec SAs or both. Relationships between the topics are also highlighted. SA Life Time SAs have a lifetime that specifies how long the SA lasts until it times out. When an SA times out, the NBG460N automatically renegotiates the SA in the following situations: •...
Chapter 15 IPSec VPN The following figure depicts an example where one VPN tunnel is created from an NBG460N at branch office (B) to headquarters (HQ). In order to access computers that use private domain names on the HQ network, the NBG460N at B uses the Intranet DNS server in headquarters.
H A P T E R Static Route Screens This chapter shows you how to configure static routes for your NBG460N. 16.1 Static Route Overview The NBG460N usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the NBG460N send data to devices not reachable through the default gateway, use static routes.
Chapter 16 Static Route Screens Figure 118 Management > Static Route > IP Static Route The following table describes the labels in this screen. Table 69 Management > Static Route > IP Static Route LABEL DESCRIPTION This is the index number of an individual static route. The first entry is for the default route and not editable.
NBG460N’s bandwidth management logs. 17.1 Bandwidth Management Overview ZyXEL’s Bandwidth Management allows you to specify bandwidth management rules based on an application and/or subnet. You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth rules.
Chapter 17 Bandwidth Management The following figure shows LAN subnets. You could configure one bandwidth class for subnet A and another for subnet B. Figure 120 Subnet-based Bandwidth Management Example 17.4 Application and Subnet-based Bandwidth Management You could also create bandwidth classes based on a combination of a subnet and an application.
Chapter 17 Bandwidth Management Table 72 Bandwidth Management Priorities PRIORITY LEVELS: TRAFFIC WITH A HIGHER PRIORITY GETS THROUGH FASTER WHILE TRAFFIC WITH A LOWER PRIORITY IS DROPPED IF THE NETWORK IS CONGESTED. Typically used for “excellent effort” or better than best effort and would include important business traffic that can tolerate some delay.
Chapter 17 Bandwidth Management 17.7 Default Bandwidth Management Classes and Priorities If you enable bandwidth management but do not configure a rule for critical traffic like VoIP, the voice traffic may then get delayed due to insufficient bandwidth. With the automatic traffic classifier feature activated, the NBG460N automatically assigns a default bandwidth management class and priority to traffic that does not match any of the user-defined rules.
Chapter 17 Bandwidth Management The following table describes the labels in this screen. Table 75 Management > Bandwidth MGMT > General LABEL DESCRIPTION Enable Bandwidth Select this check box to have the NBG460N apply bandwidth management. Management Enable bandwidth management to give traffic that matches a bandwidth rule priority over traffic that does not match a bandwidth rule.
Chapter 17 Bandwidth Management The following table describes the labels in this screen. Table 76 Management > Bandwidth MGMT > Advanced LABEL DESCRIPTION Check my Click the Detection button to check the size of your upstream bandwidth. upstream bandwidth Upstream Enter the amount of bandwidth in kbps (2 to 100,000) that you want to allocate for Bandwidth (kbps) traffic.
Chapter 17 Bandwidth Management 17.9.1 Rule Configuration with the Pre-defined Service To edit a bandwidth management rule for the pre-defined service in the NBG460N, click the Edit icon in the Application List table of the Advanced screen. The following screen displays.
Chapter 17 Bandwidth Management Figure 124 Management > Bandwidth MGMT > Advanced: User-defined Service Rule Configuration The following table describes the labels in this screen Table 78 Management > Bandwidth MGMT > Advanced: User-defined Service Rule Configuration LABEL DESCRIPTION BW Budget Select Maximum Bandwidth or Minimum Bandwidth and specify the maximum or minimum bandwidth allowed for the rule in kilobits per second.
H A P T E R Remote Management This chapter provides information on the Remote Management screens. 18.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which NBG460N interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
Chapter 18 Remote Management 1 You have disabled that service in one of the remote management screens. 2 The IP address in the Secured Client IP Address field does not match the client IP address. If it does not match, the NBG460N will disconnect the session immediately. 3 There is already another remote management session with an equal or higher priority running.
Chapter 18 Remote Management LABEL DESCRIPTION Secured Client IP A secured client is a “trusted” computer that is allowed to communicate with the Address NBG460N using this service. Select All to allow any computer to access the NBG460N using this service. Choose Selected to just allow the computer with the IP address that you specify to access the NBG460N using this service.
Chapter 18 Remote Management 18.5 FTP Screen You can use FTP (File Transfer Protocol) to upload and download the NBG460N’s firmware and configuration files. To use this feature, your computer must have an FTP client. To change your NBG460N’s FTP settings, click Management > Remote MGMT > FTP. The screen appears as shown.
Chapter 18 Remote Management Figure 129 Management > Remote MGMT > DNS The following table describes the labels in this screen. Table 82 Management > Remote MGMT > DNS LABEL DESCRIPTION Server Port The DNS service port number is 53 and cannot be changed here. Server Access Select the interface(s) through which a computer may send DNS queries to the NBG460N.
H A P T E R Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 19.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. 19.2 UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum UPnP™ Implementers Corp. (UIC). ZyXEL's UPnP implementation supports Internet Gateway Device (IGD) 1.0.
Chapter 19 Universal Plug-and-Play (UPnP) Table 83 Management > UPnP > General LABEL DESCRIPTION Apply Click Apply to save the setting to the NBG460N. Reset Click Reset to begin configuring this screen afresh. 19.4 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP. 19.4.0.1 Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me.
Chapter 19 Universal Plug-and-Play (UPnP) Figure 132 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel.
Chapter 19 Universal Plug-and-Play (UPnP) Figure 134 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Figure 135 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next.
Chapter 19 Universal Plug-and-Play (UPnP) 19.4.0.2 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the NBG460N. Make sure the computer is connected to a LAN port of the NBG460N.
Chapter 19 Universal Plug-and-Play (UPnP) Figure 137 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings. NBG460N User’s Guide...
Chapter 19 Universal Plug-and-Play (UPnP) Figure 138 Internet Connection Properties: Advanced Settings Figure 139 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Chapter 19 Universal Plug-and-Play (UPnP) Figure 140 System Tray Icon 7 Double-click on the icon to display your current Internet connection status. Figure 141 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the NBG460N without finding out the IP address of the NBG460N first.
Chapter 19 Universal Plug-and-Play (UPnP) Figure 142 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your NBG460N and select Invoke. The web configurator login screen displays. NBG460N User’s Guide...
Chapter 19 Universal Plug-and-Play (UPnP) Figure 143 Network Connections: My Network Places 6 Right-click on the icon for your NBG460N and select Properties. A properties window displays with basic information about the NBG460N. Figure 144 Network Connections: My Network Places: Properties: Example NBG460N User’s Guide...
H A P T E R System This chapter provides information on the System screens. 20.1 System Overview See the chapter about wizard setup for more information on the next few screens. 20.2 System General Screen Click Maintenance > System. The following screen displays. Figure 145 Maintenance >...
Chapter 20 System Table 84 Maintenance > System > General LABEL DESCRIPTION Administrator Type how many minutes a management session can be left idle before the Inactivity Timer session times out. The default is 5 minutes. After it times out you have to log in with your password again.
Chapter 20 System The following table describes the labels in this screen. Table 85 Maintenance > System > Time Setting LABEL DESCRIPTION Current Time and Date Current Time This field displays the time of your NBG460N. Each time you reload this page, the NBG460N synchronizes the time with the time server.
Page 232
Chapter 20 System Table 85 Maintenance > System > Time Setting LABEL DESCRIPTION End Date Configure the day and time when Daylight Saving Time ends if you selected Daylight Savings. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the last Sunday of October.
H A P T E R Logs This chapter contains information about configuring general log settings and viewing the NBG460N’s logs. Refer to the appendices for example log message explanations. 21.1 View Log The web configurator allows you to look at all of the NBG460N’s logs in one location. Click Maintenance >...
Chapter 21 Logs The following table describes the labels in this screen. Table 86 Maintenance > Logs > View Log LABEL DESCRIPTION Display The categories that you select in the Log Settings page (see Section 21.2 on page 234) display in the drop-down list box. Select a category of logs to view;...
Chapter 21 Logs Figure 148 Maintenance > Logs > Log Settings The following table describes the labels in this screen. Table 87 Maintenance > Logs > Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
Page 236
Chapter 21 Logs Table 87 Maintenance > Logs > Log Settings LABEL DESCRIPTION Send Alerts To Alerts are real-time notifications that are sent as soon as an event, such as a DoS attack, system error, or forbidden web access attempt occurs. Enter the E- mail address where the alert messages will be sent.
Chapter 21 Logs 21.3 Log Descriptions This section provides descriptions of example log messages. Table 88 System Maintenance Logs LOG MESSAGE DESCRIPTION The router has adjusted its time based on information from Time calibration is the time server. successful The router failed to get information from the time server. Time calibration failed A WAN interface got a new IP address from the DHCP, WAN interface gets IP:%s...
Chapter 21 Logs Table 89 System Error Logs LOG MESSAGE DESCRIPTION This attempt to create a NAT session exceeds the maximum %s exceeds the max. number of NAT session table entries allowed to be created per number of session per host.
Chapter 21 Logs Table 94 CDR Logs LOG MESSAGE DESCRIPTION The router received the setup requirements for a call. “call” is board%d line%d channel%d, the reference (count) number of the call. “dev” is the device call%d,%s C01 Outgoing Call type (3 is for dial-up, 6 is for PPPoE, 10 is for PPTP). dev=%x ch=%x%s "channel"...
Chapter 21 Logs Table 97 Content Filtering Logs (continued) LOG MESSAGE DESCRIPTION The router detected proxy mode in the packet. %s: Proxy mode detected The content filter server responded that the web site is in the blocked category list, but it did not return the category type. The content filter server responded that the web site is in the blocked %s:%s category list, and returned the category type.
Chapter 21 Logs Table 98 Attack Logs (continued) LOG MESSAGE DESCRIPTION The firewall detected an UDP teardrop attack. teardrop UDP The firewall detected an ICMP teardrop attack. For type and code teardrop ICMP (type:%d, details, see Table 104 on page 247.
Page 243
Chapter 21 Logs Table 100 IKE Logs (continued) LOG MESSAGE DESCRIPTION The connection failed during IKE phase 2 because the router Verifying Local ID failed: and the peer’s Local/Remote Addresses don’t match. The router retransmitted the last packet sent because there IKE Packet Retransmit was no response from the peer.
Page 244
Chapter 21 Logs Table 100 IKE Logs (continued) LOG MESSAGE DESCRIPTION The router could not find a known phase 1 ID in the No known phase 1 ID type connection attempt. found The phase 1 ID types do not match. ID type mismatch.
Chapter 21 Logs Table 100 IKE Logs (continued) LOG MESSAGE DESCRIPTION Rule [%d] Phase 1 ID mismatch The listed rule’s IKE phase 1 ID did not match between the router and the peer. The listed rule’s IKE phase 1 hash did not match between the Rule [%d] Phase 1 hash router and the peer.
Chapter 21 Logs Table 101 PKI Logs (continued) LOG MESSAGE DESCRIPTION The router received a user certificate, with subject name as recorded, Rcvd user cert: from the LDAP server whose IP address and port are recorded in the <subject name> Source field.
Chapter 21 Logs Table 102 802.1X Logs (continued) LOG MESSAGE DESCRIPTION The router logged out a user who ended the session. User logout because of user deassociation. The router logged out a user from which there was no User logout because of no authentication response.
Chapter 21 Logs Table 104 ICMP Notes (continued) TYPE CODE DESCRIPTION Source route failed Source Quench A gateway may discard internet datagrams if it does not have the buffer space needed to queue the datagrams for output to the next network on the route to the destination network.
Chapter 21 Logs The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC for detailed information on each type. Table 106 RFC-2408 ISAKMP Payload Types LOG DISPLAY PAYLOAD TYPE Security Association Proposal PROP Transform TRANS Key Exchange...
NBG460N. 22.1 Firmware Upload Screen Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a “*.bin” extension, e.g., “NBG460N.bin”. The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot.
Chapter 22 Tools Figure 150 Upload Warning The NBG460N automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 151 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen. If the upload was not successful, the following screen will appear.
Chapter 22 Tools Figure 153 Maintenance > Tools > Configuration 22.2.1 Backup Configuration Backup configuration allows you to back up (save) the NBG460N’s current configuration to a file on your computer. Once your NBG460N is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes.
Chapter 22 Tools Figure 154 Configuration Restore Successful The NBG460N automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 155 Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default NBG460N IP address (192.168.1.1).
Chapter 22 Tools Click Maintenance > Tools > Restart. Click Restart to have the NBG460N reboot. This does not affect the NBG460N's configuration. Figure 157 Maintenance > Tools > Restart 22.4 Wake On LAN Wake On LAN (WoL) allows you to remotely turn on a device on the network. To use this feature the remote hardware (for example the network adapter on your computer) must support Wake On LAN using the “Magic Packet”...
H A P T E R Configuration Mode Click Maintenance > Config Mode to open the following screen. This screen allows you to hide or display the advanced screens of some features or the advanced features, such as MAC filter or static route. Basic is selected by default and you cannot see the advanced screens or features.
H A P T E R Sys Op Mode 24.1 Overview The Sys Op Mode (System Operation Mode) function lets you configure whether your NBG460N is a router or AP. You can choose between Router Mode and AP Mode depending on your network topology and the features you require from your device.
Chapter 24 Sys Op Mode Figure 161 IP Address in AP Mode 1 IP Internet 24.2 Selecting System Operation Mode Use this screen to select how you connect to the Internet. Figure 162 Maintenance > Sys OP Mode > General If you select Router Mode, the following pop-up message window appears.
Chapter 24 Sys Op Mode Figure 164 Maintenance > Sys Op Mode > General: AP • In AP Mode all Ethernet ports have the same IP address. • All ports on the rear panel of the device are LAN ports, including the port labeled WAN. There is no WAN port.
Page 262
Chapter 24 Sys Op Mode NBG460N User’s Guide...
H A P T E R Language Use this screen to change the language for the web configurator display. 25.1 Language Screen Click the language you prefer. The web configurator language changes after a while without restarting the NBG460N. Figure 165 Language NBG460N User’s Guide...
Page 264
Chapter 25 Language NBG460N User’s Guide...
H A P T E R Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • NBG460N Access and Login • Internet Access •...
Chapter 26 Troubleshooting 26.2 NBG460N Access and Login I don’t know the IP address of my NBG460N. 1 The default IP address is 192.168.1.1. 2 If you changed the IP address and have forgotten it, you might get the IP address of the NBG460N by looking up the IP address of the default gateway for your computer.
Page 267
Chapter 26 Troubleshooting 2 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide. 3 Make sure your Internet browser does not block pop-up windows and has JavaScripts and Java enabled. See Appendix B on page 279.
Chapter 26 Troubleshooting See the troubleshooting suggestions for I cannot see or access the Login screen in the web configurator. Ignore the suggestions about your browser. 26.3 Internet Access I cannot access the Internet. 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide.
Chapter 26 Troubleshooting interfering with the wireless network (for example, microwaves, other wireless networks, and so on). 3 Reboot the NBG460N. 4 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions •...
Chapter 26 Troubleshooting 4 Make sure your computer (with a wireless adapter installed) is within the transmission range of the NBG460N. 5 Check that both the NBG460N and your wireless station are using the same wireless and wireless security settings. 6 Make sure traffic between the WLAN and the LAN is not blocked by the firewall on the NBG460N.
Appendices and Index Product Specifications and Wall-Mounting Instructions (273) Pop-up Windows, JavaScripts and Java Permissions (279) IP Addresses and Subnetting (285) Setting up Your Computer’s IP Address (293) Wireless LANs (309) Services (321) Legal Information (325) Customer Support (329) Index (335)
P P E N D I X Product Specifications and Wall- Mounting Instructions The following tables summarize the NBG460N’s hardware and firmware features. Table 113 Hardware Features Dimensions (W x D x H) 190 x 150 x 33 mm Weight 362g Power Specification Input: 120~240 AC, 50~60 Hz...
Bluetooth enabled devices, and other wireless LANs. Firmware Upgrade Download new firmware (when available) from the ZyXEL web site and use the web configurator, an FTP or a TFTP tool to put it on the NBG460N.
DNS servers to computers on your network. Dynamic DNS Support With Dynamic DNS (Domain Name System) support, you can use a fixed URL, www.zyxel.com for example, with a dynamic IP address. You must register for this service with a Dynamic DNS service provider. IP Multicast IP Multicast is used to send traffic to a specific group of computers.
Appendix A Product Specifications and Wall-Mounting Instructions The following list, which is not exhaustive, illustrates the standards supported in the NBG460N. Table 116 Standards Supported STANDARD DESCRIPTION RFC 867 Daytime Protocol RFC 868 Time Protocol. RFC 1058 RIP-1 (Routing Information Protocol) RFC 1112 IGMP v1 RFC 1305...
Appendix A Product Specifications and Wall-Mounting Instructions Be careful to avoid damaging pipes or cables located inside the wall when drilling holes for the screws. 3 Do not screw the screws all the way into the wall. Leave a small gap of about 0.5 cm between the heads of the screws and the wall.
P P E N D I X Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Internet Explorer 6 screens are used here.
Appendix B Pop-up Windows, JavaScripts and Java Permissions 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 169 Internet Options: Privacy 3 Click Apply to save this setting. Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps.
Appendix B Pop-up Windows, JavaScripts and Java Permissions Figure 170 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 171 Pop-up Blocker Settings NBG460N User’s Guide...
Appendix B Pop-up Windows, JavaScripts and Java Permissions 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.
Appendix B Pop-up Windows, JavaScripts and Java Permissions Figure 173 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected.
Appendix B Pop-up Windows, JavaScripts and Java Permissions JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Figure 175 Java (Sun) NBG460N User’s Guide...
P P E N D I X IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network.
Appendix C IP Addresses and Subnetting Figure 176 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation).
Appendix C IP Addresses and Subnetting Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Table 118 Subnet Masks BINARY DECIMAL 4TH OCTET OCTET...
Appendix C IP Addresses and Subnetting Table 120 Alternative Subnet Mask Notation (continued) ALTERNATIVE LAST OCTET LAST OCTET SUBNET MASK NOTATION (BINARY) (DECIMAL) 255.255.255.192 1100 0000 255.255.255.224 1110 0000 255.255.255.240 1111 0000 255.255.255.248 1111 1000 255.255.255.252 1111 1100 Subnetting You can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons.
Appendix C IP Addresses and Subnetting Figure 178 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 2 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address).
Appendix C IP Addresses and Subnetting Table 125 Eight Subnets (continued) SUBNET LAST BROADCAST SUBNET FIRST ADDRESS ADDRESS ADDRESS ADDRESS Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 126 24-bit Network Number Subnet Planning NO.
Appendix C IP Addresses and Subnetting Table 127 16-bit Network Number Subnet Planning (continued) NO. “BORROWED” NO. HOSTS PER SUBNET MASK NO. SUBNETS HOST BITS SUBNET 255.255.255.252 (/30) 16384 255.255.255.254 (/31) 32768 Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
P P E N D I X Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer.
Appendix D Setting up Your Computer’s IP Address Figure 179 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
Appendix D Setting up Your Computer’s IP Address Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • If your IP address is dynamic, select Obtain an IP address automatically. •...
Appendix D Setting up Your Computer’s IP Address Figure 181 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window.
Appendix D Setting up Your Computer’s IP Address Figure 182 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 183 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. NBG460N User’s Guide...
Appendix D Setting up Your Computer’s IP Address Figure 184 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 185 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Appendix D Setting up Your Computer’s IP Address Figure 186 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
Appendix D Setting up Your Computer’s IP Address Figure 187 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
Appendix D Setting up Your Computer’s IP Address Figure 188 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window.
Appendix D Setting up Your Computer’s IP Address Figure 189 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 190 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: NBG460N User’s Guide...
Appendix D Setting up Your Computer’s IP Address • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your Prestige in the Router address box. 5 Close the TCP/IP Control Panel.
Appendix D Setting up Your Computer’s IP Address Figure 192 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. •...
Appendix D Setting up Your Computer’s IP Address Make sure you are logged in as the root administrator. Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. 1 Click the Red Hat button (located on the bottom left corner), select System Setting and click Network.
Appendix D Setting up Your Computer’s IP Address Figure 194 Red Hat 9.0: KDE: Ethernet Device: General • If you have a dynamic IP address click Automatically obtain IP address settings with and select dhcp from the drop down list. •...
Appendix D Setting up Your Computer’s IP Address Figure 196 Red Hat 9.0: KDE: Network Configuration: Activate 7 After the network card restart process is complete, make sure the Status is Active in the Network Configuration screen. Using Configuration Files Follow the steps below to edit the network configuration files and set your computer IP address.
Appendix D Setting up Your Computer’s IP Address 2 If you know your DNS server IP address(es), enter the DNS server information in the file in the directory. The following figure shows an example where resolv.conf /etc two DNS server IP addresses are specified. Figure 199 Red Hat 9.0: DNS Settings in resolv.conf nameserver 172.23.5.1 nameserver 172.23.5.2...
P P E N D I X Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an Ad-hoc network or Independent Basic Service Set (IBSS).
Appendix E Wireless LANs Figure 203 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN.
Appendix E Wireless LANs Figure 204 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference.
Appendix E Wireless LANs Figure 205 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
Appendix E Wireless LANs If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Preamble Type A preamble is used to synchronize the transmission timing in your wireless network.
Appendix E Wireless LANs • User based identification that allows for roaming. • Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and accounting management on a network RADIUS server. • Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional authentication methods to be deployed with no changes to the access point or the wireless stations.
Appendix E Wireless LANs In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password, they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is also encrypted to protect the network from unauthorized access.
Appendix E Wireless LANs PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication.
Page 317
Appendix E Wireless LANs Key differences between WPA(2) and WEP are improved data encryption and user authentication. Encryption Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. In addition to TKIP, WPA2 also uses Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption.
Appendix E Wireless LANs 26.6.2 WPA(2)-PSK Application Example A WPA(2)-PSK application looks as follows. 1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters (including spaces and symbols).
Appendix E Wireless LANs Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. MAC address filters are not dependent on how you configure these security features. Table 130 Wireless Security Relational Matrix AUTHENTICATION ENCRYPTIO...
Page 320
Appendix E Wireless LANs NBG460N User’s Guide...
7648 A popular videoconferencing solution from White Pines Software. TCP/UDP 24032 TCP/UDP Domain Name Server, a service that matches web names (e.g. www.zyxel.com) to IP numbers. User-Defined The IPSEC ESP (Encapsulation Security (IPSEC_TUNNEL) Protocol) tunneling protocol uses this service. FINGER...
Appendix F Services Table 131 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION H.323 1720 NetMeeting uses this protocol. HTTP Hyper Text Transfer Protocol - a client/ server protocol for the world wide web. HTTPS HTTPS is a secured http session often used in e-commerce.
Page 323
Appendix F Services Table 131 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION PPTP_TUNNEL User-Defined PPTP (Point-to-Point Tunneling Protocol) (GRE) enables secure transfer of data over public networks. This is the data channel. RCMD Remote Command Service. REAL_AUDIO 7070 A streaming audio service that enables real time sound over the web.
Page 324
Appendix F Services Table 131 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION TFTP Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE 7000 A videoconferencing solution.
Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others.
Page 326
This Class B digital apparatus complies with Canadian ICES-003. Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada. Viewing Certifications 1 Go to http://www.zyxel.com. 2 Select your product on the ZyXEL home page to go to that product's page. NBG460N User’s Guide...
Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.
Page 328
Appendix G Legal Information NBG460N User’s Guide...
In the event of problems that cannot be solved by using this manual, you should contact your vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in which you bought the device. Regional offices are listed below (see also http:// www.zyxel.com/web/contact_us.php).
Page 330
• Regular Mail: ZyXEL Communications Oy, Malminkaari 10, 00700 Helsinki, Finland France • E-mail: info@zyxel.fr • Telephone: +33-4-72-52-97-97 • Fax: +33-4-72-52-19-20 • Web: www.zyxel.fr • Regular Mail: ZyXEL France, 1 rue des Vergers, Bat. 1 / C, 69760 Limonest, France NBG460N User’s Guide...
Page 331
• Sales E-mail: sales@zyxel.in • Telephone: +91-11-30888144 to +91-11-30888153 • Fax: +91-11-30888149, +91-11-26810715 • Web: http://www.zyxel.in • Regular Mail: India - ZyXEL Technology India Pvt Ltd., II-Floor, F2/9 Okhla Phase -1, New Delhi 110020, India Japan • Support E-mail: support@zyxel.co.jp •...
Page 332
• Sales E-mail: sales@zyxel.com.my • Telephone: +603-8076-9933 • Fax: +603-8076-9833 • Web: http://www.zyxel.com.my • Regular Mail: ZyXEL Malaysia Sdn Bhd., 1-02 & 1-03, Jalan Kenari 17F, Bandar Puchong Jaya, 47100 Puchong, Selangor Darul Ehsan, Malaysia North America • Support E-mail: support@zyxel.com •...
Page 333
• Support E-mail: support@zyxel.com.sg • Sales E-mail: sales@zyxel.com.sg • Telephone: +65-6899-6678 • Fax: +65-6899-8887 • Web: http://www.zyxel.com.sg • Regular Mail: ZyXEL Singapore Pte Ltd., No. 2 International Business Park, The Strategy #03-28, Singapore 609930 Spain • Support E-mail: support@zyxel.es • Sales E-mail: sales@zyxel.es •...
Index Index active protocol Certificate Authority and encapsulation certifications notices ActiveX viewing address resolution protocol (ARP) Channel 41, 67, 311 Interference and transport mode channel Alert command interface alternative subnet mask notation Configuration any IP backup note reset the factory defaults restore contact information AP (Access Point)
Page 336
185, 190 Diffie-Hellman key group encryption algorithms 185, 190 ID content ID type IP address, remote IPSec router Factory LAN defaults IP address, ZyXEL Device FCC interference statement local identity feature specifications main mode 166, 187 NAT traversal File Transfer Program...
Page 337
Index SA life time IKE SA. See also VPN. Independent Basic Service Set Keep alive Install UPnP Windows Me Windows XP Internet Assigned Numbers Authority See IANA Internet connection Ethernet IP pool setup PPPoE. see also PPP over Ethernet PPTP LAN overview WAN connection LAN Setup...
Page 338
Index and VPN overview port forwarding see also Network Address Translation server sets QoS priorities NAT session Quality of Service (QoS) NAT Traversal NAT traversal Navigation Panel 42, 68 navigation panel 42, 68 NetBIOS 125, 132 see also Network Basic Input/Output System RADIUS Shared Secret Key Network Address Translation...
Page 339
Index Scheduling process security associations. See VPN. Security Parameters Service and port numbers Service Set Service Set IDentification Universal Plug and Play Service Set IDentity. See SSID. Application services UPnP and port numbers Forum and protocols security issues Session Initiated Protocol URL Keyword Blocking Simple Mail Transfer Protocol Use Authentication...
Page 340
Index Overview Web configurator navigating Xbox Live web configurator Web Proxy WEP Encryption WEP encryption WEP key Wi-Fi Multimedia QoS ZyNOS 40, 67 Wildcard Windows Networking Wireless association list wireless channel wireless LAN wireless LAN scheduling Wireless LAN wizard Wireless network basic guidelines channel encryption...