Page 1 NBG460N Wireless N Gigabit Router User’s Guide Version 3.60 3/2008 Edition 1 DEFAULT LOGIN IP Address http://192.168.1.1 Password 1234 www.zyxel.com...
Page 3: About This User's Guide
• Supporting Disk Refer to the included CD for support documents. • ZyXEL Web Site Please refer to www.zyxel.com for additional support documentation and product certifications. User Guide Feedback Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead.
Page 4: Document Conventions
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. Warnings tell you about things that could harm you or your device. Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.
Page 5 Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The NBG460N icon is not an exact representation of your device. NBG460N Computer Notebook computer Server DSLAM Firewall Telephone Switch Router Modem NBG460N User’s Guide...
Page 6: Safety Warnings
Safety Warnings Safety Warnings For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. •...
Page 7 Safety Warnings NBG460N User’s Guide...
Page 8 Safety Warnings NBG460N User’s Guide...
Page 9: Table Of Contents
Contents Overview Contents Overview Introduction ..........................29 Getting to Know Your NBG460N ....................31 The WPS Button ........................35 Introducing the Web Configurator ....................37 Connection Wizard ........................49 AP Mode ............................ 65 Tutorials ............................. 73 Network ........................... 87 Wireless LAN ..........................89 WAN ............................117 LAN ............................
Page 10 Contents Overview NBG460N User’s Guide...
Page 11: Table Of Contents
Table of Contents Table of Contents About This User's Guide ......................3 Document Conventions......................4 Safety Warnings........................6 Contents Overview ........................9 Table of Contents........................11 List of Figures ......................... 19 List of Tables........................... 25 Part I: Introduction................. 29 Chapter 1 Getting to Know Your NBG460N....................
Page 12 Table of Contents 3.5.2 Summary: Any IP Table ....................44 3.5.3 Summary: Bandwidth Management Monitor ............44 3.5.4 Summary: DHCP Table ................... 45 3.5.5 Summary: Packet Statistics ..................46 3.5.6 Summary: VPN Monitor ..................... 47 3.5.7 Summary: Wireless Station Status .................
Page 13 Table of Contents 6.1.1 How to Connect to the Internet from an AP ............... 73 6.1.2 Configure Wireless Security Using WPS on both your NBG460N and Wireless Client 73 6.1.3 Enable and Configure Wireless Security without WPS on your NBG460N ....76 6.1.4 Configure Your Notebook ...................
Page 14 Table of Contents 7.11 Accessing the iPod Touch Web Configurator ..............114 7.11.1 Accessing the iPod Touch Web Configurator ............115 Chapter 8 WAN............................117 8.1 WAN Overview ........................117 8.2 WAN MAC Address ......................117 8.3 Multicast ..........................117 8.4 Internet Connection ......................118 8.4.1 Ethernet Encapsulation .....................118 8.4.2 PPPoE Encapsulation ....................119 8.4.3 PPTP Encapsulation ....................
Page 15 12.2 Dynamic DNS Screen ....................147 Part III: Security..................151 Chapter 13 Firewall........................... 153 13.1 Introduction to ZyXEL’s Firewall ..................153 13.1.1 What is a Firewall? ....................153 13.1.2 Stateful Inspection Firewall ..................153 13.1.3 About the NBG460N Firewall ................. 153 13.1.4 Guidelines For Enhancing Security With Your Firewall ..........
Page 16 Table of Contents 15.1 IPSec VPN Overview ....................... 165 15.1.1 What You Can Do in the IPSec VPN Screens ............165 15.1.2 What You Need To Know About IPSec VPN ............166 15.1.3 IKE SA (IKE Phase 1) Overview ................166 15.1.4 IPSec SA (IKE Phase 2) Overview ..............
Page 17 19.1.1 How do I know if I'm using UPnP? ................. 215 19.1.2 NAT Traversal ......................215 19.1.3 Cautions with UPnP ....................215 19.2 UPnP and ZyXEL ......................216 19.3 UPnP Screen ........................216 19.4 Installing UPnP in Windows Example ................217 Part V: Maintenance and Troubleshooting ........
Page 18 Table of Contents Chapter 23 Configuration Mode ......................257 Chapter 24 Sys Op Mode ......................... 259 24.1 Overview .......................... 259 24.1.1 Router ........................259 24.1.2 AP .......................... 259 24.2 Selecting System Operation Mode .................. 260 Chapter 25 Language ..........................263 25.1 Language Screen ......................
Page 19: List Of Figures
List of Figures List of Figures Figure 1 Secure Wireless Internet Access in Router Mode ..............31 Figure 2 Wireless Internet Access in AP Mode ..................32 Figure 3 Front Panel ..........................33 Figure 4 Change Password Screen ......................38 Figure 5 Selecting the setup mode .......................
Page 20 List of Figures Figure 39 Status: AP Mode ........................78 Figure 40 Connecting a Wireless Client to a Wireless Network t ............79 Figure 41 Security Settings ........................79 Figure 42 Confirm Save .......................... 79 Figure 43 Link Status ..........................80 Figure 44 Site-To-Site VPN Tunnel ......................
Page 21 List of Figures Figure 82 Any IP Example ........................129 Figure 83 Network > LAN > IP ......................130 Figure 84 Network > LAN > IP Alias ....................131 Figure 85 Network > LAN > Advanced ....................131 Figure 86 Network > DHCP > General ....................
Page 22 List of Figures Figure 125 Management > Bandwidth MGMT > Monitor ..............207 Figure 126 Management > Remote MGMT > WWW ................210 Figure 127 Management > Remote MGMT > Telnet ................211 Figure 128 Management > Remote MGMT > FTP ................212 Figure 129 Management >...
Page 23 List of Figures Figure 168 Pop-up Blocker ........................279 Figure 169 Internet Options: Privacy ....................280 Figure 170 Internet Options: Privacy ....................281 Figure 171 Pop-up Blocker Settings ..................... 281 Figure 172 Internet Options: Security ....................282 Figure 173 Security Settings - Java Scripting ..................283 Figure 174 Security Settings - Java ......................
Page 24 List of Figures NBG460N User’s Guide...
Page 25: List Of Tables
List of Tables List of Tables Table 1 Features Available in Router Mode vs. AP Mode ..............32 Table 2 Front Panel LEDs ........................33 Table 3 Status Screen Icon Key ......................40 Table 4 Web Configurator Status Screen ................... 40 Table 5 Screens Summary ........................
Page 26 List of Tables Table 39 Scheduling ..........................108 Table 40 Login Screen ......................... 109 Table 41 System Status screen ......................111 Table 42 Port Forwarding ........................114 Table 43 Network > WAN > Internet Connection: Ethernet Encapsulation ...........119 Table 44 Network > WAN > Internet Connection: PPPoE Encapsulation ..........121 Table 45 Network >...
Page 27 List of Tables Table 82 Management > Remote MGMT > DNS ................. 213 Table 83 Management > UPnP > General ................... 216 Table 84 Maintenance > System > General ..................229 Table 85 Maintenance > System > Time Setting ................. 231 Table 86 Maintenance >...
Page 28 List of Tables Table 125 Eight Subnets ........................290 Table 126 24-bit Network Number Subnet Planning ................291 Table 127 16-bit Network Number Subnet Planning ................291 Table 128 IEEE 802.11g ........................313 Table 129 Comparison of EAP Authentication Types ................316 Table 130 Wireless Security Relational Matrix ..................
Page 29: Introduction
Introduction Getting to Know Your NBG460N (31) The WPS Button (35) Introducing the Web Configurator (37) Connection Wizard (49) AP Mode (65) Tutorials (73)
Page 31: Getting To Know Your Nbg460N
H A P T E R Getting to Know Your NBG460N This chapter introduces the main features and applications of the NBG460N. 1.1 Overview The NBG460N acts as either an access point (AP) or a secure broadband router for all data passing between the Internet and your local network.
Page 32: Ap Mode
Chapter 1 Getting to Know Your NBG460N 1.3 AP Mode Select AP Mode if you already have a router or gateway on your network which provides network services such as a firewall or bandwidth management. The following figure shows computers in a WLAN connecting to the NBG460N, which acts as an access point (A).
Page 33: Ways To Manage The Nbg460N
Chapter 1 Getting to Know Your NBG460N 1.5 Ways to Manage the NBG460N Use any of the following methods to manage the NBG460N. • Web Configurator. This is recommended for everyday management of the NBG460N using a (supported) web browser. •...
Page 34 Chapter 1 Getting to Know Your NBG460N Table 2 Front Panel LEDs (continued) COLOR STATUS DESCRIPTION LAN 1-4 Green The NBG460N has a successful 10/100MB Ethernet connection. Blinking The NBG460N is sending/receiving data. Amber The NBG460N has a successful 1000MB Ethernet connection.
Page 35: The Wps Button
H A P T E R The WPS Button 2.1 Overview Your NBG460N supports WiFi Protected Setup (WPS), which is an easy way to set up a secure wireless network. WPS is an industry standard specification, defined by the WiFi Alliance.
Page 36 Chapter 2 The WPS Button NBG460N User’s Guide...
Page 37: Introducing The Web Configurator
H A P T E R Introducing the Web Configurator This chapter describes how to access the NBG460N web configurator and provides an overview of its screens. 3.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy setup and management of the NBG460N via Internet browser.
Page 38: Figure 4 Change Password Screen
Chapter 3 Introducing the Web Configurator 4 Type "1234" (default) as the password and click Login. In some versions, the default password appears automatically - if this is the case, click Login. 5 You should see a screen asking you to change your password (highly recommended) as shown next.
Page 39: Resetting The Nbg460N
Chapter 3 Introducing the Web Configurator Figure 5 Selecting the setup mode 3.3 Resetting the NBG460N If you forget your password or IP address, or you cannot access the web configurator, you will need to use the RESET button at the back of the NBG460N to reload the factory-default configuration file.
Page 40: Figure 6 Web Configurator Status Screen
Chapter 3 Introducing the Web Configurator Figure 6 Web Configurator Status Screen The following table describes the icons shown in the Status screen. Table 3 Status Screen Icon Key ICON DESCRIPTION Click this icon to open the setup wizard. Click this icon to view copyright and a link for related product information. Click this icon at any time to exit the web configurator.
Page 41 This shows what percentage of the heap memory the NBG460N is using. Heap memory refers to the memory that is not used by ZyNOS (ZyXEL Network Operating System) and is thus available for running processes like NAT and the firewall.
Page 42: Navigation Panel
Chapter 3 Introducing the Web Configurator Table 4 Web Configurator Status Screen (continued) LABEL DESCRIPTION Status For the LAN and WAN ports, this field displays Down (line is down) or Up (line is up or connected). For the WLAN, it displays Up when the WLAN is enabled or Down when the WLAN is disabled.
Page 43 Chapter 3 Introducing the Web Configurator Table 5 Screens Summary LINK FUNCTION Use this screen to configure LAN IP address and subnet mask. IP Alias Use this screen to partition your LAN interface into subnets. Advanced Use this screen to enable other advanced properties. DHCP General Use this screen to enable the NBG460N’s DHCP server.
Page 44: Summary: Any Ip Table
Chapter 3 Introducing the Web Configurator Table 5 Screens Summary LINK FUNCTION System General Use this screen to view and change administrative settings such as system and domain names, password and inactivity timer. Time Setting Use this screen to change your NBG460N’s time and date. Logs View Log Use this screen to view the logs for the categories that you...
Page 45: Summary: Dhcp Table
Chapter 3 Introducing the Web Configurator Figure 8 Summary: BW MGMT Monitor 3.5.4 Summary: DHCP Table DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the NBG460N’s LAN as a DHCP server or disable it.
Page 46: Summary: Packet Statistics
Chapter 3 Introducing the Web Configurator 3.5.5 Summary: Packet Statistics Click the Packet Statistics (Details...) hyperlink in the Status screen. Read-only information here includes port status, packet specific statistics and the "system up time". The Poll Interval(s) field is configurable and is used for refreshing the screen. Figure 10 Summary: Packet Statistics The following table describes the labels in this screen.
Page 47: Summary: Vpn Monitor
Chapter 3 Introducing the Web Configurator 3.5.6 Summary: VPN Monitor Click the VPN Monitor (Details...) hyperlink in the Status screen. This screen displays read- only information about the active VPN connections. Click the Refresh button to update the screen. A Security Association (SA) is the group of security settings related to a specific VPN tunnel.
Page 48: Table 9 Summary: Wireless Association List
Chapter 3 Introducing the Web Configurator The following table describes the labels in this screen. Table 9 Summary: Wireless Association List LABEL DESCRIPTION This is the index number of an associated wireless station. MAC Address This field displays the MAC address of an associated wireless station. Association Time This field displays the time a wireless station first associated with the NBG460N’s WLAN network.
Page 49: Connection Wizard
H A P T E R Connection Wizard This chapter provides information on the wizard setup screens in the web configurator. 4.1 Wizard Setup The web configurator’s wizard setup helps you configure your device to access the Internet. Refer to your ISP (Internet Service Provider) checklist in the Quick Start Guide to know what to enter in each field.
Page 50: Connection Wizard: Step 1: System Information
Chapter 4 Connection Wizard Figure 14 Select a Language 3 Read the on-screen information and click Next. Figure 15 Welcome to the Connection Wizard 4.2 Connection Wizard: STEP 1: System Information System Information contains administrative and system-related information. 4.2.1 System Name System Name is for identification purposes.
Page 51: Domain Name
Chapter 4 Connection Wizard 4.2.2 Domain Name The Domain Name entry is what is propagated to the DHCP clients on the LAN. If you leave this blank, the domain name obtained by DHCP from the ISP is used. While you must enter the host name (System Name) on each individual computer, the domain name can be assigned from the NBG460N via DHCP.
Page 52: Figure 17 Wizard Step 2: Wireless Lan
Chapter 4 Connection Wizard Figure 17 Wizard Step 2: Wireless LAN The following table describes the labels in this screen. Table 11 Wizard Step 2: Wireless LAN LABEL DESCRIPTION Name (SSID) Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN.
Page 53: Basic (Wep) Security
Chapter 4 Connection Wizard 4.3.1 Basic (WEP) Security Choose Basic (WEP) to setup WEP Encryption parameters. Figure 18 Wizard Step 2: Basic (WEP) Security The following table describes the labels in this screen. Table 12 Wizard Step 2: Basic (WEP) Security LABEL DESCRIPTION Passphrase...
Page 54: Extend (Wpa-Psk Or Wpa2-Psk) Security
Chapter 4 Connection Wizard Table 12 Wizard Step 2: Basic (WEP) Security LABEL DESCRIPTION Next Click Next to proceed to the next screen. Exit Click Exit to close the wizard screen without saving. 4.3.2 Extend (WPA-PSK or WPA2-PSK) Security Choose Extend (WPA-PSK) or Extend (WPA2-PSK) security in the Wireless LAN setup screen to set up a Pre-Shared Key.
Page 55: Ethernet Connection
Chapter 4 Connection Wizard Figure 20 Wizard Step 3: ISP Parameters. The following table describes the labels in this screen, Table 14 Wizard Step 3: ISP Parameters CONNECTION TYPE DESCRIPTION Ethernet Select the Ethernet option when the WAN port is used as a regular Ethernet. PPPoE Select the PPP over Ethernet option for a dial-up connection.
Page 56: Pptp Connection
Chapter 4 Connection Wizard One of the benefits of PPPoE is the ability to let end users access one of multiple network services, a function known as dynamic service selection. This enables the service provider to easily create and offer new IP services for specific users. Operationally, PPPoE saves significant effort for both the subscriber and the ISP/carrier, as it requires no specific configuration of the broadband modem at the subscriber’s site.
Page 57: Figure 23 Wizard Step 3: Pptp Connection
Chapter 4 Connection Wizard The NBG460N supports one PPTP server connection at any given time. Figure 23 Wizard Step 3: PPTP Connection The following table describes the fields in this screen Table 16 Wizard Step 3: PPTP Connection LABEL DESCRIPTION ISP Parameters for Internet Access Connection Type Select PPTP from the drop-down list box.
Page 58: Your Ip Address
Chapter 4 Connection Wizard Table 16 Wizard Step 3: PPTP Connection LABEL DESCRIPTION Next Click Next to continue. Exit Click Exit to close the wizard screen without saving. 4.4.4 Your IP Address The following wizard screen allows you to assign a fixed IP address or give the NBG460N an automatically assigned IP address depending on your ISP.
Page 59: Ip Address And Subnet Mask
Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa, for instance, the IP address of www.zyxel.com is 204.217.0.2. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it.
Page 60: Wan Ip And Dns Server Address Assignment
Chapter 4 Connection Wizard 2 If the ISP did not give you DNS server information, leave the DNS Server fields set to 0.0.0.0 in the Wizard screen and/or set to From ISP in the WAN > Internet Connection screen for the ISP to dynamically assign the DNS server IP addresses. 4.4.8 WAN IP and DNS Server Address Assignment The following wizard screen allows you to assign a fixed WAN IP address and DNS server addresses.
Page 61: Wan Mac Address
Chapter 4 Connection Wizard 4.4.9 WAN MAC Address Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. Table 20 Example of Network Properties for LAN Servers with Fixed IP Addresses Choose an IP address 192.168.1.2-192.168.1.32;...
Page 62: Connection Wizard: Step 4: Bandwidth Management
Chapter 4 Connection Wizard 4.5 Connection Wizard: STEP 4: Bandwidth management Bandwidth management allows you to control the amount of bandwidth going out through the NBG460N’s WAN, LAN or WLAN port and prioritize the distribution of the bandwidth according to the traffic type. This helps keep one service from using all of the available bandwidth and shutting out other users.
Page 63: Figure 28 Connection Wizard Save
Chapter 4 Connection Wizard Figure 28 Connection Wizard Save Follow the on-screen instructions and click Finish to complete the wizard setup. Figure 29 Connection Wizard Complete Well done! You have successfully set up your NBG460N to operate on your network and access the Internet.
Page 64 Chapter 4 Connection Wizard NBG460N User’s Guide...
Page 65: Ap Mode
H A P T E R AP Mode This chapter discusses how to configure settings while your NBG460N is set to AP Mode. Many screens that are available in Router Mode are not available in AP Mode. Chapter 6 on page 73 for an example of setting up a wireless network in AP mode.
Page 66: The Status Screen In Ap Mode
Chapter 5 AP Mode Maintenance > Sys OP Mode > General Figure 31 3 A pop-up appears providing information on this mode. Click OK in the pop-up message window. (See Section 24.2 on page 260 for more information on the pop-up.) Click Apply.
Page 67: Table 23 Web Configurator Status Screen
This shows what percentage of the heap memory the NBG460N is using. Heap memory refers to the memory that is not used by ZyNOS (ZyXEL Network Operating System) and is thus available for running processes like NAT and the firewall.
Page 68: Navigation Panel
Chapter 5 AP Mode Table 23 Web Configurator Status Screen (continued) LABEL DESCRIPTION Rate For the LAN ports, this displays the port speed and duplex setting or N/A when the line is disconnected. For the WLAN, it displays the maximum transmission rate when the WLAN is enabled and N/A when the WLAN is disabled.
Page 69: Configuring Your Settings
Chapter 5 AP Mode Table 24 Screens Summary LINK FUNCTION Wireless General Use this screen to configure wireless LAN. MAC Filter Use the MAC filter screen to configure the NBG460N to block access to devices or block the devices from accessing the NBG460N.
Page 70: Figure 34 Network > Lan > Ip
Chapter 5 AP Mode If you change the IP address of the NBG460N in the screen below, you will need to log into the NBG460N again using the new IP address. Figure 34 Network > LAN > IP The table below describes the labels in the screen. Table 25 Network >...
Page 71: Wlan And Maintenance Settings
Chapter 5 AP Mode LABEL DESCRIPTION Apply Click Apply to save your changes to the NBG460N. Reset Click Reset to reload the previous configuration for this screen. 5.4.2 WLAN and Maintenance Settings The configuration of wireless and maintenance settings in AP Mode is the same as for Router Mode.
Page 72 Chapter 5 AP Mode NBG460N User’s Guide...
Page 73: Tutorials
H A P T E R Tutorials 6.1 Wireless Tutorials 6.1.1 How to Connect to the Internet from an AP This section gives you an example of how to set up an access point (AP) and wireless client (a notebook (B), in this example) for wireless communication. B can access the Internet through the AP wirelessly.
Page 74 Chapter 6 Tutorials 6.1.2.1 Push Button Configuration (PBC) 1 Make sure that your NBG460N is turned on and that it is within range of your computer. 2 Make sure that you have installed the wireless client (this example uses the NWD210N) driver and utility in your notebook.
Page 75: Figure 36 Example Wps Process: Pbc Method
Chapter 6 Tutorials Figure 36 Example WPS Process: PBC Method NBG460N Wireless Client WITHIN 2 MINUTES SECURITY INFO COMMUNICATION 6.1.2.2 PIN Configuration When you use the PIN configuration method, you need to use both NBG460N’s configuration interface and the client’s utilities. 1 Launch your wireless client’s configuration utility.
Page 76: Enable And Configure Wireless Security Without Wps On Your Nbg460N
Chapter 6 Tutorials Figure 37 Example WPS Process: PIN Method Wireless Client NBG460N WITHIN 2 MINUTES Authentication by PIN SECURITY INFO COMMUNICATION 6.1.3 Enable and Configure Wireless Security without WPS on your NBG460N This example shows you how to configure wireless security settings with the following parameters on your NBG460N.
Page 77: Figure 38 Network > Wireless Lan > General
Chapter 6 Tutorials Channel Security WPA-PSK (Pre-Shared Key: ThisismyWPA-PSKpre-sharedkey) Follow the steps below to configure the wireless settings on your NBG460N. The instructions require that your hardware is connected (see the Quick Start Guide) and you are logged into the web configurator through your LAN connection (see Section 3.2 on page 37).
Page 78: Configure Your Notebook
Figure 39 Status: AP Mode 6.1.4 Configure Your Notebook We use the ZyXEL M-302 wireless adapter utility screens as an example for the wireless client. The screens may vary for different models. 1 The NBG460N supports IEEE 802.11b, IEEE 802.11g and IEEE 802.11n wireless clients.
Page 79: Figure 40 Connecting A Wireless Client To A Wireless Network T
Chapter 6 Tutorials Figure 40 Connecting a Wireless Client to a Wireless Network t 5 Select WPA-PSK and type the security key in the following screen. Click Next. Figure 41 Security Settings 6 The Confirm Save window appears. Check your settings and click Save to continue. Figure 42 Confirm Save 7 Check the status of your wireless connection in the screen below.
Page 80: Site-To-Site Vpn Tunnel Tutorial
8 If your connection is successful, open your Internet browser and enter http:// www.zyxel.com or the URL of any other web site in the address bar. If you are able to access the web site, your wireless connection is successfully configured.
Page 81: Configuring Bob's Nbg460N Vpn Settings
Chapter 6 Tutorials Table 26 Site-To-Site VPN Tunnel Settings (continued) SETTING BOB’S NBG460N JACK’S NBG460N Local ID Type Local Content 1.1.1.1 2.2.2.2 Secure Gateway 2.2.2.2 1.1.1.1 Address Peer ID Type Peer Content 2.2.2.2 1.1.1.1 Encapsulation Tunnel Tunnel Mode IPSec Protocol Pre-Shared Key ThisIsMySecretKey ThisIsMySecretKey...
Page 82: Figure 47 Remote Policy
Chapter 6 Tutorials End/Mask text box. This value is the same as Jack only wants Bob to access this single IP address. Figure 47 Remote Policy 5 Enter the IP address “1.1.1.1” in the My IP Address text box. This is Bob’s WAN IP address.
Page 83: Configuring Jack's Nbg460N Vpn Settings
Chapter 6 Tutorials Figure 50 VPN Summary 6.2.2 Configuring Jack’s NBG460N VPN Settings To configure these settings Jack uses the NBG460N web configurator. 1 Log into the NBG460N web configurator and click VPN > Modify icon. This displays the VPN Rule Setup (basic) screen. 2 Select the Active checkbox to enable the VPN rule after it has been created.
Page 84: Checking The Vpn Connection
Chapter 6 Tutorials 6 Select IP as the Local ID Type. This is the type of content that will be used to identify Jack’s NBG460N. Enter the IP address “2.2.2.2” in the Local Content text box. This identifies Jack’s NBG460N to Bob’s NBG460N. 7 Enter the IP address “1.1.1.1”...
Page 85: Figure 57 Pinging Jack's Local Ip Address
Chapter 6 Tutorials Figure 57 Pinging Jack’s Local IP Address Pinging is successful which means a VPN tunnel has been established between Bob and Jack’s NBG460Ns. Congratulations! To check this VPN connection click VPN > SA Monitor in the web configurator. Figure 58 SA Monitor If pinging is not successful check the VPN settings on both devices and try again.
Page 86 Chapter 6 Tutorials NBG460N User’s Guide...
Page 87: Network
Network Wireless LAN (89) WAN (117) LAN (127) DHCP (133) Network Address Translation (NAT) (137) Dynamic DNS (147)
Page 89: Wireless Lan
H A P T E R Wireless LAN This chapter discusses how to configure the wireless network settings in your NBG460N. See the appendices for more detailed information about wireless networks. 7.1 Wireless Network Overview The following figure provides an example of a wireless network. Figure 59 Example of a Wireless Network The wireless network is the part in the blue circle.
Page 90: Wireless Security Overview
Chapter 7 Wireless LAN • Every wireless client in the same wireless network must use security compatible with the Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network. 7.2 Wireless Security Overview The following sections introduce different types of wireless security you can set up in the wireless network.
Page 91: Encryption
Chapter 7 Wireless LAN If your AP does not provide a local user database and if you do not have a RADIUS server, you cannot set up user names and passwords for your users. Unauthorized devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network.
Page 92: Roaming
(bridge tables are updated) and maximum AP efficiency. The AP deletes records of wireless stations that associate with other APs (Non-ZyXEL APs may not be able to perform this). 802.1x authentication information is not exchanged (at the time of writing).
Page 93: Requirements For Roaming
Chapter 7 Wireless LAN Figure 60 Roaming Example The steps below describe the roaming process. 1 Wireless station Y moves from the coverage area of access point AP 1 to that of access point AP 2. 2 Wireless station Y scans and detects the signal of access point AP 2. 3 Wireless station Y sends an association request to access point AP 2.
Page 94: Wmm Qos
Chapter 7 Wireless LAN 7.4.1 WMM QoS WMM (Wi-Fi MultiMedia) QoS (Quality of Service) ensures quality of service in wireless networks. It controls WLAN transmission priority on packets to be transmitted over the wireless network. WMM QoS prioritizes wireless traffic according to delivery requirements. WMM QoS is a part of the IEEE 802.11e QoS enhancement to certified Wi-Fi wireless networks.
Page 95: Figure 61 Network > Wireless Lan > General
Chapter 7 Wireless LAN Figure 61 Network > Wireless LAN > General The following table describes the general wireless LAN labels in this screen. Table 29 Network > Wireless LAN > General LABEL DESCRIPTION Enable Click the check box to activate wireless LAN. Wireless LAN Name(SSID) (Service Set IDentity) The SSID identifies the Service Set with which a wireless...
Page 96: No Security
Chapter 7 Wireless LAN Table 29 Network > Wireless LAN > General LABEL DESCRIPTION Apply Click Apply to save your changes back to the NBG460N. Reset Click Reset to reload the previous configuration for this screen. See the rest of this chapter for information on the other labels in this screen. 7.5.1 No Security Select No Security to allow wireless stations to communicate with the access points without any data encryption.
Page 97: Figure 63 Network > Wireless Lan > General: Static Wep
Chapter 7 Wireless LAN Your NBG460N allows you to configure up to four 64-bit or 128-bit WEP keys but only one key can be enabled at any one time. In order to configure and enable WEP encryption; click Network > Wireless LAN to display the General screen.
Page 98: Wpa-Psk/Wpa2-Psk
Chapter 7 Wireless LAN Table 31 Network > Wireless LAN > General: Static WEP LABEL DESCRIPTION Key 1 to Key 4 The WEP keys are used to encrypt data. Both the NBG460N and the wireless stations must use the same WEP key for data transmission. If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F").
Page 99: Wpa/Wpa2
Chapter 7 Wireless LAN The following table describes the labels in this screen. Table 32 Network > Wireless LAN > General: WPA-PSK/WPA2-PSK LABEL DESCRIPTION WPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field.
Page 100: Figure 65 Network > Wireless Lan > General: Wpa/Wpa2
Chapter 7 Wireless LAN Figure 65 Network > Wireless LAN > General: WPA/WPA2 The following table describes the labels in this screen. Table 33 Network > Wireless LAN > General: WPA/WPA2 LABEL DESCRIPTION WPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field.
Page 101: Mac Filter
Chapter 7 Wireless LAN Table 33 Network > Wireless LAN > General: WPA/WPA2 LABEL DESCRIPTION Group Key Update The Group Key Update Timer is the rate at which the AP (if using WPA-PSK/ Timer WPA2-PSK key management) or RADIUS server (if using WPA/WPA2 key management) sends a new group key out to all clients.
Page 102: Wireless Lan Advanced Screen
Chapter 7 Wireless LAN Figure 66 Network > Wireless LAN > MAC Filter The following table describes the labels in this menu. Table 34 Network > Wireless LAN > MAC Filter LABEL DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering. Filter Action Define the filter action for the list of MAC addresses in the MAC Address table.
Page 103: Quality Of Service (Qos) Screen
Chapter 7 Wireless LAN Figure 67 Network > Wireless LAN > Advanced The following table describes the labels in this screen. Table 35 Network > Wireless LAN > Advanced LABEL DESCRIPTION Roaming Configuration Enable Select this option if your network environment has multiple APs and you want your Roaming wireless device to be able to access the network as you move between wireless networks.
Page 104: Figure 68 Network > Wireless Lan > Qos
Chapter 7 Wireless LAN Figure 68 Network > Wireless LAN > QoS The following table describes the labels in this screen. Table 36 Network > Wireless LAN > QoS LABEL DESCRIPTION WMM QoS Policy Select Default to have the NBG460N automatically give a service a priority level according to the ToS value in the IP header of packets it sends.
Page 105: Application Priority Configuration
Chapter 7 Wireless LAN 7.8.1 Application Priority Configuration Use this screen to edit a WMM QoS application entry. Click the edit icon under Modify. The following screen displays. Figure 69 Network > Wireless LAN > QoS: Application Priority Configuration Appendix F on page 321 for a list of commonly-used services and destination ports.
Page 106: Wifi Protected Setup
Chapter 7 Wireless LAN 7.9 WiFi Protected Setup WiFi Protected Setup (WPS) is an industry standard specification, defined by the WiFi Alliance. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually. Depending on the devices in your network, you can either press a button (on the device itself, or in its configuration utility) or enter a PIN (Personal Identification Number) in the devices.
Page 107: Wps Station Screen
Chapter 7 Wireless LAN 7.9.2 WPS Station Screen Use this screen when you want to add a wireless station using WPS. To open this screen, click Network > Wireless LAN > WPS Station tab. Note: After you click Push Button on this screen, you have to press a similar button in the wireless station utility within 2 minutes.
Page 108: Ipod Touch Web Configurator
Chapter 7 Wireless LAN Figure 72 Scheduling The following table describes the labels in this screen. Table 39 Scheduling LABEL DESCRIPTION Enable Wireless Select this to enable Wireless LAN scheduling. LAN Scheduling WLAN Status Select On or Off to specify whether the Wireless LAN is turned on or off. This field works in conjunction with the Day and Except for the following times fields.
Page 109: Login Screen
Chapter 7 Wireless LAN 1 Make sure the Wireless LAN on the NBG460N is enabled and that you know the security settings (if any). To do this check the Wireless LAN > General screen in the web configurator from your computer. 2 On the iPod Touch’s main screen press Settings >...
Page 110: System Status
Chapter 7 Wireless LAN 7.10.2 System Status After successfully logging into the iPod Touch web configurator the System Status screen displays. Your changes in the iPod Touch web configurator are saved automatically after pressing a button. If you are going to use the WPS (Wi-Fi Protected Setup) function in the iPod Touch Web Configurator it is recommended to configure your WPS settings first from your computer.
Page 111: Figure 74 System Status Screen
Chapter 7 Wireless LAN Figure 74 System Status screen The following table describes the labels in this screen. Table 41 System Status screen LABEL DESCRIPTION Logout Press this to logout of the iPod Touch web configurator. IP Address This field displays the NBG460N’s LAN (Local Area Network) IP address. IP Address This field displays the NBG460N’s WAN IP address.
Page 112: Wps In Progress
Chapter 7 Wireless LAN Table 41 System Status screen LABEL DESCRIPTION Channel This field displays the channel the NBG460N’s Wireless LAN operates on. This will display as disabled if auto channel selection mode is on. PIN Number This field displays the NBG460N’s WPS (Wi-Fi Protected Setup) PIN number. WPS allows you to connect wireless clients to your wireless LAN easily.
Page 113: Port Forwarding
To go back to the System Status screen press the ZyXEL logo at the top of the page. To see any changes on the System Status screen you will need to refresh the page first.
Page 114: Accessing The Ipod Touch Web Configurator
Chapter 7 Wireless LAN Figure 76 Port Forwarding The following table describes the labels in this screen. Table 42 Port Forwarding LABEL DESCRIPTION This is the number of an individual port forwarding entry. Rule This column displays the configured port forwarding rules. To configure a new rule you must use the web configurator from your computer.
Page 115: Accessing The Ipod Touch Web Configurator
Chapter 7 Wireless LAN If you have not configured your wireless settings yet you can do so by using the Wizard in the web configurator you access from your computer. Click the Wizard icon or the Go To Wizard Setup web link you see after logging into the web configurator from your computer.
Page 116 Chapter 7 Wireless LAN If the login screen does not display properly, check that you are accessing the correct IP address. Also check your iPod Touch web browser’s security settings as they may affect how the page displays. 4 If you wish to login automatically in the future make sure the Auto Login checkbox is selected.
Page 117: Wan
H A P T E R This chapter describes how to configure WAN settings. 8.1 WAN Overview See the chapter about the connection wizard for more information on the fields in the WAN screens. 8.2 WAN MAC Address The MAC address screen allows users to configure the WAN port's MAC address by either using the factory default or cloning the MAC address from a computer on your LAN.
Page 118: Internet Connection
Chapter 8 WAN The NBG460N supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP-v2). At start up, the NBG460N queries all directly connected networks to gather group membership. After that, the NBG460N periodically updates this information. IP multicasting can be enabled/disabled on the NBG460N LAN and/or WAN interfaces in the web configurator (LAN;...
Page 119: Pppoe Encapsulation
Chapter 8 WAN The following table describes the labels in this screen. Table 43 Network > WAN > Internet Connection: Ethernet Encapsulation LABEL DESCRIPTION Encapsulation You must choose the Ethernet option when the WAN port is used as a regular Ethernet.
Page 120: Figure 79 Network > Wan > Internet Connection: Pppoe Encapsulation
Chapter 8 WAN For the service provider, PPPoE offers an access and authentication method that works with existing access control systems (for example Radius). One of the benefits of PPPoE is the ability to let you access one of multiple network services, a function known as dynamic service selection.
Page 121: Table 44 Network > Wan > Internet Connection: Pppoe Encapsulation
Chapter 8 WAN The following table describes the labels in this screen. Table 44 Network > WAN > Internet Connection: PPPoE Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation The PPP over Ethernet choice is for a dial-up connection using PPPoE. The NBG460N supports PPPoE (Point-to-Point Protocol over Ethernet).
Page 122: Pptp Encapsulation
Chapter 8 WAN Table 44 Network > WAN > Internet Connection: PPPoE Encapsulation LABEL DESCRIPTION Set WAN MAC Select this option and enter the MAC address you want to use. Address Apply Click Apply to save your changes back to the NBG460N. Reset Click Reset to begin configuring this screen afresh.
Page 123: Figure 80 Network > Wan > Internet Connection: Pptp Encapsulation
Chapter 8 WAN Figure 80 Network > WAN > Internet Connection: PPTP Encapsulation The following table describes the labels in this screen. Table 45 Network > WAN > Internet Connection: PPTP Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-based networks.
Page 124 Chapter 8 WAN Table 45 Network > WAN > Internet Connection: PPTP Encapsulation LABEL DESCRIPTION Password Type the password associated with the User Name above. Retype to Confirm Type your password again to make sure that you have entered is correctly. Nailed-up Connection Select Nailed-Up Connection if you do not want the connection to time out.
Page 125: Advanced Wan Screen
Chapter 8 WAN 8.5 Advanced WAN Screen To change your NBG460N’s advanced WAN settings, click Network > WAN > Advanced. The screen appears as shown. Figure 81 Network > WAN > Advanced The following table describes the labels in this screen. Table 46 WAN >...
Page 126 Chapter 8 WAN Table 46 WAN > Advanced LABEL DESCRIPTION Enable Auto-bridge Select this option to have the NBG460N switch to bridge mode automatically mode when the NBG460N gets a WAN IP address in the range of 192.168.x.y (where x and y are from zero to nine) no matter what the LAN IP address is. This might happen if you put the NBG460N behind a NAT router that assigns it this IP address.
Page 127: Lan
H A P T E R This chapter describes how to configure LAN settings. 9.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building.
Page 128: Ip Address And Subnet Mask
Chapter 9 LAN 9.2.2 IP Address and Subnet Mask Refer to the IP address and subnet mask section in the Connection Wizard chapter for this information. 9.2.3 Multicast Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network).
Page 129: Figure 82 Any Ip Example
Chapter 9 LAN Figure 82 Any IP Example The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the NBG460N’s IP address. You must enable NAT to use the Any IP feature on the NBG460N.
Page 130: Lan Ip Screen
Chapter 9 LAN 9.3 LAN IP Screen Use this screen to change your basic LAN settings. Click Network > LAN. Figure 83 Network > LAN > IP The following table describes the labels in this screen. Table 47 Network > LAN > IP LABEL DESCRIPTION LAN TCP/IP...
Page 131: Advanced Lan Screen
Chapter 9 LAN Network > LAN > IP Alias Figure 84 The following table describes the labels in this screen. Table 48 Network > LAN > IP Alias LABEL DESCRIPTION IP Alias 1,2 Select the check box to configure another LAN network for the NBG460N. IP Address Enter the IP address of your NBG460N in dotted decimal notation.
Page 132: Table 49 Network > Lan > Advanced
Chapter 9 LAN The following table describes the labels in this screen. Table 49 Network > LAN > Advanced LABEL DESCRIPTION Multicast Select IGMP V-1 or IGMP V-2 or None. IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data.
Page 133: Dhcp
H A P T E R DHCP 10.1 DHCP DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the NBG460N’s LAN as a DHCP server or disable it. When configured as a server, the NBG460N provides the TCP/IP configuration for the clients.
Page 134: Dhcp Advanced Screen
Chapter 10 DHCP Table 50 Network > DHCP > General LABEL DESCRIPTION Apply Click Apply to save your changes back to the NBG460N. Reset Click Reset to begin configuring this screen afresh. 10.3 DHCP Advanced Screen This screen allows you to assign IP addresses on the LAN to specific individual computers based on their MAC addresses.
Page 135: Client List Screen
Chapter 10 DHCP Table 51 Network > DHCP > Advanced LABEL DESCRIPTION DNS Server DNS Servers The NBG460N passes a DNS (Domain Name System) server IP address (in the Assigned by DHCP order you specify here) to the DHCP clients. The NBG460N only passes this Server information to the LAN DHCP clients when you select the Enable DHCP Server check box.
Page 136: Figure 88 Network > Dhcp > Client List
Chapter 10 DHCP Figure 88 Network > DHCP > Client List The following table describes the labels in this screen. Table 52 Network > DHCP > Client List LABEL DESCRIPTION This is the index number of the host computer. IP Address This field displays the IP address relative to the # field listed above.
Page 137: Network Address Translation (Nat)
H A P T E R Network Address Translation (NAT) This chapter discusses how to configure NAT on the NBG460N. 11.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet.
Page 138: Configuring Servers Behind Port Forwarding Example
Chapter 11 Network Address Translation (NAT) Many residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location.
Page 139: Nat Application Screen
Chapter 11 Network Address Translation (NAT) The following table describes the labels in this screen. Table 53 Network > NAT > General LABEL DESCRIPTION Enable Network Network Address Translation (NAT) allows the translation of an Internet protocol Address address used within one network (for example a private IP address used in a local Translation network) to a different IP address known within another network (for example a public IP address used on the Internet).
Page 140: Figure 91 Network > Nat > Application
Chapter 11 Network Address Translation (NAT) Figure 91 Network > NAT > Application The following table describes the labels in this screen. Table 54 NAT Application LABEL DESCRIPTION Game List Update A game list includes the pre-defined service name(s) and port number(s). You can edit and upload it to the NBG460N to replace the existing entries in the second field next to Service Name.
Page 141: Game List Example
Chapter 11 Network Address Translation (NAT) Table 54 NAT Application (continued) LABEL DESCRIPTION Port Type a port number(s) to be forwarded. To specify a range of ports, enter a hyphen (-) between the first port and the last port, such as 10-20. To specify two or more non-consecutive port numbers, separate them by a comma without spaces, such as 123,567.
Page 142: Trigger Port Forwarding
Chapter 11 Network Address Translation (NAT) Figure 92 Game List Example version=1 1;name=Battlefield 1942;port=14567,22000,23000-23009,27900,28900 2;name=Call of Duty;port=28960 3;name=Civilization IV;port=2056 4;name=Diablo I and II;port=6112-6119,4000 5;name=Doom 3;port=27666 6;name=F.E.A.R;port=27888 7;name=Final Fantasy XI;port=25,80,110,443,50000-65535 8;name=Guild Wars;port=6112,80 9;name=Half Life;port=6003,7002,27005,27010,27011,27015 10;name=Jedi Knight III: Jedi Academy;port=28060-28062,28070-28081 11;name=Need for Speed: Hot Pursuit 2;port=1230,8511- 8512,27900,28900,61200-61230 12;name=Neverwinter Nights;port=5120-5300,6500,27900,28900 13;name=Quake 2;port=27910...
Page 143: Two Points To Remember About Trigger Ports
Chapter 11 Network Address Translation (NAT) Figure 93 Trigger Port Forwarding Process: Example 1 Jane requests a file from the Real Audio server (port 7070). 2 Port 7070 is a “trigger” port and causes the NBG460N to record Jane’s computer IP address.
Page 144: Figure 94 Network > Nat > Advanced
Chapter 11 Network Address Translation (NAT) Figure 94 Network > NAT > Advanced The following table describes the labels in this screen. Table 55 Network > NAT > Advanced LABEL DESCRIPTION Max NAT/Firewall Type a number ranging from 1 to 2048 to limit the number of NAT/firewall sessions Session Per User that a host can create.
Page 145 Chapter 11 Network Address Translation (NAT) Table 55 Network > NAT > Advanced LABEL DESCRIPTION Incoming Incoming is a port (or a range of ports) that a server on the WAN uses when it sends out a particular service. The NBG460N forwards the traffic with this port (or range of ports) to the client computer on the LAN that requested the service.
Page 146 Chapter 11 Network Address Translation (NAT) NBG460N User’s Guide...
Page 147: Dynamic Dns
H A P T E R Dynamic DNS 12.1 Dynamic DNS Introduction Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect.
Page 148: Figure 95 Dynamic Dns
Chapter 12 Dynamic DNS Figure 95 Dynamic DNS The following table describes the labels in this screen. Table 56 Dynamic DNS LABEL DESCRIPTION Enable Dynamic DNS Select this check box to use dynamic DNS. Service Provider Select the name of your Dynamic DNS service provider. Dynamic DNS Type Select the type of service that you are registered for from your Dynamic DNS service provider.
Page 149 Chapter 12 Dynamic DNS Table 56 Dynamic DNS LABEL DESCRIPTION Apply Click Apply to save your changes back to the NBG460N. Reset Click Reset to begin configuring this screen afresh. NBG460N User’s Guide...
Page 150 Chapter 12 Dynamic DNS NBG460N User’s Guide...
Page 151: Security
Security Firewall (153) Content Filtering (161) IPSec VPN (165)
Page 153: Firewall
This chapter gives some background information on firewalls and explains how to get started with the NBG460N’s firewall. 13.1 Introduction to ZyXEL’s Firewall 13.1.1 What is a Firewall? Originally, the term “firewall” referred to a construction technique designed to prevent the spread of fire from one room to another.
Page 154: Guidelines For Enhancing Security With Your Firewall
Chapter 13 Firewall The NBG460N is installed between the LAN and a broadband modem connecting to the Internet. This allows it to act as a secure gateway for all data passing between the Internet and the LAN. The NBG460N has one Ethernet WAN port and four Ethernet LAN ports, which are used to physically separate the network into two areas.The WAN (Wide Area Network) port attaches to the broadband (cable or DSL) modem to the Internet.
Page 155: General Firewall Screen
Chapter 13 Firewall 1 A computer on the LAN initiates a connection by sending a SYN packet to a receiving server on the WAN. 2 The NBG460N reroutes the packet to Gateway A, which is in Subnet 2. 3 The reply from the WAN goes to the NBG460N. 4 The NBG460N then sends it to the computer on the LAN in Subnet 1.
Page 156: Services Screen
Chapter 13 Firewall Table 57 Security > Firewall > General LABEL DESCRIPTION Select whether to create a log for packets that are traveling in the selected direction when the packets are blocked (Log All) or forwarded (Log Forward). Or select Not Log to not log any records. To log packets related to firewall rules, make sure that Access Control under Log is selected in the Logs >...
Page 157: The Add Firewall Rule Screen
Chapter 13 Firewall Table 58 Security > Firewall > Services LABEL DESCRIPTION Do not respond to Select this option to prevent hackers from finding the NBG460N by probing for requests for unused ports. If you select this option, the NBG460N will not respond to port unauthorized request(s) for unused ports, thus leaving the unused ports and the NBG460N services...
Page 158: Figure 99 Security > Firewall > Services > Adding A Rule
Chapter 13 Firewall Figure 99 Security > Firewall > Services > Adding a Rule The following table describes the labels in this screen. Table 59 Security > Firewall > Services > Adding a Rule LABEL DESCRIPTION Active Select this check box to turn the rule on. Address Type Do you want your rule to apply to packets with a particular (single) IP, a range of IP addresses (for example 192.168.1.10 to 192.169.1.50), a pool of IP address or...
Page 159 Chapter 13 Firewall Table 59 Security > Firewall > Services > Adding a Rule LABEL DESCRIPTION Available Services This is a list of pre-defined services (ports) you may prohibit your LAN computers from using. Select the port you want to block using the drop-down list and click Add to add the port to the Blocked Services field.
Page 160 Chapter 13 Firewall NBG460N User’s Guide...
Page 161: Content Filtering
H A P T E R Content Filtering This chapter provides a brief overview of content filtering using the embedded web GUI. 14.1 Introduction to Content Filtering Internet content filtering allows you to create and enforce Internet access policies tailored to your needs.
Page 162: Figure 100 Security > Content Filter > Filter
Chapter 14 Content Filtering Figure 100 Security > Content Filter > Filter The following table describes the labels in this screen. Table 60 Security > Content Filter > Filter LABEL DESCRIPTION Trusted Computer To enable this feature, type an IP address of any one of the computers in your IP Address network that you want to have as a trusted computer.
Page 163: Schedule
Chapter 14 Content Filtering Table 60 Security > Content Filter > Filter LABEL DESCRIPTION Keyword Type a keyword in this field. You may use any character (up to 64 characters). Wildcards are not allowed. You can also enter a numerical IP address. Keyword List This list displays the keywords already added.
Page 164: Customizing Keyword Blocking Url Checking
Full path URL checking has the NBG460N check the characters that come before the last slash in the URL. For example, with the URL www.zyxel.com.tw/news/pressroom.php, full path URL checking searches for keywords within www.zyxel.com.tw/news/. Use the ip urlfilter customize actionFlags 6 [disable | enable] command to extend (or not extend) the keyword blocking search to include the URL's full path.
Page 165: Ipsec Vpn
H A P T E R IPSec VPN 15.1 IPSec VPN Overview A virtual private network (VPN) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing. It is used to transport traffic over the Internet or any insecure network that uses TCP/IP for communication.
Page 166: What You Need To Know About Ipsec Vpn
Chapter 15 IPSec VPN 15.1.2 What You Need To Know About IPSec VPN A VPN tunnel is usually established in two phases. Each phase establishes a security association (SA), a contract indicating what security parameters the NBG460N and the remote IPSec router will use.
Page 167: Ipsec Sa (Ike Phase 2) Overview
Chapter 15 IPSec VPN You can usually provide a static IP address or a domain name for the remote IPSec router as well. Sometimes, you might not know the IP address of the remote IPSec router (for example, telecommuters). In this case, you can still set up the IKE SA, but only the remote IPSec router can initiate an IKE SA.
Page 168: Vpn Rule Setup (Basic)
Chapter 15 IPSec VPN The following table describes the fields in this screen. Table 62 Security > VPN > General LABEL DESCRIPTION This is the VPN policy index number. Active This field displays whether the VPN policy is active or not. This icon is turned on when the rule is enabled.
Page 169: Figure 105 Ipsec Fields Summary
Chapter 15 IPSec VPN Figure 105 IPSec Fields Summary Use this screen to configure a VPN rule. Figure 106 Security > VPN > General > Rule Setup: IKE (Basic) NBG460N User’s Guide...
Page 170: Table 63 Security > Vpn > Rule Setup: Ike (Basic)
Chapter 15 IPSec VPN The following table describes the labels in this screen. Table 63 SECURITY > VPN > Rule Setup: IKE (Basic) LABEL DESCRIPTION Property Active Select this check box to activate this VPN policy. Keep Alive Select this check box to have the NBG460N automatically reinitiate the SA after the SA lifetime times out, even if there is no traffic.
Page 171 Chapter 15 IPSec VPN Table 63 SECURITY > VPN > Rule Setup: IKE (Basic) (continued) LABEL DESCRIPTION Remote Policy Remote IP addresses must be static and correspond to the remote IPSec router's configured local IP addresses. The remote fields do not apply when the Secure Gateway IP Address field is configured to 0.0.0.0.
Page 172 Chapter 15 IPSec VPN Table 63 SECURITY > VPN > Rule Setup: IKE (Basic) (continued) LABEL DESCRIPTION Secure Gateway Type the WAN IP address or the domain name (up to 31 characters) of the IPSec Address router with which you're making the VPN connection. Set this field to 0.0.0.0 if the remote IPSec router has a dynamic WAN IP address (the IPSec Keying Mode field must be set to IKE).
Page 173: Vpn Rule Setup (Advanced)
Chapter 15 IPSec VPN Table 63 SECURITY > VPN > Rule Setup: IKE (Basic) (continued) LABEL DESCRIPTION Pre-Shared Key Type your pre-shared key in this field. A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. It is called "pre-shared" because you have to share it with another party before you can communicate with them over a secure connection.
Page 174: Figure 107 Security > Vpn > General > Rule Setup: Ike (Advanced)
Chapter 15 IPSec VPN Figure 107 Security > VPN > General > Rule Setup: IKE (Advanced) NBG460N User’s Guide...
Page 175: Table 64 Security > Vpn > Rule Setup: Ike (Advanced)
Chapter 15 IPSec VPN The following table describes the labels in this screen. Table 64 Security > VPN > Rule Setup: IKE (Advanced) LABEL DESCRIPTION Property Active Select this check box to activate this VPN policy. Keep Alive Select this check box to have the NBG460N automatically reinitiate the SA after the SA lifetime times out, even if there is no traffic.
Page 176 Chapter 15 IPSec VPN Table 64 Security > VPN > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Local Address End / When the local IP address is a single address, type it a second time here. Mask When the local IP address is a range, enter the end (static) IP address, in a range of computers on the LAN behind your NBG460N.
Page 177 Chapter 15 IPSec VPN Table 64 Security > VPN > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Local Content When you select IP in the Local ID Type field, type the IP address of your computer in the Local Content field. The NBG460N automatically uses the IP address in the My IP Address field (refer to the My IP Address field description) if you configure the Local Content field to 0.0.0.0 or leave it blank.
Page 178 Chapter 15 IPSec VPN Table 64 Security > VPN > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION IKE Phase 1 Negotiation Mode Select Main or Aggressive from the drop-down list box. Multiple SAs connecting through a secure gateway must have the same negotiation mode. Encryption Algorithm Select which key size and encryption algorithm to use in the IKE SA.
Page 179: Vpn Rule Setup (Manual)
Chapter 15 IPSec VPN Table 64 Security > VPN > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Authentication Select which hash algorithm to use to authenticate packet data in the IPSec SA. Algorithm Choices are SHA1 and MD5. SHA1 is generally considered stronger than MD5, but it is also slower.
Page 180: Figure 108 Security > Vpn > General > Rule Setup: Manual
Chapter 15 IPSec VPN 15.2.3.3 Authentication and the Security Parameter Index (SPI) For authentication, the NBG460N and remote IPSec router use the SPI, instead of pre-shared keys, ID type and content. The SPI is an identification number. Note: The NBG460N and remote IPSec router must use the same SPI. Figure 108 Security >...
Page 181 Chapter 15 IPSec VPN Table 65 Security > VPN > Rule Setup: Manual (continued) LABEL DESCRIPTION IPSec Keying Select IKE or Manual from the drop-down list box. IKE provides more protection Mode so it is generally recommended. Manual is a useful option for troubleshooting if you have problems using IKE key management.
Page 182 Chapter 15 IPSec VPN Table 65 Security > VPN > Rule Setup: Manual (continued) LABEL DESCRIPTION Remote Address For a single IP address, enter a (static) IP address on the network behind the remote IPSec router. For a specific range of IP addresses, enter the beginning (static) IP address, in a range of computers on the network behind the remote IPSec router.
Page 183: The Sa Monitor Screen
Chapter 15 IPSec VPN Table 65 Security > VPN > Rule Setup: Manual (continued) LABEL DESCRIPTION Enable Replay As a VPN setup is processing intensive, the system is vulnerable to Denial of Detection Service (DoS) attacks The IPSec receiver can detect and reject old or duplicate packets to protect against replay attacks.
Page 184: Vpn And Remote Management
Chapter 15 IPSec VPN The following table describes the labels in this screen. Table 66 Security > VPN > SA Monitor LABEL DESCRIPTION This is the security association index number. Name This field displays the identification name for this VPN policy. Encapsulation This field displays Tunnel or Transport mode.
Page 185: Ipsec Vpn Technical Reference
Chapter 15 IPSec VPN 15.5 IPSec VPN Technical Reference IKE SA Proposal The IKE SA proposal is used to identify the encryption algorithm, authentication algorithm, and Diffie-Hellman (DH) key group that the NBG460N and remote IPSec router use in the IKE SA.
Page 186: Figure 113 Ike Sa: Main Negotiation Mode, Steps 5 - 6: Authentication
Chapter 15 IPSec VPN Authentication Before the NBG460N and remote IPSec router establish an IKE SA, they have to verify each other’s identity. This process is based on pre-shared keys and router identities. In main mode, the NBG460N and remote IPSec router authenticate each other in steps 5 and 6, as illustrated below.
Page 187: Table 68 Vpn Example: Mismatching Id Type And Content
Chapter 15 IPSec VPN In the following example, the ID type and content do not match so the authentication fails and the NBG460N and the remote IPSec router cannot establish an IKE SA. Table 68 VPN Example: Mismatching ID Type and Content NBG460N REMOTE IPSEC ROUTER Local ID type: E-mail...
Page 188: Figure 114 Vpn/Nat Example
Chapter 15 IPSec VPN Figure 114 VPN/NAT Example If router A does NAT, it might change the IP addresses, port numbers, or both. If router X and router Y try to establish a VPN tunnel, the authentication fails because it depends on this information.
Page 189: Figure 115 Vpn: Transport And Tunnel Mode Encapsulation
Chapter 15 IPSec VPN These modes are illustrated below. Figure 115 VPN: Transport and Tunnel Mode Encapsulation Original Packet IP Header Data Header Transport Mode Packet IP Header AH/ESP Data Header Header Tunnel Mode Packet IP Header AH/ESP IP Header Data Header Header...
Page 190: Additional Ipsec Vpn Topics
Chapter 15 IPSec VPN Additional IPSec VPN Topics This section discusses other IPSec VPN topics that apply to either IKE SAs or IPSec SAs or both. Relationships between the topics are also highlighted. SA Life Time SAs have a lifetime that specifies how long the SA lasts until it times out. When an SA times out, the NBG460N automatically renegotiates the SA in the following situations: •...
Page 191: Figure 116 Private Dns Server Example
Chapter 15 IPSec VPN The following figure depicts an example where one VPN tunnel is created from an NBG460N at branch office (B) to headquarters (HQ). In order to access computers that use private domain names on the HQ network, the NBG460N at B uses the Intranet DNS server in headquarters.
Page 192 Chapter 15 IPSec VPN NBG460N User’s Guide...
Page 193: Management
Management Static Route Screens (195) Bandwidth Management (199) Remote Management (209) Universal Plug-and-Play (UPnP) (215)
Page 195: Static Route Screens
H A P T E R Static Route Screens This chapter shows you how to configure static routes for your NBG460N. 16.1 Static Route Overview The NBG460N usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the NBG460N send data to devices not reachable through the default gateway, use static routes.
Page 196: Static Route Setup Screen
Chapter 16 Static Route Screens Figure 118 Management > Static Route > IP Static Route The following table describes the labels in this screen. Table 69 Management > Static Route > IP Static Route LABEL DESCRIPTION This is the index number of an individual static route. The first entry is for the default route and not editable.
Page 197: Figure 119 Management > Static Route > Ip Static Route: Static Route Setup
Chapter 16 Static Route Screens Figure 119 Management > Static Route > IP Static Route: Static Route Setup The following table describes the labels in this screen. Table 70 Management > Static Route > IP Static Route: Static Route Setup LABEL DESCRIPTION Route Name...
Page 198 Chapter 16 Static Route Screens NBG460N User’s Guide...
Page 199: Bandwidth Management
NBG460N’s bandwidth management logs. 17.1 Bandwidth Management Overview ZyXEL’s Bandwidth Management allows you to specify bandwidth management rules based on an application and/or subnet. You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth rules.
Page 200: Application And Subnet-Based Bandwidth Management
Chapter 17 Bandwidth Management The following figure shows LAN subnets. You could configure one bandwidth class for subnet A and another for subnet B. Figure 120 Subnet-based Bandwidth Management Example 17.4 Application and Subnet-based Bandwidth Management You could also create bandwidth classes based on a combination of a subnet and an application.
Page 201: Predefined Bandwidth Management Services
Chapter 17 Bandwidth Management Table 72 Bandwidth Management Priorities PRIORITY LEVELS: TRAFFIC WITH A HIGHER PRIORITY GETS THROUGH FASTER WHILE TRAFFIC WITH A LOWER PRIORITY IS DROPPED IF THE NETWORK IS CONGESTED. Typically used for “excellent effort” or better than best effort and would include important business traffic that can tolerate some delay.
Page 202: Default Bandwidth Management Classes And Priorities
Chapter 17 Bandwidth Management 17.7 Default Bandwidth Management Classes and Priorities If you enable bandwidth management but do not configure a rule for critical traffic like VoIP, the voice traffic may then get delayed due to insufficient bandwidth. With the automatic traffic classifier feature activated, the NBG460N automatically assigns a default bandwidth management class and priority to traffic that does not match any of the user-defined rules.
Page 203: Bandwidth Management Advanced Configuration
Chapter 17 Bandwidth Management The following table describes the labels in this screen. Table 75 Management > Bandwidth MGMT > General LABEL DESCRIPTION Enable Bandwidth Select this check box to have the NBG460N apply bandwidth management. Management Enable bandwidth management to give traffic that matches a bandwidth rule priority over traffic that does not match a bandwidth rule.
Page 204: Table 76 Management > Bandwidth Mgmt > Advanced
Chapter 17 Bandwidth Management The following table describes the labels in this screen. Table 76 Management > Bandwidth MGMT > Advanced LABEL DESCRIPTION Check my Click the Detection button to check the size of your upstream bandwidth. upstream bandwidth Upstream Enter the amount of bandwidth in kbps (2 to 100,000) that you want to allocate for Bandwidth (kbps) traffic.
Page 205: Rule Configuration With The Pre-Defined Service
Chapter 17 Bandwidth Management 17.9.1 Rule Configuration with the Pre-defined Service To edit a bandwidth management rule for the pre-defined service in the NBG460N, click the Edit icon in the Application List table of the Advanced screen. The following screen displays.
Page 206: Bandwidth Management Monitor
Chapter 17 Bandwidth Management Figure 124 Management > Bandwidth MGMT > Advanced: User-defined Service Rule Configuration The following table describes the labels in this screen Table 78 Management > Bandwidth MGMT > Advanced: User-defined Service Rule Configuration LABEL DESCRIPTION BW Budget Select Maximum Bandwidth or Minimum Bandwidth and specify the maximum or minimum bandwidth allowed for the rule in kilobits per second.
Page 207: Figure 125 Management > Bandwidth Mgmt > Monitor
Chapter 17 Bandwidth Management Figure 125 Management > Bandwidth MGMT > Monitor NBG460N User’s Guide...
Page 208 Chapter 17 Bandwidth Management NBG460N User’s Guide...
Page 209: Remote Management
H A P T E R Remote Management This chapter provides information on the Remote Management screens. 18.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which NBG460N interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
Page 210: Remote Management And Nat
Chapter 18 Remote Management 1 You have disabled that service in one of the remote management screens. 2 The IP address in the Secured Client IP Address field does not match the client IP address. If it does not match, the NBG460N will disconnect the session immediately. 3 There is already another remote management session with an equal or higher priority running.
Page 211: Telnet
Chapter 18 Remote Management LABEL DESCRIPTION Secured Client IP A secured client is a “trusted” computer that is allowed to communicate with the Address NBG460N using this service. Select All to allow any computer to access the NBG460N using this service. Choose Selected to just allow the computer with the IP address that you specify to access the NBG460N using this service.
Page 212: Ftp Screen
Chapter 18 Remote Management 18.5 FTP Screen You can use FTP (File Transfer Protocol) to upload and download the NBG460N’s firmware and configuration files. To use this feature, your computer must have an FTP client. To change your NBG460N’s FTP settings, click Management > Remote MGMT > FTP. The screen appears as shown.
Page 213: Figure 129 Management > Remote Mgmt > Dns
Chapter 18 Remote Management Figure 129 Management > Remote MGMT > DNS The following table describes the labels in this screen. Table 82 Management > Remote MGMT > DNS LABEL DESCRIPTION Server Port The DNS service port number is 53 and cannot be changed here. Server Access Select the interface(s) through which a computer may send DNS queries to the NBG460N.
Page 214 Chapter 18 Remote Management NBG460N User’s Guide...
Page 215: Universal Plug-And-Play (Upnp)
H A P T E R Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 19.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
Page 216: Upnp And Zyxel
All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. 19.2 UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum UPnP™ Implementers Corp. (UIC). ZyXEL's UPnP implementation supports Internet Gateway Device (IGD) 1.0.
Page 217: Installing Upnp In Windows Example
Chapter 19 Universal Plug-and-Play (UPnP) Table 83 Management > UPnP > General LABEL DESCRIPTION Apply Click Apply to save the setting to the NBG460N. Reset Click Reset to begin configuring this screen afresh. 19.4 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP. 19.4.0.1 Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me.
Page 218: Figure 132 Add/Remove Programs: Windows Setup: Communication: Components
Chapter 19 Universal Plug-and-Play (UPnP) Figure 132 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel.
Page 219: Figure 134 Windows Optional Networking Components Wizard
Chapter 19 Universal Plug-and-Play (UPnP) Figure 134 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Figure 135 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next.
Page 220: Figure 136 Network Connections
Chapter 19 Universal Plug-and-Play (UPnP) 19.4.0.2 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the NBG460N. Make sure the computer is connected to a LAN port of the NBG460N.
Page 221: Figure 137 Internet Connection Properties
Chapter 19 Universal Plug-and-Play (UPnP) Figure 137 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings. NBG460N User’s Guide...
Page 222: Figure 138 Internet Connection Properties: Advanced Settings
Chapter 19 Universal Plug-and-Play (UPnP) Figure 138 Internet Connection Properties: Advanced Settings Figure 139 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Page 223: Figure 140 System Tray Icon
Chapter 19 Universal Plug-and-Play (UPnP) Figure 140 System Tray Icon 7 Double-click on the icon to display your current Internet connection status. Figure 141 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the NBG460N without finding out the IP address of the NBG460N first.
Page 224: Figure 142 Network Connections
Chapter 19 Universal Plug-and-Play (UPnP) Figure 142 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your NBG460N and select Invoke. The web configurator login screen displays. NBG460N User’s Guide...
Page 225: Figure 143 Network Connections: My Network Places
Chapter 19 Universal Plug-and-Play (UPnP) Figure 143 Network Connections: My Network Places 6 Right-click on the icon for your NBG460N and select Properties. A properties window displays with basic information about the NBG460N. Figure 144 Network Connections: My Network Places: Properties: Example NBG460N User’s Guide...
Page 226 Chapter 19 Universal Plug-and-Play (UPnP) NBG460N User’s Guide...
Page 227: Maintenance And Troubleshooting
Maintenance and Troubleshooting System (229) Logs (233) Tools (251) Configuration Mode (257) Sys Op Mode (259) Language (263) Troubleshooting (265)
Page 229: System
H A P T E R System This chapter provides information on the System screens. 20.1 System Overview See the chapter about wizard setup for more information on the next few screens. 20.2 System General Screen Click Maintenance > System. The following screen displays. Figure 145 Maintenance >...
Page 230: Time Setting Screen
Chapter 20 System Table 84 Maintenance > System > General LABEL DESCRIPTION Administrator Type how many minutes a management session can be left idle before the Inactivity Timer session times out. The default is 5 minutes. After it times out you have to log in with your password again.
Page 231: Table 85 Maintenance > System > Time Setting
Chapter 20 System The following table describes the labels in this screen. Table 85 Maintenance > System > Time Setting LABEL DESCRIPTION Current Time and Date Current Time This field displays the time of your NBG460N. Each time you reload this page, the NBG460N synchronizes the time with the time server.
Page 232 Chapter 20 System Table 85 Maintenance > System > Time Setting LABEL DESCRIPTION End Date Configure the day and time when Daylight Saving Time ends if you selected Daylight Savings. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the last Sunday of October.
Page 233: Logs
H A P T E R Logs This chapter contains information about configuring general log settings and viewing the NBG460N’s logs. Refer to the appendices for example log message explanations. 21.1 View Log The web configurator allows you to look at all of the NBG460N’s logs in one location. Click Maintenance >...
Page 234: Log Settings
Chapter 21 Logs The following table describes the labels in this screen. Table 86 Maintenance > Logs > View Log LABEL DESCRIPTION Display The categories that you select in the Log Settings page (see Section 21.2 on page 234) display in the drop-down list box. Select a category of logs to view;...
Page 235: Figure 148 Maintenance > Logs > Log Settings
Chapter 21 Logs Figure 148 Maintenance > Logs > Log Settings The following table describes the labels in this screen. Table 87 Maintenance > Logs > Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
Page 236 Chapter 21 Logs Table 87 Maintenance > Logs > Log Settings LABEL DESCRIPTION Send Alerts To Alerts are real-time notifications that are sent as soon as an event, such as a DoS attack, system error, or forbidden web access attempt occurs. Enter the E- mail address where the alert messages will be sent.
Page 237: Log Descriptions
Chapter 21 Logs 21.3 Log Descriptions This section provides descriptions of example log messages. Table 88 System Maintenance Logs LOG MESSAGE DESCRIPTION The router has adjusted its time based on information from Time calibration is the time server. successful The router failed to get information from the time server. Time calibration failed A WAN interface got a new IP address from the DHCP, WAN interface gets IP:%s...
Page 238: Table 89 System Error Logs
Chapter 21 Logs Table 89 System Error Logs LOG MESSAGE DESCRIPTION This attempt to create a NAT session exceeds the maximum %s exceeds the max. number of NAT session table entries allowed to be created per number of session per host.
Page 239: Table 92 Packet Filter Logs
Chapter 21 Logs Table 91 TCP Reset Logs (continued) LOG MESSAGE DESCRIPTION The router sent a TCP reset packet when a dynamic firewall Firewall session time session timed out. out, sent TCP RST The default timeout values are as follows: ICMP idle timeout: 3 minutes UDP idle timeout: 3 minutes TCP connection (three way handshaking) timeout: 270 seconds...
Page 240: Table 94 Cdr Logs
Chapter 21 Logs Table 94 CDR Logs LOG MESSAGE DESCRIPTION The router received the setup requirements for a call. “call” is board%d line%d channel%d, the reference (count) number of the call. “dev” is the device call%d,%s C01 Outgoing Call type (3 is for dial-up, 6 is for PPPoE, 10 is for PPTP). dev=%x ch=%x%s "channel"...
Page 241: Table 98 Attack Logs
Chapter 21 Logs Table 97 Content Filtering Logs (continued) LOG MESSAGE DESCRIPTION The router detected proxy mode in the packet. %s: Proxy mode detected The content filter server responded that the web site is in the blocked category list, but it did not return the category type. The content filter server responded that the web site is in the blocked %s:%s category list, and returned the category type.
Page 242: Table 99 Ipsec Logs
Chapter 21 Logs Table 98 Attack Logs (continued) LOG MESSAGE DESCRIPTION The firewall detected an UDP teardrop attack. teardrop UDP The firewall detected an ICMP teardrop attack. For type and code teardrop ICMP (type:%d, details, see Table 104 on page 247.
Page 243 Chapter 21 Logs Table 100 IKE Logs (continued) LOG MESSAGE DESCRIPTION The connection failed during IKE phase 2 because the router Verifying Local ID failed: and the peer’s Local/Remote Addresses don’t match. The router retransmitted the last packet sent because there IKE Packet Retransmit was no response from the peer.
Page 244 Chapter 21 Logs Table 100 IKE Logs (continued) LOG MESSAGE DESCRIPTION The router could not find a known phase 1 ID in the No known phase 1 ID type connection attempt. found The phase 1 ID types do not match. ID type mismatch.
Page 245: Table 101 Pki Logs
Chapter 21 Logs Table 100 IKE Logs (continued) LOG MESSAGE DESCRIPTION Rule [%d] Phase 1 ID mismatch The listed rule’s IKE phase 1 ID did not match between the router and the peer. The listed rule’s IKE phase 1 hash did not match between the Rule [%d] Phase 1 hash router and the peer.
Page 246: Table 102 802.1X Logs
Chapter 21 Logs Table 101 PKI Logs (continued) LOG MESSAGE DESCRIPTION The router received a user certificate, with subject name as recorded, Rcvd user cert: from the LDAP server whose IP address and port are recorded in the <subject name> Source field.
Page 247: Table 103 Acl Setting Notes
Chapter 21 Logs Table 102 802.1X Logs (continued) LOG MESSAGE DESCRIPTION The router logged out a user who ended the session. User logout because of user deassociation. The router logged out a user from which there was no User logout because of no authentication response.
Page 248: Table 105 Syslog Logs
Chapter 21 Logs Table 104 ICMP Notes (continued) TYPE CODE DESCRIPTION Source route failed Source Quench A gateway may discard internet datagrams if it does not have the buffer space needed to queue the datagrams for output to the next network on the route to the destination network.
Page 249: Table 106 Rfc-2408 Isakmp Payload Types
Chapter 21 Logs The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC for detailed information on each type. Table 106 RFC-2408 ISAKMP Payload Types LOG DISPLAY PAYLOAD TYPE Security Association Proposal PROP Transform TRANS Key Exchange...
Page 250 Chapter 21 Logs NBG460N User’s Guide...
Page 251: Tools
NBG460N. 22.1 Firmware Upload Screen Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a “*.bin” extension, e.g., “NBG460N.bin”. The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot.
Page 252: Configuration Screen
Chapter 22 Tools Figure 150 Upload Warning The NBG460N automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 151 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen. If the upload was not successful, the following screen will appear.
Page 253: Backup Configuration
Chapter 22 Tools Figure 153 Maintenance > Tools > Configuration 22.2.1 Backup Configuration Backup configuration allows you to back up (save) the NBG460N’s current configuration to a file on your computer. Once your NBG460N is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes.
Page 254: Back To Factory Defaults
Chapter 22 Tools Figure 154 Configuration Restore Successful The NBG460N automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 155 Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default NBG460N IP address (192.168.1.1).
Page 255: Wake On Lan
Chapter 22 Tools Click Maintenance > Tools > Restart. Click Restart to have the NBG460N reboot. This does not affect the NBG460N's configuration. Figure 157 Maintenance > Tools > Restart 22.4 Wake On LAN Wake On LAN (WoL) allows you to remotely turn on a device on the network. To use this feature the remote hardware (for example the network adapter on your computer) must support Wake On LAN using the “Magic Packet”...
Page 256 Chapter 22 Tools NBG460N User’s Guide...
Page 257: Configuration Mode
H A P T E R Configuration Mode Click Maintenance > Config Mode to open the following screen. This screen allows you to hide or display the advanced screens of some features or the advanced features, such as MAC filter or static route. Basic is selected by default and you cannot see the advanced screens or features.
Page 258: Table 111 Advanced Configuration Options
Chapter 23 Configuration Mode Table 111 Advanced Configuration Options CATEGORY LINK Network Wireless LAN MAC Filter Advanced Scheduling Advanced IP Alias Advanced DHCP Server Advanced Advanced Security Firewall Services Content Filter Schedule Management Static Route IP Static Route Bandwidth MGMT Advanced Monitor Remote MGMT...
Page 259: Sys Op Mode
H A P T E R Sys Op Mode 24.1 Overview The Sys Op Mode (System Operation Mode) function lets you configure whether your NBG460N is a router or AP. You can choose between Router Mode and AP Mode depending on your network topology and the features you require from your device.
Page 260: Selecting System Operation Mode
Chapter 24 Sys Op Mode Figure 161 IP Address in AP Mode 1 IP Internet 24.2 Selecting System Operation Mode Use this screen to select how you connect to the Internet. Figure 162 Maintenance > Sys OP Mode > General If you select Router Mode, the following pop-up message window appears.
Page 261: Figure 164 Maintenance > Sys Op Mode > General: Ap
Chapter 24 Sys Op Mode Figure 164 Maintenance > Sys Op Mode > General: AP • In AP Mode all Ethernet ports have the same IP address. • All ports on the rear panel of the device are LAN ports, including the port labeled WAN. There is no WAN port.
Page 262 Chapter 24 Sys Op Mode NBG460N User’s Guide...
Page 263: Language
H A P T E R Language Use this screen to change the language for the web configurator display. 25.1 Language Screen Click the language you prefer. The web configurator language changes after a while without restarting the NBG460N. Figure 165 Language NBG460N User’s Guide...
Page 264 Chapter 25 Language NBG460N User’s Guide...
Page 265: Troubleshooting
H A P T E R Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • NBG460N Access and Login • Internet Access •...
Page 266: Nbg460N Access And Login
Chapter 26 Troubleshooting 26.2 NBG460N Access and Login I don’t know the IP address of my NBG460N. 1 The default IP address is 192.168.1.1. 2 If you changed the IP address and have forgotten it, you might get the IP address of the NBG460N by looking up the IP address of the default gateway for your computer.
Page 267 Chapter 26 Troubleshooting 2 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide. 3 Make sure your Internet browser does not block pop-up windows and has JavaScripts and Java enabled. See Appendix B on page 279.
Page 268: Internet Access
Chapter 26 Troubleshooting See the troubleshooting suggestions for I cannot see or access the Login screen in the web configurator. Ignore the suggestions about your browser. 26.3 Internet Access I cannot access the Internet. 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide.
Page 269: Resetting The Nbg460N To Its Factory Defaults
Chapter 26 Troubleshooting interfering with the wireless network (for example, microwaves, other wireless networks, and so on). 3 Reboot the NBG460N. 4 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions •...
Page 270: Advanced Features
Chapter 26 Troubleshooting 4 Make sure your computer (with a wireless adapter installed) is within the transmission range of the NBG460N. 5 Check that both the NBG460N and your wireless station are using the same wireless and wireless security settings. 6 Make sure traffic between the WLAN and the LAN is not blocked by the firewall on the NBG460N.
Page 271: Appendices And Index
Appendices and Index Product Specifications and Wall-Mounting Instructions (273) Pop-up Windows, JavaScripts and Java Permissions (279) IP Addresses and Subnetting (285) Setting up Your Computer’s IP Address (293) Wireless LANs (309) Services (321) Legal Information (325) Customer Support (329) Index (335)
Page 273: Appendix A Product Specifications And Wall-Mounting Instructions
P P E N D I X Product Specifications and Wall- Mounting Instructions The following tables summarize the NBG460N’s hardware and firmware features. Table 113 Hardware Features Dimensions (W x D x H) 190 x 150 x 33 mm Weight 362g Power Specification Input: 120~240 AC, 50~60 Hz...
Page 274: Table 114 Firmware Features
Bluetooth enabled devices, and other wireless LANs. Firmware Upgrade Download new firmware (when available) from the ZyXEL web site and use the web configurator, an FTP or a TFTP tool to put it on the NBG460N.
Page 275: Table 115 Feature Specifications
DNS servers to computers on your network. Dynamic DNS Support With Dynamic DNS (Domain Name System) support, you can use a fixed URL, www.zyxel.com for example, with a dynamic IP address. You must register for this service with a Dynamic DNS service provider. IP Multicast IP Multicast is used to send traffic to a specific group of computers.
Page 276: Table 116 Standards Supported
Appendix A Product Specifications and Wall-Mounting Instructions The following list, which is not exhaustive, illustrates the standards supported in the NBG460N. Table 116 Standards Supported STANDARD DESCRIPTION RFC 867 Daytime Protocol RFC 868 Time Protocol. RFC 1058 RIP-1 (Routing Information Protocol) RFC 1112 IGMP v1 RFC 1305...
Page 277: Figure 166 Wall-Mounting Example
Appendix A Product Specifications and Wall-Mounting Instructions Be careful to avoid damaging pipes or cables located inside the wall when drilling holes for the screws. 3 Do not screw the screws all the way into the wall. Leave a small gap of about 0.5 cm between the heads of the screws and the wall.
Page 278: Figure 167 Masonry Plug And M4 Tap Screw
Appendix A Product Specifications and Wall-Mounting Instructions Figure 167 Masonry Plug and M4 Tap Screw NBG460N User’s Guide...
Page 279: Appendix B Pop-Up Windows, Javascripts And Java Permissions
P P E N D I X Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Internet Explorer 6 screens are used here.
Page 280: Figure 169 Internet Options: Privacy
Appendix B Pop-up Windows, JavaScripts and Java Permissions 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 169 Internet Options: Privacy 3 Click Apply to save this setting. Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps.
Page 281: Figure 170 Internet Options: Privacy
Appendix B Pop-up Windows, JavaScripts and Java Permissions Figure 170 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 171 Pop-up Blocker Settings NBG460N User’s Guide...
Page 282: Figure 172 Internet Options: Security
Appendix B Pop-up Windows, JavaScripts and Java Permissions 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.
Page 283: Figure 173 Security Settings - Java Scripting
Appendix B Pop-up Windows, JavaScripts and Java Permissions Figure 173 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected.
Page 284: Figure 175 Java (Sun)
Appendix B Pop-up Windows, JavaScripts and Java Permissions JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Figure 175 Java (Sun) NBG460N User’s Guide...
Page 285: Appendix C Ip Addresses And Subnetting
P P E N D I X IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network.
Page 286: Figure 176 Network Number And Host Id
Appendix C IP Addresses and Subnetting Figure 176 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation).
Page 287: Table 118 Subnet Masks
Appendix C IP Addresses and Subnetting Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Table 118 Subnet Masks BINARY DECIMAL 4TH OCTET OCTET...
Page 288: Figure 177 Subnetting Example: Before Subnetting
Appendix C IP Addresses and Subnetting Table 120 Alternative Subnet Mask Notation (continued) ALTERNATIVE LAST OCTET LAST OCTET SUBNET MASK NOTATION (BINARY) (DECIMAL) 255.255.255.192 1100 0000 255.255.255.224 1110 0000 255.255.255.240 1111 0000 255.255.255.248 1111 1000 255.255.255.252 1111 1100 Subnetting You can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons.
Page 289: Figure 178 Subnetting Example: After Subnetting
Appendix C IP Addresses and Subnetting Figure 178 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 2 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address).
Page 290: Table 122 Subnet 2
Appendix C IP Addresses and Subnetting Table 122 Subnet 2 LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.65 192.168.1.64 Broadcast Address: Highest Host ID: 192.168.1.126 192.168.1.127 Table 123 Subnet 3...
Page 291: Table 126 24-Bit Network Number Subnet Planning
Appendix C IP Addresses and Subnetting Table 125 Eight Subnets (continued) SUBNET LAST BROADCAST SUBNET FIRST ADDRESS ADDRESS ADDRESS ADDRESS Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 126 24-bit Network Number Subnet Planning NO.
Page 292: Private Ip Addresses
Appendix C IP Addresses and Subnetting Table 127 16-bit Network Number Subnet Planning (continued) NO. “BORROWED” NO. HOSTS PER SUBNET MASK NO. SUBNETS HOST BITS SUBNET 255.255.255.252 (/30) 16384 255.255.255.254 (/31) 32768 Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
Page 293: Appendix D Setting Up Your Computer's Ip Address
P P E N D I X Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer.
Page 294: Figure 179 Windows 95/98/Me: Network: Configuration
Appendix D Setting up Your Computer’s IP Address Figure 179 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
Page 295: Figure 180 Windows 95/98/Me: Tcp/Ip Properties: Ip Address
Appendix D Setting up Your Computer’s IP Address Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • If your IP address is dynamic, select Obtain an IP address automatically. •...
Page 296: Figure 181 Windows 95/98/Me: Tcp/Ip Properties: Dns Configuration
Appendix D Setting up Your Computer’s IP Address Figure 181 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window.
Page 297: Figure 182 Windows Xp: Start Menu
Appendix D Setting up Your Computer’s IP Address Figure 182 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 183 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. NBG460N User’s Guide...
Page 298: Figure 184 Windows Xp: Control Panel: Network Connections: Properties
Appendix D Setting up Your Computer’s IP Address Figure 184 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 185 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Page 299: Figure 186 Windows Xp: Internet Protocol (Tcp/Ip) Properties
Appendix D Setting up Your Computer’s IP Address Figure 186 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
Page 300: Figure 187 Windows Xp: Advanced Tcp/Ip Properties
Appendix D Setting up Your Computer’s IP Address Figure 187 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
Page 301: Figure 188 Windows Xp: Internet Protocol (Tcp/Ip) Properties
Appendix D Setting up Your Computer’s IP Address Figure 188 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window.
Page 302: Figure 189 Macintosh Os 8/9: Apple Menu
Appendix D Setting up Your Computer’s IP Address Figure 189 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 190 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: NBG460N User’s Guide...
Page 303: Figure 191 Macintosh Os X: Apple Menu
Appendix D Setting up Your Computer’s IP Address • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your Prestige in the Router address box. 5 Close the TCP/IP Control Panel.
Page 304: Figure 192 Macintosh Os X: Network
Appendix D Setting up Your Computer’s IP Address Figure 192 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. •...
Page 305: Figure 193 Red Hat 9.0: Kde: Network Configuration: Devices
Appendix D Setting up Your Computer’s IP Address Make sure you are logged in as the root administrator. Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. 1 Click the Red Hat button (located on the bottom left corner), select System Setting and click Network.
Page 306: Figure 194 Red Hat 9.0: Kde: Ethernet Device: General
Appendix D Setting up Your Computer’s IP Address Figure 194 Red Hat 9.0: KDE: Ethernet Device: General • If you have a dynamic IP address click Automatically obtain IP address settings with and select dhcp from the drop down list. •...
Page 307: Figure 196 Red Hat 9.0: Kde: Network Configuration: Activate
Appendix D Setting up Your Computer’s IP Address Figure 196 Red Hat 9.0: KDE: Network Configuration: Activate 7 After the network card restart process is complete, make sure the Status is Active in the Network Configuration screen. Using Configuration Files Follow the steps below to edit the network configuration files and set your computer IP address.
Page 308: Verifying Settings
Appendix D Setting up Your Computer’s IP Address 2 If you know your DNS server IP address(es), enter the DNS server information in the file in the directory. The following figure shows an example where resolv.conf /etc two DNS server IP addresses are specified. Figure 199 Red Hat 9.0: DNS Settings in resolv.conf nameserver 172.23.5.1 nameserver 172.23.5.2...
Page 309: Appendix E Wireless Lans
P P E N D I X Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an Ad-hoc network or Independent Basic Service Set (IBSS).
Page 310: Figure 203 Basic Service Set
Appendix E Wireless LANs Figure 203 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN.
Page 311: Figure 204 Infrastructure Wlan
Appendix E Wireless LANs Figure 204 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference.
Page 312: Figure 205 Rts/Cts
Appendix E Wireless LANs Figure 205 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
Page 313: Table 128 Ieee 802.11G
Appendix E Wireless LANs If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Preamble Type A preamble is used to synchronize the transmission timing in your wireless network.
Page 314: Types Of Radius Messages
Appendix E Wireless LANs • User based identification that allows for roaming. • Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and accounting management on a network RADIUS server. • Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional authentication methods to be deployed with no changes to the access point or the wireless stations.
Page 315: Types Of Authentication
Appendix E Wireless LANs In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password, they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is also encrypted to protect the network from unauthorized access.
Page 316: Table 129 Comparison Of Eap Authentication Types
Appendix E Wireless LANs PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication.
Page 317 Appendix E Wireless LANs Key differences between WPA(2) and WEP are improved data encryption and user authentication. Encryption Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. In addition to TKIP, WPA2 also uses Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption.
Page 318: Wpa(2)-Psk Application Example
Appendix E Wireless LANs 26.6.2 WPA(2)-PSK Application Example A WPA(2)-PSK application looks as follows. 1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters (including spaces and symbols).
Page 319: Table 130 Wireless Security Relational Matrix
Appendix E Wireless LANs Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. MAC address filters are not dependent on how you configure these security features. Table 130 Wireless Security Relational Matrix AUTHENTICATION ENCRYPTIO...
Page 320 Appendix E Wireless LANs NBG460N User’s Guide...
Page 321: Table 131 Examples Of Services
7648 A popular videoconferencing solution from White Pines Software. TCP/UDP 24032 TCP/UDP Domain Name Server, a service that matches web names (e.g. www.zyxel.com) to IP numbers. User-Defined The IPSEC ESP (Encapsulation Security (IPSEC_TUNNEL) Protocol) tunneling protocol uses this service. FINGER...
Page 322: Appendix F Services
Appendix F Services Table 131 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION H.323 1720 NetMeeting uses this protocol. HTTP Hyper Text Transfer Protocol - a client/ server protocol for the world wide web. HTTPS HTTPS is a secured http session often used in e-commerce.
Page 323 Appendix F Services Table 131 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION PPTP_TUNNEL User-Defined PPTP (Point-to-Point Tunneling Protocol) (GRE) enables secure transfer of data over public networks. This is the data channel. RCMD Remote Command Service. REAL_AUDIO 7070 A streaming audio service that enables real time sound over the web.
Page 324 Appendix F Services Table 131 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION TFTP Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE 7000 A videoconferencing solution.
Page 325: Appendix G Legal Information
Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others.
Page 326 This Class B digital apparatus complies with Canadian ICES-003. Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada. Viewing Certifications 1 Go to http://www.zyxel.com. 2 Select your product on the ZyXEL home page to go to that product's page. NBG460N User’s Guide...
Page 327: Zyxel Limited Warranty
Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.
Page 328 Appendix G Legal Information NBG460N User’s Guide...
Page 329: Appendix H Customer Support
In the event of problems that cannot be solved by using this manual, you should contact your vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in which you bought the device. Regional offices are listed below (see also http:// www.zyxel.com/web/contact_us.php).
Page 330 • Regular Mail: ZyXEL Communications Oy, Malminkaari 10, 00700 Helsinki, Finland France • E-mail: info@zyxel.fr • Telephone: +33-4-72-52-97-97 • Fax: +33-4-72-52-19-20 • Web: www.zyxel.fr • Regular Mail: ZyXEL France, 1 rue des Vergers, Bat. 1 / C, 69760 Limonest, France NBG460N User’s Guide...
Page 331 • Sales E-mail: sales@zyxel.in • Telephone: +91-11-30888144 to +91-11-30888153 • Fax: +91-11-30888149, +91-11-26810715 • Web: http://www.zyxel.in • Regular Mail: India - ZyXEL Technology India Pvt Ltd., II-Floor, F2/9 Okhla Phase -1, New Delhi 110020, India Japan • Support E-mail: support@zyxel.co.jp •...
Page 332 • Sales E-mail: sales@zyxel.com.my • Telephone: +603-8076-9933 • Fax: +603-8076-9833 • Web: http://www.zyxel.com.my • Regular Mail: ZyXEL Malaysia Sdn Bhd., 1-02 & 1-03, Jalan Kenari 17F, Bandar Puchong Jaya, 47100 Puchong, Selangor Darul Ehsan, Malaysia North America • Support E-mail: support@zyxel.com •...
Page 333 • Support E-mail: support@zyxel.com.sg • Sales E-mail: sales@zyxel.com.sg • Telephone: +65-6899-6678 • Fax: +65-6899-8887 • Web: http://www.zyxel.com.sg • Regular Mail: ZyXEL Singapore Pte Ltd., No. 2 International Business Park, The Strategy #03-28, Singapore 609930 Spain • Support E-mail: support@zyxel.es • Sales E-mail: sales@zyxel.es •...
Page 334 • Sales E-mail: sales@zyxel.co.uk • Telephone: +44-1344-303044, 08707-555779 (UK only) • Fax: +44-1344-303034 • Web: www.zyxel.co.uk • FTP: ftp.zyxel.co.uk • Regular Mail: ZyXEL Communications UK Ltd., 11 The Courtyard, Eastern Road, Bracknell, Berkshire RG12 2XB, United Kingdom (UK) NBG460N User’s Guide...
Page 335: Index
Index Index active protocol Certificate Authority and encapsulation certifications notices ActiveX viewing address resolution protocol (ARP) Channel 41, 67, 311 Interference and transport mode channel Alert command interface alternative subnet mask notation Configuration any IP backup note reset the factory defaults restore contact information AP (Access Point)
Page 336 185, 190 Diffie-Hellman key group encryption algorithms 185, 190 ID content ID type IP address, remote IPSec router Factory LAN defaults IP address, ZyXEL Device FCC interference statement local identity feature specifications main mode 166, 187 NAT traversal File Transfer Program...
Page 337 Index SA life time IKE SA. See also VPN. Independent Basic Service Set Keep alive Install UPnP Windows Me Windows XP Internet Assigned Numbers Authority See IANA Internet connection Ethernet IP pool setup PPPoE. see also PPP over Ethernet PPTP LAN overview WAN connection LAN Setup...
Page 338 Index and VPN overview port forwarding see also Network Address Translation server sets QoS priorities NAT session Quality of Service (QoS) NAT Traversal NAT traversal Navigation Panel 42, 68 navigation panel 42, 68 NetBIOS 125, 132 see also Network Basic Input/Output System RADIUS Shared Secret Key Network Address Translation...
Page 339 Index Scheduling process security associations. See VPN. Security Parameters Service and port numbers Service Set Service Set IDentification Universal Plug and Play Service Set IDentity. See SSID. Application services UPnP and port numbers Forum and protocols security issues Session Initiated Protocol URL Keyword Blocking Simple Mail Transfer Protocol Use Authentication...
Page 340 Index Overview Web configurator navigating Xbox Live web configurator Web Proxy WEP Encryption WEP encryption WEP key Wi-Fi Multimedia QoS ZyNOS 40, 67 Wildcard Windows Networking Wireless association list wireless channel wireless LAN wireless LAN scheduling Wireless LAN wizard Wireless network basic guidelines channel encryption...

ZyXEL Communications NBG-460N User Manual

Chapter 1 Getting to Know Your NBG460N

Chapter 2 The WPS Button

Chapter 3 Introducing the Web Configurator

Chapter 4 Connection Wizard

Chapter 5 AP Mode

Chapter 6 Tutorials

Chapter 7 Wireless LAN

Chapter 8 WAN

Chapter 9 LAN

Chapter 10 DHCP

Chapter 11 Network Address Translation (NAT)

Chapter 12 Dynamic DNS

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications NBG-460N

Summary of Contents for ZyXEL Communications NBG-460N