ZyXEL – SBG Support Notes Chapter 1 Introduction The ZyXEL SBG (Small Business Gateway) Series is the ―Multi-WAN Gateway‖ which provides high speed internet access for business users. It features not only VDSL2/ADSL2+ functionality, but also one GbE WAN with SFP interface (SBG3500-N Series only).
Chapter 2 Multi-WAN connectivity with load balancing and fail-over The ZyXEL SBG Series provides multiple WAN interfaces including DSL, Gigabit Ethernet and 3G WAN backup to establish load balancing or backup WAN connectivity. Service providers can flexibly offer WAN services of the highest availability in one single box for small business owners to enjoy.
Road warriors and telecommuters can use IPsec as well as L2TP or PPTP VPN to safely access corporate networks without maintaining VPN software on their PCs. The SBG Series is also designed with VPN HA features to ensure that the VPN connectivity is always on for the business needs.
ZyXEL – SBG Support Notes Chapter 3 Scenario 1 – VLAN 1.1 Application scenario Since security is an issue, the IT manager would like to move the server to a distinct broadcast domain called ServerGroup. General user cannot access the Server or capture the server packets even if they plug into same physical LAN.
ZyXEL – SBG Support Notes Scenario 2 – Firewall 2.1 Application scenario SBG Series Firewall has the capability to limit only specific users from accessing the LAN Server. The others users‘ access requests will be dropped or rejected. 2.2 Configuration Guide 1.
Page 8
ZyXEL – SBG Support Notes 2. Select the Order ―2‖. 3. Select direction from ―WAN‖ to ―LAN‖. Select Source Device ―Specific IP Address‖. 5. Keep Source IP address empty (It means Any). Select Destination Device ―PC-1(192.168.1.50)‖. 7. Select IP Type ―IPv4‖.
ZyXEL – SBG Support Notes Scenario 3 – User Access Control 3.1 Application scenario The SBG Series User Access Control allows the IT manager to arrange Internet access scheduling to limit specific or all LAN PCs Internet access usage time.
ZyXEL – SBG Support Notes Scenario 4 – 3G Backup 4.1 Application scenario 3G backup allows the SBG Series to keep the Internet connection when the primary WAN connection has failed. 4.2 Configuration Guide 1. Go to Network Setting> Broadband >...
NAT port forwarding feature implemented in the CPE. In a scenario shown in the above diagram, we have an RDP server installed behind the SBG Series with an IP assigned by the local DHCP server (192.168.1.100). How should we configure the SBG Series, so that the notebook at the WAN site can access the RDP server? The following step-by-step guide illustrates the setup procedure.
ZyXEL – SBG Support Notes 11. Select Protocol ―TCP‖. 12. Click on ―Apply‖. 5.2.2 Applications 1. Go to Network Setting> > Applications. 2. Click on ―Add new application‖. 3. Select current WAN Interface (ex: ADSL). 4. Enter Server IP Address 192.168.1.100.
ZyXEL – SBG Support Notes In this case, we have 2 IP addresses from an ISP via ADSL. We have a very busy internal FTP server and also LAN users. In this case, we want to assign the 2 IP addresses by the following way using 2 NAT rules.
ZyXEL – SBG Support Notes 5. Select number 1. 6. Click on ―OK‖. Scenario 7 – Virtual Private Network (VPN) 7.1 Application scenario VPN provides business users a highly secure path to transmit data. The following two scenarios describe the general usage of VPNs. - IPSec VPN (Site-to-Site): - L2TP VPN: 7.2 Configuration Guide...
Page 15
ZyXEL – SBG Support Notes 7. Select Application Scenario ―Site-to-Site‖. 8. Select My Address ―ADSL‖. 9. Enter Primary Peer Gateway Address 10.59.3.20. Configure Authentication information 1. Select Key Exchange Mode ―Auto‖. 2. Select Pre-Shared Key and enter 12345678. Configure Phase 1 1.
Page 16
ZyXEL – SBG Support Notes 4. Enter Connection Name (ex: VPNtoSBG1). 5. Enable the ―Nailed-up‖ checkbox. 6. Enable the ―NAT Traversal (NAT-T)‖ checkbox. 7. Select Application Scenario ―Site-to-Site‖. 8. Select My Address ―ADSL‖. 9. Enter Primary Peer Gateway Address 10.59.3.10. Configure Authentication information 1.
4. Click on ―Apply‖. Scenario 8 – 802.1x 8.1 Application scenario SBG series supports 802.1x. This feature provides IT managers with a solution to control the enterprise wireless environment. The wireless users require RADIUS authentication when they connect to the SBG SSID.
9.1 Application Scenario Log file is an important method for IT Managers to monitor the device status. SBG Series has the capability to save the log to Local database, Remote Syslog Server and also Email inform user. Back to Table of Contents...
Page 19
ZyXEL – SBG Support Notes 9.2 Configuration Guide 9.2.1 Local File 1. Go to Maintenance > Setting. 2. Select Syslog Logging ―Enable‖. 3. Select Mode ―Local File‖. 4. Check Active Log and Alert ―Items (System, DHCP Client, etc.)‖. 5. Click on ―Apply‖. 9.2.2 Remote/Local File and Remote 1.
Product FAQ: Will the device work with my Internet connection? SBG Series is designed to be compatible with major ISPs that utilize ADSL as a broadband service. SBG Series offers Ethernet ports to connect to your computer so the device is placed in the line between the computer and your ISP.
Page 21
IP packets and transports them to the carrier's Digital Subscriber Line Access Multiple (DSLAM) via ATM. It is a technology becoming more popular with DSL providers. Does the SBG Series support PPPoA? Yes. All SBG Series supports PPPoA. How do I know if I am using PPPoE/PPPoA? PPPoE/PPPoA requires a user account to log in to the provider's server.
Page 22
ZyXEL – SBG Support Notes easy remote management. b. Web browser – Using the embedded web server for easy configuration. What can we do with the device? Browse the World Wide Web (WWW), send and receive individual e-mail, and download software. These are just a few of many benefits you can enjoy when you put the whole office on-line with the device.
Page 23
ZyXEL – SBG Support Notes (the default IP address is 192.168.1.1, default password is 1234). What network interfaces does the new device Series support? The new device Series supports auto MDI/MDIX 10/100M Ethernet LAN port to connect to the computer or Switch on LAN. How does the device support TFTP? In addition to the direct console port connection, the device support uploading and downloading of the firmware and configuration file using...
Page 24
ZyXEL – SBG Support Notes multiple subnets on one VLAN or have one subnet spread across multiple VLANs. Virtual LANs and IP subnets provide independent Layer 2 and Layer 3 constructs that map to one another and this correspondence is useful during the network design process.
Page 25
ZyXEL – SBG Support Notes Internal Local Addresses (ILA) and the global IP addresses as the Inside Global Addresses (IGA). The term 'inside' refers to the set of networks that are subject to translation. The NAT operates by mapping the ILA to the IGA required for communication with hosts on other networks.
Page 26
Without DDNS, our users will always need to use the WAN IP address of the SBG Series to reach our internal server. It is inconvenient for the users if this IP is dynamic. With DDNS supported by the device, you can apply for a DNS name (e.g., www.zyxel.com.tw) for your server (e.g., web server)
Page 27
ZyXEL – SBG Support Notes network is congested. This can cause a reduction in network performance and make the network unfit for time critical applications such as video-on-demand. What is a Virtual Private Network (VPN)? VPN stands for ‗Virtual Private Network‘. In the past, when we needed to transmit data in a secure way, we would need to have a site-to-site leased line between the sites.
ZyXEL – SBG Support Notes VPN. It allows a user to create a secure VPN connection remotely to the local networks. The intended use of this protocol is to provide similar levels of security and remote access as typical VPN products. Wireless FAQ What is a Wireless LAN? Wireless LANs provide all the functionality of wired LANs, without the need...
Page 29
ZyXEL – SBG Support Notes e. Scalability: Wireless LAN systems can be configured in a variety of topologies to meet the needs of specific applications and installations. Configurations are easily changed and range from peer-to-peer networks suitable for a small number of users to full infrastructure networks of thousands of users that enable roaming over a broad area.
Page 30
ZyXEL – SBG Support Notes DSSS modulation. What is 802.11b? 802.11b is the first revision of 802.11 standard allowing data rates up to 11 Mbps in the 2.4GHz ISM band. It is also known as 802.11 High-Rate and Wi-Fi. 802.11b only uses DSSS modulation, and the maximum speed of 11 Mbps has fallbacks to 5.5, 2 and 1 Mbps.
Page 31
ZyXEL – SBG Support Notes What is 802.11n? 802.11n supports frequencies in both 2.4 GHz and 5 GHz radio bands and its data rate ranges from 54 Mbit/s up to 600 Mbit/s in theory, using the 802.11n Channel Doubling technology which can double the channel bandwidth from 20 MHz to 40 MHz and effectively doubles data rates and throughput.
Page 32
ZyXEL – SBG Support Notes would not interfere with other 802.11 devices much more than another 802.11 device would interfere. While more collisions are possible with the introduction of a Bluetooth device, they are also possible with the introduction of another 802.11 device, or a new 2.4 GHz cordless phone for that matter.
ZyXEL – SBG Support Notes owned by a service provider or carrier. Data rates are low and charges are based on usage. Specialized applications are characteristically designed around short, burst messaging. What is Ad-Hoc mode? A wireless network consists of a number of stations without access points or any connection to a wired network.
Page 34
ZyXEL – SBG Support Notes unsynchronized receiver an FHSS transmission appears to be short-duration impulse noise. 802.11 may use FHSS or DSSS. Do I need the same kind of antenna on both sides of a link? No. Provided that the antenna is optimally designed for 2.4 GHz or 5 GHz operations.
Page 35
ZyXEL – SBG Support Notes Wired Equivalent Privacy (WEP) is a security mechanism defined within the 802.11 standard and designed to make the security of the wireless medium equal to that of a cable (wire). WEP data encryption was designed to prevent access to the network by "intruders"...
ZyXEL – SBG Support Notes message when a client associates to an AP. A sniffer just has to wait for a valid user to associate with the network to see the SSID. What are Insertion attacks? The insertion attacks are based on placing unauthorized devices on the wireless network without going through a security process and review.
Page 37
ZyXEL – SBG Support Notes What is the difference between No authentication required, No access allowed and Authentication required? No authentication required — disables 802.1X and causes the port to transition to the authorized state without any authentication exchange required. The port transmits and receives normal traffic without 802.1x-based authentication of the client.
Page 38
ZyXEL – SBG Support Notes authentication and improved data encryption. What is WPA-PSK? WPA-PSK (Wi-Fi Protected Access Pre-Shared Key) can be used if users do not have a RADIUS server but still want to benefit from WPA security, because WPA-PSK only requires a single password to be entered on wireless AP/gateway and wireless client.