Page 1 NBG-334SH 802.11g Super G High Power Wireless Router User’s Guide Version 3.60 01/2007 Edition 1 www.zyxel.com...
Page 3: About This User's Guide
Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan.
Page 4: Document Conventions
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. Warnings tell you about things that could harm you or your device. Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.
Page 5 Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Server Telephone Modem ZyXEL NBG-334SH User’s Guide Computer Notebook computer DSLAM Firewall Switch Router...
Page 6: Safety Warnings
Safety Warnings For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. •...
Page 7 Safety Warnings ZyXEL NBG-334SH User’s Guide...
Page 8 Safety Warnings ZyXEL NBG-334SH User’s Guide...
Page 9: Table Of Contents
Introduction ... 27 Getting to Know Your ZyXEL Device ... 29 Wireless Tutorial ... 33 Introducing the Web Configurator ... 41 Wizard ... 53 Connection Wizard ... 55 Advanced ... 71 Wireless LAN ... 73 WAN ... 89 LAN ... 99 DHCP Server ...
Page 10 Contents Overview ZyXEL NBG-334SH User’s Guide...
Page 11: Table Of Contents
About This User's Guide ... 3 Document Conventions... 4 Safety Warnings... 6 Contents Overview ... 9 Table of Contents... 11 List of Figures ... 19 List of Tables... 23 Part I: Introduction... 27 Chapter 1 Getting to Know Your ZyXEL Device ... 29 1.1 ZyXEL Device Overview ...
Page 12 Table of Contents 3.4 Navigating the Web Configurator 3.4.1 The Status Screen ... 43 3.4.2 Navigation Panel ... 46 3.5 Summary: Any IP Table ... 48 3.5.1 Summary: Bandwidth Management Monitor 3.5.2 Summary: DHCP Table 3.5.3 Summary: Packet Statistics 3.5.4 Summary: Wireless Station Status Part II: Wizard ...
Page 13 5.2.2 MAC Address Filter ... 74 5.2.3 User Authentication ... 74 5.2.4 Encryption ... 75 5.3 Quality of Service ... 76 5.3.1 WMM QoS ... 76 5.4 General Wireless LAN Screen 5.4.1 No Security ... 78 5.4.2 WEP Encryption ... 78 5.4.3 WPA-PSK/WPA2-PSK ...
Page 14 Table of Contents 8.2 DHCP Server General Screen ... 105 8.3 DHCP Server Advanced Screen 8.4 Client List Screen ... 107 Chapter 9 Network Address Translation (NAT)... 109 9.1 NAT Overview ... 109 9.2 Using NAT ... 109 9.2.1 Port Forwarding: Services and Port Numbers ... 109 9.2.2 Configuring Servers Behind Port Forwarding Example ...110 9.3 General NAT Screen ...110 9.4 NAT Application Screen ...111...
Page 15 12.6 Customizing Keyword Blocking URL Checking ... 130 12.6.1 Domain Name or IP Address URL Checking ... 130 12.6.2 Full Path URL Checking ... 130 12.6.3 File Name URL Checking ... 130 Chapter 13 Static Route Screens ... 133 13.1 Static Route Overview ... 133 13.2 IP Static Route Screen ...
Page 16 Table of Contents 16.1.2 NAT Traversal ... 155 16.1.3 Cautions with UPnP ... 155 16.2 UPnP and ZyXEL ... 156 16.3 UPnP Screen ... 156 16.4 Installing UPnP in Windows Example ... 157 Part IV: Maintenance and Troubleshooting ... 167 Chapter 17 System ...
Page 17 Appendix A Product Specifications... 203 Appendix B Pop-up Windows, JavaScripts and Java Permissions ... 207 Appendix C IP Addresses and Subnetting ... 213 Appendix D Wall-mounting Instructions... 221 Appendix E Setting up Your Computer’s IP Address... 223 21.5.1 Verifying Settings ... 238 Appendix F Wireless LANs...
Page 18 Table of Contents ZyXEL NBG-334SH User’s Guide...
Page 19: List Of Figures
List of Figures List of Figures Figure 1 Secure Internet Access via Cable, DSL or Wireless Modem ... 30 Figure 2 WLAN Application Example ... 30 Figure 3 Front Panel ... 31 Figure 4 AP: Wireless LAN > General ... 34 Figure 5 AP: Status ...
Page 20 List of Figures Figure 39 Connection Wizard Save ... 69 Figure 40 Connection Wizard Complete ... 69 Figure 41 Example of a Wireless Network ... 73 Figure 42 Wireless General ... 77 Figure 43 Wireless: No Security ... 78 Figure 44 Wireless: Static WEP Encryption ... 79 Figure 45 Wireless: WPA-PSK/WPA2-PSK ...
Page 21 List of Figures Figure 82 Bandwidth Management: Monitor ... 147 Figure 83 WWW Remote Management ... 150 Figure 84 Telnet Configuration on a TCP/IP Network ... 151 Figure 85 Telnet Remote Management ... 152 Figure 86 FTP Remote Management ... 152 Figure 87 DNS Remote Management ...
Page 22 List of Figures Figure 125 Network Number and Host ID ... 214 Figure 126 Subnetting Example: Before Subnetting ... 216 Figure 127 Subnetting Example: After Subnetting ... 217 Figure 128 Wall-mounting Example ... 221 Figure 129 WIndows 95/98/Me: Network: Configuration ... 224 Figure 130 Windows 95/98/Me: TCP/IP Properties: IP Address ...
Page 23: List Of Tables
List of Tables List of Tables Table 1 Front Panel LEDs ... 31 Table 2 Status Screen Icon Key ... 44 Table 3 Web Configurator Status Screen ... 45 Table 4 Screens Summary ... 46 Table 5 Summary: DHCP Table ... 49 Table 6 Summary: Packet Statistics ...
Page 24 List of Tables Table 39 DHCP Server General ... 105 Table 40 DHCP Server Advanced ... 106 Table 41 Client List ... 108 Table 42 NAT General ...111 Table 43 NAT Application ...112 Table 44 NAT Advanced ...116 Table 45 Dynamic DNS ... 120 Table 46 Firewall General ...
Page 25 List of Tables Table 82 PKI Logs ... 182 Table 83 802.1X Logs ... 183 Table 84 ACL Setting Notes ... 184 Table 85 ICMP Notes ... 184 Table 86 Syslog Logs ... 185 Table 87 RFC-2408 ISAKMP Payload Types ... 185 Table 88 Maintenance Firmware Upload ...
Page 26 List of Tables ZyXEL NBG-334SH User’s Guide...
Page 27: Introduction
Introduction Getting to Know Your ZyXEL Device (29) Wireless Tutorial (33) Introducing the Web Configurator (41)
Page 29: Getting To Know Your Zyxel Device
H A P T E R Getting to Know Your ZyXEL This chapter introduces the main features and applications of the ZyXEL Device. 1.1 ZyXEL Device Overview The ZyXEL Device is the ideal secure wireless firewall router for all data passing between the Internet and your Local Area Network.
Page 30: Ways To Manage The Zyxel Device
Chapter 1 Getting to Know Your ZyXEL Device Figure 1 Secure Internet Access via Cable, DSL or Wireless Modem 1.2.1.1 Wireless LAN Application Add a wireless LAN to your existing network without expensive network cables. Wireless stations can move freely anywhere in the coverage area and use resources on the wired network.
Page 31: Leds
• Back up the configuration (and make sure you know how to restore it). Restoring an earlier working configuration may be useful if the device becomes unstable or even crashes. If you forget your password, you will have to reset the ZyXEL Device to its factory default settings.
Page 32 Chapter 1 Getting to Know Your ZyXEL Device Table 1 Front Panel LEDs (continued) COLOR WLAN Green None STATUS DESCRIPTION The ZyXEL Device is ready, but is not sending/receiving data through the wireless LAN. Blinking The ZyXEL Device is sending/receiving data through the wireless LAN.
Page 33: Wireless Tutorial
H A P T E R This chapter gives you examples of how to set up an access point and wireless client for wireless communication using the following parameters. The wireless clients can access the Internet through an AP wirelessly. 2.1 Example Parameters SSID SSID_Example3...
Page 34: Figure 4 Ap: Wireless Lan > General
Chapter 2 Wireless Tutorial Figure 4 AP: Wireless LAN > General 2 Make sure the Enable Wireless LAN check box is selected. 3 Enter SSID_Example3 as the SSID and select a channel. 4 Set security mode to WPA-PSK and enter ThisismyWPA-PSKpre-sharedkey in the Pre-Shared Key field.
Page 35: Configuring The Wireless Client
Figure 5 AP: Status 6 Click the WLAN Station Status hyperlink in the AP’s Status screen. You can see if any wireless client has connected to the AP. Figure 6 AP: Status: WLAN Station Status 2.3 Configuring the Wireless Client This section describes how to connect the wireless client to a network.
Page 36: Connecting To A Wireless Lan
Chapter 2 Wireless Tutorial 2.3.1 Connecting to a Wireless LAN The following sections show you how to join a wireless network using the ZyXEL utility, as in the following diagram. The wireless client is labeled C and the access point is labeled AP. There are three ways to connect the client to an access point.
Page 37: Figure 7 Zyxel Utility: Security Settings
Figure 7 ZyXEL Utility: Security Settings 4 The Confirm Save window appears. Check your settings and click Save to continue. Figure 8 ZyXEL Utility: Confirm Save 5 The ZyXEL utility returns to the Link Info screen while it connects to the wireless network using your settings.
Page 38: Creating And Using A Profile
Chapter 2 Wireless Tutorial If you cannot access the web site, try changing the encryption type in the Security Settings screen, check the Troubleshooting section of this User's Guide or contact your network administrator. 2.3.2 Creating and Using a Profile A profile lets you automatically connect to the same wireless network every time you use the wireless client.
Page 39: Figure 12 Zyxel Utility: Profile Security
4 Choose the same encryption method as the AP to which you want to connect (In this example, WPA-PSK). Figure 12 ZyXEL Utility: Profile Security 5 This screen varies depending on the encryption method you selected in the previous screen. Enter the pre-shared key and leave the encryption type at the default setting. Figure 13 ZyXEL Utility: Profile Encryption 6 In the next screen, leave both boxes checked.
Page 40: Figure 15 Profile: Confirm Save
Chapter 2 Wireless Tutorial Figure 15 Profile: Confirm Save 8 Click Activate Now to use the new profile immediately. Otherwise, click the Activate Later button. If you clicked Activate Later, you can select the profile from the list in the Profile screen and click Connect to activate it.
Page 41: Introducing The Web Configurator
H A P T E R This chapter describes how to access the ZyXEL Device web configurator and provides an overview of its screens. 3.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy setup and management of the ZyXEL Device via Internet browser.
Page 42: Figure 17 Change Password Screen
Chapter 3 Introducing the Web Configurator Figure 17 Change Password Screen The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the ZyXEL Device if this happens. 6 Select the setup mode you want to use.
Page 43: Resetting The Zyxel Device
3.3 Resetting the ZyXEL Device If you forget your password or cannot access the web configurator, you will need to use the RESET button at the back of the ZyXEL Device to reload the factory-default configuration file. This means that you will lose all configurations that you had previously saved, and the password will be reset to “1234”.
Page 44: Figure 18 Web Configurator Status Screen
Chapter 3 Introducing the Web Configurator Figure 18 Web Configurator Status Screen The following table describes the icons shown in the Status screen. Table 2 Status Screen Icon Key ICON DESCRIPTION Select a language from the drop-down list box to have the web configurator display in that language.
Page 45: Table 3 Web Configurator Status Screen
The following table describes the labels shown in the Status screen. Table 3 Web Configurator Status Screen LABEL DESCRIPTION Device Information System Name This is the System Name you enter in the Maintenance > System > General screen. It is for identification purposes. Firmware Version This is the ZyNOS firmware version and the date created.
Page 46: Navigation Panel
Chapter 3 Introducing the Web Configurator Table 3 Web Configurator Status Screen (continued) LABEL DESCRIPTION - Configuration Mode This shows whether the advanced screens of each feature are turned on (Advanced) or not (Basic). Interface Status Interface This displays the ZyXEL Device port types. The port types are: WAN, LAN and WLAN.
Page 47 Table 4 Screens Summary LINK Internet Connection Advanced IP Alias Advanced DHCP General Server Advanced Client List General Application Advanced DDNS General Security Firewall General Services Content Filter Filter Schedule Management Static Route IP Static Route Bandwidth General MGMT Advanced Monitor Remote MGMT...
Page 48: Summary: Any Ip Table
Chapter 3 Introducing the Web Configurator Table 4 Screens Summary LINK UPnP General Maintenance System General Time Setting Logs View Log Log Settings Tools Firmware Configuration Restart Config Mode General Summary: Any IP Table This screen displays the IP address of each computer that is using the ZyXEL Device via the any IP feature.
Page 49: Summary: Dhcp Table
Figure 20 Summary: BW MGMT Monitor 3.5.2 Summary: DHCP Table DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the ZyXEL Device as a DHCP server or disable it. When configured as a server, the ZyXEL Device provides the TCP/IP configuration for the clients.
Page 50: Summary: Packet Statistics
Chapter 3 Introducing the Web Configurator 3.5.3 Summary: Packet Statistics Click the Packet Statistics (Details...) hyperlink in the Status screen. Read-only information here includes port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)". The Poll Interval(s) field is configurable. Figure 22 Summary: Packet Statistics The following table describes the labels in this screen.
Page 51: Figure 23 Summary: Wireless Association List
Figure 23 Summary: Wireless Association List The following table describes the labels in this screen. Table 7 Summary: Wireless Association List LABEL DESCRIPTION This is the index number of an associated wireless station. MAC Address This field displays the MAC address of an associated wireless station. Association Time This field displays the time a wireless station first associated with the ZyXEL Device.
Page 52 Chapter 3 Introducing the Web Configurator ZyXEL NBG-334SH User’s Guide...
Page 53: Wizard
Wizard Connection Wizard (55)
Page 55: Connection Wizard
H A P T E R This chapter provides information on the wizard setup screens in the web configurator. 4.1 Wizard Setup The web configurator’s wizard setup helps you configure your device to access the Internet. Refer to your ISP (Internet Service Provider) checklist in the Quick Start Guide to know what to enter in each field.
Page 56: Connection Wizard: Step 1: System Information
Chapter 4 Connection Wizard Figure 25 Select a Language 4 Read the on-screen information and click Next. Figure 26 Welcome to the Connection Wizard 4.2 Connection Wizard: STEP 1: System Information System Information contains administrative and system-related information. 4.2.1 System Name System Name is for identification purposes.
Page 57: Domain Name
4.2.2 Domain Name The Domain Name entry is what is propagated to the DHCP clients on the LAN. If you leave this blank, the domain name obtained by DHCP from the ISP is used. While you must enter the host name (System Name) on each individual computer, the domain name can be assigned from the ZyXEL Device via DHCP.
Page 58: Figure 28 Wizard Step 2: Wireless Lan
Chapter 4 Connection Wizard Figure 28 Wizard Step 2: Wireless LAN The following table describes the labels in this screen. Table 9 Wizard Step 2: Wireless LAN LABEL DESCRIPTION Name (SSID) Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN.
Page 59: Basic (Wep) Security
4.3.1 Basic (WEP) Security Choose Basic (WEP) to setup WEP Encryption parameters. Figure 29 Wizard Step 2: Basic (WEP) Security The following table describes the labels in this screen. Table 10 Wizard Step 2: Basic (WEP) Security LABEL DESCRIPTION Passphrase Type a Passphrase (up to 32 printable characters) and click Generate.
Page 60: Extend (Wpa-Psk Or Wpa2-Psk) Security
Chapter 4 Connection Wizard Table 10 Wizard Step 2: Basic (WEP) Security LABEL DESCRIPTION Next Click Next to proceed to the next screen. Exit Click Exit to close the wizard screen without saving. 4.3.2 Extend (WPA-PSK or WPA2-PSK) Security Choose Extend (WPA-PSK) or Extend (WPA2-PSK) security in the Wireless LAN setup screen to set up a Pre-Shared Key.
Page 61: Ethernet Connection
Figure 31 Wizard Step 3: ISP Parameters. The following table describes the labels in this screen, Table 12 Wizard Step 3: ISP Parameters CONNECTION TYPE Ethernet PPPoE PPTP 4.4.1 Ethernet Connection Choose Ethernet when the WAN port is used as a regular Ethernet. Figure 32 Wizard Step 3: Ethernet Connection 4.4.2 PPPoE Connection Point-to-Point Protocol over Ethernet (PPPoE) functions as a dial-up connection.
Page 62: Pptp Connection
Chapter 4 Connection Wizard One of the benefits of PPPoE is the ability to let end users access one of multiple network services, a function known as dynamic service selection. This enables the service provider to easily create and offer new IP services for specific users. Operationally, PPPoE saves significant effort for both the subscriber and the ISP/carrier, as it requires no specific configuration of the broadband modem at the subscriber’s site.
Page 63: Figure 34 Wizard Step 3: Pptp Connection
The ZyXEL Device supports one PPTP server connection at any given time. Figure 34 Wizard Step 3: PPTP Connection The following table describes the fields in this screen Table 14 Wizard Step 3: PPTP Connection LABEL DESCRIPTION ISP Parameters for Internet Access Connection Type Select PPTP from the drop-down list box.
Page 64: Your Ip Address
Chapter 4 Connection Wizard Table 14 Wizard Step 3: PPTP Connection LABEL Next Exit 4.4.4 Your IP Address The following wizard screen allows you to assign a fixed IP address or give the ZyXEL Device an automatically assigned IP address depending on your ISP. Figure 35 Wizard Step 3: Your IP Address The following table describes the labels in this screen Table 15 Wizard Step 3: Your IP Address...
Page 65: Ip Address And Subnet Mask
You can obtain your IP address from the IANA, from an ISP or have it assigned by a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses.
Page 66: Wan Ip And Dns Server Address Assignment
Chapter 4 Connection Wizard 2 If the ISP did not give you DNS server information, leave the DNS Server fields set to 0.0.0.0 in the Wizard screen and/or set to From ISP in the WAN > Internet Connection screen for the ISP to dynamically assign the DNS server IP addresses. 4.4.8 WAN IP and DNS Server Address Assignment The following wizard screen allows you to assign a fixed WAN IP address and DNS server addresses.
Page 67: Wan Mac Address
4.4.9 WAN MAC Address Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. Table 18 Example of Network Properties for LAN Servers with Fixed IP Addresses Choose an IP address Subnet mask Gateway (or default route)
Page 68: Connection Wizard: Step 4: Bandwidth Management
Chapter 4 Connection Wizard 4.5 Connection Wizard: STEP 4: Bandwidth management Bandwidth management allows you to control the amount of bandwidth going out through the ZyXEL Device’s WAN, LAN or WLAN port and prioritize the distribution of the bandwidth according to the traffic type. This helps keep one service from using all of the available bandwidth and shutting out other users.
Page 69: Figure 39 Connection Wizard Save
Chapter 4 Connection Wizard Figure 39 Connection Wizard Save Follow the on-screen instructions and click Finish to complete the wizard setup. Figure 40 Connection Wizard Complete Well done! You have successfully set up your ZyXEL Device to operate on your network and access the Internet.
Page 70 Chapter 4 Connection Wizard ZyXEL NBG-334SH User’s Guide...
Page 71: Advanced
Advanced Wireless LAN (73) WAN (89) LAN (99) DHCP Server (105) Network Address Translation (NAT) (109) Dynamic DNS (119) Firewall (121) Content Filtering (127) Static Route Screens (133) Bandwidth Management (137) Remote Management Screens (149) Universal Plug-and-Play (UPnP) (155)
Page 73: Wireless Lan
H A P T E R This chapter discusses how to configure the wireless network settings in your ZyXEL Device. See the appendices for more detailed information about wireless networks. 5.1 Wireless Network Overview The following figure provides an example of a wireless network. Figure 41 Example of a Wireless Network The wireless network is the part in the blue circle.
Page 74: Wireless Security Overview
Chapter 5 Wireless LAN • Every wireless client in the same wireless network must use security compatible with the Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network. 5.2 Wireless Security Overview The following sections introduce different types of wireless security you can set up in the wireless network.
Page 75: Encryption
If your AP does not provide a local user database and if you do not have a RADIUS server, you cannot set up user names and passwords for your users. Unauthorized devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network.
Page 76: Quality Of Service
Chapter 5 Wireless LAN When you select WPA2 or WPA2-PSK in your ZyXEL Device, you can also select an option (WPA Compatible) to support WPA as well. In this case, if some wireless clients support WPA and some support WPA2, you should set up WPA2-PSK or WPA2 (depending on the type of wireless network login) and select the WPA Compatible option in the ZyXEL Device.
Page 77: General Wireless Lan Screen
5.4 General Wireless LAN Screen If you are configuring the ZyXEL Device from a computer connected to the wireless LAN and you change the ZyXEL Device’s SSID, channel or security settings, you will lose your wireless connection when you press Apply to confirm.
Page 78: No Security
Chapter 5 Wireless LAN 5.4.1 No Security Select No Security to allow wireless stations to communicate with the access points without any data encryption. If you do not enable any wireless security on your ZyXEL Device, your network is accessible to any wireless networking device that is within range. Figure 43 Wireless: No Security The following table describes the labels in this screen.
Page 79: Figure 44 Wireless: Static Wep Encryption
Figure 44 Wireless: Static WEP Encryption The following table describes the wireless LAN security labels in this screen. Table 25 Wireless: Static WEP Encryption LABEL DESCRIPTION Passphrase Enter a passphrase (password phrase) of up to 32 printable characters and click Generate.
Page 80: Wpa-Psk/Wpa2-Psk
Chapter 5 Wireless LAN 5.4.3 WPA-PSK/WPA2-PSK Click Network > Wireless LAN to display the General screen. Figure 45 Wireless: WPA-PSK/WPA2-PSK The following table describes the labels in this screen. Table 26 Wireless: WPA-PSK/WPA2-PSK LABEL DESCRIPTION WPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field.
Page 81: Wpa/Wpa2
Table 26 Wireless: WPA-PSK/WPA2-PSK LABEL DESCRIPTION Group Key The Group Key Update Timer is the rate at which the AP (if using WPA-PSK/ Update Timer WPA2-PSK key management) or RADIUS server (if using WPA/WPA2 key management) sends a new group key out to all clients. The re-keying process is the WPA/WPA2 equivalent of automatically changing the WEP key for an AP and all stations in a WLAN on a periodic basis.
Page 82: Table 27 Wireless: Wpa/Wpa2
Chapter 5 Wireless LAN The following table describes the labels in this screen. Table 27 Wireless: WPA/WPA2 LABEL WPA Compatible ReAuthentication Timer (in seconds) Idle Timeout Group Key Update Timer Authentication Server IP Address Port Number Shared Secret Accounting Server Active IP Address Port Number...
Page 83: Mac Filter
5.5 MAC Filter The MAC filter screen allows you to configure the ZyXEL Device to give exclusive access to up to 32 devices (Allow) or exclude up to 32 devices from accessing the ZyXEL Device (Deny). Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
Page 84: Wireless Lan Advanced Screen
Chapter 5 Wireless LAN Table 28 MAC Address Filter LABEL DESCRIPTION This is the index number of the MAC address. Enter the MAC addresses of the wireless station that are allowed or denied access to Address the ZyXEL Device in these address fields. Enter the MAC addresses in a valid MAC address format, that is, six hexadecimal character pairs, for example, 12:34:56:78:9a:bc.
Page 85: Quality Of Service (Qos) Screen
Table 29 Wireless LAN Advanced LABEL DESCRIPTION 802.11 Mode Select 802.11b to allow only IEEE 802.11b compliant WLAN devices to associate with the ZyXEL Device. Select 802.11g to allow only IEEE 802.11g compliant WLAN devices to associate with the ZyXEL Device. Select 802.11b/g to allow either IEEE802.11b or IEEE802.11g compliant WLAN devices to associate with the ZyXEL Device.
Page 86: Figure 49 Wireless Lan Qos
Chapter 5 Wireless LAN Figure 49 Wireless LAN QoS The following table describes the labels in this screen. Table 30 Wireless LAN QoS LABEL Enable WMM QoS WMM QoS Policy Name Service Dest Port DESCRIPTION Select this to turn on WMM QoS (Wireless MultiMedia Quality of Service).
Page 87: Application Priority Configuration
Table 30 Wireless LAN QoS (continued) LABEL Priority Modify Apply 5.7.1 Application Priority Configuration Use this screen to edit a WMM QoS application entry. Click the edit icon under Modify. The following screen displays. Figure 50 Application Priority Configuration Appendix I on page 257 following table describes the fields in this screen.
Page 88 Chapter 5 Wireless LAN Table 31 Application Priority Configuration (continued) LABEL Service Dest Port Priority Apply Cancel DESCRIPTION The following is a description of the applications you can prioritize with WMM QoS. Select a service from the drop-down list box. •...
Page 89: Wan
H A P T E R This chapter describes how to configure WAN settings. 6.1 WAN Overview See the chapter about the connection wizard for more information on the fields in the WAN screens. 6.2 WAN MAC Address The MAC address screen allows users to configure the WAN port's MAC address by either using the factory default or cloning the MAC address from a computer on your LAN.
Page 90: Internet Connection
Chapter 6 WAN The ZyXEL Device supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP- v2). At start up, the ZyXEL Device queries all directly connected networks to gather group membership. After that, the ZyXEL Device periodically updates this information. IP multicasting can be enabled/disabled on the ZyXEL Device LAN and/or WAN interfaces in the web configurator (LAN;...
Page 91: Table 32 Ethernet Encapsulation
The following table describes the labels in this screen. Table 32 Ethernet Encapsulation LABEL DESCRIPTION Encapsulation You must choose the Ethernet option when the WAN port is used as a regular Ethernet. Service Type Choose from Standard, RR-Telstra (RoadRunner Telstra authentication method), RR-Manager (Roadrunner Manager authentication method), RR- Toshiba (Roadrunner Toshiba authentication method) or Telia Login.
Page 92: Pppoe Encapsulation
Chapter 6 WAN Table 32 Ethernet Encapsulation LABEL DESCRIPTION Set WAN MAC Select this option and enter the MAC address you want to use. Address Apply Click Apply to save your changes back to the ZyXEL Device. Reset Click Reset to begin configuring this screen afresh. 6.4.2 PPPoE Encapsulation The ZyXEL Device supports PPPoE (Point-to-Point Protocol over Ethernet).
Page 93: Figure 52 Pppoe Encapsulation
Figure 52 PPPoE Encapsulation The following table describes the labels in this screen. Table 33 PPPoE Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation The PPP over Ethernet choice is for a dial-up connection using PPPoE. The ZyXEL Device supports PPPoE (Point-to-Point Protocol over Ethernet). PPPoE is an IETF Draft standard (RFC 2516) specifying how a personal computer (PC) interacts with a broadband modem (i.e.
Page 94: Pptp Encapsulation
Chapter 6 WAN Table 33 PPPoE Encapsulation LABEL DESCRIPTION Retype to Type your password again to make sure that you have entered is correctly. Confirm Nailed-Up Select Nailed-Up Connection if you do not want the connection to time out. Connection Idle Timeout This value specifies the time in seconds that elapses before the router automatically disconnects from the PPPoE server.
Page 95: Figure 53 Pptp Encapsulation
Chapter 6 WAN PPTP supports on-demand, multi-protocol and virtual private networking over public networks, such as the Internet. This screen displays when you select PPTP encapsulation. Figure 53 PPTP Encapsulation ZyXEL NBG-334SH User’s Guide...
Page 96: Table 34 Pptp Encapsulation
Chapter 6 WAN The following table describes the labels in this screen. Table 34 PPTP Encapsulation LABEL ISP Parameters for Internet Access Encapsulation User Name Password Retype to Confirm Nailed-up Connection Idle Timeout PPTP Configuration Get automatically from Use Fixed IP Address My IP Address My IP Subnet Mask...
Page 97: Advanced Wan Screen
Table 34 PPTP Encapsulation LABEL First DNS Server Second DNS Server Third DNS Server WAN MAC Address Factory default Clone the computer’s MAC address Set WAN MAC Address Apply Reset 6.5 Advanced WAN Screen To change your ZyXEL Device’s advanced WAN settings, click Network > WAN > Advanced.
Page 98: Table 35 Wan > Advanced
Chapter 6 WAN The following table describes the labels in this screen. Table 35 WAN > Advanced LABEL Multicast Setup Multicast Windows Networking (NetBIOS over TCP/IP): NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls.
Page 99: Lan
H A P T E R This chapter describes how to configure LAN settings. 7.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building.
Page 100: Ip Address And Subnet Mask
Chapter 7 LAN 7.2.2 IP Address and Subnet Mask Refer to the IP address and subnet mask section in the Connection Wizard chapter for this information. 7.2.3 Multicast Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network).
Page 101: Figure 55 Any Ip Example
Figure 55 Any IP Example The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the ZyXEL Device’s IP address. You must enable NAT to use the Any IP feature on the ZyXEL Device. Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network.
Page 102: Lan Ip Screen
Chapter 7 LAN 7.3 LAN IP Screen Use this screen to change your basic LAN settings. Click Network > LAN. Figure 56 LAN IP The following table describes the labels in this screen. Table 36 LAN IP LABEL LAN TCP/IP IP Address IP Subnet Mask Apply...
Page 103: Advanced Lan Screen
Figure 57 LAN IP Alias The following table describes the labels in this screen. Table 37 LAN IP Alias LABEL DESCRIPTION IP Alias 1,2 Select the check box to configure another LAN network for the ZyXEL Device. IP Address Enter the IP address of your ZyXEL Device in dotted decimal notation. IP Subnet Mask Your ZyXEL Device will automatically calculate the subnet mask based on the IP address that you assign.
Page 104: Figure 58 Advanced Lan
Chapter 7 LAN Figure 58 Advanced LAN The following table describes the labels in this screen. Table 38 Advanced LAN LABEL Multicast Active Windows Networking (NetBIOS over TCP/IP): NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls.
Page 105: Dhcp Server
H A P T E R 8.1 DHCP DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the ZyXEL Device as a DHCP server or disable it. When configured as a server, the ZyXEL Device provides the TCP/IP configuration for the clients.
Page 106: Dhcp Server Advanced Screen
Chapter 8 DHCP Server 8.3 DHCP Server Advanced Screen This screen allows you to assign IP addresses on the LAN to specific individual computers based on their MAC addresses. You can also use this screen to configure the DNS server information that the ZyXEL Device sends to the DHCP clients.
Page 107: Client List Screen
Table 40 DHCP Server Advanced LABEL DESCRIPTION First DNS Server Select From ISP if your ISP dynamically assigns DNS server information (and the ZyXEL Device's WAN IP address). The field to the right displays the (read- Second DNS only) DNS server IP address that the ISP assigns. Server Select User-Defined if you have the IP address of a DNS server.
Page 108: Table 41 Client List
Chapter 8 DHCP Server The following table describes the labels in this screen. Table 41 Client List LABEL IP Address Host Name MAC Address Reserve Refresh DESCRIPTION This is the index number of the host computer. This field displays the IP address relative to the # field listed above. This field displays the computer host name.
Page 109: Network Address Translation (Nat)
H A P T E R Network Address Translation This chapter discusses how to configure NAT on the ZyXEL Device. 9.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet.
Page 110: Configuring Servers Behind Port Forwarding Example
Chapter 9 Network Address Translation (NAT) Many residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location.
Page 111: Nat Application Screen
The following table describes the labels in this screen. Table 42 NAT General LABEL DESCRIPTION Network Address Network Address Translation (NAT) allows the translation of an Internet protocol Translation address used within one network (for example a private IP address used in a local network) to a different IP address known within another network (for example a public IP address used on the Internet).
Page 112: Figure 64 Nat Application
Chapter 9 Network Address Translation (NAT) Figure 64 NAT Application The following table describes the labels in this screen. Table 43 NAT Application LABEL Game List Update A game list includes the pre-defined service name(s) and port number(s). You can File Path Browse...
Page 113: Game List Example
Table 43 NAT Application (continued) LABEL DESCRIPTION Port Type a port number(s) to be forwarded. To specify a range of ports, enter a hyphen (-) between the first port and the last port, such as 10-20. To specify two or more non-consecutive port numbers, separate them by a comma without spaces, such as 123,567.
Page 114: Trigger Port Forwarding
Chapter 9 Network Address Translation (NAT) Figure 65 Game List Example version=1 1;name=Battlefield 1942;port=14567,22000,23000-23009,27900,28900 2;name=Call of Duty;port=28960 3;name=Civilization IV;port=2056 4;name=Diablo I and II;port=6112-6119,4000 5;name=Doom 3;port=27666 6;name=F.E.A.R;port=27888 7;name=Final Fantasy XI;port=25,80,110,443,50000-65535 8;name=Guild Wars;port=6112,80 9;name=Half Life;port=6003,7002,27005,27010,27011,27015 10;name=Jedi Knight III: Jedi Academy;port=28060-28062,28070-28081 11;name=Need for Speed: Hot Pursuit 2;port=1230,8511- 8512,27900,28900,61200-61230 12;name=Neverwinter Nights;port=5120-5300,6500,27900,28900 13;name=Quake 2;port=27910...
Page 115: Two Points To Remember About Trigger Ports
Figure 66 Trigger Port Forwarding Process: Example 1 Jane requests a file from the Real Audio server (port 7070). 2 Port 7070 is a “trigger” port and causes the ZyXEL Device to record Jane’s computer IP address. The ZyXEL Device associates Jane's computer IP address with the "incoming" port range of 6970-7170.
Page 116: Figure 67 Nat Advanced
Chapter 9 Network Address Translation (NAT) Figure 67 NAT Advanced The following table describes the labels in this screen. Table 44 NAT Advanced LABEL Max NAT/Firewall Session Per User Name Incoming Start Port DESCRIPTION Type a number ranging from 1 to 2048 to limit the number of NAT/firewall sessions that a host can create.
Page 117 Table 44 NAT Advanced LABEL DESCRIPTION End Port Type a port number or the ending port number in a range of port numbers. Trigger The trigger port is a port (or a range of ports) that causes (or triggers) the ZyXEL Device to record the IP address of the LAN computer that sent the traffic to a server on the WAN.
Page 118 Chapter 9 Network Address Translation (NAT) ZyXEL NBG-334SH User’s Guide...
Page 119: Dynamic Dns
H A P T E R 10.1 Dynamic DNS Introduction Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect.
Page 120: Figure 68 Dynamic Dns
Chapter 10 Dynamic DNS Figure 68 Dynamic DNS The following table describes the labels in this screen. Table 45 Dynamic DNS LABEL Enable Dynamic DNS Service Provider Dynamic DNS Type Host Name User Name Password Enable Wildcard Option Enable off line option IP Address Update Policy: Use WAN IP Address Dynamic DNS server...
Page 121: Firewall
H A P T E R This chapter gives some background information on firewalls and explains how to get started with the ZyXEL Device’s firewall. 11.1 Introduction to ZyXEL’s Firewall 11.1.1 What is a Firewall? Originally, the term “firewall” referred to a construction technique designed to prevent the spread of fire from one room to another.
Page 122: Guidelines For Enhancing Security With Your Firewall
Chapter 11 Firewall The ZyXEL Device is installed between the LAN and a broadband modem connecting to the Internet. This allows it to act as a secure gateway for all data passing between the Internet and the LAN. The ZyXEL Device has one Ethernet WAN port and four Ethernet LAN ports, which are used to physically separate the network into two areas.The WAN (Wide Area Network) port attaches to the broadband (cable or DSL) modem to the Internet.
Page 123: General Firewall Screen
1 A computer on the LAN initiates a connection by sending a SYN packet to a receiving server on the WAN. 2 The ZyXEL Device reroutes the packet to Gateway A, which is in Subnet 2. 3 The reply from the WAN goes to the ZyXEL Device. 4 The ZyXEL Device then sends it to the computer on the LAN in Subnet 1.
Page 124: Services Screen
Chapter 11 Firewall Table 46 Firewall General LABEL Apply Reset 11.4 Services Screen Click Security > Firewall > Services. The screen appears as shown next. If an outside user attempts to probe an unsupported port on your ZyXEL Device, an ICMP response packet is automatically returned.
Page 125: Figure 71 Firewall Services
Figure 71 Firewall Services The following table describes the labels in this screen. Table 47 Firewall Services LABEL DESCRIPTION ICMP Internet Control Message Protocol is a message control and error-reporting protocol between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP) datagrams, but the messages are processed by the TCP/IP software and directly apparent to the application user.
Page 126 Chapter 11 Firewall Table 47 Firewall Services LABEL Do not respond to requests for unauthorized services Enable Services Blocking Available Services Blocked Services Custom Port Type Port Number Delete Clear All Day to Block: Time of Day to Block (24-Hour Format) Bypass Triangle Route...
Page 127: Content Filtering
H A P T E R This chapter provides a brief overview of content filtering using the embedded web GUI. 12.1 Introduction to Content Filtering Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering is the ability to block certain web features or specific URL keywords.
Page 128: Figure 72 Content Filter: Filter
Chapter 12 Content Filtering Figure 72 Content Filter: Filter The following table describes the labels in this screen. Table 48 Content Filter: Filter LABEL Trusted Computer IP Address Restrict Web Features ActiveX Java Cookies Web Proxy Enable URL Keyword Blocking DESCRIPTION To enable this feature, type an IP address of any one of the computers in your network that you want to have as a trusted computer.
Page 129: Schedule
Table 48 Content Filter: Filter LABEL DESCRIPTION Keyword Type a keyword in this field. You may use any character (up to 64 characters). Wildcards are not allowed. You can also enter a numerical IP address. Keyword List This list displays the keywords already added. Click Add after you have typed a keyword.
Page 130: Customizing Keyword Blocking Url Checking
Chapter 12 Content Filtering The following table describes the labels in this screen. Table 49 Content Filter: Schedule LABEL Day to Block Time of Day to Block (24-Hour Format) Apply Reset 12.6 Customizing Keyword Blocking URL Checking You can use commands to set how much of a website’s URL the content filter is to check for keyword blocking.
Page 131 Chapter 12 Content Filtering For example, filename URL checking searches for keywords within the URL www.zyxel.com.tw/news/pressroom.php. Use the ip urlfilter customize actionFlags 8 [disable | enable] command to extend (or not extend) the keyword blocking search to include the URL's complete filename.
Page 132 Chapter 12 Content Filtering ZyXEL NBG-334SH User’s Guide...
Page 133: Static Route Screens
H A P T E R This chapter shows you how to configure static routes for your ZyXEL Device. 13.1 Static Route Overview Each remote node specifies only the network to which the gateway is directly connected, and the ZyXEL Device has no knowledge of the networks beyond. For instance, the ZyXEL Device knows about network N2 in the following figure through remote node router R1.
Page 134: Static Route Setup Screen
Chapter 13 Static Route Screens Figure 75 IP Static Route The following table describes the labels in this screen. Table 50 IP Static Route LABEL Name Active Destination Gateway Modify 13.2.1 Static Route Setup Screen To edit a static route, click the edit icon under Modify. The following screen displays. Fill in the required information for each static route.
Page 135: Figure 76 Static Route Setup
Figure 76 Static Route Setup The following table describes the labels in this screen. Table 51 Static Route Setup LABEL DESCRIPTION Route Name Enter the name of the IP static route. Leave this field blank to delete this static route. Active This field allows you to activate/deactivate this static route.
Page 136 Chapter 13 Static Route Screens ZyXEL NBG-334SH User’s Guide...
Page 137: Bandwidth Management
H A P T E R Bandwidth Management This chapter contains information about configuring bandwidth management, editing rules and viewing the ZyXEL Device’s bandwidth management logs. 14.1 Bandwidth Management Overview ZyXEL’s Bandwidth Management allows you to specify bandwidth management rules based on an application and/or subnet.
Page 138: Application And Subnet-Based Bandwidth Management
Chapter 14 Bandwidth Management The following figure shows LAN subnets. You could configure one bandwidth class for subnet A and another for subnet B. Figure 77 Subnet-based Bandwidth Management Example 14.4 Application and Subnet-based Bandwidth Management You could also create bandwidth classes based on a combination of a subnet and an application.
Page 139: Predefined Bandwidth Management Services
Table 53 Bandwidth Management Priorities PRIORITY LEVELS: TRAFFIC WITH A HIGHER PRIORITY GETS THROUGH FASTER WHILE TRAFFIC WITH A LOWER PRIORITY IS DROPPED IF THE NETWORK IS CONGESTED. 14.6 Predefined Bandwidth Management Services The following is a description of the services that you can select and to which you can apply media bandwidth management using the wizard screens.
Page 140: Services And Port Numbers
Chapter 14 Bandwidth Management 14.6.1 Services and Port Numbers The commonly used services and port numbers are shown in the following table. Please refer to RFC 1700 for further information about port numbers. Next to the name of the service, two fields appear in brackets.
Page 141 Table 55 Commonly Used Services SERVICE PING(ICMP:0) POP3(TCP:110) PPTP(TCP:1723) PPTP_TUNNEL(GRE:0) RCMD(TCP:512) REAL_AUDIO(TCP:7070) REXEC(TCP:514) RLOGIN(TCP:513) RTELNET(TCP:107) RTSP(TCP/UDP:554) SFTP(TCP:115) SMTP(TCP:25) SNMP(TCP/UDP:161) SNMP-TRAPS(TCP/UDP:162) SQL-NET(TCP:1521) SSH(TCP/UDP:22) STRM WORKS(UDP:1558) SYSLOG(UDP:514) TACACS(UDP:49) TELNET(TCP:23) TFTP(UDP:69) VDOLIVE(TCP:7000) ZyXEL NBG-334SH User’s Guide Chapter 14 Bandwidth Management DESCRIPTION Packet INternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote host is reachable.
Page 142: Default Bandwidth Management Classes And Priorities
Chapter 14 Bandwidth Management 14.7 Default Bandwidth Management Classes and Priorities If you enable bandwidth management but do not configure a rule for critical traffic like VoIP, the voice traffic may then get delayed due to insufficient bandwidth. With the automatic traffic classifier feature activated, the ZyXEL Device automatically assigns a default bandwidth management class and priority to traffic that does not match any of the user-defined rules.
Page 143: Bandwidth Management Advanced Configuration
The following table describes the labels in this screen. Table 57 Bandwidth Management: General LABEL DESCRIPTION Enable Bandwidth Select this check box to have the ZyXEL Device apply bandwidth management. Management Enable bandwidth management to give traffic that matches a bandwidth rule priority over traffic that does not match a bandwidth rule.
Page 144: Rule Configuration With The Pre-Defined Service
Chapter 14 Bandwidth Management The following table describes the labels in this screen. Table 58 Bandwidth Management: Advanced LABEL Upstream Bandwidth (kbps) Application List Enable Service Priority Advanced Setting User-defined Service Enable Direction Service Name Priority Modify Apply Reset 14.9.1 Rule Configuration with the Pre-defined Service To edit a bandwidth management rule for the pre-defined service in the ZyXEL Device, click the Edit icon in the Application List table of the Advanced screen.
Page 145: Rule Configuration With The User-Defined Service
Figure 80 Bandwidth Management Rule Configuration: Pre-defined Service The following table describes the labels in this screen. Table 59 Bandwidth Management Rule Configuration: Pre-defined Service LABEL DESCRIPTION This is the number of an individual bandwidth management rule. Enable Select an interface’s check box to enable bandwidth management on that interface.
Page 146: Bandwidth Management Monitor
Chapter 14 Bandwidth Management Figure 81 Bandwidth Management Rule Configuration: User-defined Service The following table describes the labels in this screen. Table 60 Bandwidth Management Rule Configuration: User-defined Service LABEL BW Budget Destination Address Destination Subnet Netmask Destination Port Source Address Source Subnet Netmask Source Port...
Page 147: Figure 82 Bandwidth Management: Monitor
Chapter 14 Bandwidth Management Figure 82 Bandwidth Management: Monitor ZyXEL NBG-334SH User’s Guide...
Page 148 Chapter 14 Bandwidth Management ZyXEL NBG-334SH User’s Guide...
Page 149: Remote Management Screens
H A P T E R Remote Management Screens This chapter provides information on the Remote Management screens. 15.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which ZyXEL Device interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
Page 150: Remote Management Limitations
Chapter 15 Remote Management Screens 15.1.1 Remote Management Limitations Remote management over LAN or WAN will not work when: 1 You have disabled that service in one of the remote management screens. 2 The IP address in the Secured Client IP Address field does not match the client IP address.
Page 151: Telnet
The following table describes the labels in this screen. Table 62 WWW Remote Management LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Server Access Select the interface(s) through which a computer may access the ZyXEL Device using this service.
Page 152: Ftp Screen
Chapter 15 Remote Management Screens Figure 85 Telnet Remote Management The following table describes the labels in this screen. Table 63 Telnet Remote Management LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
Page 153: Dns Screen
The following table describes the labels in this screen. Table 64 FTP Remote Management LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Server Access Select the interface(s) through which a computer may access the ZyXEL Device using this service.
Page 154: Table 65 Dns Remote Management
Chapter 15 Remote Management Screens The following table describes the labels in this screen. Table 65 DNS Remote Management LABEL DESCRIPTION Server Port The DNS service port number is 53 and cannot be changed here. Server Access Select the interface(s) through which a computer may send DNS queries to the ZyXEL Device.
Page 155: Universal Plug-And-Play (Upnp)
H A P T E R Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 16.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
Page 156: Upnp And Zyxel
Chapter 16 Universal Plug-and-Play (UPnP) When a UPnP device joins a network, it announces its presence with a multicast message. For security reasons, the ZyXEL Device allows multicast messages on the LAN only. All UPnP-enabled devices may communicate freely with each other without additional configuration.
Page 157: Installing Upnp In Windows Example
Table 66 Configuring UPnP LABEL Apply Cancel 16.4 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP. 16.4.0.1 Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me. 1 Click Start and Control Panel.
Page 158: Figure 90 Add/Remove Programs: Windows Setup: Communication: Components
Chapter 16 Universal Plug-and-Play (UPnP) Figure 90 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel.
Page 159: Figure 92 Windows Optional Networking Components Wizard
Figure 92 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Figure 93 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. ZyXEL NBG-334SH User’s Guide Chapter 16 Universal Plug-and-Play (UPnP)
Page 160: Figure 94 Network Connections
Chapter 16 Universal Plug-and-Play (UPnP) 16.4.0.2 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL Device. Make sure the computer is connected to a LAN port of the ZyXEL Device.
Page 161: Figure 95 Internet Connection Properties
Chapter 16 Universal Plug-and-Play (UPnP) Figure 95 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings. ZyXEL NBG-334SH User’s Guide...
Page 162: Figure 96 Internet Connection Properties: Advanced Settings
Chapter 16 Universal Plug-and-Play (UPnP) Figure 96 Internet Connection Properties: Advanced Settings Figure 97 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Page 163: Figure 98 System Tray Icon
Figure 98 System Tray Icon 7 Double-click on the icon to display your current Internet connection status. Figure 99 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first.
Page 164: Figure 100 Network Connections
Chapter 16 Universal Plug-and-Play (UPnP) Figure 100 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays. ZyXEL NBG-334SH User’s Guide...
Page 165: Figure 101 Network Connections: My Network Places
Chapter 16 Universal Plug-and-Play (UPnP) Figure 101 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Figure 102 Network Connections: My Network Places: Properties: Example ZyXEL NBG-334SH User’s Guide...
Page 166 Chapter 16 Universal Plug-and-Play (UPnP) ZyXEL NBG-334SH User’s Guide...
Page 167: Maintenance And Troubleshooting
Maintenance and Troubleshooting System (169) Logs (173) Tools (187) Configuration Mode (193) Troubleshooting (195)
Page 169: System
H A P T E R This chapter provides information on the System screens. 17.1 System Overview See the chapter about wizard setup for more information on the next few screens. 17.2 System General Screen Click Maintenance > System. The following screen displays. Figure 103 System General ZyXEL NBG-334SH User’s Guide System...
Page 170: Time Setting Screen
Chapter 17 System The following table describes the labels in this screen. Table 67 System General LABEL System Name Domain Name Administrator Inactivity Timer Password Setup Old Password New Password Retype to Confirm Apply Reset 17.3 Time Setting Screen To change your ZyXEL Device’s time and date, click Maintenance > System > Time Setting.
Page 171: Figure 104 Time Setting
Figure 104 Time Setting The following table describes the labels in this screen. Table 68 Time Setting LABEL DESCRIPTION Current Time and Date Current Time This field displays the time of your ZyXEL Device. Each time you reload this page, the ZyXEL Device synchronizes the time with the time server.
Page 172 Chapter 17 System Table 68 Time Setting LABEL Get from Time Server Auto User Defined Time Server Address Time Zone Setup Time Zone Daylight Savings Start Date End Date Apply Reset DESCRIPTION Select this radio button to have the ZyXEL Device get the time and date from the time server you specified below.
Page 173: Logs
H A P T E R This chapter contains information about configuring general log settings and viewing the ZyXEL Device’s logs. Refer to the appendices for example log message explanations. 18.1 View Log The web configurator allows you to look at all of the ZyXEL Device’s logs in one location. Click Maintenance >...
Page 174: Log Settings
Chapter 18 Logs The following table describes the labels in this screen. Table 69 View Log LABEL Display Time Message Source Destination Note Email Log Now Refresh Clear Log 18.2 Log Settings You can configure the ZyXEL Device’s general log settings in one location. Click Maintenance >...
Page 175: Figure 106 Log Settings
Figure 106 Log Settings The following table describes the labels in this screen. Table 70 Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and alert messages will not be sent via E-mail.
Page 176 Chapter 18 Logs Table 70 Log Settings LABEL Send Alerts To SMTP Authentication User Name Password Log Schedule Day for Sending Log Use the drop down list box to select which day of the week to send the logs. Time for Sending Clear log after sending mail Syslog Logging...
Page 177: Log Descriptions
18.3 Log Descriptions This section provides descriptions of example log messages. Table 71 System Maintenance Logs LOG MESSAGE Time calibration is successful Time calibration failed WAN interface gets IP:%s DHCP client IP expired DHCP server assigns%s Successful WEB login WEB login failed Successful TELNET login TELNET login failed Successful FTP login...
Page 178: Table 72 System Error Logs
Chapter 18 Logs Table 72 System Error Logs LOG MESSAGE %s exceeds the max. number of session per host! setNetBIOSFilter: calloc error readNetBIOSFilter: calloc error WAN connection is down. Table 73 Access Control Logs LOG MESSAGE Firewall default policy: [TCP | UDP | IGMP | ESP | GRE | OSPF] <Packet Direction>...
Page 179: Table 75 Packet Filter Logs
Table 74 TCP Reset Logs (continued) LOG MESSAGE Firewall session time out, sent TCP RST Exceed MAX incomplete, sent TCP RST Access block, sent TCP Table 75 Packet Filter Logs LOG MESSAGE [TCP | UDP | ICMP | IGMP | Generic] packet filter matched (set:%d, rule:%d) Table 76 ICMP Logs...
Page 180: Table 77 Cdr Logs
Chapter 18 Logs Table 77 CDR Logs LOG MESSAGE board%d line%d channel%d, call%d,%s C01 Outgoing Call dev=%x ch=%x%s board%d line%d channel%d, call%d,%s C02 OutCall Connected%d%s board%d line%d channel%d, call%d,%s C02 Call Terminated Table 78 PPP Logs LOG MESSAGE ppp:LCP Starting ppp:LCP Opening ppp:CHAP Opening ppp:IPCP...
Page 181: Table 81 Attack Logs
Table 80 Content Filtering Logs (continued) LOG MESSAGE %s: Proxy mode detected %s:%s %s(cache hit) %s:%s(cache hit) %s: Trusted Web site Waiting content filter server timeout DNS resolving failed Creating socket failed The ZyXEL Device cannot issue a query because TCP/IP socket Connecting to content filter server fail License key is invalid The external content filtering license key is invalid.
Page 182: Table 82 Pki Logs
Chapter 18 Logs Table 81 Attack Logs (continued) LOG MESSAGE teardrop UDP teardrop ICMP (type:%d, code:%d) illegal command TCP NetBIOS TCP ip spoofing - no routing entry [TCP | UDP | IGMP | ESP | GRE | OSPF] ip spoofing - no routing entry ICMP (type:%d, code:%d) vulnerability ICMP...
Page 183: Table 83 802.1X Logs
Table 82 PKI Logs (continued) LOG MESSAGE Failed to decode the received ca cert Failed to decode the received user cert Failed to decode the received CRL Failed to decode the received ARL Rcvd data <size> too large! Max size allowed: <max size>...
Page 184: Table 84 Acl Setting Notes
Chapter 18 Logs Table 83 802.1X Logs (continued) LOG MESSAGE Local User Database does not support authentication method. No response from RADIUS. Pls check RADIUS Server. Use Local User Database to authenticate user. Use RADIUS to authenticate user. The RADIUS server is operating as the authentication No Server to authenticate user.
Page 185: Table 86 Syslog Logs
Table 85 ICMP Notes (continued) TYPE CODE DESCRIPTION Redirect datagrams for the Type of Service and Network Redirect datagrams for the Type of Service and Host Echo Echo message Time Exceeded Time to live exceeded in transit Fragment reassembly time exceeded Parameter Problem Pointer indicates the error Timestamp...
Page 186 Chapter 18 Logs Table 87 RFC-2408 ISAKMP Payload Types (continued) LOG DISPLAY NONCE NOTFY PAYLOAD TYPE Signature Nonce Notification Delete Vendor ID ZyXEL NBG-334SH User’s Guide...
Page 187: Tools
H A P T E R This chapter shows you how to upload a new firmware, upload or save backup configuration files and restart the ZyXEL Device. 19.1 Firmware Upload Screen Find firmware at www.zyxel.com "*.bin" extension, e.g., "ZyXEL Device.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes.
Page 188: Configuration Screen
Chapter 19 Tools After you see the Firmware Upload In Process screen, wait two minutes before logging into the ZyXEL Device again. Figure 108 Upload Warning The ZyXEL Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 109 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen.
Page 189: Backup Configuration
Figure 111 Configuration 19.2.1 Backup Configuration Backup configuration allows you to back up (save) the ZyXEL Device’s current configuration to a file on your computer. Once your ZyXEL Device is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes.
Page 190: Back To Factory Defaults
Chapter 19 Tools Figure 112 Configuration Restore Successful The ZyXEL Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 113 Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default ZyXEL Device IP address (192.168.1.1).
Page 191: Figure 115 System Restart
Chapter 19 Tools Click Maintenance > Tools > Restart. Click Restart to have the ZyXEL Device reboot. This does not affect the ZyXEL Device's configuration. Figure 115 System Restart ZyXEL NBG-334SH User’s Guide...
Page 192 Chapter 19 Tools ZyXEL NBG-334SH User’s Guide...
Page 193: Configuration Mode
H A P T E R Click Maintenance > Config Mode to open the following screen. This screen allows you to hide or display the advanced screens of some features or the advanced features, such as MAC filter or static route. Basic is selected by default and you cannot see the advanced screens or features.
Page 194 Chapter 20 Configuration Mode Table 90 Config Mode: Advanced Screens CATEGORY Management Maintenance LINK Static Route IP Static Route Bandwidth MGMT Advanced Monitor Remote MGMT Telnet Logs Log Settings ZyXEL NBG-334SH User’s Guide...
Page 195: Troubleshooting
H A P T E R This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • ZyXEL Device Access and Login • Internet Access •...
Page 196: Zyxel Device Access And Login
Chapter 21 Troubleshooting 21.2 ZyXEL Device Access and Login I forgot the IP address for the ZyXEL Device. 1 The default IP address is 192.168.1.1. 2 If you changed the IP address and have forgotten it, you might get the IP address of the ZyXEL Device by looking up the IP address of the default gateway for your computer.
Page 197: Internet Access
6 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions • Try to access the ZyXEL Device using another service, such as Telnet. If you can access the ZyXEL Device, check the remote management settings and firewall rules to find out why the ZyXEL Device does not respond to HTTP.
Page 198 Chapter 21 Troubleshooting 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide. 2 Make sure you entered your ISP account information correctly in the wizard. These fields are case-sensitive, so make sure [Caps Lock] is not on. 3 If you are trying to access the Internet wirelessly, make sure the wireless settings in the wireless client are the same as the settings in the AP.
Page 199: Resetting The Zyxel Device To Its Factory Defaults
21.4 Resetting the ZyXEL Device to Its Factory Defaults If you reset the ZyXEL Device, you lose all of the changes you have made. The ZyXEL Device re-loads its default settings, and the password resets to 1234. You have to make all of your changes again.
Page 200 Chapter 21 Troubleshooting ZyXEL NBG-334SH User’s Guide...
Page 201: Appendices And Index
Appendices and Index Product Specifications (203) Pop-up Windows, JavaScripts and Java Permissions (207) IP Addresses and Subnetting (213) Wall-mounting Instructions (221) Setting up Your Computer’s IP Address (223) Wireless LANs (239) Command Interpreter (251) NetBIOS Filter Commands (255) Services (257) Internal SPTGEN (261) Legal Information (277) Customer Support (281)
Page 203: Appendix A Product Specifications
P P E N D I X Product Specifications The following tables summarize the ZyXEL Device’s hardware and firmware features. Table 91 Hardware Features Dimensions (W x D x H) Power Specification Ethernet ports 4-Port Switch Reset Button Antenna Operation Temperature Storage Temperature Operation Humidity Storage Humidity...
Page 204 Appendix A Product Specifications Table 92 Firmware Features FEATURE Wireless Functionality Firmware Upgrade Configuration Backup & Restoration Network Address Translation (NAT) Firewall Content Filter Bandwidth Management Time and Date Port Forwarding DHCP (Dynamic Host Configuration Protocol) Dynamic DNS Support IP Multicast IP Alias DESCRIPTION Allows IEEE 802.11b and/or IEEE 802.11g wireless clients to connect to...
Page 205 Table 92 Firmware Features FEATURE Logging and Tracing PPPoE PPTP Encapsulation Universal Plug and Play (UPnP) RoadRunner Support ZyXEL NBG-334SH User’s Guide Appendix A Product Specifications DESCRIPTION Use packet tracing and logs for troubleshooting. You can send logs from the ZyXEL Device to an external UNIX syslog server. PPPoE mimics a dial-up over Ethernet Internet access connection.
Page 206 Appendix A Product Specifications ZyXEL NBG-334SH User’s Guide...
Page 207: Appendix B Pop-Up Windows, Javascripts And Java Permissions
P P E N D I X Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Internet Explorer 6 screens are used here.
Page 208: Figure 118 Internet Options: Privacy
Appendix B Pop-up Windows, JavaScripts and Java Permissions 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 118 Internet Options: Privacy 3 Click Apply to save this setting. Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps.
Page 209: Figure 119 Internet Options: Privacy
Figure 119 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 120 Pop-up Blocker Settings ZyXEL NBG-334SH User’s Guide Appendix B Pop-up Windows, JavaScripts and Java Permissions...
Page 210: Figure 121 Internet Options: Security
Appendix B Pop-up Windows, JavaScripts and Java Permissions 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.
Page 211: Figure 122 Security Settings - Java Scripting
Figure 122 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window.
Page 212: Figure 124 Java (Sun)
Appendix B Pop-up Windows, JavaScripts and Java Permissions JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Figure 124 Java (Sun) ZyXEL NBG-334SH User’s Guide...
Page 213: Appendix C Ip Addresses And Subnetting
P P E N D I X IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network.
Page 214: Figure 125 Network Number And Host Id
Appendix C IP Addresses and Subnetting Figure 125 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation).
Page 215: Table 94 Subnet Masks
Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Table 94 Subnet Masks BINARY OCTET 8-bit mask 11111111 16-bit mask 11111111 24-bit mask 11111111...
Page 216: Figure 126 Subnetting Example: Before Subnetting
Appendix C IP Addresses and Subnetting Table 96 Alternative Subnet Mask Notation (continued) SUBNET MASK 255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.248 255.255.255.252 Subnetting You can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons.
Page 217: Figure 127 Subnetting Example: After Subnetting
Figure 127 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 2 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address).
Page 218: Table 98 Subnet 2
Appendix C IP Addresses and Subnetting Table 98 Subnet 2 IP/SUBNET MASK IP Address IP Address (Binary) Subnet Mask (Binary) Subnet Address: 192.168.1.64 Broadcast Address: 192.168.1.127 Table 99 Subnet 3 IP/SUBNET MASK IP Address IP Address (Binary) Subnet Mask (Binary) Subnet Address: 192.168.1.128 Broadcast Address:...
Page 219: Table 102 24-Bit Network Number Subnet Planning
Table 101 Eight Subnets (continued) SUBNET SUBNET ADDRESS Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 102 24-bit Network Number Subnet Planning NO. “BORROWED” HOST BITS The following table is a summary for subnet planning on a network with a 16-bit network number.
Page 220: Configuring Ip Addresses
Appendix C IP Addresses and Subnetting Table 103 16-bit Network Number Subnet Planning (continued) NO. “BORROWED” HOST BITS Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
Page 221: Appendix D Wall-Mounting Instructions
P P E N D I X Wall-mounting Instructions Do the following to hang your ZyXEL Device on a wall. See the product specifications appendix for the size of screws to use and how far apart to place them. 1 Locate a high position on a wall that is free of obstructions. Use a sturdy wall. 2 Drill two holes for the screws.
Page 222 Appendix D Wall-mounting Instructions ZyXEL NBG-334SH User’s Guide...
Page 223: Appendix E Setting Up Your Computer's Ip Address
P P E N D I X Setting up Your Computer’s IP All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer.
Page 224: Figure 129 Windows 95/98/Me: Network: Configuration
Appendix E Setting up Your Computer’s IP Address Figure 129 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
Page 225: Figure 130 Windows 95/98/Me: Tcp/Ip Properties: Ip Address
Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • If your IP address is dynamic, select Obtain an IP address automatically. • If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields.
Page 226: Figure 131 Windows 95/98/Me: Tcp/Ip Properties: Dns Configuration
Appendix E Setting up Your Computer’s IP Address Figure 131 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window.
Page 227: Figure 132 Windows Xp: Start Menu
Figure 132 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 133 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. ZyXEL NBG-334SH User’s Guide Appendix E Setting up Your Computer’s IP Address...
Page 228: Figure 134 Windows Xp: Control Panel: Network Connections: Properties
Appendix E Setting up Your Computer’s IP Address Figure 134 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 135 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Page 229: Figure 136 Windows Xp: Internet Protocol (Tcp/Ip) Properties
Figure 136 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
Page 230: Figure 137 Windows Xp: Advanced Tcp/Ip Properties
Appendix E Setting up Your Computer’s IP Address Figure 137 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
Page 231: Figure 138 Windows Xp: Internet Protocol (Tcp/Ip) Properties
Figure 138 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT).
Page 232: Figure 139 Macintosh Os 8/9: Apple Menu
Appendix E Setting up Your Computer’s IP Address Figure 139 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 140 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: ZyXEL NBG-334SH User’s Guide...
Page 233: Figure 141 Macintosh Os X: Apple Menu
• From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your Prestige in the Router address box. 5 Close the TCP/IP Control Panel.
Page 234: Figure 142 Macintosh Os X: Network
Appendix E Setting up Your Computer’s IP Address Figure 142 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. •...
Page 235: Figure 143 Red Hat 9.0: Kde: Network Configuration: Devices
Make sure you are logged in as the root administrator. Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. 1 Click the Red Hat button (located on the bottom left corner), select System Setting and click Network.
Page 236: Figure 144 Red Hat 9.0: Kde: Ethernet Device: General
Appendix E Setting up Your Computer’s IP Address Figure 144 Red Hat 9.0: KDE: Ethernet Device: General • If you have a dynamic IP address click Automatically obtain IP address settings with and select dhcp from the drop down list. •...
Page 237: Figure 146 Red Hat 9.0: Kde: Network Configuration: Activate
Figure 146 Red Hat 9.0: KDE: Network Configuration: Activate 7 After the network card restart process is complete, make sure the Status is Active in the Network Configuration screen. Using Configuration Files Follow the steps below to edit the network configuration files and set your computer IP address.
Page 238: Verifying Settings
Appendix E Setting up Your Computer’s IP Address 2 If you know your DNS server IP address(es), enter the DNS server information in the resolv.conf where two DNS server IP addresses are specified. Figure 149 Red Hat 9.0: DNS Settings in resolv.conf nameserver 172.23.5.1 nameserver 172.23.5.2 3 After you edit and save the configuration files, you must restart the network card.
Page 239: Appendix F Wireless Lans
P P E N D I X Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an Ad-hoc network or Independent Basic Service Set (IBSS).
Page 240: Figure 153 Basic Service Set
Appendix F Wireless LANs Figure 153 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN.
Page 241: Figure 154 Infrastructure Wlan
Figure 154 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference.
Page 242: Figure 155 Rts/Cts
Appendix F Wireless LANs Figure 155 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
Page 243: Table 104 Ieee 802.11G
If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Preamble Type A preamble is used to synchronize the transmission timing in your wireless network.
Page 244: Types Of Radius Messages
Appendix F Wireless LANs • User based identification that allows for roaming. • Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and accounting management on a network RADIUS server. • Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional authentication methods to be deployed with no changes to the access point or the wireless stations.
Page 245: Types Of Authentication
In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password, they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is also encrypted to protect the network from unauthorized access.
Page 246: Table 105 Comparison Of Eap Authentication Types
Appendix F Wireless LANs PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication.
Page 247 Key differences between WPA(2) and WEP are improved data encryption and user authentication. Encryption Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. In addition to TKIP, WPA2 also uses Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption.
Page 248: Wpa(2)-Psk Application Example
Appendix F Wireless LANs 21.5.2 WPA(2)-PSK Application Example A WPA(2)-PSK application looks as follows. 1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters (including spaces and symbols).
Page 249: Table 106 Wireless Security Relational Matrix
Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. MAC address filters are not dependent on how you configure these security features. Table 106 Wireless Security Relational Matrix AUTHENTICATION METHOD/ KEY MANAGEMENT PROTOCOL...
Page 250 Appendix F Wireless LANs ZyXEL NBG-334SH User’s Guide...
Page 251: Appendix G Command Interpreter
P P E N D I X The following describes how to use the command interpreter. See the included disk or zyxel.com for more detailed information on these commands. Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable. Accessing the Command Interpreter If your device has SMT, enter 24 in the main menu to bring up the system maintenance menu.
Page 252: Figure 157 Displaying Log Categories Example
1 Use the sys logs load configure which logs the ZyXEL Device is to record. 2 Use sys logs category Figure 157 Displaying Log Categories Example Copyright (c) 1994 - 2006 ZyXEL Communications Corp. ras> sys logs category 8021x error packetfilter tcpreset urlforward ras>...
Page 253: Log Command Example
• Use the sys logs display [log category] individual ZyXEL Device log category. • Use the sys logs clear Log Command Example This example shows how to set the ZyXEL Device to record the access logs and alerts and then view the results. ras>...
Page 254 Appendix G Command Interpreter ZyXEL NBG-334SH User’s Guide...
Page 255: Appendix H Netbios Filter Commands
P P E N D I X NetBIOS Filter Commands The following describes the NetBIOS packet filter commands. See for information on the command structure. Introduction NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls.
Page 256: Table 107 Netbios Filter Default Settings
Appendix H NetBIOS Filter Commands The filter types and their default settings are as follows. Table 107 NetBIOS Filter Default Settings NAME DESCRIPTION Between LAN This field displays whether NetBIOS packets are blocked or forwarded and WAN between the LAN and the WAN. Between LAN This field displays whether NetBIOS packets are blocked or forwarded and DMZ...
Page 257: Appendix I Services
P P E N D I X The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like.
Page 258 Appendix I Services Table 108 Examples of Services (continued) NAME H.323 HTTP HTTPS ICMP IGMP (MULTICAST) User-Defined IMAP4 IMAP4S MSN Messenger NetBIOS NEW-ICQ NEWS NNTP PING POP3 POP3S PPTP PROTOCOL PORT(S) DESCRIPTION 1720 NetMeeting uses this protocol. Hyper Text Transfer Protocol - a client/ server protocol for the world wide web.
Page 259 Table 108 Examples of Services (continued) NAME PROTOCOL PPTP_TUNNEL User-Defined (GRE) RCMD REAL_AUDIO REXEC RLOGIN ROADRUNNER TCP/UDP RTELNET RTSP TCP/UDP SFTP SMTP SMTPS SNMP TCP/UDP SNMP-TRAPS TCP/UDP SQL-NET SSDP TCP/UDP STRM WORKS SYSLOG TACACS TELNET ZyXEL NBG-334SH User’s Guide Appendix I Services PORT(S) DESCRIPTION PPTP (Point-to-Point Tunneling Protocol)
Page 260 Appendix I Services Table 108 Examples of Services (continued) NAME TFTP VDOLIVE PROTOCOL PORT(S) DESCRIPTION Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol).
Page 261: Appendix J Internal Sptgen
P P E N D I X This appendix introduces Internal SPTGEN. All menus shown in this appendix are example menus meant to show SPTGEN usage. Actual menus for your product may differ. Internal SPTGEN Overview Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple ZyXEL Devices.
Page 262: Figure 160 Invalid Parameter Entered: Command Line Example
Appendix J Internal SPTGEN DO NOT alter or delete any field except parameters in the Input column. This appendix introduces Internal SPTGEN. All menus shown in this appendix are example menus meant to show SPTGEN usage. Actual menus for your product may differ. Internal SPTGEN File Modification - Important Points to Remember Each parameter you enter must be preceded by one “=”sign and one space.
Page 263: Figure 162 Internal Sptgen Ftp Download Example
Figure 162 Internal SPTGEN FTP Download Example c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 2000 User (192.168.1.1:(none)): 331 Enter PASS command Password: 230 Logged in ftp>bin 200 Type I OK ftp> get rom-t ftp>bye c:\edit rom-t (edit the rom-t text file by a text editor and save it) You can rename your “...
Page 264: Table 109 Abbreviations Used In The Example Internal Sptgen Screens Table
Appendix J Internal SPTGEN Example Internal SPTGEN Menus This section provides example Internal SPTGEN menus. Table 109 Abbreviations Used in the Example Internal SPTGEN Screens Table ABBREVIATION MEANING Field Identification Number Field Name Parameter Values Allowed INPUT An example of what you may enter Applies to the ZyXEL Device.
Page 265 Table 111 Menu 3 / Menu 3.2 TCP/IP and DHCP Ethernet Setup 30200001 = DHCP 30200002 = Client IP Pool Starting Address 30200003 = Size of Client IP Pool 30200004 = Primary DNS Server 30200005 = Secondary DNS Server 30200006 = Remote DHCP Server 30200008 = IP Address...
Page 266 Appendix J Internal SPTGEN Table 111 Menu 3 30201008 = IP Alias #1 Incoming protocol filters Set 3 30201009 = IP Alias #1 Incoming protocol filters Set 4 30201010 = IP Alias #1 Outgoing protocol filters Set 1 30201011 = IP Alias #1 Outgoing protocol filters Set 2 30201012 =...
Page 267: Table 112 Menu 4 Internet Access Setup
Table 111 Menu 3 30500004 = RTS Threshold 30500005 = FRAG. Threshold 30500006 = 30500007 = Default Key 30500008 = WEP Key1 30500009 = WEP Key2 30500010 = WEP Key3 30500011 = WEP Key4 30500012 = Wlan Active 30500013 = Wlan 4X Mode */ MENU 3.5.1 WLAN MAC ADDRESS FILTER 30501001 =...
Page 268 Appendix J Internal SPTGEN Table 112 Menu 4 Internet Access Setup (continued) 40000003 = ISP's Name 40000004 = Encapsulation 40000005 = Multiplexing 40000006 = VPI # 40000007 = VCI # 40000008 = Service Name 40000009 = My Login 40000010 = My Password 40000011 = Single User Account...
Page 269: Table 113 Menu 12
Table 112 Menu 4 Internet Access Setup (continued) 40000032= RIP Version 40000033= Nailed-up Connection Table 113 Menu 12 / Menu 12.1.1 IP Static Route Setup 120101001 = IP Static Route set #1, Name 120101002 = IP Static Route set #1, Active 120101003 = IP Static Route set #1, Destination IP address...
Page 270 Appendix J Internal SPTGEN Table 114 Menu 15 SUA Server Setup (continued) 150000007 = SUA Server #3 Active 150000008 = SUA Server #3 Protocol 150000009 = SUA Server #3 Port Start 150000010 = SUA Server #3 Port End 150000011 = SUA Server #3 Local IP address 150000012 = SUA Server #4 Active...
Page 271: Table 115 Menu 21.1 Filter Set #1
Table 114 Menu 15 SUA Server Setup (continued) 150000041 = SUA Server #9 Local IP address 150000042 = SUA Server #10 Active 150000043 = SUA Server #10 Protocol 150000044 = SUA Server #10 Port Start 150000045 = SUA Server #10 Port End 150000046 = SUA Server #10 Local IP address 150000047 =...
Page 272: Table 116 Menu 21.1 Filer Set #2
Appendix J Internal SPTGEN Table 115 Menu 21.1 Filter Set #1 (continued) 210101011 = IP Filter Set 1,Rule 1 Src Port Comp 210101013 = IP Filter Set 1,Rule 1 Act Match 210101014 = IP Filter Set 1,Rule 1 Act Not Match / Menu 21.1.1.2 set #1, rule #2 210102001 = IP Filter Set 1,Rule 2 Type...
Page 273 Table 116 Menu 21.1 Filer Set #2, (continued) 210201001 = IP Filter Set 2, Rule 1 Type 210201002 = IP Filter Set 2, Rule 1 Active 210201003 = IP Filter Set 2, Rule 1 Protocol 210201004 = IP Filter Set 2, Rule 1 Dest IP address 210201005 = IP Filter Set 2, Rule 1 Dest...
Page 274: Table 117 Menu 23 System Menus
Appendix J Internal SPTGEN Table 116 Menu 21.1 Filer Set #2, (continued) 210202010 = IP Filter Set 2,Rule 2 Src Port 210202011 = IP Filter Set 2, Rule 2 Src Port Comp 210202013 = IP Filter Set 2, Rule 2 Act Match 210202014 = IP Filter Set 2, Rule 2 Act Not Match...
Page 275: Table 118 Menu 24.11 Remote Management Control
Table 117 Menu 23 System Menus (continued) 230400004 = Authentication Databases 230400005 = Key Management Protocol 230400006 = Dynamic WEP Key Exchange 230400007 = 230400008 = WPA Mixed Mode 230400009 = Data Privacy for Broadcast/ Multicast packets 230400010 = WPA Broadcast/Multicast Key Update Timer Table 118 Menu 24.11 Remote Management Control / Menu 24.11 Remote Management Control...
Page 276: Table 119 Command Examples
Appendix J Internal SPTGEN Command Examples The following are example Internal SPTGEN screens associated with the ZyXEL Device’s command interpreter commands. Table 119 Command Examples /ci command (for annex a): wan adsl opencmd 990000001 = ADSL OPMD /ci command (for annex B): wan adsl opencmd 990000001 = ADSL OPMD INPUT...
Page 278 Appendix K Legal Information If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures: 1 Reorient or relocate the receiving antenna.
Page 279: Zyxel Limited Warranty
ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating...
Page 280 Appendix K Legal Information ZyXEL NBG-334SH User’s Guide...
Page 281: Appendix L Customer Support
José, Costa Rica Czech Republic • E-mail: info@cz.zyxel.com • Telephone: +420-241-091-350 • Fax: +420-241-091-359 • Web Site: www.zyxel.cz • Regular Mail: ZyXEL Communications, Czech s.r.o., Modranská 621, 143 01 Praha 4 - Modrany, Ceská Republika ZyXEL NBG-334SH User’s Guide Customer Support...
Page 282 • Support E-mail: support@zyxel.fi • Sales E-mail: sales@zyxel.fi • Telephone: +358-9-4780-8411 • Fax: +358-9-4780 8448 • Web Site: www.zyxel.fi • Regular Mail: ZyXEL Communications Oy, Malminkaari 10, 00700 Helsinki, Finland France • E-mail: info@zyxel.fr • Telephone: +33-4-72-52-97-97 • Fax: +33-4-72-52-19-20 •...
Page 283 • Sales E-mail: sales@zyxel.com • Telephone: +1-800-255-4101, +1-714-632-0882 • Fax: +1-714-632-0858 • Web Site: www.us.zyxel.com • FTP Site: ftp.us.zyxel.com • Regular Mail: ZyXEL Communications Inc., 1130 N. Miller St., Anaheim, CA 92806- 2001, U.S.A. Norway • Support E-mail: support@zyxel.no • Sales E-mail: sales@zyxel.no •...
Page 284 Appendix L Customer Support • Web Site: www.zyxel.es • Regular Mail: ZyXEL Communications, Arte, 21 5ª planta, 28033 Madrid, Spain Sweden • Support E-mail: support@zyxel.se • Sales E-mail: sales@zyxel.se • Telephone: +46-31-744-7700 • Fax: +46-31-744-7701 • Web Site: www.zyxel.se • Regular Mail: ZyXEL Communications A/S, Sjöporten 4, 41764 Göteborg, Sweden Ukraine •...
Page 285: Index
Numerics 802.11 Mode Access point See also AP. ActiveX address resolution protocol (ARP) Alert alternative subnet mask notation any IP note See also access point. AP (Access Point) Asymmetrical routes and IP alias see also triangle routes Backup configuration Bandwidth management application-based classes and priorities monitor...
Page 286 Index vs host name. see also system name Domain Name System duplex setting Dynamic DNS Dynamic Host Configuration Protocol Dynamic WEP Key Exchange DynDNS Wildcard EAP Authentication e-mail Encryption encryption and local (user) database WPA compatible Extended Service Set Extended wireless security Factory LAN defaults FCC interference statement File Transfer Program...
Page 287 IP pool setup LAN overview LAN Setup LAN setup LAN TCP/IP Link type local (user) database and encryption Local Area Network MAC address 74, 89 cloning 67, 89 MAC address filter MAC address filtering action MAC filter managing the device good habits using FTP.
Page 288 Index RADIUS Shared Secret Key RADIUS Message Types RADIUS Messages RADIUS server registration product related documentation Remote management and NAT and the firewall limitations remote management session system timeout Reset button 43, 190 Reset the device Restore configuration Restrict Web Features RF (Radio Frequency) RoadRunner Roaming...
Page 289 weaknesses User Name VoIP IP address assignment WAN advanced WAN IP address WAN IP address assignment WAN MAC address warranty note Web Configurator how to access Overview Web configurator navigating web configurator Web Proxy WEP Encryption WEP encryption WEP key Wi-Fi Multimedia QoS Wildcard Windows Networking...
Page 290 Index ZyXEL NBG-334SH User’s Guide...

ZyXEL Communications ZyXEL NBG334SH User Manual

Chapter 1 Getting to Know Your Zyxel Device

Chapter 2 Wireless Tutorial

Chapter 3 Introducing the Web Configurator

Chapter 4 Connection Wizard

Chapter 5 Wireless LAN

Chapter 6 WAN

Chapter 7 LAN

Chapter 8 DHCP Server

Chapter 9 Network Address Translation (NAT)

Chapter 10 Dynamic DNS

Chapter 11 Firewall

Chapter 12 Content Filtering

Chapter 13 Static Route Screens

Chapter 14 Bandwidth Management

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications ZyXEL NBG334SH

Summary of Contents for ZyXEL Communications ZyXEL NBG334SH