ZyXEL Communications NBG-460N User Manual
  1. Manuals
  2. Brands
  3. ZyXEL Communications Manuals
  4. Wireless Router
  5. NBG-460N
  6. User manual
ZyXEL Communications NBG-460N User Manual

ZyXEL Communications NBG-460N User Manual

Wireless n gigabit router
Hide thumbs Also See for NBG-460N:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Manual
NBG-460N
Wireless N Gigabit Router
Default Login Details
IP Address
http://192.168.1.1
Password
Firmware Version 3.60
Edition 4, 10/2009
www.zyxel.com
www.zyxel.com
1234
Copyright © 2009
ZyXEL Communications Corporation

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the NBG-460N and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for ZyXEL Communications NBG-460N

Summary of Contents for ZyXEL Communications NBG-460N

  • Page 1 NBG-460N Wireless N Gigabit Router Default Login Details IP Address http://192.168.1.1 Password 1234 Firmware Version 3.60 Edition 4, 10/2009 www.zyxel.com www.zyxel.com Copyright © 2009 ZyXEL Communications Corporation...

  • Page 3: About This User's Guide

    About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the NBG-460N using the Web Configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology.
  • Page 4 About This User's Guide • Date that you received your device. Brief description of the problem and the steps you took to solve it. NBG-460N User’s Guide...

  • Page 5: Document Conventions

    Syntax Conventions • The NBG-460N may be referred to as the “NBG-460N”, the “device”, the “product” or the “system” in this User’s Guide. • Product labels, screen names, field labels and field choices are all in bold font.
  • Page 6 Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The NBG-460N icon is not an exact representation of your device. NBG-460N Computer Notebook computer Server DSLAM Firewall Telephone Switch Router Modem NBG-460N User’s Guide...

  • Page 7: Safety Warnings

    Your product is marked with this symbol, which is known as the WEEE mark. WEEE stands for Waste Electronics and Electrical Equipment. It means that used electrical and electronic products should not be mixed with general waste. Used electrical and electronic equipment should be treated separately. NBG-460N User’s Guide...
  • Page 8 Safety Warnings NBG-460N User’s Guide...

  • Page 9: Table Of Contents

    Contents Overview Contents Overview Introduction ..........................21 Getting to Know Your NBG-460N ....................23 The WPS Button ........................29 Introducing the Web Configurator ....................31 Connection Wizard ........................45 Tutorials ............................. 63 AP Mode ............................ 81 Network ........................... 89 Wireless LAN ..........................91 WAN ............................
  • Page 10 Contents Overview NBG-460N User’s Guide...

  • Page 11: Table Of Contents

    1.3.1 Router Mode ......................24 1.3.2 AP Mode ........................25 1.3.3 Router vs. AP ......................26 1.4 Ways to Manage the NBG-460N ..................26 1.5 Good Habits for Managing the NBG-460N ................27 1.6 LEDs ............................ 27 Chapter 2 The WPS Button........................29 2.1 Overview ..........................
  • Page 12 5.1 Overview ..........................63 5.2 How to Connect to the Internet from an AP ................. 63 5.2.1 Configure Wireless Security Using WPS on both your NBG-460N and Wireless Client 5.2.2 Enable and Configure Wireless Security without WPS on your NBG-460N ....67 5.2.3 Configure Your Notebook ...................
  • Page 13 5.4.3 Configuring Bandwidth Allocation by IP or IP Range ..........78 Chapter 6 AP Mode........................... 81 6.1 Overview ..........................81 6.2 Setting your NBG-460N to AP Mode ................... 81 6.3 The Status Screen ....................... 82 6.3.1 Navigation Panel ......................84 6.4 Configuring Your Settings ....................86 6.4.1 LAN Settings ......................
  • Page 14 9.7.2 Any IP ........................144 Chapter 10 DHCP............................147 10.1 Overview .......................... 147 10.2 What You Can Do ......................147 10.3 What You Need To Know ....................147 10.4 DHCP General Screen ....................148 10.5 DHCP Advanced Screen ....................148 NBG-460N User’s Guide...
  • Page 15 13.1 Overview ........................169 13.2 What You Can Do ......................169 13.3 What You Need To Know ....................170 13.3.1 About the NBG-460N Firewall ................170 13.3.2 Triangle Routes ...................... 170 13.3.3 Triangle Routes and IP Alias .................. 171 13.4 General Firewall Screen ....................
  • Page 16 Part IV: Management................215 Chapter 16 Static Route ........................... 217 16.1 Overview .......................... 217 16.2 What You Can Do ......................217 16.3 IP Static Route Screen ....................218 16.3.1 Static Route Setup Screen ................... 219 Chapter 17 Bandwidth Management....................... 221 NBG-460N User’s Guide...
  • Page 17 19.4 UPnP Screen ........................240 19.5 Technical Reference ......................241 19.5.1 Using UPnP in Windows XP Example ..............241 19.5.2 Web Configurator Easy Access ................244 Part V: Maintenance and Troubleshooting ........247 Chapter 20 System ........................... 249 NBG-460N User’s Guide...
  • Page 18 23.3 General Screen ....................... 283 Chapter 24 Sys Op Mode ......................... 285 24.1 Overview .......................... 285 24.2 What You Can Do ......................285 24.3 What You Need to Know ....................285 24.4 General Screen ....................... 287 Chapter 25 Language ..........................289 NBG-460N User’s Guide...
  • Page 19 26.1 Power, Hardware Connections, and LEDs ..............291 26.2 NBG-460N Access and Login ..................292 26.3 Internet Access ........................ 294 26.4 Resetting the NBG-460N to Its Factory Defaults ............. 296 26.5 Wireless Router/AP Troubleshooting ................297 26.6 Advanced Features ......................297 Chapter 27 Product Specifications and Wall-Mounting Instructions ..........
  • Page 20 Table of Contents NBG-460N User’s Guide...

  • Page 21: Introduction

    Introduction Getting to Know Your NBG-460N (23) The WPS Button (29) Introducing the Web Configurator (31) Connection Wizard (45) AP Mode (81) Tutorials (63)

  • Page 23: Getting To Know Your Nbg-460N

    Voice over the Internet (VoIP). Additionally, you can configure your NBG-460N to have a port for your Internet Protocol Television (IPTV) service (refer to Section 8.3.3 on page 126 for more information.)

  • Page 24: Wireless Applications

    Chapter 1 Getting to Know Your NBG-460N • IPTV. Connect a Set-Top Box (STB) to your NBG-460N to watch Live TV and/or Video On Demand (VOD) on your television screen. Figure 1 NBG-460N Network LAN 1 LAN 2 LAN 3...

  • Page 25: Ap Mode

    Chapter 1 Getting to Know Your NBG-460N The following figure shows computers in a WLAN connecting to the NBG-460N (A), which has a DSL connection to the Internet. The NBG-460N is set to Router Mode and has router features such as a built-in firewall (B).

  • Page 26: Router Vs. Ap

    IEEE 802.11 wireless standards. 1.4 Ways to Manage the NBG-460N Use any of the following methods to manage the NBG-460N. • Web Configurator. This is recommended for everyday management of the NBG- 460N using a (supported) web browser.

  • Page 27: Good Habits For Managing The Nbg-460N

    Chapter 1 Getting to Know Your NBG-460N 1.5 Good Habits for Managing the NBG-460N Do the following things regularly to make the NBG-460N more secure and to manage the NBG-460N more effectively. • Change the password. Use a password that’s not easy to guess and that consists of different types of characters, such as numbers and letters.
  • Page 28 The NBG-460N is sending/receiving data. The WAN connection is not ready, or has failed. WLAN Green The NBG-460N is ready, but is not sending/ receiving data through the wireless LAN. Blinking The NBG-460N is sending/receiving data through the wireless LAN.

  • Page 29: The Wps Button

    H A P T E R The WPS Button 2.1 Overview Your NBG-460N supports WiFi Protected Setup (WPS), which is an easy way to set up a secure wireless network. WPS is an industry standard specification, defined by the WiFi Alliance.
  • Page 30 Chapter 2 The WPS Button NBG-460N User’s Guide...

  • Page 31: Introducing The Web Configurator

    Internet Explorer. 3.2 Accessing the Web Configurator Make sure your NBG-460N hardware is properly connected and prepare your computer or computer network to connect to the NBG-460N (refer to the Quick Start Guide). Launch your web browser. Type "http://192.168.1.1" as the website address.
  • Page 32 • In Router Mode enable the DHCP Server. The NBG-460N assigns your computer an IP address on the same subnet. • In AP Mode, the NBG-460N does not assign an IP address to your computer, so you should check it’s in the same subnet. See Section 6.5 on page 88...

  • Page 33: Resetting The Nbg-460N

    If you forget your password or IP address, or you cannot access the Web Configurator, you will need to use the RESET button at the back of the NBG-460N to reload the factory-default configuration file. This means that you will lose all configurations that you had previously saved, the password will be reset to “1234”...

  • Page 34: The Status Screen In Router Mode

    Table 3 Status Screen Icon Key ICON DESCRIPTION Click this icon to open the setup wizard. Click this icon to view copyright and a link for related product information. Click this icon at any time to exit the Web Configurator. NBG-460N User’s Guide...
  • Page 35 This shows the current status of the Wireless LAN - On, Off or Off by scheduler. - Name (SSID) This shows a descriptive name used to identify the NBG-460N in the wireless LAN. - Channel This shows the channel number which you select manually.
  • Page 36 - CPU Usage This displays what percentage of the NBG-460N’s processing ability is currently used. When this percentage is close to 100%, the NBG-460N is running at full load, and the throughput is not going to improve anymore. If you want some applications to have more throughput, you should turn off other applications (for example, using bandwidth management.

  • Page 37: Navigation Panel

    Chapter 3 Introducing the Web Configurator 3.5.1 Navigation Panel Use the sub-menus on the navigation panel to configure NBG-460N features. The following table describes the sub-menus. Table 5 Screens Summary LINK FUNCTION Status This screen shows the NBG-460N’s general device, system and interface status information.
  • Page 38 Use this screen to enable UPnP on the NBG-460N. Maintenance System General Use this screen to view and change administrative settings such as system and domain names, password and inactivity timer. Time Use this screen to change your NBG-460N’s time and date. Setting NBG-460N User’s Guide...

  • Page 39: Summary: Any Ip Table

    This screen allows you to select the language you prefer. 3.5.2 Summary: Any IP Table This screen displays the IP address of each computer that is using the NBG-460N via the any IP feature. Any IP allows computers to access the Internet through the NBG-460N without changing their network settings when NAT is enabled.

  • Page 40: Summary: Dhcp Table

    TCP/IP configuration at start-up from a server. You can configure the NBG-460N’s LAN as a DHCP server or disable it. When configured as a server, the NBG-460N provides the TCP/IP configuration for the clients. If DHCP service is disabled, you must have another DHCP server on that network, or else the computer must be manually configured.

  • Page 41: Summary: Packet Statistics

    Table 7 Summary: Packet Statistics LABEL DESCRIPTION Port This is the NBG-460N’s port type. Status For the LAN ports, this displays the port speed and duplex setting or Down when the line is disconnected. For the WAN port, it displays the port speed and duplex setting if you’re using Ethernet encapsulation and Idle (line (ppp) idle), Dial...

  • Page 42: Summary: Vpn Monitor

    Up Time This is the total amount of time the line has been up. System Up Time This is the total time the NBG-460N has been on. Poll Interval(s) Enter the time interval for refreshing statistics in this field. Set Interval Click this button to apply the new poll interval you entered in the Poll Interval(s) field.

  • Page 43: Summary: Wireless Station Status

    3.5.7 Summary: Wireless Station Status Click the WLAN Station Status (Details...) hyperlink in the Status screen. View the wireless stations that are currently associated to the NBG-460N in the Association List. Association means that a wireless client (for example, your network or computer with a wireless network card) has connected successfully to the AP (or wireless router) using the same SSID, channel and security settings.
  • Page 44 Chapter 3 Introducing the Web Configurator NBG-460N User’s Guide...

  • Page 45: Connection Wizard

    Start Guide to know what to enter in each field. Leave a field blank if you don’t have that information. After you access the NBG-460N Web Configurator, click the Go to Wizard setup hyperlink. You can click the Go to Basic setup or Go to Advanced setup hyperlink to skip this wizard setup and configure basic or advanced features accordingly.

  • Page 46: Connection Wizard: Step 1: System Information

    • In Windows 2000, click Start, Settings and Control Panel and then double- click System. Click the Network Identification tab and then the Properties button. Note the entry for the Computer name field and enter it as the System Name. NBG-460N User’s Guide...

  • Page 47: Domain Name

    LABEL DESCRIPTION System System Name is a unique name to identify the NBG-460N in an Ethernet Name network. Enter a descriptive name. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes "-" and underscores "_"...

  • Page 48: Connection Wizard: Step 2: Wireless Lan

    Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the (SSID) wireless LAN. If you change this field on the NBG-460N, make sure all wireless stations use the same SSID in order to access the network. Security Select a Security level from the drop-down list box.

  • Page 49: Basic (Wep) Security

    Exit Click Exit to close the wizard screen without saving. Note: The wireless stations and NBG-460N must use the same SSID, channel ID and WEP encryption (if WEP is enabled), WPA-PSK (if WPA-PSK is enabled) or WPA2-PSK (if WPA2-PSK is enabled) keys for wireless communication.

  • Page 50: Extend (Wpa-Psk Or Wpa2-Psk) Security

    The preceding “0x” is entered automatically. Key 1 to Key The WEP keys are used to encrypt data. Both the NBG-460N and the wireless stations must use the same WEP key for data transmission. If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F").

  • Page 51: Connection Wizard: Step 3: Internet Configuration

    4.4 Connection Wizard: STEP 3: Internet Configuration The NBG-460N offers three Internet connection types. They are Ethernet, PPP over Ethernet or PPTP. The wizard attempts to detect which WAN connection type you are using. If the wizard does not detect a connection type, you must select one from the drop-down list box.

  • Page 52: Ethernet Connection

    IP services for specific users. Operationally, PPPoE saves significant effort for both the subscriber and the ISP/ carrier, as it requires no specific configuration of the broadband modem at the subscriber’s site. NBG-460N User’s Guide...

  • Page 53: Pptp Connection

    By implementing PPPoE directly on the NBG-460N (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the NBG-460N does that part of the task. Furthermore, with NAT, all of the LAN's computers will have Internet access.
  • Page 54 Select this radio button if your ISP did not assign you a fixed IP automatically address. from ISP Use fixed IP Select this radio button, provided by your ISP to give the NBG-460N a address fixed, unique IP address. My IP Type the (static) IP address assigned to you by your ISP.

  • Page 55: Your Ip Address

    4.4.4 Your IP Address The following wizard screen allows you to assign a fixed IP address or give the NBG-460N an automatically assigned IP address depending on your ISP. Figure 25 Wizard Step 3: Your IP Address The following table describes the labels in this screen...

  • Page 56: Ip Address And Subnet Mask

    Once you have decided on the network number, pick an IP address that is easy to remember, for instance, 192.168.1.1, for your NBG-460N, but make sure that no other device on your network is using that IP address.

  • Page 57: Dns Server Address Assignment

    204.217.0.2. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. The NBG-460N can get the DNS server addresses in the following ways. The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign up.

  • Page 58: Wan Mac Address

    The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. The NBG-460N uses a system DNS server (in the order you specify here) to resolve domain names for DDNS and the time server.

  • Page 59: Connection Wizard: Step 4: Bandwidth Management

    Click Exit to close the wizard screen without saving. 4.5 Connection Wizard: STEP 4: Bandwidth management Bandwidth management allows you to control the amount of bandwidth going out through the NBG-460N’s WAN, LAN or WLAN port and prioritize the distribution of NBG-460N User’s Guide...

  • Page 60: Connection Wizard Complete

    Table 22 Wizard Step 4: Bandwidth Management LABEL DESCRIPTION Enable BM for all Select the check box to have the NBG-460N apply bandwidth traffic automatically management to traffic going out through the NBG-460N’s WAN, LAN, HomePlug AV or WLAN port. Bandwidth is allocated according to the traffic type automatically.
  • Page 61 Chapter 4 Connection Wizard Follow the on-screen instructions and click Finish to complete the wizard setup. Figure 30 Connection Wizard Complete Well done! You have successfully set up your NBG-460N to operate on your network and access the Internet. NBG-460N User’s Guide...
  • Page 62 Chapter 4 Connection Wizard NBG-460N User’s Guide...

  • Page 63: Tutorials

    NBG-460N and Wireless Client This section gives you an example of how to set up wireless network using WPS. This example uses the NBG-460N as the AP and NWD210N as the wireless client which connects to a notebook. Note: The wireless client must be a WPS-aware device (for example, a WPS USB adapter or PCI card).

  • Page 64: Push Button Configuration

    5.2.1.1 Push Button Configuration Make sure that your NBG-460N is turned on and that it is within range of your computer. Make sure that you have installed the wireless client (this example uses the NWD210N) driver and utility in your notebook.

  • Page 65: Pin Configuration

    SECURITY INFO COMMUNICATION 5.2.1.2 PIN Configuration When you use the PIN configuration method, you need to use both NBG-460N’s configuration interface and the client’s utilities. Launch your wireless client’s configuration utility. Go to the WPS settings and select the PIN method to get a PIN number.
  • Page 66 Chapter 5 Tutorials The following figure shows you the example to set up wireless network and security on NBG-460N and wireless client (ex. NWD210N in this example) by using PIN method. Figure 33 Example WPS Process: PIN Method Wireless Client...

  • Page 67: Enable And Configure Wireless Security Without Wps On Your Nbg-460N

    WPA-PSK (Pre-Shared Key: ThisismyWPA-PSKpre-sharedkey) Follow the steps below to configure the wireless settings on your NBG-460N. The instructions require that your hardware is connected (see the Quick Start Guide) and you are logged into the Web Configurator through your LAN connection (see Section 3.2 on page...

  • Page 68: Configure Your Notebook

    Note: We use the ZyXEL M-302 wireless adapter utility screens as an example for the wireless client. The screens may vary for different models. The NBG-460N supports IEEE 802.11b, IEEE 802.11g and IEEE 802.11n wireless clients. Make sure that your notebook or computer’s wireless adapter supports one of these standards.
  • Page 69 Figure 36 Connecting a Wireless Client to a Wireless Network Select WPA-PSK and type the security key in the following screen. Click Next. Figure 37 Security Settings The Confirm Save window appears. Check your settings and click Save to continue. Figure 38 Confirm Save NBG-460N User’s Guide...

  • Page 70: Site-To-Site Vpn Tunnel Tutorial

    5.3 Site-To-Site VPN Tunnel Tutorial Bob and Jack want to setup a VPN connection between their offices. Bob and Jack each have a NBG-460N router and a static WAN IP address. This tutorial covers how to configure their NBG-460Ns to create a secure connection.

  • Page 71: Configuring Bob's Nbg-460N Vpn Settings

    5.3.1 Configuring Bob’s NBG-460N VPN Settings To configure these settings Bob uses the NBG-460N Web Configurator. Log into the NBG-460N Web Configurator and click VPN > Modify icon. This displays the VPN Rule Setup (basic) screen. Select the Active checkbox to enable the VPN rule after it has been created. Make sure IKE is selected as the IPSec Keying Mode.
  • Page 72 IP address. Select IP as the Local ID Type. This is the type of content that will be used to identify Bob’s NBG-460N. Enter the IP address “1.1.1.1” in the Local Content text box. This identifies Bob’s NBG-460N to Jack’s NBG-460N.

  • Page 73: Configuring Jack's Nbg-460N Vpn Settings

    5.3.2 Configuring Jack’s NBG-460N VPN Settings To configure these settings Jack uses the NBG-460N Web Configurator. Log into the NBG-460N Web Configurator and click VPN > Modify icon. This displays the VPN Rule Setup (basic) screen. Select the Active checkbox to enable the VPN rule after it has been created. Make sure IKE is selected as the IPSec Keying Mode.
  • Page 74 IP address. Select IP as the Local ID Type. This is the type of content that will be used to identify Jack’s NBG-460N. Enter the IP address “2.2.2.2” in the Local Content text box. This identifies Jack’s NBG-460N to Bob’s NBG-460N.

  • Page 75: Checking The Vpn Connection

    5.3.3 Checking the VPN Connection Check if the VPN connection is working by pinging the computer on the other side of the VPN connection. In the example below Bob is pinging Jack’s computer. Figure 53 Pinging Jack’s Local IP Address NBG-460N User’s Guide...

  • Page 76: Bandwidth Management For Your Network

    5.4 Bandwidth Management for your Network This section shows you how to configure the bandwidth management feature on the NBG-460N to limit the bandwidth for specific kinds of outgoing traffic. ZyXEL's bandwidth management feature allows you to specify bandwidth management rules based on an application or subnet.

  • Page 77: Configuring Bandwidth Management By Custom Application

    Low. Note: You can also leave the Enable field blank for the rest of the applications. In doing so, the NBG-460N does not apply bandwidth management to these services. 5.4.2 Configuring Bandwidth Management by Custom...

  • Page 78: Configuring Bandwidth Allocation By Ip Or Ip Range

    TCP or UDP 554 VDO LIVE TCP 7000 TCP 20 ~ 21 Click the Edit icon in Management > Bandwidth MGMT > Advanced to open the following screen. The following screen appears. Figure 57 Tutorial: Bandwidth Allocation Example NBG-460N User’s Guide...
  • Page 79 Note: The Policy column displays either Max (maximum) or Min (minimum). This is directly directed to the value in the Rate column. For example, you selected Min and entered 30M as the rate for the VoIP service. The NBG-460N allocates at least 30 megabytes for the VoIP service.
  • Page 80 Chapter 5 Tutorials NBG-460N User’s Guide...

  • Page 81: Ap Mode

    AP mode. Use your NBG-460N as an AP if you already have a router or gateway on your network. In this mode your device bridges a wired network (LAN) and wireless LAN (WLAN) in the same subnet.

  • Page 82: The Status Screen

    Chapter 6 AP Mode To set your NBG-460N to AP Mode, go to Maintenance > Sys OP Mode > General and select Access Point. Figure 60 Maintenance > Sys OP Mode > General A pop-up appears providing information on this mode. Click OK in the pop-up message window.
  • Page 83 System Status System Uptime This is the total time that the NBG-460N has been turned on. Current Date/Time This field displays the date and time on which your NBG-460N is basing its schedules. System Resource - CPU Usage This displays what percentage of the NBG-460N’s processing ability is currently used.

  • Page 84: Navigation Panel

    Use this screen to view the wireless stations that are currently associated to the NBG-460N. 6.3.1 Navigation Panel Use the menu in the navigation panel to configure NBG-460N features in AP Mode. The following screen and table show the features you can configure in AP Mode.
  • Page 85 Wireless General Use this screen to configure wireless LAN. MAC Filter Use the MAC filter screen to configure the NBG-460N to block access to devices or block the devices from accessing the NBG-460N. Advanced This screen allows you to configure advanced wireless settings.

  • Page 86: Configuring Your Settings

    Use this section to configure your LAN settings while in AP Mode. Click Network > LAN to see the screen below. Note: If you change the IP address of the NBG-460N in the screen below, you will need to log into the NBG-460N again using the new IP address.

  • Page 87: Wlan And Maintenance Settings

    LABEL DESCRIPTION Get from Select this option to allow the NBG-460N to obtain an IP address from a DHCP Server DHCP server on the network. You must connect the WAN port to a device with a DHCP server enabled (such as a router or gateway). Without a DHCP server the NBG-460N will have no IP address.

  • Page 88: Logging In To The Web Configurator In Ap Mode

    6.5 Logging in to the Web Configurator in AP Mode Connect your computer to the LAN port of the NBG-460N. The default IP address if the NBG-460N is “192.168.1.1”. In this case, your computer must have an IP address in the range between “192.168.1.2” and “192.168.1.255”.

  • Page 89: Network

    Network Wireless LAN (91) WAN (123) LAN (139) DHCP (147) Network Address Translation (NAT) (153) Dynamic DNS (163)

  • Page 91: Wireless Lan

    Wireless LAN 7.1 Overview This chapter discusses how to configure the wireless network settings in your NBG-460N. See the appendices for more detailed information about wireless networks. The following figure provides an example of a wireless network. Figure 64 Example of a Wireless Network The wireless network is the part in the blue circle.

  • Page 92: What You Can Do

    • Use the MAC Filter screen (Section 7.5 on page 103) to allow or deny wireless stations based on their MAC addresses from connecting to the NBG-460N. • Use the Advanced screen (Section 7.6 on page 105) to enable roaming, allow intra-BSS networking and set the RTS/CTS Threshold.

  • Page 93: Mac Address Filter

    Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks. These kinds of wireless devices might not have MAC addresses. Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F. NBG-460N User’s Guide...
  • Page 94 When you select WPA2 or WPA2-PSK in your NBG-460N, you can also select an option (WPA Compatible) to support WPA as well. In this case, if some wireless...

  • Page 95: General Wireless Lan Screen

    Use this screen to enable the Wireless LAN, enter the SSID and select the wireless security mode. Note: If you are configuring the NBG-460N from a computer connected to the wireless LAN and you change the NBG-460N’s SSID, channel or security settings, you will lose your wireless connection when you press Apply to confirm.

  • Page 96: No Security

    Operating This displays the channel the NBG-460N is currently using. Channel Channel Select whether the NBG-460N uses a wireless channel width of 20 or 40 Width MHz. A standard 20 MHz channel offers transfer speeds of up to 150Mbps whereas a 40MHz channel uses two standard channels and offers speeds of up to 300 Mbps.

  • Page 97: Wep Encryption

    Chapter 7 Wireless LAN Note: If you do not enable any wireless security on your NBG-460N, your network is accessible to any wireless networking device that is within range. Figure 66 Network > Wireless LAN > General: No Security The following table describes the labels in this screen.
  • Page 98 Passphrase Enter a passphrase (password phrase) of up to 64 printable characters and click Generate. The NBG-460N automatically generates four different WEP keys and displays them in the Key fields below. Select 64-bit WEP or 128-bit WEP to enable data encryption.
  • Page 99 Key 1 to Key The WEP keys are used to encrypt data. Both the NBG-460N and the wireless stations must use the same WEP key for data transmission. If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F").

  • Page 100: Wpa-Psk/Wpa2-Psk

    Compatible in the Security Mode field. Select the check box to have both WPA2 and WPA wireless clients be able to communicate with the NBG-460N even when the NBG-460N is using WPA2-PSK or WPA2. Pre-Shared Key The encryption mechanisms used for WPA/WPA2 and WPA-PSK/ WPA2-PSK are the same.

  • Page 101: Wpa/Wpa2

    WLAN on a periodic basis. Setting of the Group Key Update Timer is also supported in WPA-PSK/WPA2-PSK mode. The default is 1800 seconds (30 minutes). Apply Click Apply to save your changes back to the NBG-460N. Reset Click Reset to reload the previous configuration for this screen. 7.4.4 WPA/WPA2 Click Network >...
  • Page 102 This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field. Select the check box to have both WPA2 and WPA wireless clients be able to communicate with the NBG-460N even when the NBG-460N is using WPA2-PSK or WPA2. ReAuthentication...

  • Page 103: Mac Filter Screen

    Click Reset to reload the previous configuration for this screen. 7.5 MAC Filter Screen The MAC filter screen allows you to configure the NBG-460N to give exclusive access to up to 32 devices (Allow) or exclude up to 32 devices from accessing the NBG-460N (Deny).
  • Page 104 Define the filter action for the list of MAC addresses in the MAC Address table. Select Deny to block access to the NBG-460N, MAC addresses not listed will be allowed to access the NBG-460N Select Allow to permit access to the NBG-460N, MAC addresses not listed will be denied access to the NBG-460N.

  • Page 105: Wireless Lan Advanced Screen

    A and B can still access the wired network but cannot communicate with each other. Apply Click Apply to save your changes back to the NBG-460N. Reset Click Reset to reload the previous configuration for this screen. 7.7 Quality of Service (QoS) Screen The QoS screen allows you to automatically give a service (such as e-mail, VoIP or FTP) a priority level.
  • Page 106 WMM QoS Policy Select Default to have the NBG-460N automatically give a service a priority level according to the ToS value in the IP header of packets it sends. WMM QoS (Wifi MultiMedia Quality of Service) gives high priority to voice and video, which makes them run more smoothly.

  • Page 107: Application Priority Configuration

    Configuration screen. Click the Remove icon to delete an application entry. Apply Click Apply to save your changes to the NBG-460N. 7.7.1 Application Priority Configuration Use this screen to edit a WMM QoS application entry. Click the edit icon under Modify.
  • Page 108 Priority Select a priority from the drop-down list box. Apply Click Apply to save your changes back to the NBG-460N. Cancel Click Cancel to return to the previous screen. NBG-460N User’s Guide...

  • Page 109: Wps Screen

    This displays Unconfigured if WPS is disabled and there are no wireless or wireless security changes on the NBG-460N or you click Release_Configuration to remove the configured wireless and wireless security settings.

  • Page 110: Wps Station Screen

    Then click Start to associate to each other and perform the wireless security information synchronization. 7.10 Scheduling Screen Use this screen to set the times your wireless LAN is turned on and off. Wireless LAN scheduling is disabled by default. The wireless LAN can be scheduled to turn NBG-460N User’s Guide...
  • Page 111 Note: Entering the same begin time and end time will mean the whole day. Apply Click Apply to save your changes back to the NBG-460N. Reset Click Reset to reload the previous configuration for this screen. NBG-460N User’s Guide...

  • Page 112: Technical Reference

    APs when a wireless station moves between coverage areas. Wireless stations can still associate with other APs even if you disable roaming. Enabling roaming ensures correct traffic forwarding (bridge tables are updated) and maximum AP efficiency. The AP deletes records of wireless stations that associate NBG-460N User’s Guide...

  • Page 113: Requirements For Roaming

    If IEEE 802.1x user authentication is enabled and to be done locally on the access point, the new access point must have the user profile for the wireless station. The adjacent access points should use different radio channels when their coverage areas overlap. NBG-460N User’s Guide...

  • Page 114: Quality Of Service

    The NBG-460N uses WMM QoS to prioritize traffic streams according to the IEEE 802.1q tag or DSCP information in each packet’s header. The NBG-460N automatically determines the priority to use for an individual traffic stream.

  • Page 115: Wifi Protected Setup

    To connect wirelessly to the iPod Touch Web Configurator with your iPod Touch follow the steps below: Make sure the Wireless LAN on the NBG-460N is enabled and that you know the security settings (if any). To do this check the Wireless LAN > General screen in the Web Configurator from your computer.

  • Page 116: Login Screen

    Chapter 7 Wireless LAN 7.12.2 Login Screen After accessing the NBG-460N’s IP address in the iPod Touch web browser the screen below will display. Note: You cannot change your password in the iPod Touch Web Configurator. To change your password log into the Web Configurator using your computer.
  • Page 117 Chapter 7 Wireless LAN If WPS has not been configured previously the iPod Touch will lose it’s wireless connection to the NBG-460N after the NBG-460N has connected to another device using WPS through the iPod Touch Web Configurator. To reconnect to the wireless...
  • Page 118 Table 43 System Status screen LABEL DESCRIPTION IP Address This field displays the NBG-460N’s WAN IP address. If this field displays “-” it means the WAN is not connected. Try pressing Reconnect if your WAN connection is not working. Reconnect Press Reconnect to renew your NBG-460N’s WAN connection.

  • Page 119: Wps In Progress

    Web Configurator from your computer. See Section 11.5 on page 159 for more information on configuring port forwarding rules. Note: To go back to the System Status screen press the ZyXEL logo at the top of the page. NBG-460N User’s Guide...
  • Page 120 Status Use this column to manage the status of the rules. Press the left side of the button to turn the rule ON and press the right side of the button to turn the rule OFF. NBG-460N User’s Guide...

  • Page 121: Accessing The Ipod Touch Web Configurator

    Launch the iPod Touch’s web browser from the main screen. The default web browser is Safari. Enter the IP address of the NBG-460N into the address bar and go to that address. The default IP address for the NBG-460N is 192.168.1.1.
  • Page 122 If you wish to login automatically in the future make sure the Auto Login checkbox is selected. Enter your password and press login. The default password for the NBG-460N is “1234”. The System Status screen will display after successfully logging in.

  • Page 123: Wan

    H A P T E R 8.1 Overview This chapter discusses the NBG-460N’s WAN screens. Use these screens to configure your NBG-460N for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations.

  • Page 124: What You Need To Know

    (and service name) for user authentication. WAN IP Address The WAN IP address is an IP address for the NBG-460N, which makes it accessible from an outside network. It is used by the NBG-460N to communicate with other devices in other networks. It can be static (fixed) or dynamically assigned by the ISP each time the NBG-460N tries to access the Internet.

  • Page 125: Multicast

    IPTV STB port (see Section 8.3.3 on page 126). At start up, the NBG-460N queries all directly connected networks to gather group membership. After that, the NBG-460N periodically updates this information. IP multicasting can be enabled/disabled on the NBG-460N LAN and/or WAN interfaces in the Web Configurator.

  • Page 126: Iptv Stb Port

    WAN. 8.3.3.1 LAN and WAN Overview In the rear panel of your NBG-460N, you can see four LAN ports (LAN 1 to LAN 4) and one WAN port as in the figure below. Figure 85 Rear view of NBG-460N 1.1.1.20...
  • Page 127 (that you subscribed to) goes directly to the STB without being routed to the LAN. Figure 87 LAN 3 and LAN 4 as IPTV STB Ports LAN 1 LAN 2 STB 2 192.168.1.20 STB 1 TV 2 TV 1 1.1.1.20 NBG-460N User’s Guide...

  • Page 128: Netbios Over Tcp/Ip

    WAN in order to find a computer on the WAN. 8.3.5 Auto-Bridge In the rear panel of your NBG-460N, you can see four LAN ports (1 to 4) and one WAN port. The WAN port is for your Internet access connection, and the LAN ports are for your network devices.

  • Page 129: Internet Connection

    8.4 Internet Connection Use this screen to change your NBG-460N’s Internet access settings. Click Network > WAN. The screen differs according to the encapsulation you choose. 8.4.1 Ethernet Encapsulation This screen displays when you select Ethernet encapsulation.
  • Page 130 DNS Servers First DNS Select From ISP if your ISP dynamically assigns DNS server Server information (and the NBG-460N's WAN IP address). The field to the right displays the (read-only) DNS server IP address that the ISP Second DNS assigns.

  • Page 131: Pppoe Encapsulation

    By implementing PPPoE directly on the NBG-460N (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the NBG-460N does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access.
  • Page 132 Encapsulation The PPP over Ethernet choice is for a dial-up connection using PPPoE. The NBG-460N supports PPPoE (Point-to-Point Protocol over Ethernet). PPPoE is an IETF Draft standard (RFC 2516) specifying how a personal computer (PC) interacts with a broadband modem (i.e. xDSL, cable, wireless, etc.) connection.
  • Page 133 DNS Servers First DNS Select From ISP if your ISP dynamically assigns DNS server information Server (and the NBG-460N's WAN IP address). The field to the right displays the (read-only) DNS server IP address that the ISP assigns. Second DNS Server Select User-Defined if you have the IP address of a DNS server.

  • Page 134: Pptp Encapsulation

    Network (VPN) using TCP/IP-based networks. PPTP supports on-demand, multi-protocol and virtual private networking over public networks, such as the Internet. This screen displays when you select PPTP encapsulation. Figure 91 Network > WAN > Internet Connection: PPTP Encapsulation NBG-460N User’s Guide...
  • Page 135 PPTP supports on-demand, multi-protocol, and virtual private networking over public networks, such as the Internet. The NBG-460N supports only one PPTP server connection at any given time. To configure a PPTP client, you must configure the User Name and Password fields for a PPP connection and the PPTP parameters for a PPTP connection.

  • Page 136: Advanced Wan Screen

    DESCRIPTION First DNS Server Select From ISP if your ISP dynamically assigns DNS server information (and the NBG-460N's WAN IP address). The field to the Second DNS Server right displays the (read-only) DNS server IP address that the ISP assigns.
  • Page 137 Chapter 8 WAN To change your NBG-460N’s advanced WAN settings, click Network > WAN > Advanced. The screen appears as shown. Figure 92 Network > WAN > Advanced The following table describes the labels in this screen. Table 48 Network > WAN > Advanced...

  • Page 138: Technical Reference

    NBG-460N gets a WAN IP address that is not in the 192.168.x.y range. Clear this check box if you are playing IPTV as the NBG-460N needs to be in Router Mode for the IPTV STB port to work.

  • Page 139: Lan

    140) to change your basic LAN settings. • Use the IP Alias screen (Section 9.5 on page 141) to change your IP alias settings. • Use the Advanced screen (Section 9.6 on page 142) to change your advanced IP settings. NBG-460N User’s Guide...

  • Page 140: What You Need To Know

    Chapter 9 LAN 9.3 What You Need To Know The LAN parameters of the NBG-460N are preset in the factory with the following values: • IP address of 192.168.1.1 with subnet mask of 255.255.255.0 (24 bits) • DHCP server enabled with 32 client IP addresses starting from 192.168.1.33.

  • Page 141: Lan Ip Alias

    Ethernet interface with the NBG-460N itself as the gateway for each LAN network. To change your NBG-460N’s IP alias settings, click Network > LAN > IP Alias. The screen appears as shown. Figure 95 Network > LAN > IP Alias...

  • Page 142: Advanced Lan Screen

    Reset Click Reset to begin configuring this screen afresh. 9.6 Advanced LAN Screen To change your NBG-460N’s advanced IP settings, click Network > LAN > Advanced. The screen appears as shown. Figure 96 Network > LAN > Advanced The following table describes the labels in this screen.

  • Page 143: Technical Reference

    Multicast. 9.7.1 LANs, WANs and the ZyXEL Device The actual physical connection determines whether the NBG-460N ports are LAN or WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next.

  • Page 144: Any Ip

    Traditionally, you must set the IP addresses and the subnet masks of a computer and the NBG-460N to be in the same subnet to allow the computer to access the Internet (through the NBG-460N). In cases where your computer is required to...
  • Page 145 IP routing table so it can properly forward packets intended for the computer. After all the routing information is updated, the computer can access the NBG- 460N and the Internet as if it is in the same subnet as the NBG-460N. NBG-460N User’s Guide...
  • Page 146 Chapter 9 LAN NBG-460N User’s Guide...

  • Page 147: Dhcp

    TCP/IP configuration at start-up from a server. You can configure the NBG-460N’s LAN as a DHCP server or disable it. When configured as a server, the NBG-460N provides the TCP/IP configuration for the clients. If DHCP service is disabled, you must have another DHCP server on your LAN, or else the computer must be manually configured.

  • Page 148: Dhcp General Screen

    This screen allows you to assign IP addresses on the LAN to specific individual computers based on their MAC addresses. You can also use this screen to configure the DNS server information that the NBG-460N sends to the DHCP clients.
  • Page 149 Chapter 10 DHCP To change your NBG-460N’s static DHCP settings, click Network > DHCP > Advanced. The following screen displays. Figure 100 Network > DHCP > Advanced The following table describes the labels in this screen. Table 53 Network > DHCP > Advanced...

  • Page 150: Client List Screen

    User-Defined, and enter the same IP address, the second User- Defined changes to None after you click Apply. Select DNS Relay to have the NBG-460N act as a DNS proxy. The NBG-460N's LAN IP address displays in the field to the right (read- only).
  • Page 151 After you click Apply, the MAC address and IP address also display in the Advanced screen (where you can edit them). Apply Click Apply to save your settings. Refresh Click Refresh to reload the DHCP table. NBG-460N User’s Guide...
  • Page 152 Chapter 10 DHCP NBG-460N User’s Guide...

  • Page 153: Network Address Translation (Nat)

    (NAT) 11.1 Overview This chapter discusses how to configure NAT on the NBG-460N. NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet. For example, the source address of an outgoing packet, used within one network is changed to a different IP address known within another network.

  • Page 154: What You Can Do

    Chapter 11 Network Address Translation (NAT) Note: You must create a firewall rule in addition to setting up NAT, to allow traffic from the WAN to be forwarded through the NBG-460N. 11.2 What You Can Do • Use the General screen (Section 11.3 on page...

  • Page 155: Nat Application Screen

    A default server receives packets from ports that are not specified in the Application screen. If you do not assign a Default Server IP address, the NBG-460N discards all packets received for ports that are not specified in the Application screen or remote management.
  • Page 156 Application. The screen appears as shown. Note: If you do not assign a Default Server IP address in the NAT > General screen, the NBG-460N discards all packets received for ports that are not specified in this screen or remote management.
  • Page 157 This field displays No when Wake On LAN is disabled and Yes when Wake On LAN is enabled. Modify Click the Edit icon to display and modify an existing rule setting in the fields under Add Application Rule. Click the Remove icon to delete a rule. NBG-460N User’s Guide...

  • Page 158: Game List Example

    Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example). You assign the LAN IP NBG-460N User’s Guide...

  • Page 159: Nat Advanced Screen

    (a "trigger" port). When the NBG-460N's WAN port receives a response with a specific port number and protocol ("incoming" port), the NBG-460N forwards the traffic to the LAN IP address of the computer that sent the request. After that computer’s connection for that service closes, another computer on the LAN can use the service in the same manner.
  • Page 160 Each NAT session establishes a corresponding firewall session. Use this field to limit the number of NAT/firewall sessions each client computer can establish through the NBG-460N. If your network has a small number of clients using peer to peer applications, you can raise this number to ensure that their performance is not degraded by the number of NAT sessions they can establish.

  • Page 161: Trigger Port Forwarding Example

    Figure 108 Trigger Port Forwarding Process: Example Jane requests a file from the Real Audio server (port 7070). Port 7070 is a “trigger” port and causes the NBG-460N to record Jane’s computer IP address. The NBG-460N associates Jane's computer IP address with the "incoming"...

  • Page 162: Two Points To Remember About Trigger Ports

    Chapter 11 Network Address Translation (NAT) Only Jane can connect to the Real Audio server until the connection is closed or times out. The NBG-460N times out in three minutes with UDP (User Datagram Protocol), or two hours with TCP/IP (Transfer Control Protocol/Internet Protocol).

  • Page 163: Dynamic Dns

    Use the Dynamic DNS screen (Section 12.4 on page 164) to enable DDNS and configure the DDNS settings on the NBG-460N. 12.3 What You Need To Know Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU- SeeMe, etc.).

  • Page 164: Dynamic Dns Screen

    12.4 Dynamic DNS Screen Use this screen to enable DDNS and configure the DDNS settings on the NBG- 460N. To change your NBG-460N’s DDNS, click Network > DDNS. The screen appears as shown. Figure 109 Network > Dynamic DNS The following table describes the labels in this screen.
  • Page 165 Type the IP address of the host name(s). Use this if you have a Address static IP address. Apply Click Apply to save your changes back to the NBG-460N. Reset Click Reset to begin configuring this screen afresh. NBG-460N User’s Guide...
  • Page 166 Chapter 12 Dynamic DNS NBG-460N User’s Guide...

  • Page 167: Security

    Security Firewall (169) Content Filtering (179) IPSec VPN (185)

  • Page 169: Firewall

    13.1 Overview Use the screens in this chapter to enable and configure the firewall that protects your NBG-460N and your LAN from unwanted or malicious traffic. Enable the firewall to protect your LAN computers from attacks by hackers on the Internet and control access between the LAN and WAN.

  • Page 170: What You Need To Know

    (click the General tab under Firewall and then click the Enable Firewall check box). The NBG-460N's purpose is to allow a private Local Area Network (LAN) to be securely connected to the Internet. The NBG-460N can be used to prevent theft, destruction and modification of data, as well as log events, which may be important to the security of your network.

  • Page 171: Triangle Routes And Ip Alias

    (not reset the connection). Allowing asymmetrical routes may let traffic from the WAN go directly to the LAN without passing through the NBG-460N. A better solution is to use IP alias to put the NBG-460N and the backup gateway on separate subnets.

  • Page 172: General Firewall Screen

    Chapter 13 Firewall 13.4 General Firewall Screen Use this screen to enable or disable the NBG-460N’s firewall, and set up firewall logs. Click Security > Firewall to open the General screen. Figure 112 Security > Firewall > General The following table describes the labels in this screen.
  • Page 173 TCP/IP software and directly apparent to the application user. Respond to Ping The NBG-460N will not respond to any incoming Ping requests when Disable is selected. Select LAN to reply to incoming LAN Ping requests. Select WAN to reply to incoming WAN Ping requests.
  • Page 174 Move button. Misc setting Bypass Triangle Select this check box to have the NBG-460N firewall ignore the use of Route triangle route topology on the network. Max NAT/...

  • Page 175: The Add Firewall Rule Screen

    Enter the single IP address here. This field is only available when Single IP is selected as the Address Type. Start IP Enter the starting IP address in a range here. This field is only available Address when IP Range is selected as the Address Type. NBG-460N User’s Guide...
  • Page 176 Access Control logs category to have the NBG- this rule) 460N record these logs. Misc setting Bypass Triangle Select this check box to have the NBG-460N firewall ignore the use of Route triangle route topology on the network. NBG-460N User’s Guide...
  • Page 177 Per User Apply Click Apply to save the settings. Reset Click Reset to start configuring this screen again. Cancel Click Cancel to return to the Services screen without saving any changes. NBG-460N User’s Guide...
  • Page 178 Chapter 13 Firewall NBG-460N User’s Guide...

  • Page 179: Content Filtering

    • Use the Schedule screen (Section 14.5 on page 183) to set the day(s) and time you want the NBG-460N to use content filtering. 14.3 What You Need To Know Content filtering allows you to block certain web features, such as cookies, and/or block access to specific web sites.
  • Page 180 URL www.zyxel.com.tw/news/pressroom.php, the file path is news/pressroom.php. Since the NBG-460N checks the URL’s domain name (or IP address) and file path separately, it will not find items that go across the two. For example, with the URL www.zyxel.com.tw/news/pressroom.php, the NBG-460N would find “tw”...

  • Page 181: Filter Screen

    Java A programming language and development environment for building downloadable Web components or Internet and intranet business applications of all kinds. NBG-460N User’s Guide...
  • Page 182 WAN it is possible for LAN users to circumvent content filtering by pointing to this proxy server. Keyword Blocking Enable URL The NBG-460N can block Web sites with URLs that contain certain Keyword keywords in the domain name or IP address. For example, if the Blocking keyword "bad"...

  • Page 183: Schedule Screen

    Chapter 14 Content Filtering 14.5 Schedule Screen Use this screen to set the day(s) and time you want the NBG-460N to use content filtering. Click Security > Content Filter > Schedule. The following screen displays. Figure 116 Security > Content Filter > Schedule The following table describes the labels in this screen.

  • Page 184: Customizing Keyword Blocking Url Checking

    (or not extend) the keyword blocking search to include the URL's full path. File Name URL Checking Filename URL checking has the NBG-460N check all of the characters in the URL. For example, filename URL checking searches for keywords within the URL www.zyxel.com.tw/news/pressroom.php.

  • Page 185: Ipsec Vpn

    The following figure provides one perspective of a VPN tunnel. Figure 117 IPSec VPN: Overview The VPN tunnel connects the NBG-460N (X) and the remote IPSec router (Y). These routers then connect the local network (A) and remote network (B).

  • Page 186: What You Need To Know

    The first phase establishes an Internet Key Exchange (IKE) SA between the NBG- 460N and remote IPSec router. The second phase uses the IKE SA to securely establish an IPSec SA through which the NBG-460N and remote IPSec router can send data between computers on the local network and remote network. The following figure illustrates this.

  • Page 187: Ipsec Sa (Ike Phase 2) Overview

    IP Addresses of the NBG-460N and Remote IPSec Router In the NBG-460N, you have to specify the IP addresses of the NBG-460N and the remote IPSec router to establish an IKE SA.

  • Page 188: The General Screen

    This displays the beginning and ending (static) IP addresses or a (static) IP address and a subnet mask of computer(s) on your local network behind your NBG-460N. Remote Addr. This displays the beginning and ending (static) IP addresses or a (static) IP address and a subnet mask of computer(s) on the remote network behind the remote IPSec router.

  • Page 189: Vpn Rule Setup (Basic)

    Traffic Through IPSec Tunnel Apply Click Apply to save your changes back to the NBG-460N. Reset Click Reset to begin configuring this screen afresh. 15.4.1 VPN Rule Setup (Basic) Click the Edit icon in the General screen to display the Rule Setup screen.
  • Page 190 Select this check box to activate this VPN policy. Keep Alive Select this check box to have the NBG-460N automatically reinitiate the SA after the SA lifetime times out, even if there is no traffic. The remote IPSec router must also have keep alive enabled in order for this feature to work.
  • Page 191 NBG-460N. For a specific range of IP addresses, enter the beginning (static) IP address, in a range of computers on your LAN behind your NBG-460N. To specify IP addresses on a network by their subnet mask, enter a (static) IP address on the LAN behind your NBG-460N.
  • Page 192 IPSec router. Authentication Method My IP Address Enter the NBG-460N's static WAN IP address (if it has one) or leave the field set to 0.0.0.0. The NBG-460N uses its current WAN IP address (static or dynamic) in setting up the VPN tunnel if you leave this field as 0.0.0.0.
  • Page 193 For IP, type the IP address of the computer with which you will make the VPN connection. If you configure this field to 0.0.0.0 or leave it blank, the NBG-460N will use the address in the Secure Gateway Address field (refer to the Secure Gateway Address field description).

  • Page 194: Vpn Rule Setup (Advanced)

    DES - a 56-bit key with the DES encryption algorithm 3DES - a 168-bit key with the DES encryption algorithm The NBG-460N and the remote IPSec router must use the same algorithms and key , which can be used to encrypt and decrypt the message or to generate and verify a message authentication code.
  • Page 195 Chapter 15 IPSec VPN Use this screen to configure a VPN rule. Figure 122 Security > VPN > General > Rule Setup: IKE (Advanced) NBG-460N User’s Guide...
  • Page 196 IPSec VPN) address here. The NBG-460N assigns this additional DNS server to the NBG-460N's DHCP clients that have IP addresses in this IPSec rule's range of local addresses. A DNS server allows clients on the VPN to find other computers and servers on the VPN by their (private) domain names.
  • Page 197 When the local IP address is a range, enter the end (static) IP address, in a range of computers on the LAN behind your NBG-460N. When the local IP address is a subnet address, enter a subnet mask on the LAN behind your NBG-460N.
  • Page 198 Remote Port Start is left at 0, Remote Port End will also remain at Authentication Method My IP Address Enter the NBG-460N's static WAN IP address (if it has one) or leave the field set to 0.0.0.0. The NBG-460N uses its current WAN IP address (static or dynamic) in setting up the VPN tunnel if you leave this field as 0.0.0.0.
  • Page 199 For IP, type the IP address of the computer with which you will make the VPN connection. If you configure this field to 0.0.0.0 or leave it blank, the NBG-460N will use the address in the Secure Gateway Address field (refer to the Secure Gateway Address field description).
  • Page 200 DES - a 56-bit key with the DES encryption algorithm 3DES - a 168-bit key with the DES encryption algorithm The NBG-460N and the remote IPSec router must use the same algorithms and keys. Longer keys require more processing power, resulting in increased latency and decreased throughput.

  • Page 201: Ipsec Sa Using Manual Keys

    IPSec SA. In IPSec SAs using manual keys, the NBG-460N and remote IPSec router do not establish an IKE SA. They only establish an IPSec SA. As a result, an IPSec SA using manual keys has some characteristics of IKE SA and some characteristics of IPSec SA.
  • Page 202 Chapter 15 IPSec VPN 15.4.3.3 Authentication and the Security Parameter Index (SPI) For authentication, the NBG-460N and remote IPSec router use the SPI, instead of pre-shared keys, ID type and content. The SPI is an identification number. Note: The NBG-460N and remote IPSec router must use the same SPI.
  • Page 203 NBG-460N. For a specific range of IP addresses, enter the beginning (static) IP address, in a range of computers on your LAN behind your NBG-460N. To specify IP addresses on a network by their subnet mask, enter a (static) IP address on the LAN behind your NBG-460N.
  • Page 204 Remote Port Start is left at 0, Remote Port End will also remain at 0. My IP Address Enter the NBG-460N's static WAN IP address (if it has one) or leave the field set to 0.0.0.0. The NBG-460N uses its current WAN IP address (static or dynamic) in setting up the VPN tunnel if you leave this field as 0.0.0.0.

  • Page 205: The Sa Monitor Screen

    DES - a 56-bit key with the DES encryption algorithm 3DES - a 168-bit key with the DES encryption algorithm The NBG-460N and the remote IPSec router must use the same algorithms and keys. Longer keys require more processing power, resulting in increased latency and decreased throughput.

  • Page 206: Technical Reference

    NBG-460N. One of the NBG-460N’s ports must be part of the VPN rule’s local network. This can be the NBG-460N’s LAN port if you do not want to allow remote management on the WAN port. You also have to configure remote management (Management >...

  • Page 207: Ike Sa Proposal

    DH key group that the NBG-460N wants to use in the IKE SA. The remote IPSec router sends the accepted proposal back to the NBG-460N. If the remote IPSec router rejects the proposal (for example, if the VPN tunnel is not configured correctly), the NBG- 460N and remote IPSec router cannot establish an IKE SA.

  • Page 208: Diffie-Hellman (Dh) Key Exchange

    Chapter 15 IPSec VPN 15.6.3 Diffie-Hellman (DH) Key Exchange The NBG-460N and the remote IPSec router use a DH key exchange to establish a shared secret, which is used to generate encryption keys for IKE SA and IPSec SA. In main mode, the DH key exchange is done in steps 3 and 4, as illustrated below.

  • Page 209: Negotiation Mode

    IP address, domain name, or e-mail address that you enter does not have to actually exist. The NBG-460N and the remote IPSec router each has its own identity, so each one must store two sets of information, one for itself and one for the other router.

  • Page 210: Vpn, Nat, And Nat Traversal

    In contrast, aggressive mode only takes three steps to establish an IKE SA. Step 1: The NBG-460N sends its proposals to the remote IPSec router. It also starts the Diffie-Hellman key exchange and sends its (unencrypted) identity to the remote IPSec router for authentication.

  • Page 211: Ipsec Protocol

    VPN includes two IPSec protocols, AH (Authentication Header, RFC 2402) and ESP (Encapsulating Security Payload, RFC 2406). Note: The NBG-460N and remote IPSec router must use the same IPSec protocol. Usually, you should select ESP. AH does not support encryption, and ESP is more suitable with NAT.

  • Page 212: Ipsec Sa Proposal And Perfect Forward Secrecy

    As a result, if one encryption key is compromised, other encryption keys remain secure. If you do not enable PFS, the NBG-460N and remote IPSec router use the same root key that was generated when the IKE SA was established to generate encryption keys.
  • Page 213 Note: If the IKE SA times out while an IPSec SA is connected, the IPSec SA stays connected. An IPSec SA can be set to keep alive Normally, the NBG-460N drops the IPSec SA when the life time expires or after two minutes of outbound traffic with no inbound traffic.
  • Page 214 The following figure depicts an example where one VPN tunnel is created from an NBG-460N at branch office (B) to headquarters (HQ). In order to access computers that use private domain names on the HQ network, the NBG-460N at B uses the Intranet DNS server in headquarters.

  • Page 215: Management

    Management Static Route (217) Bandwidth Management (221) Remote Management (233) Universal Plug-and-Play (UPnP) (239)

  • Page 217: Static Route

    This chapter shows you how to configure static routes for your NBG-460N. The NBG-460N usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the NBG-460N send data to devices not reachable through the default gateway, use static routes.

  • Page 218: Ip Static Route Screen

    NBG-460N that will forward the packet to the destination. On the LAN, the gateway must be a router on the same segment as your NBG-460N; over the WAN, the gateway must be the IP address of one of the remote nodes.

  • Page 219: Static Route Setup Screen

    NBG-460N that will forward the packet to the destination. On the LAN, the gateway must be a router on the same segment as your NBG-460N; over the WAN, the gateway must be the IP address of one of the Remote Nodes.
  • Page 220 Table 72 Management > Static Route > IP Static Route: Static Route Setup LABEL DESCRIPTION Apply Click Apply to save your changes back to the NBG-460N. Cancel Click Cancel to return to the previous screen and not save your changes.

  • Page 221: Bandwidth Management

    224) to configure bandwidth managements rule for the pre-defined services and applications. • Use the Monitor screen (Section 17.6 on page 228) to view the amount of network bandwidth that applications running in the network are using. NBG-460N User’s Guide...

  • Page 222: What You Need To Know

    460N and be managed by bandwidth management. • The sum of the bandwidth allotments that apply to the WAN interface (LAN to WAN, WLAN to WAN, WAN to WAN/NBG-460N) must be less than or equal to the Upstream Bandwidth that you configure in the Bandwidth Management Advanced screen.
  • Page 223 Table 73 Management > Bandwidth MGMT > General LABEL DESCRIPTION Enable Select this to have the NBG-460N apply bandwidth management. Bandwidth Enable bandwidth management to give traffic that matches a Management bandwidth rule priority over traffic that does not match a bandwidth rule.

  • Page 224: Advanced Configuration

    You can also use this screen to configure bandwidth management rule for other services or applications that are not on the pre-defined list of NBG-460N. Additionally, you can define the source and destination IP addresses and port for a service or application.
  • Page 225 Use this table to allocate specific amounts of bandwidth based on the pre-defined service. This is the number of an individual bandwidth management rule. Enable Select this check box to have the NBG-460N apply this bandwidth management rule. Service This is the name of the service.

  • Page 226: Rule Configuration With The Pre-Defined Service

    This is the number of an individual bandwidth management rule. Enable Select this check box to have the NBG-460N apply this bandwidth management rule. Direction Select To LAN to apply bandwidth management to traffic from WAN to LAN.

  • Page 227: Rule Configuration: User Defined Service Rule Configuration

    Traffic redirect or IP alias may cause LAN-to-LAN traffic to pass through the NBG-460N and be managed by bandwidth management. Destination Port This is the port number of the destination. See Appendix E on page 355 for some common services and port numbers.

  • Page 228: Monitor Screen

    Destination Enter the destination IP address in dotted decimal notation. Address The NBG-460N applies bandwidth management to the service or application that is entering this computer. Destination Enter the subnet netmask of the destination of the traffic for which the Subnet bandwidth management rule applies.

  • Page 229: Technical References

    VoIP. SIP is an application-layer control (signaling) protocol that handles the setting up, altering and tearing down of voice and multimedia sessions over the Internet. SIP is transported primarily over UDP but can also be transported over TCP. NBG-460N User’s Guide...

  • Page 230: Default Bandwidth Management Classes And Priorities

    Gaming Online gaming services lets you play multiplayer games on the Internet via broadband technology. As of this writing, your NBG-460N supports Xbox, Playstation, Battlenet and MSN Game Zone. 17.7.2 Default Bandwidth Management Classes and Priorities If you enable bandwidth management but do not configure a rule for critical traffic like VoIP, the voice traffic may then get delayed due to insufficient bandwidth.

  • Page 231: Bandwidth Management Priorities

    Chapter 17 Bandwidth Management 17.7.3 Bandwidth Management Priorities The following table describes the priorities that you can apply to traffic that the NBG-460N forwards out through an interface. Table 79 Bandwidth Management Priorities PRIORITY LEVELS: TRAFFIC WITH A HIGHER PRIORITY GETS THROUGH FASTER WHILE TRAFFIC WITH A LOWER PRIORITY IS DROPPED IF THE NETWORK IS CONGESTED.
  • Page 232 Chapter 17 Bandwidth Management NBG-460N User’s Guide...

  • Page 233: Remote Management

    • Use the WWW screen (Section 18.4 on page 235) to define the interface/s from which the NBG-460N can be managed remotely using the web and specify a secure client that can manage the NBG-460N. • Use the TELNET screen (Section 18.5 on page...

  • Page 234: What You Need To Know

    You have disabled that service in one of the remote management screens. The IP address in the Secured Client IP Address field does not match the client IP address. If it does not match, the NBG-460N will disconnect the session immediately.

  • Page 235: Www Screen

    Chapter 18 Remote Management 18.4 WWW Screen Use this screen to define the interface/s from which the NBG-460N can be managed remotely using the web and specify a secure client that can manage the NBG-460N. To change your NBG-460N’s World Wide Web settings, click Management >...

  • Page 236: Telnet Screen

    Chapter 18 Remote Management 18.5 Telnet Screen You can use Telnet to access the NBG-460N’s command line interface. Specify the interface/s from which the NBG-460N can be managed remotely using this service and specify a secure client that can manage the NBG-460N.

  • Page 237: Dns Screen

    Chapter 18 Remote Management Use this screen to specify the interface/s from which you can upload the firmware or configuration file to the NBG-460N and specify a secure client that can manage the NBG-460N. To change your NBG-460N’s FTP settings, click Management > Remote MGMT >...
  • Page 238 IP Address queries to the NBG-460N. Select All to allow any computer to send DNS queries to the NBG-460N. Choose Selected to just allow the computer with the IP address that you specify to send DNS queries to the NBG-460N.

  • Page 239: Universal Plug-And-Play (Upnp)

    NAT. UPnP network devices can automatically configure network addressing, announce their presence in the network to other UPnP devices and enable exchange of simple product and service descriptions. NAT traversal allows the following: • Dynamic port mapping NBG-460N User’s Guide...

  • Page 240: Cautions With Upnp

    When a UPnP device joins a network, it announces its presence with a multicast message. For security reasons, the NBG-460N allows multicast messages on the LAN only. All UPnP-enabled devices may communicate freely with each other without additional configuration.

  • Page 241: Technical Reference

    This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the NBG-460N. Make sure the computer is connected to a LAN port of the NBG-460N. Turn on your computer and the NBG-460N.
  • Page 242 Chapter 19 Universal Plug-and-Play (UPnP) Right-click the icon and select Properties. Figure 146 Network Connections In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Figure 147 Internet Connection Properties NBG-460N User’s Guide...
  • Page 243 Note: When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. Select Show icon in notification area when connected option and click OK. An icon displays in the system tray. Figure 150 System Tray Icon NBG-460N User’s Guide...

  • Page 244: Web Configurator Easy Access

    19.5.2 Web Configurator Easy Access With UPnP, you can access the web-based configurator on the NBG-460N without finding out the IP address of the NBG-460N first. This comes helpful if you do not know the IP address of the NBG-460N.
  • Page 245 Figure 152 Network Connections An icon with the description for each UPnP-enabled device displays under Local Network. Right-click on the icon for your NBG-460N and select Invoke. The Web Configurator login screen displays. Figure 153 Network Connections: My Network Places...
  • Page 246 Chapter 19 Universal Plug-and-Play (UPnP) Right-click on the icon for your NBG-460N and select Properties. A properties window displays with basic information about the NBG-460N. Figure 154 Network Connections: My Network Places: Properties: Example Figure 155 NBG-460N User’s Guide...

  • Page 247: Maintenance And Troubleshooting

    Maintenance and Troubleshooting System (249) Logs (255) Tools (275) Configuration Mode (283) Sys Op Mode (285) Language (289) Troubleshooting (291) Product Specifications and Wall-Mounting Instructions (299)

  • Page 249: System

    460N’s time and date. 20.3 System General Screen Use this screen to enter a name to identify the NBG-460N in the network and set the password. Click Maintenance > System. The following screen displays. Figure 156 Maintenance > System > General...
  • Page 250 LABEL DESCRIPTION System Name System Name is a unique name to identify the NBG-460N in an Ethernet network. It is recommended you enter your computer’s “Computer name” in this field. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes “-”...

  • Page 251: Time Setting Screen

    Chapter 20 System 20.4 Time Setting Screen To change your NBG-460N’s time and date, click Maintenance > System > Time Setting. The screen appears as shown. Use this screen to configure the NBG-460N’s time based on your local time zone.
  • Page 252 When you set Time and Date Setup to Manual, enter the new date in this field and then click Apply. Get from Time Select this radio button to have the NBG-460N get the time and date Server from the time server you specified below.
  • Page 253 Germany for instance, you would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). Apply Click Apply to save your changes back to the NBG-460N. Reset Click Reset to begin configuring this screen afresh.
  • Page 254 Chapter 20 System NBG-460N User’s Guide...

  • Page 255: Logs

    NBG-460N’s logs. Refer to Section 21.6.1 on page 260 for example log message explanations. The Web Configurator allows you to look at all of the NBG-460N’s logs in one location. 21.2 What You Can Do • Use the View Log screen (Section 21.4 on page...

  • Page 256: View Log Screen

    Email Log Now Click Email Log Now to send the log screen to the e-mail address specified in the Log Settings page (make sure that you have first filled in the Address Info fields in Log Settings). NBG-460N User’s Guide...

  • Page 257: Log Settings

    21.5 Log Settings You can configure the NBG-460N’s general log settings in one location. Use the Log Settings screen to configure where the NBG-460N sends logs, the schedule for when the NBG-460N sends the logs and which logs and/or immediate alerts the NBG-460N to send.
  • Page 258 Mail Server Enter the server name or the IP address of the mail server for the e- mail addresses specified below. If this field is left blank, logs and alert messages will not be sent via e-mail. NBG-460N User’s Guide...
  • Page 259 Send Log To The NBG-460N sends logs to the e-mail address specified in this field. If this field is left blank, the NBG-460N does not send logs via e-mail. Send Alerts To Alerts are real-time notifications that are sent as soon as an event, such as a DoS attack, system error, or forbidden web access attempt occurs.

  • Page 260: Technical Reference

    Table 88 Maintenance > Logs > Log Settings LABEL DESCRIPTION Select the categories of logs that you want to record. Send Immediate Select log categories for which you want the NBG-460N to send e- Alert mail alerts immediately. Apply Click Apply to save your changes.
  • Page 261 The router failed to allocate memory for the NetBIOS setNetBIOSFilter: calloc filter settings. error The router failed to allocate memory for the NetBIOS readNetBIOSFilter: calloc filter settings. error A WAN connection is down. You cannot access the WAN connection is down. network through this interface. NBG-460N User’s Guide...
  • Page 262 The router sent a TCP reset packet when a TCP Peer TCP state out of connection state was out of order.Note: The firewall order, sent TCP RST refers to RFC793 Figure 6 to check the TCP state. NBG-460N User’s Guide...
  • Page 263 ICMP access matched (or didn’t match) a firewall Firewall rule [NOT] match: ICMP rule (denoted by its number) and was blocked or <Packet Direction>, <rule:%d>, forwarded according to the rule. For type and <type:%d>, <code:%d> code details, see Table 105 on page 272. NBG-460N User’s Guide...
  • Page 264 Starting The PPP connection’s Internet Protocol Control Protocol stage is ppp:IPCP Opening opening. The PPP connection’s Link Control Protocol stage is closing. ppp:LCP Closing The PPP connection’s Internet Protocol Control Protocol stage is ppp:IPCP Closing closing. NBG-460N User’s Guide...
  • Page 265 The NBG-460N cannot get the IP address of the external DNS resolving failed content filtering via DNS query. Creating socket failed The NBG-460N cannot issue a query because TCP/IP socket creation failed, port:port number. The connection to the external content filtering server failed.
  • Page 266 The router received and discarded a packet with an Discard REPLAY packet incorrect sequence number. The router received a packet that has been altered. A third Inbound packet party may have altered or tampered with the packet. authentication failed NBG-460N User’s Guide...
  • Page 267 <%d> static rule #d; thus the connection is not allowed. The router couldn’t resolve the IP address from the Cannot resolve Secure domain name that was used for the secure gateway Gateway Addr for rule <%d> address. NBG-460N User’s Guide...
  • Page 268 The tunnel for the listed rule was dropped because Rule <%d> input idle time there was no inbound traffic within the idle timeout out, disconnect period. The router used extended authentication to XAUTH succeed! Username: authenticate the listed username. <Username> NBG-460N User’s Guide...
  • Page 269 The router changed to using the listed rule. Swap rule to rule [%d] The listed rule’s IKE phase 1 key length (with the AES Rule [%d] Phase 1 key length encryption algorithm) did not match between the mismatch router and the peer. NBG-460N User’s Guide...
  • Page 270 LDAP server whose address and port are received ca cert recorded in the Source field. The router received a corrupted user certificate from the Failed to decode the LDAP server whose address and port are recorded in the received user cert Source field. NBG-460N User’s Guide...
  • Page 271 User logout because of no was no authentication response. authentication response from user. The router logged out a user whose idle timeout User logout because of idle period expired. timeout expired. A user logged out. User logout because of user request. NBG-460N User’s Guide...
  • Page 272 LAN. (L to L/P) LAN to LAN/ ACL set for packets traveling from the LAN to the NBG-460N LAN or the NBG-460N. (W to W/P) WAN to WAN/ ACL set for packets traveling from the WAN to the NBG-460N WAN or the NBG-460N.
  • Page 273 The “devID” is the last three characters of the MAC address of the router’s LAN port. The “cat” is the same as the category in the router’s logs. NBG-460N User’s Guide...
  • Page 274 Please refer to the RFC for detailed information on each type. Table 107 RFC-2408 ISAKMP Payload Types LOG DISPLAY PAYLOAD TYPE Security Association Proposal PROP Transform TRANS Key Exchange Identification Certificate Certificate Request CER_REQ Hash HASH Signature Nonce NONCE Notification NOTFY Delete Vendor ID NBG-460N User’s Guide...

  • Page 275: Tools

    (usually) uses the system model name with a “*.bin” extension, e.g., “NBG-460N.bin”. The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot.
  • Page 276 Click Upload to begin the upload process. This process may take up to two minutes. Note: Do not turn off the NBG-460N while firmware upload is in progress! After you see the Firmware Upload In Process screen, wait two minutes before logging into the NBG-460N again.
  • Page 277 Chapter 22 Tools The NBG-460N automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 162 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen.

  • Page 278: Configuration Screen

    22.4.1 Backup Configuration Backup configuration allows you to back up (save) the NBG-460N’s current configuration to a file on your computer. Once your NBG-460N is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes. The backup configuration file will be useful in case you need to return to your previous settings.
  • Page 279 Upload Click Upload to begin the upload process. Note: Do not turn off the NBG-460N while configuration file upload is in progress After you see a “configuration upload successful” screen, you must then wait one minute before logging into the NBG-460N again.

  • Page 280: Back To Factory Defaults

    Configurator for more information on the RESET button. 22.5 Restart Screen System restart allows you to reboot the NBG-460N without turning the power off. Click Maintenance > Tools > Restart. Click Restart to have the NBG-460N reboot. This does not affect the NBG-460N's configuration.

  • Page 281: Wake On Lan

    Click Maintenance > Tools > Wake On LAN to use this feature. Note: The NBG-460N can only wake up remote devices that exist in it’s ARP table. For the remote device to exist in the NBG-460N’s ARP table it should have had a prior connection with the NBG-460N.
  • Page 282 Chapter 22 Tools Note: When the NBG-460N reboots from low power mode, some processes may not automatically resume. Click Maintenance > Tools > Green to open the following screen. Figure 170 TMaintenance > Tools > Green The following table describes the labels in this screen.

  • Page 283: Configuration Mode

    Configuration Mode 23.1 Overview Your NBG-460N allows you to hide or display the advanced screens of some features or the advanced features, such as MAC filter or static route. Advanced is selected by default and you cannot see the advanced screens or features as soon as you log on to the Web Configurator.
  • Page 284 Table 112 Maintenance > Config Mode > General LABEL DESCRIPTION Basic Select Basic mode to have the Web Configurator hide the configuration screens of the more advanced features of your NBG-460N. Advanced Select Advanced mode to configure the more advanced settings of your NBG-460N. Apply Click on this to set the mode.

  • Page 285: Sys Op Mode

    (Section 24.4 on page 287) to select how you want to use your NBG-460N depending on how you connect to the Internet. Note: The Web Configurator screens depend on the operation mode you select. 24.3 What You Need to Know This section can help you choose the correct operation mode to use in your network setup.
  • Page 286 An AP extends one network and so has just one IP address. All Ethernet ports on the AP have the same IP address. To connect to the Internet, another device, such as a router, is required. Figure 173 IP Address in AP Mode 1 IP Internet NBG-460N User’s Guide...

  • Page 287: General Screen

    Chapter 24 Sys Op Mode 24.4 General Screen Use this screen to select how you want to use your NBG-460N depending on how you connect to the Internet. Figure 174 Maintenance > Sys OP Mode > General If you select Router Mode, the following pop-up message window appears.
  • Page 288 Apply Click Apply to save your settings. Reset Click Reset to return your settings to the default (Router) Note: If you select the incorrect System Operation Mode you can lose your connection to the Internet. NBG-460N User’s Guide...

  • Page 289: Language

    H A P T E R Language 25.1 Language Screen Use this screen to change the language for the Web Configurator. Click the language you prefer. The Web Configurator language changes after a while without restarting the NBG-460N. Figure 177 Language NBG-460N User’s Guide...
  • Page 290 Chapter 25 Language NBG-460N User’s Guide...

  • Page 291: Troubleshooting

    The NBG-460N does not turn on. None of the LEDs turn on. Make sure you are using the power adaptor or cord included with the NBG-460N. Make sure the power adaptor or cord is connected to the NBG-460N and plugged in to an appropriate power source.

  • Page 292: Nbg-460N Access And Login

    IP address from a DHCP server on the network. If your NBG-460N is a DHCP client, you can find your IP address from the DHCP server. This information is only available from the DHCP server which allocates IP addresses on your network.
  • Page 293 Appendix A on page 307. Make sure your computer is in the same subnet as the NBG-460N. (If you know that there are routers between your computer and the NBG-460N, skip this step.) • If there is a DHCP server on your network, make sure your computer is using a dynamic IP address.

  • Page 294: Internet Access

    1234. This field is case-sensitive, so make sure [Caps Lock] is not on. You cannot log in to the Web Configurator while someone is using Telnet to access the NBG-460N. Log out of the NBG-460N in the other session, or ask the person who is logged in to log out.
  • Page 295 Internet, especially peer-to-peer applications. Check the signal strength. If the signal strength is low, try moving the NBG-460N closer to the AP if possible, and look around to see if there are any devices that might be interfering with the wireless network (for example, microwaves, other wireless networks, and so on).

  • Page 296: Resetting The Nbg-460N To Its Factory Defaults

    26.4 Resetting the NBG-460N to Its Factory Defaults If you reset the NBG-460N, you lose all of the changes you have made. The NBG- 460N re-loads its default settings, and the password resets to 1234. You have to make all of your changes again.

  • Page 297: Wireless Router/Ap Troubleshooting

    Chapter 26 Troubleshooting 26.5 Wireless Router/AP Troubleshooting I cannot access the NBG-460N or ping any computer from the WLAN (wireless AP or router). Make sure the wireless LAN is enabled on the NBG-460N Make sure the wireless adapter on the wireless station is working properly.
  • Page 298 WAN is checked. This is not checked by default to keep the LAN secure. If you still cannot access a network folder, make sure your account has access rights to the folder you are trying to open. NBG-460N User’s Guide...

  • Page 299: Product Specifications And Wall-Mounting Instructions

    Auto-crossover: Use either crossover or straight-through Ethernet cables. 4-5 Gigabit Port A combination of switch and router makes your NBG-460N a cost- Switch effective and viable network solution. You can add up to four computers to the NBG-460N without the cost of a hub when connecting to the Internet through the WAN port.
  • Page 300 Configuration Backup & Make a copy of the NBG-460N’s configuration and put it back Restoration on the NBG-460N later if you decide you want to revert back to an earlier configuration. Network Address Each computer on your network must have its own unique IP Translation (NAT) address.
  • Page 301 Internet and download files for example. Content Filter The NBG-460N blocks or allows access to web sites that you specify and blocks access to web sites with URLs that contain keywords that you specify. You can define time periods and days during which content filtering is enabled.
  • Page 302 DESCRIPTION PPTP Encapsulation Point-to-Point Tunneling Protocol (PPTP) enables secure transfer of data through a Virtual Private Network (VPN). The NBG-460N supports one PPTP connection at a time. Universal Plug and Play The NBG-460N can communicate with other UPnP enabled (UPnP) devices in a network.
  • Page 303 Make sure the screws are snugly fastened to the wall. They need to hold the weight of the NBG-460N with the connection cables. Align the holes on the back of the NBG-460N with the screws on the wall. Hang the NBG-460N on the screws.
  • Page 304 Chapter 27 Product Specifications and Wall-Mounting Instructions The following are dimensions of an M4 tap screw and masonry plug used for wall mounting. All measurements are in millimeters (mm). Figure 179 Masonry Plug and M4 Tap Screw NBG-460N User’s Guide...

  • Page 305: Appendices And Index

    Appendices and Index Pop-up Windows, JavaScripts and Java Permissions (307) IP Addresses and Subnetting (315) Setting up Your Computer’s IP Address (325) Wireless LANs (343) Services (355) Legal Information (359) Index (363)

  • Page 307: Appendix A Pop-Up Windows, Javascripts And Java Permissions

    Disable pop-up Blockers In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker. Figure 180 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. NBG-460N User’s Guide...
  • Page 308 Click Apply to save this setting. Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. In Internet Explorer, select Tools, Internet Options and then the Privacy tab. NBG-460N User’s Guide...
  • Page 309 Select Settings…to open the Pop-up Blocker Settings screen. Figure 182 Internet Options: Privacy Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. NBG-460N User’s Guide...
  • Page 310 Figure 183 Pop-up Blocker Settings Click Close to return to the Privacy screen. Click Apply to save this setting. JavaScripts If pages of the Web Configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. NBG-460N User’s Guide...
  • Page 311 Figure 184 Internet Options: Security Click the Custom Level... button. Scroll down to Scripting. Under Active scripting make sure that Enable is selected (the default). Under Scripting of Java applets make sure that Enable is selected (the default). NBG-460N User’s Guide...

  • Page 312: Java Permissions

    Figure 185 Security Settings - Java Scripting Java Permissions From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM. Under Java permissions make sure that a safety level is selected. NBG-460N User’s Guide...
  • Page 313 Click OK to close the window. Figure 186 Security Settings - Java JAVA (Sun) From Internet Explorer, click Tools, Internet Options and then the Advanced tab. Make sure that Use Java 2 for <applet> under Java (Sun) is selected. NBG-460N User’s Guide...
  • Page 314 Appendix A Pop-up Windows, JavaScripts and Java Permissions Click OK to close the window. Figure 187 Java (Sun) NBG-460N User’s Guide...

  • Page 315: Appendix B Ip Addresses And Subnetting

    192.168.1.1). Each of these four parts is known as an octet. An octet is an eight-digit binary number (for example 11000000, which is 192 in decimal notation). Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal. NBG-460N User’s Guide...

  • Page 316: Subnet Masks

    ID of an IP address (192.168.1.2 in decimal). Table 119 Subnet Mask - Identifying Network Number OCTET: OCTET: OCTET: OCTET (192) (168) IP Address (Binary) 11000000 10101000 00000001 00000010 Subnet Mask (Binary) 11111111 11111111 11111111 00000000 NBG-460N User’s Guide...
  • Page 317 An IP address with host IDs of all zeros is the IP address of the network (192.168.1.0 with a 24-bit subnet mask, for example). An IP address with host IDs of all ones is the broadcast address for that network (192.168.1.255 with a 24-bit subnet mask, for example). NBG-460N User’s Guide...
  • Page 318 Table 122 Alternative Subnet Mask Notation SUBNET ALTERNATIVE LAST OCTET LAST OCTET MASK NOTATION (BINARY) (DECIMAL) 255.255.255.0 0000 0000 255.255.255.12 1000 0000 255.255.255.19 1100 0000 255.255.255.22 1110 0000 255.255.255.24 1111 0000 255.255.255.24 1111 1000 255.255.255.25 1111 1100 NBG-460N User’s Guide...
  • Page 319 You can “borrow” one of the host ID bits to divide the network 192.168.1.0 into two separate sub-networks. The subnet mask is now 25 bits (255.255.255.128 or /25). The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. NBG-460N User’s Guide...
  • Page 320 Similarly, to divide a 24-bit address into four subnets, you need to “borrow” two host ID bits to give four possible combinations (00, 01, 10 and 11). The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192. NBG-460N User’s Guide...
  • Page 321 Lowest Host ID: 192.168.1.129 192.168.1.128 Broadcast Address: Highest Host ID: 192.168.1.190 192.168.1.191 Table 126 Subnet 4 LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001 11000000 Subnet Mask (Binary) 11111111.11111111.11111111 11000000 NBG-460N User’s Guide...
  • Page 322 The following table is a summary for subnet planning on a network with a 24-bit network number. Table 128 24-bit Network Number Subnet Planning NO. “BORROWED” NO. HOSTS PER SUBNET MASK NO. SUBNETS HOST BITS SUBNET 255.255.255.128 (/25) 255.255.255.192 (/26) 255.255.255.224 (/27) 255.255.255.240 (/28) 255.255.255.248 (/29) 255.255.255.252 (/30) 255.255.255.254 (/31) NBG-460N User’s Guide...

  • Page 323: Configuring Ip Addresses

    460N that is easy to remember (for instance, 192.168.1.1) but make sure that no other device on your network is using that IP address. The subnet mask specifies the network number portion of an IP address. Your NBG-460N will compute the subnet mask automatically based on the IP address NBG-460N User’s Guide...
  • Page 324 Appendix B IP Addresses and Subnetting that you entered. You don't need to change the subnet mask computed by the NBG-460N unless you are instructed to do otherwise. Private IP Addresses Every machine on the Internet must have a unique address. If your networks are isolated from the Internet (running only between two branch offices, for example) you can assign any IP addresses to the hosts without problems.

  • Page 325: Appendix C Setting Up Your Computer's Ip Address

    "communicate" with your network. If you manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the Prestige’s LAN port. NBG-460N User’s Guide...
  • Page 326 In the Network window, click Add. Select Adapter and then click Add. Select the manufacturer and model of your network adapter and then click OK. If you need TCP/IP: In the Network window, click Add. Select Protocol and then click Add. NBG-460N User’s Guide...
  • Page 327 • If your IP address is dynamic, select Obtain an IP address automatically. • If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields. Figure 192 Windows 95/98/Me: TCP/IP Properties: IP Address NBG-460N User’s Guide...
  • Page 328 Click OK to close the Network window. Insert the Windows CD if prompted. Turn on your Prestige and restart your computer when prompted. Verifying Settings Click Start and then Run. In the Run window, type "winipcfg" and then click OK to open the IP Configuration window. NBG-460N User’s Guide...
  • Page 329 Select your network adapter. You should see your computer's IP address, subnet mask and default gateway. Windows 2000/NT/XP The following example figures use the default Windows XP GUI theme. Click start (Start in Windows 2000/NT), Settings, Control Panel. Figure 194 Windows XP: Start Menu NBG-460N User’s Guide...
  • Page 330 In the Control Panel, double-click Network Connections (Network and Dial- up Connections in Windows 2000/NT). Figure 195 Windows XP: Control Panel Right-click Local Area Connection and then click Properties. Figure 196 Windows XP: Control Panel: Network Connections: Properties NBG-460N User’s Guide...
  • Page 331 • If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. NBG-460N User’s Guide...
  • Page 332 Gateway. To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. NBG-460N User’s Guide...
  • Page 333 • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. NBG-460N User’s Guide...
  • Page 334 Click Start, All Programs, Accessories and then Command Prompt. In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab. NBG-460N User’s Guide...
  • Page 335 Appendix C Setting up Your Computer’s IP Address Macintosh OS 8/9 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/ IP Control Panel. Figure 201 Macintosh OS 8/9: Apple Menu NBG-460N User’s Guide...
  • Page 336 Close the TCP/IP Control Panel. Click Save if prompted, to save changes to your configuration. Turn on your Prestige and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the TCP/IP Control Panel window. NBG-460N User’s Guide...

  • Page 337: Macintosh Os X

    • Select Automatic from the Location list. • Select Built-in Ethernet from the Show list. • Click the TCP/IP tab. For dynamically assigned settings, select Using DHCP from the Configure list. Figure 204 Macintosh OS X: Network NBG-460N User’s Guide...
  • Page 338 Follow the steps below to configure your computer IP address using the KDE. Click the Red Hat button (located on the bottom left corner), select System Setting and click Network. Figure 205 Red Hat 9.0: KDE: Network Configuration: Devices NBG-460N User’s Guide...
  • Page 339 Click OK to save the changes and close the Ethernet Device General screen. If you know your DNS server IP address(es), click the DNS tab in the Network Configuration screen. Enter the DNS server information in the fields provided. Figure 207 Red Hat 9.0: KDE: Network Configuration: DNS NBG-460N User’s Guide...
  • Page 340 • If you have a dynamic IP address, enter dhcp in the BOOTPROTO= field. The following figure shows an example. Figure 209 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=dhcp USERCTL=no PEERDNS=yes TYPE=Ethernet NBG-460N User’s Guide...
  • Page 341 Figure 212 Red Hat 9.0: Restart Ethernet Card [root@localhost init.d]# network restart Shutting down interface eth0: [OK] Shutting down loopback interface: [OK] Setting network parameters: [OK] Bringing up loopback interface: [OK] Bringing up interface eth0: [OK] NBG-460N User’s Guide...

  • Page 342: Verifying Settings

    HWaddr 00:50:BA:72:5B:44 inet addr:172.23.19.129 Bcast:172.23.19.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:717 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:730412 (713.2 Kb) TX bytes:1570 (1.5 Kb) Interrupt:10 Base address:0x1000 [root@localhost]# NBG-460N User’s Guide...

  • Page 343: Appendix D Wireless Lans

    (AP). Intra-BSS traffic is traffic between wireless stations in the BSS. When Intra-BSS is enabled, wireless station A and B can access the wired network and communicate NBG-460N User’s Guide...
  • Page 344 This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood. NBG-460N User’s Guide...
  • Page 345 A hidden node occurs when two stations are within range of the same access point, but are not within range of each other. The following figure illustrates a hidden node. Both stations (STA) are within range of the access point (AP) or NBG-460N User’s Guide...
  • Page 346 RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Note: Enabling the RTS Threshold causes redundant network overhead that could negatively affect the throughput performance instead of providing a remedy. NBG-460N User’s Guide...

  • Page 347: Fragmentation Threshold

    IEEE 802.11g is fully compatible with the IEEE 802.11b standard. This means an IEEE 802.11b adapter can interface directly with an IEEE 802.11g access point (and vice versa) at 11 Mbps or lower depending on range. IEEE 802.11g has NBG-460N User’s Guide...
  • Page 348 • Accounting Keeps track of the client’s network activity. RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless station and the network RADIUS server. NBG-460N User’s Guide...

  • Page 349: Types Of Authentication

    The wireless station ‘proves’ that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text. NBG-460N User’s Guide...
  • Page 350 The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed. NBG-460N User’s Guide...
  • Page 351 Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and distributed by the authentication server. It includes a per-packet key mixing function, a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. NBG-460N User’s Guide...
  • Page 352 If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not. Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure than WPA or WPA2. NBG-460N User’s Guide...

  • Page 353: Wpa(2)-Psk Application Example

    The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients. NBG-460N User’s Guide...

  • Page 354: Security Parameters Summary

    PROTOCOL Open None Disable Enable without Dynamic WEP Open Enable with Dynamic WEP Enable without Dynamic WEP Disable Shared Enable with Dynamic WEP Enable without Dynamic WEP Disable TKIP Enable WPA-PSK TKIP Enable WPA2 Enable WPA2-PSK Enable NBG-460N User’s Guide...

  • Page 355: Appendix E Services

    • If the Protocol is TCP, UDP, or TCP/UDP, this is the IP port number. • If the Protocol is USER, this is the IP protocol number. • Description: This is a brief explanation of the applications that use this service or the situations in which this service is used. NBG-460N User’s Guide...
  • Page 356 IMAP4 The Internet Message Access Protocol is used for e-mail. IMAP4S This is a more secure version of IMAP4 that runs over SSL. TCP/UDP 6667 This is another popular Internet chat program. NBG-460N User’s Guide...
  • Page 357 Remote Login. ROADRUNNER TCP/UDP 1026 This is an ISP that provides services mainly for cable modems. RTELNET Remote Telnet. RTSP TCP/UDP The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet. NBG-460N User’s Guide...
  • Page 358 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE 7000 A videoconferencing solution. The UDP port number is specified in the user- application. defined NBG-460N User’s Guide...

  • Page 359: Appendix F Legal Information

    ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein.
  • Page 360 • To comply with FCC RF exposure compliance requirements, a separation distance of at least 20 cm must be maintained between the antenna of this device and all persons. 注意 ! 依據 低功率電波輻射性電機管理辦法 第十二條 經型式認證合格之低功率射頻電機,非經許可,公司、商號或使用 者均不得擅自變更頻率、加大功率或變更原設計之特性及功能。 第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通信;經發現 NBG-460N User’s Guide...

  • Page 361: Zyxel Limited Warranty

    ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions. NBG-460N User’s Guide...
  • Page 362 Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products. NBG-460N User’s Guide...

  • Page 363: Index

    CTS (Clear to Send) Backup configuration Bandwidth management Daylight saving classes and priorities DDNS monitor see also Dynamic DNS overview service providers priority DHCP 40, 147 services DHCP server Bandwidth management monitor see also Dynamic Host Configuration Protocol NBG-460N User’s Guide...
  • Page 364 FTP. see also File Transfer Program EAP Authentication gateway e-mail General wireless LAN screen Encapsulating Security Payload. See ESP. encapsulation and active protocol transport mode tunnel mode Hidden Node HTTP Encryption Hyper Text Transfer Protocol encryption and local (user) database WPA compatible NBG-460N User’s Guide...
  • Page 365 Internet Protocol Security. See IPSec. Language IP Address 141, 155, 156 Link type 36, 84 IP address local (user) database dynamic and encryption IP alias Local Area Network IP Pool IPSec IPSec SA active protocol authentication algorithms 207, 213 NBG-460N User’s Guide...
  • Page 366 211, 239 Private Navigation Panel 37, 84 product registration navigation panel 37, 84 NetBIOS 128, 143 see also Network Basic Input/Output System Network Address Translation 153, 154 Network Basic Input/Output System QoS priorities Quality of Service (QoS) NBG-460N User’s Guide...
  • Page 367 RTS/CTS Threshold 92, 105 TCP/IP configuration Telnet Temperature life time Time setting safety warnings trademarks Scheduling Triangle routes security associations. See VPN. and IP alias Security Parameters see also asymmetrical routes Service and port numbers trigger port NBG-460N User’s Guide...
  • Page 368 VPN. See also IKE SA, IPSec SA. wireless security Wireless tutorial 63, 81 Wizard setup Bandwidth management complete Wake On LAN 155, 157, 281 Internet connection system information IP address assignment wireless LAN WAN (Wide Area Network) WLAN WAN advanced Interference NBG-460N User’s Guide...
  • Page 369 Index Security Parameters WMM priorities WoL. See Wake On LAN. World Wide Web WPA compatible WPA, WPA2 108, 229 Xbox Live ZyNOS 35, 83 NBG-460N User’s Guide...
  • Page 370 Index NBG-460N User’s Guide...

Table of Contents