ZyXEL Communications NBG-4600N User Manual

Wireless n gigabit router

Table of Contents

Quick Links

Download this manual

NBG-460N

Wireless N Gigabit Router

Default Login Details

IP Address

http://192.168.1.1

Password

Firmware Version 3.60

Edition 3, 9/2009

www.zyxel.com

1234

ZyXEL Communications Corporation

Table of Contents

Troubleshooting

Summary of Contents for ZyXEL Communications NBG-4600N

Page 1 NBG-460N Wireless N Gigabit Router Default Login Details IP Address http://192.168.1.1 Password 1234 Firmware Version 3.60 Edition 3, 9/2009 www.zyxel.com www.zyxel.com Copyright © 2009 ZyXEL Communications Corporation...
Page 3: About This User's Guide
Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan.
Page 4 About This User's Guide • Date that you received your device. Brief description of the problem and the steps you took to solve it. NBG-460N User’s Guide...
Page 5: Document Conventions
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. Warnings tell you about things that could harm you or your device. Note: Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.
Page 6 Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The NBG-460N icon is not an exact representation of your device. NBG-460N Computer Notebook computer Server DSLAM Firewall Telephone Switch Router Modem NBG-460N User’s Guide...
Page 7: Safety Warnings
Safety Warnings Safety Warnings • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. • Do NOT store things on the device. •...
Page 8 Safety Warnings NBG-460N User’s Guide...
Page 9: Table Of Contents
Contents Overview Contents Overview Introduction ..........................21 Getting to Know Your NBG-460N ....................23 The WPS Button ........................33 Introducing the Web Configurator ....................35 Connection Wizard ........................49 Tutorials ............................. 67 AP Mode ............................ 87 Network ........................... 95 Wireless LAN ..........................97 WAN ............................
Page 10 Contents Overview NBG-460N User’s Guide...
Page 11: Table Of Contents
Table of Contents Table of Contents About This User's Guide ......................3 Document Conventions......................5 Safety Warnings........................7 Contents Overview ........................9 Table of Contents........................11 Part I: Introduction................. 21 Chapter 1 Getting to Know Your NBG-460N ..................23 1.1 Overview ..........................23 1.2 Applications .........................
Page 12 Table of Contents 3.5.1 Navigation Panel ......................41 3.5.2 Summary: Any IP Table ..................... 43 3.5.3 Summary: Bandwidth Management Monitor ............43 3.5.4 Summary: DHCP Table ................... 44 3.5.5 Summary: Packet Statistics ..................45 3.5.6 Summary: VPN Monitor ..................... 46 3.5.7 Summary: Wireless Station Status .................
Page 13 Table of Contents 5.4 Bandwidth Management for your Network ................83 5.4.1 Configuring Bandwidth Management by Application ..........83 5.4.2 Configuring Bandwidth Management by Custom Application ........84 5.4.3 Configuring Bandwidth Allocation by IP or IP Range ..........84 Chapter 6 AP Mode...........................
Page 14 Table of Contents 7.12.2 Quality of Service ....................123 7.13 WiFi Protected Setup ....................... 124 7.13.1 iPod Touch Web Configurator ................124 7.13.2 Login Screen ......................125 7.13.3 System Status ......................126 7.13.4 WPS in Progress ....................129 7.13.5 Port Forwarding ...................... 129 7.14 Accessing the iPod Touch Web Configurator ..............
Page 15 Table of Contents 10.1 Overview .......................... 157 10.2 What You Can Do ......................157 10.3 What You Need To Know ....................157 10.4 DHCP General Screen ....................158 10.5 DHCP Advanced Screen ....................158 10.6 Client List Screen ......................160 Chapter 11 Network Address Translation (NAT) ...................
Page 16 Table of Contents Chapter 14 Content Filtering ........................189 14.1 Overview .......................... 189 14.2 What You Can Do ......................189 14.3 What You Need To Know ....................189 14.3.1 Content Filtering Profiles ..................189 14.4 Filter Screen ........................191 14.5 Schedule Screen ......................193 14.6 Technical Reference ......................
Page 17 Table of Contents 16.3 IP Static Route Screen ....................232 16.3.1 Static Route Setup Screen ................... 233 Chapter 17 Bandwidth Management....................... 235 17.1 Overview ......................... 235 17.2 What You Can Do ......................235 17.3 What You Need To Know ....................236 17.4 General Configuration Screen ..................
Page 18 Table of Contents Part V: Maintenance and Troubleshooting........261 Chapter 20 System ........................... 263 20.1 Overview .......................... 263 20.2 What You Can Do ......................263 20.3 System General Screen ....................263 20.4 Time Setting Screen ......................265 Chapter 21 Logs ............................269 21.1 Overview ..........................
Page 19 Table of Contents 24.4 General Screen ....................... 301 Chapter 25 Language ..........................303 25.1 Language Screen ......................303 Chapter 26 Troubleshooting........................305 26.1 Power, Hardware Connections, and LEDs ..............305 26.2 NBG-460N Access and Login ..................306 26.3 Internet Access ........................ 308 26.4 Resetting the NBG-460N to Its Factory Defaults .............
Page 20 Table of Contents NBG-460N User’s Guide...
Page 21: Introduction
Introduction Getting to Know Your NBG-460N (23) The WPS Button (33) Introducing the Web Configurator (35) Connection Wizard (49) AP Mode (87) Tutorials (67)
Page 23: Getting To Know Your Nbg-460N
H A P T E R Getting to Know Your NBG-460N 1.1 Overview This chapter introduces the main features and applications of the NBG-460N. The NBG-460N extends the range of your existing wired network without additional wiring, providing easy network access to mobile users. You can set up a wireless network with other IEEE 802.11b/g/n compatible devices.
Page 24: Wireless Applications
Chapter 1 Getting to Know Your NBG-460N • IPTV. Connect a Set-Top Box (STB) to your NBG-460N to watch Live TV and/or Video On Demand (VOD) on your television screen. Figure 1 NBG-460N Network LAN 1 LAN 2 LAN 3 NBG460N WLAN 1.3 Wireless Applications...
Page 25: Ap Mode
Chapter 1 Getting to Know Your NBG-460N The following figure shows computers in a WLAN connecting to the NBG-460N (A), which has a DSL connection to the Internet. The NBG-460N is set to Router Mode and has router features such as a built-in firewall (B). Figure 2 Secure Wireless Internet Access in Router Mode 1.3.2 AP Mode Select AP Mode if you already have a router or gateway on your network which...
Page 26: Bridge
Chapter 1 Getting to Know Your NBG-460N Using AP + Bridge mode, your NBG-460N can extend the range of the WLAN. In the figure below, A and B act as AP + Bridge devices that forward traffic between associated wireless workstations and the wired LAN. When the NBG-460N is in AP + Bridge mode, security between APs (the Wireless Distribution System or WDS) is independent of the security between the wireless stations and the AP.
Page 27 Chapter 1 Getting to Know Your NBG-460N Once the security settings of peer sides match one another, the connection between devices is made. Figure 5 Bridge Application In the example below, when both NBG-460Ns are in Bridge mode, they form a WDS (Wireless Distribution System) allowing the computers in LAN 1 to connect to the computers in LAN 2.
Page 28 Chapter 1 Getting to Know Your NBG-460N • If two or more NBG-460Ns (in bridge mode) are connected to the same hub. Figure 7 Bridge Loop: Two Bridges Connected to Hub • If your NBG-460N (in bridge mode) is connected to a wired LAN while communicating with another wireless bridge that is also connected to the same wired LAN.
Page 29: Router Vs. Ap Vs. Bridge
Chapter 1 Getting to Know Your NBG-460N 1.3.5 Router vs. AP vs. Bridge The following table shows which features are available in Router mode, AP mode or Bridge. Table 1 Features Available in Router Mode vs. AP Mode ROUTER FEATURE AP MODE BRIDGE MODE...
Page 30: Good Habits For Managing The Nbg-460N
Chapter 1 Getting to Know Your NBG-460N 1.5 Good Habits for Managing the NBG-460N Do the following things regularly to make the NBG-460N more secure and to manage the NBG-460N more effectively. • Change the password. Use a password that’s not easy to guess and that consists of different types of characters, such as numbers and letters.
Page 31 Chapter 1 Getting to Know Your NBG-460N Table 2 Front Panel LEDs (continued) COLOR STATUS DESCRIPTION Green The NBG-460N has a successful 10/100MB WAN connection. Blinking The NBG-460N is sending/receiving data. Amber The NBG-460N has a successful 1000MB Ethernet connection. Blinking The NBG-460N is sending/receiving data.
Page 32 Chapter 1 Getting to Know Your NBG-460N NBG-460N User’s Guide...
Page 33: The Wps Button
H A P T E R The WPS Button 2.1 Overview Your NBG-460N supports WiFi Protected Setup (WPS), which is an easy way to set up a secure wireless network. WPS is an industry standard specification, defined by the WiFi Alliance. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually.
Page 34 Chapter 2 The WPS Button NBG-460N User’s Guide...
Page 35: Introducing The Web Configurator
H A P T E R Introducing the Web Configurator 3.1 Web Configurator Overview This chapter describes how to access the NBG-460N Web Configurator and provides an overview of its screens. The Web Configurator is an HTML-based management interface that allows easy setup and management of the NBG-460N via Internet browser.
Page 36 Chapter 3 Introducing the Web Configurator • In Router Mode enable the DHCP Server. The NBG-460N assigns your computer an IP address on the same subnet. • In AP Mode, AP + Bridge mode and Bridge mode the NBG-460N does not assign an IP address to your computer, so you should check it’s in the same subnet.
Page 37: Resetting The Nbg-460N
Chapter 3 Introducing the Web Configurator • Select a language to go to the basic Web Configurator in that language. To change to the advanced configurator see Chapter 23 on page 297. Figure 11 Selecting the setup mode 3.3 Resetting the NBG-460N If you forget your password or IP address, or you cannot access the Web Configurator, you will need to use the RESET button at the back of the NBG-460N to reload the factory-default configuration file.
Page 38: The Status Screen In Router Mode
Chapter 3 Introducing the Web Configurator 3.5 The Status Screen in Router Mode Click on Status. The screen below shows the status screen in Router Mode. (For information on the status screen in AP Mode see Chapter 6 on page 88.) Figure 12 Web Configurator Status Screen The following table describes the icons shown in the Status screen.
Page 39 Chapter 3 Introducing the Web Configurator Table 3 Status Screen Icon Key (continued) ICON DESCRIPTION Select a number of seconds or None from the drop-down list box to refresh all screen statistics automatically at the end of every time interval or to not refresh the screen statistics.
Page 40 Chapter 3 Introducing the Web Configurator Table 4 Web Configurator Status Screen (continued) LABEL DESCRIPTION System Resource - CPU Usage This displays what percentage of the NBG-460N’s processing ability is currently used. When this percentage is close to 100%, the NBG-460N is running at full load, and the throughput is not going to improve anymore.
Page 41: Navigation Panel
Chapter 3 Introducing the Web Configurator 3.5.1 Navigation Panel Use the sub-menus on the navigation panel to configure NBG-460N features. The following table describes the sub-menus. Table 5 Screens Summary LINK FUNCTION Status This screen shows the NBG-460N’s general device, system and interface status information.
Page 42 Chapter 3 Introducing the Web Configurator Table 5 Screens Summary LINK FUNCTION General Use this screen to enable NAT. Application Use this screen to configure servers behind the NBG- 460N. Advanced Use this screen to change your NBG-460N’s port triggering settings.
Page 43: Summary: Any Ip Table
Chapter 3 Introducing the Web Configurator Table 5 Screens Summary LINK FUNCTION Logs View Log Use this screen to view the logs for the categories that you selected. Use this screen to change your NBG-460N’s log settings. Settings Tools Firmware Use this screen to upload firmware to your NBG-460N.
Page 44: Summary: Dhcp Table
Chapter 3 Introducing the Web Configurator bar represents the percentage of unused bandwidth and the blue color represents the percentage of bandwidth in use. Figure 14 Summary: BW MGMT Monitor 3.5.4 Summary: DHCP Table DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server.
Page 45: Summary: Packet Statistics
Chapter 3 Introducing the Web Configurator Table 6 Summary: DHCP Table (continued) LABEL DESCRIPTION MAC Address This field shows the MAC address of the computer with the name in the Host Name field. Every Ethernet device has a unique MAC (Media Access Control) address which uniquely identifies a device.
Page 46: Summary: Vpn Monitor
Chapter 3 Introducing the Web Configurator Table 7 Summary: Packet Statistics LABEL DESCRIPTION Collisions This is the number of collisions on this port. Tx B/s This displays the transmission speed in bytes per second on this port. Rx B/s This displays the reception speed in bytes per second on this port. Up Time This is the total amount of time the line has been up.
Page 47: Summary: Wireless Station Status
Chapter 3 Introducing the Web Configurator 3.5.7 Summary: Wireless Station Status Click the WLAN Station Status (Details...) hyperlink in the Status screen. View the wireless stations that are currently associated to the NBG-460N in the Association List. Association means that a wireless client (for example, your network or computer with a wireless network card) has connected successfully to the AP (or wireless router) using the same SSID, channel and security settings.
Page 48 Chapter 3 Introducing the Web Configurator NBG-460N User’s Guide...
Page 49: Connection Wizard
H A P T E R Connection Wizard 4.1 Wizard Setup This chapter provides information on the wizard setup screens in the Web Configurator. The Web Configurator’s wizard setup helps you configure your device to access the Internet. Refer to your ISP (Internet Service Provider) checklist in the Quick Start Guide to know what to enter in each field.
Page 50: Connection Wizard: Step 1: System Information
Chapter 4 Connection Wizard Choose a language by clicking on the language’s button. The screen will update. Click the Next button to proceed to the next screen. Figure 20 Select a Language Read the on-screen information and click Next. Figure 21 Welcome to the Connection Wizard 4.2 Connection Wizard: STEP 1: System Information System Information contains administrative and system-related information.
Page 51: Domain Name
Chapter 4 Connection Wizard • In Windows XP, click Start, My Computer, View system information and then click the Computer Name tab. Note the entry in the Full computer name field and enter it as the NBG-460N System Name. 4.2.2 Domain Name The Domain Name entry is what is propagated to the DHCP clients on the LAN.
Page 52: Connection Wizard: Step 2: Wireless Lan
Chapter 4 Connection Wizard 4.3 Connection Wizard: STEP 2: Wireless LAN Set up your wireless LAN using the following screen. Figure 23 Wizard Step 2: Wireless LAN The following table describes the labels in this screen. Table 11 Wizard Step 2: Wireless LAN LABEL DESCRIPTION Name...
Page 53: Basic (Wep) Security
Chapter 4 Connection Wizard Table 11 Wizard Step 2: Wireless LAN LABEL DESCRIPTION Next Click Next to proceed to the next screen. Exit Click Exit to close the wizard screen without saving. Note: The wireless stations and NBG-460N must use the same SSID, channel ID and WEP encryption (if WEP is enabled), WPA-PSK (if WPA-PSK is enabled) or WPA2-PSK (if WPA2-PSK is enabled) keys for wireless communication.
Page 54: Extend (Wpa-Psk Or Wpa2-Psk) Security
Chapter 4 Connection Wizard The following table describes the labels in this screen. Table 12 Wizard Step 2: Basic (WEP) Security LABEL DESCRIPTION Passphrase Type a Passphrase (up to 64 printable characters) and click Generate. The NBG-460N automatically generates a WEP key. Select 64-bit WEP or 128-bit WEP to allow data encryption.
Page 55: Connection Wizard: Step 3: Internet Configuration
Chapter 4 Connection Wizard The following table describes the labels in this screen. Table 13 Wizard Step 2: Extend (WPA-PSK or WPA2-PSK) Security LABEL DESCRIPTION Pre-Shared You can set up the most secure wireless connection by configuring WPA in the wireless LAN screens. You need to configure an authentication server to do this.
Page 56: Ethernet Connection
Chapter 4 Connection Wizard The following table describes the labels in this screen, Table 14 Wizard Step 3: ISP Parameters CONNECTION DESCRIPTION TYPE Ethernet Select the Ethernet option when the WAN port is used as a regular Ethernet. PPPoE Select the PPP over Ethernet option for a dial-up connection. If your ISP gave you an IP address and/or subnet mask, then select PPTP.
Page 57: Pptp Connection
Chapter 4 Connection Wizard By implementing PPPoE directly on the NBG-460N (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the NBG-460N does that part of the task. Furthermore, with NAT, all of the LAN's computers will have Internet access.
Page 58 Chapter 4 Connection Wizard Note: The NBG-460N supports one PPTP server connection at any given time. Figure 29 Wizard Step 3: PPTP Connection The following table describes the fields in this screen Table 16 Wizard Step 3: PPTP Connection LABEL DESCRIPTION ISP Parameters for Internet Access Connection Type...
Page 59: Your Ip Address
Chapter 4 Connection Wizard Table 16 Wizard Step 3: PPTP Connection LABEL DESCRIPTION My IP Subnet Type the subnet mask assigned to you by your ISP (if given). Mask Back Click Back to return to the previous screen. Next Click Next to continue. Exit Click Exit to close the wizard screen without saving.
Page 60: Ip Address And Subnet Mask
Chapter 4 Connection Wizard Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks. Table 18 Private IP Address Ranges 10.0.0.0 10.255.255.255 172.16.0.0 172.31.255.255 192.168.0.0 192.168.255.255 You can obtain your IP address from the IANA, from an ISP or have it assigned by a private network.
Page 61: Dns Server Address Assignment
Chapter 4 Connection Wizard 4.4.7 DNS Server Address Assignment Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa, for instance, the IP address of www.zyxel.com is 204.217.0.2. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it.
Page 62: Wan Mac Address
Chapter 4 Connection Wizard The following table describes the labels in this screen Table 19 Wizard Step 3: WAN IP and DNS Server Addresses LABEL DESCRIPTION WAN IP Address Assignment My WAN IP Address Enter your WAN IP address in this field. The WAN IP address should be in the same subnet as your DSL/Cable modem or router.
Page 63: Connection Wizard: Step 4: Bandwidth Management
Chapter 4 Connection Wizard advisable to clone the MAC address from a computer on your LAN even if your ISP does not presently require MAC address authentication. Figure 32 Wizard Step 3: WAN MAC Address The following table describes the fields in this screen. Table 21 Wizard Step 3: WAN MAC Address LABEL DESCRIPTION...
Page 64: Connection Wizard Complete
Chapter 4 Connection Wizard the bandwidth according to the traffic type. This helps keep one service from using all of the available bandwidth and shutting out other users. Figure 33 Wizard Step 4: Bandwidth Management The following fields describe the label in this screen. Table 22 Wizard Step 4: Bandwidth Management LABEL DESCRIPTION...
Page 65 Chapter 4 Connection Wizard Follow the on-screen instructions and click Finish to complete the wizard setup. Figure 35 Connection Wizard Complete Well done! You have successfully set up your NBG-460N to operate on your network and access the Internet. NBG-460N User’s Guide...
Page 66 Chapter 4 Connection Wizard NBG-460N User’s Guide...
Page 67: Tutorials
H A P T E R Tutorials 5.1 Overview This chapter provides tutorials for your NBG-460N as follows: • How to Connect to the Internet from an AP • Site-To-Site VPN Tunnel Tutorial • Bandwidth Management for your Network 5.2 How to Connect to the Internet from an AP This section gives you an example of how to set up an access point (AP) and wireless client (a notebook (B), in this example) for wireless communication.
Page 68: Push Button Configuration
Chapter 5 Tutorials • Push Button Configuration - create a secure wireless network simply by pressing a button. See Section 5.2.1.1 on page 68.This is the easier method. • PIN Configuration - create a secure wireless network simply by entering a wireless client's PIN (Personal Identification Number) in the NBG-460N’s interface.
Page 69: Pin Configuration
Chapter 5 Tutorials The following figure shows you an example to set up wireless network and security by pressing a button on both NBG-460N and wireless client (the NWD210N in this example). Figure 37 Example WPS Process: Push Button Configuration Method NBG460N Wireless Client WITHIN 2 MINUTES...
Page 70 Chapter 5 Tutorials The following figure shows you the example to set up wireless network and security on NBG-460N and wireless client (ex. NWD210N in this example) by using PIN method. Figure 38 Example WPS Process: PIN Method Wireless Client NBG460N WITHIN 2 MINUTES Authentication by PIN...
Page 71: Enable And Configure Wireless Security Without Wps On Your Nbg-460N
Chapter 5 Tutorials 5.2.2 Enable and Configure Wireless Security without WPS on your NBG-460N This example shows you how to configure wireless security settings with the following parameters on your NBG-460N. SSID SSID_Example3 Channel Security WPA-PSK (Pre-Shared Key: ThisismyWPA-PSKpre-sharedkey) Follow the steps below to configure the wireless settings on your NBG-460N. The instructions require that your hardware is connected (see the Quick Start Guide) and you are logged into the Web Configurator through your LAN connection (see...
Page 72: Configure Your Notebook
Chapter 5 Tutorials Open the Status screen. Verify your wireless and wireless security settings under Device Information and check if the WLAN connection is up under Interface Status. Figure 40 Tutorial: Status: AP Mode 5.2.3 Configure Your Notebook Note: We use the ZyXEL M-302 wireless adapter utility screens as an example for the wireless client.
Page 73 Chapter 5 Tutorials Select SSID_Example3 and click Connect. Figure 41 Connecting a Wireless Client to a Wireless Network Select WPA-PSK and type the security key in the following screen. Click Next. Figure 42 Security Settings The Confirm Save window appears. Check your settings and click Save to continue.
Page 74: Using Ap + Bridge Mode And Wds
Chapter 5 Tutorials Check the status of your wireless connection in the screen below. If your wireless connection is weak or you have no connection, see the Troubleshooting section of this User’s Guide. Figure 44 Link Status If your connection is successful, open your Internet browser and enter http:// www.zyxel.com or the URL of any other web site in the address bar.
Page 75 Chapter 5 Tutorials However, you want the communication between Y and Z to be secure. WDS encrypts the data transfer between bridged devices. You can enable this in the Security fields of the WDS screen. Figure 45 AP + Bridge Scenario File Server 5.2.4.1 Configuring Your Bridge Mode Settings You should know the MAC address of the other NBG-460N to establish the bridge...
Page 76 Chapter 5 Tutorials Set both Y and Z in AP + Bridge mode in the Basic Setting field. In the Remote MAC Address field, enter the correct MAC address of the other NBG-460N with which you want to establish a connection. Figure 47 Tutorial: Wireless LAN >...
Page 77: Site-To-Site Vpn Tunnel Tutorial
Chapter 5 Tutorials 5.3 Site-To-Site VPN Tunnel Tutorial Bob and Jack want to setup a VPN connection between their offices. Bob and Jack each have a NBG-460N router and a static WAN IP address. This tutorial covers how to configure their NBG-460Ns to create a secure connection. Figure 48 Site-To-Site VPN Tunnel 192.168.1.35 10.0.0.7...
Page 78: Configuring Bob's Nbg-460N Vpn Settings
Chapter 5 Tutorials 5.3.1 Configuring Bob’s NBG-460N VPN Settings To configure these settings Bob uses the NBG-460N Web Configurator. Log into the NBG-460N Web Configurator and click VPN > Modify icon. This displays the VPN Rule Setup (basic) screen. Select the Active checkbox to enable the VPN rule after it has been created. Make sure IKE is selected as the IPSec Keying Mode.
Page 79: Configuring Jack's Nbg-460N Vpn Settings
Chapter 5 Tutorials Enter the IP address “2.2.2.2” in the Secure Gateway Address text box. This is Jack’s WAN IP address. Select IP as the Peer ID Type. This is Jack’s Local ID Type. Enter “2.2.2.2” in the Peer Content text box. This is Jack’s Local Content WAN IP address. Figure 52 Tutorial: Authentication Method Select Tunnel as the Encapsulation Mode and ESP as the IPSec Protocol.
Page 80 Chapter 5 Tutorials Select the Active checkbox to enable the VPN rule after it has been created. Make sure IKE is selected as the IPSec Keying Mode. Figure 55 Tutorial: Property Enter the IP address “10.0.0.7” in the Local Address text box. This is the IP address of Jack’s computer.
Page 81 Chapter 5 Tutorials Select IP as the Peer ID Type. This is Bob’s Local ID Type. Enter “1.1.1.1” in the Peer Content text box. This is Bob’s Local Content WAN IP address. Figure 58 Tutorial: Authentication Method Select Tunnel as the Encapsulation Mode and ESP as the IPSec Protocol. 10 Enter “ThisIsMySecretKey”...
Page 82: Checking The Vpn Connection
Chapter 5 Tutorials 5.3.3 Checking the VPN Connection Check if the VPN connection is working by pinging the computer on the other side of the VPN connection. In the example below Bob is pinging Jack’s computer. Figure 61 Pinging Jack’s Local IP Address Pinging is successful which means a VPN tunnel has been established between Bob and Jack’s NBG-460Ns.
Page 83: Bandwidth Management For Your Network
Chapter 5 Tutorials 5.4 Bandwidth Management for your Network This section shows you how to configure the bandwidth management feature on the NBG-460N to limit the bandwidth for specific kinds of outgoing traffic. ZyXEL's bandwidth management feature allows you to specify bandwidth management rules based on an application or subnet.
Page 84: Configuring Bandwidth Management By Custom Application
Chapter 5 Tutorials 5.4.2 Configuring Bandwidth Management by Custom Application Aside from the VOIP and e-mail services, you need to set the priority for MSN Messenger. To do this, add the service in the Priority Queue table of the Management > Bandwidth MGMT > Advanced screen. Figure 64 Tutorial: Adding TFTP to Priority Queue To add the MSN Messenger service in the Priority Queue: Click Enable in one of the fields for additional services.
Page 85 Chapter 5 Tutorials • Multimedia room’s LAN IP range: 192.168.1.1 to 192.168.1.34 • IP Address of the computer uploading through FTP: 192.168.1.34 • Services you want to configure: REAL AUDIO TCP 7070 RTSP TCP or UDP 554 VDO LIVE TCP 7000 TCP 20 ~ 21 Click the Edit icon in Management >...
Page 86 Chapter 5 Tutorials After adding these services, go to Management > Bandwidth MGMT > Advanced and check if you have the correct values. Figure 66 Tutorial: Bandwidth Allocation Example Note: The Policy column displays either Max (maximum) or Min (minimum). This is directly directed to the value in the Rate column.
Page 87: Ap Mode
H A P T E R AP Mode 6.1 Overview This chapter discusses how to configure settings while your NBG-460N is set to AP Mode. Many screens that are available in Router Mode are not available in AP Mode. Note: See Chapter 5 on page 67 for an example of setting up a wireless network in AP mode.
Page 88: The Status Screen
Chapter 6 AP Mode To set your NBG-460N to AP Mode, go to Maintenance > Sys OP Mode > General and select Access Point. Figure 68 Maintenance > Sys OP Mode > General A pop-up appears providing information on this mode. Click OK in the pop-up message window.
Page 89 Chapter 6 AP Mode The following table describes the labels shown in the Status screen. Table 25 Web Configurator Status Screen LABEL DESCRIPTION Device Information System Name This is the System Name you enter in the Maintenance > System > General screen.
Page 90: Navigation Panel
Chapter 6 AP Mode Table 25 Web Configurator Status Screen (continued) LABEL DESCRIPTION Interface Status Interface This displays the NBG-460N port types. The port types are: LAN and WLAN. Status For the LAN port, this field displays Down (line is down) or Up (line is up or connected).
Page 91 Chapter 6 AP Mode The following table describes the sub-menus. Table 26 Screens Summary LINK FUNCTION Status This screen shows the NBG-460N’s general device, system and interface status information. Use this screen to access the wizard, and summary statistics tables. Network Wireless General...
Page 92: Configuring Your Settings
Chapter 6 AP Mode Table 26 Screens Summary LINK FUNCTION Sys OP General This screen allows you to select whether your device acts Mode as a Router or a Access Point. Language Language This screen allows you to select the language you prefer. 6.4 Configuring Your Settings Use this section to configure your NBG-460N settings while in AP Mode.
Page 93: Wlan And Maintenance Settings
Chapter 6 AP Mode The following table describes the labels in this screen. Table 27 Network > LAN > IP LABEL DESCRIPTION Get from Select this option to allow the NBG-460N to obtain an IP address from a DHCP Server DHCP server on the network.
Page 94: Logging In To The Web Configurator In Ap Mode
Chapter 6 AP Mode • See Maintenance and Troubleshooting (261) for information on the configuring your Maintenance settings. 6.5 Logging in to the Web Configurator in AP Mode Connect your computer to the LAN port of the NBG-460N. The default IP address if the NBG-460N is “192.168.1.1”. In this case, your computer must have an IP address in the range between “192.168.1.2”...
Page 95: Network
Network Wireless LAN (97) WAN (133) LAN (149) DHCP (157) Network Address Translation (NAT) (163) Dynamic DNS (173)
Page 97: Wireless Lan
H A P T E R Wireless LAN 7.1 Overview This chapter discusses how to configure the wireless network settings in your NBG-460N. See the appendices for more detailed information about wireless networks. The following figure provides an example of a wireless network. Figure 72 Example of a Wireless Network The wireless network is the part in the blue circle.
Page 98: What You Can Do
Chapter 7 Wireless LAN 7.2 What You Can Do • Use the General screen (Section 7.4 on page 101) to enable the Wireless LAN, enter the SSID and select the wireless security mode. • Use the MAC Filter screen (Section 7.5 on page 109) to allow or deny wireless stations based on their MAC addresses from connecting to the NBG-460N.
Page 99: Mac Address Filter
Chapter 7 Wireless LAN 7.3.1.1 SSID Normally, the AP acts like a beacon and regularly broadcasts the SSID in the area. You can hide the SSID instead, in which case the AP does not broadcast the SSID. In addition, you should change the default SSID to something that is difficult to guess.
Page 100 Chapter 7 Wireless LAN Unauthorized devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network. Furthermore, there are ways for unauthorized wireless users to get a valid user name and password. Then, they can use that user name and password to use the wireless network.
Page 101: General Wireless Lan Screen
Chapter 7 Wireless LAN clients support WPA and some support WPA2, you should set up WPA2-PSK or WPA2 (depending on the type of wireless network login) and select the WPA Compatible option in the NBG-460N. Many types of encryption use a key to protect the information in the wireless network.
Page 102: No Security
Chapter 7 Wireless LAN Table 29 Network > Wireless LAN > General LABEL DESCRIPTION Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a station cannot obtain the SSID through scanning using a site survey tool. Channel Set the operating frequency/channel depending on your particular region.
Page 103: Wep Encryption
Chapter 7 Wireless LAN Note: If you do not enable any wireless security on your NBG-460N, your network is accessible to any wireless networking device that is within range. Figure 74 Network > Wireless LAN > General: No Security The following table describes the labels in this screen. Table 30 Network >...
Page 104 Chapter 7 Wireless LAN In order to configure and enable WEP encryption, click Network > Wireless LAN to display the General screen. Select Static WEP from the Security Mode list. Figure 75 Network > Wireless LAN > General: Static WEP The following table describes the wireless LAN security labels in this screen.
Page 105 Chapter 7 Wireless LAN Table 31 Network > Wireless LAN > General: Static WEP LABEL DESCRIPTION Authenticatio There are two types of WEP authentication namely, Open System and n Method Shared Key. Open system is implemented for ease-of-use and when security is not an issue.
Page 106: Wpa-Psk/Wpa2-Psk
Chapter 7 Wireless LAN 7.4.3 WPA-PSK/WPA2-PSK Click Network > Wireless LAN to display the General screen. Select WPA-PSK or WPA2-PSK from the Security Mode list. Figure 76 Network > Wireless LAN > General: WPA-PSK/WPA2-PSK The following table describes the labels in this screen. Table 32 Network >...
Page 107: Wpa/Wpa2
Chapter 7 Wireless LAN Table 32 Network > Wireless LAN > General: WPA-PSK/WPA2-PSK LABEL DESCRIPTION Idle Timeout The NBG-460N automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the username and password again before access to the wired network is allowed.
Page 108 Chapter 7 Wireless LAN The following table describes the labels in this screen. Table 33 Network > Wireless LAN > General: WPA/WPA2 LABEL DESCRIPTION WPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field. Select the check box to have both WPA2 and WPA wireless clients be able to communicate with the NBG-460N even when the NBG-460N is using WPA2-PSK or WPA2.
Page 109: Mac Filter Screen
Chapter 7 Wireless LAN Table 33 Network > Wireless LAN > General: WPA/WPA2 LABEL DESCRIPTION Port Number Enter the port number of the external accounting server. The default port number is 1813. You need not change this value unless your network administrator instructs you to do so with additional information.
Page 110 Chapter 7 Wireless LAN To change your NBG-460N’s MAC filter settings, click Network > Wireless LAN > MAC Filter. The screen appears as shown. Figure 78 Network > Wireless LAN > MAC Filter The following table describes the labels in this menu. Table 34 Network >...
Page 111: Wireless Lan Advanced Screen
Chapter 7 Wireless LAN 7.6 Wireless LAN Advanced Screen Click Network > Wireless LAN > Advanced. The screen appears as shown. Figure 79 Network > Wireless LAN > Advanced The following table describes the labels in this screen. Table 35 Network > Wireless LAN > Advanced LABEL DESCRIPTION Roaming Configuration...
Page 112 Chapter 7 Wireless LAN Click Network > Wireless LAN > QoS. The following screen appears. Figure 80 Network > Wireless LAN > QoS The following table describes the labels in this screen. Table 36 Network > Wireless LAN > QoS LABEL DESCRIPTION Enable WMM QoS...
Page 113: Application Priority Configuration
Chapter 7 Wireless LAN Table 36 Network > Wireless LAN > QoS (continued) LABEL DESCRIPTION Priority This field displays the priority of the application. • Highest - Typically used for voice or video that should be high- quality. • High - Typically used for voice or video that can be medium- quality.
Page 114 Chapter 7 Wireless LAN Table 37 Network > Wireless LAN > QoS: Application Priority Configuration LABEL DESCRIPTION Service The following is a description of the applications you can prioritize with WMM QoS. Select a service from the drop-down list box. •...
Page 115: Wps Screen
Chapter 7 Wireless LAN 7.8 WPS Screen Use this screen to enable/disable WPS, view or generate a new PIN number and check current WPS status. To open this screen, click Network > Wireless LAN > WPS tab. Figure 82 Network > Wireless LAN > WPS The following table describes the labels in this screen.
Page 116: Wps Station Screen
Chapter 7 Wireless LAN 7.9 WPS Station Screen Use this screen when you want to add a wireless station using WPS. To open this screen, click Network > Wireless LAN > WPS Station tab. Note: Note: After you click Push Button on this screen, you have to press a similar button in the wireless station utility within 2 minutes.
Page 117 Chapter 7 Wireless LAN on or off on certain days and at certain times. To open this screen, click Network > Wireless LAN > Scheduling tab. Figure 84 Network > Wireless LAN > Scheduling The following table describes the labels in this screen. Table 40 Network >...
Page 118: Wds Screen
Chapter 7 Wireless LAN 7.11 WDS Screen A Wireless Distribution System is a wireless connection between two or more APs. Use this screen to set the operating mode of your NBG-460N to AP + Bridge or Bridge and establish wireless links with other APs. You need to know the MAC address of the peer device, which also must be in bridge mode.
Page 119: Security Mode: Static Wep
Chapter 7 Wireless LAN Table 41 Network > Wireless LAN > WDS (No Security) LABEL DESCRIPTION Security Mode Note: WDS security is independent of the security settings between the NBG-460N and any wireless clients. The WDS is set to No Security by default. •...
Page 120 Chapter 7 Wireless LAN The following table describes the labels in this screen. Refer to Table 41 on page for descriptions of other fields in this screen. Table 42 Network > Wireless LAN > WDS (Static WEP) LABEL DESCRIPTION Passphrase Enter the passphrase or string of text used for automatic WEP key generation on wireless client adapters.
Page 121: Security Mode: Wpa2-Psk
Chapter 7 Wireless LAN 7.11.2 Security Mode: WPA2-PSK Use this screen to configure the WPA2-PSK security for your NBG-460N when it is in AP+Bridge or Bridge Only mode. Figure 87 Network > Wireless LAN > WDS (WPA2-PSK) The following table describes the labels in this screen. Refer to Table 41 on page for descriptions of other fields in this screen.
Page 122 Chapter 7 Wireless LAN The roaming feature on the access points allows the access points to relay information about the wireless stations to each other. When a wireless station moves from a coverage area to another, it scans and uses the channel of a new access point, which then informs the other access points on the LAN about the change.
Page 123: Quality Of Service
Chapter 7 Wireless LAN 7.12.1.1 Requirements for Roaming The following requirements must be met in order for wireless stations to roam between the coverage areas. All the access points must be on the same subnet and configured with the same ESSID.
Page 124: Wmm Qos Priorities
Chapter 7 Wireless LAN 7.12.2.2 WMM QoS Priorities The following table describes the WMM QoS priority levels that the NBG-460N uses. Table 44 WMM QoS Priorities PRIORITY LEVEL DESCRIPTION voice Typically used for traffic that is especially sensitive to jitter. Use this priority to reduce latency for improved voice quality.
Page 125: Login Screen
Chapter 7 Wireless LAN On the iPod Touch’s main screen press Settings > Wi-fi and from the list press the NBG-460N’s network name (SSID) to connect to it. If you are prompted for any security settings enter them and press connect. If you cannot connect check your security settings in the Web Configurator from your computer and try again.
Page 126: System Status
Chapter 7 Wireless LAN 7.13.3 System Status After successfully logging into the iPod Touch Web Configurator the System Status screen displays. Note: Your changes in the iPod Touch Web Configurator are saved automatically after pressing a button. If you are going to use the WPS (Wi-Fi Protected Setup) function in the iPod Touch Web Configurator it is recommended to configure your WPS settings first from your computer.
Page 127 Chapter 7 Wireless LAN into the Web Configurator from your computer and going to the Wireless LAN screen. Figure 90 System Status screen The following table describes the labels in this screen. Table 46 System Status screen LABEL DESCRIPTION Logout Press this to logout of the iPod Touch Web Configurator.
Page 128 Chapter 7 Wireless LAN Table 46 System Status screen LABEL DESCRIPTION WLAN Name This field displays the SSID (Service set identifier) of the NBG-460N’s (SSID) Wireless LAN. Security This field displays the security authentication mode of the NBG-460N’s Mode Wireless LAN. This can be No Security, WPA-PSK, WPA2-PSK or WEP.
Page 129: Wps In Progress
Chapter 7 Wireless LAN 7.13.4 WPS in Progress After pressing Push Button in the System Status screen the WPS in Progress screen will display. It can take around two minutes for a successful WPS connection to be made. The System Status screen will display after a connection has been made or if it has failed.
Page 130 Chapter 7 Wireless LAN Note: To see any changes on the System Status screen you will need to refresh the page first. Use the browser’s refresh function. See the iPod Touch’s documentation if you cannot find it. Figure 92 Port Forwarding The following table describes the labels in this screen.
Page 131: Accessing The Ipod Touch Web Configurator
Chapter 7 Wireless LAN 7.14 Accessing the iPod Touch Web Configurator To access the iPod Touch Web Configurator through your iPod Touch you must first connect it to the NBG-460N’s wireless network. Follow the steps below to do this. Note: If you have not configured your wireless settings yet you can do so by using the Wizard in the Web Configurator you access from your computer.
Page 132 Chapter 7 Wireless LAN The login screen should display. Figure 93 Login Screen If the login screen does not display properly, check that you are accessing the correct IP address. Also check your iPod Touch web browser’s security settings as they may affect how the page displays. If you wish to login automatically in the future make sure the Auto Login checkbox is selected.
Page 133: Wan
H A P T E R 8.1 Overview This chapter discusses the NBG-460N’s WAN screens. Use these screens to configure your NBG-460N for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations.
Page 134: What You Need To Know
Chapter 8 WAN 8.3 What You Need To Know The information in this section can help you configure the screens for your WAN connection, as well as enable/disable some advanced features of your NBG-460N. 8.3.1 Configuring Your Internet Connection Encapsulation Method Encapsulation is used to include data from an upper layer protocol into a lower layer protocol.
Page 135: Multicast
Chapter 8 WAN WAN MAC Address The MAC address screen allows users to configure the WAN port's MAC address by either using the factory default or cloning the MAC address from a computer on your LAN. Choose Factory Default to select the factory assigned default MAC Address.
Page 136: Iptv Stb Port
Chapter 8 WAN 8.3.3 IPTV STB Port Internet Protocol Television (IPTV) is a service with which you can subscribe in order to watch video content hosted on servers over the Internet in your television at home. An IPTV subscription gives you access to streaming media, such as Live TV or Video on Demand (VOD).
Page 137 Chapter 8 WAN You have one STB You have one STB and one television. You can assign one port for your IPTV connection and connect your STB to it.This effectively changes the IP address of the LAN port to the IP address of the WAN port. In the following figure, you assign port LAN 4 as the IPTV STB port.
Page 138: Netbios Over Tcp/Ip
Chapter 8 WAN Go to Section 8.5 on page 146 to view the screen where you can assign the IPTV STB port. Note: Follow the instructions in the User’s Guide of your STB for hardware connections and setup configurations. 8.3.4 NetBIOS over TCP/IP NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN.
Page 139: Internet Connection
Chapter 8 WAN • The device must be in Router Mode (see Chapter 24 on page 299 for more information) for auto-bridging to become active. 8.4 Internet Connection Use this screen to change your NBG-460N’s Internet access settings. Click Network > WAN. The screen differs according to the encapsulation you choose. 8.4.1 Ethernet Encapsulation This screen displays when you select Ethernet encapsulation.
Page 140 Chapter 8 WAN The following table describes the labels in this screen. Table 48 Network > WAN > Internet Connection: Ethernet Encapsulation LABEL DESCRIPTION Encapsulation Choose the Ethernet option when the WAN port is used as a regular Ethernet. Service Type Choose from Standard, RR-Telstra (RoadRunner Telstra authentication method), RR-Manager (Roadrunner Manager authentication method), RR-Toshiba (Roadrunner Toshiba...
Page 141: Pppoe Encapsulation
Chapter 8 WAN Table 48 Network > WAN > Internet Connection: Ethernet Encapsulation LABEL DESCRIPTION Factory default Select Factory default to use the factory assigned default MAC Address. Clone the Select Clone the computer's MAC address - IP Address and enter computer’s MAC the IP address of the computer on the LAN whose MAC you are cloning.
Page 142 Chapter 8 WAN This screen displays when you select PPPoE encapsulation. Figure 101 Network > WAN > Internet Connection: PPPoE Encapsulation The following table describes the labels in this screen. Table 49 Network > WAN > Internet Connection: PPPoE Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access...
Page 143 Chapter 8 WAN Table 49 Network > WAN > Internet Connection: PPPoE Encapsulation LABEL DESCRIPTION Retype to Type your password again to make sure that you have entered is Confirm correctly. Nailed-Up Select Nailed-Up Connection if you do not want the connection to time Connection out.
Page 144: Pptp Encapsulation
Chapter 8 WAN 8.4.3 PPTP Encapsulation Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-based networks. PPTP supports on-demand, multi-protocol and virtual private networking over public networks, such as the Internet.
Page 145 Chapter 8 WAN The following table describes the labels in this screen. Table 50 Network > WAN > Internet Connection: PPTP Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-based networks.
Page 146: Advanced Wan Screen
Chapter 8 WAN Table 50 Network > WAN > Internet Connection: PPTP Encapsulation LABEL DESCRIPTION First DNS Server Select From ISP if your ISP dynamically assigns DNS server information (and the NBG-460N's WAN IP address). The field to the Second DNS Server right displays the (read-only) DNS server IP address that the ISP assigns.
Page 147 Chapter 8 WAN To change your NBG-460N’s advanced WAN settings, click Network > WAN > Advanced. The screen appears as shown. Figure 103 Network > WAN > Advanced The following table describes the labels in this screen. Table 51 Network > WAN > Advanced LABEL DESCRIPTION Multicast Setup...
Page 148: Technical Reference
Chapter 8 WAN Table 51 Network > WAN > Advanced LABEL DESCRIPTION Enable Auto-bridge Select this option to have the NBG-460N switch to bridge mode mode automatically when the NBG-460N gets a WAN IP address in the range of 192.168.x.y (where x and y are from zero to nine) no matter what the LAN IP address is.
Page 149: Lan
H A P T E R 9.1 Overview This chapter describes how to configure LAN settings. A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building.
Page 150: What You Need To Know
Chapter 9 LAN 9.3 What You Need To Know The LAN parameters of the NBG-460N are preset in the factory with the following values: • IP address of 192.168.1.1 with subnet mask of 255.255.255.0 (24 bits) • DHCP server enabled with 32 client IP addresses starting from 192.168.1.33. These parameters should work for the majority of installations.
Page 151: Lan Ip Alias
Chapter 9 LAN The following table describes the labels in this screen. Table 52 Network > LAN > IP LABEL DESCRIPTION LAN TCP/IP IP Address Type the IP address of your NBG-460N in dotted decimal notation 192.168.1.1 (factory default). IP Subnet Mask The subnet mask specifies the network number portion of an IP address.
Page 152: Advanced Lan Screen
Chapter 9 LAN The following table describes the labels in this screen. Table 53 Network > LAN > IP Alias LABEL DESCRIPTION IP Alias 1,2 Select the check box to configure another LAN network for the NBG- 460N. IP Address Enter the IP address of your NBG-460N in dotted decimal notation.
Page 153: Technical Reference
Chapter 9 LAN Table 54 Network > LAN > Advanced LABEL DESCRIPTION Active Select this if you want to let computers on different subnets use the NBG-460N. Windows Networking (NetBIOS over TCP/IP): NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN.
Page 154: Any Ip
Chapter 9 LAN 9.7.2 Any IP Traditionally, you must set the IP addresses and the subnet masks of a computer and the NBG-460N to be in the same subnet to allow the computer to access the Internet (through the NBG-460N). In cases where your computer is required to use a static IP address in another network, you may need to manually configure the network settings of the computer every time you want to access the Internet via the NBG-460N.
Page 155 Chapter 9 LAN Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network. IP routing table is defined on IP Ethernet devices (the NBG-460N) to decide which hop to use, to help forward data along to its specified destination.
Page 156 Chapter 9 LAN NBG-460N User’s Guide...
Page 157: Dhcp
H A P T E R DHCP 10.1 Overview DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the NBG-460N’s LAN as a DHCP server or disable it. When configured as a server, the NBG-460N provides the TCP/IP configuration for the clients.
Page 158: Dhcp General Screen
Chapter 10 DHCP 10.4 DHCP General Screen Use this screen to enable the DHCP server. Click Network > DHCP. The following screen displays. Figure 110 Network > DHCP > General The following table describes the labels in this screen. Table 55 Network > DHCP > General LABEL DESCRIPTION Enable DHCP...
Page 159 Chapter 10 DHCP To change your NBG-460N’s static DHCP settings, click Network > DHCP > Advanced. The following screen displays. Figure 111 Network > DHCP > Advanced The following table describes the labels in this screen. Table 56 Network > DHCP > Advanced LABEL DESCRIPTION Static DHCP Table...
Page 160: Client List Screen
Chapter 10 DHCP Table 56 Network > DHCP > Advanced LABEL DESCRIPTION First DNS Server Select From ISP if your ISP dynamically assigns DNS server information (and the NBG-460N's WAN IP address). The field to the Second DNS right displays the (read-only) DNS server IP address that the ISP Server assigns.
Page 161 Chapter 10 DHCP The following screen displays. Figure 112 Network > DHCP > Client List The following table describes the labels in this screen. Table 57 Network > DHCP > Client List LABEL DESCRIPTION This is the index number of the host computer. IP Address This field displays the IP address relative to the # field listed above.
Page 162 Chapter 10 DHCP NBG-460N User’s Guide...
Page 163: Network Address Translation (Nat)
H A P T E R Network Address Translation (NAT) 11.1 Overview This chapter discusses how to configure NAT on the NBG-460N. NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet. For example, the source address of an outgoing packet, used within one network is changed to a different IP address known within another network.
Page 164: What You Can Do
Chapter 11 Network Address Translation (NAT) Note: You must create a firewall rule in addition to setting up NAT, to allow traffic from the WAN to be forwarded through the NBG-460N. 11.2 What You Can Do • Use the General screen (Section 11.3 on page 164) screen to enable NAT and set a default server.
Page 165: Nat Application Screen
Chapter 11 Network Address Translation (NAT) Table 58 Network > NAT > General LABEL DESCRIPTION Server IP In addition to the servers for specified services, NAT supports a default Address server. A default server receives packets from ports that are not specified in the Application screen.
Page 166 Chapter 11 Network Address Translation (NAT) To change your NBG-460N’s port forwarding settings, click Network > NAT > Application. The screen appears as shown. Note: If you do not assign a Default Server IP address in the NAT > General screen, the NBG-460N discards all packets received for ports that are not specified in this screen or remote management.
Page 167 Chapter 11 Network Address Translation (NAT) Table 59 Network > NAT > Application LABEL DESCRIPTION Service Name Type a name (of up to 31 printable characters) to identify this rule in the first field next to Service Name. Otherwise, select a predefined service in the second field next to Service Name.
Page 168: Game List Example
Chapter 11 Network Address Translation (NAT) 11.4.1 Game List Example Here is an example game list text file. The index number, service name and associated port(s) are specified by semi-colons (no spaces). Use the name=xxx (where xxx is the service name) to create a new service. Port range can be separated with a hyphen (-) (no spaces).
Page 169: Nat Advanced Screen
Chapter 11 Network Address Translation (NAT) addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet. Figure 117 Multiple Servers Behind NAT Example 11.5 NAT Advanced Screen Some services use a dedicated range of ports on the client side and a dedicated range of ports on the server side.
Page 170 Chapter 11 Network Address Translation (NAT) Note: Only one LAN computer can use a trigger port (range) at a time. Figure 118 Network > NAT > Advanced The following table describes the labels in this screen. Table 60 Network > NAT > Advanced LABEL DESCRIPTION Max NAT/...
Page 171: Trigger Port Forwarding Example
Chapter 11 Network Address Translation (NAT) Table 60 Network > NAT > Advanced LABEL DESCRIPTION Name Type a unique name (up to 15 characters) for identification purposes. All characters are permitted - including spaces. Incoming Incoming is a port (or a range of ports) that a server on the WAN uses when it sends out a particular service.
Page 172: Two Points To Remember About Trigger Ports
Chapter 11 Network Address Translation (NAT) Only Jane can connect to the Real Audio server until the connection is closed or times out. The NBG-460N times out in three minutes with UDP (User Datagram Protocol), or two hours with TCP/IP (Transfer Control Protocol/Internet Protocol). 11.5.2 Two Points To Remember About Trigger Ports Trigger events only happen on data that is going coming from inside the NBG- 460N and going to the outside.
Page 173: Dynamic Dns
H A P T E R Dynamic DNS 12.1 Overview Dynamic DNS (DDNS) services let you use a domain name with a dynamic IP address. 12.2 What You Can Do Use the Dynamic DNS screen (Section 12.4 on page 174) to enable DDNS and configure the DDNS settings on the NBG-460N.
Page 174: Dynamic Dns Screen
Chapter 12 Dynamic DNS Note: If you have a private WAN IP address, then you cannot use Dynamic DNS. You must have a public WAN IP address. 12.4 Dynamic DNS Screen Use this screen to enable DDNS and configure the DDNS settings on the NBG- 460N.
Page 175 Chapter 12 Dynamic DNS Table 61 Network > Dynamic DNS LABEL DESCRIPTION Token Enter your client authorization key provided by the server to update DynDNS records. This field is configurable only when you select WWW.REGFISH.COM in the Service Provider field. Enable Wildcard Select the check box to enable DynDNS Wildcard.
Page 176 Chapter 12 Dynamic DNS NBG-460N User’s Guide...
Page 177: Security
Security Firewall (179) Content Filtering (189) IPSec VPN (195)
Page 179: Firewall
H A P T E R Firewall 13.1 Overview Use the screens in this chapter to enable and configure the firewall that protects your NBG-460N and your LAN from unwanted or malicious traffic. Enable the firewall to protect your LAN computers from attacks by hackers on the Internet and control access between the LAN and WAN.
Page 180: What You Need To Know
Chapter 13 Firewall • Use the Services screen (Section 13.5 on page 182) to enable service blocking, enter/delete/modify the services you want to block and the date/time you want to block them. 13.3 What You Need To Know The NBG-460N’s firewall feature physically separates the LAN and the WAN and acts as a secure gateway for all data passing between the networks.
Page 181: Triangle Routes And Ip Alias
Chapter 13 Firewall You can have the NBG-460N permit the use of asymmetrical route topology on the network (not reset the connection). Allowing asymmetrical routes may let traffic from the WAN go directly to the LAN without passing through the NBG-460N. A better solution is to use IP alias to put the NBG-460N and the backup gateway on separate subnets.
Page 182: General Firewall Screen
Chapter 13 Firewall 13.4 General Firewall Screen Use this screen to enable or disable the NBG-460N’s firewall, and set up firewall logs. Click Security > Firewall to open the General screen. Figure 123 Security > Firewall > General The following table describes the labels in this screen. Table 62 Security >...
Page 183 Chapter 13 Firewall You can also use this screen to enable service blocking, enter/delete/modify the services you want to block and the date/time you want to block them. Click Security > Firewall > Services. The screen appears as shown next. Figure 124 Security >...
Page 184 Chapter 13 Firewall Table 63 Security > Firewall > Services LABEL DESCRIPTION Do not respond Select this option to prevent hackers from finding the NBG-460N by to requests for probing for unused ports. If you select this option, the NBG-460N will unauthorized not respond to port request(s) for unused ports, thus leaving the services...
Page 185: The Add Firewall Rule Screen
Chapter 13 Firewall 13.5.1 The Add Firewall Rule Screen If you click Add or the Modify icon on an existing rule, the Add Firewall Rule screen is displayed. Use this screen to add a firewall rule or to modify an existing one.
Page 186 Chapter 13 Firewall Table 64 Security > Firewall > Services > Adding a Rule LABEL DESCRIPTION End IP Address Enter the ending IP address in a range here. This field is only available when IP Range is selected as the Address Type. IP Pool List Add an IP address from the IP Pool List to the Selected IP List by highlighting an IP address and clicking Add.
Page 187 Chapter 13 Firewall Table 64 Security > Firewall > Services > Adding a Rule LABEL DESCRIPTION Max NAT/ Type a number ranging from 1 to 16000 to limit the number of NAT/ Firewall Session firewall sessions that a host can create. Per User Apply Click Apply to save the settings.
Page 188 Chapter 13 Firewall NBG-460N User’s Guide...
Page 189: Content Filtering
H A P T E R Content Filtering 14.1 Overview This chapter provides a brief overview of content filtering using the embedded web GUI. Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering is the ability to block certain web features or specific URL keywords.
Page 190 Chapter 14 Content Filtering Restrict Web Features The NBG-460N can disable web proxies and block web features such as ActiveX controls, Java applets and cookies. Keyword Blocking URL Checking The NBG-460N checks the URL’s domain name (or IP address) and file path separately when performing keyword blocking.
Page 191: Filter Screen
Chapter 14 Content Filtering 14.4 Filter Screen Use this screen to restrict web features, add keywords for blocking and designate a trusted computer. Click Security > Content Filter to open the Filter screen. Figure 126 Security > Content Filter > Filter The following table describes the labels in this screen.
Page 192 Chapter 14 Content Filtering Table 65 Security > Content Filter > Filter LABEL DESCRIPTION Cookies Used by Web servers to track usage and provide service based on ID. Web Proxy A server that acts as an intermediary between a user and the Internet to provide security, administrative control, and caching service.
Page 193: Schedule Screen
Chapter 14 Content Filtering 14.5 Schedule Screen Use this screen to set the day(s) and time you want the NBG-460N to use content filtering. Click Security > Content Filter > Schedule. The following screen displays. Figure 127 Security > Content Filter > Schedule The following table describes the labels in this screen.
Page 194: Customizing Keyword Blocking Url Checking
Chapter 14 Content Filtering 14.6.1 Customizing Keyword Blocking URL Checking You can use commands to set how much of a website’s URL the content filter is to check for keyword blocking. See the appendices for information on how to access and use the command interpreter.
Page 195: Ipsec Vpn
H A P T E R IPSec VPN 15.1 Overview A virtual private network (VPN) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing. It is used to transport traffic over the Internet or any insecure network that uses TCP/IP for communication.
Page 196: What You Need To Know
Chapter 15 IPSec VPN • Use the SA Monitor screen (Section 15.5 on page 218) to display and manage active VPN connections. 15.3 What You Need To Know A VPN tunnel is usually established in two phases. Each phase establishes a security association (SA), a contract indicating what security parameters the NBG- 460N and the remote IPSec router will use.
Page 197: Ipsec Sa (Ike Phase 2) Overview
Chapter 15 IPSec VPN Note: Both routers must use the same negotiation mode. These modes are discussed in more detail in Section 15.6.5 on page 222. Main mode is used in various examples in the rest of this section. IP Addresses of the NBG-460N and Remote IPSec Router In the NBG-460N, you have to specify the IP addresses of the NBG-460N and the remote IPSec router to establish an IKE SA.
Page 198: The General Screen
Chapter 15 IPSec VPN 15.4 The General Screen Click Security > VPN to display the Summary screen. This is a read-only menu of your VPN rules (tunnels). Edit a VPN rule by clicking the Edit icon. Figure 130 Security > VPN > General The following table describes the fields in this screen.
Page 199: Vpn Rule Setup (Basic)
Chapter 15 IPSec VPN Table 67 Security > VPN > General LABEL DESCRIPTION Windows NetBIOS (Network Basic Input/Output System) are TCP or UDP packets Networking that enable a computer to find other computers. It may sometimes be (NetBIOS necessary to allow NetBIOS packets to pass through VPN tunnels in order over TCP/IP) to allow local computers to find computers on the remote network and vice versa.
Page 200 Chapter 15 IPSec VPN Use this screen to configure a VPN rule. Figure 132 Security > VPN > General > Rule Setup: IKE (Basic) The following table describes the labels in this screen. Table 68 Security > VPN > General > Rule Setup: IKE (Basic) LABEL DESCRIPTION Property...
Page 201 Chapter 15 IPSec VPN Table 68 Security > VPN > General > Rule Setup: IKE (Basic) (continued) LABEL DESCRIPTION NAT Traversal Select this check box to enable NAT traversal. NAT traversal allows you to set up a VPN connection when there are NAT routers between the two IPSec routers.
Page 202 Chapter 15 IPSec VPN Table 68 Security > VPN > General > Rule Setup: IKE (Basic) (continued) LABEL DESCRIPTION Remote Policy Remote IP addresses must be static and correspond to the remote IPSec router's configured local IP addresses. The remote fields do not apply when the Secure Gateway IP Address field is configured to 0.0.0.0.
Page 203 Chapter 15 IPSec VPN Table 68 Security > VPN > General > Rule Setup: IKE (Basic) (continued) LABEL DESCRIPTION Local Content When you select IP in the Local ID Type field, type the IP address of your computer in the Local Content field. The NBG-460N automatically uses the IP address in the My IP Address field (refer to the My IP Address field description) if you configure the Local Content field to 0.0.0.0 or leave it blank.
Page 204 Chapter 15 IPSec VPN Table 68 Security > VPN > General > Rule Setup: IKE (Basic) (continued) LABEL DESCRIPTION Peer Content The configuration of the peer content depends on the peer ID type. For IP, type the IP address of the computer with which you will make the VPN connection.
Page 205: Vpn Rule Setup (Advanced)
Chapter 15 IPSec VPN Table 68 Security > VPN > General > Rule Setup: IKE (Basic) (continued) LABEL DESCRIPTION Encryption Select which key size and encryption algorithm to use for data Algorithm communications. Choices are: DES - a 56-bit key with the DES encryption algorithm 3DES - a 168-bit key with the DES encryption algorithm The NBG-460N and the remote IPSec router must use the same algorithms and key , which can be used to encrypt and decrypt the...
Page 206 Chapter 15 IPSec VPN Use this screen to configure a VPN rule. Figure 133 Security > VPN > General > Rule Setup: IKE (Advanced) NBG-460N User’s Guide...
Page 207 Chapter 15 IPSec VPN The following table describes the labels in this screen. Table 69 Security > VPN > General > Rule Setup: IKE (Advanced) LABEL DESCRIPTION Property Active Select this check box to activate this VPN policy. Keep Alive Select this check box to have the NBG-460N automatically reinitiate the SA after the SA lifetime times out, even if there is no traffic.
Page 208 Chapter 15 IPSec VPN Table 69 Security > VPN > General > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Local Policy Local IP addresses must be static and correspond to the remote IPSec router's configured remote IP addresses. Two active SAs can have the same configured local or remote IP address, but not both.
Page 209 Chapter 15 IPSec VPN Table 69 Security > VPN > General > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Remote Address For a single IP address, enter a (static) IP address on the network behind the remote IPSec router. For a specific range of IP addresses, enter the beginning (static) IP address, in a range of computers on the network behind the remote IPSec router.
Page 210 Chapter 15 IPSec VPN Table 69 Security > VPN > General > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Local Content When you select IP in the Local ID Type field, type the IP address of your computer in the Local Content field. The NBG-460N automatically uses the IP address in the My IP Address field (refer to the My IP Address field description) if you configure the Local Content field to 0.0.0.0 or leave it blank.
Page 211 Chapter 15 IPSec VPN Table 69 Security > VPN > General > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Peer Content The configuration of the peer content depends on the peer ID type. For IP, type the IP address of the computer with which you will make the VPN connection.
Page 212 Chapter 15 IPSec VPN Table 69 Security > VPN > General > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Pre-Shared Key Type your pre-shared key in this field. A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. It is called "pre-shared"...
Page 213: Vpn Rule Setup (Manual)
Chapter 15 IPSec VPN Table 69 Security > VPN > General > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Perfect Forward Select whether or not you want to enable Perfect Forward Secrecy Secrecy (PFS) (PFS) and, if you do, which Diffie-Hellman key group to use for encryption.
Page 214 Chapter 15 IPSec VPN 15.4.3.3 Authentication and the Security Parameter Index (SPI) For authentication, the NBG-460N and remote IPSec router use the SPI, instead of pre-shared keys, ID type and content. The SPI is an identification number. Note: The NBG-460N and remote IPSec router must use the same SPI. Figure 134 Security >...
Page 215 Chapter 15 IPSec VPN Table 70 Security > VPN > General > Rule Setup: Manual (continued) LABEL DESCRIPTION IPSec Keying Select IKE or Manual from the drop-down list box. IKE provides more Mode protection so it is generally recommended. Manual is a useful option for troubleshooting if you have problems using IKE key management.
Page 216 Chapter 15 IPSec VPN Table 70 Security > VPN > General > Rule Setup: Manual (continued) LABEL DESCRIPTION Remote Policy Remote IP addresses must be static and correspond to the remote IPSec router's configured local IP addresses. The remote fields do not apply when the Secure Gateway IP Address field is configured to 0.0.0.0.
Page 217 Chapter 15 IPSec VPN Table 70 Security > VPN > General > Rule Setup: Manual (continued) LABEL DESCRIPTION Secure Type the WAN IP address or the domain name (up to 31 characters) of Gateway the IPSec router with which you're making the VPN connection. Set this Address field to 0.0.0.0 if the remote IPSec router has a dynamic WAN IP address (the IPSec Keying Mode field must be set to IKE).
Page 218: The Sa Monitor Screen
Chapter 15 IPSec VPN Table 70 Security > VPN > General > Rule Setup: Manual (continued) LABEL DESCRIPTION Authentication Select which hash algorithm to use to authenticate packet data in the Algorithm IPSec SA. Choices are SHA1 and MD5. SHA1 is generally considered stronger than MD5, but it is also slower.
Page 219: Technical Reference
Chapter 15 IPSec VPN 15.6 Technical Reference The following section contains additional technical information about the NBG- 460N features described in this chapter. 15.6.1 VPN and Remote Management You can allow someone to use a service (like Telnet or HTTP) through a VPN tunnel to manage the NBG-460N.
Page 220: Diffie-Hellman (Dh) Key Exchange
Chapter 15 IPSec VPN IPSec router use in the IKE SA. In main mode, this is done in steps 1 and 2, as illustrated below. Figure 137 IKE SA: Main Negotiation Mode, Steps 1 - 2: IKE SA Proposal The NBG-460N sends a proposal to the remote IPSec router. Each proposal consists of an encryption algorithm, authentication algorithm, and DH key group that the NBG-460N wants to use in the IKE SA.
Page 221: Authentication
Chapter 15 IPSec VPN 15.6.4 Authentication Before the NBG-460N and remote IPSec router establish an IKE SA, they have to verify each other’s identity. This process is based on pre-shared keys and router identities. In main mode, the NBG-460N and remote IPSec router authenticate each other in steps 5 and 6, as illustrated below.
Page 222: Negotiation Mode
Chapter 15 IPSec VPN Table 72 VPN Example: Matching ID Type and Content NBG-460N REMOTE IPSEC ROUTER Peer ID type: IP Peer ID type: E-mail Peer ID content: 1.1.1.2 Peer ID content: tom@yourcompany.com In the following example, the ID type and content do not match so the authentication fails and the NBG-460N and the remote IPSec router cannot establish an IKE SA.
Page 223: Vpn, Nat, And Nat Traversal
Chapter 15 IPSec VPN Step 3: The NBG-460N authenticates the remote IPSec router and confirms that the IKE SA is established. Aggressive mode does not provide as much security as main mode because the identity of the NBG-460N and the identity of the remote IPSec router are not encrypted.
Page 224: Ipsec Protocol
Chapter 15 IPSec VPN 15.6.7 IPSec Protocol The IPSec protocol controls the format of each packet. It also specifies how much of each packet is protected by the encryption and authentication algorithms. IPSec VPN includes two IPSec protocols, AH (Authentication Header, RFC 2402) and ESP (Encapsulating Security Payload, RFC 2406).
Page 225: Ipsec Sa Proposal And Perfect Forward Secrecy
Chapter 15 IPSec VPN In transport mode, the encapsulation depends on the IPSec protocol. With AH, the NBG-460N includes part of the original IP header when it encapsulates the packet. With ESP, however, the NBG-460N does not include the IP header when it encapsulates the packet, so it is not possible to verify the integrity of the source IP address.
Page 226 Chapter 15 IPSec VPN An IPSec SA can be set to keep alive Normally, the NBG-460N drops the IPSec SA when the life time expires or after two minutes of outbound traffic with no inbound traffic. If you set the IPSec SA to keep alive , the NBG-460N automatically renegotiates the IPSec SA when the SA life time expires, and it does not drop the IPSec SA if there is no inbound traffic.
Page 227 Chapter 15 IPSec VPN computers that use private domain names on the HQ network, the NBG-460N at B uses the Intranet DNS server in headquarters. Figure 142 Private DNS Server Example DNS Servers 212.54.64.170 212.54.64.171 DNS: 212.51.61.170 10.1.1.1/200 212.54.64.171 Intranet DNS 10.1.1.10 Note: If you do not specify an Intranet DNS server on the remote network, then the VPN host must use IP addresses to access the computers on the remote...
Page 228 Chapter 15 IPSec VPN NBG-460N User’s Guide...
Page 229: Management
Management Static Route (231) Bandwidth Management (235) Remote Management (247) Universal Plug-and-Play (UPnP) (253)
Page 231: Static Route
H A P T E R Static Route 16.1 Overview This chapter shows you how to configure static routes for your NBG-460N. The NBG-460N usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the NBG-460N send data to devices not reachable through the default gateway, use static routes.
Page 232: Ip Static Route Screen
Chapter 16 Static Route • Use the Static Route Setup screen (Section 16.3.1 on page 233) to add or edit a static route rule. 16.3 IP Static Route Screen Use this screen to view existing static route rules. Click Management > Static Route to open the IP Static Route screen.
Page 233: Static Route Setup Screen
Chapter 16 Static Route 16.3.1 Static Route Setup Screen To edit a static route, click the edit icon under Modify. The following screen displays. Fill in the required information for each static route. Figure 145 Management > Static Route > IP Static Route: Static Route Setup The following table describes the labels in this screen.
Page 234 Chapter 16 Static Route Table 75 Management > Static Route > IP Static Route: Static Route Setup LABEL DESCRIPTION Apply Click Apply to save your changes back to the NBG-460N. Cancel Click Cancel to return to the previous screen and not save your changes.
Page 235: Bandwidth Management
H A P T E R Bandwidth Management 17.1 Overview This chapter contains information about configuring bandwidth management and editing rules. ZyXEL’s Bandwidth Management allows you to specify bandwidth management rules based on an application. In the figure below, uplink traffic goes from the LAN device (A) to the WAN device (B).
Page 236: What You Need To Know
Chapter 17 Bandwidth Management 17.3 What You Need To Know The NBG-460N applies bandwidth management to traffic that it forwards out through an interface. The NBG-460N does not control the bandwidth of traffic that comes into an interface. Bandwidth management applies to all traffic flowing out of the router, regardless of the traffic's source.
Page 237 Chapter 17 Bandwidth Management Click Management > Bandwidth MGMT to open the bandwidth management General screen. Figure 147 Management > Bandwidth MGMT > General The following table describes the labels in this screen. Table 76 Management > Bandwidth MGMT > General LABEL DESCRIPTION Enable...
Page 238: Advanced Configuration
Chapter 17 Bandwidth Management Table 76 Management > Bandwidth MGMT > General LABEL DESCRIPTION WAN Bandwidth Enter the amount of bandwidth in Mbps (2 to 100) that you want to allocate for WAN traffic. The recommendation is to set this speed to be equal to or less than the speed of the broadband device connected to the WAN port.
Page 239 Chapter 17 Bandwidth Management Click Management > Bandwidth MGMT > Advanced to open the bandwidth management Advanced screen. Figure 148 Management > Bandwidth MGMT > Advanced The following table describes the labels in this screen. Table 77 Management > Bandwidth MGMT > Advanced LABEL DESCRIPTION Application List...
Page 240: Rule Configuration With The Pre-Defined Service
Chapter 17 Bandwidth Management Table 77 Management > Bandwidth MGMT > Advanced (continued) LABEL DESCRIPTION User-defined Use this table to allocate specific amounts of bandwidth to specific Service applications or services you specify. This is the number of an individual bandwidth management rule. Enable Select this check box to have the NBG-460N apply this bandwidth management rule.
Page 241: Rule Configuration: User Defined Service Rule Configuration
Chapter 17 Bandwidth Management The following table describes the labels in this screen. Table 78 Bandwidth Management Rule Configuration: Pre-defined Service LABEL DESCRIPTION This is the number of an individual bandwidth management rule. Enable Select an interface’s check box to enable bandwidth management on that interface.
Page 242: Monitor Screen
Chapter 17 Bandwidth Management The following table describes the labels in this screen Bandwidth Management Rule Configuration: User-defined Service Rule Table 79 Configuration LABEL DESCRIPTION Destination Enter the destination IP address in dotted decimal notation. Address The NBG-460N applies bandwidth management to the service or application that is entering this computer.
Page 243: Technical References
Chapter 17 Bandwidth Management Click Management > Bandwidth MGMT > Monitor to open the bandwidth management Monitor screen. Figure 151 Management > Bandwidth MGMT > Monitor 17.7 Technical References The following section contains additional technical information about the NBG- 460N features described in this chapter. 17.7.1 Predefined Bandwidth Management Services The following is a description of some services that you can select and to which you can apply media bandwidth management in the Management >...
Page 244: Default Bandwidth Management Classes And Priorities
Chapter 17 Bandwidth Management Table 80 Media Bandwidth Management Setup: Services (continued) SERVICE DESCRIPTION BitTorrent BitTorrent is a free P2P (peer-to-peer) sharing tool allowing you to distribute large software and media files. BitTorrent requires you to search for a file with a searching engine yourself. It distributes files by corporation and trading, that is, the client downloads the file in small pieces and share the pieces with other peers to get other half of the file.
Page 245: Bandwidth Management Priorities
Chapter 17 Bandwidth Management 17.7.3 Bandwidth Management Priorities The following table describes the priorities that you can apply to traffic that the NBG-460N forwards out through an interface. Table 82 Bandwidth Management Priorities PRIORITY LEVELS: TRAFFIC WITH A HIGHER PRIORITY GETS THROUGH FASTER WHILE TRAFFIC WITH A LOWER PRIORITY IS DROPPED IF THE NETWORK IS CONGESTED.
Page 246 Chapter 17 Bandwidth Management NBG-460N User’s Guide...
Page 247: Remote Management
H A P T E R Remote Management 18.1 Overview This chapter provides information on the Remote Management screens. Remote Management allows you to manage your NBG-460N from a remote location through the following interfaces: • LAN and WAN • LAN only •...
Page 248: What You Need To Know
Chapter 18 Remote Management 18.3 What You Need To Know You may only have one remote management session running at a time. The NBG- 460N automatically disconnects a remote management session of lower priority when another remote management session of higher priority starts. The priorities for the different types of remote management sessions are as follows.
Page 249: Www Screen
Chapter 18 Remote Management 18.4 WWW Screen Use this screen to define the interface/s from which the NBG-460N can be managed remotely using the web and specify a secure client that can manage the NBG-460N. To change your NBG-460N’s World Wide Web settings, click Management > Remote MGMT to display the WWW screen.
Page 250: Telnet Screen
Chapter 18 Remote Management 18.5 Telnet Screen You can use Telnet to access the NBG-460N’s command line interface. Specify the interface/s from which the NBG-460N can be managed remotely using this service and specify a secure client that can manage the NBG-460N. To change your NBG-460N’s Telnet settings, click Management >...
Page 251: Dns Screen
Chapter 18 Remote Management Use this screen to specify the interface/s from which you can upload the firmware or configuration file to the NBG-460N and specify a secure client that can manage the NBG-460N. To change your NBG-460N’s FTP settings, click Management > Remote MGMT >...
Page 252 Chapter 18 Remote Management To change your NBG-460N’s DNS settings, click Management > Remote MGMT > DNS. The screen appears as shown. Figure 155 Management > Remote MGMT > DNS The following table describes the labels in this screen. Table 86 Management > Remote MGMT > DNS LABEL DESCRIPTION Server Port...
Page 253: Universal Plug-And-Play (Upnp)
H A P T E R Universal Plug-and-Play (UPnP) 19.1 Overview This chapter introduces the UPnP feature in the Web Configurator. Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
Page 254: Cautions With Upnp
Chapter 19 Universal Plug-and-Play (UPnP) • Learning public IP addresses • Assigning lease times to mappings Windows Messenger is an example of an application that supports NAT traversal and UPnP. See the NAT chapter for more information on NAT. 19.3.2 Cautions with UPnP The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues.
Page 255: Technical Reference
Chapter 19 Universal Plug-and-Play (UPnP) The following table describes the labels in this screen. Table 87 Management > UPnP > General LABEL DESCRIPTION Enable the Universal Plug Select this check box to activate UPnP. Be aware that anyone and Play (UPnP) Feature could use a UPnP application to open the Web Configurator's login screen without entering the NBG-460N's IP address (although you must still enter the password to access the Web...
Page 256 Chapter 19 Universal Plug-and-Play (UPnP) Right-click the icon and select Properties. Figure 157 Network Connections In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Figure 158 Internet Connection Properties NBG-460N User’s Guide...
Page 257 Chapter 19 Universal Plug-and-Play (UPnP) You may edit or delete the port mappings or click Add to manually add port mappings. Figure 159 Internet Connection Properties: Advanced Settings Figure 160 Internet Connection Properties: Advanced Settings: Add Note: When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically.
Page 258: Web Configurator Easy Access
Chapter 19 Universal Plug-and-Play (UPnP) Double-click on the icon to display your current Internet connection status. Figure 162 Internet Connection Status 19.5.2 Web Configurator Easy Access With UPnP, you can access the web-based configurator on the NBG-460N without finding out the IP address of the NBG-460N first. This comes helpful if you do not know the IP address of the NBG-460N.
Page 259 Chapter 19 Universal Plug-and-Play (UPnP) Select My Network Places under Other Places. Figure 163 Network Connections An icon with the description for each UPnP-enabled device displays under Local Network. Right-click on the icon for your NBG-460N and select Invoke. The Web Configurator login screen displays.
Page 260 Chapter 19 Universal Plug-and-Play (UPnP) Right-click on the icon for your NBG-460N and select Properties. A properties window displays with basic information about the NBG-460N. Figure 165 Network Connections: My Network Places: Properties: Example Figure 166 NBG-460N User’s Guide...
Page 261: Maintenance And Troubleshooting
Maintenance and Troubleshooting System (263) Logs (269) Tools (289) Configuration Mode (297) Sys Op Mode (299) Language (303) Troubleshooting (305) Product Specifications and Wall-Mounting Instructions (313)
Page 263: System
H A P T E R System 20.1 Overview This chapter provides information on the System screens. Refer to the chapter on Connection Wizard chapter on page for background information. 20.2 What You Can Do • Use the General screen (Section 20.3 on page 263) to enter a name to identify the NBG-460N in the network and set the password.
Page 264 Chapter 20 System The following table describes the labels in this screen. Table 88 Maintenance > System > General LABEL DESCRIPTION System Name System Name is a unique name to identify the NBG-460N in an Ethernet network. It is recommended you enter your computer’s “Computer name”...
Page 265: Time Setting Screen
Chapter 20 System 20.4 Time Setting Screen To change your NBG-460N’s time and date, click Maintenance > System > Time Setting. The screen appears as shown. Use this screen to configure the NBG-460N’s time based on your local time zone. Figure 168 Maintenance >...
Page 266 Chapter 20 System Table 89 Maintenance > System > Time Setting LABEL DESCRIPTION New Date This field displays the last updated date from the time server or the last date configured manually. (yyyy/mm/dd) When you set Time and Date Setup to Manual, enter the new date in this field and then click Apply.
Page 267 Chapter 20 System Table 89 Maintenance > System > Time Setting LABEL DESCRIPTION End Date Configure the day and time when Daylight Saving Time ends if you selected Daylight Savings. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the last Sunday of October.
Page 268 Chapter 20 System NBG-460N User’s Guide...
Page 269: Logs
H A P T E R Logs 21.1 Overview This chapter contains information about configuring general log settings and viewing the NBG-460N’s logs. Refer to Section 21.6.1 on page 274 for example log message explanations. The Web Configurator allows you to look at all of the NBG-460N’s logs in one location.
Page 270: View Log Screen
Chapter 21 Logs 21.4 View Log Screen Use the View Log screen to see the logs for the categories that you selected in the Log Settings screen (see Section 21.5 on page 271). Options include logs about system maintenance, system errors, access control, allowed or blocked web sites, blocked web features (such as ActiveX controls, Java and cookies), attacks (such as DoS) and IPSec.
Page 271: Log Settings
Chapter 21 Logs Table 90 Maintenance > Logs > View Log LABEL DESCRIPTION Refresh Click Refresh to renew the log screen. Clear Log Click Clear Log to delete all the logs. This is the number of the log entry. Time This field displays the time the log was recorded.
Page 272 Chapter 21 Logs Click Maintenance > Logs > Log Settings to open the Log Settings screen. Figure 170 Maintenance > Logs > Log Settings The following table describes the labels in this screen. Table 91 Maintenance > Logs > Log Settings LABEL DESCRIPTION E-mail Log Settings...
Page 273 Chapter 21 Logs Table 91 Maintenance > Logs > Log Settings LABEL DESCRIPTION Mail Subject Type a title that you want to be in the subject line of the log e-mail message that the NBG-460N sends. Not all NBG-460N models have this field.
Page 274: Technical Reference
Chapter 21 Logs Table 91 Maintenance > Logs > Log Settings LABEL DESCRIPTION Select the categories of logs that you want to record. Send Immediate Select log categories for which you want the NBG-460N to send e- Alert mail alerts immediately. Apply Click Apply to save your changes.
Page 275 Chapter 21 Logs Table 92 System Maintenance Logs (continued) LOG MESSAGE DESCRIPTION The router got the time and date from the time Time initialized by Time server. server The router got the time and date from the NTP server. Time initialized by NTP server The router was not able to connect to the Daytime Connect to Daytime server...
Page 276 Chapter 21 Logs Table 94 Access Control Logs LOG MESSAGE DESCRIPTION Attempted TCP/UDP/IGMP/ESP/GRE/OSPF access Firewall default policy: [TCP | matched the default policy and was blocked or UDP | IGMP | ESP | GRE | OSPF] forwarded according to the default policy’s <Packet Direction>...
Page 277 Chapter 21 Logs Table 95 TCP Reset Logs (continued) LOG MESSAGE DESCRIPTION The router sent a TCP reset packet when a dynamic Firewall session time firewall session timed out. out, sent TCP RST The default timeout values are as follows: ICMP idle timeout: 3 minutes UDP idle timeout: 3 minutes TCP connection (three way handshaking) timeout: 270...
Page 278 Chapter 21 Logs Table 97 ICMP Logs (continued) LOG MESSAGE DESCRIPTION The firewall allowed a triangle route session to Triangle route packet forwarded: pass through. ICMP The router blocked a packet that didn’t have a Packet without a NAT table entry corresponding NAT table entry.
Page 279 Chapter 21 Logs Table 100 UPnP Logs LOG MESSAGE DESCRIPTION UPnP packets can pass through the firewall. UPnP pass through Firewall Table 101 Content Filtering Logs LOG MESSAGE DESCRIPTION The content of a requested web page matched a user defined %s: Keyword blocking keyword.
Page 280 Chapter 21 Logs Table 102 Attack Logs LOG MESSAGE DESCRIPTION The firewall detected a TCP/UDP/IGMP/ESP/GRE/OSPF attack [TCP | UDP | IGMP attack. | ESP | GRE | OSPF] The firewall detected an ICMP attack. For type and code attack ICMP (type:%d, details, see Table 108 on page 286.
Page 281 Chapter 21 Logs Table 103 IPSec Logs (continued) LOG MESSAGE DESCRIPTION The router dropped an inbound packet for which SPI could Receive IPSec packet, not find a corresponding phase 2 SA. but no corresponding tunnel exists The router dropped a connection that had outbound traffic Rule <%d>...
Page 282 Chapter 21 Logs Table 104 IKE Logs (continued) LOG MESSAGE DESCRIPTION The displayed ID information did not match between Peer ID: <peer id> <My remote the two ends of the connection. type> -<My local type> The displayed ID information did not match between vs.
Page 283 Chapter 21 Logs Table 104 IKE Logs (continued) LOG MESSAGE DESCRIPTION The router was not able to use extended XAUTH fail! Username: authentication to authenticate the listed username. <Username> The listed rule’s IKE phase 1 negotiation mode did not Rule[%d] Phase 1 negotiation match between the router and the peer.
Page 284 Chapter 21 Logs Table 104 IKE Logs (continued) LOG MESSAGE DESCRIPTION The listed rule’s IKE phase 1 did not match between Rule [%d] phase 1 mismatch the router and the peer. The listed rule’s IKE phase 2 did not match between Rule [%d] phase 2 mismatch the router and the peer.
Page 285 Chapter 21 Logs Table 105 PKI Logs (continued) LOG MESSAGE DESCRIPTION The router received a corrupted CRL (Certificate Revocation Failed to decode the List) from the LDAP server whose address and port are received CRL recorded in the Source field. The router received a corrupted ARL (Authority Revocation Failed to decode the List) from the LDAP server whose address and port are...
Page 286 Chapter 21 Logs Table 106 802.1X Logs (continued) LOG MESSAGE DESCRIPTION A user tried to use an authentication method that Local User Database does not the local user database does not support (it only support authentication method. supports EAP-MD5). There is no response message from the RADIUS No response from RADIUS.
Page 287 Chapter 21 Logs Table 108 ICMP Notes (continued) TYPE CODE DESCRIPTION A gateway may discard internet datagrams if it does not have the buffer space needed to queue the datagrams for output to the next network on the route to the destination network. Redirect Redirect datagrams for the Network Redirect datagrams for the Host...
Page 288 Chapter 21 Logs The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC for detailed information on each type. Table 110 RFC-2408 ISAKMP Payload Types LOG DISPLAY PAYLOAD TYPE Security Association Proposal PROP Transform TRANS Key Exchange...
Page 289: Tools
H A P T E R Tools 22.1 Overview This chapter shows you how to upload a new firmware, upload or save backup configuration files and restart the NBG-460N. 22.2 What You Can Do • Use the Firmware screen (Section 22.3 on page 289) to upload firmware to your NBG-460N.
Page 290 Chapter 22 Tools Click Maintenance > Tools. Follow the instructions in this screen to upload firmware to your NBG-460N. Figure 171 Maintenance > Tools > Firmware The following table describes the labels in this screen. Table 111 Maintenance > Tools > Firmware LABEL DESCRIPTION File Path...
Page 291 Chapter 22 Tools The NBG-460N automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 173 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen.
Page 292: Configuration Screen
Chapter 22 Tools 22.4 Configuration Screen Click Maintenance > Tools > Configuration. Information related to factory defaults, backup configuration, and restoring configuration appears as shown next. Figure 175 Maintenance > Tools > Configuration 22.4.1 Backup Configuration Backup configuration allows you to back up (save) the NBG-460N’s current configuration to a file on your computer.
Page 293 Chapter 22 Tools Table 112 Maintenance Restore Configuration LABEL DESCRIPTION Browse... Click Browse... to find the file you want to upload. Remember that you must decompress compressed (.ZIP) files before you can upload them. Upload Click Upload to begin the upload process. Note: Do not turn off the NBG-460N while configuration file upload is in progress After you see a “configuration upload successful”...
Page 294: Back To Factory Defaults
Chapter 22 Tools If the upload was not successful, the following screen will appear. Click Return to go back to the Configuration screen. Figure 178 Configuration Restore Error 22.4.3 Back to Factory Defaults Pressing the Reset button in this section clears all user-entered configuration information and returns the NBG-460N to its factory defaults.
Page 295: Wake On Lan
Chapter 22 Tools 22.6 Wake On LAN Wake On LAN (WOL) allows you to remotely turn on a device on the network. To use this feature the remote hardware (for example the network adapter on your computer) must support Wake On LAN. You need to know the MAC address of the remote device.
Page 296 Chapter 22 Tools Note: When the NBG-460N reboots from low power mode, some processes may not automatically resume. Click Maintenance > Tools > Green to open the following screen. Figure 181 TMaintenance > Tools > Green The following table describes the labels in this screen. Table 114 Maintenance >...
Page 297: Configuration Mode
H A P T E R Configuration Mode 23.1 Overview Your NBG-460N allows you to hide or display the advanced screens of some features or the advanced features, such as MAC filter or static route. Advanced is selected by default and you cannot see the advanced screens or features as soon as you log on to the Web Configurator.
Page 298 Chapter 23 Configuration Mode The following table describes the labels in this screen. Table 115 Maintenance > Config Mode > General LABEL DESCRIPTION Basic Select Basic mode to have the Web Configurator hide the configuration screens of the more advanced features of your NBG-460N. Advanced Select Advanced mode to configure the more advanced settings of your NBG-460N.
Page 299: Sys Op Mode
H A P T E R Sys Op Mode 24.1 Overview The Sys Op Mode (System Operation Mode) function lets you configure whether your NBG-460N is a router or AP. You can choose between Router Mode and AP Mode depending on your network topology and the features you require from your device.
Page 300 Chapter 24 Sys Op Mode Router A router connects your local network with another network, such as the Internet. The router has two IP addresses, the LAN IP address and the WAN IP address. Figure 183 LAN and WAN IP Addresses in Router Mode Internet WAN IP LAN IP...
Page 301: General Screen
Chapter 24 Sys Op Mode 24.4 General Screen Use this screen to select how you want to use your NBG-460N depending on how you connect to the Internet. Figure 185 Maintenance > Sys OP Mode > General If you select Router Mode, the following pop-up message window appears. Figure 186 Maintenance >...
Page 302 Chapter 24 Sys Op Mode • The DHCP server on your device is disabled. In AP mode there must be a device with a DHCP server on your network such as a router or gateway which can allocate IP addresses. The IP address of the device on the local network is set to 192.168.1.1.
Page 303: Language
H A P T E R Language 25.1 Language Screen Use this screen to change the language for the Web Configurator. Click the language you prefer. The Web Configurator language changes after a while without restarting the NBG-460N. Figure 188 Language NBG-460N User’s Guide...
Page 304 Chapter 25 Language NBG-460N User’s Guide...
Page 305: Troubleshooting
H A P T E R Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • NBG-460N Access and Login • Internet Access •...
Page 306: Nbg-460N Access And Login
Chapter 26 Troubleshooting Check the hardware connections. See the Quick Start Guide. Inspect your cables for damage. Contact the vendor to replace any damaged cables. Disconnect and re-connect the power adaptor to the NBG-460N. If the problem continues, contact the vendor. 26.2 NBG-460N Access and Login I don’t know the IP address of my NBG-460N.
Page 307 Chapter 26 Troubleshooting The default password is 1234. If this does not work, you have to reset the device to its factory defaults. See Section 26.4 on page 310. I cannot see or access the Login screen in the Web Configurator. Make sure you are using the correct IP address.
Page 308: Internet Access
Chapter 26 Troubleshooting I can see the Login screen, but I cannot log in to the NBG-460N. Make sure you have entered the password correctly. The default password is 1234. This field is case-sensitive, so make sure [Caps Lock] is not on. You cannot log in to the Web Configurator while someone is using Telnet to access the NBG-460N.
Page 309 Chapter 26 Troubleshooting Make sure you entered your ISP account information correctly in the wizard. These fields are case-sensitive, so make sure [Caps Lock] is not on. If you are trying to access the Internet wirelessly, make sure the wireless settings in the wireless client are the same as the settings in the AP.
Page 310: Resetting The Nbg-460N To Its Factory Defaults
Chapter 26 Troubleshooting Reboot the NBG-460N. If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions • Check the settings for bandwidth management. If it is disabled, you might consider activating it. If it is enabled, you might consider changing the allocations.
Page 311: Wireless Router/Ap Troubleshooting
Chapter 26 Troubleshooting 26.5 Wireless Router/AP Troubleshooting I cannot access the NBG-460N or ping any computer from the WLAN (wireless AP or router). Make sure the wireless LAN is enabled on the NBG-460N Make sure the wireless adapter on the wireless station is working properly. Make sure the wireless adapter installed on your computer is IEEE 802.11 compatible and supports the same wireless standard as the NBG-460N.
Page 312: Advanced Features
Chapter 26 Troubleshooting 26.6 Advanced Features I can log in, but I cannot see some of the screens or fields in the Web Configurator. • You may be accessing the Web Configurator in Basic mode. Some screens and fields are available only in Advanced mode. Use the Maintenance > Config Mode screen to select Advanced mode.
Page 313: Product Specifications And Wall-Mounting Instructions
H A P T E R Product Specifications and Wall- Mounting Instructions The following tables summarize the NBG-460N’s hardware and firmware features. Table 118 Hardware Features Dimensions (W x D x 190 x 150 x 33 mm Weight 362g Power Specification Input: 120~240 AC, 50~60 Hz Output: 18 V DC 1A Ethernet ports...
Page 314 Chapter 27 Product Specifications and Wall-Mounting Instructions Table 118 Hardware Features Distance between the 137 mm centers of the holes on the device’s back. Screw size for wall- M4 Tap Screw mounting Table 119 Firmware Features FEATURE DESCRIPTION Default IP Address 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bits)
Page 315 Chapter 27 Product Specifications and Wall-Mounting Instructions Table 119 Firmware Features FEATURE DESCRIPTION Firewall You can configure firewall on the NBG-460N for secure Internet access. When the firewall is on, by default, all incoming traffic from the Internet to your network is blocked unless it is initiated from your network.
Page 316 Chapter 27 Product Specifications and Wall-Mounting Instructions Table 119 Firmware Features FEATURE DESCRIPTION PPTP Encapsulation Point-to-Point Tunneling Protocol (PPTP) enables secure transfer of data through a Virtual Private Network (VPN). The NBG-460N supports one PPTP connection at a time. Universal Plug and Play The NBG-460N can communicate with other UPnP enabled (UPnP) devices in a network.
Page 317 Chapter 27 Product Specifications and Wall-Mounting Instructions Table 121 Standards Supported (continued) STANDARD DESCRIPTION IEEE 802.11x Port Based Network Access Control. IEEE 802.11e QoS IEEE 802.11 e Wireless LAN for Quality of Service Microsoft PPTP MS PPTP (Microsoft's implementation of Point to Point Tunneling Protocol) MBM v2 Media Bandwidth Management v2...
Page 318 Chapter 27 Product Specifications and Wall-Mounting Instructions The following are dimensions of an M4 tap screw and masonry plug used for wall mounting. All measurements are in millimeters (mm). Figure 190 Masonry Plug and M4 Tap Screw NBG-460N User’s Guide...
Page 319: Appendices And Index
Appendices and Index Pop-up Windows, JavaScripts and Java Permissions (321) IP Addresses and Subnetting (329) Setting up Your Computer’s IP Address (339) Wireless LANs (357) Services (369) Legal Information (373) Index (377)
Page 321: Appendix A Pop-Up Windows, Javascripts And Java Permissions
P P E N D I X Pop-up Windows, JavaScripts and Java Permissions In order to use the Web Configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here.
Page 322 Appendix A Pop-up Windows, JavaScripts and Java Permissions In Internet Explorer, select Tools, Internet Options, Privacy. Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 192 Internet Options: Privacy Click Apply to save this setting.
Page 323 Appendix A Pop-up Windows, JavaScripts and Java Permissions Select Settings…to open the Pop-up Blocker Settings screen. Figure 193 Internet Options: Privacy Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. NBG-460N User’s Guide...
Page 324 Appendix A Pop-up Windows, JavaScripts and Java Permissions Click Add to move the IP address to the list of Allowed sites. Figure 194 Pop-up Blocker Settings Click Close to return to the Privacy screen. Click Apply to save this setting. JavaScripts If pages of the Web Configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.
Page 325 Appendix A Pop-up Windows, JavaScripts and Java Permissions In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 195 Internet Options: Security Click the Custom Level... button. Scroll down to Scripting. Under Active scripting make sure that Enable is selected (the default). Under Scripting of Java applets make sure that Enable is selected (the default).
Page 326: Java Permissions
Appendix A Pop-up Windows, JavaScripts and Java Permissions Click OK to close the window. Figure 196 Security Settings - Java Scripting Java Permissions From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM.
Page 327 Appendix A Pop-up Windows, JavaScripts and Java Permissions Click OK to close the window. Figure 197 Security Settings - Java JAVA (Sun) From Internet Explorer, click Tools, Internet Options and then the Advanced tab. Make sure that Use Java 2 for <applet> under Java (Sun) is selected. NBG-460N User’s Guide...
Page 328 Appendix A Pop-up Windows, JavaScripts and Java Permissions Click OK to close the window. Figure 198 Java (Sun) NBG-460N User’s Guide...
Page 329: Appendix B Ip Addresses And Subnetting
P P E N D I X IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network.
Page 330: Subnet Masks
Appendix B IP Addresses and Subnetting The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. Figure 199 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask.
Page 331 Appendix B IP Addresses and Subnetting Table 122 Subnet Mask - Identifying Network Number OCTET: OCTET: OCTET: OCTET (192) (168) Network Number 11000000 10101000 00000001 Host ID 00000010 By convention, subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits.
Page 332 Appendix B IP Addresses and Subnetting As these two IP addresses cannot be used for individual hosts, calculate the maximum number of possible hosts in a network as follows: Table 124 Maximum Host Numbers MAXIMUM NUMBER OF SUBNET MASK HOST ID SIZE HOSTS 8 bits 255.0.0.0...
Page 333 Appendix B IP Addresses and Subnetting Subnetting You can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons. In this example, the company network address is 192.168.1.0.
Page 334 Appendix B IP Addresses and Subnetting The following figure shows the company network after subnetting. There are now two sub-networks, A and B. Figure 201 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of –...
Page 335 Appendix B IP Addresses and Subnetting Each subnet contains 6 host ID bits, giving 2 - 2 or 62 hosts for each subnet (a host ID of all zeroes is the subnet itself, all ones is the subnet’s broadcast address). Table 126 Subnet 1 LAST OCTET BIT IP/SUBNET MASK...
Page 336 Appendix B IP Addresses and Subnetting Table 129 Subnet 4 (continued) LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE Subnet Address: Lowest Host ID: 192.168.1.193 192.168.1.192 Broadcast Address: Highest Host ID: 192.168.1.254 192.168.1.255 Example: Eight Subnets Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111).
Page 337 Appendix B IP Addresses and Subnetting The following table is a summary for subnet planning on a network with a 16-bit network number. Table 132 16-bit Network Number Subnet Planning NO. “BORROWED” NO. HOSTS PER SUBNET MASK HOST BITS SUBNETS SUBNET 255.255.128.0 (/17) 32766...
Page 338 Appendix B IP Addresses and Subnetting that you entered. You don't need to change the subnet mask computed by the NBG-460N unless you are instructed to do otherwise. Private IP Addresses Every machine on the Internet must have a unique address. If your networks are isolated from the Internet (running only between two branch offices, for example) you can assign any IP addresses to the hosts without problems.
Page 339: Appendix C Setting Up Your Computer's Ip Address
P P E N D I X Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer.
Page 340 Appendix C Setting up Your Computer’s IP Address Windows 95/98/Me Click Start, Settings, Control Panel and double-click the Network icon to open the Network window. Figure 202 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks.
Page 341 Appendix C Setting up Your Computer’s IP Address Select Microsoft from the list of manufacturers. Select TCP/IP from the list of network protocols and then click OK. If you need Client for Microsoft Networks: Click Add. Select Client and then click Add. Select Microsoft from the list of manufacturers.
Page 342 Appendix C Setting up Your Computer’s IP Address Click the DNS Configuration tab. • If you do not know your DNS information, select Disable DNS. • If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in). Figure 204 Windows 95/98/Me: TCP/IP Properties: DNS Configuration Click the Gateway tab.
Page 343 Appendix C Setting up Your Computer’s IP Address Select your network adapter. You should see your computer's IP address, subnet mask and default gateway. Windows 2000/NT/XP The following example figures use the default Windows XP GUI theme. Click start (Start in Windows 2000/NT), Settings, Control Panel. Figure 205 Windows XP: Start Menu NBG-460N User’s Guide...
Page 344 Appendix C Setting up Your Computer’s IP Address In the Control Panel, double-click Network Connections (Network and Dial- up Connections in Windows 2000/NT). Figure 206 Windows XP: Control Panel Right-click Local Area Connection and then click Properties. Figure 207 Windows XP: Control Panel: Network Connections: Properties NBG-460N User’s Guide...
Page 345 Appendix C Setting up Your Computer’s IP Address Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 208 Windows XP: Local Area Connection Properties The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Page 346 Appendix C Setting up Your Computer’s IP Address • Click Advanced. Figure 209 Windows XP: Internet Protocol (TCP/IP) Properties If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
Page 347 Appendix C Setting up Your Computer’s IP Address • Click OK when finished. Figure 210 Windows XP: Advanced TCP/IP Properties In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
Page 348 Appendix C Setting up Your Computer’s IP Address If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. Figure 211 Windows XP: Internet Protocol (TCP/IP) Properties Click OK to close the Internet Protocol (TCP/IP) Properties window. Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window.
Page 349 Appendix C Setting up Your Computer’s IP Address Macintosh OS 8/9 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/ IP Control Panel. Figure 212 Macintosh OS 8/9: Apple Menu NBG-460N User’s Guide...
Page 350 Appendix C Setting up Your Computer’s IP Address Select Ethernet built-in from the Connect via list. Figure 213 Macintosh OS 8/9: TCP/IP For dynamically assigned settings, select Using DHCP Server from the Configure: list. For statically assigned settings, do the following: •...
Page 351: Macintosh Os X
Appendix C Setting up Your Computer’s IP Address Macintosh OS X Click the Apple menu, and click System Preferences to open the System Preferences window. Figure 214 Macintosh OS X: Apple Menu Click Network in the icon bar. • Select Automatic from the Location list. •...
Page 352 Appendix C Setting up Your Computer’s IP Address For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. •...
Page 353 Appendix C Setting up Your Computer’s IP Address Double-click on the profile of the network card you wish to configure. The Ethernet Device General screen displays as shown. Figure 217 Red Hat 9.0: KDE: Ethernet Device: General • If you have a dynamic IP address click Automatically obtain IP address settings with and select dhcp from the drop down list.
Page 354 Appendix C Setting up Your Computer’s IP Address Click the Devices tab. Click the Activate button to apply the changes. The following screen displays. Click Yes to save the changes in all screens. Figure 219 Red Hat 9.0: KDE: Network Configuration: Activate After the network card restart process is complete, make sure the Status is Active in the Network Configuration screen.
Page 355 Appendix C Setting up Your Computer’s IP Address • If you have a static IP address, enter static in the BOOTPROTO= field. Type IPADDR= followed by the IP address (in dotted decimal notation) and type NETMASK= followed by the subnet mask. The following example shows an example where the static IP address is 192.168.1.10 and the subnet mask is 255.255.255.0.
Page 356: Verifying Settings
Appendix C Setting up Your Computer’s IP Address 27.0.1 Verifying Settings Enter ifconfig in a terminal screen to check your TCP/IP properties. Figure 224 Red Hat 9.0: Checking TCP/IP Properties [root@localhost]# ifconfig eth0 Link encap:Ethernet HWaddr 00:50:BA:72:5B:44 inet addr:172.23.19.129 Bcast:172.23.19.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500...
Page 357: Appendix D Wireless Lans
P P E N D I X Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an Ad-hoc network or Independent Basic Service Set (IBSS).
Page 358 Appendix D Wireless LANs with each other. When Intra-BSS is disabled, wireless station A and B can still access the wired network but cannot communicate with each other. Figure 226 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network.
Page 359 Appendix D Wireless LANs An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless stations within the same ESS must have the same ESSID in order to communicate. Figure 227 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels available depend on your geographical area.
Page 360 Appendix D Wireless LANs wireless gateway, but out-of-range of each other, so they cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other. Figure 228 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel.
Page 361: Fragmentation Threshold
Appendix D Wireless LANs Fragmentation Threshold A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes) that can be sent in the wireless network before the AP will fragment the packet into smaller data frames. A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference.
Page 362 Appendix D Wireless LANs several intermediate rate steps between the maximum and minimum data rates. The IEEE 802.11g data rate and modulation are as follows: Table 133 IEEE 802.11g DATA RATE MODULATION (MBPS) DBPSK (Differential Binary Phase Shift Keyed) DQPSK (Differential Quadrature Phase Shift Keying) 5.5 / 11 CCK (Complementary Code Keying) 6/9/12/18/24/36/...
Page 363: Types Of Authentication
Appendix D Wireless LANs Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication: • Access-Request Sent by an access point requesting authentication. • Access-Reject Sent by a RADIUS server rejecting access. •...
Page 364 Appendix D Wireless LANs However, MD5 authentication has some weaknesses. Since the authentication server needs to get the plaintext passwords, the passwords must be stored. Thus someone other than the authentication server may access the password file. In addition, it is possible to impersonate an authentication server as MD5 authentication method does not perform mutual authentication.
Page 365 Appendix D Wireless LANs If this feature is enabled, it is not necessary to configure a default encryption key in the Wireless screen. You may still configure and store keys here, but they will not be used while Dynamic WEP is enabled. Note: EAP-MD5 cannot be used with dynamic WEP key exchange For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption.
Page 366 Appendix D Wireless LANs TKIP regularly changes and rotates the encryption keys so that the same encryption key is never used twice. The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients.
Page 367: Wpa(2)-Psk Application Example
Appendix D Wireless LANs 27.0.2 WPA(2)-PSK Application Example A WPA(2)-PSK application looks as follows. First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters (including spaces and symbols).
Page 368: Security Parameters Summary
Appendix D Wireless LANs Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. MAC address filters are not dependent on how you configure these security features. Table 135 Wireless Security Relational Matrix AUTHENTICATION METHOD/ KEY...
Page 369: Appendix E Services
P P E N D I X Services The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like. •...
Page 370 Appendix E Services Table 136 Examples of Services NAME PROTOCOL PORT(S) DESCRIPTION User-Defined The IPSEC AH (Authentication Header) (IPSEC_TUNNEL) tunneling protocol uses this service. 5190 AOL’s Internet Messenger service. AUTH Authentication protocol used by some servers. Border Gateway Protocol. BOOTP_CLIENT DHCP Client.
Page 371 Appendix E Services Table 136 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION MSN Messenger 1863 Microsoft Networks’ messenger service uses this protocol. NetBIOS TCP/UDP The Network Basic Input/Output System is used for communication TCP/UDP between computers in a LAN. TCP/UDP TCP/UDP NEW-ICQ...
Page 372 Appendix E Services Table 136 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION SFTP The Simple File Transfer Protocol is an old way of transferring files between computers. SMTP Simple Mail Transfer Protocol is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another.
Page 373: Appendix F Legal Information
ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein.
Page 374 Appendix F Legal Information • This device must accept any interference received, including interference that may cause undesired operations. This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
Page 375: Zyxel Limited Warranty
Appendix F Legal Information 有干擾現象時，應立即停用，並改善至無干擾時方得繼續使用。前項合法通信，指依電信規定作業之無線電信。低功率射頻電機須忍受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。本機限在不干擾合法電臺與不受被干擾保障條件下於室內使用。減少電磁波影響，請妥適使用。 Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment. This device has been designed for the WLAN 2.4 GHz network throughout the EC region and Switzerland, with restrictions in France.
Page 376 Appendix F Legal Information Note Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose.
Page 377: Index
Index Index monitor overview priority active protocol services Bandwidth management monitor and encapsulation Basic wireless security BitTorrent ActiveX Bridge Address Assignment Bridge loops address resolution protocol (ARP) Bridge/Repeater and transport mode bridged APs, security Alert alternative subnet mask notation any IP note AP (Access Point) AP + Bridge...
Page 378 Index encapsulation and active protocol transport mode Daylight saving tunnel mode DDNS see also Dynamic DNS Encryption service providers encryption DHCP 44, 157 and local (user) database DHCP server see also Dynamic Host Configuration Protocol WPA compatible DHCP client information encryption algorithms 220, 226 DHCP client list...
Page 379 Index IP address dynamic IP alias Hidden Node IP Pool HTTP IPSec Hyper Text Transfer Protocol IPSec SA active protocol authentication algorithms 220, 226 authentication key (manual keys) encapsulation IANA encryption algorithms 220, 226 encryption key (manual keys) IBSS local policy IEEE 802.11g manual keys IGMP...
Page 380 Index local (user) database see also Network Basic Input/Output System and encryption Network Address Translation 163, 164 Local Area Network Network Basic Input/Output System Operating Channel 39, 89 operating mode MAC address 99, 135 cloning 62, 135 MAC address filter MAC address filtering MAC filter managing the device...
Page 381 Index life time QoS priorities safety warnings Quality of Service (QoS) Scheduling security associations. See VPN. Security Parameters Service and port numbers Service Set RADIUS Service Set IDentification Shared Secret Key Service Set IDentity. See SSID. RADIUS Message Types services RADIUS Messages and port numbers RADIUS server...
Page 382 Index security associations (SA) VPN. See also IKE SA, IPSec SA. TCP/IP configuration Telnet Temperature Time setting trademarks Wake On LAN 165, 167, 295 Triangle routes and IP alias IP address assignment see also asymmetrical routes WAN (Wide Area Network) trigger port WAN advanced Trigger port forwarding...
Page 383 Index type wireless security Wireless tutorial 67, 87 Wizard setup Bandwidth management complete Internet connection system information wireless LAN WLAN Interference Security Parameters WMM priorities WoL. See Wake On LAN. World Wide Web WPA compatible WPA, WPA2 114, 243 Xbox Live ZyNOS 39, 89 NBG-460N User’s Guide...
Page 384 Index NBG-460N User’s Guide...

This manual is also suitable for:

Nbg-460n

ZyXEL Communications NBG-4600N User Manual

Chapter 1 Getting to Know Your NBG-460N

Chapter 2 The WPS Button

Chapter 3 Introducing the Web Configurator

Chapter 4 Connection Wizard

Chapter 5 Tutorials

Chapter 6 AP Mode

Chapter 7 Wireless LAN

Chapter 8 WAN

Chapter 9 LAN

Chapter 10 DHCP

Chapter 11 Network Address Translation (NAT)

Chapter 12 Dynamic DNS

Chapter 13 Firewall

Chapter 14 Content Filtering

Chapter 15 Ipsec VPN

Chapter 16 Static Route

Chapter 17 Bandwidth Management

Chapter 18 Remote Management

Chapter 19 Universal Plug-And-Play (Upnp)

Chapter 20 System

Chapter 21 Logs

Chapter 22 Tools

Chapter 23 Configuration Mode

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications NBG-4600N

Summary of Contents for ZyXEL Communications NBG-4600N