Page 2
Related Documentation • Quick Start Guide The Quick Start Guide shows how to connect the SBG3500-N000 and access the Web Configurator wizards. It contains information on setting up your network and configuring for Internet access.
3.2 Quick Start Setup .........................32 Chapter 4 Tutorials ........................... 35 4.1 Overview ..........................35 4.2 Setting Up an ADSL PPPoE Connection ................35 4.3 Setting Up a GbE WAN connection ..................38 4.4 Setting Up a 3G WAN connction ..................40 SBG3500-N000 User’s Guide...
Page 6
4.15.5 Configuring L2TP VPN on Android Devices (Client) ..........92 4.15.6 Configuring L2TP VPN in iOS Devices (Client) ............95 Part II: Technical Reference..............97 Chapter 5 Status Screens ........................99 5.1 Overview ..........................99 5.2 The Status Screen ........................99 Chapter 6 Broadband..........................102 SBG3500-N000 User’s Guide...
Page 8
10.4.1 Adding a QoS Queue ....................194 10.5 The Class Setup Screen ....................194 10.5.1 Add/Edit QoS Class ....................196 10.6 The QoS Policer Setup Screen ..................199 10.6.1 Add/Edit a QoS Policer ..................200 10.7 The QoS Monitor Screen ....................201 10.8 Technical Reference ......................202 SBG3500-N000 User’s Guide...
Page 9
13.2.1 Interface Group Configuration ................227 13.2.2 Interface Grouping Criteria ..................229 Chapter 14 USB Service .......................... 231 14.1 Overview ..........................231 14.1.1 What You Can Do in this Chapter ................231 14.1.2 What You Need To Know ..................231 14.2 The File Sharing Screen ....................232 SBG3500-N000 User’s Guide...
Page 10
19.2 What You Need to Know ....................250 19.3 The Local Certificates Screen ..................251 19.3.1 Create Certificate Request ..................252 19.3.2 Load Signed Certificate ..................253 19.4 The Trusted CA Screen ....................254 19.4.1 Import Trusted CA Certificate .................255 Chapter 20 IPSec VPN..........................256 SBG3500-N000 User’s Guide...
Page 11
22.4 L2TP VPN Troubleshooting Tips ..................282 Chapter 23 Log ............................286 23.1 Overview ..........................286 23.1.1 What You Can Do in this Chapter ................286 23.1.2 What You Need To Know ..................286 23.2 The System Log Screen ....................287 23.3 The Security Log Screen ....................288 SBG3500-N000 User’s Guide...
Page 12
29.2 The User Account Screen ....................300 29.2.1 Add/Edit a User Account ..................301 Chapter 30 Remote Management......................303 30.1 Overview ..........................303 30.2 The Remote MGMT Screen .....................303 Chapter 31 TR-069 Client......................... 305 31.1 Overview ..........................305 31.2 The TR-069 Client Screen ....................305 SBG3500-N000 User’s Guide...
Page 13
38.1 Overview ..........................322 38.1.1 What You Can Do in this Chapter ................322 38.2 What You Need to Know ....................322 38.3 Ping & TraceRoute & NsLookup ..................323 38.4 802.1ag ..........................324 38.5 OAM Ping Test .........................325 Chapter 39 Troubleshooting........................327 SBG3500-N000 User’s Guide...
Page 14
Appendix B IP Addresses and Subnetting................356 Appendix C Pop-up Windows, JavaScript and Java Permissions ........364 Appendix D Wireless LANs....................373 Appendix E IPv6 ........................386 Appendix F Services......................394 Appendix G Legal Information ..................... 399 Index ............................403 SBG3500-N000 User’s Guide...
Here are some example uses for which the SBG3500-N is well suited. 1.2.1 Internet Access Your SBG3500-N provides multiple Internet access methods (up to two at a time), and you can use them in the following combinations, if your ISP supports them. SBG3500-N000 User’s Guide...
Page 18
The below table is a summary of the SBG3500-N Multi-WAN combinations and failover. SFP/ETHERNET WAN Active Active Failover Active Failover Active Failover Active Active The following figure shows the possible internet access scenarios described above. SBG3500-N000 User’s Guide...
Page 19
Chapter 1 Introducing the SBG3500-N Computers can connect to the SBG3500-N’s LAN ports (or wirelessly). Figure 1 SBG3500-N’s Internet Access Application WLAN Bridging PPPoE IPoE/IPoA PPPoA Load Balancing ADSL2+/VDSL WLAN ADSL2+/VDSL and GbE ADSL2+/VDSL and Fiber WLAN ADSL2+/VDSL and 3G SBG3500-N000 User’s Guide...
The SBG3500-N is a wireless Access Point (AP) for wireless clients, such as notebook computers or PDAs and iPads. It allows them to connect to the Internet without having to rely on inconvenient Ethernet cables. You can configure your wireless network in either the built-in Web Configurator. Figure 3 Wireless Access Example SBG3500-N000 User’s Guide...
Use the built-in USB 2.0 port to share files on a USB memory stick or a USB hard drive (B). You can connect one USB hard drive to the SBG3500-N at a time. Use FTP to access the files on the USB device. Figure 4 USB File Sharing Application SBG3500-N000 User’s Guide...
Green There is no Gigabit Ethernet link. Right The Gigabit Ethernet connection is working. LED (10/ Blinking The SBG3500-N is sending or receiving data to/from the Gigabit 100) Ethernet link. Orange There is no Gigabit Ethernet link. SBG3500-N000 User’s Guide...
• TR-069. This is an auto-configuration server used to remotely configure your SBG3500-N. 1.5 Good Habits for Managing the SBG3500-N Do the following things regularly to make the SBG3500-N more secure and to manage the SBG3500-N more effectively. SBG3500-N000 User’s Guide...
To set the device back to the factory default settings, press the RESET button for ten seconds or until the POWER LED begins to blink and then release it. When the POWER LED begins to blink, the defaults have been restored and the device restarts. SBG3500-N000 User’s Guide...
If you have changed the password, enter your password and click Login. Figure 6 Password Screen SBG3500-N000 User’s Guide...
Page 26
The Status page appears, where you can view the SBG3500-N’s interface and system information. Click the Quick Start Wizard button on top of the page to configure the SBG3500-N’s time zone, basic Internet access, and wireless settings. See Chapter 3 on page 32 for more information. Figure 8 Status SBG3500-N000 User’s Guide...
Table 2 Web Configurator Icons in the Title Bar ICON DESCRIPTION Quick Start: Click this icon to open screens where you can configure the SBG3500-N’s time zone Internet access, and wireless settings. Logout: Click this icon to log out of the web configurator. SBG3500-N000 User’s Guide...
Use this screen to configure advanced wireless settings. Channel Status Use this screen to scan wireless LAN channel noises and view the results. Scheduling Use this screen to set a schedule to turn off wireless LAN for power saving purposes. SBG3500-N000 User’s Guide...
Page 29
Use this screen to block web sites with the specific URL. Control Control Scheduler Rule Scheduler Rule Use this screen to configure the days and times when a configured restriction (such as User Access control) is enforced. SBG3500-N000 User’s Guide...
Page 30
Use this screen to configure up to two mail servers and sender Notification Notification addresses on the SBG3500-N. Log Setting Log Setting Use this screen to change your SBG3500-N’s log settings. Firmware Firmware Use this screen to upload firmware to your device. Upgrade Upgrade SBG3500-N000 User’s Guide...
Page 31
Use this screen to configure CFM (Connectivity Fault Management) MD (maintenance domain) and MA (maintenance association), perform connectivity tests and view test reports. OAM Ping Use this screen to view information to help you identify problems with the DSL connection. SBG3500-N000 User’s Guide...
The Quick Start Wizard appears automatically after login. Or you can click the Click Start icon in the top right corner of the web configurator to open the quick start screens. Select the time zone of the Device’s location and click Next. Figure 11 Time Zone SBG3500-N000 User’s Guide...
Page 33
Select your current WAN interface to configure its settings. Figure 12 WAN Interface Selection Enter your Internet connection information in this screen. The screen and fields to enter may vary depending on your current connection type. Click Next. Figure 13 Internet Connection SBG3500-N000 User’s Guide...
Page 34
Turn the wireless LAN on or off. If you keep it on, record the security settings so you can configure your wireless clients to connect to the Device. Click Save. Figure 14 Internet Connection Your Device saves your settings and attempts to connect to the Internet. SBG3500-N000 User’s Guide...
Service Provider (ISP) to configure the Device. Be sure to contact your service provider for any information you need to configure the Broadband screens. Click Network Setting > Broadband to open the following screen. Click Add New WAN Interface. SBG3500-N000 User’s Guide...
Page 36
Configure this rule as your default Internet connection by selecting the Apply as Default Gateway check box. Then select DNS as Static and enter the DNS server addresses provided to you, such as 192.168.5.2 (DNS server1)/192.168.5.1 (DNS server2). Leave the rest of the fields to the default settings. SBG3500-N000 User’s Guide...
Page 37
Chapter 4 Tutorials Click Apply to save your settings. SBG3500-N000 User’s Guide...
Internet Service Provider (ISP) to configure the Device. Be sure to contact your service provider for any information you need to configure the Broadband screens. Click Network Setting > Broadband to open the following screen. Next, click Add New WAN Interface to open the following screen. SBG3500-N000 User’s Guide...
Page 39
Chapter 4 Tutorials In this example, the Ethernet connection has the following information. General Name MyETHER Type Ethernet Mode Routing Service and PPPoE Encapsulation IPv6/IPv4 Mode IPv4 Account Information 802.1p 802.1q 300 kbps SBG3500-N000 User’s Guide...
116) for setting up a 3G WAN connection. Make sure you insert a valid SIM card (with active data plan) into the 3G USB dongle before you inser the USB dongle to the USB port of your computer. SBG3500-N000 User’s Guide...
43) or manual configuration (Section 4.5.3 on page 47). 4.5.1 Configuring the Wireless Network Settings This example uses the following parameters to set up a wireless network. SSID Example Security Mode WPA-PSK Pre-Shared Key DoNotStealMyWirelessNetwork 802.11 Mode 802.11b/g/n Mixed SBG3500-N000 User’s Guide...
Page 42
Chapter 4 Tutorials Click Network Setting > Wireless to open the General screen. Select More Secure as the security level and WPA2-PSK as the security mode. Configure the screen using the provided parameters (see page 41). Click Apply. SBG3500-N000 User’s Guide...
In the wireless client utility, go to the WPS setting page. Enable WPS and press the WPS button (Start or WPS button). Log into Device’s web configurator and go to the Network Setting > Wireless > WPS screen. Enable the WPS function and click Apply. Then click the Connect button. SBG3500-N000 User’s Guide...
Page 44
WPS within two minutes of enabling the first one. The Device sends the proper configuration settings to the wireless client. This may take up to two minutes. The wireless client is then able to communicate with the Device securely. SBG3500-N000 User’s Guide...
Chapter 4 Tutorials The following figure shows you an example of how to set up a wireless network and its security. Example WPS Process: PBC Method Wireless Client Device WITHIN 2 MINUTES Click “Connect” SECURITY INFO COMMUNICATION SBG3500-N000 User’s Guide...
Page 46
The Device authenticates the wireless client and sends the proper configuration settings to the wireless client. This may take up to two minutes. The wireless client is then able to communicate with the Device securely. SBG3500-N000 User’s Guide...
“DoNotStealMyWirelessNetwork” pre-shared key to establish an wireless Internet connection. Note: The Device supports IEEE 802.11b, IEEE 802.11g, and IEEE 802.11n wireless clients. Make sure that your notebook or computer’s wireless adapter supports one of these standards. SBG3500-N000 User’s Guide...
Company A will use the following parameters to set up the wireless network groups. COMPANY GUEST SSID Company Guest Security Level More Secure More Secure Basic Security Mode WPA2-PSK WPA2-PSK Static WEP Pre-Shared Key ForCompanyOnly ForVIPOnly Guest12345678 SBG3500-N000 User’s Guide...
Page 49
Configure the screen using the provided parameters and click Apply. Click Network Setting > Wireless > More AP to open the following screen. Click the Edit icon to configure the second wireless network group. SBG3500-N000 User’s Guide...
Page 50
Chapter 4 Tutorials Configure the screen using the provided parameters and click Apply. In the More AP screen, click the Edit icon to configure the third wireless network group. SBG3500-N000 User’s Guide...
In order to extend your Intranet and control traffic flowing directions, you may connect a router to the Device’s LAN. The router may be used to separate two department networks. This tutorial shows how to configure a static routing rule for two network routings. SBG3500-N000 User’s Guide...
Page 52
B. This tutorial uses the following example IP settings: Table 4 IP Settings in this Tutorial DEVICE / COMPUTER IP ADDRESS The Device’s WAN 172.16.1.1 The Device’s LAN 192.168.1.1 IP Type IPv4 Use Interface ADSL/atm0 192.168.1.34 SBG3500-N000 User’s Guide...
Page 53
Gateway IP Address field. Select ADSL/atm0 as the Use Interface. Click OK. Now B should be able to receive traffic from A. You may need to additionally configure B’s firewall settings to allow specific traffic to pass through. SBG3500-N000 User’s Guide...
Traffic that does not match this class is assigned a priority queue based on the internal QoS mapping table on the Device. QoS Example 10,000 kbps Your computer IP=192.168.1.23 and/or MAC=AA:FF:AA:FF:AA:FF A colleague’s computer Email traffic: Highest priority Other traffic: Automatic classifier SBG3500-N000 User’s Guide...
Page 55
Click Queue Setup > Add new Queue to create a new queue. In the screen that opens, check Active and enter or select the following values: • Name: E-mail • Interface: WAN • Priority: 1 (High) • Weight: 8 • Rate Limit: 5,000 (kbps) Tutorial: Advanced > QoS > Queue Setup SBG3500-N000 User’s Guide...
Page 56
Type the MAC address of your computer - AA:FF:AA:FF:AA:FF. Type the MAC Mask if you know it. To Queue Link this to an item in the Network Setting > QoS > Queue Setup screen, which is the E- Index mail queue created in this example. SBG3500-N000 User’s Guide...
• IP Address: Enter the WAN IP address that your Device is currently using. You can find the IP address on the Device’s Web Configurator Status page. Then you will need to configure the same account and host name on the Device later. SBG3500-N000 User’s Guide...
Open a web browser on the computer (using the IP address a.b.c.d) that is connected to the Internet. Type http://zyxelrouter.dyndns.org and press [Enter]. The Device’s login page should appear. You can then log into the Device and manage it. SBG3500-N000 User’s Guide...
Click Security > MAC Filter to open the MAC Filter screen. Select the Enable check box to activate MAC filter function. Select Allow. Then enter the host name and MAC address of Thomas’ computer in this screen. Click Apply. SBG3500-N000 User’s Guide...
In this example, the account in use is admin. Click the Edit icon next to it. Set the File Sharing Service (SAMBA) feature to Enable to allow uses to access shared files in USB storage. Enter mnt as the File Share Name. Click Apply. SBG3500-N000 User’s Guide...
CA certificate from any trusted certificate agent. In this tutorial, a self-signed CA certificate (cacert.pem) was created by using the openssl command in Fedora 10. First, you need to import the CA certificate. Go to the Security > Certificates > Trusted CA screen and click Import Certificate. SBG3500-N000 User’s Guide...
Page 62
Browse the directory in Fedora, or another system, which contains your CA certificate (e.g., cacert.pem), then click OK. In the Security > Certificates > Local Certificates screen, click Create Certificate Request. Enter your information as shown in the following screen and click Apply. SBG3500-N000 User’s Guide...
Page 63
CERTIFICATE). You can use "vi" or your favorite text editor to cut the portion, but do not use the "cat" command. Paste it to the indicated part of the Certificate section in the View Certificate screen. Click Apply. SBG3500-N000 User’s Guide...
Click the Add New Entry button in the VPN > IPSec VPN > Setup screen and enter the following parameters: General Connection Name vpn1 Application Scenario Site-to-Site My Address ETHWAN Peer Gateway Address 22.23.24.25 Authentication Key Exchange Mode Auto Pre-Shared Key 1234567890 Phase 1 SA Life Time 28800 Negotiation Mode Main Encryption 3DES SBG3500-N000 User’s Guide...
Page 65
SA Life Time 3600 Tunnel Mode Encapsulation Tunnel Encryption 3DES Authentication SHA1 Policy Local IP Type Subnet Local IP Address 192.168.1.0 Local Subnet Mask 255.255.255.0 Remote IP Type Subnet Remote IP Address 172.23.9.0 Remote Subnet Mask 255.255.255.0 SBG3500-N000 User’s Guide...
Page 66
Chapter 4 Tutorials You can see the new IPSec VPN rule you’ve just created in the VPN > IPSec VPN > Monitor screen. SBG3500-N000 User’s Guide...
Enter vpn2 as the Connection Name. Remove the existing encryption by clicking Remove icon or Reset button. Then select AES128 and click the Add button in the Encryption fields of phase 1 and 2. Other parameters are the same as example 1’s. SBG3500-N000 User’s Guide...
Select Remote Access in the Application Scenario field in the General section. Other parameters are the same as example 1’s. Note: The Peer Gateway Address is not shown in the screen because it is an unknown IP address to the remote access VPN client. SBG3500-N000 User’s Guide...
1.Go to the VPN > PPTP VPN > Setup screen and configure the following. • Select the Enable checkbox. • Set Access Group 1 to 192.168.1.0/255.255.255.0. • Select DNS as User Defined and enter a DNS server address. The DNS server address in this example is 8.8.8.8. SBG3500-N000 User’s Guide...
On Windows 7 On Windows 7, do the following to establish a PPTP VPN connection. Click Start > Control Panel > Network and Sharing Center > Setup a new connection or network > Connect to a workplace. Click Next. SBG3500-N000 User’s Guide...
Page 71
Chapter 4 Tutorials Select No, create a new connection. Click Next. Select Use my Internet connection (VPN). SBG3500-N000 User’s Guide...
Page 72
Enter the domain name or WAN IP Address that you want to connect to (172.16.1.2 in this example) and give this connection a name. Select Don't connect now; just set it up so I can connect later. Click Next. Click Create. Enter the user name and password later. SBG3500-N000 User’s Guide...
Page 73
Chapter 4 Tutorials Click Close. Do not connect yet. Click the Network icon in your system tray, then click Connect to a Network and Sharing Center on Windows 7. Cick Change adapter settings. SBG3500-N000 User’s Guide...
Page 74
Chapter 4 Tutorials Double-click the new connection icon. 10 The connection screen appears. Click Properties. 11 The Properties window appears. Click Security. SBG3500-N000 User’s Guide...
Page 75
Note: The user account must have been configured in the Maintenance > User Account screen. Refer to Chapter 29 on page 300. 14 A window appears while the username and password are verified. The connection is then established. SBG3500-N000 User’s Guide...
Page 76
15 The Network and Sharing Center windows appear. You can view the connection status or disconnect the connection. Click View Status to open the connection status screen. 16 Click the Network icon in your system tray, then right click the PPTP connection and select Status to open the connection status screen. SBG3500-N000 User’s Guide...
Android device displays. The example settings in these sections match the PPTP VPN configuration example in Section 4.14 on page On your Android device, select Home > Settings > Wireless and network > VPN settings. SBG3500-N000 User’s Guide...
Page 78
PPTP connection. Enter the username and password of your user account configured on the Device. Note: The user account must have been configured in the Maintenance > User Account screen. Refer to Chapter 29 on page 300. SBG3500-N000 User’s Guide...
Touch, etc). Due to GUI difference among various iOS devices, the figures may not match what your iOS device displays. The example settings in these sections match the PPTP VPN configuration example in Section 4.14 on page On your iOS device, select Home > Settings > General > Network. SBG3500-N000 User’s Guide...
Page 80
• Password: This is the password for account. • Secret: This is your pre-shared key for your VPN connection, in this example, 1234567890. • Send All Traffic: This example uses the route-all configuration (ON). Save the configuration. SBG3500-N000 User’s Guide...
• Use the default IP address pool to assign the remote users a point-to-point IP addresses from 10.2.1.1 to 10.2.1.32 for use in the L2TP VPN tunnel. • The access group configuration allows the remote L2TP user to access only the LAN subnet 192.168.2.0/24. SBG3500-N000 User’s Guide...
Go to the VPN > L2TP VPN > Setup screen and configure the following: • Select the Enable checkbox. • Set Access Group 1 to 192.168.2.0/255.255.255.0. • Select DNS as User Defined and enter a DNS server address. The DNS server address in this example is 8.8.8.8. SBG3500-N000 User’s Guide...
4.15.3.1 Enabling IPSec Service in Windows By default, a Windows computer should have IPSec service enabled. However, before you configure the client, it is suggested to make sure the computer is running the Microsoft IPSec service. SBG3500-N000 User’s Guide...
Page 84
Click the Start button and enter “services” in the text box. Then click Services under the Programs window. In the Services window, scroll down to find IPsec Policy Agent. Make sure the status is Started. If not, click Start the service in the left panel. SBG3500-N000 User’s Guide...
In Windows 7 do the following to establish an L2TP VPN connection. Click Start > Control Panel > Network and Internet. Click Network and Sharing Center > Setup a new connection or network > Connect to a workplace. Click Next. SBG3500-N000 User’s Guide...
Page 86
Chapter 4 Tutorials Select No, create a new connection. Click Next. Select Use my Internet connection (VPN). SBG3500-N000 User’s Guide...
Page 87
Enter the domain name or WAN IP Address that you want to connect to (172.16.1.2 in this example) and give this connection a name. Select Don't connect now; just set it up so I can connect later. Click Next. Click Create. Enter the user name and password later. SBG3500-N000 User’s Guide...
Page 88
Chapter 4 Tutorials Click Close. Do not connect yet. Click the Network icon in your system tray, then click Open Network and Sharing Center . Click Change adapter settings. SBG3500-N000 User’s Guide...
Page 89
Chapter 4 Tutorials 10 Double-click the new connection icon. 11 The connection screen appears. Click Properties. 12 The Properties window appears. Click Security. SBG3500-N000 User’s Guide...
Page 90
IPSec configuration that the Device is using for Default_L2TPVPN IPSec VPN rule. In this example, enter 1234567890. Click OK to return to the Connect window. 15 Enter the username and password of your user account configured on the Device. Click Connect. SBG3500-N000 User’s Guide...
Page 91
16 A window appears while the username and password are verified. The connection is then established. 17 Click the Network icon in your system tray, then right click the L2TP connection and select Status to open the connection status screen. SBG3500-N000 User’s Guide...
Due to GUI differences among various Android devices, the figures may not exactly match what your Android device displays. The example settings in these sections match the L2TP VPN configuration example in Section on page On your Android device, select Home > Settings > More > VPN. SBG3500-N000 User’s Guide...
Page 93
• Server address: This is the WAN IP address of the Device, in this example, 172.16.1.2 • L2TP secret and IPSec identifier: Not used. • IPSec pre-shared key: This is your pre-shared key for your VPN connection, in this example, 1234567890. Save the configuration. SBG3500-N000 User’s Guide...
Page 94
Note: The user account must have been configured in the Maintenance > User Account screen. Refer to Chapter 29 on page 300. You can see Connected when the L2TP VPN connection has been established. Click the connection name to get connection details. There you can also disconnect. SBG3500-N000 User’s Guide...
• Account: This is the user account created on Device for accessing the network via VPN. • RSA SecurID: Not used in this configuration. • Password: This is the password for account. • Secret: This is your pre-shared key for your VPN connection, in this example, 1234567890. SBG3500-N000 User’s Guide...
Page 96
• Send All Traffic: This example uses the route-all configuration (ON). Save the configuration. The saved configuration appears on the VPN screen. Select it and then slide the VPN bar to the ON position. Your iOS device will begin L2TP connection. SBG3500-N000 User’s Guide...
Host Name This field displays the Device system name. It is used for identification. Model This shows the model number of your Device. Number Firmware This is the current version of the firmware inside the Device. Version SBG3500-N000 User’s Guide...
Page 100
If memory usage does get close to 100%, the Device is probably becoming unstable, and you should restart the device. See Section 37.2 on page 319, or turn off the device (unplug the power) for a few seconds. SBG3500-N000 User’s Guide...
Page 101
Name This field displays the identification name for the IPSec SA. Application This field displays the scenario type for the IPSec SA. Scenario Remote This field displays the remote gateway Address used in the SA. Gateway Address SBG3500-N000 User’s Guide...
• Use the Broadband screen to view, remove or add a WAN interface. You can also configure the WAN settings on the SBG3500-N for Internet access (Section 6.2 on page 106). • Use the 3G WAN screen to configure 3G WAN connection (Section 6.3 on page 116). SBG3500-N000 User’s Guide...
WAN connection to the Internet, you need to use the same encapsulation method used by your ISP (Internet Service Provider). If your ISP offers a dial-up Internet connection using PPPoE (PPP over Ethernet), they should also provide a username and password (and service name) for user authentication. SBG3500-N000 User’s Guide...
Page 104
The 128-bit IPv6 address is written as eight 16-bit hexadecimal blocks separated by colons (:). This is an example IPv6 address 2001:0db8:1a2b:0015:0000:0000:1a2f:0000. IPv6 addresses can be abbreviated in two ways: • Leading zeros in a block can be omitted. So 2001:0db8:1a2b:0015:0000:0000:1a2f:0000 can be written as 2001:db8:1a2b:15:0:0:1a2f:0. SBG3500-N000 User’s Guide...
Page 105
IPv4 services. The SBG3500-N uses it’s configured IPv4 WAN IP to route IPv4 traffic to the IPv4 Internet. Figure 20 IPv6 Rapid Deployment - IPv6 - IPv4 - IPv4 - IPv6 in IPv4 ISP (IPv4) IPv6 Internet IPv6 in IPv4 IPv6 IPv4 IPv4 IPv4 Internet SBG3500-N000 User’s Guide...
Use this screen to change your SBG3500-N’s Internet access settings. Click Network Setting > Broadband from the menu. The summary table shows you the configured WAN services (connections) on the SBG3500-N. Figure 22 Network Setting > Broadband SBG3500-N000 User’s Guide...
Page 107
This shows whether Multicast Listener Discovery (MLD) is activated or not for this connection. MLD is not available when the connection uses the bridging service. Modify Click the Edit icon to configure the WAN connection. Click the Delete icon to remove the WAN connection. SBG3500-N000 User’s Guide...
Figure 23 Routing Mode The following table describes the labels in this screen. Table 8 Routing Mode LABEL DESCRIPTION General Active Select this to activate the WAN configuration settings. Name Specify a descriptive name for this connection. SBG3500-N000 User’s Guide...
Page 109
EoA supports ENET ENCAP (IPoE), PPPoE and RFC1483/2684 bridging encapsulation methods. PPPoA (PPP over ATM) allows just one PPPoA connection over a PVC. IPoA (IP over ATM) allows just one RFC 1483 routing connection over a PVC. SBG3500-N000 User’s Guide...
Page 110
This value specifies the time in minutes that elapses before the router automatically disconnects from the PPPoE server. This field is not configurable if you select PPP Auto Connect. PPPoE Service Enter the name of your PPPoE service here. Name SBG3500-N000 User’s Guide...
Page 111
IP address automatically generated by the SBG3500-N using the IPv6 prefix from an RA. This option is available only when you choose to get your IPv6 address automatically. Select Static if you have a fixed IPv6 address assigned by your ISP. SBG3500-N000 User’s Guide...
Page 112
IEEE 802.1p defines up to 8 separate traffic types by inserting a tag into a MAC-layer frame that contains bits to define class of service. Select the IEEE 802.1p priority level (from 0 to 7) to add to traffic through this connection. The greater the number, the higher the priority level. SBG3500-N000 User’s Guide...
Select this to activate the WAN configuration settings. Name Enter a service name of the connection. Type Select ADSL/VDSL over PTM as the interface that you want to configure. The SBG3500-N uses the VDSL technology for data transmission over the DSL port. SBG3500-N000 User’s Guide...
Page 114
If you select ADSL over ATM as the interface type, the following screen appears. Figure 25 Bridge Mode (ADSL over ATM) The following table describes the fields in this screen. Table 10 Bridge Mode (ADSL over ATM) LABEL DESCRIPTION General Active Select this to activate the WAN configuration settings. SBG3500-N000 User’s Guide...
Page 115
The Sustainable Cell Rate (SCR) sets the average cell rate (long-term) that can be Rate transmitted. Type the SCR, which must be less than the PCR. Note that system default is 0 cells/sec. This field is available only when you select Non Realtime VBR or Realtime VBR. SBG3500-N000 User’s Guide...
Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. 6.3 The 3G WAN Screen Use this screen to configure your 3G settings. Click Network Setting > Broadband > 3G WAN. SBG3500-N000 User’s Guide...
Page 117
Chapter 6 Broadband Note: The actual data rate you obtain varies depending the 3G card you use, the signal strength to the service provider’s base station, and so on. Figure 26 Network Setting > Broadband > 3G WAN SBG3500-N000 User’s Guide...
Page 118
Enter the first DNS server address assigned by the ISP. server Secondary DNS Enter the second DNS server address assigned by the ISP. server Budget Setup Enable Budget Click the radio buttons Enable to activate budget control or Disable to deactivate budget Control control. SBG3500-N000 User’s Guide...
Page 119
Type a number (0-9999) in the Minutes field to indicate the frequency of the log generation. Apply Click Apply to save your changes back to the SBG3500-N. Cancel Click Cancel to return to the previous configuration. SBG3500-N000 User’s Guide...
6.4.1 Add 3G Dongle Information Click Add New Entry in the Add New 3G Dongle screen to show the following. Enter the information for a new 3G dongle to add it. Figure 28 Add 3G Dongle Information SBG3500-N000 User’s Guide...
Select Enable to use PTM over ADSL. Since PTM has less overhead than ATM, some ISPs use PTM over ADSL for better performance. Annex M You can enable Annex M for the SBG3500-N to use double upstream mode to increase the maximum upstream transfer rate. SBG3500-N000 User’s Guide...
This shows the certificate used for this authentication. This displays N/A when there is no certificate assigned. Trusted CA This shows the Trusted CA used for this authentication. This displays N/A when there is no Trusted CA assigned. SBG3500-N000 User’s Guide...
Select the Trusted CA you want to assign to the authentication. You need to import the certificate in the Security > Certificates > Trusted CA screen. Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. SBG3500-N000 User’s Guide...
Mode This shows whether the rule is Active or Passive. Weight This shows the weight of the rule. Modify Click the Edit icon to configure the multi-WAN rule. Click the Delete icon to remove the multi-WAN rule. SBG3500-N000 User’s Guide...
SBG3500-N sends through each member interface. The higher an interface’s weight is (relative to the weights of the interfaces), the more traffic the SBG3500-N sends through that interface. Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. SBG3500-N000 User’s Guide...
Click the Delete icon next to the VDSL WAN connection as it is not needed in this example. Click the Edit icon next to the ETHWAN-SFP WAN connection. This brings up the edit window. Change the weight field to 3 and click the Apply button. SBG3500-N000 User’s Guide...
Ethernet network, without using PPP encapsulation. They are routed between the Ethernet interface and the WAN interface and then formatted so that they can be understood in a bridged environment. For instance, it encapsulates routed Ethernet frames into bridged Ethernet cells. SBG3500-N000 User’s Guide...
Page 128
An example of an VBR-RT connection would be video conferencing. Video conferencing requires real-time data transfers and the bandwidth requirement varies in proportion to the video image's changing dynamics. SBG3500-N000 User’s Guide...
Page 129
VID (VLAN Identifier) of null (0) is called a priority frame, meaning that only the priority level is significant and the default VID of the ingress port is given as the VID of the frame. Of the SBG3500-N000 User’s Guide...
Page 130
The 128-bit IPv6 address is written as eight 16-bit hexadecimal blocks separated by colons (:). This is an example IPv6 address 2001:0db8:1a2b:0015:0000:0000:1a2f:0000. IPv6 addresses can be abbreviated in two ways: • Leading zeros in a block can be omitted. So 2001:0db8:1a2b:0015:0000:0000:1a2f:0000 can be written as 2001:db8:1a2b:15:0:0:1a2f:0. SBG3500-N000 User’s Guide...
Page 131
IPv6 prefix length specifies how many most significant bits (start from the left) in the address compose the network address. The prefix length is written as “/x” where x is a number. For example, 2001:db8:1a2b:15::1a2f:0/32 means that the first 32 bits (2001:db8) is the subnet prefix. SBG3500-N000 User’s Guide...
• Use the Others screen to configure wireless advanced features, such as the RTS/CTS Threshold (Section 7.7 on page 146). • Use the Channel Status screen to scan wireless LAN channel noises and view the results (Section 7.8 on page 148). SBG3500-N000 User’s Guide...
Device’s SSID, channel or security settings, you will lose your wireless connection when you press Apply to confirm. You must then change the wireless settings of your computer to match the Device’s new settings. SBG3500-N000 User’s Guide...
Page 134
APs as possible. The channel number which the Device is currently using then displays next to this field. more.../less Click more... to show more information. Click less to hide them. SBG3500-N000 User’s Guide...
Page 135
Device. When you select to use a security, additional options appears in this screen. Or you can select No Security to allow any client to associate this network without any data encryption or authentication. See the following sections for more details about this field. SBG3500-N000 User’s Guide...
RADIUS server. If your wireless devices support nothing stronger than WEP, use the highest encryption level available. Your Device allows you to configure up to four 64-bit or 128-bit WEP keys but only one key can be enabled at any one time. SBG3500-N000 User’s Guide...
Page 137
The default password is Passowrd 1. more.../less Click more... to show more fields in this section. Click less to hide them. WEP Encryption Select 64-bits or 128-bits. This dictates the length of the security key that the network is going to use. SBG3500-N000 User’s Guide...
Click more... to show more fields in this section. Click less to hide them. WPA-PSK This field appears when you choose WPA-PSK2 as the Security Mode. Compatible Check this field to allow wireless devices using WPA-PSK security mode to connect to your Device. The Device supports WPA-PSK and WPA2-PSK simultaneously. SBG3500-N000 User’s Guide...
The following table describes the labels in this screen. Table 23 Wireless > General: More Secure: WPA(2) LABEL DESCRIPTION Security Level Select More Secure to enable WPA(2)-PSK data encryption. Security Mode Choose WPA or WPA2 from the drop-down list box. SBG3500-N000 User’s Guide...
This screen allows you to enable and configure multiple Basic Service Sets (BSSs) on the Device. Click Network Setting > Wireless > More AP. The following screen displays. Figure 39 Network Setting > Wireless > More AP SBG3500-N000 User’s Guide...
Click the Edit icon to configure the SSID profile. 7.3.1 Edit More AP Use this screen to edit an SSID profile. Click the Edit icon next to an SSID in the More AP screen. The following screen displays. Figure 40 More AP: Edit SBG3500-N000 User’s Guide...
Page 142
Or you can select No Security to allow any client to associate this network without any data encryption or authentication. Section 7.2.1 on page 136 for more details about this field. Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. SBG3500-N000 User’s Guide...
This is the MAC addresses of the wireless devices that are allowed or denied access to the Device. Modify Click the Delete icon to delete the entry. Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. SBG3500-N000 User’s Guide...
The following table describes the labels in this screen. Table 27 Network Setting > Wireless > WPS LABEL DESCRIPTION Select Enable to activate WPS on the Device. Method 1 Use this section to set up a WPS wireless network using Push Button Configuration (PBC). SBG3500-N000 User’s Guide...
Use this screen to enable Wi-Fi MultiMedia (WMM) and WMM Power Save in wireless networks for multimedia applications. Click Network Setting > Wireless > WMM. The following screen displays. Figure 43 Network Setting > Wireless > WMM SBG3500-N000 User’s Guide...
Data with its frame size larger than this value will perform the RTS (Request To Send)/CTS Threshold (Clear To Send) handshake. Enter a value between 0 and 2347. Fragmentation This is the maximum data fragment size that can be sent. Enter a value between 256 and Threshold 2346. SBG3500-N000 User’s Guide...
Page 147
Select a preamble type from the drop-down list box. Choices are Long or Short. See Section 7.9.7 on page 154 for more information. This field is configurable only when you set 802.11 Mode to 802.11b. Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings. SBG3500-N000 User’s Guide...
• A bridge is a radio that relays communications between access points and wireless clients, extending a network’s range. Traditionally, a wireless network operates in one of two ways. SBG3500-N000 User’s Guide...
Page 149
Radio Channels In the radio spectrum, there are certain frequency bands allocated for unlicensed, civilian use. For the purposes of wireless networking, these bands are divided into numerous channels. This allows a SBG3500-N000 User’s Guide...
- for example, a twenty-letter long string of apparently random numbers and letters - but it is not very secure if you use a short key which is very easy to guess - for example, a three-letter word from the dictionary. SBG3500-N000 User’s Guide...
Page 151
Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks. These kinds of wireless devices might not have MAC addresses. Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F. SBG3500-N000 User’s Guide...
Problems with distance occur when the two radios are too far apart. Problems with interference occur when other radio waves interrupt the data signal. Interference may come from other radio transmissions, such as military or air traffic control communications, or from machines that are SBG3500-N000 User’s Guide...
BSSs simultaneously. You can then assign varying QoS priorities and/or security modes to different SSIDs. Wireless devices can use different BSSIDs to associate with the same AP. 7.9.6.1 Notes on Multiple BSSs • A maximum of eight BSSs are allowed on one AP simultaneously. SBG3500-N000 User’s Guide...
Take the following steps to set up WPS using the button. Ensure that the two devices you want to set up are within wireless range of one another. SBG3500-N000 User’s Guide...
Page 155
On a computer connected to the wireless client, try to connect to the Internet. If you can connect, WPS was successful. If you cannot connect, check the list of associated wireless clients in the AP’s configuration utility. If you see the wireless client in the list, WPS was successful. SBG3500-N000 User’s Guide...
WPA-PSK or WPA2-PSK pre-shared key to the enrollee. Whether WPA-PSK or WPA2-PSK is used depends on the standards supported by the devices. If the registrar is already part of a network, it sends the existing information. If not, it generates the SSID and WPA(2)-PSK randomly. SBG3500-N000 User’s Guide...
Page 157
This section shows how security settings are distributed in an example WPS setup. The following figure shows an example network. In step 1, both AP1 and Client 1 are unconfigured. When WPS is activated on both, they perform the handshake. In this example, AP1 SBG3500-N000 User’s Guide...
Page 158
(it already has security information for the network). AP1 supplies the existing security information to Client 2. Figure 51 WPS: Example Network Step 2 REGISTRAR EXISTING CONNECTION CLIENT 1 ENROLLEE CLIENT 2 SBG3500-N000 User’s Guide...
Page 159
(if the device supports this feature). Then, you can enter the key into the non-WPS device and join the network as normal (the non-WPS device must also support WPA-PSK or WPA2-PSK). SBG3500-N000 User’s Guide...
Page 160
Check the MAC addresses of your wireless clients (usually printed on a label on the bottom of the device). If there is an unknown MAC address you can remove it or reset the AP. SBG3500-N000 User’s Guide...
• Use the Additional Subnet screen to configure IP alias and public static IP (Section 8.5 on page 169). • Use the 5th Ethernet Port screen to configure the Ethernet WAN port as a LAN port (Section 8.8 on page 179). SBG3500-N000 User’s Guide...
UPnP devices and enable exchange of simple product and service descriptions. NAT traversal allows the following: • Dynamic port mapping • Learning public IP addresses SBG3500-N000 User’s Guide...
This will become the IP address of your SBG3500-N. Enter the IP subnet mask into the IP Subnet Mask field. Unless instructed otherwise it is best to leave this alone, the configurator will automatically compute a subnet mask based upon the IP address you entered. SBG3500-N000 User’s Guide...
Page 164
Chapter 8 LAN Click Apply to save your settings. Figure 53 Network Setting > LAN > LAN Setup SBG3500-N000 User’s Guide...
Page 165
TFTP server dynamically at server startup. TFTP Server Type an IP address for the TFTP server. This field allows you to access multiple TFTP servers Address (option using DHCP option 150. Option 150 is Cisco proprietary. 150) SBG3500-N000 User’s Guide...
Page 166
Select Enable MLD Snooping to activate MLD Snooping on the SBG3500-N. This allows the SBG3500-N to check MLD packets passing through it and learn the multicast group membership. It helps reduce multicast traffic. SBG3500-N000 User’s Guide...
00:A0:C5:00:00:02. Use this screen to change your SBG3500-N’s static DHCP settings. Click Network Setting > LAN > Static DHCP to open the following screen. Figure 54 Network Setting > LAN > Static DHCP SBG3500-N000 User’s Guide...
Page 168
If you select Manual Input, enter the IP address that you want to assign to the computer on your LAN with the MAC address that you will also specify. Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. SBG3500-N000 User’s Guide...
Click Cancel to exit this screen without saving. 8.5 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP. Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me. SBG3500-N000 User’s Guide...
Page 170
Chapter 8 LAN Click Start and Control Panel. Double-click Add/Remove Programs. Click on the Windows Setup tab and select Communication in the Components selection box. Click Details. Add/Remove Programs: Windows Setup: Communication SBG3500-N000 User’s Guide...
Page 171
Follow the steps below to install the UPnP in Windows XP. Click Start and Control Panel. Double-click Network Connections. In the Network Connections window, click Advanced in the main menu and select Optional Networking Components …. Network Connections SBG3500-N000 User’s Guide...
Next. 8.6 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the SBG3500-N. SBG3500-N000 User’s Guide...
Page 173
Click Start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway. Right-click the icon and select Properties. Network Connections In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Internet Connection Properties SBG3500-N000 User’s Guide...
Page 174
When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. Select Show icon in notification area when connected option and click OK. An icon displays in the system tray. System Tray Icon SBG3500-N000 User’s Guide...
Page 175
SBG3500-N first. This comes helpful if you do not know the IP address of the SBG3500-N. Follow the steps below to access the web configurator. Click Start and then Control Panel. Double-click Network Connections. SBG3500-N000 User’s Guide...
Page 176
Select My Network Places under Other Places. Network Connections An icon with the description for each UPnP-enabled device displays under Local Network. Right-click on the icon for your SBG3500-N and select Invoke. The web configurator login screen displays. Network Connections: My Network Places SBG3500-N000 User’s Guide...
Page 177
Chapter 8 LAN Right-click on the icon for your SBG3500-N and select Properties. A properties window displays with basic information about the SBG3500-N. Network Connections: My Network Places: Properties: Example SBG3500-N000 User’s Guide...
Select the checkbox to enable the Public LAN feature. Your ISP must support Public LAN and Static IP. IP Address Enter the public IP address provided by your ISP. IP Subnet Mask Enter the public IP subnet mask provided by your ISP. SBG3500-N000 User’s Guide...
Apply Click Apply to save your changes back to the SBG3500-N. Cancel Click Cancel to exit this screen without saving. 8.9 Technical Reference This section provides some technical background information about the topics covered in this chapter. SBG3500-N000 User’s Guide...
• The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign up. If your ISP gives you DNS server addresses, enter them in the DNS Server fields in the DHCP Setup screen. SBG3500-N000 User’s Guide...
Internet, for example, only between your two branch offices, you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks: • 10.0.0.0 — 10.255.255.255 • 172.16.0.0 — 172.31.255.255 • 192.168.0.0 — 192.168.255.255 SBG3500-N000 User’s Guide...
Page 182
Note: Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, “Address Allocation for Private Internets” and RFC 1466, “Guidelines for Management of IP Address Space”. SBG3500-N000 User’s Guide...
184). • Use the Policy Forwarding screen to configure policy routing on the Device. (Section 9.3 on page 185). • Use the RIP screen to set up RIP settings on the Device. (Section 9.4 on page 187). SBG3500-N000 User’s Guide...
Use this screen to add or edit a static route. Click Add new static route in the Routing screen or the Edit icon next to the static route you want to edit. The screen shown next appears. Figure 62 Routing: Add/Edit SBG3500-N000 User’s Guide...
The following table describes the labels in this screen. Table 40 Network Setting > Routing >Policy Forwarding LABEL DESCRIPTION Add new Policy Click this to create a new policy forwarding rule. Forward Rule This is the index number of the entry. SBG3500-N000 User’s Guide...
The following table describes the labels in this screen. Table 41 Policy Forwarding: Add/Edit (Sheet 1 of 2) LABEL DESCRIPTION Policy Name Enter a descriptive name of up to 8 printable English keyboard characters, not including spaces. Source IP Enter the source IP address. SBG3500-N000 User’s Guide...
Select Passive to have the Device update the routing table based on the RIP packets received from neighbors but not advertise its route information to other routers in this interface. Select Active to have the Device advertise its route information and also listen for routing updates from neighboring routers. SBG3500-N000 User’s Guide...
Page 188
Chapter 9 Routing Table 42 Network Setting > Routing > RIP LABEL DESCRIPTION Enabled Select the check box to activate the settings. Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. SBG3500-N000 User’s Guide...
(Section 10.5 on page 194). • The Policer Setup screen lets you add, edit or delete QoS policers (Section 10.5 on page 194). • The Monitor screen lets you view the Device's QoS-related packet statistics (Section 10.7 on page 201). SBG3500-N000 User’s Guide...
(or queues). Your Device uses the Token Bucket algorithm to allow a certain amount of large bursts while keeping a limit at the average rate. Traffic Rate Traffic Rate Time Time (Before Traffic Shaping) (After Traffic Shaping) SBG3500-N000 User’s Guide...
Click Network Setting > QoS > General to open the screen as shown next. Use this screen to enable or disable QoS and set the upstream bandwidth. See Section 10.1 on page 189 for more information. Figure 66 Network Settings > QoS > General SBG3500-N000 User’s Guide...
Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings. 10.4 The Queue Setup Screen Click Network Setting > QoS > Queue Setup to open the screen as shown next. SBG3500-N000 User’s Guide...
Page 193
This shows the maximum transmission rate allowed for traffic on this queue. Modify Click the Edit icon to edit the queue. Click the Delete icon to delete an existing queue. Note that subsequent rules move up by one when you take this action. SBG3500-N000 User’s Guide...
Click Cancel to exit this screen without saving. 10.5 The Class Setup Screen Use this screen to add, edit or delete QoS classifiers. A classifier groups traffic into data flows according to specific criteria such as the source address, destination address, source port number, SBG3500-N000 User’s Guide...
Page 195
This is the name of the queue in which traffic of this classifier is put. Modify Click the Edit icon to edit the classifier. Click the Delete icon to delete an existing classifier. Note that subsequent rules move up by one when you take this action. SBG3500-N000 User’s Guide...
Chapter 10 Quality of Service (QoS) 10.5.1 Add/Edit QoS Class Click Add new Classifier in the Class Setup screen or the Edit icon next to a classifier to open the following screen. Figure 70 Class Setup: Add/Edit SBG3500-N000 User’s Guide...
Page 197
For example, if you set the MAC address to 00:13:49:00:00:00 and the mask to ff:ff:ff:00:00:00, a packet with a MAC address of 00:13:49:12:34:56 matches this criteria. Exclude Select this option to exclude the packets that match the specified criteria from this classifier. Others SBG3500-N000 User’s Guide...
Page 198
If you select Unchange, the Device keep the VLAN ID in the packets. Forward to Select a WAN interface through which traffic of this class will be forwarded out. If you select Interface Unchange, the Device forward traffic of this class according to the default routing table. SBG3500-N000 User’s Guide...
This shows the how the policer has the Device treat different types of traffic belonging to the policer’s member QoS classes. Modify Click the Edit icon to edit the policer. Click the Delete icon to delete an existing policer. Note that subsequent rules move up by one when you take this action. SBG3500-N000 User’s Guide...
Specify what the Device does for packets within the committed rate and burst size (green- Action marked packets). • Pass: Send the packets without modification. • DSCP Mark: Change the DSCP mark value of the packets. Enter the DSCP mark value to use. SBG3500-N000 User’s Guide...
This is the index number of the entry. Name This shows the name of the queue. Pass Rate This shows how many packets assigned to this queue are transmitted successfully. Drop Rate This shows how many packets assigned to this queue are dropped. SBG3500-N000 User’s Guide...
DiffServ defines a new Differentiated Services (DS) field to replace the Type of Service (TOS) field in the IP header. The DS field contains a 2-bit unused field and a 6-bit DSCP field which can define up to 64 service levels. The following figure illustrates the DS field. SBG3500-N000 User’s Guide...
Page 204
The Single Rate Three Color Marker (srTCM, defined in RFC 2697) is a type of traffic policing that identifies packets by comparing them to one user-defined rate, the Committed Information Rate (CIR), and two burst sizes: the Committed Burst Size (CBS) and Excess Burst Size (EBS). SBG3500-N000 User’s Guide...
Page 205
• If the PBS bucket has enough tokens, the Device checks the CBS bucket. The packet is marked green and can be transmitted if the number of tokens in the CBS bucket is equal to or greater than the size of the packet (in bytes). Otherwise, the packet is marked yellow. SBG3500-N000 User’s Guide...
WAN side. In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the SBG3500-N000 User’s Guide...
Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a SBG3500-N000 User’s Guide...
Page 208
This is the last external port number that identifies a service. Translation This is the first internal port number that identifies a service. Start Port Translation End This is the last internal port number that identifies a service. Port SBG3500-N000 User’s Guide...
To forward only one port, enter the port number again in the End Port field. To forward a series of ports, enter the start port number here and the end port number in the End Port field. SBG3500-N000 User’s Guide...
Forwarded WAN Interface This field shows the WAN interface through which the service is forwarded. Server IP This field displays the destination IP address for the service. Address Modify Click the Delete icon to delete the rule. SBG3500-N000 User’s Guide...
LAN can use the service in the same manner. This way you do not need to configure a new IP address each time you want a different LAN computer to use the application. SBG3500-N000 User’s Guide...
Page 212
IP address of the LAN computer that sent the traffic to a server on the WAN. This is the first port number that identifies a service. Trigger End This is the last port number that identifies a service. Port Trigger Proto. This is the trigger transport layer protocol. SBG3500-N000 User’s Guide...
Type a port number or the starting port number in a range of port numbers. Trigger End Type a port number or the ending port number in a range of port numbers. Port Trigger Protocol Select the transport layer protocol from TCP, UDP, or TCP/UDP. SBG3500-N000 User’s Guide...
Note: If you do not assign a Default Server Address, the Device discards all packets received for ports that are not specified in the NAT Port Forwarding screen. Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings. SBG3500-N000 User’s Guide...
When a rule matches the current packet, the Device takes the corresponding action and the remaining rules are ignored. Click Network Setting > NAT > Address Mapping to display the following screen. Figure 84 Network Setting > NAT > Address Mapping SBG3500-N000 User’s Guide...
11.7.1 Add/Edit Address Mapping Rule To add or edit an address mapping rule, click Add new rule or the rule’s edit icon in the Address Mapping screen to display the screen shown next. Figure 85 Address Mapping: Add/Edit SBG3500-N000 User’s Guide...
IP address of a host when the packet is in the local network, while the global address refers to the IP address of the host when the same packet is traveling in the WAN side. SBG3500-N000 User’s Guide...
Many-to-Many Overload mapping), NAT offers the additional benefit of firewall protection. With no servers defined, your Device filters out all incoming inquiries, thus preventing intruders from probing your network. For more information on IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT). SBG3500-N000 User’s Guide...
Figure 86 How NAT Works NAT Table Inside Local Inside Global IP Address IP Address 192.168.1.10 IGA 1 192.168.1.13 192.168.1.11 IGA 2 192.168.1.12 IGA 3 192.168.1.13 IGA 4 192.168.1.12 192.168.1.10 IGA1 Inside Local Inside Global Address (ILA) Address (IGA) 192.168.1.11 192.168.1.10 SBG3500-N000 User’s Guide...
SMTP (Simple Mail Transfer Protocol) DNS (Domain Name System) Finger HTTP (Hyper Text Transfer protocol or WWW, Web) POP3 (Post Office Protocol) NNTP (Network News Transport Protocol) SNMP (Simple Network Management Protocol) SNMP trap PPTP (Point-to-Point Tunneling Protocol) 1723 SBG3500-N000 User’s Guide...
Page 221
(C in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet. Figure 88 Multiple Servers Behind NAT Example A=192.168.1.33 192.168.1.1 B=192.168.1.34 IP address assigned by ISP C=192.168.1.35 D=192.168.1.36 SBG3500-N000 User’s Guide...
• Use the DNS Entry screen to view, configure, or remove DNS routes (Section 12.2 on page 223). • Use the Dynamic DNS screen to enable DDNS and configure the DDNS settings on the Device (Section 12.3 on page 224). SBG3500-N000 User’s Guide...
You can manually add or edit the Device’s DNS name and IP address entry. Click Add new DNS entry in the DNS Entry screen or the Edit icon next to the entry you want to edit. The screen shown next appears. Figure 90 DNS Entry: Add/Edit SBG3500-N000 User’s Guide...
If you select TZO in the Service Provider field, enter the password you used to register for this service. Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. SBG3500-N000 User’s Guide...
Page 225
Chapter 12 Dynamic DNS Setup SBG3500-N000 User’s Guide...
Click this button to create a new interface group. Interface Group Status This field displays whether the interface group is active or not. A yellow bulb signifies that this group is active. A gray bulb signifies that the group is not active. SBG3500-N000 User’s Guide...
Click the Add New Interface Group button in the Interface Group/VLAN screen to open the following screen. Use this screen to create a new interface group. Note: An interface can belong to only one group at a time. Figure 93 Interface Group Configuration SBG3500-N000 User’s Guide...
Page 228
This shows if wildcard on DHCP option 60 is enabled. Support Remove Click the Remove icon to delete this rule from the Device. Apply Click Apply to save your changes back to the Device. Cancel Click Cancel to exit this screen without saving. SBG3500-N000 User’s Guide...
Select DUID-LL (DUID Based on Link-layer Address) to enter the device’s hardware type and hardware address (MAC address) in the following fields. Select Other to enter any string that identifies the device in the DUID field. DHCP Option Select this and enter vendor specific information of the matched traffic. SBG3500-N000 User’s Guide...
Page 230
Enter the model name of the device. Name Serial Enter the serial number of the device. Number Apply Click Apply to save your changes back to the Device. Cancel Click Cancel to exit this screen without saving. SBG3500-N000 User’s Guide...
The Device uses Common Internet File System (CIFS) protocol for its file sharing functions. CIFS compatible computers can access the USB file storage devices connected to the Device. CIFS protocol is supported on Microsoft Windows, Linux Samba and other operating systems (refer to your systems specifications for CIFS compatibility). SBG3500-N000 User’s Guide...
14.2.1 Before You Begin Make sure the Device is connected to your network and turned on. Connect the USB device to one of the Device’s USB port. Make sure the Device is connected to your network. SBG3500-N000 User’s Guide...
Page 233
File Sharing Select Enable to activate file sharing through the Device. Services Host Name Enter the host name on the share. Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings. SBG3500-N000 User’s Guide...
• Use the Access Control screen to view and configure incoming/outgoing filtering rules (Section 15.4 on page 239). • Use the DoS screen to activate protection against Denial of Service (DoS) attacks (Section 15.5 on page 241). SBG3500-N000 User’s Guide...
Stateful Packet Inspection (SPI) tracks each connection crossing the firewall and makes sure it is valid. Filtering decisions are based not only on rules but also context. For example, traffic from the WAN may only be allowed to cross the firewall in response to a request from the LAN. SBG3500-N000 User’s Guide...
Click the check box Permit to allow the passage of the packets. Click the check box Log to create a log when an action from Firewall rule is taken. Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings. SBG3500-N000 User’s Guide...
Other and the protocol number displays if the service uses another IP protocol. Modify Click the Edit icon to edit the entry. Click the Delete icon to remove this entry. SBG3500-N000 User’s Guide...
For other IP protocol rules this shows the protocol number. Modify Click the Delete icon to remove the rule. Service Name Enter a unique name (up to 32 printable English keyboard characters, including spaces) for your customized port. SBG3500-N000 User’s Guide...
This displays the destination IP addresses to which this rule applies. Please note that a blank destination address is equivalent to Any. Service This displays the transport layer protocol that defines the service and the direction of traffic to which this rule applies. SBG3500-N000 User’s Guide...
Enter a descriptive name of up to 16 alphanumeric characters, not including spaces, underscores, and dashes. You must enter the filter name to add an ACL rule. This field is read-only if you are editing the ACL rule. SBG3500-N000 User’s Guide...
Click Cancel to exit this screen without saving. 15.5 The DoS Screen DoS (Denial of Service) attacks can flood your Internet connection with invalid packets and connection requests, using so much bandwidth and so many resources that Internet access becomes unavailable. SBG3500-N000 User’s Guide...
Page 242
DoS Protection Select Enable to enable protection against DoS attacks. Blocking Deny Ping Select Enable to block ping request packets. Response Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. SBG3500-N000 User’s Guide...
MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. You need to know the MAC addresses of the devices to configure this screen. SBG3500-N000 User’s Guide...
Device in these address fields. Enter the MAC addresses in a valid MAC address format, that is, six hexadecimal character pairs, for example, 12:34:56:78:9a:bc. Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings. SBG3500-N000 User’s Guide...
This shows the MAC address of the LAN user’s computer to which this rule applies. (MAC) Internet Access This shows the day(s) and time on which User Access control is enabled. Schedule Network This shows whether the network service is configured. If not, None will be shown. Service SBG3500-N000 User’s Guide...
The following table describes the fields in this screen. Table 80 User Access Control Rule: Add/Edit LABEL DESCRIPTION General Active Select the checkbox to activate this User Access control rule. User Access Enter a descriptive name for the rule. Control Profile Name SBG3500-N000 User’s Guide...
Page 247
Click Add to show a screen to enter the URL of web site or URL keyword to which the Device URL Keyword blocks access. Click Delete to remove it. Apply Click this button to save your settings back to the Device. Cancel Click Cancel to restore your previously saved settings. SBG3500-N000 User’s Guide...
This shows the description of this rule. Modify Click the Edit icon to edit the schedule. Click the Delete icon to delete a scheduler rule. Note: You cannot delete a scheduler rule once it is applied to a certain feature. SBG3500-N000 User’s Guide...
Enter the time period of each day, in 24-hour format, during which User Access control will Range be enforced. Description Enter a description for this scheduler rule. Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. SBG3500-N000 User’s Guide...
You can use the Device to generate certification requests that contain identifying information and public keys and then send the certification requests to a certification authority. SBG3500-N000 User’s Guide...
For a certification request, click Load Signed to import the signed certificate. Click the Remove icon to delete the certificate (or certification request). You cannot delete a certificate that one or more features is configured to use. SBG3500-N000 User’s Guide...
After you click Apply, the following screen displays to notify you that you need to get the certificate request signed by a Certificate Authority. If you already have, click Load_Signed to import the signed certificate into the Device. Otherwise click Back to return to the Local Certificates screen. SBG3500-N000 User’s Guide...
After you create a certificate request and have it signed by a Certificate Authority, in the Local Certificates screen click the certificate request’s Load Signed icon to import the signed certificate into the Device. Note: You must remove any spaces from the certificate’s filename before you can import Figure 112 Load Signed Certificate SBG3500-N000 User’s Guide...
Click the View icon to open a screen with an in-depth list of information about the certificate (or certification request). Click the Remove button to delete the certificate (or certification request). You cannot delete a certificate that one or more features is configured to use. SBG3500-N000 User’s Guide...
CA will be displayed in the Network Setting > Broadband > 802.1x: Authentication Edit screen. Certificate Copy and paste the certificate into the text box to store it on the Device. Click OK to save your changes. Cancel Click Cancel to exit this screen without saving. SBG3500-N000 User’s Guide...
• Use the Monitor screen to display and manage active IPSec VPN connections (Section 20.5 on page 266). • Use the Radius screen to manage the list of RADIUS servers the SBG3500-N can use in authenticating users (Section 20.6 on page 267). SBG3500-N000 User’s Guide...
The following figure helps explain the main fields in the web configurator. Figure 117 IPSec Fields Summary Remote Network Local Network Remote IPSec Router VPN Tunnel Remote IP Address Local IP Address Local and remote IP addresses must be static. SBG3500-N000 User’s Guide...
You can click the Add New Entry button or a policy’s Edit icon in the IPSec VPN > Setup screen to either add or edit a VPN policy. Note: The SBG3500-N uses the system default gateway interface’s WAN IP address as its WAN IP address to set up a VPN tunnel. SBG3500-N000 User’s Guide...
Chapter 20 IPSec VPN 20.4.2 The VPN Connection Add/Edit Screen Configure the VPN connection settings in the IPSec VPN > Setup > Edit screen. Figure 119 VPN > IPSec VPN > Setup > Edit SBG3500-N000 User’s Guide...
Page 260
The VPN connection is briefly lost when SBG3500-N tries to reconnect using the primary address. Note that the peer devices using the secondary address cannot use a nailed-up VPN connecton setting. SBG3500-N000 User’s Guide...
Page 261
Main as the Negotiation Mode with Pre-Shared Key. Manual SPI (HEX) Type a hexadecimal value (between 256 and 4095) for the Security Parameter Index (SPI). Make sure the remote VPN endpoint has the same value in its SPI field. SBG3500-N000 User’s Guide...
Page 262
=) in the field per following rule. MD5 - 16-20 characters SHA1 - 20 characters You can also use hexadecimal by typing “0x” in the beginning of the key. The remote IPSec router must have the same encryption key. SBG3500-N000 User’s Guide...
Page 263
SHA1 and MD5. SHA1 is generally considered stronger than MD5, but it is also slower. Click this to add phase 1 Encryption and Authentication. Modify Select an entry and click the delete icon to remove it. SBG3500-N000 User’s Guide...
Page 264
Tunnel - this mode encrypts the IP header information and the data. Transport - this mode only encrypts the data. If you set Encapsulation to Transport, Policy (Local and Remote) is not applicable. The SBG3500-N and remote IPSec router must use the same encapsulation. SBG3500-N000 User’s Guide...
Page 265
Click this checkbox to force data traffic to go through VPN tunnel when its destination IP Tunnel address matches an entry in the IPSec VPN policy rule. Apply Click Apply to save your changes back to the SBG3500-N. Cancel Click Cancel to restore your previous settings. SBG3500-N000 User’s Guide...
(DPD) XAUTH 20.5 The IPSec VPN Monitor Screen In the Web Configurator, click VPN > IPSec VPN > Monitor. Use this screen to display and manage active VPN connections. Figure 120 VPN > IPSec VPN > Monitor SBG3500-N000 User’s Guide...
If the RADIUS server has a backup server, enter its address here. Address Backup Specify the port number on the RADIUS server to which the SBG3500-N sends Authentication Port authentication requests. Enter a number between 1 and 65535. SBG3500-N000 User’s Guide...
Click Cancel to restore your previous settings. 20.7 Technical Reference This section provides some technical background information about the topics covered in this chapter. 20.7.1 IPSec Architecture The overall IPSec architecture is shown as follows. Figure 122 IPSec Architecture SBG3500-N000 User’s Guide...
With the use of AH as the security protocol, protection is extended forward into the IP header to verify the integrity of the entire packet by use of portions of the original IP header in the hashing process. SBG3500-N000 User’s Guide...
An IKE SA times out when the IKE SA lifetime period expires. If an IKE SA times out when an IPSec SA is already established, the IPSec SA stays connected. In phase 2 you must: SBG3500-N000 User’s Guide...
The encrypted contents, but not the new headers, are signed with a hash value appended to the packet. Tunnel mode ESP with authentication is compatible with NAT because integrity checks are performed over the combination of the "original header plus original payload," which is unchanged by a NAT device. SBG3500-N000 User’s Guide...
"original header plus original payload," which is unchanged by a NAT device. The compatibility of AH and ESP with NAT in tunnel and transport modes is summarized in the following table. Table 94 VPN and NAT SECURITY PROTOCOL MODE Transport Tunnel SBG3500-N000 User’s Guide...
Table 96 Matching ID Type and Content Configuration Example SBG3500-N A SBG3500-N B Local ID type: User-FQDN Local ID type: IP Local ID content: tom@yourcompany.com Local ID content: 1.1.1.2 Remote ID type: IP Remote ID type: E-mail Remote ID content: 1.1.1.2 Remote ID content: tom@yourcompany.com SBG3500-N000 User’s Guide...
768-bit, 1024-bit 1536-bit, 2048-bit, and 3072-bit Diffie-Hellman groups are supported. Upon completion of the Diffie-Hellman exchange, the two peers have a shared secret, but the IKE SA is not authenticated. For authentication, use pre-shared keys. SBG3500-N000 User’s Guide...
21.2 What You Can Do in this Chapter • Use the Setup screen to configure the PPTP VPN settings in the SBG3500-N (Section 21.3 on page 276). • Use the Monitor screen to view settings for PPTP clients (Section 21.4 on page 277). SBG3500-N000 User’s Guide...
Specify up to 2 LAN groups (subnets) which a PPTP VPN client is allowed to access. If (Optional) none is specified, all LAN groups can be accessed. Enter the IP address and subnet mask for the LAN group(s). SBG3500-N000 User’s Guide...
Select a VPN client connection and click this to disconnect. 21.5 PPTP VPN Troubleshooting Tips This section lists the common troubleshooting tips for PPTP VPN. A PPTP client device (such as a PC, smart phone, tablet) cannot connect to the SBG3500-N. SBG3500-N000 User’s Guide...
Page 278
When any one of these configuration changes is applied on the SBG3500-N: WAN interface used for PPTP VPN, IP address pool, access group. e. The SBG3500-N’s WAN interface on which the PPTP connection is established is disconnected. SBG3500-N000 User’s Guide...
Page 279
An Android device cannot connect to the SBG3500-N’s PPTP VPN. Tip: Devices running an Android OS older than version 4.1 have issues with PPTP/MPPE encryption. Avoid using devices that run an Android OS older than version 4.1 for PPTP VPN connection. SBG3500-N000 User’s Guide...
• Use the Monitor screen to view settings for L2TP clients (Chapter 22 on page 282). Note: You need to configure the Default_L2TPVPN VPN rule in the VPN > IPSec > IPSec Setup screen. See Chapter 20 on page 256 for information on IPSec VPN. SBG3500-N000 User’s Guide...
Select how the SBG3500-N authenticates a remote user before allowing access to the Method L2TP VPN tunnel. The authentication method has the SBG3500-N check a user’s user name and password against the SBG3500-N’s local database, which is configured in the Maintenance > User Account screen. SBG3500-N000 User’s Guide...
A L2TP client device (such as a PC, smart phone, tablet) cannot connect to the SBG3500-N. TIP: This could be due to one of the following reasons: a. The client device is not connected to the Internet successfully. SBG3500-N000 User’s Guide...
Page 283
This usually happens at the first connection attempt after a new connection profile is created. Reconfigure the pre-shared key on the client Windows device and retry the connection. An L2TP client device cannot reconnect after it is disconnected. SBG3500-N000 User’s Guide...
Page 284
IPSec proposals provided by a built-in L2TP client in the popular operating systems during IPSec phase 1 negotiation. The first proposal that can be supported by the phase 1 setting in the Default_L2TPVPN IPSec VPN rule will be accepted by the SBG3500-N000 User’s Guide...
Page 285
ESP/AES/MD5 ESP/3DES/SHA1 ESP/3DES/SHA1 ESP/3DES/MD5 ESP/3DES/MD5 ESP/DES/SHA1 ESP/DES/MD5 AH/-/SHA1 and ESP/3DES/SHA1 ESP/3DES/SHA1 ESP/3DES/- AH/-/MD5 and AH/-/SHA1 and ESP/DES/SHA1 ESP/3DES/- ESP/AES/- AH/-/SHA1 and AH/-/SHA1 and ESP/-/SHA1 ESP/3DES/SHA1 ESP/3DES/- AH/-/MD5 and AH/-/SHA1 and AH/-/SHA1 ESP/3DES/MD5 ESP/3DES/SHA1 ESP/DES/MD5 ESP/-/SHA1 ESP/DES/SHA1 AH/-/SHA1 SBG3500-N000 User’s Guide...
CODE SEVERITY Emergency: The system is unusable. Alert: Action must be taken immediately. Critical: The system condition is critical. Error: There is an error condition on the system. Warning: There is a warning condition on the system. SBG3500-N000 User’s Guide...
Level This field displays the severity level of the logs that the device is to send to this syslog server. Messages This field states the reason for the log. SBG3500-N000 User’s Guide...
Level This field displays the severity level of the logs that the device is to send to this syslog server. Messages This field states the reason for the log. SBG3500-N000 User’s Guide...
This indicates the number of frames with errors transmitted on this interface. Drop This indicates the number of outgoing packets dropped on this interface. Packets Received Data This indicates the number of received packets on this interface. SBG3500-N000 User’s Guide...
Choose the screen refresh time (15, 30, 60 seconds) from the drop-down list to see changes in the devices that are on the network. This displays the device that is connected to the SBG3500-N. Device Name This displays the system name of the device on the SBG3500-N. SBG3500-N000 User’s Guide...
Page 291
This displays the IP address of the device on the SBG3500-N. MAC Address This displays the MAC address of the device on the SBG3500-N. Connection Type This displays the connection type that the device is using to connect to the SBG3500-N. SBG3500-N000 User’s Guide...
The following table describes the labels in this screen. Table 110 System Monitor > ARP Table LABEL DESCRIPTION This is the ARP table entry number. IP Address This is the learned IP address of a device connected to a port. SBG3500-N000 User’s Guide...
Page 293
This is the MAC address of the device with the listed IP address. Device This is the type of interface used by the device. You can click on the device type to go to its configuration screen. SBG3500-N000 User’s Guide...
M-Modified (redirect): The route is modified from a routing daemon or redirect. Metric The metric represents the "cost of transmission". A router determines the best route for transmission by choosing a path with the lowest "cost". The smaller the number, the lower the "cost". SBG3500-N000 User’s Guide...
Page 295
Interface This indicates the name of the interface through which the route is forwarded. br0 indicates the LAN interface. ptm0 indicates the WAN interface using IPoE or in bridge mode. ppp0 indicates the WAN interface using PPPoE. SBG3500-N000 User’s Guide...
EXCLUDE means that the IP addresses in the Source List are not allowed to receive the multicast group’s traffic but other IP addresses can. Source List This is the list of IP addresses that are allowed or not allowed to receive the multicast group’s traffic depending on the filter mode. SBG3500-N000 User’s Guide...
HAPTER xDSL Statistics 28.1 The xDSL Statistics Screen Use this screen to view detailed DSL statistics. Click System Monitor > xDSL Statistics to open the following screen. Figure 139 System Monitor > xDSL Statistics SBG3500-N000 User’s Guide...
Page 298
Attainable Net These are the highest theoretically possible transfer rates at which the port could send and Data Rate receive payload data without transport layer protocol headers and traffic. xDSL Counters SBG3500-N000 User’s Guide...
Page 299
30% or more errored blocks or at least one defect. This is a subset of ES. This is the number of UnAvailable Seconds. This is the number of Loss Of Signal seconds. This is the number of Loss Of Frame seconds. This is the number of Loss of Margin seconds. SBG3500-N000 User’s Guide...
This field indicates how many times a user can re-enter his/her account information before the Device locks the user out. Idle Timeout This field indicates the number of minutes that the system can idle before being logged out. SBG3500-N000 User’s Guide...
Use this screen to add or edit a users account. Click Add new user in the User Account screen or the Edit icon next to the user account you want to edit. The screen shown next appears. Figure 141 User Account: Add/Edit SBG3500-N000 User’s Guide...
Page 302
Enter the shared root directory. File Sharing Select if you want the files in the shared directory to be writable or not. Writable Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. SBG3500-N000 User’s Guide...
30.2 The Remote MGMT Screen Use this screen to configure through which interface(s) users can use which service(s) to manage the SBG3500-N. Click Maintenance > Remote MGMT to open the following screen. Figure 142 Maintenance > Remote MGMT SBG3500-N000 User’s Guide...
Page 304
Select a certificate the HTTPS server (the SBG3500-N) uses to authenticate itself to the Certificate HTTPS client. You must have certificates already configured in the Certificates screen. Apply Click Apply to save your changes back to the SBG3500-N. Cancel Click Cancel to restore your previously saved settings. SBG3500-N000 User’s Guide...
ACS and specify the ACS IP address or domain name and username and password. Click Maintenance > TR-069 Client to open the following screen. Use this screen to configure your Device to be managed by an ACS. Figure 143 Maintenance > TR-069 Client SBG3500-N000 User’s Guide...
Page 306
You can choose a local certificate used by TR-069 client. The local certificate should be used by TR-069 imported in the Security > Certificates > Local Certificates screen. client Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. SBG3500-N000 User’s Guide...
SNMP allows a manager and agents to communicate for the purpose of accessing these objects. SNMP itself is a simple request/response protocol based on the manager/agent model. The manager issues a request and the agent returns responses using the following protocol operations: SBG3500-N000 User’s Guide...
Page 308
Enter the name of the person in charge of the Device. Trap Destination Type the IP address of the station to send your SNMP traps to. Apply Click Apply to save your changes back to the Device. Cancel Click Cancel to restore your previously saved settings. SBG3500-N000 User’s Guide...
33.2 The Time Screen To change your Device’s time and date, click Maintenance > Time. The screen appears as shown. Use this screen to configure the Device’s time based on your local time zone. Figure 146 Maintenance > Time SBG3500-N000 User’s Guide...
Page 310
Sunday, and the month to October. The time you select in the o'clock field depends on your time zone. In Germany for instance, you would select 2 in the Hour field because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). SBG3500-N000 User’s Guide...
Page 311
Chapter 33 Time Table 119 Maintenance > Time (continued) LABEL DESCRIPTION Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. SBG3500-N000 User’s Guide...
This field displays the password of the sender’s mail account. Email Address This field displays the e-mail address that you want to be in the from/sender line of the e-mail that the Device sends. Remove Click this button to delete the selected entry(ies). SBG3500-N000 User’s Guide...
If you activate SSL/TLS authentication, the e-mail address must be able to be authenticated by the mail server as well. Apply Click this button to save your changes and return to the previous screen. Cancel Click this button to begin configuring this screen afresh. SBG3500-N000 User’s Guide...
You can configure where the Device sends logs and which logs and/or immediate alerts the Device records in the Logs Setting screen. 35.2 The Log Setting Screen To change your Device’s log settings, click Maintenance > Logs Setting. The screen appears as shown. Figure 149 Maintenance > Logs Setting SBG3500-N000 User’s Guide...
35.2.1 Example E-mail Log An "End of Log" message displays for each mail in which a complete log has been sent. The following is an example of a log sent by e-mail. • You may edit the subject title. SBG3500-N000 User’s Guide...
Page 316
|<1,02> 127|Apr 7 00 |From:192.168.1.131 To:192.168.1.255 |match |forward | 10:05:17 |UDP src port:00520 dest port:00520 |<1,02> 128|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |match |forward | 10:05:30 |UDP src port:00520 dest port:00520 |<1,02> End of Firewall Log SBG3500-N000 User’s Guide...
Click this to find the .bin file you want to upload. Remember that you must decompress compressed (.zip) files before you can upload them. Upload Click this to begin the upload process. This process may take up to two minutes. SBG3500-N000 User’s Guide...
Page 318
After two minutes, log in again and check your new firmware version in the Status screen. If the upload was not successful, the following screen will appear. Click OK to go back to the Firmware Upgrade screen. Figure 154 Error Message SBG3500-N000 User’s Guide...
Once your Device is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes. The backup configuration file will be useful in case you need to return to your previous settings. Click Backup to save the Device’s current configuration to your computer. SBG3500-N000 User’s Guide...
Page 320
Appendix A on page 334 for details on how to set up your computer’s IP address. If the upload was not successful, the following screen will appear. Click OK to go back to the Configuration screen. Figure 157 Configuration Upload Error SBG3500-N000 User’s Guide...
System restart allows you to reboot the Device remotely without turning the power off. You may need to do this if the Device hangs, for example. Click Maintenance > Reboot. Click Reboot to have the Device reboot. This does not affect the Device's configuration. Figure 160 Maintenance > Reboot SBG3500-N000 User’s Guide...
If an MEP port does not respond to the source MEP, this may indicate a fault. Administrators can take further action to check and resume services from the fault according to the line connectivity status report. SBG3500-N000 User’s Guide...
Click this button to perform the traceroute function. This determines the path a packet takes to the specified computer. Nslookup Click this button to perform a DNS lookup on the IP address of a computer you enter. SBG3500-N000 User’s Guide...
Page 324
Click this button to have the selected MEP send the LBM (Loop Back Message) to a specified remote end point. Send Linktrace Click this button to have the selected MEP send the LTMs (Link Trace Messages) to a specified remote end point. SBG3500-N000 User’s Guide...
Segment loopback tests allow you to verify integrity of a PVC to the nearest neighboring ATM device. End-to-end loopback tests allow you to verify integrity of an end-to-end PVC. Note: The DSLAM to which the Device is connected must also support ATM F4 and/or F5 to use this test. SBG3500-N000 User’s Guide...
Page 326
Press this to perform an OAM F4 segment loopback test. F4 end-end Press this to perform an OAM F4 end-to-end loopback test. F5 segment Press this to perform an OAM F5 segment loopback test. F5 end-end Press this to perform an OAM F5 end-to-end loopback test. SBG3500-N000 User’s Guide...
Make sure you understand the normal behavior of the LED. See Section 1.3 on page Check the hardware connections. Inspect your cables for damage. Contact the vendor to replace any damaged cables. Turn the Device off and on. SBG3500-N000 User’s Guide...
Make sure your Internet browser does not block pop-up windows and has JavaScripts and Java enabled. See Appendix C on page 364. If it is possible to log in from another interface, check the service control settings for HTTP and HTTPS (Maintenance > Remote MGMT). SBG3500-N000 User’s Guide...
Page 329
I cannot use FTP to upload / download the configuration file. / I cannot use FTP to upload new firmware. See the troubleshooting suggestions for I cannot see or access the Login screen in the web configurator. Ignore the suggestions about your browser. SBG3500-N000 User’s Guide...
ADSL and VDSL connections cannot work at the same time. You can only use one type of DSL connection, either ADSL or VDSL connection at one time. I cannot connect to the Internet using a Ethernet connection. Make sure you have the Ethernet WAN port connected to a MODEM or Router. SBG3500-N000 User’s Guide...
• Place the AP where there are minimum obstacles (such as walls and ceilings) between the AP and the wireless client. • Reduce the number of wireless clients connecting to the same AP simultaneously, or add additional APs if necessary. SBG3500-N000 User’s Guide...
You need to enable it to allow uses to access shared files in USB storage. If you are connecting a USB hard drive that comes with an external power supply, make sure it is connected to an appropriate power source that is on. SBG3500-N000 User’s Guide...
The Local Area Connection icon for UPnP disappears in the screen. Restart your computer. I cannot open special applications such as white board, file transfer and video when I use the MSN messenger. Wait more than three minutes. Restart the applications. SBG3500-N000 User’s Guide...
IP addresses that place them in the same subnet as the Device’s LAN port. Windows 95/98/Me Click Start, Settings, Control Panel and double-click the Network icon to open the Network window. Figure 165 WIndows 95/98/Me: Network: Configuration SBG3500-N000 User’s Guide...
Page 335
Restart your computer so the changes you made take effect. Configuring In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties Click the IP Address tab. • If your IP address is dynamic, select Obtain an IP address automatically. SBG3500-N000 User’s Guide...
Page 336
• If you do not know your DNS information, select Disable DNS. • If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in). Figure 167 Windows 95/98/Me: TCP/IP Properties: DNS Configuration SBG3500-N000 User’s Guide...
Page 337
Select your network adapter. You should see your computer's IP address, subnet mask and default gateway. Windows 2000/NT/XP The following example figures use the default Windows XP GUI theme. Click start (Start in Windows 2000/NT), Settings, Control Panel. Figure 168 Windows XP: Start Menu SBG3500-N000 User’s Guide...
Page 338
In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 169 Windows XP: Control Panel Right-click Local Area Connection and then click Properties. Figure 170 Windows XP: Control Panel: Network Connections: Properties SBG3500-N000 User’s Guide...
Page 339
• If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. SBG3500-N000 User’s Guide...
Page 340
(the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. SBG3500-N000 User’s Guide...
Page 341
• Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. SBG3500-N000 User’s Guide...
Page 342
In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab. Windows Vista This section shows screens from Windows Vista Enterprise Version 6.0. SBG3500-N000 User’s Guide...
Page 343
Click the Start icon, Control Panel. Figure 175 Windows Vista: Start Menu In the Control Panel, double-click Network and Internet. Figure 176 Windows Vista: Control Panel Click Network and Sharing Center. Figure 177 Windows Vista: Network And Internet SBG3500-N000 User’s Guide...
Page 344
Figure 178 Windows Vista: Network and Sharing Center Right-click Local Area Connection and then click Properties. Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. Figure 179 Windows Vista: Network and Sharing Center SBG3500-N000 User’s Guide...
Page 345
• If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP address and fill in the IP address, Subnet mask, and Default gateway fields. SBG3500-N000 User’s Guide...
Page 346
(the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. SBG3500-N000 User’s Guide...
Page 347
• Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. SBG3500-N000 User’s Guide...
Page 348
Click Start, All Programs, Accessories and then Command Prompt. In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab. SBG3500-N000 User’s Guide...
Page 349
Appendix A Setting up Your Computer’s IP Address Macintosh OS 8/9 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. Figure 184 Macintosh OS 8/9: Apple Menu SBG3500-N000 User’s Guide...
Page 350
Macintosh OS X Click the Apple menu, and click System Preferences to open the System Preferences window. Figure 186 Macintosh OS X: Apple Menu Click Network in the icon bar. • Select Automatic from the Location list. SBG3500-N000 User’s Guide...
Page 351
• Type the IP address of your Device in the Router address box. Click Apply Now and close the window. Turn on your Device and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the Network window. SBG3500-N000 User’s Guide...
Page 352
Follow the steps below to configure your computer IP address using the KDE. Click the Red Hat button (located on the bottom left corner), select System Setting and click Network. Figure 188 Red Hat 9.0: KDE: Network Configuration: Devices SBG3500-N000 User’s Guide...
Page 353
If you know your DNS server IP address(es), click the DNS tab in the Network Configuration screen. Enter the DNS server information in the fields provided. Figure 190 Red Hat 9.0: KDE: Network Configuration: DNS Click the Devices tab. SBG3500-N000 User’s Guide...
Page 354
The following example shows an example where the static IP address is 192.168.1.10 and the subnet mask is 255.255.255.0. Figure 193 Red Hat 9.0: Static IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=static IPADDR=192.168.1.10 NETMASK=255.255.255.0 USERCTL=no PEERDNS=yes TYPE=Ethernet SBG3500-N000 User’s Guide...
192.168.1.1). Each of these four parts is known as an octet. An octet is an eight-digit binary number (for example 11000000, which is 192 in decimal notation). Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal. SBG3500-N000 User’s Guide...
Page 357
Host ID 00000010 By convention, subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits. SBG3500-N000 User’s Guide...
Page 358
This is usually specified by writing a “/” followed by the number of bits in the mask after the address. For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with subnet mask 255.255.255.128. SBG3500-N000 User’s Guide...
Page 359
You can “borrow” one of the host ID bits to divide the network 192.168.1.0 into two separate sub- networks. The subnet mask is now 25 bits (255.255.255.128 or /25). The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. SBG3500-N000 User’s Guide...
Page 360
Table 132 Subnet 1 LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE IP Address (Decimal) 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 00000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 SBG3500-N000 User’s Guide...
Page 361
Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet. Table 136 Eight Subnets SUBNET LAST BROADCAST SUBNET FIRST ADDRESS ADDRESS ADDRESS ADDRESS SBG3500-N000 User’s Guide...
Page 363
Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space. SBG3500-N000 User’s Guide...
In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker. Figure 200 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. In Internet Explorer, select Tools, Internet Options, Privacy. SBG3500-N000 User’s Guide...
Page 365
Click Apply to save this setting. Enable Pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. In Internet Explorer, select Tools, Internet Options and then the Privacy tab. SBG3500-N000 User’s Guide...
Page 366
Select Settings…to open the Pop-up Blocker Settings screen. Figure 202 Internet Options: Privacy Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. SBG3500-N000 User’s Guide...
Page 367
Figure 203 Pop-up Blocker Settings Click Close to return to the Privacy screen. Click Apply to save this setting. JavaScript If pages of the web configurator do not display properly in Internet Explorer, check that JavaScript are allowed. SBG3500-N000 User’s Guide...
Page 368
Figure 204 Internet Options: Security Click the Custom Level... button. Scroll down to Scripting. Under Active scripting make sure that Enable is selected (the default). Under Scripting of Java applets make sure that Enable is selected (the default). SBG3500-N000 User’s Guide...
Page 369
Figure 205 Security Settings - Java Scripting Java Permissions From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM. Under Java permissions make sure that a safety level is selected. SBG3500-N000 User’s Guide...
Page 370
Click OK to close the window. Figure 206 Security Settings - Java JAVA (Sun) From Internet Explorer, click Tools, Internet Options and then the Advanced tab. Make sure that Use Java 2 for <applet> under Java (Sun) is selected. SBG3500-N000 User’s Guide...
Page 371
Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary. You can enable Java, Javascript and pop-ups in one screen. Click Tools, then click Options in the screen that appears. Figure 208 Mozilla Firefox: Tools > Options SBG3500-N000 User’s Guide...
Page 372
Appendix C Pop-up Windows, JavaScript and Java Permissions Click Content.to show the screen below. Select the check boxes as shown in the following screen. Figure 209 Mozilla Firefox Content Security SBG3500-N000 User’s Guide...
(AP). Intra-BSS traffic is traffic between wireless clients in the BSS. When Intra-BSS is enabled, wireless client A and B can access the wired network and communicate with each other. When Intra-BSS is SBG3500-N000 User’s Guide...
Page 374
APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood. SBG3500-N000 User’s Guide...
Page 375
A hidden node occurs when two stations are within range of the same access point, but are not within range of each other. The following figure illustrates a hidden node. Both stations (STA) are within range of the access point (AP) or wireless gateway, but out-of-range of each other, so they SBG3500-N000 User’s Guide...
Page 376
AP will fragment the packet into smaller data frames. A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. SBG3500-N000 User’s Guide...
Page 377
IEEE802.1x EAP with RADIUS Server Authentication Wi-Fi Protected Access (WPA) WPA2 Most Secure Note: You must enable the same wireless security settings on the Device and on all wireless clients that you want to associate with it. SBG3500-N000 User’s Guide...
Page 378
Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access-Request message. The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting: SBG3500-N000 User’s Guide...
Page 379
This makes user identity vulnerable to passive attacks. A digital certificate is an electronic ID card that authenticates the sender’s identity. However, to implement EAP-TLS, you need a Certificate Authority (CA) to handle certificates, which imposes a management overhead. SBG3500-N000 User’s Guide...
Page 381
The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The only difference between the two is that WPA(2)-PSK uses a simple common password, instead of user-specific credentials. The common-password approach makes WPA(2)-PSK susceptible to brute-force SBG3500-N000 User’s Guide...
Page 382
The RADIUS server then checks the user's identification against its database and grants or denies network access accordingly. A 256-bit Pairwise Master Key (PMK) is derived from the authentication process by the RADIUS server and the client. SBG3500-N000 User’s Guide...
Page 383
The AP and wireless clients use the TKIP or AES encryption process, the PMK and information exchanged in a handshake to create temporal encryption keys. They use these keys to encrypt data exchanged between them. Figure 215 WPA(2)-PSK Authentication SBG3500-N000 User’s Guide...
Page 384
Antenna gain, measured in dB (decibel), is the increase in coverage within the RF beam width. Higher antenna gain improves the range of the signal for better communications. For an indoor site, each 1 dB increase in antenna gain results in a range increase of approximately SBG3500-N000 User’s Guide...
Page 385
For a single AP application, place omni-directional antennas as close to the center of the coverage area as possible. For directional antennas, point the antenna in the direction of the desired coverage area. SBG3500-N000 User’s Guide...
“private IP address” in IPv4. You can have the same link-local address on multiple interfaces on a device. A link-local unicast address has a predefined prefix of fe80::/10. The link-local unicast address format is as follows. Table 143 Link-local Unicast Address Format 1111 1110 10 Interface ID 10 bits 54 bits 64 bits SBG3500-N000 User’s Guide...
Page 387
All DHCP severs on a local site. FF05:0:0:0:0:0:1:3 The following table describes the multicast addresses which are reserved and can not be assigned to a multicast group. Table 145 Reserved Multicast Address MULTICAST ADDRESS FF00:0:0:0:0:0:0:0 FF01:0:0:0:0:0:0:0 FF02:0:0:0:0:0:0:0 FF03:0:0:0:0:0:0:0 FF04:0:0:0:0:0:0:0 FF05:0:0:0:0:0:0:0 FF06:0:0:0:0:0:0:0 FF07:0:0:0:0:0:0:0 SBG3500-N000 User’s Guide...
Page 388
DHCPv6 server uses T1 and T2 to control the time at which the client contacts with the server to extend the lifetimes on any addresses in the IA_NA before the lifetimes expire. After T1, the client sends the server (S1) (from which the addresses in the IA_NA were obtained) a Renew message. If SBG3500-N000 User’s Guide...
Page 389
• Neighbor solicitation: A request from a host to determine a neighbor’s link-layer address (MAC address) and detect if the neighbor is still reachable. A neighbor being “reachable” means it responds to a neighbor solicitation message (from the host) with a neighbor advertisement message. SBG3500-N000 User’s Guide...
Page 390
Done message to the router or switch. The router or switch then sends a group-specific query to the port on which the Done message is received to determine if other devices connected to this port should remain in the group. SBG3500-N000 User’s Guide...
Page 391
Install Dibbler and select the DHCPv6 client option on your computer. After the installation is complete, select Start > All Programs > Dibbler-DHCPv6 > Client Install as service. Select Start > Control Panel > Administrative Tools > Services. SBG3500-N000 User’s Guide...
Page 392
Windows 7 supports IPv6 by default. DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer. To enable IPv6 in Windows 7: Select Control Panel > Network and Sharing Center > Local Area Connection. Select the Internet Protocol Version 6 (TCP/IPv6) checkbox to enable it. Click OK to save the change. SBG3500-N000 User’s Guide...
• If the Protocol is TCP, UDP, or TCP/UDP, this is the IP port number. • If the Protocol is USER, this is the IP protocol number. • Description: This is a brief explanation of the applications that use this service or the situations in which this service is used. SBG3500-N000 User’s Guide...
Page 395
6667 This is another popular Internet chat program. MSN Messenger 1863 Microsoft Networks’ messenger service uses this protocol. NetBIOS TCP/UDP The Network Basic Input/Output System is used for communication between TCP/UDP computers in a LAN. TCP/UDP TCP/UDP SBG3500-N000 User’s Guide...
Page 396
This is a more secure version of SMTP that runs over SSL. SMTP This is a more secure version of SMTP that authenticates sender from out of network mailservers. SNMP TCP/UDP Simple Network Management Program. SNMP-TRAPS TCP/UDP Traps for use with the SNMP (RFC:1215). SBG3500-N000 User’s Guide...
Page 397
UNIX environments. It operates over TCP/ IP networks. Its primary function is to allow users to log into remote host systems. VDOLIVE 7000 A videoconferencing solution. The UDP port number is specified in the application. user- defined SBG3500-N000 User’s Guide...
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved.
Dyrektywy 2012/19/UE. [Portuguese] ZyXEL declara que este equipamento está conforme com os requisitos essenciais e outras disposições da Directiva 2012/19/UE. [Slovenian] ZyXEL izjavlja, da je ta oprema v skladu z bistvenimi zahtevami in ostalimi relevantnimi določili direktive 2012/19/UE. SBG3500-N000 User’s Guide...
Page 401
The outdoor usage of the 2.4 GHz band requires an authorization from the Electronic Communications Office. Please check http:// www.esd.lv for more details. 2.4 GHz frekvenèu joslas izmantoðanai ârpus telpâm nepiecieðama atïauja no Elektronisko sakaru direkcijas. Vairâk informâcijas: http://www.esd.lv. Notes: SBG3500-N000 User’s Guide...
Your product is marked with this symbol, which is known as the WEEE mark. WEEE stands for Waste Electronics and Electrical Equipment. It means that used electrical and electronic products should not be mixed with general waste. Used electrical and electronic equipment should be treated separately. SBG3500-N000 User’s Guide...
Basic Service Set, See BSS configuration Basic Service Set, see BSS backup blinking LEDs firewalls Broadband reset broadcast restoring 153, 373 static route 123, 184, 223, 301 example Connectivity Check Messages, see CCMs copyright SBG3500-N000 User’s Guide...
Page 404
DS, dee differentiated services fragmentation threshold 146, 150, 376 DSCP 207, 220 dynamic DNS wildcard Dynamic Host Configuration Protocol, see DHCP dynamic WEP key exchange DYNDNS wildcard General wireless LAN screen Guide Quick Start EAP Authentication SBG3500-N000 User’s Guide...
Page 405
Link Trace Message, see LTM IP address 162, 181 Link Trace Response, see LTR ping login private passwords 25, 26 logs IP Address Assignment 286, 289, 296, 314 Loop Back Response, see LBR IP alias loopback NAT applications SBG3500-N000 User’s Guide...
Page 406
147, 150 outside preamble mode port forwarding prefix delegation port number pre-shared key services private IP address SIP ALG product registration activation protocol traversal NAT example push button negotiation mode Push Button Configuration, see PBC SBG3500-N000 User’s Guide...
Page 407
123, 184, 223, 301 example Routing Information Protocol. See RIP static VLAN RPPCs status RTS (Request To Send) firmware version threshold 375, 376 RTS threshold 146, 150 wireless LAN status indicators subnet subnet mask 162, 181, 357 SBG3500-N000 User’s Guide...
Page 408
Two Rate Three Color Marker, see trTCM note web configurator login passwords 25, 26 WEP Encryption 137, 138 unicast WEP encryption Universal Plug and Play, see UPnP WEP key upgrading firmware Wi-Fi Protected Access UPnP wireless client WPA supplicants cautions SBG3500-N000 User’s Guide...
Page 409
WLAN interference security parameters 152, 381 key caching pre-authentication user authentication vs WPA-PSK wireless client supplicant with RADIUS application example WPA2 user authentication vs WPA2-PSK wireless client supplicant with RADIUS application example WPA2-Pre-Shared Key WPA2-PSK application example SBG3500-N000 User’s Guide...