ZyXEL Communications NBG-417N Security Parameters Summary

Appendix D Wireless LANs

NBG-417N User’s Guide

252

Security Parameters Summary

Refer to this table to see what other security parameters you should configure for

each Authentication Method/ key management protocol type. MAC address filters

are not dependent on how you configure these security features.

Table 82 Wireless Security Relational Matrix

AUTHENTICATION

METHOD/ KEY

MANAGEMENT

PROTOCOL

ENCRYPTIO

N METHOD

ENTER

MANUAL KEY IEEE 802.1X

Open None No Disable

Enable without Dynamic WEP

Key

Open WEP No Enable with Dynamic WEP

Key

Yes Enable without Dynamic WEP

Key

Yes Disable

Shared WEP No Enable with Dynamic WEP

Key

Yes Enable without Dynamic WEP

Key

Yes Disable

WPA TKIP No Enable

WPA-PSK TKIP Yes Enable

WPA2 AES No Enable

WPA2-PSK AES Yes Enable

Contents

Main NBG-417N Wireless N-lite Home Router Page About This User's Guide Intended Audience Tips for Reading Users Guides On-Screen Related Documentation Documentation Feedback Need More Help? Customer Support Document Conventions Warnings and Notes Warnings tell you about things that could harm you or your device. Syntax Conventions Page Safety Warnings Safety Warnings Contents Overview Page Table of Contents Page Page Page Part IV: Management ........................................................................... 143 Part V: Maintenance and Troubleshooting........................................ 169 Part VI: Appendices and Index ........................................................... 203 Page PART I Page CHAPTER 1 Getting to Know Your NBG-417N Figure 1 NBG-417N Network 1.1 Overview 1.2 Applications 1.3 Ways to Manage the NBG-417N 1.4 Good Habits for Managing the NBG-417N Figure 2 Front Panel 1.5 LEDs Chapter 1 Getting to Know Your NBG-417N Table 1 Front Panel LEDs and WPS Button LED COLOR STATUS DESCRIPTION Page CHAPTER 2 The WPS Button 2.1 Overview Page CHAPTER 3 Introducing the Web Configurator 3.1 Overview 3.2 Accessing the Web Configurator Page Figure 4 Selecting the setup mode 3.3 Resetting the NBG-417N 3.3.1 Procedure to Use the Reset Button 3.4 Navigating the Web Configurator 3.5 Status Screen (Router Mode) Figure 5 Status Screen (Router Mode) Table 2 Status Screen Icon Key Chapter 3 Introducing the Web Configurator NBG-417N Users Guide 31 Table 3 Web Configurator Status Screen (Router Mode) 3.5.1 Navigation Panel Table 3 Web Configurator Status Screen (Router Mode) (continued) Chapter 3 Introducing the Web Configurator LINK TAB FUNCTION NBG-417N Users Guide 33 3.5.2 Summary: DHCP Table Figure 6 Summary: DHCP Table 3.5.3 Summary: Packet Statistics Figure 7 Summary: Packet Statistics Table 5 Summary: DHCP Table 3.5.4 Summary: WLAN Station Status Figure 8 Summary: Wireless Association List Table 6 Summary: Packet Statistics Table 7 Summary: Wireless Association List Page CHAPTER 4 Connection Wizard Figure 9 Select Wizard or Advanced Mode 4.1 Wizard Setup Figure 10 Select a Language 4.2 Connection Wizard: STEP 1: System Information 4.2.1 System Name 4.2.2 Domain Name Figure 12 Wizard Step 1: System Information Table 8 Wizard Step 1: System Information Chapter 4 Connection Wizard 4.3 Connection Wizard: STEP 2: Wireless LAN Set up your wireless LAN using the following screen. Figure 13 Wizard Step 2: Wireless LAN Table 9 Wizard Step 2: Wireless LAN 4.3.1 Extend (WPA-PSK or WPA2-PSK) Security 4.4 Connection Wizard: STEP 3: Internet Configuration Figure 15 Wizard Step 3: ISP Parameters. 4.4.1 Ethernet Connection Figure 16 Wizard Step 3: Ethernet Connection 4.4.2 PPPoE Connection Table 11 Wizard Step 3: ISP Parameters Figure 17 Wizard Step 3: PPPoE Connection Table 12 Wizard Step 3: PPPoE Connection 4.4.3 PPTP Connection Table 13 Wizard Step 3: PPTP Connection Chapter 4 Connection Wizard NBG-417N Users Guide 47 4.4.4 Your IP Address The following table describes the labels in this screen Figure 19 Wizard Step 3: Your IP Address Table 13 Wizard Step 3: PPTP Connection Table 14 Wizard Step 3: Your IP Address 4.4.5 WAN IP Address Assignment 4.4.6 IP Address and Subnet Mask Table 15 Private IP Address Ranges 4.4.7 DNS Server Address Assignment 4.4.8 WAN IP and DNS Server Address Assignment Figure 20 Wizard Step 3: WAN IP and DNS Server Addresses Table 16 Wizard Step 3: WAN IP and DNS Server Addresses 4.4.9 WAN MAC Address Figure 21 Wizard Step 3: WAN MAC Address Table 17 Example of Network Properties for LAN Servers with Fixed IP Addresses Table 18 Wizard Step 3: WAN MAC Address Page CHAPTER 5 AP Mode 5.1 Overview 5.2 Setting your NBG-417N to AP Mode 5.3 Status Screen (AP Mode) Chapter 5 AP Mode NBG-417N Users Guide 55 The following table describes the labels shown in the Status screen. Table 19 Status Screen (AP Mode) 5.3.1 Navigation Panel Figure 26 Menu: AP Mode Table 19 Status Screen (AP Mode) (continued) Table 20 Menu: AP Mode Chapter 5 AP Mode 5.4 Configuring Your Settings Use this section to configure your NBG-417N settings while in AP Mode. Table 20 Menu: AP Mode LINK TAB FUNCTION 5.4.1 LAN Settings Table 21 Network > LAN > IP 5.4.2 WLAN and Maintenance Settings 5.5 Logging in to the Web Configurator in AP Mode Page CHAPTER 6 Tutorials 6.1 Overview 6.2 How to Connect to the Internet from an AP Figure 28 Wireless AP Connection to the Internet 6.2.1.1 Push Button Configuration (PBC) Figure 29 Example WPS Process: PBC Method 6.2.1.2 PIN Configuration Wireless Client NBG-417N Figure 30 Example WPS Process: PIN Method 6.2.2 Enable and Configure Wireless Security without WPS on your NBG-417N Figure 31 Tutorial: Network > Wireless LAN > General Figure 32 Tutorial: Status Screen 6.2.2.1 Configure Your Notebook Page Figure 36 Link Status 6.3 Bandwidth Management for your Network 6.3.1 Configuring Bandwidth Management by Application Page 6.3.3 Configuring Bandwidth Allocation by IP or IP Range Figure 39 Tutorial: Bandwidth Allocation Example Page Page PART II Page CHAPTER 7 Wireless LAN 7.1 Overview Figure 41 Example of a Wireless Network 7.2 What You Can Do 7.3 What You Should Know 7.3.1 Wireless Security Overview 7.3.1.1 SSID 7.3.1.2 MAC Address Filter 7.3.1.3 User Authentication 7.3.1.4 Encryption 7.3.1.5 WPS 7.4 General Wireless LAN Screen The following table describes the general wireless LAN labels in this screen. See the rest of this chapter for information on the other labels in this screen. 7.4.1 No Security Table 24 Network > Wireless LAN > General 7.4.2 WEP Encryption Figure 44 Network > Wireless LAN > General: Static WEP Table 26 Network > Wireless LAN > General: Static WEP 7.4.3 WPA-PSK/WPA2-PSK Figure 45 Network > Wireless LAN > General: WPA-PSK/WPA2-PSK Table 26 Network > Wireless LAN > General: Static WEP 7.5 MAC Filter Table 27 Network > Wireless LAN > General: WPA-PSK/WPA2-PSK Figure 46 Network > Wireless LAN > MAC Filter Table 28 Network > Wireless LAN > MAC Filter 7.6 Wireless LAN Advanced Screen Figure 47 Network > Wireless LAN > Advanced The following table describes the labels in this screen. Table 29 Network > Wireless LAN > Advanced Chapter 7 Wireless LAN 7.7 Quality of Service (QoS) Screen Table 29 Network > Wireless LAN > Advanced Figure 48 Network > Wireless LAN > QoS Table 30 Network > Wireless LAN > QoS 7.7.1 Application Priority Configuration Figure 49 Network > Wireless LAN > QoS: Application Priority Configuration Table 30 Network > Wireless LAN > QoS (continued) Table 31 Network > Wireless LAN > QoS: Application Priority Configuration Table 31 Network > Wireless LAN > QoS: Application Priority Configuration 7.8 WPS Screen Figure 50 Network > Wireless LAN > WPS Table 32 Network > Wireless LAN > WPS 7.9 WPS Station Screen 7.10 Scheduling Screen Figure 52 Network > Wireless LAN > Scheduling Table 34 Network > Wireless LAN > Scheduling Note: Entering the same begin time and end time will mean the whole day. 7.11 WDS Screen Figure 53 Network > Wireless LAN > WDS Table 35 Network > Wireless LAN > WDS 7.11.1 Security Mode: Static WEP Table 36 Network > Wireless LAN > WDS (Static WEP) Page Page CHAPTER 8 WAN 8.1 Overview Figure 56 LAN and WAN 8.2 What You Can Do 8.3 What You Need To Know 8.3.1 Configuring Your Internet Connection Encapsulation Method WAN IP Address DNS Server Address Assignment 8.3.2 Multicast Figure 57 Multicast Example 8.3.3 NetBIOS over TCP/IP 8.3.4 Auto-Bridge Figure 58 Autobridging Example 8.4 Internet Connection 8.4.1 Ethernet Encapsulation Figure 59 Network > WAN > Internet Connection: Ethernet Encapsulation Table 38 Network > WAN > Internet Connection: Ethernet Encapsulation 8.4.2 PPPoE Encapsulation Table 38 Network > WAN > Internet Connection: Ethernet Encapsulation Figure 60 Network > WAN > Internet Connection: PPPoE Encapsulation Table 39 Network > WAN > Internet Connection: PPPoE Encapsulation 8.4.3 PPTP Encapsulation Table 39 Network > WAN > Internet Connection: PPPoE Encapsulation Figure 61 Network > WAN > Internet Connection: PPTP Encapsulation Page 8.5 Advanced WAN Screen Note: The three categories shown in this screen are independent of each other. Figure 62 Network > WAN > Advanced Table 41 Network > WAN > Advanced CHAPTER 9 LAN 9.1 Overview Figure 63 LAN Setup 9.2 What You Can Do 9.3 What You Need To Know Figure 64 LAN and WAN IP Addresses 9.3.1 IP Pool Setup 9.3.2 LAN TCP/IP 9.4 LAN IP Screen Figure 65 Network > LAN > IP Table 42 Network > LAN > IP Page CHAPTER 10 DHCP Server 10.1 Overview 10.2 What You Can Do 10.3 What You Need To Know 10.4 General Screen Figure 66 Network > DHCP Server > General 10.5 Advanced Screen Table 43 Network > DHCP Server > General Figure 67 Network > DHCP Server > Advanced Table 44 Network > DHCP Server > Advanced 10.6 Client List Screen Table 44 Network > DHCP Server > Advanced Figure 68 Network > DHCP Server > Client List Table 45 Network > DHCP Server > Client List Page CHAPTER 11 Network Address Translation (NAT) 11.1 Overview Figure 69 NAT Example 11.2 What You Can Do 11.3 General NAT Screen Figure 70 Network > NAT > General Table 46 Network > NAT > General 11.4 NAT Application Screen Figure 71 Network > NAT > Application Table 47 Network > NAT > Application Chapter 11 Network Address Translation (NAT) NBG-417N Users Guide 125 Table 47 Network > NAT > Application (continued) 11.5 NAT Advanced Screen 11.5.1 Trigger Port Forwarding Example Figure 73 Trigger Port Forwarding Process: Example Table 48 Network > NAT > Advanced 11.5.2 Two Points To Remember About Trigger Ports CHAPTER 12 Dynamic DNS 12.1 Overview 12.2 What You Can Do 12.3 What You Need To Know 12.4 Dynamic DNS Screen Figure 74 Network > Dynamic DNS Table 49 Network > Dynamic DNS Chapter 12 Dynamic DNS NBG-417N Users Guide 131 Page Page Page CHAPTER 13 Firewall Figure 75 Default Firewall Action 13.1 Overview 13.2 What You Can Do 13.3 What You Need To Know 13.3.1 About the NBG-417N Firewall 13.4 General Firewall Screen Figure 76 Security > Firewall > General 13.5 Services Screen Table 50 Security > Firewall > General Chapter 13 Firewall Figure 77 Security > Firewall > Services Table 51 Security > Firewall > Services CHAPTER 14 Content Filtering 14.1 Overview 14.2 What You Can Do 14.3 What You Need To Know 14.4 Filter Screen Figure 78 Security > Content Filter > Filter 14.5 Technical Reference 14.5.1 Customizing Keyword Blocking URL Checking Domain Name or IP Address URL Checking Table 52 Security > Content Filter > Filter Full Path URL Checking File Name URL Checking Page Page CHAPTER 15 Static Route 15.1 Overview Figure 79 Example of Static Routing Topology 15.2 What You Can Do 15.3 IP Static Route Screen Figure 80 Management > Static Route > IP Static Route Table 53 Management > Static Route > IP Static Route Chapter 15 Static Route NBG-417N Users Guide 147 15.3.1 Static Route Setup Screen Figure 81 Management > Static Route > IP Static Route: Static Route Setup Table 54 Management > Static Route > IP Static Route: Static Route Setup Page CHAPTER 16 Bandwidth Management 16.1 Overview 16.2 What You Can Do 16.3 What You Need To Know 16.4 General Configuration Figure 83 Management > Bandwidth MGMT > General Note: You cannot apply both bandwidth management types at the same time. 16.5 Advanced Configuration Table 55 Management > Bandwidth MGMT > General Page Chapter 16 Bandwidth Management NBG-417N Users Guide 153 Table 56 Management > Bandwidth MGMT > Advanced (continued) 16.5.1 Priority Levels 16.5.2 User Defined Service Rule Configuration Figure 85 Management > Bandwidth MGMT > Advanced: Allocation Setup Table 57 Management > Bandwidth MGMT > Advanced: Allocation Setup Chapter 16 Bandwidth Management 16.5.3 Predefined Bandwidth Management Services Table 58 Media Bandwidth Management Setup: Services SERVICE DESCRIPTION 16.5.4 Services and Port Numbers Table 58 Media Bandwidth Management Setup: Services (continued) CHAPTER 17 Remote Management 17.1 Overview 17.2 What You Can Do 17.3 What You Need To Know Page 17.4 WWW Screen Figure 86 Management > Remote MGMT > WWW Table 59 Note: This only applies on WAN IP. Page CHAPTER 18 Universal Plug-and-Play (UPnP) 18.1 Overview 18.2 What You Can Do 18.3 What You Need to Know 18.4 UPnP Screen Figure 87 Management > UPnP > General 18.5 Technical Reference 18.5.1 Using UPnP in Windows XP Example 18.5.1.1 Auto-discover Your UPnP-enabled Network Device Table 60 Management > UPnP > General Page Page Page Page Page PART V Page CHAPTER 19 System Table 61 Maintenance > System > General 19.4 Time Setting Screen Figure 98 Maintenance > System > Time Setting Page Page Page CHAPTER 20 Logs 20.1 Overview 20.2 What You Can Do 20.3 What You Need to Know 20.4 View Log Screen Figure 99 Maintenance > Logs > View Log Table 63 Maintenance > Logs > View Log CHAPTER 21 Tools 21.1 Overview 21.2 What You Can Do 21.3 Firmware Upload Screen Page Page 21.4 Configuration Screen Figure 104 Maintenance > Tools > Configuration 21.4.1 Backup Configuration 21.4.2 Restore Configuration Note: Do not turn off the NBG-417N while configuration file upload is in progress Figure 105 Configuration Restore Successful Figure 106 Temporarily Disconnected Table 65 Maintenance Restore Configuration 21.5 Restart Screen CHAPTER 22 Sys OP Mode AP 22.4 General Screen Figure 113 Maintenance > Sys Op Mode > General: AP Table 66 Maintenance > Sys OP Mode > General Note: If you select the incorrect System Operation Mode you cannot connect to the Internet. Page CHAPTER 23 Language Figure 114 Language 23.1 Language Screen Page CHAPTER 24 Troubleshooting 24.1 Power, Hardware Connections, and LEDs The NBG-417N does not turn on. None of the LEDs turn on. One of the LEDs does not behave as expected. 24.2 NBG-417N Access and Login I dont know the IP address of my NBG-417N. I forgot the password. I cannot see or access the Login screen in the Web Configurator. I can see the Login screen, but I cannot log in to the NBG-417N. 24.3 Internet Access I cannot access the Internet. The Internet connection is slow or intermittent. 24.4 Resetting the NBG-417N to Its Factory Defaults You will lose all of your changes when you push the RESET button. 24.5 Wireless Router/AP Troubleshooting I cannot access the NBG-417N or ping any computer from the WLAN (wireless AP or router). I set up URL keyword blocking, but I can still access a website that should be blocked. I can access the Internet, but I cannot open my network folders. I can access the Web Configurator after I switched to AP mode. Page NBG-417N Users Guide 199 CHAPTER 25 Product Specifications The following tables summarize the NBG-417Ns hardware and firmware features. Table 67 Hardware Features Chapter 25 Product Specifications Table 68 Firmware Features FEATURE DESCRIPTION Note: Only upload firmware for your specific model! Chapter 25 Product Specifications NBG-417N Users Guide 201 Table 68 Firmware Features FEATURE DESCRIPTION Page PART VI Page APPENDIX A IP Addresses and Subnetting Introduction to IP Addresses Structure Figure 115 Network Number and Host ID Subnet Masks Table 69 Subnet Mask - Identifying Network Number Network Size Table 70 Subnet Masks Table 69 Subnet Mask - Identifying Network Number Notation Table 71 Maximum Host Numbers Table 72 Alternative Subnet Mask Notation Subnetting Figure 116 Subnetting Example: Before Subnetting Figure 117 Subnetting Example: After Subnetting Example: Four Subnets Table 73 Subnet 1 Table 74 Subnet 2 Table 75 Subnet 3 Table 76 Subnet 4 Example: Eight Subnets Subnet Planning Table 76 Subnet 4 (continued) Table 77 Eight Subnets Table 78 24-bit Network Number Subnet Planning Configuring IP Addresses Table 79 16-bit Network Number Subnet Planning Private IP Addresses APPENDIX B Pop-up Windows, JavaScripts and Java Permissions Internet Explorer Pop-up Blockers Disable pop-up Blockers Figure 119 Internet Options: Privacy Enable pop-up Blockers with Exceptions Page Page Figure 122 Internet Options: Security Page Page Page APPENDIX C Setting up Your Computers IP Address Windows 95/98/Me Figure 126 WIndows 95/98/Me: Network: Configuration Installing Components Configuring Figure 127 Windows 95/98/Me: TCP/IP Properties: IP Address Figure 128 Windows 95/98/Me: TCP/IP Properties: DNS Configuration Page Page Figure 132 Windows XP: Local Area Connection Properties Figure 133 Windows XP: Internet Protocol (TCP/IP) Properties Figure 134 Windows XP: Advanced TCP/IP Properties Figure 135 Windows XP: Internet Protocol (TCP/IP) Properties Page Figure 137 Macintosh OS 8/9: TCP/IP Page Linux Note: Make sure you are logged in as the root administrator. Figure 140 Red Hat 9.0: KDE: Network Configuration: Devices Using the K Desktop Environment (KDE) Page Figure 143 Red Hat 9.0: KDE: Network Configuration: Activate Using Configuration Files Figure 144 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 Figure 145 Red Hat 9.0: Static IP Address Setting in ifconfig-eth0 Figure 146 Red Hat 9.0: DNS Settings in resolv.conf Figure 147 Red Hat 9.0: Restart Ethernet Card 25.0.1 Verifying Settings Figure 148 Red Hat 9.0: Checking TCP/IP Properties APPENDIX D Wireless LANs Wireless LAN Topologies Ad-hoc Wireless LAN Configuration Figure 149 Peer-to-Peer Communication in an Ad-hoc Network ESS Figure 151 Infrastructure WLAN Channel RTS/CTS Figure 152 RTS/CTS Fragmentation Threshold Preamble Type Note: The AP and the wireless stations MUST use the same preamble mode in order to communicate. IEEE 802.11g Wireless LAN IEEE 802.1x RADIUS Table 80 IEEE 802.11g Types of RADIUS Messages Types of Authentication EAP-MD5 (Message-Digest Algorithm 5) EAP-TLS (Transport Layer Security) EAP-TTLS (Tunneled Transport Layer Service) PEAP (Protected EAP) LEAP Dynamic WEP Key Exchange WPA(2) Encryption Table 81 Comparison of EAP Authentication Types User Authentication 25.0.2 WPA(2)-PSK Application Example Figure 153 WPA(2)-PSK Authentication 25.0.3 WPA(2) with RADIUS Application Example Security Parameters Summary Table 82 Wireless Security Relational Matrix APPENDIX E Services Table 83 Examples of Services Page Page Page APPENDIX F Legal Information Copyright Disclaimer Certifications FCC Radiation Exposure Statement Industry Canada Statement IMPORTANT NOTE: IC Radiation Exposure Statement: ! Notices Viewing Certifications ZyXEL Limited Warranty Note Registration End-User License Agreement for "NBG-417N" Page Page Page Page Index A B C D E F G H I M N O P Q S T U V W X