ZyXEL Communications NBG-510S, User Manual

Page 1: ...www zyxel com NBG 510S 802 11g Wireless Remote Access Broadband Gateway User s Guide Version 1 00 7 2007 Edition 1 DEFAULT LOGIN IP Address http 192 168 1 1 User Name admin Password 1234 ...

Page 2: ......

Page 3: ...nfiguring for initial secure remote access to the LAN Web Configurator Online Help Embedded web help for descriptions of individual screens and supplementary information Supporting Disk Refer to the included CD for support documents ZyXEL Web Site Please refer to www zyxel com for additional support documentation and product certifications User Guide Feedback Help us help you Send all User s Guide...

Page 4: ... is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press the ENTER key Select or choose means for you to use one of the predefined choices A right angle bracket within a screen name denotes a mouse click For example Network WAN Internet Connection means you first click Networ...

Page 5: ... in Figures Figures in this User s Guide may use the following generic icons The ZyXEL Device icon is not an exact representation of your device ZyXEL Device Computer Notebook computer Server DSLAM Firewall Telephone Switch Router Broadband modem or router ...

Page 6: ...l cables from this device before servicing or disassembling Use ONLY an appropriate power adaptor or cord for your device Connect the power adaptor or cord to the right supply voltage for example 110V AC in North America or 230V AC in Europe Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord Do NOT use the devi...

Page 7: ...Safety Warnings NBG 510S User s Guide 7 This product is recyclable Dispose of it properly ...

Page 8: ...Safety Warnings NBG 510S User s Guide 8 ...

Page 9: ...N 77 DHCP 79 NAT and Firewall WAN to LAN 81 DDNS 89 Security 91 Access Control 93 Content Filtering 101 Management 103 UPnP 105 Static Route 113 Maintenance 117 System 119 Logs 123 Tools 125 Secure Remote Access User Portal 133 Secure Remote Access Title 135 Secure Remote Access User Info 137 Manage Accessible LAN Resources 141 Manage User Access Permissions 143 Secure Remote Desktop Control 151 S...

Page 10: ...Contents Overview NBG 510S User s Guide 10 Troubleshooting and Appendices 163 Troubleshooting 165 ...

Page 11: ...iew 27 1 1 1 Remote User Access Secured by SSL 27 1 2 Good Habits for Managing the ZyXEL Device 28 Chapter 2 Hardware Connection 29 2 1 Ports and Connectors 29 2 2 LEDs 30 Chapter 3 The Web Configurator 31 3 1 Web Configurator Overview 31 3 2 Logging into the ZyXEL Device 31 3 3 Web Configurator Main Screen 34 3 3 1 Title Bar 35 3 3 2 Navigation Panel 35 3 3 3 Main Window 36 3 3 4 Status Bar 36 3 ...

Page 12: ...naged 46 6 2 2 Configure the ZyXEL Device 47 6 2 3 Use the Secure Remote Desktop Connection 48 6 3 Wireless Tutorial 50 6 4 Example Parameters 51 6 5 Configuring the ZyXEL Device 51 6 6 Configuring the Wireless Client 52 6 6 1 Connecting to a Wireless LAN 52 6 6 2 Creating and Using a Profile 54 Part II Network 59 Chapter 7 Wireless LAN 61 7 1 Wireless Network Overview 61 7 2 Wireless Security Ove...

Page 13: ...HCP 79 10 1 1 Factory DHCP Defaults 79 10 2 DHCP Screen 79 10 2 1 DHCP Client List Screen 80 Chapter 11 NAT and Firewall WAN to LAN 81 11 1 NAT Overview 81 11 2 Port Forwarding and Firewall 81 11 2 1 Configuring Servers Behind Port Forwarding Example 82 11 3 Port Forwarding Screen 82 11 4 Port Forwarding Add Edit Screen 83 11 5 Trigger Port Forwarding 85 11 5 1 Trigger Port Forwarding Example 85 1...

Page 14: ...t IV Management 103 Chapter 15 UPnP 105 15 1 Universal Plug and Play Overview 105 15 1 1 How Do I Know If I m Using UPnP 105 15 1 2 NAT Traversal 105 15 1 3 Cautions with UPnP 105 15 1 4 UPnP and ZyXEL 106 15 2 Configuring UPnP 106 15 3 Installing UPnP in Windows Example 106 15 3 1 Installing UPnP in Windows Me 107 15 3 2 Installing UPnP in Windows XP 108 15 4 Using UPnP in Windows XP Example 108 ...

Page 15: ...Restore Configuration 127 19 2 3 Device Reset 128 19 3 Restart Screen 129 19 4 Box Access Screen 129 19 5 Diagnostic Tools Screen 130 19 5 1 Diagnostic Tools Ping Results 131 19 5 2 Diagnostic Tools Trace Route Results 131 19 5 3 Diagnostic Tools DNS Resolve Results 132 Part VI Secure Remote Access User Portal 133 Chapter 20 Secure Remote Access Title 135 20 1 Configuring the Secure Remote Access ...

Page 16: ...ence Browsing the Shared Folder Contents 148 Chapter 24 Secure Remote Desktop Control 151 24 1 Desktop Links Overview 151 24 2 Desktop Links Screen 151 24 3 Manage a User s Desktop Links View 152 24 4 Add Desktop Link Screen 153 Chapter 25 Secure Remote Access Screens 155 25 1 Secure Remote Access Screens 155 25 1 1 System Requirements 155 25 2 Logging into the Secure Remote Access Screens 155 25 ...

Page 17: ...6 2 ZyXEL Device Access and Login 166 26 3 Internet Access 167 26 4 Reset the ZyXEL Device to Its Factory Defaults 168 Appendix A Product Specifications 171 Appendix B Common Services 177 Appendix C Wireless LANs 181 Appendix D Legal Information 195 Appendix E Customer Support 199 Index 205 ...

Page 18: ...Table of Contents NBG 510S User s Guide 18 ...

Page 19: ... 17 Wizard MAC Cloning 42 Figure 18 Wizard Internet Access 43 Figure 19 Wizard Applying Internet Settings 43 Figure 20 Wizard Applying Internet Settings 44 Figure 21 My Computer 46 Figure 22 My Computer Properties Remote 46 Figure 23 User Portal Desktop Links 47 Figure 24 User Portal Desktop Links Manage View 47 Figure 25 User Portal Desktop Links Manage View Add 47 Figure 26 Secure Remote Access ...

Page 20: ...ork DHCP Client List 80 Figure 57 Multiple Servers Behind NAT Example 82 Figure 58 Network NAT Port Forwarding 83 Figure 59 Network NAT Port Forwarding Add Edit 84 Figure 60 Trigger Port Forwarding Process Example 85 Figure 61 Network NAT Port Triggering 86 Figure 62 Network NAT Port Triggering Add Edit 87 Figure 63 Network DDNS 89 Figure 64 Network DDNS Add Edit 90 Figure 65 Priority Assignment R...

Page 21: ...ortal Manage Views Manage View 144 Figure 102 User Portal Manage Views Manage View Add a Category 145 Figure 103 User Portal Manage Views Manage View Add Reference 145 Figure 104 User Portal Manage Views Manage View Add Reference Manually 146 Figure 105 User Portal Manage Views Manage View Add Reference Configure Login 147 Figure 106 Adding a Reference Browsing the Shared Folders 147 Figure 107 Ad...

Page 22: ...ures NBG 510S User s Guide 22 Figure 125 Basic Service Set 182 Figure 126 Infrastructure WLAN 183 Figure 127 RTS CTS 184 Figure 128 WPA 2 with RADIUS Application Example 191 Figure 129 WPA 2 PSK Authentication 192 ...

Page 23: ...onnection PPTP Encapsulation 73 Table 16 Network WAN Advanced 75 Table 17 Network LAN 77 Table 18 Network DHCP General 80 Table 19 Network DHCP General 80 Table 20 NAT Application 83 Table 21 Network NAT Port Forwarding Add Edit 84 Table 22 Network NAT Port Triggering 86 Table 23 Network NAT Port Triggering Add Edit 87 Table 24 Network DDNS 89 Table 25 Network DDNS Add Edit 90 Table 26 Security Ac...

Page 24: ... 147 Table 52 Adding a Reference Browsing the Shared Folders 148 Table 53 Adding a Reference Browsing the Shared Folder Contents 148 Table 54 User Portal Desktop Links 152 Table 55 User Portal Desktop Links Manage View 152 Table 56 User Portal Desktop Links Manage View Add 153 Table 57 Secure Remote Access Global Labels and Icons 158 Table 58 Secure Remote User File Browsing 159 Table 59 Desktop M...

Page 25: ...25 PART I Introduction Introducing the ZyWALL 19 Hardware Connection 29 The Web Configurator 31 Status 39 Setup Wizard 41 ...

Page 26: ...26 ...

Page 27: ... supports IEEE 802 11b and IEEE 802 1g devices as well as Super G wireless technology for enhanced wireless data throughput speeds NAT and DHCP server features let you share high speed Internet access through a broadband modem or router Strong firewall protection secures your network from attacks 1 1 1 Remote User Access Secured by SSL The secure remote access portal user portal makes it easy to g...

Page 28: ... things regularly to make the ZyXEL Device more secure and to manage the ZyXEL Device more effectively Change the password Use a password that is not easy to guess and that consists of different types of characters such as numbers and letters Write down the password and put it in a safe place Back up the configuration and make sure you know how to restore it Restoring an earlier working configurat...

Page 29: ...escribes the port connections Table 1 Rear Panel LABEL DESCRIPTION POWER Use the included power adaptor to connect the POWER socket to an appropriate power source See Appendix A on page 171 for the power adaptor s specifications RESET Use this button to reset the ZyXEL Device to the factory default settings See Section 3 6 on page 38 for details LAN 1 4 Use Ethernet cables to connect these 10 100 ...

Page 30: ...tion Blinking This port has a successful 100 Mbps connection and is sending receiving data Green On This port has a successful 10 Mbps connection Blinking This port has a successful 10 Mbps connection and is sending receiving data Off This port does not have a successful Ethernet connection WLAN Green On The ZyXEL Device s wireless LAN connection is ready but is not sending receiving data through ...

Page 31: ...nistrator login only 6 0 or 7 0 Netscape Navigator 7 2 Mozilla 1 7 13 FireFox 1 5 0 9 or 2 0 In order to use the web configurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScripts enabled by default Java permissions enabled by default 3 2 Logging into the ZyXEL Device 1 Make sure you have properly con...

Page 32: ...g via public computer Your web browser cache will be automatically cleaned once you terminate the connection This prevents anyone from obtaining information from the browser cache If you are using your computer to access the ZyXEL Device select I am connecting via my own computer Your web browser cache will not be cleaned after you log out Figure 6 Login Enter Account Information 5 The initial scr...

Page 33: ...e screen displays Click Yes to continue The ZyXEL Device automatically forwards administrator sessions to its HTTPS server on TCP port 8443 The ZyXEL Device automatically forwards secure remote access sessions to its HTTPS server on TCP port 443 If the ZyXEL Device is behind a firewall or NAT router make sure you configure port forwarding or a firewall rule to allow traffic to the ZyXEL Device on ...

Page 34: ...inistrator Login 7 The main screen displays 3 3 Web Configurator Main Screen The Status screen is the main screen and it is the first screen that displays every time you access the web configurator as an administrator Figure 10 Main Screen The main screen is divided into these parts A title bar C B A D ...

Page 35: ... status Network Wireless LAN Configure the wireless LAN card for wireless clients to connect to WAN Internet Connection Configure the WAN interface for Internet access Advanced Configure the WAN interface s multicast setting LAN Configure the LAN interface to connect to the local network DHCP Server General Turn the DHCP server function on or off and configure the IP address pool Client List See t...

Page 36: ... the WAN Diagnostic Tools Check connectivity to a website or computer on the Internet check the Internet connection s behavior and resolve a domain name s IP address User Portal The secure remote user portal lets remote users securely access LAN resources Remote access to LAN computers is made secure through SSL or HTTPS Configure permissions for authorized remote users to access specific network ...

Page 37: ...ntenance General to display the following screen In the Administrator Inactivity Timer field specify a time in minutes Click Apply to save the changes A value of 0 means a management session never times out no matter how long it has been left idle not recommended You can also use this screen to change the administrator login password refer to Section 3 5 on page 37 Figure 12 Maintenance Password 3...

Page 38: ...dministrator login password and have now forgotten it or you want to start configuring the ZyXEL Device again from the default settings Resetting your device back to the defaults erases all your custom settings Follow the steps below to reset the ZyXEL Device using the RESET button panel 1 Make sure the PWR LED is on and not blinking 2 Use a pointed object to press the RESET button in for five sec...

Page 39: ... interface status To access this screen click Status in the navigation panel Figure 13 Status The following table describes the labels in this screen Table 5 Status LABEL DESCRIPTION Device Information System Name This field displays the name used to identify the ZyXEL Device on any network Model Name This field displays the model name of this ZyXEL Device Serial Number This field displays the ser...

Page 40: ... the current connection status of each interface IP Addr Netmask This field displays the current IP address and subnet mask assigned to the interface Unavailable displays if the interface did not receive an IP address and subnet mask via DHCP or the ZyXEL Device could not connect to ISP IP Assignment This field displays how the interface gets its IP address Static This interface has a static IP ad...

Page 41: ...gure your Internet access settings Follow the steps to configure the wizard screens Click Next in each wizard screen to continue 1 To display the setup wizard click Setup Wizard in the initial main screen Figure 14 Wizard Welcome Screen 2 Create a new administrator password Enter a unique password up to 31 printable ASCII characters with no spaces allowed Figure 15 Wizard Administration Settings ...

Page 42: ...e You can select a time server from the list or select Custom and enter another time server Figure 16 Wizard Date and Time Settings 4 If the Internet Service Provider ISP uses your computer s hardware MAC address in authenticating your Internet access enable MAC cloning and enter your computer s MAC address to have the ZyXEL Device use your computer s MAC address Figure 17 Wizard MAC Cloning ...

Page 43: ...ngs Otherwise select the mode that your ISP uses and enter the Internet access settings exactly as the ISP provided them Figure 18 Wizard Internet Access 6 Wait while the ZyXEL Device applies your Internet access settings Then click Next Figure 19 Wizard Applying Internet Settings 7 Click Close in the final wizard screen ...

Page 44: ...Chapter 5 Setup Wizard NBG 510S User s Guide 44 Figure 20 Wizard Applying Internet Settings ...

Page 45: ...3 on page 143 to configure what files each remote user can access on the LAN Configure folder categories and references to allow a remote user upload files You can configure categories and references for the guest account User Portal User Info Copy User Views can help speed up the process if you are configuring multiple accounts with similar views 6 1 2 Test Secure Remote Access 1 Open another bro...

Page 46: ...mple 1 From your computer desktop right click My Computer and select Properties Figure 21 My Computer 2 Click the Remote tab select Allow users to connect remotely to this computer and click OK This allows any of the computer s administrator user accounts to remotely control the computer If you want to manage which accounts can remotely control the computer click Select Remote Users Figure 22 My C...

Page 47: ...control the LAN computer bob in this example Figure 23 User Portal Desktop Links 2 Click the Add New Policy icon Figure 24 User Portal Desktop Links Manage View 3 Configure the policy The policy name reference name here is example Windows Remote Desktop Connection uses RDP protocol The computer is at LAN IP address 192 168 1 33 This example uses the default port settings see Table 56 on page 153 f...

Page 48: ...e secure remote access screens using the bob account Click OK Yes or Run in any security alert or certificate screens that display See Section 25 2 on page 155 for more login details Figure 26 Secure Remote Access Login 2 Click Desktop to open the following screen Click RemoteDesktopAccess to open a screen with links for the LAN computers you can manage ...

Page 49: ... The following steps show how to enter the loopback IP address and port number in the remote computer s Windows Remote Desktop Connection software to use in communicating with the LAN computer you are managing Figure 28 Desktop Links 4 Stay logged into the ZyXEL Device s secure remote access portal In Windows click Start Programs Accessories Remote Desktop Connection ...

Page 50: ...rator accounts you can manage the LAN computer Stay logged into the ZyXEL Device s secure remote access portal Make sure the remote computer is not running a remote desktop server on the same port number 6 3 Wireless Tutorial The following sections give examples of how to set up the ZyXEL Device and wireless client for wireless communication using the following parameters The wireless clients can ...

Page 51: ... configure the wireless settings on your ZyXEL Device 1 Open the Network Wireless LAN screen in the web configurator Figure 31 Network Wireless LAN 2 Make sure the Enable Wireless LAN check box is selected 3 Enter SSID_Example3 as the SSID and select a channel 4 Set security mode to WPA PSK and enter ThisismyWPA PSKpre sharedkey in the Pre Shared Key field Click Apply 5 Open the Status screen Unde...

Page 52: ...ions show you how to join a ZyXEL wireless client not included to the wireless network This example uses the ZyXEL utility that comes with a ZyXEL wireless client In the following diagram the wireless client is labelled C and the access point is labelled AP There are three ways to connect the client to an access point Configure nothing and leave the wireless client to automatically scan for and co...

Page 53: ...t 2 The wireless client automatically searches for available wireless networks Click Scan if you want to search again If no entry displays in the Available Network List that means there is no wireless network available within range Make sure the AP or peer computer is turned on or move the wireless client closer to the AP or peer computer 3 When you try to connect to an AP with security configured...

Page 54: ...the address bar If you are able to access the web site your wireless connection is successfully configured If you cannot access the web site try changing the encryption type in the Security Settings screen check the Troubleshooting section of this User s Guide or contact your network administrator 6 6 2 Creating and Using a Profile A profile lets you automatically connect to the same wireless netw...

Page 55: ...played in the Scan Info box Click on Scan if you want to search again You can also configure your profile for a wireless network that is not in the list Figure 37 ZyXEL Utility Add New Profile 3 Give the profile a descriptive name of up to 32 printable ASCII characters Select Infrastructure and either manually enter or select the AP s SSID in the Scan Info table and click Select 4 Choose the same ...

Page 56: ...ryption 6 In the next screen leave both boxes checked Figure 40 Profile Wireless Protocol Settings 7 Verify the profile settings in the read only screen Click Save to save and go to the next screen Figure 41 Profile Confirm Save 8 Click Activate Now to use the new profile immediately Otherwise click the Activate Later button If you clicked Activate Later you can select the profile from the list in...

Page 57: ...ns green and the Link Info screen displays details of the active connection 10 Open your Internet browser enter http www zyxel com or the URL of any other web site in the address bar and press ENTER If you are able to access the web site your new profile is successfully configured 11 If you cannot access the Internet go back to the Profile screen select the profile you are using and click Edit Che...

Page 58: ...Chapter 6 Tutorials NBG 510S User s Guide 58 ...

Page 59: ...59 PART II Network Wireless LAN 61 WAN 69 LAN 77 DHCP 79 NAT and Firewall WAN to LAN 81 DDNS 89 ...

Page 60: ...60 ...

Page 61: ...reless network devices A and B are called wireless clients The wireless clients use the access point AP to interact with other devices such as the printer or with the Internet Your ZyXEL Device is the AP Every wireless network must follow these basic guidelines Every wireless client in the same wireless network must use the same SSID The SSID is the name of the wireless network It stands for Servi...

Page 62: ... wireless networks use WPA PSK WPA or stronger security WEP is better than no security but it is still possible for unauthorized devices to figure out the original information pretty quickly When you select WPA2 or WPA2 PSK in your ZyXEL Device you can also select an option WPA Compatible to support WPA as well In this case if some wireless clients support WPA and some support WPA2 you should set ...

Page 63: ... Encryption Wireless networks can use encryption to protect the information that is sent in the wireless network Encryption is like a secret code If you do not know the secret code you cannot understand the message Many types of encryption use a key to protect the information in the wireless network The longer the key the stronger the encryption Every wireless client in the wireless network must h...

Page 64: ...ociated Wireless stations associating to the access point AP must have the same SSID Enter a descriptive name up to 32 printable 7 bit ASCII characters for the wireless LAN Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a station cannot obtain the SSID through scanning using a site survey tool Channel Selection The range of radio frequencies used by IEEE 802 1 wir...

Page 65: ...can be enabled at any one time It is recommended that wireless networks use WPA PSK WPA or stronger security WEP is better than no security but it is still possible for unauthorized devices to figure out the original information pretty quickly In order to configure and enable WEP encryption click Network Wireless LAN to display the General screen Select Static WEP as the Server Type Figure 46 Netw...

Page 66: ...to Open System or Shared Key from the drop down list box ASCII Select this option in order to enter ASCII characters as WEP key Hex Select this option in order to enter hexadecimal characters as a WEP key The preceding 0x that identifies a hexadecimal key is entered automatically Key 1 to Key 4 The WEP keys are used to encrypt data Both the ZyXEL Device and the wireless stations must use the same ...

Page 67: ...ients be able to communicate with the ZyXEL Device even when the ZyXEL Device is using WPA2 PSK or WPA2 Pre Shared Key The encryption mechanisms used for WPA WPA2 and WPA PSK WPA2 PSK are the same The only difference between the two is that WPA PSK WPA2 PSK uses a simple common password instead of user specific credentials Type a pre shared key from 8 to 63 case sensitive ASCII characters includin...

Page 68: ...acters as the key to be shared between the external authentication server and the ZyXEL Device The key must be the same on the external authentication server and your ZyXEL Device The key is not sent over the network Accounting Server Active Select this option to enable user accounting through an external authentication server IP Address Enter the IP address of the external accounting server in do...

Page 69: ...tomatically along with the ZyXEL Device s own IP address You can also manually enter a DNS server IP address in the ZyXEL Device 8 3 WAN MAC Address Every Ethernet device has a unique MAC Media Access Control address The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters for example 00 A0 C5 00 00 02 If the Internet Service Provider ISP uses your computer s ...

Page 70: ...option and enter the IP address of the computer on the LAN that is used for Internet access Enter the IP address in dotted decimal notation for example 192 168 1 25 Once it is successfully configured the address will be copied to the ZyXEL Device s configuration file It will not change unless you change the setting or upload a different configuration file This MAC address also displays in the Stat...

Page 71: ...his option to use the factory assigned default MAC address Clone this computer s MAC Select this option and enter the IP address of the computer on the LAN that is used for Internet access Enter the IP address in dotted decimal notation for example 192 168 1 25 Once it is successfully configured the address will be copied to the ZyXEL Device s configuration file It will not change unless you chang...

Page 72: ...ways on WAN MAC Address The MAC address section allows users to configure the WAN port s MAC address by either using the ZyXEL Device s MAC address cloning a computer s IP address or manually entering a MAC address Factory default Select this option to use the factory assigned default MAC address Clone this computer s MAC Select this option and enter the IP address of the computer on the LAN that ...

Page 73: ... Figure 52 Network WAN Internet Connection PPTP Encapsulation The following table describes the labels in this screen OK Click OK to save your changes back to the ZyXEL Device Cancel Click Cancel to begin configuring this screen afresh Table 14 Network WAN Internet Connection PPPoE Encapsulation continued LABEL DESCRIPTION Table 15 Network WAN Internet Connection PPTP Encapsulation LABEL DESCRIPTI...

Page 74: ...ion allows users to configure the WAN port s MAC address by either using the ZyXEL Device s MAC address cloning a computer s IP address or manually entering a MAC address Factory default Select this option to use the factory assigned default MAC address Clone this computer s MAC Select this option and enter the IP address of the computer on the LAN that is used for Internet access Enter the IP add...

Page 75: ...ct None to turn off multicasting on the ZyXEL Device If any of the LAN computers are using applications that use multicasting select IGMP v3 to have the ZyXEL Device proxy multicast traffic This is especially useful for multimedia conferences over the Internet Apply Click Apply to save the settings Cancel Click Cancel to begin configuring this screen afresh ...

Page 76: ...Chapter 8 WAN NBG 510S User s Guide 76 ...

Page 77: ...ce are preset in the factory with an IP address of 192 168 1 1 and a subnet mask of 255 255 255 0 24 bits These parameters should work for the majority of installations 9 2 LAN Screen Click Network LAN to configure the LAN interface settings Figure 54 Network LAN The following table describes the labels in this screen Table 17 Network LAN LABEL DESCRIPTION IP Address Enter an IP address for the LA...

Page 78: ...Chapter 9 LAN NBG 510S User s Guide 78 ...

Page 79: ...addresses and DNS servers to systems that support DHCP client capability 10 1 1 Factory DHCP Defaults The LAN parameters of the ZyXEL Device are preset in the factory with the DHCP server enabled with 32 client IP addresses starting from 192 168 1 33 These parameters should work for the majority of installations 10 2 DHCP Screen Click Network DNCP to configure the DHCP server settings Figure 55 Ne...

Page 80: ... the ZyXEL Device You must have another DHCP server on your LAN or else the computers must be manually configured IP Pool Starting Address Enter the first of the contiguous addresses in the IP address pool Pool Size Specify the maximum number of IP addresses you want the ZyXEL Device to assign to DHCP clients Apply Click Apply to save the settings Cancel Click Cancel to begin configuring this scre...

Page 81: ...w unencrypted access from the WAN the Internet to your LAN For secure connections from the Internet to the LAN computers use the secure remote user portal see part VI on page 133 To set which services protocols can access the ZyXEL Device from the WAN the Internet see Section 19 4 on page 129 This allows or disallows remote management of the ZyXEL Device To control access going from the LAN to the...

Page 82: ...computer B at 192 168 1 34 You could make computer C at 192 168 1 35 the default You assign the LAN IP addresses and the ISP assigns the WAN IP address The NAT network appears as a single host on the Internet Figure 57 Multiple Servers Behind NAT Example 11 3 Port Forwarding Screen Port forwarding allows traffic from the WAN to be forwarded through the ZyXEL Device To change your ZyXEL Device s po...

Page 83: ...he port forwarding list or remote management Default Host Select a LAN computer from the drop down list box or select Custom and specify a LAN IP address Apply Click Apply to save the settings Cancel Click Cancel to begin configuring this screen afresh Port Forwarding List Local IP This field displays the host name or IP address of the LAN computer server that receives the Incoming Service Applica...

Page 84: ...ocol the service uses Choices are TCP UDP AH ESP and GRE Redirect to Local System Select a LAN computer from the drop down list box or select Custom and specify the IP address of a LAN computer Local Service Select what port number the ZyXEL Device when forwarding the service s traffic to the LAN If the LAN computer uses the same port for the service as the incoming packet s source port select Sam...

Page 85: ...ards the traffic to the LAN IP address of the computer that sent the request After that computer s connection for that service closes another computer on the LAN can use the service in the same manner This way you do not need to configure a new IP address each time you want a different LAN computer to use the application 11 5 1 Trigger Port Forwarding Example The following is an example of trigger...

Page 86: ...reen to open this screen Use this screen to configure a port triggering rule Table 22 Network NAT Port Triggering LABEL DESCRIPTION Name This name identifies the trigger port rule Trigger Ports The trigger port range of ports causes triggers the ZyXEL Device to record the IP address of the LAN computer that sent the traffic to a server on the WAN Incoming Ports This is the range of ports that a se...

Page 87: ...ort Range The trigger port range of ports causes triggers the ZyXEL Device to record the IP address of the LAN computer that sent the traffic to a server on the WAN Enter the starting and ending port numbers for the range Incoming Response Port Range This is the range of ports that a server on the WAN uses when it sends out a service s traffic The ZyXEL Device forwards incoming traffic with these ...

Page 88: ...Chapter 11 NAT and Firewall WAN to LAN NBG 510S User s Guide 88 ...

Page 89: ...t you need to enter in the ZyXEL Device 12 2 DDNS Screen Click Network DDNS to open the following screen This screen displays the DDNS records configured on the ZyXEL Device for using DDNS domain names The ZyXEL Device must have a public WAN IP address to use DDNS Figure 63 Network DDNS The following table describes the labels in this screen Table 24 Network DDNS LABEL DESCRIPTION Protocol This fi...

Page 90: ...go to the screen where you can edit the entry Click the Delete icon to remove an entry Table 24 Network DDNS LABEL DESCRIPTION Table 25 Network DDNS Add Edit LABEL DESCRIPTION Domain Name1 3 Enter up to three of the domain names that you registered with the Dynamic DNS service provider Update information using Select the protocol that the DDNS service record uses dyndns User Name Enter your user n...

Page 91: ...91 PART III Security Access Control 93 Content Filtering 101 ...

Page 92: ...92 ...

Page 93: ...ervices protocols can access the ZyXEL Device from the WAN the Internet see Section 19 4 on page 129 This allows or disallows remote management of the ZyXEL Device To allow unencrypted sessions in from the WAN to the LAN use the NAT port forwarding screen see Section 11 3 on page 82 13 2 Quality of Service QoS Quality of Service QoS prioritizes traffic by application This helps guarantee the quali...

Page 94: ...or the LAN is blocked The firewall allows VPN traffic Figure 66 Default Firewall Action Your customized rules take precedence and override the ZyXEL Device s default settings The ZyXEL Device checks the schedule source IP address destination IP address and IP protocol type of network traffic against the firewall rules in the order you list them When the traffic matches a rule the ZyXEL Device take...

Page 95: ...Access Control NBG 510S User s Guide 95 Access control applies to outgoing access sessions initiated from the LAN and going to the WAN All outgoing sessions are allowed by default Figure 67 Security Access Control ...

Page 96: ...tocol that the service uses Priority Select the priority you want to give to the traffic that matches this firewall rule Add icon Click the Add icon in the heading row to add a new first entry The Enable icon displays whether the rule is enabled or not Click it to activate or deactivate the rule The order of your rules is important as they are applied in sequence Click the Move Down icon to move a...

Page 97: ...down list box or select Custom and specify a port number or numbers and protocol To enter a single port number enter it in both fields To enter a range of port numbers enter the starting port number in the first field and the ending port number in the second field Protocol Select the protocol that the service uses Choices are TCP UDP AH ESP and GRE Priority Select the priority you want to give to ...

Page 98: ...en to open this screen Use this screen to configure a firewall schedule Figure 70 Security Schedules Add Edit Table 28 Security Schedules LABEL DESCRIPTION Schedule Name This is the name you used to identify the schedule Time 1 3 These sections list the days and times configured in the schedule Add icon Click the Add icon in the heading row to add a new first entry Click the Edit icon to go to the...

Page 99: ...would like to have an overnight schedule like 10 30 PM to 6 00 AM everyday the time schedule needs to be broken into two pieces You may add a Sunday to Saturday from 10 30 PM to 11 59 PM as time period 1 and Sunday to Saturday from 12 00 Midnight to 6 00 AM as time period 2 Table 29 Security Schedules Add Edit LABEL DESCRIPTION Time Window Name Specify a unique name to identify this schedule Use u...

Page 100: ...Chapter 13 Access Control NBG 510S User s Guide 100 ...

Page 101: ... screen Table 30 Content Filter Filter LABEL DESCRIPTION Restrict Web Features Select the box es to restrict a feature When you download a page containing a restricted feature that part of the web page will appear blank or grayed out ActiveX A tool for building dynamic and active Web pages and distributed object applications When you visit an ActiveX Web site ActiveX controls are downloaded to you...

Page 102: ...ature Keyword blocking has the ZyXEL Device check all of the characters in the URL Keyword Type a keyword in this field You may use any character up to 64 characters Wildcards are not allowed You can also enter a numerical IP address Keyword List This list displays the keywords already added Add Click Add after you have typed a keyword Repeat this procedure to add other keywords Up to 64 keywords ...

Page 103: ...103 PART IV Management UPnP 105 Static Route 113 ...

Page 104: ...104 ...

Page 105: ...s a separate icon Selecting the icon of a UPnP device will allow you to access the information and properties of that device 15 1 2 NAT Traversal UPnP NAT traversal automates the process of allowing an application to operate through NAT UPnP network devices can automatically configure network addressing announce their presence in the network to other UPnP devices and enable exchange of simple prod...

Page 106: ...alling and using UPnP 15 2 Configuring UPnP Click Management UPnP to display the UPnP screen Figure 72 Management UPnP The following table describes the fields in this screen 15 3 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP Table 31 Management UPnP LABEL DESCRIPTION Device Name This identifies the ZyXEL device in UPnP applications Enable t...

Page 107: ...Panel Double click Add Remove Programs 2 Click on the Windows Setup tab and select Communication in the Components selection box Click Details 3 In the Communications window select the Universal Plug and Play check box in the Components selection box 4 Click OK to go back to the Add Remove Programs Properties window and click Next 5 Restart the computer when prompted ...

Page 108: ...ort of the ZyXEL device Turn on your computer and the ZyXEL device 1 Click Start Settings and Control Panel 2 Double click Network Connections 3 In the Network Connections window click Advanced in the main menu and select Optional Networking Components The Windows Optional Networking Components Wizard window displays 4 Select Networking Service in the Components selection box and click Details 5 I...

Page 109: ...anel Double click Network Connections An icon displays under Internet Gateway 2 Right click the icon and select Properties 3 In the Internet Connection Properties window click Settings to see the port mappings that were automatically created You may edit or delete the port mappings or click Add to manually add port mappings ...

Page 110: ...th UPnP you can access the web based configurator on the ZyXEL device without finding out the IP address of the ZyXEL device first This is helpful if you do not know the IP address of the ZyXEL device 4 Select the Show icon in notification area when connected check box and click OK An icon displays in the system tray 5 Double click the icon to display your current Internet connection status ...

Page 111: ... Start and then Control Panel 2 Double click Network Connections 3 Select My Network Places under Other Places 4 An icon with the description for each UPnP enabled device displays under Local Network 5 Right click the icon for your ZyXEL device and select Invoke The web configurator login screen displays ...

Page 112: ...Chapter 15 UPnP NBG 510S User s Guide 112 6 Right click the icon for your ZyXEL device and select Properties A properties window displays with basic information about the ZyXEL device ...

Page 113: ...ance the ZyXEL Device knows about network N2 in the following figure through remote node Router 1 However the ZyXEL Device is unable to route a packet to network N3 because it doesn t know that there is a route through the same remote node Router 1 via gateway Router 2 The static routes are for you to tell the ZyXEL Device about the networks beyond the remote nodes Figure 73 Example of Static Rout...

Page 114: ...his field shows whether this static route is active Yes or not No Destination This parameter specifies the IP network address of the final destination Routing is always based on network number Gateway This is the IP address of the gateway The gateway is a router or switch on the same network segment as the ZyXEL Device s interface The gateway helps forward packets to their destinations Action Clic...

Page 115: ...e subnet mask field to force the network number to be identical to the host ID IP Subnet Mask Enter the IP subnet mask here Gateway IP Address Enter the IP address of the gateway The gateway is a router or switch on the same network segment as the device s LAN or WAN port The gateway helps forward packets to their destinations Metric Metric represents the cost of transmission for routing purposes ...

Page 116: ...Chapter 16 Static Route NBG 510S User s Guide 116 ...

Page 117: ...117 PART V Maintenance System 119 Logs 123 Tools 125 ...

Page 118: ...118 ...

Page 119: ...vides information on the System screens 17 1 System Overview See the chapter about wizard setup for more information on the next few screens 17 2 System General Screen Click Maintenance System to display the following screen Figure 76 Maintenance System General ...

Page 120: ... the ISP assigned domain name Administrator Inactivity Timer Type how many minutes a management session can be left idle before the session times out The default is 5 minutes After it times out you have to log in with your password again Very long idle timeouts may have security risks A value of 0 means a management session never times out no matter how long it has been left idle not recommended A...

Page 121: ...Time Select this option to have the ZyXEL Device automatically use Daylight Saving Time Daylight saving is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening Note At the time of writing only US and UK time zones are supported Time Server Select Standard to be able to select a time server from...

Page 122: ...er s Guide 122 Date MM DD YYYY Enter the new date in these fields Configure Time Click Configure Time to have the ZyXEL Device start using the time you manually configured Table 35 Maintenance System Time Setting LABEL DESCRIPTION ...

Page 123: ... in red indicate system error logs The log wraps around and deletes the old entries after it fills Click a column heading to sort the entries Figure 78 Maintenance Logs The following table describes the labels in this screen Table 36 Maintenance Logs LABEL DESCRIPTION Refresh Click Refresh to renew the log screen Clear Log s Click Clear Logs to delete all the logs This is the number of an individu...

Page 124: ... log Source If the log was caused by an incoming packet this field lists the packet s source IP address and port number Destination If the log was caused by an incoming packet this field lists the packet s destination IP address and port number Table 36 Maintenance Logs LABEL DESCRIPTION ...

Page 125: ...ssful upload the system will reboot Only upload firmware for your specific model Click Maintenance Tools Follow the instructions in this screen to upload firmware to your ZyXEL Device Figure 79 Maintenance Tools Firmware The following table describes the labels in this screen Table 37 Maintenance Tools Firmware LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this...

Page 126: ...fer process is in progress Figure 81 Firmware Upload Progress Status 4 After the file transfer is complete the ZyXEL Device automatically reboots in this time causing a temporary network disconnect A warning screen displays as shown Do NOT restart the ZyXEL Device at this point Figure 82 Firmware Upload Reboot 5 After the ZyXEL Device finishes rebooting the login screen displays Otherwise access t...

Page 127: ...low the on screen instruction to save the ZyXEL Device s current configuration to your computer 19 2 2 Restore Configuration Follow the steps below to upload a previously saved configuration file from your computer to your ZyXEL Device 1 Click Maintenance Tools Configuration and specify the configuration file in the File Path field Or click Browse to locate it 2 Click Upload to start the file tran...

Page 128: ...ter to be in the same subnet as that of the ZyXEL Device LAN IP address 192 168 1 1 19 2 3 Device Reset You can use the Configuration screen to clear all your custom settings and return the ZyXEL Device to its factory defaults 1 Click the Reset button in this section to clear all user entered configuration information and return the ZyXEL Device to its factory defaults The following warning screen...

Page 129: ...tton to reset the factory defaults of your ZyXEL Device Refer to Section 3 6 on page 38 for more information on the RESET button 19 3 Restart Screen System restart allows you to reboot the ZyXEL Device without turning the power off Click Maintenance Tools Restart Click Restart to have the ZyXEL Device reboot This does not affect the ZyXEL Device s configuration Figure 88 Maintenance Tools Restart ...

Page 130: ...TTPS enabled If you have SHP HTTPS enabled disable HTTP to block web configurator access from the WAN secure remote access is still allowed Status The Status icon displays whether or not the service is allowed to access the ZyXEL Device from the Internet Click it to activate or deactivate the service Table 39 Maintenance Tools Diagnostic Tools LABEL DESCRIPTION Application Select the diagnostic ap...

Page 131: ...esults show each hop device the packet went through on the way to the target IP address or domain name and how long each hop took Figure 92 Maintenance Tools Diagnostic Tools Trace Route Results Commit Click Commit to start the selected diagnostic test Note Previous results display along with the current results You may need to wait a few seconds for the ZyXEL Device to perform the diagnostic test...

Page 132: ...ls NBG 510S User s Guide 132 19 5 3 Diagnostic Tools DNS Resolve Results The DNS resolve results show which IP address the target domain name is using Figure 93 Maintenance Tools Diagnostic Tools DNS Resolve Results ...

Page 133: ...mote Access User Portal Secure Remote Access Title 135 Secure Remote Access Title 135 Manage Accessible LAN Resources 141 Manage User Access Permissions 143 Secure Remote Desktop Control 151 Secure Remote Access Screens 155 ...

Page 134: ...134 ...

Page 135: ...ens that the remote user uses to access shared files or secure remote desktop connections Click User Portal Admin Info to open the following screen Use this screen to configure the name that displays in the secure remote access screens Figure 94 User Portal Admin Info The following table describes the labels in this screen Table 40 User Portal Admin Info LABEL DESCRIPTION Family Name Enter the nam...

Page 136: ...Chapter 20 Secure Remote Access Title NBG 510S User s Guide 136 ...

Page 137: ...en lists the remote user accounts Figure 95 User Portal User Info The following table describes the labels in this screen 21 2 1 Add Edit User Info Screen Click the Add or Edit icon in the Portal User User Info screen to open this screen Use this screen to create a new or edit an existing user account Table 41 User Portal User Info LABEL DESCRIPTION User Name This field displays the user name of a...

Page 138: ...he first character cannot be a number This value is case sensitive User account and user group names must be unique Spaces are not allowed Password Enter the password in the field You can enter between 4 to 31 characters Alphanumeric characters 0 9a zA Z and _ characters are allowed Spaces are not allowed Verify Password Enter the password again Inactivity Timeout Type how many minutes a secure re...

Page 139: ...en Table 43 User Portal User Info LABEL DESCRIPTION From To Select the port user with the view that you want to copy and to which portal user you want to copy it Sections to be copied Select which parts of the portal user s view you want to copy to the other portal user Submit Click Submit to modify the portal user s view ...

Page 140: ...Chapter 21 Secure Remote Access User Info NBG 510S User s Guide 140 ...

Page 141: ...access storage device For example A Windows computer with some shared folders A Linux computer running samba server A network storage appliance NSA with shared folders like the NSA 220 22 2 Manage Servers Screen Click Portal User Manage Servers to open the following screen This screen lists the servers that remote users can access Figure 98 User Portal Manage Servers The following table describes ...

Page 142: ...elete icon to remove a server entry Table 44 User Portal Manage Servers continued LABEL DESCRIPTION Table 45 User Portal Manage Server Add LABEL DESCRIPTION Host Name IP Address Type the name of the computer or the computer s static IP address Enter between 1 and 31 alphanumeric characters underscores _ the at sign or dashes This value is case sensitive User Name Enter the user name that you need ...

Page 143: ...the labels in this screen Table 46 User Portal Manage Views LABEL DESCRIPTION User Name This field displays the user name of a secure remote access account The guest account is a special default account that makes it easy to give a guest access to files without having to configure a new account The guest user name is guest and the password is guest123 You cannot change them Guest users can view do...

Page 144: ...sic and folders sections For any section you first have to create a category and then references within the category The categories are like albums and the references within the category are like individual photos in an album You can create more than one category in each section and more than one reference in each category Click the icon to show display a section s categories and button for adding...

Page 145: ...c characters underscores _ the at sign or dashes but the first character cannot be a number Create Click Create to create the category account and return to the previous screen Cancel Click Cancel to return to the top level Manage Views screen without saving your changes Table 49 User Portal Manage Views Manage View Add Reference LABEL DESCRIPTION User This field displays the secure remote access ...

Page 146: ...ving your changes Table 49 User Portal Manage Views Manage View Add Reference continued LABEL DESCRIPTION Table 50 User Portal Manage Views Manage View Add Reference Manually LABEL DESCRIPTION User This field displays the secure remote access account s user name Section This field displays the name of the section that you are working in Category This field displays the name of the category to whic...

Page 147: ... Reference Configure Login LABEL DESCRIPTION Server This is the server where the file is located User Name Enter the user name that you need to use to access the shared folder on the server Enter between 1 and 31 alphanumeric characters underscores _ the at sign or dashes but the first character cannot be a number This value is case sensitive Password Enter the password in the field You can enter ...

Page 148: ... computer the files are on Shared Folders On This lists the shared folders on the selected computer Click a folder s link to see its contents Create Shortcut When you are in a screen with files that you can share select the check boxes next to the files that you want to share and click Create Shortcut to make them accessible to the portal user Table 53 Adding a Reference Browsing the Shared Folder...

Page 149: ...This lists the date and time that a folder was created or a file was last modified Create Shortcut Select the check boxes next to the files that you want to add and click Create Shortcut to make them accessible to the portal user Table 53 Adding a Reference Browsing the Shared Folder Contents continued LABEL DESCRIPTION ...

Page 150: ...Chapter 23 Manage User Access Permissions NBG 510S User s Guide 150 ...

Page 151: ...The LAN computer to be managed and the remote user s computer must both have VNC Virtual Network Computing or RDP Remote Desktop Protocol software installed The server software must be on the LAN computer to be managed and the client software must be on the remote user s computer In the following figure user A uses his user account to log into the ZyXEL Device Then he uses the Real VNC client on h...

Page 152: ...a remote user account Action Click the Manage View icon to go to the screen where you can edit the list of LAN computers that the user can manage Table 55 User Portal Desktop Links Manage View LABEL DESCRIPTION Policy Name This displays the name you entered to identify which computer this policy allows the portal user to manage Protocol This is the protocol of the remote desktop software the LAN c...

Page 153: ...l Note The remote desktop client software on the remote user s computer must use the same protocol as the remote desktop server software on the LAN computer Host IP Address Type the computer s static IP address Intranet Port This is the listening port of the LAN computer running the server version of the remote desktop software The ZyXEL Device uses this port number to send traffic to the LAN comp...

Page 154: ...Chapter 24 Secure Remote Desktop Control NBG 510S User s Guide 154 ...

Page 155: ...t need to be installed for accessing other links like photos videos music and files Web browser pop up windows allowed Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScript allowed these are usually enabled by default Java permissions allowed these are usually enabled by default 25 2 Logging into the Secure Remote Access Screens Accessing the secure remote access scr...

Page 156: ...e the correct case Guests can use guest as the user name and guest123 as the password See Table 46 on page 143 for more about the guest account If you are using a computer that is also used by others select I am connecting via public computer Your web browser cache will be automatically cleaned once you terminate the connection This prevents anyone from obtaining information from the browser cache...

Page 157: ... you out if your secure remote access session is idle for longer than the idle timeout set for your account see Section 21 2 1 on page 137 Just log back in if this happens 25 3 Secure Remote Access Screens Overview This is the first secure remote access portal screen you see after login Figure 114 Main Secure Remote Access Screen ...

Page 158: ...example shows how the remote user can navigate through the files to which he has access Click Sharing Photos to open the following screen Figure 116 Secure Remote User File Browsing Table 57 Secure Remote Access Global Labels and Icons LABEL ICON DESCRIPTION Click the Logout icon at any time to exit the web configurator This is the same as clicking the Logout link at the bottom of the Navigation p...

Page 159: ...how to manage the user s view Click the name of the individual folder to which you want to upload files example here Figure 118 Sharing Folders Folder 3 This screen shows the files already available to the user in this reference The file sizes and when they were last modified also display Click Browse and select the file you want to upload Then click Upload to upload the file Figure 119 Sharing Fo...

Page 160: ...s behind the ZyXEL Device that he can manage Figure 121 Desktop Main Screen The following table describes the labels in this screen 25 8 Desktop Links Click Desktop RemoteDesktopAccess to open the following screen A remote user gets information from this screen to manage the LAN computer represented by a link in the screen See Section 6 2 on page 45 for an example of using the secure remote deskto...

Page 161: ...ter that you can manage File Name Roll your mouse over a link to open a tool tip with the loopback IP address and port number to use in your VNC or RDP client program to connect to the LAN computer Refer to your VNC or RDP program s documentation for details The remote user must Enter the loopback IP address and port number in his VNC or RDP client program Stay logged into the ZyXEL Device s secur...

Page 162: ...Chapter 25 Secure Remote Access Screens NBG 510S User s Guide 162 ...

Page 163: ...163 PART VII Troubleshooting and Appendices Troubleshooting 165 Product Specifications 171 Common Services 177 Legal Information 195 Customer Support 199 Index 205 ...

Page 164: ...164 ...

Page 165: ...the power adaptor or cord is connected to the ZyXEL Device and plugged in to an appropriate power source Make sure the power source is turned on 3 Disconnect and re connect the power adaptor or cord to the ZyXEL Device 4 If the problem continues contact the vendor V One of the LEDs does not behave as expected 1 Make sure you understand the normal behavior of the LED See Section 2 2 on page 31 2 Ch...

Page 166: ...ss the Login screen in the web configurator 1 Make sure you are using the correct IP address The default IP address is 192 168 1 1 If you changed the IP address use the new IP address If you changed the IP address and have forgotten it see the troubleshooting suggestions for I forgot the IP address for the ZyXEL Device 2 Check the hardware connections and make sure the LEDs are behaving as expecte...

Page 167: ...g into the web configurator s management session from the WAN 3 If the ZyXEL Device is behind a firewall or NAT router make sure you configure port forwarding or a firewall rule to allow traffic to the ZyXEL Device on TCP port 8443 for administration connections and TCP port 443 for secure remote access connections 4 You cannot log in to the web configurator while someone is already logged in usin...

Page 168: ...ISP V The Internet connection is slow or intermittent 1 There might be a lot of traffic on the network Look at the LEDs and check Section 29 1 on page 175 If the ZyXEL Device is sending or receiving a lot of information try closing some programs that use the Internet especially peer to peer applications 2 Check the signal strength If the signal strength is low try moving the ZyXEL Device closer to...

Page 169: ...in for five seconds and release it If the ZyXEL Device restarts automatically wait for the ZyXEL Device to finish restarting and log in to the web configurator The LAN IP address is 192 168 1 1 The user name is admin The password is 1234 If the ZyXEL Device does not restart automatically disconnect and reconnect the ZyXEL Device s power Then follow the directions above again ...

Page 170: ...Chapter 26 Troubleshooting NBG 510S User s Guide 170 ...

Page 171: ...utput Power IEEE 802 11b 15 dBm IEEE 802 11g 18 dBm Screw size for wall mounting M 3 10 Approvals Safety CSA 60950 1 IEC 60950 1 EN 60950 1 ANSI UL 60950 1 EMI EN 61000 3 2 EN 61000 3 3 FCC Part 15B EMS FCC Part15C CE EN 300328 CE EN 301 489 1 CE 301 489 17 Table 62 Firmware Specifications FEATURE DESCRIPTION Default IP Address 192 168 1 1 Default Subnet Mask 255 255 255 0 24 bits Default Login Us...

Page 172: ...in logs Logging and Tracing Use trace route and logs for troubleshooting PPPoE PPPoE mimics a dial up Internet access connection Firewall You can configure firewall on the ZyXEL Device for secure Internet access When the firewall is on by default all incoming traffic from the Internet to your network is blocked unless it is initiated from your network This means that probes from the outside to you...

Page 173: ...crews 3 Do not insert the screws all the way into the wall Leave a small gap of about 0 5 cm between the heads of the screws and the wall 4 Make sure the screws are snugly fastened to the wall They need to hold the weight of the ZyXEL Device with the connection cables 5 Align the holes on the back of the ZyXEL Device with the screws on the wall Hang the ZyXEL Device on the screws IEEE 802 11d Stan...

Page 174: ...er Switch Adapter Switch Switch 1 IRD 1 OTD 1 IRD 1 IRD 2 IRD 2 OTD 2 IRD 2 IRD 3 OTD 3 IRD 3 OTD 3 OTD 6 OTD 6 IRD 6 OTD 6 OTD Table 65 US Power Adaptor Specifications AC Power Adaptor Model 30 112 122204B Input Power AC 120 Volts Output Power AC 12 Volts 1 A Power Consumption 12 W Safety Standards UL and CSA Table 66 EU Power Adaptor Specifications AC Power Adaptor Model 30 123 122001B Input Pow...

Page 175: ...Appendix A Product Specifications NBG 510S User s Guide 175 Power Consumption 12 W Safety Standards ITS GS and CE Table 66 EU Power Adaptor Specifications ...

Page 176: ...Appendix A Product Specifications NBG 510S User s Guide 176 ...

Page 177: ...is USER this is the IP protocol number Description This is a brief explanation of the applications that use this service or the situations in which this service is used Table 67 Commonly Used Services NAME PROTOCOL PORT S DESCRIPTION AH IPSEC_TUNNEL User Defined 51 The IPSEC AH Authentication Header tunneling protocol uses this service AIM New ICQ TCP 5190 AOL s Internet Messenger service It is al...

Page 178: ...ernet chat program NEWS TCP 144 A protocol for news groups NFS UDP 2049 Network File System NFS is a client server distributed file service that provides transparent file sharing for network environments NNTP TCP 119 Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service PING User Defined 1 Packet INternet Groper is a protocol that sends out ICMP echo requests t...

Page 179: ...ng mainframes midrange systems UNIX systems and network servers SSH TCP UDP 22 Secure Shell Remote Login Program STRM WORKS UDP 1558 Stream Works Protocol SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server TACACS UDP 49 Login Host Protocol used for Terminal Access Controller Access Control System TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Int...

Page 180: ...Appendix B Common Services NBG 510S User s Guide 180 ...

Page 181: ...endent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an ad hoc wireless LAN Figure 124 Peer to Peer Communication in an Ad hoc Network BSS A Basic Service Set BSS exists when all communications between wireless clients or between a wireless client and a wired network client go through one access point AP Intra BSS traffic is tra...

Page 182: ...red connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood An ESSID ESS IDentification uniquely identifies each ESS All access points and their associated wireless clients within the sa...

Page 183: ...ially overlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 channels and an adjacent AP is using channel 1 then you need to select a channel between 6 or 11 RTS CTS A hidden node occurs when two stations are within range of the same access point but are not within...

Page 184: ...equested transmission Stations can send frames smaller than the specified RTS CTS directly to the AP without the RTS Request To Send CTS Clear to Send handshake You should only configure RTS CTS if the possibility of hidden nodes exists on your network and the cost of resending large frames is more than the extra network overhead involved in the RTS Request To Send CTS Clear to Send handshake If t...

Page 185: ...rt it and to provide more efficient communications Use the dynamic setting to automatically use short preamble when all wireless devices on the network support it otherwise the ZyXEL Device uses long preamble The wireless devices MUST use the same preamble mode in order to communicate IEEE 802 11g Wireless LAN IEEE 802 11g is fully compatible with the IEEE 802 11b standard This means an IEEE 802 1...

Page 186: ...vantages of IEEE 802 1x are User based identification that allows for roaming Support for RADIUS Remote Authentication Dial In User Service RFC 2138 2139 for centralized user profile and accounting management on a network RADIUS server Support for EAP Extensible Authentication Protocol RFC 2486 that allows additional authentication methods to be deployed with no changes to the access point or the ...

Page 187: ...t and the RADIUS server for user accounting Accounting Request Sent by the access point requesting accounting Accounting Response Sent by the RADIUS server to indicate that it has started or stopped accounting In order to ensure network security the access point and the RADIUS server use a shared secret key which is a password they both know The key is not sent over the network In addition to the ...

Page 188: ...ireless clients for mutual authentication The server presents a certificate to the client After validating the identity of the server the client sends a different certificate to the server The exchange of certificates is done in the open before a secured tunnel is created This makes user identity vulnerable to passive attacks A digital certificate is an electronic ID card that authenticates the se...

Page 189: ... defines stronger encryption authentication and key management than WPA Key differences between WPA or WPA2 and WEP are improved data encryption and user authentication If both an AP and the wireless clients support WPA2 and you have an external RADIUS server use WPA2 for stronger data encryption If you don t have an external RADIUS server you should use WPA2 PSK WPA2 Pre Shared Key that only requ...

Page 190: ...with and the packet is dropped By generating unique data encryption keys for every data packet and by creating an integrity checking mechanism MIC with TKIP and AES it is more difficult to decrypt data on a Wi Fi network than WEP and difficult for an intruder to break into the network The encryption mechanisms used for WPA 2 and WPA 2 PSK are the same The only difference between the two is that WP...

Page 191: ...lient s authentication request to the RADIUS server 2 The RADIUS server then checks the user s identification against its database and grants or denies network access accordingly 3 A 256 bit Pairwise Master Key PMK is derived from the authentication process by the RADIUS server and the client 4 The RADIUS server distributes the PMK to the AP The AP then sets up a key hierarchy and management syste...

Page 192: ...to this table to see what other security parameters you should configure for each authentication method or key management protocol type MAC address filters are not dependent on how you configure these security features Table 71 Wireless Security Relational Matrix AUTHENTICATION METHOD KEY MANAGEMENT PROTOCOL ENCRYPTIO N METHOD ENTER MANUAL KEY IEEE 802 1X Open None No Disable Enable without Dynami...

Page 193: ...oor site each 1dB increase in gain results in a range increase of approximately 5 Actual results may vary depending on the network environment Antenna gain is sometimes specified in dBi which is how much the antenna increases the signal power compared to using an isotropic antenna An isotropic antenna is a theoretical perfect antenna that sends out radio signals equally well in all directions dBi ...

Page 194: ... in a direct line of sight to each other to attain the best performance For omni directional antennas mounted on a table desk and so on point the antenna up For omni directional antennas mounted on a wall or ceiling point the antenna down For a single AP application place omni directional antennas as close to the center of the coverage area as possible For directional antennas point the antenna in...

Page 195: ...FCC Interference Statement The device complies with Part 15 of FCC rules Operation is subject to the following two conditions This device may not cause harmful interference This device must accept any interference received including interference that may cause undesired operations This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of th...

Page 196: ...and all persons 注意 依據 低功率電波輻射性電機管理辦法 第十二條 經型式認證合格之低功率射頻電機 非經許可 公司 商號或使用 者均不得擅自變更頻率 加大功率或變更原設計之特性及功能 第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通信 經發現 有干擾現象時 應立即停用 並改善至無干擾時方得繼續使用 前項合法通信 指依電信規定作業之無線電信 低功率射頻電機須忍 受合法通信或工業 科學及醫療用電波輻射性電機設備之干擾 Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment This device has been desi...

Page 197: ...acement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser To obtain the services of this warranty contact ZyXE...

Page 198: ...Appendix D Legal Information NBG 510S User s Guide 198 ...

Page 199: ...ail support zyxel com tw Sales E mail sales zyxel com tw Telephone 886 3 578 3942 Fax 886 3 578 2439 Web www zyxel com www europe zyxel com FTP ftp zyxel com ftp europe zyxel com Regular Mail ZyXEL Communications Corp 6 Innovation Road II Science Park Hsinchu 300 Taiwan Costa Rica Support E mail soporte zyxel co cr Sales E mail sales zyxel co cr Telephone 506 2017878 Fax 506 2015098 Web www zyxel ...

Page 200: ...448 Web www zyxel fi Regular Mail ZyXEL Communications Oy Malminkaari 10 00700 Helsinki Finland France E mail info zyxel fr Telephone 33 4 72 52 97 97 Fax 33 4 72 52 19 20 Web www zyxel fr Regular Mail ZyXEL France 1 rue des Vergers Bat 1 C 69760 Limonest France Germany Support E mail support zyxel de Sales E mail sales zyxel de Telephone 49 2405 6909 69 Fax 49 2405 6909 99 Web www zyxel de Regula...

Page 201: ...agawa ku Tokyo 141 0022 Japan Kazakhstan Support http zyxel kz support Sales E mail sales zyxel kz Telephone 7 3272 590 698 Fax 7 3272 590 689 Web www zyxel kz Regular Mail ZyXEL Kazakhstan 43 Dostyk Ave Office 414 Dostyk Business Centre 050010 Almaty Republic of Kazakhstan Malaysia Support E mail support zyxel com my Sales E mail sales zyxel com my Telephone 603 8076 9933 Fax 603 8076 9833 Web ht...

Page 202: ...krzei 1A 03 715 Warszawa Poland Russia Support http zyxel ru support Sales E mail sales zyxel ru Telephone 7 095 542 89 29 Fax 7 095 542 89 25 Web www zyxel ru Regular Mail ZyXEL Russia Ostrovityanova 37a Str Moscow 117279 Russia Singapore Support E mail support zyxel com sg Sales E mail sales zyxel com sg Telephone 65 6899 6678 Fax 65 6899 8887 Web http www zyxel com sg Regular Mail ZyXEL Singapo...

Page 203: ...l ZyXEL Thailand Co Ltd 1 1 Moo 2 Ratchaphruk Road Bangrak Noi Muang Nonthaburi 11000 Thailand Ukraine Support E mail support ua zyxel com Sales E mail sales ua zyxel com Telephone 380 44 247 69 78 Fax 380 44 494 49 32 Web www ua zyxel com Regular Mail ZyXEL Ukraine 13 Pimonenko Str Kiev 04050 Ukraine United Kingdom Support E mail support zyxel co uk Sales E mail sales zyxel co uk Telephone 44 134...

Page 204: ...Appendix E Customer Support NBG 510S User s Guide 204 ...

Page 205: ...l ID 64 contact information 199 cookies 101 copyright 195 CTS Clear to Send 184 current date time 40 customer support 199 D daylight saving 121 default IP address 31 155 defaults DHCP 79 LAN 77 desktop links 151 160 add 153 edit 153 summary 151 device reset 38 DHCP 79 80 defaults 79 DHCP table 80 dimensions 171 disclaimer 195 DNS server address assignment 69 Domain Name System See DNS Dynamic DNS ...

Page 206: ...t 158 IEEE 802 11g 185 IGMP 74 version 74 Independent Basic Service Set See IBSS 181 initialization vector IV 190 interface status 40 IP address 82 J Java 101 L LAN 77 defaults 77 DHCP 79 factory defaults 77 IP address 77 parameters 77 see also Local Area Network LAN parameters 79 DHCP server IP address LEDs 30 log 123 login default administrator account info 32 156 default IP address 31 155 from ...

Page 207: ...tion 197 PSK 190 public computer 32 156 Q QoS 93 Quality of Service See QOS 93 R RADIUS 186 message types 187 messages 187 shared secret key 187 registration product 197 related documentation 3 remote user screens 155 See also portal 155 reset device 38 restart 129 restrict web features 101 RTS Request To Send 184 threshold 183 184 S safety warnings 6 screws 173 serial number 39 servers 141 add 14...

Page 208: ... 31 common icons 35 default IP address 31 155 force logout 33 login option 32 156 login timeout 37 logout 158 menu summary 35 navigation panel 35 screen elements 34 status bar 36 title bar 35 user login 155 web proxy 102 WEP encryption 65 66 WEP key 65 Wi Fi Protected Access 189 wireless general settings 63 tutorial 50 wireless client 61 wireless client WPA supplicants 191 wireless network basic g...

Page 209: ...Index NBG 510S User s Guide 209 WPA PSK 189 190 application example 191 ...

Page 210: ...Index NBG 510S User s Guide 210 ...