ManualGo.com NBG-415 - Routeur ZYXEL - Free user manual and instructions
Find the device manual for free NBG-415 ZYXEL in PDF.
Download the instructions for your Routeur in PDF format for free! Find your manual NBG-415 - ZYXEL and take your electronic device back in hand. On this page are published all the documents necessary for the use of your device. NBG-415 by ZYXEL.
USER MANUAL NBG-415 ZYXEL
Copyright © 2006 by ZyXEL Communications Corporation.
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice.
ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
ZyXEL NBG-415N User's Guide
Federal Communications Commission (FCC) Interference Statement
The device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:
+ This device may not cause harmful interference.
+ This device must accept any interference received, including interference that may cause undesired operations.
This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This device generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation.
If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures:
1 Reorient or relocate the receiving antenna. 2 Increase the separation between the equipment and the receiver.
3 Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
4 Consult the dealer or an experienced radio/TV technician for help.
FCC Radiation Exposure Statement
+ This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.
+ IEEE 802.11b or 802.11g operation of this product in the U.S.A. is firmware-limited to channels 1 through 11.
+ To comply with FCC RF exposure compliance requirements, a separation distance of at least 20 cm must be maintained between the antenna of this device and all persons.
ÉEANSÉ CEE FU EDRRRER TZ RETEVERNRER MRÉSER : ER AT RAS ? AUS TR AE ER Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.
This device has been designed for the WLAN 2.4 GHz network throughout the EC region and Switzerland, with restrictions in France.
This Class B digital apparatus complies with Canadian ICES-003.
Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.
Certifications 1 Go to www.zyxel.com 2 Select your product from the drop-down list box on the ZyXEL home page to go to that
3 Select the certification you wish to view from this page
ZyXEL NBG-415N User's Guide
For your safety, be sure to read and follow all warning notices and instructions.
+ Do NOT use this product near water, for example, in a wet basement or near a swimming pool.
+ Do NOT expose your device to dampness, dust or corrosive liquids. + Do NOT store things on the device.
+ Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning.
+ Connect ONLY suitable accessories to the device.
+ ONLY qualified service personnel should service or disassemble this device.
+ Make sure to connect the cables to the correct ports.
+ Place connecting cables carefully so that no one will step on them or stumble over them. + _ Always disconnect all cables from this device before servicing or disassembling.
+ Use ONLY an appropriate power adaptor or cord for your device.
+_ Connect the power adaptor or cord to the right supply voltage (for example, 110V AC in North America or 230V AC in Europe).
+ Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord.
+ Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution.
+ _Ifthe power adaptor or cord is damaged, remove it from the power outlet.
+ Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a new one.
+ Do not use the device outside, and make sure all the connections are indoors. There is a remote risk of electric shock from lightning.
+ Antenna Warning! This device meets ETSI and FCC certification requirements when using the included antenna(s).
This product is recyclable. Dispose of it properly.
ZyXEL NBG-415N Users Guide
ZyXEL Limited Warranty
ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.
Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser.
To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.
Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products.
ZyXEL Limited Warranty 6
ZyXEL NBG-415N User's Guide
Please have the following information ready when you contact customer support.
Product model and serial number.
Warranty Information.
Date that you received your device.
Brief description of the problem and the steps you took to solve
ZyXEL Communications UK Lid..11 The Courtyard, Eastem Road, Bracknell, Berkshire, RG12 2XB, United Kingdom (UK)
ZyXEL Limited Warranty...
Chapter 1 Getting Started
Table of Contents 10
11 Table of Contents
8.2 System Time and Date
10.1 Problems Starting Up the ZyXEL Device 10.2 Problems with the LAN 10.3 Problems with the WAN 10.4 Problems with the WLAN 10.5 Problems Accessing the ZyXEL Device .
10.6 Problems with Internet Access 124
Appendix B Wireless LANS
Appendix C Setting up Your Computer’s IP Address...
Figure 1 ZyXEL Device for Internet Sharing
Figure 2 Wireless Network Setup Using the ZyXEL Device
Figure 3 Front Panel Figure 4 Rear Panel
Figure 33 Basic: WAN: PPPOE Figure 34 Basic: WAN: PPTP Figure 35 Basic: WAN: L2TP Figure 36 Basic: LAN Figure 37 Basic: LAN: Router Settings
Welcome (Internet Connection
Step 3 Step 3 (Static IP Address) Step 3 (Dynamic IP Address) Step 3 (PPPOE)
Step 3 (PPTP) Step 3 (L2TP) Step 3 (BigPond) . Setup Complete Success
Security Security Key Finish
Table 11 Internet Connection Setup Wizard: Step 3 (BigPond) Table 12 Private IP Address Ranges Table 13 Basic: WAN: Dynamic IP Table 14 Basic: WAN!: Static IP Table 15 Basic: WAN: PPPOE Table 16 Basic: WAN: PPTP Table 17 Basic: WAN: L2TP Table 18 Basic: LAN: Router Settings Table 19 Basic: LAN: RIP Table 20 Basic: LAN: DHCP Server Settings Table 21 Basic: LAN: DHCP Reservation Table 22 Basic: Wireless: General Setup … Table 23 Basic: Wireless: WLAN Security Setu . Table 24 Basic: WLAN Security Setup: WPA-Personal .… Table 25 Basic: WLAN Security Setup: WPA-Enterprise Table 26 Advanced: Game Hosting . Table 27 Virtual Server: Common Services and Port Numbers Table 28 Advanced: Virtual Server
Congratulations on your purchase of the ZyXEL NBG-415N Wireless Broadband Router.
Note: Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products.
Your NBG-415N is easy to install and configure.
About This User's Guide
This manual is designed to guide you through the configuration of your NBG-415N for its various applications.
+ “Enter” means for you to type one or more characters. “Select” or “Choose” means for you to use one predefined choices.
+ The SMT menu titles and labels are in Bold Times New Roman font. Predefined field choices are in Bold Arial font. Command and arrow keys are enclosed in square brackets. [ENTER] means the Enter, or carriage return key; [ESC] means the Escape key and [SPACE BAR] means the Space Bar.
+ Mouse action sequences are denoted using a comma. For example, “click the Apple icon, Control Panels and then Modem” means first click the Apple icon, then point your mouse pointer to Control Panels and then click Modem.
+ For brevity’s sake, we will use “e.g.,” as a shorthand for “for instance”, and “i.e.,” for “that is” or “in other words” throughout this manual.
+ The ZyXEL NBG-415N Wireless Broadband Router may be referred to as “the NBG- 415N° or “the ZyXEL Device” in this user’s guide.
= N Server Modem Wireless Signal
Internet Cloud Switch Router
Related Documentation + Supporting Disk Refer to the included CD for support documents. + Quick Start Guide
The Quick Start Guide is designed to help you get up and running right away. They contain hardware installation/connection information.
+ ZyXEL Glossary and Web Site
Please refer to www.zyxel.com for an online glossary of networking terms and additional support documentation.
Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. Thank you!
The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan.
E-mail: techwriters@zyxel.com.tw
This chapter introduces the main features and applications of your ZyXEL Device.
This ZyXEL Device is a secure wireless broadband router with a 4-port switch. The ZyXEL Device is best suited for setting up an Internet sharing network or a wireless network in a home or small business.
As a wireless router based on the draft IEEE 802.11n standard (also known as pre-N), the ZyXEL Device is able to connect to another draft IEEE 802.11n wireless device at a up to 300 Mbps using two simultaneous data streams. With the smart antenna technology, MIMO (Multiple Input Multiple Output), the ZyXEL Device uses three antennas to transmit and receives data over the wireless network. The use of multiple antennas reduces interference and signal distortion. For backward compatibility, the ZyXEL Device is also able to connect to IEEE 802.11b and IEEE 802.11g devices.
Refer to Appendix A on page 126 for the product specifications.
1.1.1 Internet Sharing Network
For Internet access, connect the WAN Ethernet port to your existing Internet access gateway (company network, or your cable or DSL modem for example) and connect computers or servers to the LAN ports for shared Internet access. See the Quick Start Guide for instructions on hardware connections.
Figure 1 ZyXEL Device for Internet Sharing
PA sms V— Internet ) >)
Chapter 1 Getting Started 22
ZyXEL NBG-415N User's Guide
1.1.2 Wireless Network
By default, the integrated wireless feature is enabled on the ZyXEL Device that allows you to set up a wireless network in your home or small office. Once connected, wireless clients can access network resources (such Internet access, printers or servers).
Figure 2 Wireless Network Setup Using the ZyXEL Device
FPS ) — ——Z—{ internet )
J You can also configure firewall on the ZyXEL Device for secure Internet access. When the firewall is on, all incoming traffic from the Internet to your network is blocked unless it is initiated from your network. This means that probes from the outside to your network are not allowed, but you can safely browse the Internet and download files for example.
Use web filters to block access to web site addresses that you specify. You can define time periods and days during which web filters are enabled and include or exclude particular
computers on your network from content filtering. For example, you could block access to certain web sites for the kids.
1.2 Good Habits for Managing Your ZyXEL Device
Here are some things you should do regularly.
+ Change your password. + Back up your configuration (and make sure you know how to reload it).
The following figure shows the LEDs on the ZyXEL Device.
Figure 3 Front Panel
ZyXEL Wireless Broadband Router
ŒP UD QD CID UD CP CU) ED ED
23 Chapter 1 Getting Started
ZyXEL NBG-415N Users Guide
The following table describes the LEDs.
Table 1 Front Panel LEDs LED COLOR |STATUS DESCRIPTION PWR Off The ZyXEL Device is not receiving power. Green On The ZyXEL Device is receiving power and ready. Blinking The ZyXEL Device is resetting to the factory defaults. LAN Off No device is connected to this port. 4 Green On An Ethernet device is connected to this port. Blinking The ZyXEL Device is sending/receiving data on this port. WAN Off The WAN connection is not ready, or has failed. Green On The ZyXEL Device has a successful WAN connection for Internet access. Blinking The ZyXEL Device is sending/receiving data over the WAN port. WLAN Off The WLAN is disabled. Amber On Pre-N WLAN is enabled on the ZyXEL Device. Blinking The ZyXEL Device is sending/receiving data over the pre-N WLAN. Green On IEEE 802.11b/g WLAN is enabled on the ZyXEL Device. Blinking The ZyXEL Device is sending/receiving data over the IEEE 802.11b/g WLAN. USB Off The USB port is not in use Green Blinking (3 Windows Connect Now setup is successful. Times) Blinking Windows Connect Now setup is not successful. (Continuous)
The following figure shows the rear panel.
Chapter 1 Getting Started
LABEL DESCRIPTION POWER Use the included power adaptor to connect this port to an appropriate power source.
RESET You only need to use this button when you have changed the device login password and have now forgotten it.
Note: Using the RESET button erases all custom settings and resets the device back to the factory defaults.
Use a pointed object to press this button in for more than 10 seconds and release. The device resets to the factory default settings and automatically restarts.
USB Connect a USB storage device to this port to configure wireless settings on wireless clients using the Windows Wireless Now feature (currently available on Windows XP with service pack 2). Refer to Section 6.3 on page 68 for more information.
ON OFF Use this switch to enable (ON) or disable (OFF) the wireless LAN on the device.
WAN Use the Ethernet cable that comes with your DSL/cable modem to connect to the Ethernet port on the DSL/cable modem.
Use Ethernet cables to connect up to four computers to the ZyXEL Device. To connect more than four computers, use a switch.
Chapter 1 Getting Started
ZyXEL NBG-415N Users Guide
CHAPTER 2 The Web Configurator
This chapter introduces the main features and applications of your ZyXEL Device.
The web configurator is an HTML-based management interface that allows easy device setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.
In order to use the web configurator you need to allow:
+ Web browser pop-up windows from your device. Web pop-up blocking is enabled by default in Windows XP SP (Service Pack) 2.
+_ JavaScript (enabled by default). +_ Java permissions (enabled by default).
Note: By default, you can only access the web configurator through a LAN port. To access via the WAN, enable remote management in the Admin screen.
Follow the steps below to log into the web configurator.
1 Start your web browser.
2 Type “http://” and the IP address of the ZyXEL Device (for example, the default is 192.168.1.1) in the Location or Address field. Press [ENTER].
3 The login screen appears. Select admin in the User Name field to log in as an administrator.
4 Enter the associated password. The default administrative login password is “1234”.
Chapter 2 The Web Configurator 26
NBG-415N Wir s EWC Router Welcome to NBG-415N Web-based Configuration Enter User Name/Passnord to Logn
User Name: [adm =] Password: | _Lon
5 Click Login to view the first web configurator screen. The Device Information screen is the first screen that displays when you access the web configurator.
Figure 6 Web Configurator: Main Screen
Hmk + + - D D À] Qt Giro es GE 3 D -E des [Eure 160 dmietens
DEVICE INFORMATION AA of our ter nd rat connai étais are pie on is age The Pme verse diode
Note: The management session automatically times out after five minutes of inactivity. Simply log back into the ZyXEL Device if this happens to you.
27 Chapter 2 The Web Configurator
ZyXEL NBG-415N Users Guide
The following table lists the various web configurator screens.
The following table describes the common buttons in the web configurator.
Table 4 Web Configurator: Common Screen Buttons
BUTTON DESCRIPTION Click this button to save all changes permanently to the device.
Click this button to discard all changes.
Note: All unsaved changes in all screens will be lost.
Click this button to save the changes of a configuration screen for the current session.
Click this button to start configuring a screen again. # 9
Click this button to change the settings of the selected rule.
Click this button to remove the selected rule.
2.4 Saving Configuration Changes
Note: You must save the current configuration in the ZyXEL Device to make the changes take effect.
Do NOT turn off the ZyXEL Device during the updating process, as it may corrupt the firmware and make your ZyXEL Device unusable.
Follow the steps below to save configuration changes.
Chapter 2 The Web Configurator 28
ZyXEL NBG-415N User's Guide
2 A Success screen displays.
Figure 7 Save Settings: Success
The new settings have been saved.
The router must be rebooted before the new settings wi take effect. You can reboot the router now using the button below, or make other changes and then use the reboot button on the Tools/System page.
+ Click Reboot the Device to restart the ZyXEL Device and make the changes take effect. Wait before the ZyXEL Device finishes rebooting before accessing the web configurator again.
+ Alternatively, click Continue to return to the previous configuration screen.
2.5 Changing Your Password
Itis highly recommended that you periodically change the password for the login accounts for security reasons. Click Tools > Admin to display the screen as shown next.
Configure the password fields for the admin and user accounts then click Save Settings and reboot the device to make the changes take effect.
Figure 8 Change Password
The ‘admin! and'user’ accounts can access the management interface, The admin has readjurite access and can change passuords, while the user has read-only access.
Ikis highly recommended that you create à password to keep your router secure.
EXT ADMIN PASSWORD Please enter the same password into both boxes, for confirmation.
Password: [er Venfy Password: [ee USER PASSWORD Please enter the same password into both boxes, for confirmation.
The following table describes the related fields in this screen.
Table 5 Change Password
LABEL DESCRIPTION Admin Password
Password Type the new password in this field.
Verify Password Type the new password again in this field.
Password Type the new password in this field.
Verify Password Type the new password again in this field.
2.5.1 Resetting the ZyXEL Device
If you forget your administrative login password or cannot access the web configurator, you will need to use the RESET button to reload the factory-default configuration file. This means that you will lose all configurations that you had previously and the password will be reset to “1234”.
2.5.1.1 Using the Reset Button
1 Use a pointed object to press the RESET button for more than 10 seconds and then release.
2 Wait until the WAN, LAN and WLAN LEDs turn off and blink. This indicates that the ZyXEL Device has reset the configuration to the factory defaults.
3 Wait until the ZyXEL Device finishes restarting before accessing it again.
Chapter 2 The Web Configurator 30
This chapter describes the Basic screens you use to configure the wizard, LAN, WAN and WLAN settings.
You can use the wizard screens to configure the ZyXEL Device for Internet access and secure wireless connection.
Click Basic > Start to display the main Wizard screen. Use the wizard screens to configure basic settings for Internet access and wireless connection.
Figure 9 Basic: Start (Wizard)
The 2YNEL NBG-41SN Wireless EWC Router pouered by StreamEngne"" technology maets he demands of individuals who demand powerful and reable performance For the ultimate onine gaming experience.
INTERNET CONNECTION SETUP WIZARD The foloning Web-based Setup Wizard is designed to assst you in connecting your new ZyXEL Router ta the Internet, This Setup Wizard wil guide you through step-by-step instructions on how to get your Internet connection up and running. Click, the button below to begin:
Launch Internet Connection Setup Wizard
Note: Before launching these wizards, please make sure you have folowed all steps outined in the Quick Installation Guide included in the package,
WIRELESS SECURITY SETUP WIZARD The foloning Web-based Setup Wizard is designed to assst you in your wireless network setup. This Setup Wizard vil quide vou through step-by-step instructions on how to set up your wireless network and how to make it secure.
Launch Wireless Security Setup Wizard
Note: Same changes made using this Setup Wizard may require you to change some settings on your wireless cent dapters so they can still connect ta the ZyXEL Router.
3.1.1 Internet Connection Setup Wizard
Follow the steps below to use the wizard setup screens to configure the ZyXEL Device for Internet access with the information given to you by your ISP.
Note: See the advanced menu chapters for background information on these fields.
ZyXEL NBG-415N User's Guide
1 Click START > WIZARD > Launch Internet Connection Setup Wizard to display the first wizard screen. This screen states whether the ZyXEL Device can automatically detect the connection type and access the Internet. If Internet connection is not available, this screen outlines the steps to set up your ZyXEL Device. Click Next to continue.
Figure 10 Internet Connection Setup Wizard: Welcome
WELCOME TO THE ZYXEL INTERNET CONNECTION SETUP WIZARD
his wizard will guide you through a step-by-step process to configure your new ZÿXEL router and connect to the Internet.
+ Step 1: Set your Password Step 2: Select your Time Zone
Step 3: Configure your Internet Connection
Step 4: Save Settings and Connect
Figure 11 Internet Connection Setup Wizard: Welcome (Internet Connection Detected)
WELCOME TO THE ZYXEL INTERNET CONNECTION SETUP WIZARD It appears that you have already successfully connected your new router to the Internet,
Click Next if you still want to secure the router with a password and set the
2 The second wizard screen prompts you to change the login password. Enter a new password in the Password field and retype the password in Verify Password field to verify. Click Next.
Note: Passwords are case sensitive.
Figure 12 Internet Connection Setup Wizard: Step 1
STEP 1: SET YOUR PASSWORD By default, your new 2yXEL Router does not have a password configured for administrator access to the Web-based configuration pages. To secure your new networking device, please set and verify a password below:
Password: [re Verify Password: [+
3 Select the time zone for your geographical location. For example, if you are in California, select (GMT-08:00) Pacific Time (US/Canada), Tijuana. Click Next.
Figure 13 Internet Connection Setup Wizard: Step 2
STEP 2: SELECT YOUR TIME ZONE Select the appropriate time zone for your location. This information is required &o configure the time-based options for the router.
TGT-06:00 Pace ne (USICSdE) Tiuans El
4 Select your Internet connection type and click Next to continue.
Figure 14 Internet Connection Setup Wizard: Step 3
STEP 3: CONFIGURE YOUR INTERNET CONNECTION Your Internet Connection could not be please select your Internet Service Provider (ISP) from the list below. If your ISP is not listed; select the “Not Listed or Don't know” option to manually configure your connection.
If your Internet Service Provider was not listed or you don't know who it is, please select the Internet connection type below:
€ Static IP Address Connection Choose this option F your Internet Setup Provider provided you wth IP Address Information that has to be manualy confiured.
G DHCP Connection (Dynamic IP Address) Choose this your Internet connection automatically provides you with an IP Address. Most Cable Modems use this type of connection.
€ Username / Password Connection (PPPOE) Choose this option F your Internet connection requires a username and password to get anne, Most DSL modems use this type of connection.
€ Username / Password Connection (PPTP)
€ Username / Password Connection (L2TP)
BigPond BigPond Cable (Australia)
SET STATIC IP ADDRESS CONNECTION To set up this connection you will need to have a complete list of IP information provided by your Internet Service Provider, If you have a Static IP connection and do not have this information, please contact your ISP.
5 The next wizard screen varies depending on the connection type you have selected. Configure the fields with the information provided by your ISP and click Next.
Figure 15 Internet Connection Setup Wizard: Step 3 (Static IP Address)
1P Address: [:0.0.0 Subnet Mask : _[255.255:255.0 Gateway Address: [0.000
Primary DNS Address : [0.0.0
Secondary DNS Address :
EI DS ES The following table describes the related fields in this screen.
Table 6 Internet Connection Setup Wizard: Step 3 (Dynamic IP Address)
IP Address Enter the IP address that your ISP gave you. This should be a static, public IP address.
Subnet Mask Enter the subnet mask for the IP address.
Gateway Address | Enter the IP address of the router through which this WAN connection will send traffic (the default gateway).
Primary/ DNS (Domain Name System) is for mapping a domain name to its corresponding
Secondary DNS IP address and vice versa. The DNS server is extremely important because
Address without it, you must know the IP address of a computer before you can access it. The ZyXEL Device uses a system DNS server (in the order you specify here) to resolve domain names for VPN, DDNS and the time server. Enter the DNS server IP addresses.
Figure 16 Internet Connection Setup Wizard: Step 3 (Dynamic IP Address)
DHCP CONNECTION (DYNAMIC IP ADDRESS)
To set up this connection, please make sure that you are connected to the 2yXEL Router with the PC that was originally connected to your broadband connection. If you are, then click the Clone MAC button to copy your computer's MAC Address to the 2yXEL Router.
MAC Address : optional)
Note: You may also need to provide a Host Name f you do not have or know this information, please contact your IP.
The following table describes the related fields in this screen.
Table 7 Internet Connection Setup Wizard: Step 3 (Dynamic IP Address)
FIELD DESCRIPTION MAC Address If required by your ISP, enter your computer MAC address in the MAC Address field or click Clone Your PC's MAC Address to copy the MAC address of the computer connecting to your ISP onto the ZyXEL Device.
Host Name If a host name is necessary for a successful Internet connection, enter it in the
Host Name field. Click Next to continue.
Figure 17 Internet Connection Setup Wizard: Step 3 (PPPOE)
SET USERNAME AND PASSWORD CONNECTION (PPPOE)
‘To set up this connection you will need to have a Username and Password from your Internet Service Provider. If you do not have this information, please
Address Mode: © Dymame1P (Static IP 1P Address : User Name : Password:
Service Name : optional)
Note: You may also need to provide a Service Name. I ou do not have or know this information, please contact your ISP.
SSI The following table describes the related fields in this screen.
Table 8 Internet Connection Setup Wizard: Step 3 (PPPOE)
FIELD DESCRIPTION Address Mode
Select Dynamic IP If your ISP did not assign you a fixed IP address. This is the default selection.
Select Static IP lf your ISP assigned a fixed IP address. The set the following fields.
ZyXEL NBG-415N Users Guide
Table 8 Internet Connection Setup Wizard: Step 3 (PPPOE) (continued)
FIELD DESCRIPTION IP Address This field is applicable if you select Static IP in the Address Mode field. Enter the IP address that your ISP gave you. This should be a static, public IP address.
User Name Type the user name given to you by your ISP. You can use alphanumeric and - _@$./ characters, and it can be up to 31 characters long.
Password Type the password associated with the user name above. Use up to 64 ASCII
characters except the [, ] and ?. This field can be blank.
Type your password again for confirmation.
Type the PPPOE service name given to you by your ISP. PPPOE uses a service name to identify and reach the PPPOE server. You can use alphanumeric and - _@$// characters, and it can be up to 64 characters long.
Figure 18 Internet Connection Setup Wizard: Step 3 (PPTP)
SET USERNAME AND PASSWORD CONNECTION (PPTP)
‘To set up this connection you will need to have a Username and Password from your Internet Service Provider. You also need PPTP IP adress. If you do not have this information, please contact your ISP.
Address Mode: © Dynamic IP. Static 1P PPTP1P Address: [000 PPTP Subnet Mask: |255.255.255.0 PPTP Gateway IP Address : |0.0.0.0 PPTP Server IP Address (may E555
be same as gateway) :
The following table describes the related fields in this screen.
Table 9 Internet Connection Setup Wizard: Step 3 (PPTP)
FIELD DESCRIPTION Address Mode
Select Dynamic IP If your ISP did not assign you a fixed IP address. This is the default selection.
Select Static IP If your ISP assigned a fixed IP address. The set the following fields.
This field is applicable if you select Static IP in the Address Mode field.
Enter the IP address that your ISP gave you. This should be a static, public IP address.
This field is applicable if you select Static IP in the Address Mode field. Enter the subnet mask for the IP address.
PPTP Gateway IP Address
This field is applicable if you select Static IP in the Address Mode field.
Enter the IP address of the router through which this WAN connection will send traffic (the default gateway).
Table 9 Internet Connection Setup Wizard: Step 3 (PPTP)
FIELD DESCRIPTION PPTP Server IP Type the IP address of the PPTP server. Address (may be same as gateway)
User Name Type the user name given to you by your ISP. You can use alphanumeric and - _@$// characters, and it can be up to 31 characters long.
Password Type the password associated with the user name above. Use up to 64 ASCII characters except the [, ] and ?. This field can be blank.
Verify Password Type your password again for confirmation.
Figure 19 Internet Connection Setup Wizard: Step 3 (L2TP)
SET USERNAME AND PASSWORD CONNECTION (L2TP)
‘To set up this connection you will need to have a Username and Password from your Internet Service Provider, You also need L2TP IP adress. If you do not have this information, please contact your ISP.
Address Mode: © Dynamic 1P © Static 1P L21P 1P Address: [0:0.0.0 L2TP Subnet Mask: [25525250 L2TP Gateway IP Address: [000 L21P Server 1P Address (may Gogo"
be same as gateway) :
F— Password: [ee F=—
CI 3 ES The following table describes the related fields in this screen.
Table 10 Internet Connection Setup Wizard: Step 3 (L2TP)
FIELD DESCRIPTION Address Mode Select Dynamic IP If your ISP did not assign you a fixed IP address. This is the default selection.
Select Static IP lf your ISP assigned a fixed IP address. The set the following fields.
L2TP IP Address |This field is applicable if you select Static IP in the Address Mode field. Enter the IP address that your ISP gave you. This should be a static, public IP
address. L2TP Subnet This field is applicable if you select Static IP in the Address Mode field. Mask Enter the subnet mask for the IP address. L2TP Gateway IP |This field is applicable if you select Static IP in the Address Mode field. Address Enter the IP address of the router through which this WAN connection will send
traffic (the default gateway).
L2TP Server IP Type the IP address of the L2TP server. Address (may be same as gateway)
User Name Type the user name given to you by your ISP. You can use alphanumeric and - _@$./ characters, and it can be up to 31 characters long.
Type the password associated with the user name above. Use up to 64 ASCII characters except the [, ] and ?. This field can be blank.
Type your password again for confirmation.
Figure 20 Internet Connection Setup Wizard: Step 3 (BigPond)
SET BIGPOND CABLE CONNECTION
‘To set up this connection you will need to have a Username and Password from your Internet Service Provider. You also need BigPond Server IP adress. If you do not have this information, please contact your ISP. User Name : Password:
L— F— Verify Password: F— Er
The following table describes the related fields in this screen.
Table 11 Internet Connection Setup Wizard: Step 3 (BigPond)
FIELD DESCRIPTION User Name Type the user name given to you by your ISP. You can use alphanumeric and - _@$/ characters, and it can be up to 31 characters long.
Password Type the password associated with the user name above. Use up to 64 ASCII
characters except the [, ] and ?. This field can be blank.
Type your password again for confirmation.
Type the IP address of the BigPond server.
6 In the las wizard screen, click Connect to save the settings to the ZyXEL Device.
Figure 21 Internet Connection Setup Wizard: Setup Complete
‘The Internet Connection Setup Wizard has completed. Click the Connect button to save your settings and reboot the router.
7 Click Reboot the Device to restart the ZyXEL Device and make the changes take effect.
ZyXEL NBG-415N User's Guide
Figure 22 Internet Connection Setup Wizard: Success The new settings have been saved.
The router must be rebooted before the new settings wi take effect, You can reboot the router now using the button below, or make other changes and then use the reboot button on the Tool/System page.
8 Wait until the ZyXEL Device finishes rebooting before accessing it again.
Figure 23 Internet Connection Setup Wizard: Rebooting Please wa 13 seconds.
If you changed the IP address of the router you wil need to change the IP address in your browser before accessing the configuration Web ste again.
9 Test your Internet connection. Launch your web browser and enter any web site address for example, http://www.zyxel.com).
3.2 Wireless Security Setup Wizard
Follow the steps below to use the wizard setup screens to configure a wireless LAN and wireless security setting on the ZyXEL Device.
Note: See the advanced menu chapters for background information on these fields.
1 Click START > WIZARD > Launch Wireless Security Setup Wizard to display the first wizard screen. This screen outlines the steps to set up your ZyXEL Device. Click Next to continue.
Figure 24 Wireless Security Setup Wizard
WELCOME TO THE ZYXEL WIRELESS SECURITY SETUP WIZARD
‘This wizard will guide you through a step-by-step process to setup your wireless network and make it secure.
tep 1: Name your Wireless Network tep 2: Secure your Wireless Network Step 3: Set your Wireless Securky Password
2 Inthe Wireless Network Name field, enter a descriptive name for identifying the wireless network. To connect to this wireless network, wireless clients must associate to this ID. Click Next.
STEP 1: NAME YOUR WIRELESS NETWORK Your wireless network needs à name so it can be easily recognized by wireless dents. For security purposes, is highly recommended to change the pre- configured network name of [2yKEL].
3 Follow the on-screen instruction and select a wireless security mode. Click Next.
Figure 26 Wireless Security Setup Wizard: Security
STEP 2: SECURE YOUR WIRELESS NETWORK In order to protect your network from hackers and unauthorized users, it is highly recommended you choose one of the following wireless network security settings.
There are three levels of wireless security -Good Security, Better Security, AND Best Security. The level you choose depends on the security features your wireless adapters support.
BEST C 5éect cptionf your wireless adapters SUPPORT WPa2
Select hs option F your wireless adapters SUPPORT serrer © Gex
G… Select ts option f you wreless adapters DO NOT Goo @ SPORT WPA Select this option f you do not want to activate any
NONE (© securky features
For information on which security features your wireless adapters support, please refer to the adapters' documentation.
Note: AI ZyXEL wireless adapters currently support WPA.
4 The next screen displays if you enable a wireless security mode. Follow the on-screen instruction. Enter a WEP key if you select GOOD security level. If you select BETTER or BEST security level, enter a password that the ZyXEL Device uses to generate a unique wireless secret key. Click Next.
Figure 27 Wireless Security Setup Wizard: Security Key
STEP 3: SET YOUR WIRELESS SECURITY PASSWORD Once you have selected your security level - you will need to set a wireless security password. With this password, a unique security key will be generated.
Wireless Security Password : to 20 characters)
Note: You will need to enter the unique security key generated in this step into your wireless clients in order to enable proper wireless communication (not the password you provided to create the security key).
5 Check your wireless LAN settings in this screen and click Save to save the settings to the ZyXEL Device.
ZyXEL NBG-415N User's Guide
Figure 28 Wireless Security Setup Wizard: Finish
Below is a detailed summary of your wireless security settings. Please print this page out, or write the information on a piece of paper, so you can configure the correct settings on your wireless client adapters.
(ss): VE Wep Key Lengtl Default WEP Key to Use Authenticat
Wep key : _2ED19 18943 0082F 93009 1E328 1
Figure 29 Wireless Security Setup Wizard: Success The new settings have been saved.
The router must be rebooted before the new settings wi take effect, You can reboot the router now using the button below, or make other changes and then use the reboot button on the Tool/System page.
Please wat 13 seconds.
If you changed the IP address of the router
Figure 30 Wireless Security Setup Wizard: Rebooting
6 Click Reboot the Device to restart the ZyXEL Device and make the changes take effect.
7 Wait until the ZyXEL Device finishes rebooting before accessing it again.
8 Test your wireless connection. On a wireless client, associate to the wireless network on the ZyXEL Device (the default network name is “ZyXEL”). See the documentation that
comes with the wireless client for more information.
WAN This chapter introduces shows you how to configure the WAN using the advanced configuration screen for Internet access.
You can use the advanced WAN configuration screen to configure the WAN port for Internet access. Select the Internet access mode (Static IP, Dynamic IP, PPPOE, PPTP and L2TP) your ISP uses on the ZyXEL Device.
4.1.1 WAN IP Address Assignment
Every computer on the Internet must have a unique IP address. If your networks are isolated from the Internet, for instance, only between your two branch offices, you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks.
Table 12 Private IP Address Ranges
10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255
You can obtain your IP address from the IANA, from an ISP or have it assigned by a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses.
Note: Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space.
ZyXEL NBG-415N User's Guide
4.1.2 DNS Server Address Assignment
Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa, for instance, the IP address of www.zyxel.com is 204.217.0.2. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it.
The ZyXEL Device can get the DNS server addresses in the following ways.
1 The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign up. If your ISP gives you DNS server addresses, manually enter them in the DNS server fields.
2 If your ISP dynamically assigns the DNS server IP addresses (along with the ZyXEL Device’s WAN IP address), set the DNS server fields to get the DNS server address from the ISP.
3 You can manually enter the IP addresses of other DNS servers. These servers can be public or private. A DNS server could even be behind a remote IPSec router.
4.2 WAN Configuration
To display the advanced WAN configuration screen, click BASIC > WAN. Fields in this screen vary depending on the option you select in the WAN Mode field.
4.2.1 WAN Connection: Dynamic IP Select Dynamic IP in the WAN screen when your ISP gives you a fixed public IP address.
Figure 31 Basic: WAN: Dynamic IP Internet Connection Settings Use this section ta configure your Internet Connection type. There are several connection types to choose from: Static IP, Dynamic IP, PPPGE, PPTP and L2TP. If you are unsure of your connection method, please contact your Internet Service Provider.
Note: f using the PPPdE option, you wi need ta remove or dsable any PPPOE cent software on your computers.
MODES Choose the mode to be used by the router to connect to the Internet.
WANMode: © Static1P © DynamiciP © PppoE © PPTP © L2TP DYNAMIC IP Host Name :
Use Unicasting: | F7 (compstbäty for some DHCP Servers)
Response to WAN Ping :
F QE bytes) | MTU defaut = 1500
: 6 (seconds, 0 =immecite)
C The following table describes the fields in this screen.
Table 13 Basic: WAN: Dynamic IP LABEL DESCRIPTION MODES WAN Select Dynamic IP if you are not given a fixed public IP address and the account information (such as the user name and password). Dynamic IP Hostname This field is optional.
Enter your computer's hostname which the ISP checks before Internet access is allowed.
Select this option If your ZyXEL Device is unable to obtain a WAN IP address from the ISP. This allows the ZyXEL Device to accept unicast DHCP responses from the DHCP server instead of broadcast DHCP responses.
Select Enable BigPond if you subscribe to Internet service from BigPond in Australia. Then configure the fields below with the information provided.
Type the IP address of the BigPond server.
ID Type the user name given to you by your ISP. You can use alphanumeric and - _@$// characters, and it can be up to 31 characters long.
ZyXEL NBG-415N User's Guide
Table 13 Basic: WAN: Dynamic IP (continued)
LABEL DESCRIPTION BigPond Type the password associated with the user name above. Use up to 64 ASCII Password characters except [, ] and ?. This field can be blank. Verify Type your password again for confirmation. Password
Use these DNS Select this option to manually enter the DNS server IP address(es) in the field(s)
Primary/ Enter the IP address (provided by your ISP) of the DNS server in dotted decimal Secondary notation.
Click Advanced >> to display more WAN configuration fields.
Click << Advanced to hide the advanced WAN configuration fields.
MTU Maximum Transmission Unit (MTU) is a parameter that determines the largest packet size (in bytes) that the ZyXEL Device will send to the WAN. If LAN devices send larger packets, the ZyXEL Device will break them into smaller packets. Ideally, you should set this to match the MTU of the connection to your ISP. Select this option to use the default MTU. Clear this checkbox to manually enter an MTU size below.
MTU Enter the MTU size (between 256 and 2296). Typical values are 1500 bytes for an Ethernet connection and 1492 bytes for a PPPOE connection. Make sure the MTU size matches the ISP's network or Internet connection may fail.
MAC Cloning Select this option to set the ZyXEL Device to copy the MAC address of your Enabled computer. MAC Address Enter the IP address of the computer on the LAN whose MAC you are cloning.
It is recommended that you clone the MAC address prior to hooking up the WAN port.
Clone Your PC's MAC Address
Click Clone Your PC's MAC Address to have the ZyXEL Device automatically copy the MAC address from your computer.
4.2.2 WAN Configuration: Static IP Select Dynamic IP in the WAN screen when your ISP gives you a fixed public IP address.
Chapter 4 WAN ZyXEL NBG-415N Users Guide
Figure 32 Basic: WAN: Static IP Internet Connection Settings
Use this section ta configure your Internet Connection type. There are several connection types to choose from: Static IP, Dynamic IP, PPPGE, PPTP and L2TP. If you are unsure of your connection method, please contact your Internet Service
Note: f using the PPPdE option, you wi need ta remove or dsable any PPPOE cent software on your computers
Choose the mode to be used by the router to connect to the Internet.
5 © StaticiP © Dynamic ip © ppp © Pptp C L2TP STATIC IP
1P Address Subnet Mask
Enter the static address information provided by your Internet Service Provider (ISP).
DNS AND ADVANCED SETTINGS The following table describes the related fields in this screen.
Table 14 Basic: WAN: Static IP LABEL DESCRIPTION MODES WAN Select Static IP if your ISP gives you a fixed public IP address.
STATIC IP IP Address Enter the WAN IP address exactly as given by your ISP in dotted decimal
Subnet Mask | Enter the IP subnet mask as given by your ISP in dotted decimal notation. Default Enter the gateway IP address as given by your ISP in dotted decimal notation. Gateway
Refer to Table 13 on page 44 for other field descriptions.
4.2.3 WAN Configuration: PPPOE If your ISP uses the PPPOE (Point-to-Point Protocol over Ethernet) protocol for Internet access, select PPPOE in the WAN Mode field.
Figure 33 Basic: WAN: PPPOE Internet Connection Settings
Reconnect M Maximum Idle Time :
Use this section ta configure your Internet Connection type. There are several connection types to choose from: Static 1, Dynamic IP, PPPGE, PPTP and L2TP. I you are usure of your connection method, please contact your Internet Service
Note: IE using the PPPGE option, you will need to remove or dsable any PPPOE cent software on your computers
Enter the information provided by your Internet Service Provider (ISP).
5 © Alayson © Ondemand © Manual
y the router to connect to the Internet.
© Static1P © OynamciP © ppp © PpTP © LeTP S Dynamic IP Static IP
describes the related fields in this screen.
Table 15 Basic: WAN: PPPOE LABEL DESCRIPTION MODES WAN Select PPPOE if your ISP gives you Internet access account information (such as the username and password).
PPPOE WAN MODE Address Mode
Select Dynamic IP If your ISP did not assign you a fixed IP address. This is the default selection.
Select Static IP 1f your ISP assigned a fixed IP address. The set the following fields.
IP Address This field is applicable if you select Static IP in the Address Mode field. Enter the IP address that your ISP gave you. This should be a static, public IP address.
User Name Type the user name given to you by your ISP. You can use alphanumeric and - _@$./ characters, and it can be up to 31 characters long.
Password Type the password associated with the user name above. Use up to 64 ASCII
characters except the [, ] and ?. This field can be blank.
Type your password again for confirmation.
Chapter 4 WAN ZyXEL NBG-415N Users Guide
Table 15 Basic: WAN: PPPOE (continued)
LABEL DESCRIPTION Service Name
Type the PPPOE service name given to you by your ISP. PPPOE uses a service name to identify and reach the PPPOE server. You can use alphanumeric and - _@$./ characters, and it can be up to 64 characters long.
Specify how you want to re-establish an Internet connection after the idle timeout.
Select Always On when you want your connection up all the time. The ZyXEL Device will try to bring up the connection automatically if it is disconnected. Select On Demand when you don't want the connection up all the time and specify an idle time-out in the Maximum Idle Timeout field.
Select Manual when you want to manually re-establish the connection if it is disconnected.
This value specifies the time in seconds that elapses before the ZyXEL Device automatically disconnects from the PPPOE server.
Refer to Table 13 on page 44 for other field descriptions.
4.2.4 WAN Connection: PPTP If your ISP uses PPTP protocol for Internet access, select PPTP in the WAN Mode field.
Figure 34 Basic: WAN: PPTP Internet Connection Settings
Use this section ta configure your Internet Connection type. There are several connection types to choose from: Static IP, Dynamic IP, PPPGE, PPTP and L2TP. If you are usure of your connection method, please contact your Internet Service
Note: If using the PPPGE option, you will need to remove or dsable any PPPOE cent software on your computers
Choose the mode to be used by the router to connect to the Internet.
Address Mode : PPTP IP Address :
5 © steticiP © Dynamic ip © PPpoE @ Pptp (© L2TP
d by your Internet Service Provider (ISP).
& Dynamie IPC Static IP Fe Fe C aeyson © On demand © Manual
FT] (rinutes, Oninfine)
ZyXEL NBG-415N User's Guide
The following table describes the related fields in this screen.
Table 16 Basic: WAN: PPTP LABEL DESCRIPTION MODES WAN Select PPTP if your ISP gives you Internet access account information (such as
the username and password).
PPTP WAN MODE Address Mode
Select Dynamic IP If your ISP did not assign you a fixed IP address. This is the default selection.
Select Static IP 1f your ISP assigned a fixed IP address. The set the following fields.
This field is applicable if you select Static IP in the Address Mode field.
Enter the IP address that your ISP gave you. This should be a static, public IP address.
This field is applicable if you select Static IP in the Address Mode field. Enter the subnet mask for the IP address.
PPTP Gateway IP Address
This field is applicable if you select Static IP in the Address Mode field.
Enter the IP address of the router through which this WAN connection will send traffic (the default gateway).
PPTP Server IP Address (may be same as gateway)
Type the IP address of the PPTP server.
User Name Type the user name given to you by your ISP. You can use alphanumeric and - _@$./ characters, and it can be up to 31 characters long. Password Type the password associated with the user name above. Use up to 64 ASCII
characters except the [, ] and ?. This field can be blank.
Type your password again for confirmation.
Specify how you want to re-establish an Internet connection after the idle timeout.
Select Always On when you want your connection up all the time. The ZyXEL Device will try to bring up the connection automatically if it is disconnected. Select On Demand when you don't want the connection up all the time and specify an idle time-out in the Maximum Idle Timeout field.
Select Manual when you want to manually re-establish the connection if it is disconnected.
This value specifies the time in seconds that elapses before the ZyXEL Device automatically disconnects from the PPPOE server.
your Internet Connection type. There are several connection types ta choose from: Static IP, Dynamic IP, PPPGE, PPTP and L2TP. I you are unsure of your connection method, please contact your Internet Service
Note: If using the PPPGE option, you wi need to remove or dsable any PPPOE cent softuare on your computers.
(seseunos _]f nsesennes
Choose the mode to be used by the router to connect to the Internet.
Enter the information provided by your Internet Service Provider (1SP).
Address Mode : L2TP 1P Address :
5 CstatclP © OynamciP © PPPoE © PPTP © L2TP
© Dynamic IP © Static IP Rosso
: Rs2s2s0 Rosso Rosso F——
C ameyson © On demand © Manual
Ro minutes, O=ininte)
The following table describes the related fields in this screen.
Table 17 Basic: WAN: L2TP LABEL DESCRIPTION MODES WAN Select L2TP if your ISP gives you Internet access account information (such as
the username and password).
L2TP WAN MODE Address Mode
Select Dynamic IP If your ISP did not assign you a fixed IP address. This is the default selection.
Select Static IP 1f your ISP assigned a fixed IP address. The set the following fields.
This field is applicable if you select Static IP in the Address Mode field.
Enter the IP address that your ISP gave you. This should be a static, public IP address.
This field is applicable if you select Static IP in the Address Mode field. Enter the subnet mask for the IP address.
L2TP Gateway IP Address
This field is applicable if you select Static IP in the Address Mode field.
Enter the IP address of the router through which this WAN connection will send traffic (the default gateway).
ZyXEL NBG-415N User's Guide
Table 17 Basic: WAN: L2TP (continued)
LABEL DESCRIPTION L2TP Server IP Address (may be same as gateway)
Type the IP address of the L2TP server.
User Name Type the user name given to you by your ISP. You can use alphanumeric and - _@$./ characters, and it can be up to 31 characters long. Password Type the password associated with the user name above. Use up to 64 ASCII
characters except the [, ] and ?. This field can be blank.
Type your password again for confirmation.
Specify how you want to re-establish an Internet connection after the idle timeout.
Select Always On when you want your connection up all the time. The ZyXEL Device will try to bring up the connection automatically if it is disconnected. Select On Demand when you don't want the connection up all the time and specify an idle time-out in the Maximum Idle Timeout field.
Select Manual when you want to manually re-establish the connection if it is disconnected.
This value specifies the time in seconds that elapses before the ZyXEL Device automatically disconnects from the L2TP server.
4.3 Internet Connection Test
After you have configured Internet connection settings on the ZyXEL Device, test the connection. Launch a web browser and enter any web site address for example, http://
Local Area Network (LAN) is a shared communication system to which many computers are attached. Use LAN screen to set the IP address and subnet mask of the LAN interface on the ZyXEL Device. You can also configure DHCP settings in the LAN screen.
Click Basic > LAN to display the configuration screen.
ure 36 Basic: LAN Use this section to configure the internal network settings of your router and also to configure the bult-in DHCP Server to
use ta access the Webrbased management nterface. IF you change the IP Address here, you may need to adjuet your PCs network settings to access the network again.
DEN MEET ROUTER SETTINGS Use this section to configure the internal network settings of your router, The IP Address that configured here the IP Address that you use to access the Web-based management nterface. IF you change the IP Address here, you may need Lo adjust your PC'5 network settings to access the network again.
Router 1P Address: [f52.168.11 Subnet Mask: [F55:2552550 Local Domain Name : TT éoptonsh)
RIP (ROUTING INFORMATION PROTOCOL)
Enable RIP: F7 RIP Operating mode: (V1 ( V2Brosdeast (© V2 Muticast Router Metric: [r Act as default router : Allow RIP updates from WAN: RIP Password: [7 (eave blank for no passnord) Verify RIP Password: [7 (leave blank for no passnord)
DHCP SERVER SETTINGS {Use this section to configure the buit-in DHCP Server to assign IP addresses ta the computers on your network.
Enable DHCP Server: F7
DHCP IP Address Range: [192.168.1100 tOfi92.168.1.198 DHCP Lease Time: [1440 Crinutes)
Always broadcast : | F7 (compatbty for some DHCP Cents)
5.1.1 Router Settings
To set the LAN settings (such as the IP address, subnet mask) on the ZyXEL Device,
configure the fields in the ROUTER SETTINGS section in the LAN screen.
Figure 37 Basic: LAN: Router Settings
{et action to crue te mal eo ati 0 ou routier and al cortique the uk KP arr Lo
uso cc Web-basad management bear you change the IP Adéres hrs, au may need Sd our PC network settings to access the network again.
ELLE MIE ROUTER SETTINGS Use this section to configure the internal network settings of your router. The IP Address that s configured here s the IP Address that you use to access the Web-based management nterface. If you change the IP Address here, you may need Lo adjust your PC'S network sektings to access the network again.
Router IP Address : [192.165.1.1 Subnet Mask: [255.255.255.0 Local Domain Name : (optional)
The following table describes the labels in this screen.
Table 18 Basic: LAN: Router Settings
LABEL DESCRIPTION ROUTER SETTINGS IP Address Type the IP address of your ZyXEL Device in dotted decimal notation. 192.168.1.1
is the factory default. Alternatively, click the right mouse button to copy and/or paste the IP address.
Default Subnet The subnet mask specifies the network number portion of an IP address. Your Mask ZyXEL Device automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the ZyXEL Device.
Local Domain This field is optional.
Name The DHCP server on your ZyXEL Device assigns the domain name to the computer(s) on the WLAN. for the wireless network. For example, if you enter “mynetwork.net” here, and you have a wireless laptop with a computer name of chris, that laptop will be known as “chris.mynetwork.net” to other computers on the WLAN.
Enable DNS Relay | Select this option to set the ZyXEL Device to forward DNS requests to the ISP's DNS server.
This allows computers behind the ZyXEL Device to always receive replies from a DNS server even when the ZyXEL Device obtains a different DNS server address from the ISP upon re-establishing the WAN connection.
Note: You should disable DNS relay if you have set up a DNS server on the LAN in the Virtual Server screen.
RIP (Routing Information Protocol) allows the ZyXEL Device to exchange routing information with other routers.
RIP version controls the format and the broadcasting method of the RIP packets that the ZyXEL Device sends (it recognizes both formats when receiving). RIP version 1 (V1)is universally supported. RIP version 1 is probably adequate for most networks, unless you have an unusual network topology.
RIP version 2 carries more information in the packets.Both V2 Broadcast and V2 Multicast sends the routing data in RIP version? format; the difference being that V2 Broadcast uses subnet broadcasting while V2 Multicast uses multicasting.
To configure RIP settings on the ZyXEL Device, set the fields under RIP (ROUTING INFORMATION PROTOCOL) section in the LAN screen.
ZyXEL NBG-415N User's Guide
Use this section to configure the internal network settings of your router and also to configure the bult-in DHCP Server to assign IP addresses to the computers on your network. The IP Address that & configured here s the IP Address that you use ta access the Web-based management nterface. If you change the IP Address here, you may need to adjust your PCs network settings ta access the network again.
AAct as default router :
Allow RIP updates from WAN:
RIP Password : leave blank For no passnord)
F C v1 © vBrosdeast © V2 Muticast f
F Verify RIP Password : leave blank For RPC The following table describes the labels in this screen.
Table 19 Basic: LAN: RIP LABEL DESCRIPTION RIP Enable RIP Select this option to activate RIP on the ZyXEL Device.
Specify the RIP version the ZyXEL Device is to use.
Select V1 if the other routers do not support RIP version 2.
Select V2 Broadcast if some routers support RIP version 1 and some support RIP version 2.
Select V2 Multicast if the ZyXEL Device is the only router on your network or that tall other routers support RIP version 2 only.
The metric represents the “cost” of transmission through the ZyXEL Device. IP routing uses hop count as the measurement of cost, with a minimum of 1 for directly connected networks. Enter a number that approximates the cost for this link. The number need not be precise, but it must be between 1 and 15. In practice, 2 or 3 is usually a good number.
from WAN Select this option to allow the ZyXEL Device to send/receive RIP packets through the WAN port for RIP information update.
It is recommended that you disable this option unless requested to do so by your ISP.
When you set the ZyXEL Device to use RIP version 2, you may enter a password to allow only authorized RIP packets to the ZyXEL Device.
Enter the password if provided by your ISP.
Verify RIP. Password
Enter the password again to confirm.
Chapter 5 LAN ZyXEL NBG-415N Users Guide
5.1.3 DHCP Server Settings
DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the ZyXEL Device as a DHCP server or disable it. When configured as a server, the ZyXEL Device provides the TCP/IP configuration for the DHCP client. If DHCP service is disabled, you must have another DHCP server on your LAN, or else the computer must be manually configured.
To configure DHCP settings on the ZyXEL Device, set the DHCP SERVER SETTINGS fields in the LAN screen. You can also view the list of DHCP client computers in this screen.
Figure 39 Basic: LAN: DHCP Server Settings
LAN Use this section ta configure the internal network settings of your router and also to configure the bult-in DHCP Server ta ssign IP addresses to the computers on your network. The IP Address that & configured here s the IP Address that you use ta access the Web-based management nterface. If you change the IP Address here, you may need to adust your PC network settings to access the network again.
ES RE DHCP SERVER SETTINGS Use this section to configure the buit-in DHCP Server to assign IP addresses ta the computers on your network,
Enable DHCP Server: F7 DHCP 1P Address Range: [192.168.1100 to f192.168.1.199 DHCP Lease Time: [1440 Crinutes)
Always broadcast : F7 (c or some DHCP Cents)
Computer Name IP Address MAC Address Expire Time
TWL1606 216123 OOMfesebti2 ZSHousdiMgges fadke Rave
The following table describes the labels in this screen.
Table 20 Basic: LAN: DHCP Server Settings
LABEL DESCRIPTION ENABLE Enable DHCP DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows
Server individual clients (workstations) to obtain TCP/IP configuration at startup from a server.
Select this option to set the ZyXEL Device to assign network information (IP address, DNS information etc.) to an Ethernet device connected to the LAN ports. Clear this check box to stop the ZyXEL Device from acting as a DHCP server. you
must have another DHCP server on your LAN, or else the computer must be manually configured.
DHCP Address The ZyXEL Device is pre-configured to provide IP addresses (ranging from
Range 192.168.1.100 to 192.168.1.199) to DHCP clients. This configuration leaves some IP addresses (excluding the ZyXEL Device itself) in the lower and upper ranges for other server computers, for instance, servers for mail, FTP, TFTP, web, etc., that you may have.
Specify the starting and end IP address for the DHCP clients.
ZyXEL NBG-415N User's Guide
Table 20 Basic: LAN: DHCP Server Settings (continued)
LABEL DESCRIPTION DHCP Lease Specify the time (in minutes) a DHCP client is allowed to use the assigned IP Time address from the ZyXEL Device. Once the lease time is up, the DHCP client has to
Some older DHSP client software disable DHCP broadcasting, thus some computers may not be able to obtain an IP address from the ZyXEL Device. Select this option to set the ZyXEL Device to broadcast DHCP replies. This ensures that all LAN computers can get an IP address at the cost of increased broadcast traffic on the LAN.
NUMBER OF This field displays the number of DHCP clients.
DYNMAIC DHCP CLIENTS Computer Name | This field displays the name of the DHCP client computer.
MAC Address This field displays the MAC address of the DHCP client computer. IP Address This field displays the IP address of the DHCP client computer.
5.1.4 DHCP Reservation
DHCP reservation, also known as static DHCP, allows the ZyXEL Device to assign specific IP addresses on the LAN to specific individual computers based on their MAC addresses.
Configure DHCP Reservation settings in the LAN screen. You can also view the list of reserved IP addresses in this screen.
Figure 40 Basic: LAN: DHCP Reservation
use ta access the Web-based
Use this section to configure the internal network settings of your router and also to configure the bult-in DHCP Server to assign IP addresses to the computers on your network. The IP Address that & configured here à the IP Address that you management |
network settings ta access the network again.
interface. I you change the IP Address here, you may need to adjust your PC ADD DHCP RESERVATION Enable:
Table 21 Basic: LAN: DHCP Reservation
LABEL DESCRIPTION ADD DHCP RESERVATION Enable
Select this option to enable static DHCP to set the ZyXEL Device to assign one IP address on the LAN to a specific computer based on the MAC address.
Clear this check box to disable this feature.
Enter the name of the DHCP client computer. This is for identification purposes.
You can also select the name of the client computer currently connected to the ZyXEL Device. The ZyXEL Device automatically fills the information in the fields below.
IP Address Type the IP address that you want to assign to the computer on your LAN. Alternatively, select from the list of dynamic client computer names in the drop- down list box. The ZyXEL Device automatically enters the current assigned IP address.
MAC Address Type the MAC address (with colons) of a computer on your LAN.
Or click Clone Your PC’s MAC Address to copy the MAC address of your computer.
Save Click Save to save the settings in this part of the screen.
Clear Click Clear to start configuring this part of the screen again.
DHCP RESERVATIONS LIST Enable Select this option to activate the static DHCP setting.
This field displays the name of the DHCP client computer.
This field displays the MAC address.
This field displays the IP address of the MAC address.
WLAN This chapter shows how to configure general WLAN and WLAN security settings in the WLAN screen.
6.1 General Wireless LAN Setup
Refer to Appendix B on page 128 for background information.
Configure general wireless LAN settings in the Wireless screen. Click Basic > Wireless to display the configuration screen.
Figure 41 Basic: Wireless: General Setup
WIRELESS Wireless Network Settings
Use this section to configure the wireless settings for your ZyXEL Router. Please note that changes made on this section may also need to be duplcated on your Wireless Chen.
To protect your privacy you can configure wireless securky features. This device supports three wireless security modes induding: WEP, WPA-Personal, and WPA-Enterprise. WEP is the orignal wreless encryption standard. WPA provides à higher val eur WP era dou true en authentcation server, The WP Enterprise pt requires en external RADIUS server.
EX MIE IRELESS RADIO STATUS Wireless Radio: On
WIRELESS NETWORK SETTINGS Wireless Network Name: [PEL (Also calledthe 5510) Enable Auto Channel Scan: F7 Wireless Channel: [245702 06e 2] 802.11 Mode: [Med 802.11ng, 802.119 and 802.11b E] Channel Width: [auto 20/40 m2 =] Transmission Rate : [Best (automatic) 2] (be)
Visibility Status: © visble © invisble
WIRELESS SECURITY MODE To protect your privacy you can configure wireless securiy features. This device supports three wireless security modes induding: WEP, WPA-Personal, and WPA-Enterprise. WEP is the onighal wireless encryption standard. WPA provides à higher level of securky. WPA-Persanal does not require an authentcation server. The WPA-Enterprise option requires an external RADILS server.
Security Mode: [none E |
ZyXEL NBG-415N User's Guide
THe following table describes the related labels in this screen.
Table 22 Basic: Wireless: General Setup
LABEL DESCRIPTION WIRELESS RADIO STATUS This field displays whether the wireless LAN feature is enabled (ON) or disabled
You can enable and disable the wireless LAN feature on the ZyXEL Device by using the wireless LAN switch at the rear panel of the ZyXEL Device. Refer to the Quick Start Guide for more information.
WIRELESS NETWORK SETTINS Wireless Network Name
This is also known as the SSID (Service Set IDentification), which is a unique name to identify the ZyXEL Device in the wireless LAN. Wireless stations associating to the ZyXEL Device must have the same SSID.
Enter a descriptive name of up to 32 printable characters (including spaces; alphabetic characters are case-sensitive).
Enable Auto Channel Scan
The radio frequency used by IEEE 802.11 wireless devices is called a channel.
Select this option to set the ZyXEL Device to automatically scan for and select the optimum channel in the wireless network.
This field is disabled when you enable auto channel scan. Select a channel from the drop-down list box.
Select 802.11b only to have the ZyXEL Device connect to an IEEE 802.11b wireless device only and vice versa.
Select Mixed 802.11b and 802.11g to have the ZyXEL Device connect to either an IEEE 802.119 or IEEE 802.11b wireless device.
Select 802.11g only to have the ZyXEL Device connect to an IEEE 802.11g wireless device only and vice versa.
Select 802.11ng only to have the ZyXEL Device connect to an IEEE 802.11ng wireless device only and vice versa.
Select Mixed 802.11ng, 802.11g and 802.11b to have the ZyXEL Device connect to either an IEEE 802.11ng, IEEE 802.119 or IEEE 802.11b wireless device.
Specify the wireless channel bandwidth mode the ZyXEL Device is to use.
Select 20 MHz to set the ZyXEL Device to transmit at up to 20 MHz to other wireless devices (including draft-N compatible wireless devices). Select this option to solve wireless connection problems in a mixed network.
Select Auto 20/40 MHz to set the ZyXEL Device to automatically switch between the 20 MHz and 40 MHz operation. The ZyXEL Device will use 40 Mhz for maximum transmission speed between other draft-N compatible wireless devices. If an adjacent channel is used by an IEEE 802.11b/g device, the ZyXEL Device reverts to use 20 MHz operation. This is the recommended option.
Select a transmission speed from the drop-down list box.
Select Invisible to hide the SSID in so a station cannot obtain the SSID through AP scanning.
Select Visible to make the ESSID visible so a station can obtain the SSID through AP scanning.
Chapter 6 WLAN ZyXEL NBG-415N Users Guide
6.2 Wireless LAN Security
Wireless LAN security is vital to your network to protect wireless communications. If you do not enable any wireless security on your ZyXEL Device, the ZyXEL Device’s wireless communications are accessible to any wireless networking device that is in the coverage area. Refer to Appendix B on page 128 for background information.
Configure the wireless LAN security using the Wireless screen. Click Basic > Wireless to display the configuration screen. This screen varies depending on the option you select in the Security Mode field.
Figure 42 Basic: Wireless: WLAN Security Setup
WIRELESS Wireless Network Settings
Use this section to configure the wireless settings for your ZYXEL Router. Please note that changes made on this section may also need to be duplcated on your Wireless Chen.
To protect your privacy you can configure wireless securky features. This device supports three wireless security modes including: WEP, WPA-Personal, and WPA-Enterprise. WEP is the orignal wreless encryption standard. WPA provides à higher al fer WPA-Pesonal does nt require an authelcaton grver, Th WP Enterprise pion requires an external RADIUS server.
Save Settings Discard Set — —7
ee — am à, M D WIRELESS SECURITY MODE To protect your privacy you can configure wireless securiy features. This device supports three ireless security modes induding: WEP, WPA-Personal, and WPA-Enterprise. WEP is the orignal wireless encryption standard. WPA provides à higher level of securky. WPA-Persanal does not require an authentcation server. The WPA-Enterprise option requires an external RADIUS server.
Security Mode: [none nu |
6.2.1 WLAN Security Setup: WEP To configure basic WEP key encryption, select WEP in the Security Mode field in the Wireless screen.
ZyXEL NBG-415N User's Guide
Figure 43 Basic: Wireless: WLAN Security Setup: WEP WIRELESS Wireless Network Settings.
Use this section to configure the wireless settings for your ZYXEL Router. Please note that changes made on this section may also need to be duplcated on your Wireless Cent.
To protect your privacy you can configure wireless security features. This device supports three wireless security modes induding: WEP, WPA-Personal, and WPA-Enterprise. WEP is the original wireless encryption standard. WPA provides à bigher level of secury. WPA-Persanal does not require an authentication server, The WPA-Enterprise option requires an external RADIUS server
Save Settings Discard Settigs
66 SECURITY MODI To protect your privacy you can configure wireless securky Features. This device supports three wireless security modes including: WEP, WPA-Personal, and WPA-Enterprise. WEP i the orignal wreless encryption standard. WPA provides à Higher level of securky. WPA-Personal does not require an authentication server, The WPA-Enterprise option requires an
external RADIUS server.
Security Mode : [EEE :]
WEP WEP is the wireless encryption For 64 bit keys vou must enter box, À hex cige is either à num authentication type to “shared
ASCII values of the characters.
Default WEP KG Authenticati
ou may also enter any text string into a WEP key box, in which case & wi be converted into a hexadecimal key using the
WEP key Length: [ETEEUG RE SAIT) JE] engh apple to a keys) Passphreset [— Mlesnerts WEP key 12 FRE WEP key 22 FRE WePkey 3e FRE WEP keys FRE
standard. To use R you must enter the same key(s) into the router and the wireless stations. 10 hex digts into each key box. For 128 b keys vou must enter 26 hex digis Ita each key er From À to 9 or a letter From À to F. For the most secure use of WEP set the
text characters can be entered for 64 bi keys, and 13 characters for 128 bi keys,
ey: [weprey1 =] ion: [Open =]
The following table describes the related fields in this screen.
Wireless: WLAN Security Setup: WEP LABEL DESCRIPTION WEP WEP Key Length
WEP (Wired Equivalent Privacy) encrypts data frames before transmitting over the wireless network. Select 64-bit (10 hex char).
or 5 ASCII char) or 128-bit (26 hex digits or 13 ASCII Key 1.4
The WEP keys are used to encrypt data. Both the ZyXEL Device and the wireless stations must use the same WEP key for data transmission.
If you want to manually set the WEP keys, enter the key in the field provided.
If you chose 64-bit, then enter 10 hexadecimal characters ("0-9", "A-F").
If you chose 128-bit, then enter26 hexadecimal characters ("O-9", "A-F").
The values for the WEP keys must be set up exactly the same on all wireless devices in the same wireless LAN.
You must configure all four keys, but only one key can be used at any one time. The default key is key 1.
Chapter 6 WLAN ZyXEL NBG-415N Users Guide
Table 23 Basic: Wireless: WLAN Security Setup: WEP (continued)
LABEL DESCRIPTION Default WEP Key | Select a default WEP key to use for data encryption.
Authentication Select an authentication method. Choices are Shared Key, Open and Auto.
6.2.2 WLAN Security Setup: WPA-Personal
If you want better WLAN security than WEP but do not have a RADIUS server on your network, select WPA-Personal in the Security Mode field in the Wireless screen.
ure 44 Basic: Wireless: WLAN Security Setup: WPA-Personal
WIRELESS Wireless Network Settings
Use this section to configure the wireless settings for your ZYXEL Router. Please note that changes made on this section may also need to be duplcated on your Wireless Chen.
To protect your privacy you can configure wireless securky features. This device supports three wireless security modes: inuding: WEP, WPA-Personal, and WPA-Enterprise. WEP is the orignal wreless encryption standard. WPA provides à hgrer Ivel of seu. WPR Personal does not require an authanticain server. The WP Enterprise ption requires an external RADIUS server,
WIRELESS SECURITY MODE To protect your privacy you can configure wireless securky Features. This device supports three wireless security modes including: WEP, WPA-Personal, and WPA-Enterprise. WEP is the orignal wreless encryption standard. WPA provides à higher level of securky. WPA-Personal does not require an authentication server, The WPA-Enterprise option requires an external RADIUS server.
Security Mode: [ERERESEN |
{Use WPA or WPA2 mode to achieve a balance af strong security and best compatibity. This mode uses WPA for legacy lents whle maintaining higher security with stations that are WPAZ capable. Also the strongest dpher that he cient supports wil be used, For best securky, use WPA2 Only mode. This mode uses AES(CCMP) cipher and legacy stations are not alowed access with WPA security, For maximum compatibéty, use WPA Only. This mode uses TKIP cher, Some gaming and legacy devices work only in this mode,
WPA Mode : [Auto (WPA or WPA2) =]
Group Key Update Interval: [5600 seconds)
PRE-SHARED KEY Pre-Shared key: [re
ZyXEL NBG-415N User's Guide
The following table describes the related labels in this screen.
Table 24 Basic: WLAN Security Setup: WPA-Personal
LABEL DESCRIPTION WPA WPA Mode Specify a WPA mode. Make sure the peer device(s) is also set to use the same WPA mode. Select Auto (WPA or WPA2) to set the ZyXEL Device to use WPA2 first and then WPA if connection fails with WPA2. Select WPA Only to set the ZyXEL Device to use WPA. WPA is a older implementation than WPA2. Select WPA2 Only to set the ZyXEL Device to use WPA2 only.
Group Key Update | This is the rate at which an AP or RADIUS server sends a new group key out to all
Interval clients. The re-keying process is the WPA equivalent of automatically changing the WEP key for an AP and all stations in a WLAN on a periodic basis. Enter an update time in seconds.
PRE SHARED KEY Pre-Shared Key Type a pre-shared key from 8 to 63 case-sensitive ASCII characters (including spaces and symbols).
6.2.3 WLAN Security Setup: WPA-Enterprise
If you want better WLAN security than WEP and have a RADIUS server on your network, select WPA-Enterprise in the Security Mode field in the Wireless screen.
Chapter 6 WLAN ZyXEL NBG-415N User’s Guide
Figure 45 Basic: Wireless: WLAN Security Setup: WPA-Enterprise
WIRELESS Wireless Network Settings.
Use this section to configure the wireless settings for your ZyXEL Router. Please note that changes made on this section may also need to be duplcated on your Wireless Chen.
To protect yaur privacy you can configure wireless security features. This device supports three wireless security modes induding: WEP, WPA-Personal, and WPA-Enterprise. WEP i the orignal wreless encryption standard. WPA provides à higher level fear. WPA-ersonal dos nat require an authencaton server, The WPA Enterprise pin requires an external RADIUS server.
WIRELESS SECURITY MODE To protect your privacy you can configure wireless securky features. This device supports three vireless security modes inuding: WEP, WPA-Personal, and WPA-Enterprise. WEP is the orignal wreless encryption standard. WPA provides à Higher level of securky. WPA-Personal does not require an authentication server, The WPA-Enterprise option requires an external RADIUS server.
Security Mode: [ERSSERES =]
WPA Use WPA or WPA2 mode to achieve a balance of strong security and best compatibity. This mode uses WPA for legacy lents whle mairtaring higher securky with stations that are WPA2 capable. Also the strongest cipher that the cent supports wil be used, For best securky, use WPA2 Only mode. This mode uses AES(CCMP) cipher and legacy stations are not alowed access with WPA security. For maximum compatibty, use WPA Only. This mode uses TKIP cpher, Some gaming and legacy devices work only in this mode.
Authentication Timeout : [60 rinutes) RADIUS server IP Address : [0.0.0:0 RADIUS server Port: [1812
RADIUS server Shared
MAC Address Authentication: F7
Optional backup RADIUS server
Second RADIUS server IP Address :
Second RADIUS server shared Secret: lea Second MAC Address
The following table describes the related labels in this screen.
Table 25 Basic: WLAN Security Setup: WPA-Enterprise
LABEL DESCRIPTION WPA WPA Mode Specify a WPA mode. Make sure the peer device(s) is also set to use the same WPA mode. Select Auto (WPA or WPA2) to set the ZyXEL Device to use WPA2 first and then WPA if connection fails with WPA2. Select WPA Only to set the ZyXEL Device to use WPA. WPA is a older implementation than WPA2. Select WPA2 Only to set the ZyXEL Device to use WPA2 only. Group Key Update | This is the rate at which an AP or RADIUS server sends a new group key out to all Interval clients. The re-keying process is the WPA equivalent of automatically changing the
WEP key for an AP and all stations in a WLAN on a periodic basis. Enter an update time in seconds.
Authentication Timeout
Specify how often wireless stations have to reenter user names and passwords in order to stay connected. Enter a time interval between 10 and 65535 seconds.
If wireless station authentication is done using a RADIUS server, the reauthentication timer on the RADIUS server has priority.
RADIUS Server IP Address
Enter the IP address of the external authentication server in dotted decimal notation.
The default port of the RADIUS server for authentication is 1812.
You need not change this value unless your network administrator instructs you to do so with additional information.
RADIUS Server Shared Secret
Enter a password (up to 31 alphanumeric characters) as the key to be shared between the external authentication server and the access points.
The key is not sent over the network. This key must be the same on the external authentication server and ZyXEL Device.
MAC Address Authentication
Select this option to force a user to connect from the same computer when logging into the wireless network.
Click Advanced >> to display the fields to configure the second RADIUS server.
Click << Advanced to hide the fields.
Optional Backup RADIUS Server
Second RADIUS Server IP Address
Enter the IP address of the external authentication server in dotted decimal notation.
Second RADIUS Server Port
The default port of the RADIUS server for authentication is 1812.
You need not change this value unless your network administrator instructs you to do so with additional information.
Second RADIUS Server Shared Secret
Enter a password (up to 31 alphanumeric characters) as the key to be shared between the external authentication server and the access points.
The key is not sent over the network. This key must be the same on the external authentication server and ZyXEL Device.
Second MAC Address Authentication
Select this option to force a user to connect from the same computer when logging into the wireless network.
Chapter 6 WLAN ZyXEL NBG-415N Users Guide
6.3 Wireless Client Setup using Windows® Connect Now
With Windows® Connect Now, you can transfer wireless settings on your ZyXEL Device to a USB memory stick and then save the settings to the wireless client computer(s). This allows you to easily set up a wireless LAN. To take advantage of this feature, you need:
+ A USB memory stick with at least 300K of available memory. + Windows XP with Service Pack 2 (SP2).
Follow the steps below to set up a wireless LAN using Windows® Connect Now.
1 Click Start > Control Panel and double-click Wireless Network Setup Wizard.
2 The first wizard screen displays.
Click Next in each screen to continue.
Fe Ee Vu voies Tods Hop
Welcome to the Wireless Network Setup Wizard
3 Select Set up a new wireless network to configure a new wireless network.
4 Inthe Network name (SSID) field, specify a unique name to identify your wireless LAN.
5 Select Automatically assign a network key to have Windows create a security key.
6 Select Use WPA encryption instead of WEP for data encryption.
7 Select Use a USB Flash drive to set up a wireless network.
F7 Liz ent rt of VE (Pa ang han Bb at a cs are ones NPA
8 Connect the USB drive to your computer and specify the drive letter in the Flash
Save sctings to our asie. drive field. Pa eur fa me am LE pot ons cons, andre he tt Es æ Ut ter one dm one mere Te | a ré si our astres ut 30 Fa ct [rs] éme 9 Follow the instructions on the screen
ranser your netork settings to your ae computers or devices;
2.Puge az de vou rl cer pat, any den cha te to een the ane cn, re Pa D sms
2 Page drives cheap ve pau to ct pou ape dre aire the come, ar the de
10This screen displays when you have
successfully set up a secure wireless network. Click Finish.
The wizard completed successfully 11From a wireless computer, test your
You tds atuo ner at to use Vouhave suce Lette long dors
wireless LAN connection to the ZyXEL Device.
This chapter describes the Advanced screens you use to configure routing and security features.
Some Internet applications (such as video conferencing and Internet games) require multiple connections between the clients and the server. These applications do not work through NAT- enabled networks. Your ZyXEL Device is a NAT-enabled device. In order to allow these applications to work in your network, you have to configure the ZyXEL Device to forward these applications to ports on a computer hosting the services.
To set the ZyXEL Device to forward applications to allowed ports, click Advanced > Game Hosting to display the configuration screen.
Figure 46 Advanced: Game Hosting
ESC This option is used to open multiple parts or a range of ports your router and redrect data through those ports to a single PC on your netwark, This Feature allows you ta enter ports in various formats induding, Part Ranges (100-150), Individual Ports (80, 68, 888), ar Mixed (1020-5000, 689).
(ssveseunos _]f nsesseums
Wed ii 2m 2m AouA Au
Chapter 7 Advanced 72
ZyXEL NBG-415N User's Guide
The following table describes the fields in this screen.
Table 26 Advanced: Game Hosting
LABEL DESCRIPTION Enable Click Enable to activate this feature.
Clear this check box to deactivate this feature. Note that some Internet applications may not work in your network behind the ZyXEL Device.
Name Enter a descriptive name for this setting.
Alternatively, select a pre-defined application name from the drop-down list box. The pre-configured port number ranges for the selected application will be automatically displayed below.
IP Address Enter the IP address (in dotted decimal notation) of a local computer hosting the selected service.
Alternatively, select the name of a LAN computer from the drop-down list box. The IP address of the selected computer will be displayed in this field.
TCP Ports to Open | Specify the TCP port(s) for the application. You can enter a port number and/or a range of ports. For example, 6159-6180, 99.
UDP Ports to Specify the UDP port(s) for the application. You can enter a port number and/or a
Open range of ports. For example, 6159-6180, 99.
Inbound Filter Select a filter action on the traffic. Select You can configure filter actions in the Inbound Filter screen.
Schedule Select the name of a time setting during which this setting is active. You can configure schedules in the Schedules screen.
Save Click Save to save the changes of a configuration screen for the current session.
Clear Click Clear to start configuring a screen again.
Enable Select this option to activate this setting. Clear this checkbox to disable this setting.
Name This field displays the descriptive name for this setting.
IP Address This field displays the IP address of the local computer to which the specified traffic is forwarded.
TCP Ports This field displays the TCP port(s) the specified traffic is forwarded.
UDP Ports This field displays the UDP port(s) the specified traffic is forwarded.
Inbound Filter This field displays the name of the filter on the incoming traffic.
Schedule This field displays the name of the schedule to use.
With the virtual server (also known as port forwarding) feature, you can make inside (behind NAT on the LAN) servers, for example, web or FTP, visible to the outside world even though NAT makes your whole inside network appear as a single computer to the outside world.
73 Chapter 7 Advanced
ZyXEL NBG-415N Users Guide
You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server. The port number identifies a service; for example, web service is on port 80 and FTP on port 21. In some cases, such as for unknown services or where one server can support more than one service (for example both FTP and web service), it might be better to specify a range of port numbers. You can allocate a server IP address that corresponds to a port or a range of ports.
Many residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and
may suspend your account if it discovers any active services at your location. If you are unsure, refer to your ISP.
7.2.1 Common Services and Port Numbers
The most often used port numbers are shown in the following table. Please refer to RFC 1700 for further information about port numbers.
Table 27 Virtual Server: Common Services and Port Numbers
SERVICES PORT NUMBER ECHO 7 FTP (File Transfer Protocol) 21 SMTP (Simple Mail Transfer Protocol) 25 DNS (Domain Name System) 53 Finger 79 HTTP (Hyper Text Transfer protocol or WWW, Web) 80 POP3 (Post Office Protocol) 110 NNTP (Network News Transport Protocol) 119 SNMP (Simple Network Management Protocol) 161 SNMP trap 162 PPTP (Point-to-Point Tunneling Protocol) 1723
VIRTUAL SERVER The Virtual Server option alows you to define a single pub port on your router for redirection to an internal LAN IP Address and Private LAN port f required. This feature à useful for hosting onâne services such as FTP or Web Servers.
The following table describes the labels in this screen.
Table 28 Advanced: Virtual Server
LABEL DESCRIPTION Active Select this check box to enable this virtual server setting. Clear this check box to disallow forwarding of these ports to an inside server without having to delete the entry.
Name Enter a name to identify this port-forwarding rule. Alternatively, select a pre-defined name from the drop-down list box to have the ZyXEL Device fill in the default port numbers for the selected service.
IP Address Enter the inside IP address of the inside server. Alternatively, select the name of a LAN computer from the drop-down list box to have the ZyXEL Device fill in the IP address of the computer.
Protocol Select the protocol type (TCP, UDP or Both).
Private Port Enter the port number to which you want the ZyXEL Device to translate the public port.
Public Port Enter the incoming port number for the selected service.
Inbound Filter Select a filter action on the traffic. Select You can configure filter actions in the Inbound Filter screen.
Schedule Select the name of a time setting during which this setting is active. You can configure schedules in the Schedules screen.
Save Click this button to save the changes of a configuration screen for the current session.
Clear Click this button to start configuring a screen again.
ZyXEL NBG-415N Users Guide
Table 28 Advanced: Virtual Server (continued)
LABEL DESCRIPTION Enable Select this check box to enable this virtual server setting. Clear this check box to disallow forwarding of these ports to an inside server without having to delete the entry.
Name This field displays the descriptive name for this setting.
IP Address This field displays the IP address of the inside server.
Protocol This field displays the protocol type.
Private Port This field displays the port number to which you want the ZyXEL Device to translate the public port.
Public Port This field displays the incoming port number.
Inbound Filter This field displays the name of the filter on the incoming traffic.
Schedule This field displays the name of the schedule to use.
You can enable Application Layer Gateway (ALG) to allow certain NAT un-friendly applications (such as SIP) to operate properly through the ZyXEL Device. Alternatively, you can configure port triggering to allow computers on the LAN to dynamically take turns using the service
7.3.1 Port Triggering
Some services use a dedicated range of ports on the client side and a dedicated range of ports on the server side. With regular port forwarding (or virtual server setup) you set a forwarding port in NAT to forward a service (coming in from the server on the WAN) to the IP address of a computer on the client side (LAN). The problem is that port forwarding only forwards a service to a single LAN IP address. In order to use the same service on a different LAN computer, you have to manually replace the LAN computer's IP address in the forwarding port with another LAN computer's IP address.
Trigger port forwarding solves this problem by allowing computers on the LAN to dynamically take turns using the service. The ZyXEL Device records the IP address of a LAN computer that sends traffic to the WAN to request a service with a specific port number and protocol ("trigger" port and protocol). When the ZyXEL Device's WAN port receives a response with a specific port number and protocol ("input" port and protocol), the ZyXEL Device forwards the traffic to the LAN IP address of the computer that sent the request. After that computer’s connection for that service closes, another computer on the LAN can use the service in the same manner. This way you do not need to configure a new IP address each time you want a different LAN computer to use the application.
Chapter 7 Advanced 76
ZyXEL NBG-415N User's Guide
Use the Special Applications screen to configure port triggers and set up ALG passthroughs for specific applications (such as online games).
Click Advanced > Applications to display the configuration screen.
Figure 48 Advanced: Applications
AT This option is used to open single or multiple ports on your router when the rauter senses data sent to the Internet on à “rigger” port ar part range. Special Applications rues apply to al computers on your internal
The following table describes the labels in this screen.
LABEL DESCRIPTION Add Special Applications Rule
Select this option to activate this rule.
Enter a descriptive name for identification purposes.
Alternatively, select a pre-defined application name from the drop-down list box to have the ZyXEL Device fill in the default port numbers and protocol type for the selected application.
The trigger port is a port (or a range of ports) that causes (or triggers) the ZyXEL Device to record the IP address of the LAN computer that sent the traffic to a server on the WAN.
Specify a port or a range of ports.
Select a protocol type for the application.
Incoming is a port (or a range of ports) that a server on the WAN uses when it sends out a particular service. The ZyXEL Device forwards the traffic with this port (or range of ports) to the client computer on the LAN that requested the service.
Table 29 Advanced: Applications (continued)
LABEL DESCRIPTION Input Protocol
Select the protocol used by the traffic coming to the router through the opened port range.
Schedule Select the name of a time setting during which this setting is active. You can configure schedules in the Schedules screen.
Save Click Save to save the changes of a configuration screen for the current session.
Clear Click Clear to start configuring a screen again.
Special Applications
Enable Select this check box to enable this trigger port setting. Clear this check box to deactivate it.
Name This field displays the descriptive name of this trigger port setting.
Trigger Protocol/ Ports
This field displays the trigger port (or port range) and the trigger protocol type.
This field displays the input port (or port range) and the input protocol type.
This field displays the name of the schedule to use.
Use the StreamEngine screen to configure traffic priorities. This improves network quality for your applications (such as online gaming). StreamEngine improves your online gaming experience by ensuring that your game traffic is prioritized over other network traffic, such as
For better performance, use the Automatic Classification option to automatically set the priority for your applications.
STREAMENGINE Use this section ta configure ZyXEL's StreamEngne powered by StreamEngne”* Technology. This StreamEngine mproves: your online gaming experience by ensuring that your game trafics priortized over other network traffic, such as FTP or ‘Web. For best performance, use the Automatic Classhication option to automabcall set the priorty For your applications
ADD STREAMENGINE RULE Enable: Name: Priority: [D (1.25, 255 is the lomest priority) Protocol : [D << [Select Protocol =] Source IP Range: [0000 to/255.25.2525
STREAMENGINE RULES LIST Enable Name Priority Source Destination Protocol / Ports IPRange IP Range
The following table describes the labels in this screen.
Table 30 Advanced: StreamEngine
LABEL DESCRIPTION Enable Select this option to enable this feature. StreamEngine
Automatic Select this option to set the ZyXEL Device to automatically classify the traffic based Classification on the default
Dynamic Select this option to set the ZyXEL Device to break up large packets with high Fragmentation | priority. This improves transmission quality.
Automatic Select this option to set the ZyXEL Device to automatically detect and set the Uplink Speed optimum WAN connection speed.
Measured This field displays the detected transmission speed of the WAN connection that was Uplink Speed last established. This uplink speed may be different from the actual transmission
speed depending on your network environment and line condition.
ZyXEL NBG-415N Users Guide
Table 30 Advanced: StreamEngine (continued)
LABEL DESCRIPTION Manual Uplink | This field is not applicable when you select the Automatic Uplink Speed option Speed above. Enter a number or select a pre-defined choice from the drop-down list box to manually set the uplink speed for the WAN connection. Connection Select Auto-detect to set the ZyXEL Device to automatically detect the Internet Type connection type.
Select xDSL or Other Frame Relay Network if the ZyXEL Device connects to the Internet via a DSL modem.
Select Cable or Other Broadband Network if the ZyXEL Device connects to the Internet via a cable modem.
Detected xDSL or Framerelay
This field is applicable when you select Auto-detect in the Connection Type field. This field displays the name of the detected line connection type.
Add StreamEngine Rule
Enable Select this option to enable this rule.
Name Enter a descriptive name for identification purposes.
Priority Specify a priority for the traffic type specified below. Enter a number between 1 (highest) and 255 (lowest).
Protocol Enter the protocol number or select a pre-defined protocol type from the drop-down list box.
Source IP Specify one or a range of source |P addresses in the fields provided. Enter the same
Range IP address in the to field if you want to specify one IP address.
Source Port Specify one or a range of source port numbers. Enter the same number in the to field
Range if you want to specify one source port.
Destination IP Range
Specify one or a range of destination IP addresses in the fields provided. Enter the same |P address in the to field if you want to specify one IP address.
Specify one or a range of destination port numbers. Enter the same number in the to
Range field if you want to specify one destination port. Save Click Save to save the settings. Clear Click Clear to start configuring this part of the screen again.
Enable Select this option to activate this rule. Clear this check box to disable this rule without deleting it.
Name THis field displays the descriptive name for the rule.
Priority This field displays the priority level (1 to 255) of this rule.
Source IP This field displays one or a range of source IP addresses.
Destination IP This field displays one or a range of destination IP addresses.
Protocol/Ports This field displays the protocol and port numbers.
Each remote node specifies only the network to which the gateway is directly connected, and the ZyXEL Device has no knowledge of the networks beyond. For instance, the ZyXEL Device knows about network N2 in the following figure through remote node Router 1. However, the ZyXEL Device is unable to route a packet to network N3 because it doesn't know that there is a route through the same remote node Router 1 (via gateway Router 2). The static routes are for you to tell the ZyXEL Device about the networks beyond the remote nodes.
Figure 50 Example of Static Routing Topology N1 N2 N3
ZyXEL NBG-415N Users Guide
Figure 51 Advanced: Routing
ROUTING The Routing option allows you to define fixed routes to defined destinations.
ADD ROUTE ROUTES LIST EXISTING ROUTES Destination IP 172.23.37.0 0000 192.168.1.0
Metric Interface Creator 1 Wan System 15 Wan System 1 Lan System
The following table describes the labels in this screen.
Table 31 Advanced: Routing
LABEL DESCRIPTION Add Route Enable Select this option to activate this setting.
This field is not applicable for pre-defined routes.
Destination IP Enter the destination IP address in dotted decimal notation.
Netmask Enter the subnet mask.
Gateway Enter the IP address of the gateway device for the selected interface below.
Interface Select an interface to which you want to apply the setting.
Metric Metric represents the “cost” of transmission for routing purposes. IP routing uses hop count as the measurement of cost, with a minimum of 1 for directly connected networks. Enter a number that approximates the cost for this link. The number need not be precise, but it must be between 1 and 15. In practice, 2 or 3 is usually a good number.
Save Click Save to save the settings.
Clear Click Clear to start configuring this part of the screen again.
Enable Select this option to activate this rule. Clear this check box to disable this rule
without deleting it.
Destination IP This field displays the destination IP address.
This field displays the subnet mask for the destination IP address above.
This field displays the IP address of the gateway device.
Table 31 Advanced: Routing (continued)
LABEL DESCRIPTION Metric This field displays the “cost” of this route.
Interface This field displays the interface to which this routing setting is applied.
Destination IP This field displays the destination IP address.
Netmask This field displays the subnet mask for the destination IP address above.
Gateway This field displays the IP address of the gateway device.
Metric This field displays the “cost” of this route.
Interface This field displays the interface to which this routing setting is applied.
Creator ue field displays the person/device that created this static route on the ZyXEL evice.
Internet access control allows you to create and enforce Internet access policies tailored to your needs. Access control gives you the ability to block specified computers and/or applications from accessing the Internet. You can also set a schedule for when the ZyXEL Device performs content filtering.
Follow the steps below to configure an access control rule. 1 Click Advanced > Access Control to display the configuration screen. 2 Select Enable Access Control to activate this feature.
Figure 52 Advanced: Access Control
The Access Control option allows you to control access in and out of your network. Use this feature as Access Control to nd grant access to approved sites, im web access based on time or dates, andjor bockintemet access for applications Ike P2P utlties or games.
[ser sanns _]f oreisatnns
ACCESS CONTROL Enable Access Control: F7
3 Click Add Policy to display the wizard screen. This screen outlines the steps to create an access control policy. Click Next.
ZyXEL NBG-415N Users Guide
ADD NEW POLICY This wizard will guide you through the following steps to add a new policy for Access Control.
Step 1 - Choose a unique name for your poly
Step 2 - Select a schedule
Step 3 - Select the machine to which this poly apples Step 4 - Select fltering method
Step 5 - Select fiters
Step 6 - Configure Web Access Loggng
4 In the first wizard screen, enter a descriptive name for identification purposes. Click Next to continue.
Figure 54 Advanced: Access Control: Wizard: Policy Name
STEP 1: CHOOSE POLICY NAME Choose a unique name for your policy.
5 Specify the time this rule is active.
Select the name of a schedule from the drop-down list box. You can configure a schedule in the Schedule screen.
Click Next to continue.
Figure 55 Advanced: Access Control: Wizard: Select Schedule
STEP 2: SELECT SCHEDULE Choose a schedule to apply to this policy.
6 In this wizard screen, specify the address type and the Ethernet device(s) to which the settings apply. Click Next.
Chapter 7 Advanced 84
STEP 3: SELECT MACHINE Select the machine to which this policy applies. Specify a machine with ts IP or MAC address, or select "Other Machines” for machines that do not have a poly.
The following table describes the labels in this screen.
Table 32 Advanced: Access Control: Wizard: Select Machine
LABEL DESCRIPTION Address Type Select the address type this rule checks.
IP Address This field is applicable when you select IP in the Address Type field above. Enter the IP address of a device to which you want to apply this rule. Alternatively, select a device name from the drop-down list box.
MAC Address This field is applicable when you select MAC in the Address Type field.
Enter the MAc address of the device to which you want to apply this rule. Alternatively, select a device name from the drop-down list box.
This button is applicable when you select MAC in the Address Type field.
MAC Address Click this button to copy the MAC address of your computer.
OK Click OK to add the Ethernet device settings.
Cancel Click Cancel to start configuring this part of the screen again.
Machine This field displays the IP address or MAC address of the Ethernet device(s) to which the access control policy is applied.
Schedule Specify the time this rule is active.
Select the name of a schedule from the drop-down list box. You can configure a schedule in the Schedule screen.
Select this option to apply the web filters you configure in the Web Filter screen.
Select this option to set the ZyXEL Device to create logs for Internet access activity.
Click this button to display the fields you use to configure port filters.
Select this option to activate this rule. Clear this check box to deactivate this rule.
Name Enter a descriptive name for identification purposes. Dest IP Start Enter the start of the destination IP address range. Dest IP End Enter the end of the destination IP address range. Protocol Select a protocol type from the drop-down list box.
Table 32 Advanced: Access Control: Wizard: Select Machine (continued)
LABEL DESCRIPTION Dest Port Start
Enter the start of the destination port range.
Enter the end of the destination port range.
Click Save to save the settings in this part of the screen.
Click Clear to start configuring this part of the screen again.
Access Control Rule:
Enable Select this option to activate the rule. Clear this check box to disable the rule without deleting it.
Policy This field displays the name of the port filter policy you configured for this access control rule.
Machine This field displays the IP or MAC address of the device to which this access control rule is applied.
Schedule This field displays the name of the schedule to use.
Web Filter This field indicates whether web filters apply to this access control rule.
Logged This field indicates whether Internet access activities are logged.
7 Select the access control method, the filter(s) to apply and click Next.
Figure 57 Advanced: Access Control: Wizard: Filtering Method
STEP 4: SELECT FILTERING METHOD Select the method for filering. Method: C Log Web Access Only (Block Al Access © Block Some Access
Sentinel Services: F- Apply Web Filter:
Apply Advanced Port Filters:
The following table describes the labels in this screen.
Table 33 Advanced: Access Control: Wizard: Filtering Method
LABEL DESCRIPTION Method Log Web Select this option to set the ZyXEL Device to create logs for Internet access Access Only | activity. Block AI Select this option to disallow the specified Ethernet device(s) from accessing the Access Internet. Block Some Select this option to allow or deny access to specified destination(s). Access Sentinel Services | This field displays when you select Block Some Access. Select this option to block access to web sites classified in the specified category(ies).
Table 33 Advanced: Access Control: Wizard: Filtering Method (continued)
LABEL DESCRIPTION Apply Web Filter | This field displays when you select Block Some Access. Select this option to apply the web filters you configure in the Web Filter screen.
Apply Advanced This field displays when you select Block Some Access.
Port Filters Select this option to apply the web filters you configure in the Port Filter screen. Filter Ports Click this button to display the fields you use to configure port filters.
Enable Select this option to activate this rule. Clear this check box to deactivate this rule. Name Enter a descriptive name for identification purposes.
Dest IP Start Enter the start of the destination IP address range.
Dest IP End Enter the end of the destination IP address range.
Protocol Select a protocol type from the drop-down list box.
Dest Port Start Enter the start of the destination port range.
Dest Port End Enter the end of the destination port range. Save Click Save to save the settings in this part of the screen. Clear Click Clear to start configuring this part of the screen again.
Access Control Rules List
Enable Select this option to activate the rule. Clear this check box to disable the rule without deleting it.
Policy This field displays the name of the port filter policy you configured for this access control rule.
Machine This field displays the IP or MAC address of the device to which this access control rule is applied.
Schedule This field displays the name of the schedule to use.
Web Filter This field indicates whether web filters apply to this access control rule.
Logged This field indicates whether Internet access activities are logged.
8 If you select Sentinel Services in the previous screen, the Service Categories screen displays. Use this screen to configure category-based content filtering.
This screen varies depending on what you select in the Categories Selection field.
87 Chapter 7 Advanced
ZyXEL NBG-415N Users Guide
STEP 5: SENTINEL CATEGORIES Select the Sentinel categories to filter.
Categories Selection: & 9y age € Manual
Select Age Category : [Adolescent (9 Youth (13: ladu (18+)
Block Unrated Sites:
STEP 5: SENTINEL CATEGORIES Select the Sentinel categories te filter.
Categories Selection: Cp age © Manual
CheckAl: T° Alcohol T° Gambing TT publi Proxies FF anarchy. T° Games FRaated
I automobile Hate I search Engine I Banner Ad FC Humor I shopping
FC chat M ufestyles FC sports
I Criminal Sklls F Magazine Tickets
FF cuits D News C travel
I orugs F obscene TC Unstable
I Employment F opinion web Mas
I Entertainment F personals M web Newsgroup Financial M Pop-ups
Free Host Porography
Block Unrated Sites:
EI ET The following table describes the labels in this screen.
Table 34 Advanced: Access Control: Wizard: Filtering Method
LABEL DESCRIPTION Category Select By Age to block access to web sites categorized by age group. Selection Select Manually to select the web site categories manually.
Select Age Select an age group from the list.
Check AI Select this option to select all categories below.
Block Unrated Select this option to prevent users from accessing web pages that are not Sites categorized.
9 If you select Apply Advanced Port Filters in the previous screen, the Port Filter screen displays. Use this screen to configure port filter(s) that blocks access to specified port(s) on a computer.
Chapter 7 Advanced 88
Specify rules to prahbi access to specific 1P addresses and ports.
SE EE ES The following table describes the labels in this screen.
Table 35 Advanced: Access Control: Wizard: Filtering Method
LABEL DESCRIPTION Enable Select this option to activate this rule. Clear this check box to deactivate this rule. Name Enter a descriptive name for identification purposes.
Dest IP Start Enter the start of the destination IP address range.
Dest IP End Enter the end of the destination IP address range.
Protocol Select a protocol type from the drop-down list box.
Dest Port Start Enter the start of the destination port range.
Dest Port End Enter the end of the destination port range.
10ln this screen, select Enabled to set the ZyXEL Device to create logs for Internet access
activity. Select Disabled to deactivate this feature.
Figure 60 Advanced: Access Control: Wizard: Web Access Logging
STEP 6: CONFIGURE WEB ACCESS LOGGING G Disabied C Enabled
Web Access Logging :
11Click Save to save the settings and return to the main Access Control screen. You should
see the new access control policy in the Policy Table.
ZyXEL NBG-415N User’s Guide
Figure 61 Advanced: Access Control: Example
ACCESS CONTROL Ike P2P utlties or games.
The Access Control option allows you to control access in and out of your network. Use this feature as Access Control to ondy grant access to approved sites, imk web access based on time or dates, and/or block interet access for applications
ELLE MIS ACCESS CONTROL POLICY TABLE Enable Policy & Test
Enable Access Control: F7
Machine Fitering Logged … Schedule 1S21681175 Boksome No AMeys tee # 9
The Web Filter screen gives you the ability to allow access only to web sites that you specify.
Click Advanced > Web Filter to display the configuration screen.
Figure 62 Advanced: Web Filter
WEB FILTER The Web Fiter aption alows you to set up à ist of alowed Web ste that can be used by multiple users, When Web Fiker is enabled, all Web stes not lsted on this page wil be blocked. To use this feature, you must also select the "apply Web Fiker" checkbox in the Access Contral section.
The following table describes the labels in this screen.
Table 36 Advanced: Web Filter
LABEL DESCRIPTION Add Web Site Enable Select this option to activate this setting. Clear this check box to disable it.
ZyXEL NBG-415N User's Guide
Table 36 Advanced: Web Filter (continued)
LABEL DESCRIPTION Web Site Enter the web site address to which you want to allow access. For example, if you enter zyxel.com, the ZyXEL Device allows access to www.zyxel.com, support.zyxel.com or product.zyxel.com, etc. For web sites that obtain data from another web site, you need to allow access to those web sites as well. For example, if www.zyxel.com gets a graphic file from www.mysite.com, then you must also enter www.mysite.com in this screen. Note: Do NOT enter “http://".
Save Click Save to save the settings in this part of the screen.
Clear Click Clear to start configuring this part of the screen again.
Allowed Web Site |This table lists the addresses of the web sites that you want to allow access.
Enable Select this option to allow access to this web site. Clear this check box to block access.
Web Site This field displays the web site address.
MAC address filtering means sifting traffic going through the ZyXEL Device based on the source and/or destination MAC addresses. You can set the ZyXEL Device to filter packets from connected wireless clients or computers on the wired LAN.
Click Advanced > MAC Filter to display the configuration screen.
Figure 63 Advanced: MAC Filter
MAC ADDRESS FILTER The MAC (Media Access Controller) Address filter option is used to control network access based on the MAC Address of the network adapter, A MAC address is à nique ID assigned by the manuïacturer of the network adapter. This feature can be canfiqured to ALLOW or DENY network/Internet access.
MAC Address : << [Computer Name =
ZyXEL NBG-415N Users Guide
MAC ADDRESS LIST Deny access to all except the machines in this list (subject to "Filter Settings"):
Enable Computer Name MAC Address. F OD:fe:32:b4:12 00:Dfe:32:b4:12 # 9
The following table describes the labels in this screen.
Table 37 Advanced: MAC Filter
LABEL DESCRIPTION Enable Select Enable MAC Address Filter to activate this setting. Clear this check box to disable it.
Mode Select only deny listed machines to block frames to/from the specified MAC address(es). Select only allow listed machines to forward frames to/from the specified MAC address(es).
Filter Wireless Select this option to apply the filter settings to the wireless clients.
Filter Wired Select this option to apply the filter settings to the wired computers on the LAN.
Enable Select Enable to activate this filter setting. Clear this check box to disable it.
MAC Address Enter the MAC address (in six pairs of dotted haxidecimal notation) of a computer whose traffic you want to filter. Or select a computer MAC address from the drop- down list box.
Copy Your PC's Click this button to copy the MAC address of your computer.
MAC Address Note: In order for the ZyXEL Device to copy your computer's MAC address, your computer must be connected directly to the ZyXEL Device.
Save Click Save to save the settings in this part of the screen.
Clear Click Clear to start configuring this part of the screen again.
Enable Select this option to activate this filter setting. Clear this check box to disable it
without deleting it.
Computer Name | This field displays the name of the computer.
MAC Address This field displays the MAC address of a computer whose traffic you want to filter.
Chapter 7 Advanced 92
ZyXEL NBG-415N User's Guide
Stateful packet inspection (SPI) firewalls restrict access by screening data packets against defined access rules. They make access control decisions based on IP address and protocol. They also "inspect" the session data to assure the integrity of the connection and to adapt to dynamic protocols. These firewalls generally provide the best speed and transparency; however, they may lack the granular application level access control or caching that some proxies support.
The ZyXEL Device firewall is a stateful inspection firewall and is designed to protect against Denial of Service attacks when activated. The ZyXEL Device’s purpose is to allow a private Local Area Network (LAN) to be securely connected to the Internet. The ZyXEL Device can be used to prevent theft, destruction and modification of data, as well as log events, which may be important to the security of your network. The ZyXEL Device also has packet-filtering capabilities.
7.9.1 DMZ The DeMilitarized Zone (DMZ) provides a way for public servers (Web, e-mail, FTP, etc.) to be visible to the outside world (while still being protected from DoS (Denial of Service) attacks such as SYN flooding and Ping of Death). These public servers can also still be accessed from the secure LAN.
7.9.2 ALG Some applications cannot operate through NAT (are NAT un-friendly) because they embed IP addresses and port numbers in their packets’ data payload. The ZyXEL Device examines and uses IP address and port number information embedded in the data stream. When a device behind the ZyXEL Device uses an application for which the ZyXEL Device has ALG service enabled, the ZyXEL Device translates the device’s private IP address inside the data stream to a public IP address. It also records session port numbers and dynamically creates implicit NAT port forwarding and firewall rules for the application’s traffic to come in from the WAN to the LAN.
7.9.3 NAT Endpoint Filtering
NAT Endpoint Filtering controls how the ZyXEL Device’s NAT manages incoming connection requests to ports that are already being used. Three filtering options are available on UDP and TCP packets.
+ Endpoint Independent
Once a LAN-side application has created a connection through a specific port, NAT will forward any incoming connection requests with the same port to the LAN-side application regardless of their origin. This is the least restrictive option, giving the best connectivity and allowing some applications (for example, P2P applications) to behave almost as if they are directly connected to the Internet.
The Endpoint Independent filters take priority over inbound filters or schedules, so it is possible for an incoming session request related to an outgoing session to enter through a port in spite of an active inbound filter on that port. However, packets will be rejected as expected when sent to blocked ports (whether blocked by the schedule or by inbound filter) for which there are no active sessions.
With the Address Restricted option, NAT forwards incoming connection requests to a LAN-side host only when they come from the same IP address with which a connection was established. This allows the remote application to send data back through a port different from the one used when the outgoing session was created.
Use Address Restricted Filters to allow your ZyXEL Device to communicate with routers using other NAT types (such as symmetric NATs) and still apply inbound filters and scheduled access to traffic.
Port And Address Restricted
Port and Address Restricted Filtering does not forward any incoming connection requests with the same port address as an already establish connection. This ensures that inbound filters and schedules work. In some cases, you may need to configure port triggers, virtual servers, or port forwarding to open the ports used by the applications.
7.9.4 Configuring Firewall
To configure the firewall and DMZ settings, click Advanced > Firewall to display the configuration screen.
FIREWALL The Firewall Settings allows you to set à single computer on your network outside of the router.
EXT MES FIREWALL SETTINGS Enable SPL:
NAT ENDPOINT FILTERING UDP Endpoint Filtering: © Endpoin Independent © Address Restrited (° Port And Address Resticted TCP Endpoint Filtering : ( Endpoint Independent © Address Restricted (Port And Address Resticted
DM2 HOST The DMZ (Demitarized Zone) aption lets you set à single computer on your network outside of the router, 1f you have a computer that cannot run Internet applications successful from behind the router, then you can place the computer into the DHZ for unrestricted Internet access.
Note: Putting a computer in the DMZ may expose that computer to a variety of security rsks. Use of this option is only recommended as à last resort.
DM IP Address: [00.00 << [Computer Name =
Chapter 7 Advanced 94
ZyXEL NBG-415N User's Guide
DMz 1P Address? a Game =
The following table describes the labels in this screen.
Table 38 Advanced: Firewall
LABEL DESCRIPTION Enable SPI Select this option to activate stateful packet inspection. Clear this check box to disable this feature.
The NAT Endpoint Filtering options control how the router's NAT manages
Filtering incoming connection requests to ports that are already being used. UDP Endpoint | Select the end-point filtering option for UDP traffic. Filtering TCP Endpoint |Select the end-point filtering option for TCP traffic. Filtering DMZ Host Enable DMZ | Select this option to activate the DMZ feature to protect the specified device on the LAN. DMZ IP Enter the IP address (in dotted decimal notation) of a computer which you want to Address protect on the LAN. Or select a computer IP address from the drop-down list box. Non-UDP/TCP/ You can set your ZyXEL Device to recognize sessions initiated by a VPN ICMP LAN connection from the LAN to the Internet (WAN) even though the VPN connection Sessions uses an unknown protocol type (any protocols other than UDP, TCP, and ICMP).
This feature allows a single VPN connection to a remote host without the need for an ALG. This feature does not apply to DMZ hosts (if enabled). DMZ hosts can handles these sessions.
Select Enable to allow a single VPN connection to a remote host. For multiple VPN connections, the appropriate VPN ALG must be enabled.
Clear the checkbox to disable this feature. However, you must also disable the appropriate VPN ALG to deactivate the VPN connection.
ateway (ALG) Application
PPTP Select this option to allow multiple computers on the LAN to connect to a remote network using the PPTP protocol.
Table 38 Advanced: Firewall (continued)
LABEL DESCRIPTION IPSec VPN Select this option to allow multiple VPN clients to connect to a remote network using the IPSec protocol.
This ALG may affect VPN connections for VPN clients using NAT traversal. In this case, clear this check box to disable this ALG.
RTSP Select this option to allow applications (such as QuickTime and Real Player) that use Real Time Streaming Protocol (RTSP) to receive streaming media from the Internet.
Select this feature to allow the use of Microsoft Windows Messenger on computers in the LAN.
Note: You must also enable the SIP ALG.
FTP Select this option to allow FTP data transfer through a NAT-enabled network. You must also set up the FTP server settings in the Virtual Server screen.
Select this option to allow Microsoft NetMeeting clients to communicate through a NAT-enabled network. You must also set up the NetMeeting server settings in the Virtual Server screen.
SIP Select this option to allow devices and applications using VolP (Voice over IP) to communicate over NAT.
Clear this check box to disable this ALG if the devices/applications use NAT traversal.
Wake-On-LAN Select this option to forward "magic packets" or wake-up packets from the WAN to a LAN computer or device with Wake-on-LAN (WOL) feature. You must also define the WOL server settings in the Virtual Server screen. The LAN IP address for the virtual server is typically set to the broadcast address of 192.168.0.255. The computer on the LAN whose MAC address is contained in the magic packet will be awakened.
MMS Select this option to allow Windows Media Player, using MMS protocol, to receive streaming data from the Internet.
An inbound filter allows you to filter packets based on IP addresses. You can use inbound filters to control access to network resources (such as a web server) or for remote management
The Inbound Fiter option s an advanced method of contraling data received from the Internet, With this feature you can configure inbound data fikering rules that contral data based on an IP address range.
Inbound Fiters can be used for Imiing access to a server on your network to a system or group of systems. Fier rules can be used with Virtual Server, Gaming, or Remote Administration Features.
The following table describes the labels in this screen.
Table 39 Advanced: Inbound Filter
LABEL DESCRIPTION Add Inbound Filter Rule
Name Enter a descriptive name (up to 16 characters) for this filter setting. This is for identification purposes only. Action Select Deny to block packets from the specified IP address(es).
Select Allow to forward packets from the specified IP address(es).
Enable Select this option to activate the filter action on the specified IP address range. Clear this check box to disable the filter action on the IP address range.
Source IP Start Enter the start of the source IP address range.
Source IP End Enter the end of the source IP address range.
Save Click Save to save the settings in this part of the screen.
Clear Click Clear to start configuring this part of the screen again.
Inbound Filter Rules List
This field displays the name of the inbound filter.
This field displays the action on the packets from the specified IP address range.
This field displays the source IP address range(s).
B on page 128 for background information.
To configure advanced wireless settings, click Advanced > Wireless to display the screen.
Figure 66 Advanced: Wireless ‘
If vou are nat famiiar with these Advanced Wireless settings, please read the help section before attemping to modify
ADVANCED WIRELESS SETTINGS Transmit Power: [F3] BeaconPeriod: [100 (20..1000) RTS Threshold: [2346 (165535) Fragmentation Threshold: [2346 (256..65535) DTIMInterval: 802.114 Enable : WMM Enable : Short GI: WDS Enable :
WDS AP MAC Address :
{Leave blank to cisable WDS For that sot)
The following table describes the labels in this screen.
Table 40 Advanced: Wireless
LABEL DESCRIPTION Advanced Wireless
Select an option in this field to set the transmission power of the antennas to reduce your wireless coverage area.
A wireless AP sets out a beacon to announce its presence and maintain an orderly communication between other wireless devices.
Enter the time (between 20 and 1000 ms) the ZyXEL Device waits before sending a beacon to the wireless clients.
The RTS (Request To Send) threshold (number of bytes) is for enabling RTS/CTS. Data with its frame size larger than this value will perform the RTS/CTS handshake. Setting this value to be larger than the maximum MSDU (MAC service data unit) size turns off RTS/CTS. Setting this value to zero turns on RTS/CTS.
Enter a new value between 0 and 2432.
Fragmentation Threshold
This is the threshold (number of bytes) for the fragmentation boundary for directed messages. It is the maximum data fragment size that can be sent.
Enter a value between 256 and 2432.
ZyXEL NBG-415N User's Guide
Table 40 Advanced: Wireless (continued)
LABEL DESCRIPTION DTIM Interval A DTIM (Delivery Traffic Indication Message) is included in a beacon to synchronize wireless transmission. DTIM is a countdown information for wireless clients to listen to the next broadcast or multicast messages.
Enter the time (between 1 and 255 ms) the ZyXEL Device waits between sending a beacon with DTIM.
802.114 Enable 802.11d is a wireless communication specification for countries where other IEEE802.11 devices are not allowed. 802.11d is suitable if you want global roaming (that is using your wireless devices worldwide).
Select this option to enable this feature.
WMM Enable Select this option to activate the WM (WiFi Multi-Media) feature on the ZyXEL Device. This helps reduce latency and jitter when transmitting multi-media content over the wireless connection.
Short GI Select this option to set the ZyXEL Device to use a short guard interval (GI) of 400ns. This increases throughput at the cost of increased error rate in certain network environments with greater radio interference.
WDS Enable Select this option to activate the WDS (Wireless Distribution System) feature.
A Distribution System (DS) is a wired connection between two or more APs, while a WDS is a wireless connection. An AP using WDS can function as a wireless network bridge allowing you to wirelessly connect two wired network segments.
Note: You cannot enable WPA and WDS at the same time.
WDS AP MAC These fields display when you select WDS Enable.
Address Enter the MAC address (in six paris of dotted haxidecimal notation) of the neighboring AP(s) that participates in the WDS.
You can define schedule settings on the ZyXEL Device and apply these schedule settings in other configuration screens (such as Game Hosting and Virtual Server).
Click Advanced > Schedules to display the configuration screen.
99 Chapter 7 Advanced
ZyXEL NBG-415N Users Guide
Figure 67 Advanced: Schedule
seen ne ere a [ssueseunos _] nsensennos
ADD SCHEDULE RULE Name: Day(s): ( Alweek © Select Day(s) M sun M Mon FT Tue M Wed I Thu I Fri I sat
AllDay-24hrs: Start Time: [0 6 [an] (hourminute, 12 hour time) End Time: [6 6 Fan] (houriminute, 12 hour time)
SCHEDULE RULES LIST Name Day(s) Time Frame
Mondays Mon AlDey # (]
The following table describes the labels in this screen.
Table 41 Advanced: Schedule
LABEL DESCRIPTION Name Enter a descriptive name (up to 16 characters) for this schedule setting. This is for identification purposes only.
Day(s) Select All Week or Select Day(s) to specify the day(s) of the week.
All Day - 24 hrs Select this option to enable the schedule for the entire day for the specified day(s).
Start Time Set the start of the schedule.
End Time Set the end of the schedule.
Save Click Save to save the settings in this part of the screen.
Clear Click Clear to start configuring this part of the screen again.
Name This field displays the descriptive for the schedule. Day(s) This field displays the day of the week the schedule is active. Time Frame This field displays the time of the day the schedule is active.
This chapter describes the Tools screens you use to configure login passwords, system time, logs, DDNS and firmware and configuration settings.
8.1 Administrator Settings
You can change the login account passwords, enable UPnP and configure remote access settings in the Admin screen.
8.1.1 Login Accounts
You can log into the web configurator using one of the following accounts.
+ Administrator (admin)
This is the system administrator’s account with full access rights. You can view system status and set the configuration screens using this account.
+ Normal User (user)
This account allows you to view device system status and configuration settings in the web configurator. configuration is not allowed.
8.1.2 UPnP Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network. In turn, a device can leave a network smoothly and automatically when it is no longer in use.
8.1.3 The Admin Screen
Use the Admin screen to configure login passwords, remote management and UPnP. You can also restore and backup the device configuration in this screen.
Figure 68 Tools: Admin
ADMINISTRATOR SETTINGS The ‘admin! and'user’ accounts can access the management nterface, The admin has readjurite access and can change passuords, while the user has read-only access.
Iis bighly recommended that you create à passmord to keep your router secure.
BEN MEET ADMIN PASSWORD Please enter the same password into both boxes, for confirmation.
USER PASSWORD Please enter the same password into both boxes, for confirmation.
Password: [ee Verify Password: [er
ADMINISTRATION Gateway Name : [YIELNEG-415N Enable Remote Management : F7 Remote Admin Port : [6060 Remote Admin Inbound Filter : [low A1 =
UPNP Universal Plug and Play (UPnP) supports peer-to-peer Plug and Play functionality for network devices.
The following table describes the labels in this screen.
Table 42 Tools: Admin
LABEL DESCRIPTION Admin Password
Password Type the new password in this field. You can enter up to 15 characters and spaces are not allowed.
Verify Password Type the new password again in this field.
Password Type the new password in this field. You can enter up to 15 characters and spaces are not allowed.
Verify Password Type the new password again in this field.
Gateway Name Enter a descriptive name (up to 32 characters) for your ZyXEL Device. This is for identification purposes only.
Table 42 Tools: Admin (continued)
LABEL DESCRIPTION Enable Remote Management
Remote management allows you to allow access to the ZyXEL Device web configurator from the WAN.
Select this option to activate this feature and set the fields that display below. Clear this check box to disable this feature.
Enter the port number to access the ZyXEL Device for device management over the WAN.
For example, if you enter 8080 in this field and the WAN IP address of the ZyXEL Device is 172.23.37.205, then you must enter http://172.23.37.205:8080 to access the web configurator on the ZyXEL Device.
Remote Admin Inbound Filter
Select an inbound filter from the drop-down list box to restrict remote management access to your ZyXEL Device over the WAN. You can select the default filters to allow or deny all access.
You can configure a customer inbound filter in the Inbound Filter screen (click Advanced > Inbound Filter). Refer to Section 7.10 on page 96 for more information.
UPNP Enable UPNP Select this option to activate this feature.
Web Configurator |The web configurator on the ZyXEL Device is multilingual.
Enable Auto Select this option to set the web configurator to automatically detect and display Detection the interface in your language.
8.2 System Time and Date
To change your ZyXEL Device’s time and date, click Tools > Time. Use this screen to configure the ZyXEL Device’s system time based on your local time zone.
The Time Configuration option allows you to configure, update, and mañtain the correct time on the internal system clock. Fram this section you can set the time zone that you are in and set the NTP (Network Time Protocol) Server, Daylght Saving can also be configured to automaticaly adjust the time when needed.
TIME CONFIGURATION Current Router Time: Saturday, January 31, 2004 12:32:04 PI Time Zone : _|[(GH7-06:00) Pace Time (USICan»SE), Tjuana en Enable Daylight Saving:
SET THE DATE AND TIME MANUALLY
tou [2 EI mme [Gr Sd [5 [a
The following table describes the labels in this screen.
LABEL DESCRIPTION Time
Current Router This field displays the current system time and date.
Time Zone Choose the time zone of your location. This will set the time difference between
your time zone and Greenwich Mean Time (GMT).
Enable Daylight Daylight saving is a period from late spring to early fall when many countries set Saving their clocks ahead of normal local time by one hour to give more daytime light in the evening.
Select this option to if you use Daylight Saving Time.
Daylight Saving Enter the off set time for daylight saving time. Offset
Daylight Saving Dates
Table 43 Tools: Time (continued)
LABEL DESCRIPTION DST Start
Configure the day and time when Daylight Saving Time starts if you selected Enable Daylight Saving. The Time field uses the 24 hour format. Here are a couple of examples:
Daylight Saving Time starts in most parts of the United States on the first Sunday of April. Each time zone in the United States starts using Daylight Saving Time at 2 A.M. local time. So in the United States you would select 1st, Sun, Apr and select 2 am in the Time field.
Daylight Saving Time starts in the European Union on the last Sunday of March. All of the time zones in the European Union start using Daylight Saving Time at the same moment (1 A.M. GMT or UTC). So in the European Union you would select the last Sun, Mar. The time you select in the Time field depends on your time zone. In Germany for instance, you would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1).
Configure the day and time when Daylight Saving Time endbs if you selected Enable Daylight Saving. The Time field uses the 24 hour format. Here are a couple of examples:
Daylight Saving Time ends in the United States on the last Sunday of October. Each time zone in the United States stops using Daylight Saving Time at 2 A.M. local time. So in the United States you would select the last Sun, Oct and select 2 am in the Time field.
Daylight Saving Time ends in the European Union on the last Sunday of October. All of the time zones in the European Union stop using Daylight Saving Time at the same moment (1 A.M. GMT or UTC). So in the European Union you would select the last Sun, Oct. The time you select in the Time field depends on your time zone. In Germany for instance, you would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1).
Automatic Time Configuration
Select this option to have the ZyXEL Device get the time and date from the Network Time Protocol (NTP) time server you specified below.
Enter the IP address (in dotted decimal notation) of the time server or select one from the pre-defined list.
Set the Date and Time Manually
These fields display when you clear the Enable NTP Server checkbox.
Set these fields to configure the system date and time.
Copy Your Computer's Time Settings
Click this button to get the system date and time from your computer.
Click Tools > E-mail configure where the ZyXEL Device is to send logs and alerts.
The Emal feature can be used to send the system log files, router alert messages, and frmmare update notification to your
: (E The following table describes the labels in this screen.
Table 44 Tools: E-mail LABEL DESCRIPTION Enable Select Enable Email Notification to activate this feature.
From Email Enter an e-mail as the sender.
To Email Address | Enter the e-mail address to which notifications are sent.
SMTP Server SMTP (Simple Mail Transfer Protocol) is the message-exchange standard for the
Address Internet. SMTP enables you to move messages from one e-mail server to another. Enter the IP address (in dotted decimal notation) of the mail server.
Enable Select the check box to activate SMTP authentication. If mail server authentication
Authentication is needed but this feature is disabled, you will not receive the e-mail logs.
Enter the user name (up to 31 characters) (usually the user name of a mail account).
Enter the password associated with the user name above.
Enter the password again for verification.
Email Log When Full or On Schedule
ZyXEL NBG-415N User’s Guide
Table 44 Tools: E-mail (continued)
LABEL DESCRIPTION On Log Full Select this option to send logs when all log entries are filled.
On Schedule Select this option to send logs at the time defined in the time selected in the Schedule field.
Use the System screen to reboot or reset your ZyXEL Device. Click Tools > System to display the screen as shown.
Figure 71 Tools: System
SYSTEM SETTINGS The System Settings section alows you to rebaot the device, or restore the router to the factory default settings. Restoring the uni to he Factory defaul settings wil rase al settings, indudng any rules Ehat you have created.
The current system settings can be saved as à file onto the local hard drive. The savedfle or any other saved setting fle created by device can be uploaded into the uni.
SYSTEM SETTINGS AE sc" | Drive: Save Configuration
Load Settings From Local figuration fron
8.4.1 Save Configuration
Note: Do not turn off the ZyXEL Device while the file transfer process is taking place.
Follow the steps below to back up the current configuration of the ZyXEL Device.
1 Inthe web configurator, click Tools > System (see Figure 68 on page 103) and click Save Configuration.
lodks suspicious, or you do nat fuly ust the source, de not open or save his le.
Fle name: gateway_setings gus Fle type: Fom 17223234
‘Wauld you Ike ta open the fe ar save it la your computer?
IF Alpe ask before opera ts bype cie
4 After the back up process is complete, a Download complete screen displays. Click Close to close the screen.
Figure 74 Tools: Admin: Download compte 7”; "#
Eh Dowrisad Complete
Saved. gateway_setings.gws from 17223234
Downloaded 87.1 KBini sec
Download: C:\Documents. \gatemay selings.gus Transler rate 87.1 KB/Sec
I Close this dialog box when domrload completes
8.4.2 Load Configuration
Note: Do not turn off the ZyXEL Device while the file transfer process is taking place.
Follow the steps below to restore a previously saved configuration file to the ZyXEL Device.
ZyXEL NBG-415N Users Guide
1 In the web configurator click Tools > System (see Figure 68 on page 103).
2 Inthe Load Settings From Local Hard Drive field, enter a configuration file name in the field provided or click Browse to locate it.
3 Click Restore Configuration from File to start the file upload process. A status screen displays showing the restoration progress.
Figure 75 Tools: Admin: Configuration Restore Progress
RESTORING SETTINGS, PLEASI =
4 After the settings are restored successfully, a screen displays as shown. Click Reboot the Device to restart the ZyXEL Device and make the changes take effect.
Figure 76 Tools: Admin: Configuration Restore Progress: Success The nev selngs have been saved.
The router must be rebooted before the new settings wi take effect, You can reboot the router now using the button below, or make other changes and then use the reboot button on the Tool/System page.
5 Click OK to restart.
Figure 77 Tools: Admin: Configuration Restore Progress: Prompt x
Are you sure you want to reboot the device Rebooëing
wil disconnect any currently active sessions,
6 Click OK again to display the login screen.
Figure 78 Tools: Admin: Configuration Restore Progress: Redirect xi
A You vd now be redrected to the log page.
8.4.3 Reset Configuration
Note: When you reset the device, all custom changes will be lost. Follow the steps below to reset your ZyXEL Device.
1 In the web configurator, click Tools > System and click Restore all Settings to the Factory Defaults.
2 A screen displays. Click OK to continue.
Figure 79 Tools: System: Reset F:
CR) fre rousure ou matt rest te vice factory defaut sets? This wil cause al current settings to
3 Wait until the ZyXEL Device finishes rebooting before accessing the web configurator.
8.4.4 Rebooting Your ZyXEL Device
Note: When you reboot the device, all unsaved changes will be lost. Follow the steps below to restart your ZyXEL Device.
1 In the web configurator, click Tools > System and click Reboot the Device.
2 A screen displays. Click OK to continue.
Figure 80 Tools: System: Reboot the Device F:|
(C2) Are vou sure you want to reboot the device? Rebooting val dsconnect any current active sessions,
3 Wait until the ZyXEL Device finishes rebooting before accessing the web configurator.
Use the Firmware screen to update the firmware on your ZyXEL Device.
1 Back up the current device configuration in the System screen. 1 Download the latest firmware file from www.zyxel.com.
2 Inthe web configurator, click Tools > Firmware.
ZyXEL NBG-415N User’s Guide
Figure 81 Tools: Firmware Firmware Upgrade
The Firmware Upgrade section can be used to update to the latest firmware code to improve functionality and performance.
EXT MES FIRMWARE INFORMATION Current Firmware Version: V1.0 Current Firmware Date : 19 Sep 2006
FIRMWARE UPGRADE Note: Some firmware upgrades reset the configuration options to the factory defaults. Before performing an upgrade, be sure to save the current configuration from the Tools -> System screen.
‘To upgrade the firmware, your PC must have a wired connection to the router. Enter the name of the firmware upgrade file, and click on the Upload button.
3 In the Upload field, enter the new firmware file name or click Browse to locate it. 4 Click Upload to start the file transfer process.
5 A screen displays as shown, click OK to continue.
Figure 82 Tools: Firmware: Prompt
Note: Same firmware upgrades reset the routers configuration options to the Factory defaults. Befors atom an ugrade, be ut save the rent configuration from hs Too-Syten screen, Do you stil want to upgrade’
6 Click OK again to confirm the firmware file you want to upload to the device.
Figure 83 Tools: Firmware: Confirm [icrosort internet por 7
Do you realy want to reprogram the device using the firmware fe D:AProjects]NBG-41SMFWIZYXEL NEG-41SN_1.0_upgrede.bin" ?
Note: Do not turn off the ZyXEL Device while the file transfer process is taking place.
7 Wait for the ZyXEL Device finishes rebooting before accessing the web configurator again. Check the firmware version and date in the Firmware screen.
Figure 84 Tools: Firmware: Wait
now be reprogrammed using the uploaded frmmare file. Please wait 112 seconde rs rocs to compte, after ch vou may access these mb Pages reload or back on your browser may cause this operation to al
ZyXEL NBG-415N User's Guide
8.6 DDNS Dynamic DNS (DDNS) allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect. Your friends or relatives will always be able to call you even if they don't know your IP address.
First of all, you need to have registered a dynamic DNS account with from a DDNS service provider (for example, www.dyndns.org). This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name. The Dynamic DNS service
provider will give you a password or key.
Note: You must go to the Dynamic DNS service provider’s website and register a user account and a domain name before you can use the Dynamic DNS service with
your ZyXEL Device. Click Tools > DDNS to display the configuration screen.
Figure 85 Tools: DDNS DYNAMIC DNS Dynamic DNS (DDNS)
Thé DDNS feature alows you to host a server (Web, FTP, Game Server, ét.) using à domain name that you have purchased (mww.whateveryournameis.com) with your dynamicaly assigned IP address. Host broadband Internet Service Providers assign dynami (changing) IP addresses. Using à DONS service provider, your friends can enter your host name to connect to your game server no matter what your IP address à.
ENABLE Enable Dynamic DNS: F7
DYNAMIC DNS Server Address: [mwmwDynDNS.org (Free) 2) Host Name: [7 (e.g.: myhost-mydomaiinet) Username or key: [7 Password or Key: [7 Verify Password or Key: [7 Timeout: [675 (hours)
The following table describes the labels in this screen.
Table 45 Tools: DDNS LABEL DESCRIPTION Enable Select Enable Dynamic DNS to active this feature.
Dynamic DNS Service Address Select the web address of your Dynamic DNS service provider.
Table 45 Tools: DD NS (continued)
LABEL DESCRIPTION Host Name
Enter the system name.
Enter your user name. You can use up to 31 alphanumeric characters (and the underscore). Spaces are not allowed.
Enter the password associated with the user name above. You can use up to 31 alphanumeric characters (and the underscore). Spaces are not allowed.
Verify Password or Key
Enter the password again for confirmation.
Specify the time (in hours) the ZyXEL Device waits before time out.
You can use the Ping Test screen to check whether the ZyXEL Device can connect to other Ethernet devices on your network and the Internet. When the ping feature is activated, the ZyXEL Device sends a message to the Ethernet device you specify. If the Ethernet device
receives the message,
it sends back messages in reply.
To use the ping feature, you must know the IP address or domain name of the Ethernet device you are trying to communicate with. Click Tools > Ping to display the configuration screen.
Figure 86 Tool: Ping
PING TEST Ping Test send “ping” packets to test à computer on the Internet.
PING TEST Host Name or IP Address :_[172.23.37.120 Phg|
PING RESULT Respanse from 172.23.37.120 received in 3 milseconds, TTL = 128 Respanse from 172.23.37.120 received in 2 milseconds, TTL = 128 Respanse from 172.23.37.120 received in 3 mllseconds, T Respanse from 172.23.37.120 received in 3 mllseconds, T Respanse from 172.23.37.120 received in 2 mllseconds, T Respanse from 172.23.37.120 received in 3 mllseconds, T User stopped ping
Pings lost: 0 (0% less)
Shartest ping time (in miseconds): 2
Lngest ping me (n miiseconds): 3
Average ping time (in miseconds): 2
The following table describes the labels in this screen.
Table 46 Tools: Ping
LABEL DESCRIPTION Ping Test
Host Name or Ping Address
want to test the connection.
Enter the IP address or the domain name of the Ethernet device to which you
ZyXEL NBG-415N User's Guide
Table 46 Tools: Ping (continued)
LABEL DESCRIPTION Ping Click Ping to start the connection test. The ping test will not end until you click Stop.
Stop Click Stop to terminate the ping test.
Ping Result This table displays the connection test result.
Ifthe ZyXEL Device receives reply messages from an Ethernet device, the reply information is automatically displayed in this table.
Ifthe ZyXEL Device is unable to receive any response from an Ethernet device, no connection test status is displayed until you click Stop.
ZyXEL NBG-415N User’s Guide
This chapter describes the Status screens you use to view the system status and logs.
Display the Device Status screen to view device information such as the system time and interface settings.
Click Status > Device Status to display the screen.
Al of your Internet and network connection detais are displayed on this page. The firmware version s also displayed here.
GENERAL Time: Saturday, January 31, 2004 12:27:11 PM Firmware Version: v1.0-b2, 4 Aug 2006
The following table describes the labels in this screen.
Table 47 Status: Device Information
LABEL DESCRIPTION General Time This field displays the current system date and time.
This field displays the firmware version and the date created.
This field displays the connection status.
This field indicates whether the Ethernet cable is connected or not.
This field indicates whether a connection to the ISP is up or not.
This field displays the time since the connection was up.
This button is applicable when the ZyXEL Device uses a dynamic IP address. Click DHCP Renew to get a new dynamic IP address.
This button is applicable when the ZyXEL Device uses a dynamic IP address.
Click DHCP Release to release the current IP address. You must then click DHCP Renew to get a new IP address.
Connect This button is available when the ZyXEL Device is set to use PPPOE connection type. Click Connect to establish an Internet connection using PPPOE. Disconnect This button is available when the ZyXEL Device is set to use PPPOE connection type. Click Disconnect to disconnect the Internet connection. MAC Address This field displays the MAC address of the WAN port on the ZyXEL Device. IP Address This field displays the WAN IP address. Subnet Mask This field displays the WAN subnet mask.
This field displays the IP address of the gateway on the WAN.
Primary/ Secondary DNS Server
This field displays the IP address(es) of the DNS server(s).
LAN MAC Address This field displays the MAC address of the LAN port on the ZyXEL Device. IP Address This field displays the LAN IP address.
This field displays whether the DHCP server is active or not on the LAN.
Wireless LAN Wireless Radio
This field displays whether the wireless LAN feature is active or not.
This field displays the MAC address of the WLAN interface on the ZyXEL Device.
This field displays the name of the wireless network.
This field displays the wireless channel number the ZyXEL Device is using.
To view a list of wireless clients currently connected to the ZyXEL Device, click Status >
Figure 88 Status: Wireless
WIRELESS Associated Wireless Client List
Use this option to view the wireless cents that are connected to your wireless router.
NUMBER OF WIRELESS CLIENTS : 0
The following table describes the fields in this screen.
Table 48 Status: Wireless
LABEL DESCRIPTION Number of This field displays the number of wireless clients currently connected to the ZyXEL Wireless Device.
MAC Address |This field displays the MAC (Media Access Control) address of an associated wireless station. Every Ethernet device has a unique MAC address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
IP Address This field displays the LAN IP address of the wireless client.
Mode This field displays the wireless standard the wireless client is using.
Rate This field displays the transmission rate (in megabits per second) of the wireless client.
Signal (%) This field displays the relative measurement of the signal strength (in percentage).
To view system logs, click Status > Logs.
Use this option to viem the router logs. You can define what types of events you want to view and the event level to vieu This router also has external syslog server support 50 you can send the log les to à computer on your network that running a syslog ut.
LOG OPTIONS What to View: F Firewal & Securty F System F7 Router Status View Levels : F7 Critical F Warning M Informational
LOG DETAILS INFO] Sat Jan 31 12:38:19 2004 Log viewed by IP address 192.168.1.106
TINFO] Sat Jan 31 12:28:36 2004 Blocked Incoming TCP connection request from 172.23.37.118:47S0 to 172.23.37.22:81 TINFO] Sat Jan 31 12:28:36 2004 Blocked incoming TCP connection request from 172.23.37.118:4748 to 172.23.37.
TINFO] Sat Jan 31 12:28:36 2004 Blocked incoming TCP connection request from 172.23.37.118:4745 to 172 TINFO] Sat Jan 31 12:28:36 2004 Blocked incoming TCP connection request from 172.23.37.118:4744 to 172.23,37.22:2191
LINFO] Sat Jan 31 12:28:36 2004 Blocked incoming TCP connection request from 172.23.37.118:4743 to 172.23,37.22:9100
INFO] Sat Jan 31 12:28:36 2004 Blocked Incoming TCP connection request from 172,23.37.118:4742 to 172.23.97.22:515 INFO] Sat Jan 31 12:28:36 2004 Blocked Incoming TCP connection request from 172.23.37.118:4737 to 172.23.37.22:199 INFO] Sat Jan 31 12:28:33 2004 Blocked incoming TCP connection request from 172.23.37.118:4780 to 172.23.37. 22:81 INFO] Sat Jan 31 12:28:33 2004 Blocked Incoming TCP connection request From 172.23.37.118:4748 to 172.23.37.22:443 INFO] Sat Jan 31 12:28:33 2004 Blocked incoming TCP connection request from 172.23.37.118:4745 to 172.23.37.22:60 INFO] Sat Jan 31 12:28:23 2004 Blocked incoming TCP connection request from 172.23.37.118:4744 to 172.23.37.22:2191
INFO] Sat Jan 31 12:28:23 2004 Blocked incoming TCP connection request from 172.23.37.118:4743 to 172.23.37.22:9100
DINFO] Sat Jan 31 12:28:33 2004 Blocked incoming TCP connection request from 172.23.37.118:4742 to 172.23.97.22:515 INFO] Sat Jan 31 12:28:23 2004 Blocked incomina TCP connection request from 172.23.37.118:4737 to 172.23.37.22:139 TINFO] Sat Jan 31 12:21:45 2004 Stored configuration to non-volabie memory
INFO] Sat Jan 31 12:21:42 2004 No Internet access polcy i in effect. Unrestricted Internet access alowed to everyone INFO] Thu Jan 01 00:00:00 1970 Loaded configuration from non-valatie memory
The following table describes the labels in this screen.
Table 49 Status: Logs
LABEL DESCRIPTION Log Options
What to View Select the type of logs to display in this screen. View Levels Select the log severity level to display in this screen.
Apply Log Settings | Click this button to save the changes in this screen. Now
Refresh Click Refresh to update this screen.
Clear Click Clear to delete all the logs. Once deleted, you cannot view the logs again.
Email Now Click Email Now to send the logs to the e-mail you specified in the Tools > E-mail screen.
Save Log Click Save Log to store the logs to a file on your computer.
WAN and WLAN statistics, click Status > Statistics.
TRAFFIC STATISTICS Network Traffic Stats
Traffic Statistics display Receive
pnsresnsuees censure |
and Transmi packets passing through your router.
WAN STATISTICS TX Packets Dr Coll
WIRELESS STATISTICS TX Packets Dr
Sent: 4743 Received: 3170 ropped: 0 RXPackets Dropped: 0 lisions : 0. Errors: 0 Sent: 2542 Received: 9142 ropped: 0 RXPackets Dropped: 0 lisions : 0 Errors: 0
Sent: 381 Received: 0 ropped: 0 Errors: 0
e describes the labels in this screen.
Table 50 Status: Statistics
LABEL DESCRIPTION LAN Statistics
Sent This field displays the number of packets sent on the LAN.
Tx Packets This field displays the number of transmitted packets that were dropped on the Dropped LAN.
Collisions This field displays the number of packets sent with collision errors on the LAN. Received This field displays the number of packets received on the LAN.
Rx Packets This field displays the number of packets received that were dropped on the LAN. Dropped
Errors This field displays the number of packets received with errors on the LAN.
Sent This field displays the number of packets sent on the WAN.
Tx Packets This field displays the number of transmitted packets that were dropped on the
Dropped W Collisions This field displays the number of packets sent with collision errors on the WAN. Received This field displays the number of packets received on the WAN.
Rx Packets This field displays the number of packets received that were dropped on the WAN. Dropped
Errors This field displays the number of packets received with errors on the WAN.
Table 50 Status: Statistics (continued)
LABEL DESCRIPTION WLAN Statistics
Sent This field displays the number of packets sent on the WLAN.
Tx Packets This field displays the number of transmitted packets that were dropped on the Dropped WLAN.
Received This field displays the number of packets received on the WLAN.
Errors This field displays the number of packets received with errors on the WLAN.
121 Chapter 9 Status
ZyXEL NBG-415N Users Guide
This chapter covers potential problems and the corresponding remedies.
10.1 Problems Starting Up the ZyXEL Device
Table 51 Troubleshooting Starting Up Your ZyXEL Device
PROBLEM CORRECTIVE ACTION None of the LEDs turn on when | turn on the ZyXEL Device.
Make sure that the ZyXEL Device's power adaptor is connected to the ZyXEL Device and plugged in to an appropriate power source. Make sure that the ZyXEL Device and the power source are ZyXEL Device turned on.
Turn the ZyXEL Device off and on.
If the error persists, you may have a hardware problem. In this case, you should contact your vendor.
10.2 Problems with the LAN Table 52 Troubleshooting the LAN PROBLEM CORRECTIVE ACTION The LAN LEDs do not turn on.
Check your Ethernet cable connections (refer to the Quick Start Guide for details). Check for faulty Ethernet cables.
Make sure your computer's Ethernet Card is working properly.
1 cannot access the ZyXEL Device from the LAN.
If you assign the computer a static IP address, make sure that the IP address and the subnet mask of the ZyXEL Device and your computer(s) are on the same subnet.
Chapter 10 Troubleshooting
ZyXEL NBG-415N User's Guide
10.3 Problems with the WAN Table 53 Troubleshooting the WAN PROBLEM CORRECTIVE ACTION The WAN LED is | Check the connections between the ZyXEL Device WAN port and the cable/DSL off. modem or Ethernet jack. Check whether your cable/DSL device requires a crossover or straight-through cable. 1 cannot get a In the web configurator, display the WAN screen to verify your Internet account WAN IP address | settings.
f the ISP. rom ine The ISP provides the WAN IP address after authenticating you. Authentication
may be through the user name and password, the MAC address or the host name.
The username and password are required for Internet access, make sure that you have entered the correct service type, user name and password (be sure to use the correct casing).
| cannot access Make sure the ZyXEL Device is turned on and connected to the network.
the Internet. Verify your WAN settings. Refer to the chapter on WAN setup.
Make sure you have entered the correct user name and password. The Internet If you use PPPOE, PPTP or L2TP mode, check the idle time-out setting. connection If the problem persists, contact your ISP.
10.4 Problems with the WLAN Table 54 Troubleshooting the WLAN PROBLEM CORRECTIVE ACTION The WLAN LED is | Check that the ON OFF switch is in the ON position. This switch allows you to off. enable or disable WLAN connection on the ZyXEL Device without having to log into the web configurator.
1 cannot access Make sure you have configured your wireless station to use the same wireless the WLAN. settings as the ZyXEL Device.
Check that you have set the wireless station to use the same wireless security mode and/or keys.
123 Chapter 10 Troubleshooting
Table 55 Troubleshooting Accessing the ZyXEL Device
PROBLEM CORRECTIVE ACTION l'cannot Make sure your computer is connected to a LAN port on the ZyXEL Device. access the Use the ZyXEL Device's LAN IP address when configuring from the LAN. The default ZyXEL Device | LAN IP address is 192.168.1.1. The IP addresses of your computer and the ZyXEL on the LAN. | Device must be on the same subnet for LAN access. Check that traffic from your computer to the ZyXEL Device is not blocked by an access control policy or MAC address filter. 1 cannot log The usermame is “admin”. The default password is “1234”. The Password and into the web Username fields are case-sensitive. Make sure that you enter the correct password configurator and username using the proper casing. If you have changed the password and have now forgotten it, you will need to upload the default configuration file. This restores all of the factory defaults including the password.
10.6 Problems with Internet Access
Table 56 Troubleshooting Restricted Web Pages and Keyword Blocking
PROBLEM CORRECTIVE ACTION Access to a Make sure that the Enable Parental Control check box is selected in the Parental
restricted web |Control screen.
blocked. Make sure that you select a category in the Parental Control screen to restrict access to web pages relevant to that category. For example, select the Gambling check box to prevent access to www.onlinegambling.com.
Access to a Make sure that you have enabled the web filter function on the ZyXEL Device.
web page With | Make sure that the web site address is NOT listed in the Allowed Web Site List.
The following table is
APPENDIX A Product Specifications
summary of other features available.
Table 57 Hardware Features
WLAN The ZyXEL Device is able to connect to another draft IEEE 802.11n wireless device at up to 300 Mbps. The ZyXEL Device is also able to connect to IEEE 802.11b and IEEE 802.11g devices.
MIMO (Multiple Input Multiple Output)
The ZyXEL Device supports MIMO to increase both transmission speed and range of your wireless network.
Antenna Three detachable (reverse SMA) 4 dBi gain USB Port USB version 1.1.
Connect a USB storage device to this USB port to transfer wireless LAN settings on the ZyXEL Device to your wireless client(s) with the Windows Connect Now feature in Windows XP (SP2).
20% — 95% RH Storage Humidity
10% — 90% RH Table 58 Firmware Features
FEATURE DESCRIPTION Draft IEEE 802.11N Based on the draft IEEE 802.11n standard (also known as pre-N), the ZyXEL Device is able to connect to another draft IEEE 802.11n wireless device at a up to 300 Mbps.
Wireless LAN Security
Your ZyXEL Device supports various security methods (WEP, WPA, WPA2 with AES and IKE) to protect communication in your wireless LAN.
This feature allows you to easily transfer wireless settings on your ZyXEL Device to a USB memory stick and then save the settings to wireless client computer(s).
You can set this feature on the ZyXEL Device to perform intelligent and automatic traffic prioritizing for time-sensitive applications (such as voice).
Each computer on your network must have its own unique IP address. Use NAT to convert a single public IP address to multiple private IP addresses for the computers on your network.
If you have a server (mail or web server for example) on your network, then use this feature to let people access it from the Internet.
DHCP (Dynamic Host Configuration Protocol)
Use this feature to have the ZyXEL Device assign IP addresses, an IP default gateway and DNS servers to computers on your network.
With Dynamic DNS (Domain Name System) support, you can use a fixed URL, www.zyxel.com for example, with a dynamic IP address. You must register for this service with a Dynamic DNS service provider.
Universal Plug and Play (UPnP)
The ZyXEL Device can communicate with other UPnP enabled devices in a network.
Get the current time and date from an external server when you turn on your ZyXEL Device. You can also set the time manually. These dates and times are then used in logs.
Use packet tracing and logs for troubleshooting. You can send logs from the ZyXEL Device to an external UNIX syslog server.
Use the web configurator to easily configure the rich range of features on the ZyXEL Device.
Download new firmware (when available) from the ZyXEL web site and use the web configurator, an FTP or a TFTP tool to put it on the ZyXEL Device.
Configuration Backup & Restoration
Make a copy of the ZyXEL Device's configuration and put it back on the ZyXEL Device later if you decide you want to revert back to an earlier configuration.
This section discusses ad-hoc and infrastructure wireless LAN topologies.
Ad-hoc Wireless LAN Configuration
The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an Ad-hoc network or Independent Basic Service Set (IBSS). The following diagram shows an example of notebook computers using wireless adapters to form an Ad-hoc wireless LAN.
Figure 91 Peer-to-Peer Communication in an Ad-hoc Network
À Basic Service Set (BSS) exists when all communications between wireless stations or between a wireless station and a wired network client go through one access point (AP).
Intra-BSS traffic is traffic between wireless stations in the BSS. When Intra-BSS is enabled, wireless station A and B can access the wired network and communicate with each other. When Intra-BSS is disabled, wireless station A and B can still access the wired network but cannot communicate with each other.
Appendix B Wireless LANS 128
ZyXEL NBG-415N User's Guide
Figure 92 Basic Service Set
ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS).
This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood.
An ESSID (ESS IDentification) uniquely identifies each ESS. AIl access points and their associated wireless stations within the same ESS must have the same ESSID in order to communicate.
129 Appendix B Wireless LANs
ZyXEL NBG-415N Users Guide
Figure 93 Infrastructure WLAN
| | pm =" un Wireless Station A Li
LS SBSS 1 Wireless Station B:
À channel is the radio frequency(ies) used by IEEE 802.1 1a/b/g wireless devices. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference. Interference occurs when radio signals from different access points overlap causing interference and degrading performance.
Adjacent channels partially overlap however. To avoid interference due to overlap, your AP should be on a channel at least five channels away from a channel that an adjacent AP is using. For example, if your region has 11 channels and an adjacent AP is using channel 1, then you need to select a channel between 6 or 11.
RTS/CTS A hidden node occurs when two stations are within range of the same access point, but are not within range of each other. The following figure illustrates a hidden node. Both stations (STA) are within range of the access point (AP) or wireless gateway, but out-of-range of each other, so they cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other.
Appendix B Wireless LANS 130
ZyXEL NBG-415N User's Guide
Figure 94 RTS/CTS CTS Range
Station AP Station B When station À sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
RTS/CTS is designed to prevent collisions due to hidden nodes. An RTS/CTS defines the biggest size data frame you can send before an RTS (Request To Send)/CTS (Clear to Send) handshake is invoked.
When a data frame exceeds the RTS/CTS value you set (between 0 to 2432 bytes), the station that wants to transmit this frame must first send an RTS (Request To Send) message to the AP for permission to send it. The AP then responds with a CTS (Clear to Send) message to all other stations within its range to notify them to defer their transmission. It also reserves and confirms with the requesting station the time frame for the requested transmission.
Stations can send frames smaller than the specified RTS/CTS directly to the AP without the RTS (Request To Send)/CTS (Clear to Send) handshake.
You should only configure RTS/CTS if the possibility of hidden nodes exists on your network and the "cost" of resending large frames is more than the extra network overhead involved in the RTS (Request To Send)/CTS (Clear to Send) handshake.
Ifthe RTS/CTS value is greater than the Fragmentation Threshold value (see next), then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.
Note: Enabling the RTS Threshold causes redundant network overhead that could negatively affect the throughput performance instead of providing a remedy.
Fragmentation Threshold
À Fragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes) that can be sent in the wireless network before the AP will fragment the packet into smaller data frames.
131 Appendix B Wireless LANs
ZyXEL NBG-415N Users Guide
À large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference.
Ifthe Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.
À preamble is used to synchronize the transmission timing in your wireless network. There are two preamble modes: Long and Short.
Short preamble takes less time to process and minimizes overhead, so it should be used in a good wireless network environment when all wireless stations support it.
Select Long if you have a ‘noisy” network or are unsure of what preamble mode your wireless stations support as all IEEE 802.11b compliant wireless adapters must support long preamble. However, not all wireless adapters support short preamble. Use long preamble if you are unsure what preamble mode the wireless adapters support, to ensure interpretability between the AP and the wireless stations and to provide more reliable communication in ‘noisy” networks.
Select Dynamic to have the AP automatically use short preamble when all wireless stations support it, otherwise the AP uses long preamble.
Note: The AP and the wireless stations MUST use the same preamble mode in order to communicate.
IÈEE 802.11g Wireless LAN IEEE 802.11g is fully compatible with the IEEE 802.11b standard. This means an IEEE 802.11b adapter can interface directly with an IEEE 802.11g access point (and vice versa) at 11 Mbps or lower depending on range. IEEE 802.11g has several intermediate rate steps between the maximum and minimum data rates. The IEEE 802.11g data rate and modulation are as follows:
Table 60 IEEE 802.11g
DATA RATE (MBPS) | MODULATION
1 DBPSK (Differential Binary Phase Shift Keyed) 2 DOPSK (Differential Quadrature Phase Shift Keying) 5.5/11 CCK (Complementary Code Keying)
6/9/12/18/24/36/48/54 | OFDM (Orthogonal Frequency Division Multiplexing)
Appendix B Wireless LANS 132
ZyXEL NBG-415N User's Guide
In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional accounting and control features. It is supported by Windows XP and a number of network devices. Some advantages of IEEE 802.1x are:
+ User based identification that allows for roaming.
+_ Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and accounting management on a network RADIUS server.
+_ Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional authentication methods to be deployed with no changes to the access point or the wireless stations.
RADIUS RADIUS is based on a client-server model that supports authentication, authorization and accounting. The access point is the client and the server is the RADIUS server. The RADIUS server handles the following tasks: + Authentication Determines the identity of the users. + Authorization
Determines the network services available to authenticated users once they are connected to the network.
+ Accounting Keeps track of the client’s network activity.
RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless station and the network RADIUS server.
Types of RADIUS Messages
The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication: + Access-Request Sent by an access point requesting authentication. + Access-Reject Sent by a RADIUS server rejecting access. + Access-Accept
Sent by a RADIUS server allowing access.
133 Appendix B Wireless LANs
ZyXEL NBG-415N Users Guide
Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access- Request message.
The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting:
+ Accounting-Request Sent by the access point requesting accounting. + Accounting-Response
Sent by the RADIUS server to indicate that it has started or stopped accounting.
In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password, they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is also encrypted to protect the network from unauthorized access.
Types of Authentication
This appendix discusses some popular authentication types: EAP-MDS5, EAP-TLS, EAP- TTLS, PEAP and LEAP.
The type of authentication you use depends on the RADIUS server or the AP. Consult your network administrator for more information.
EAP-MD5 (Message-Digest Algorithm 5)
MDS authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless station. The wireless station ‘proves’ that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text.
However, MD5 authentication has some weaknesses. Since the authentication server needs to get the plaintext passwords, the passwords must be stored. Thus someone other than the authentication server may access the password file. In addition, it is possible to impersonate an authentication server as MDS authentication method does not perform mutual authentication. Finally, MDS authentication method does not support data encryption with dynamic session key. You must configure WEP encryption keys for data encryption.
Appendix B Wireless LANS 134
ZyXEL NBG-415N User's Guide
EAP-TLS (Transport Layer Security)
With EAP-TLS, digital certifications are needed by both the server and the wireless stations for mutual authentication. The server presents a certificate to the client. After validating the identity of the server, the client sends a different certificate to the server. The exchange of certificates is done in the open before a secured tunnel is created. This makes user identity vulnerable to passive attacks. A digital certificate is an electronic ID card that authenticates the sender’s identity. However, to implement EAP-TLS, you need a Certificate Authority (CA) to handle certificates, which imposes a management overhead.
EAP-TTLS (Tunneled Transport Layer Service)
EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-side authentications to establish a secure connection. Client authentication is then done by sending username and password through the secure connection, thus client identity is protected. For client authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2.
PEAP (Protected EAP)
Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MDS5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco.
LEAP LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x.
Dynamic WEP Key Exchange
The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed.
If this feature is enabled, it is not necessary to configure a default encryption key in the Wireless screen. You may still configure and store keys here, but they will not be used while Dynamic WEP is enabled.
Note: EAP-MD5 cannot be used with dynamic WEP key exchange
Appendix B Wireless LANs
ZyXEL NBG-415N Users Guide
For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, a simple user name and password pair is more practical. The following table is a comparison of the features of authentication types.
Table 61 Comparison of EAP Authentication Types
EAP-MD5 EAP-TLS |EAP-TTLS PEAP LEAP Mutual Authentication No Yes Yes Yes Yes Certificate — Client No Yes Optional Optional No Certificate — Server No Yes Yes Yes No Dynamic Key Exchange No Yes Yes Yes Yes Credential Integrity None Strong Strong Strong Moderate Deployment Difficulty Easy Hard Moderate Moderate | Moderate Client Identity Protection No No Yes Yes No
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE 802.11i) is a wireless security standard that defines stronger encryption, authentication and key management than WPA.
Key differences between WPA(2) and WEP are improved data encryption and user authentication.
Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. In addition to TKIP, WPA2 also uses Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption.
Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and distributed by the authentication server. It includes a per-packet key mixing function, a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism.
TKIP regularly changes and rotates the encryption keys so that the same encryption key is never used twice. The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients. This all happens in the background automatically.
WPA2 AES (Advanced Encryption Standard) is a block cipher that uses a 256-bit mathematical algorithm called Rijndael.
Appendix B Wireless LANS 136
ZyXEL NBG-415N User's Guide
The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has been tampered with and the packet is dropped.
By generating unique data encryption keys for every data packet and by creating an integrity checking mechanism (MIC), TKIP makes it much more difficult to decode data on a Wi-Fi network than WEP, making it difficult for an intruder to break into the network.
The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference between the two is that WPA-PSK uses a simple common password, instead of user-specific credentials. The common-password approach makes WPA-PSK susceptible to brute-force password-guessing attacks but it's still an improvement over WEP as it employs an easier-to- use, consistent, single, alphanumeric password.
WPA or WPA2 applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients using an external RADIUS database.
Ifboth an AP and the wireless clients support WPA2 and you have an external RADIUS server, use WPA2 for stronger data encryption. If you don't have an external RADIUS server, you should use WPA2 -PSK (WPA2 -Pre-Shared Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client. As long as the passwords match, a wireless client will be granted access to a WLAN.
Ifthe AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not.
Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure than WPA or WPA2.
10.6.1 WPA(2)-PSK Application Example
A WPA(2)-PSK application looks as follows.
1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters (including spaces and symbols).
2 The AP checks each wireless client's password and (only) allows it to join the network if the password matches.
3 The AP derives and distributes keys to the wireless clients.
4 The AP and wireless clients use the TKIP or AES encryption process to encrypt data exchanged between them.
10.6.2 WPA(2) with RADIUS Application Example
You need the IP address of the RADIUS server, its port number (default is 1812), and the RADIUS shared secret. A WPA(2) application example with an external RADIUS server looks as follows. "A" is the RADIUS server. "DS" is the distribution system.
1 The AP passes the wireless client's authentication request to the RADIUS server.
2 The RADIUS server then checks the user's identification against its database and grants or denies network access accordingly.
3 The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients.
Security Parameters Summary
Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. MAC address filters are not dependent on how you configure these security features.
Table 62 Wireless Security Relational Matrix
AUTHENTICATION ENCRYPTION |ENTER METHOD/ KEY METHOD MANUAL KEY IEEE 802.1X MANAGEMENT PROTOCOL Open None No Disable Enable without Dynamic WEP Key Open WEP No Enable with Dynamic WEP Key Yes Enable without Dynamic WEP Key Yes Disable
Appendix B Wireless LANS 138
ZyXEL NBG-415N User's Guide
Table 62 Wireless Security Relational Matrix (continued)
METHODIKEY ENCRYPTION lENTER lire 802.1
MANAGEMENT PROTOCOL Shared WEP No Enable with Dynamic WEP Key Yes Enable without Dynamic WEP Key Yes Disable
WPA-PSK TKIP Yes Enable
WPA2-PSK AES Yes Enable
Appendix C Setting up Your Computer’s IP Address
All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed.
Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer. Windows 3.1 requires the purchase of a third-party TCP/IP application package.
TCP/IP should already be installed on computers using Windows NT/2000/XP, Macintosh OS 7 and later operating systems.
After the appropriate TCP/IP components are installed, configure the TCP/IP settings in order to "communicate" with your network.
If you manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the NBG-415N's LAN port.
Click Start, Settings, Control Panel and double-click the Network icon to open the Network window
Client for Microsoft Networks F Installing Components
The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks.
If you need the adapter:
1 Inthe Network window, click Add. 2 Select Adapter and then click Add. 3 Select the manufacturer and model of your network adapter and then click OK.
1 Inthe Network window, click Add. 2 Select Protocol and then click Add. 3 Select Microsoft from the list of manufacturers.
4 Select TCP/IP from the list of network protocols and then click OK. If you need Client for Microsoft Networks:
1 Click Add. 2 Select Client and then click Add.
Appendix C ZyXEL NBG-415N Users Guide
3 Select Microsoft from the list of manufacturers.
4 Select Client for Microsoft Networks from the list of network clients and then click OK.
5 Restart your computer so the changes you made take effect.
Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. + If your IP address is dynamic, select Obtain an IP address automatically. + If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields.
Figure 97 Windows 95/98/Me: TCP/IP Properties: IP Address ax
Bindings | Advanced | NetBl0S | DNS Configuration | Gateway | WINS Configuration IP Address
An IP address can be automatically assigned to this computer. If your network does not automatically assign IP addresses, ask your network administretor for an address, and then type it in the space below.
Specify an IP address:
F Detect connection to netwark media
3 Click the DNS Configuration tab.
+ If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in).
ZyXEL NBG-415N User's Guide
Figure 98 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 21xi
Bindings | Advanced | NetBl0S DNS Configuration | Gateway | WINS Configuration | 1P Address
[0 Enable DNS Host Dons
DNS Server Search Order
4 Click the Gateway tab.
+ __ If you do not know your gateway’s IP address, remove previously installed gateways.
+ __ If you have a gateway IP address, type it in the New gateway field and click Add.
5 Click OK to save and close the TCP/IP Properties window. 6 Click OK to close the Network window. Insert the Windows CD if prompted.
7 Turn on your NBG-415N and restart your computer when prompted.
Verifying Settings 1 Click Start and then Run.
2 In the Run window, type "winipcfg" and then click OK to open the IP Configuration window.
3 Select your network adapter. You should see your computer's IP address, subnet mask and default gateway.
LS Printers and Faxes
Bisorr (©) run of computer
Q ©Q - © Pos res Fe address [Dr control Panel
Gr Switch to Category view
Controllers 3 Right-click Local Area Connection and then click Properties.
© Network Connections
LAN or High-Speed Internet Network Tasks
Create a new connection
Set up a home or small office network
© Diszbie this network ne
device Repair À Repair this connection Bridge Connections Œ Rename this connection PRE © iew status of this “syséiabs
connection Change settings of this: Rename
4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click
Figure 102 Windows XP: Local Area Connection Properties
General | Authentication | Advanced
Connect using #3 Accton EN1207D-TX PCI Fast Ethernet Adapter
This connection uses the following items:
M (S] Ciient for Microsoft Networks
M JE File and Printer Sharing for Microsoft Networks M 48} QoS Packet Scheduler &
Transmission Control Protocol/Intemet Protocol. The default wide area network protocol that provides communication across diverse interconnected networks.
[1 Show icon in notification area when connected
5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows
+ If you have a dynamic IP address click Obtain an IP address
+ If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. Click Advanced.
Advanced TCP/IP Settings
IP Settings | DNS | WINS | Options. IP addresses
|_IP address Subnet mask DHCP Enabled
6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK.
Do one or more of the following if you want to configure additional IP addresses:
+ __Inthe IP Settings tab, in IP addresses, click Add.
+ In TCP/IP Address, type an IP address in IP address and a subnet mask in Subnet mask, and then click Add.
+ Repeat the above two steps for each IP address you want to add.
+ Configure additional default gateways in the IP Settings tab by clicking Add in Default gateways.
+ In TCP/IP Gateway Address, type the IP address of the default gateway in Gateway. To manually configure a default metric (the number of transmission hops), clear the Automatic metrie check box and type a metric in Metric.
+ Click Add. + Repeat the previous three steps for each default gateway you want to add.
+ Click OK when finished. 7 Inthe Internet Protocol TCP/IP Properties window (the General tab in Windows XP):
ZyXEL NBG-415N User's Guide
+ Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
+ __If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
If you have previously configured DNS servers, click Advanced and then the DNS tab to order them.
Figure 104 Windows XP: Internet Protocol (TCP/IP) Properties
Internet Protocol (TCP/IP) Properties
General | Altemate Configuration
You can get IP settings assigned automatically if your network supports this capabilty. Dtherwise, you need ta ask your network administrator far the appropriate IP settings.
© Obtain an IP address automatically © Use the following IP address:
© Obtain DNS server address automatically
© Use the following DNS server addresses:
8 Click OK to close the Internet Protocol (TCP/IP) Properties window.
9 Click OK to close the Local Area Connection Properties window.
10Turn on your NBG-415N and restart your computer (if prompted).
Verifying Settings 1 Click Start, AIL Programs, Accessories and then Command Prompt.
2 In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab.
1 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel.
ADSL Control and Status Appearance
Location Manager Memory
2 Select Ethernet built-in from the Connect via list.
<ite suppies by server > Ci be apps By server >
< will be supplied by server >
“vil be supplied by server >
3 For dynamically assigned settings, select Using DHCP Server from the Configure: list.
ZyXEL NBG-415N User's Guide
4 For statically assigned settings, do the following:
+ __Fromthe Configure box, select Manually.
+ Type your IP address in the IP Address box.
+ Type your subnet mask in the Subnet mask box.
+ Type the IP address of your NBG-415N in the Router address box.
5 Close the TCP/IP Control Panel. 6 Click Save if prompted, to save changes to your configuration.
7 Turn on your NBG-415N and restart your computer (if prompted).
Check your TCP/IP properties in the TCP/IP Control Panel window.
1 Click the Apple menu, and click System Preferences to open the System Preferences window.
Figure 107 Macintosh OS X: Apple Menu UE Grab File Edit Capty
About This Mac Get Mac OS X Software.
System Preferences Dock > Location
2 Click Network in the icon bar.
+ __ Select Automatic from the Location list. + Select Built-in Ethernet from the Show list. + Clickthe TCP/IP tab.
3 For dynamically assigned settings, select Using DHCP from the Configure list.
149 Appendix C ZyXEL NBG-415N Users Guide
IP Address: 192.168.11.12 168.95:11 (Provided by DHCP Server)
Subnet Mask: 255.255.254.0
DHCP Client ID: (Optional)
Ethernet Address: 00:05:02:43:93:ff
Router: 192.168.10.11 SRE Example: apple.com, earthlink.net
(@} click the lock to prevent further changes.
4 For statically assigned settings, do the following:
+ __Fromthe Configure box, select Manually.
Type your IP address in the IP Address box. Type your subnet mask in the Subnet mask box. Type the IP address of your NBG-415N in the Router address box.
5 Click Apply Now and close the window.
6 Turn on your NBG-415N and restart your computer (if prompted).
Check your TCP/IP properties in the Network window.
access control 83 activate WLAN, disable WLAN 61 Address Assignment 42, 43 address restricted 94 ALG 76, 93 AP (Access Point) 130 application Internet sharing network 22 wireless network 23
content filtering 87 CTS (Clear to Send) 131 Customer Support 7
ESSID (Extended Service Set Identification) 61
Extended Service Set 129
F FCC interference statement 3 filter setup 83
general WLAN settings 60 getting started 22 graphics icons key 21
login accounts 102 logs 118
MAC address authentication 67
MAC address cloning 45
MAC address filtering 91
maximum idle time 48, 49, 51 Maximum Transmission Unit see MTU MTU 45
N NAT endpoint filtering 93 address restricted 94 endpoint independent 93 port and address restricted 94
port and address restricted 94 port forwarding 72, 73
Private IP Address 42 product registration 6
registration product 6
set system time and date 33, 104
setup wizard 32 access control 83 Internet access 32 wireless security setup 39
special applications 77
Stateful packet inspection see SPI Static DHCP 57
syntax conventions 20 system time and date 33, 104
transfer wireless settings 68 transmission rate 61
U Universal Plug and Play see UPnP upgrade firmware 111
