ZyXEL CommunicationsメーカーNBG410W3G Seriesの使用説明書/サービス説明書
ページ先へ移動 of 430
www .zyxel.com NBG410W3G Series 3G Wireless Router User ’ s Guide V ersion 4.03 08/2008 Edition 1.
.
About This User's Guide NBG410W3G Series User’s Guide 3 About This User's Guide Intended Audience This manual is intended for people who want to configure the ZyXEL Device using the web configurator . Y ou should have at leas t a basic knowledge of TCP/IP networking concepts and topology .
Document Conventions NBG410W3G Series User’s Guide 4 Document Conventions W arnings and Notes These are how warnings and notes are shown in this User ’ s Guide.
Document Conventions NBG410W3G Series User’s Guide 5 Icons Used in Figures Figures in this User ’ s Guide may use the followi ng generic icons. The ZyXEL Device icon is not an exact representation of your device.
Safety Warnings NBG410W3G Series User’s Guide 6 Safety Warnings 1 For your safety , be sure to read and follow all warni ng notices and instructions. • Do NOT use this product near water , for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids.
Safety Warnings NBG410W3G Series User’s Guide 7.
Safety Warnings NBG410W3G Series User’s Guide 8.
Contents Overview NBG410W3G Series User’s Guide 9 Contents Overview Introduction .......................................... ........................................................................ .......... 33 Getting to Know Y our ZyXEL Dev ice ..
Contents Overview NBG410W3G Series User’s Guide 10.
Table of Contents NBG410W3G Series User’s Guide 11 Table of Contents About This User's Guide ...................... .................................................................................. .. 3 Document Conventions....................
Table of Contents NBG410W3G Series User’s Guide 12 2.4 Navigating the ZyXEL Device Web Configurator ....................... ............. ................ ............. 46 2.4.1 T i tle Bar ........ ................ ............. ............. .....
Table of Contents NBG410W3G Series User’s Guide 13 5.3.1 IP Pool Setup .. ............. ............. ................ ............. ............. ............. ................ ........ 103 5.4 RIP Setup ................. ................. ........
Table of Contents NBG410W3G Series User’s Guide 14 8.2 Wireless Security Overview ................... ............. ................. ............ ............. ................ ..... 1 48 8.2.1 SSID ... ................. ............. ............ .
Table of Contents NBG410W3G Series User’s Guide 15 10.1 Authentication Server Over view .... ................ ............. ............. ................ ............. ........... 191 10.2 Local User Database ................ ................ .....
Table of Contents NBG410W3G Series User’s Guide 16 12.3 NA T Overv iew Screen ... ................ ............. ................ ............. ............. ................ ........... 2 30 12.4 NA T Address Mapping .............. ................
Table of Contents NBG410W3G Series User’s Guide 17 15.1.2 System T i meout ......... ................ ............. ............. ................ ............. ................ ..... 260 15.2 WWW (HTTP and HTTPS) ........ ................ .........
Table of Contents NBG410W3G Series User’s Guide 18 16.5.2 Web Configurator Easy Access .................. ............. ................ ............. ............ ..... 288 Chapter 17 Custom Application .............................. ..............
Table of Contents NBG410W3G Series User’s Guide 19 20.1 Maintenance Overview .................. ............. ................ ............. ................ ............. ........... 3 25 20.2 General Setup and System Name .............. ..........
Table of Contents NBG410W3G Series User’s Guide 20 Appendix F Importing Certificates ....................................... ................................................. 403 Appendix G Legal Information ........................ ................
List of Figures NBG410W3G Series User’s Guide 21 List of Figures Figure 1 3G W AN A pplication .......... ............. ................ ............. ................ ............. ................ .. .............. 36 Figure 2 Secure Internet Access via Cable or DSL Modem .
List of Figure s NBG410W3G Series User’s Guide 22 Figure 39 T utorial Example: DNS > System Edit-1 ........ ............. ............. ............. ................ ............. .. .8 0 Figure 40 T utorial Example: DNS > System Edit-2 .....
List of Figures NBG410W3G Series User’s Guide 23 Figure 82 DMZ Public Address Ex ample ............ ................ ............. ............. ................ ............. ....... .... 141 Figure 83 DMZ Private and Public Address Example .......
List of Figure s NBG410W3G Series User’s Guide 24 Figure 125 SECURITY > CERTIFICA TES > My Certific ates > Import: PKCS#12 ....... ............. ........... 204 Figure 126 SECURITY > CERTIFICA TES > My Certificates > Create (Basic) .
List of Figures NBG410W3G Series User’s Guide 25 Figure 168 ADV ANCED > REMOTE MGMT > SSH .................. ................ ............. ................ .............. 269 Figure 169 SSH Example 1: S tore Host Key ...... ... .......... ...
List of Figure s NBG410W3G Series User’s Guide 26 Figure 21 1 Masonry Plug and M4 T ap Screw ........................ ................. ............ ................. ................ .3 4 8 Figure 212 Pop-up Blocker ................. ..............
List of Figures NBG410W3G Series User’s Guide 27 Figure 254 Security Certificate ........... ................ ............. ................ ............. ................ .......... ......... ..... 403 Figure 255 Login Screen .... ................ .
List of Figure s NBG410W3G Series User’s Guide 28.
List of Tables NBG410W3G Series User’s Guide 29 List of Tables T able 1 NBG410W3G Front Panel Lights ............. .......... ................ ............. ............. ............. ........... ..... 39 T able 2 NBG412W3G Front Panel Lights .....
List of Tables NBG410W3G Series User’s Guide 30 T able 39 WIR ELESS > Wi-Fi > MAC Filter ..................... ................ ............. ................ ................ ..... ... 163 T able 40 Bloc king All LAN to WAN IRC T raffic Example .
List of Tables NBG410W3G Series User’s Guide 31 T able 82 ADV ANCED > REMOTE MGMT > DNS ............. ................ ................ ............. ................ ..... 278 T able 83 ADV ANCED > REMOTE MGMT > CNM ....... ............
List of Tables NBG410W3G Series User’s Guide 32 T able 125 Alternativ e Subnet Mask Notation .................. ............. ................ ................ ............. ....... .... 379 T able 126 Subnet 1 ........ ................. ...........
33 P ART I Introduction Getting to Know Y our ZyXEL Device (35) Introducing the W eb Configurator (43) W izard Setup (59) T utorials (65).
34.
NBG410W3G Series User’s Guide 35 C HAPTER 1 Getting to Know Your ZyXEL Device This chapter introduces the main features and applications of the ZyXEL Device.
Chapter 1 Getting to Know Your ZyXEL Device NBG410W3G Series User’s Guide 36 Figure 1 3G WAN Application 1.2.2 Secure Broadband Internet A ccess via Cable or DSL Modem For Internet access, connect the W AN Ethe rnet port to your existing Internet access gateway (company network, or your cable or DSL mo de m for example).
Chapter 1 Getting to Know Your ZyXEL Device NBG410W3G Series User’s Guide 37 1.4 Configuring Y our ZyXEL Device’ s Security Features Y our ZyXEL Device comes with a variety of s ecurity features. This sec tion summarizes these features and provides links to sections in the User ’ s Guide to configure security settings on your ZyXEL Device.
Chapter 1 Getting to Know Your ZyXEL Device NBG410W3G Series User’s Guide 38 • Set the firewall to block ICMP requests. • Enable do not respond to requ ests for unauthorized services.
Chapter 1 Getting to Know Your ZyXEL Device NBG410W3G Series User’s Guide 39 1.5.1 Front Panel Light s Figure 3 Front Panel The following tables describe the lights. T able 1 describes the light features in NBG410W3G , and T able 2 describes the light features in NBG412W3G .
Chapter 1 Getting to Know Your ZyXEL Device NBG410W3G Series User’s Guide 40 3G OPERA TION Green On The ZyXEL Device has a successful 3G connection. Flashing The ZyXEL Device has detected an availabl e 3G network, but has not yet connected to it. Blue On The ZyXEL Device has a successful 3.
Chapter 1 Getting to Know Your ZyXEL Device NBG410W3G Series User’s Guide 41 Wi-Fi Green Off The wireless connection through the built-in Wi -Fi card is not ready , or has fai led. On The wireless LAN through the buil t-in wireless LAN card is ready .
Chapter 1 Getting to Know Your ZyXEL Device NBG410W3G Series User’s Guide 42.
NBG410W3G Series User’s Guide 43 C HAPTER 2 Introducing the Web Configurator This chapter describes how to access the ZyX EL Device web configurator and provides an overview of its screens.
Chapter 2 Introducing the Web Configur ator NBG410W3G Series User’s Guide 44 Figure 4 Login Screen 5 Y ou should see a screen askin g you to change your password (highl y recommended) as shown next. T ype a new password (and retype it to confirm) and click Apply or click Ignore .
Chapter 2 Introducing the Web Configurator NBG410W3G Series User’s Guide 45 " The management session auto matically times out when the time period set in the Ad ministrator Inactivity Timer field expires (default five minutes). Simply log back into the ZyXEL Device if this happens to you.
Chapter 2 Introducing the Web Configur ator NBG410W3G Series User’s Guide 46 Figure 7 Example Xmodem Upload 6 After successful firmware upload, en ter "atgo" to restart the router . 2.4 Navigating the ZyXEL Device W eb Configurator The following summarizes how to navigate the web configurator from the HOME scree n.
Chapter 2 Introducing the Web Configurator NBG410W3G Series User’s Guide 47 The icons provide th e following functions. 2.4.2 Main Window The main window shows the screen you select in the navigation panel. It is discussed in more detail in the rest of this document.
Chapter 2 Introducing the Web Configur ator NBG410W3G Series User’s Guide 48 System Information System Name This is the System Name you enter in the MAINTENANCE > General screen. It is for identification purpos es. Click the field label to go to the screen where you can specify a name for this ZyXEL Device.
Chapter 2 Introducing the Web Configurator NBG410W3G Series User’s Guide 49 S tatus For the LAN and DMZ ports, this displays the port speed and duplex setting.
Chapter 2 Introducing the Web Configur ator NBG410W3G Series User’s Guide 50 Roaming Network This field is available only when you insert a 3G card that supports the roaming feature. This displays whether the card is able to connect to other ISPs’ base stations.
Chapter 2 Introducing the Web Configurator NBG410W3G Series User’s Guide 51 New PIN Code Configure a PIN code for the SIM card . Y ou can specify an y four to eight digits to have a new PIN code or e nter the previous PIN code. Confirm New PIN Code Enter the PIN code a gain for confirmation.
Chapter 2 Introducing the Web Configur ator NBG410W3G Series User’s Guide 52 2.4.4 Navigation Panel After you enter the password, us e the sub-menu s on the navigation panel to configure ZyXEL Device featur es. The following table describes the sub-menus.
Chapter 2 Introducing the Web Configurator NBG410W3G Series User’s Guide 53 Wi-Fi Wireless Card Use this screen to configure the wireless LAN setting s.
Chapter 2 Introducing the Web Configur ator NBG410W3G Series User’s Guide 54 2.4.5 Port St atistics Click Port St a t i s t i c s in the HOME screen. Read-only information here includes port status and packet specific statistics. The Automatic Refresh Interval field is configurable.
Chapter 2 Introducing the Web Configurator NBG410W3G Series User’s Guide 55 Figure 10 HOME > Show S tatistics The following table describes the labels in this screen. 2.4.6 Show St atistics: Line Chart Click the icon in the Show S tatistics screen.
Chapter 2 Introducing the Web Configur ator NBG410W3G Series User’s Guide 56 Figure 1 1 HOME > Show Statistics > Line Chart The following table describes the labels in this screen.
Chapter 2 Introducing the Web Configurator NBG410W3G Series User’s Guide 57 Figure 12 HOME > DHCP T able The following table describes the labels in this screen. T able 8 HOME > DH CP Table LABEL DESCRIPTION Interface Select LAN or DMZ to show the current DHCP client information for the specifi ed interface.
Chapter 2 Introducing the Web Configur ator NBG410W3G Series User’s Guide 58.
NBG410W3G Series User’s Guide 59 C HAPTER 3 Wizard Setup This chapter provides information on the Wizard Setup screens in the web configurator . 3.1 Wizard Setup Overview The web configurator's setup wizards help you configure Internet connection settings.
Chapter 3 Wizard Setup NBG410W3G Series User’s Guide 60 The wizard screen varies according to the ty pe of encapsulation that you select in the Encapsula tion field.
Chapter 3 Wizard Setup NBG410W3G Series User’s Guide 61 3.2.1.2 PPPoE Encap sulation Point-to-Point Protocol over Ethernet (PPPoE) functions as a dial-up connection. PPPoE is an IETF (Internet Engineering T ask Force) standard specifying ho w a host personal computer interacts with a broadband modem (for example DSL, cable , wireless, etc.
Chapter 3 Wizard Setup NBG410W3G Series User’s Guide 62 3.2.1.3 PPTP Encap sulation Point-to-Point T u nneling Protocol (PP TP) is a network protocol tha t enables transfers of data from a remote client to a private server , crea ting a V irtual Private Network (VPN) using TCP / IP-based networks.
Chapter 3 Wizard Setup NBG410W3G Series User’s Guide 63 Figure 16 ISP Parameters: PPTP Encap sulation The following table describes the labels in this screen. Ta b l e 1 1 ISP Parameters: PP TP Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation Select PPTP from the drop-down list box.
Chapter 3 Wizard Setup NBG410W3G Series User’s Guide 64 3.2.2 Internet Access Wizard Setup Complete The congratulations sc reen displays. Click Close to complete the Internet access setup. Figure 17 Internet Access Setup Complete Connection ID/ Name Enter the connection ID or connection name in this field.
NBG410W3G Series User’s Guide 65 C HAPTER 4 Tutorials This section describes ho w to do the following. 1 Set up a DMZ (De-Militarized Zone). 2 Use an H.323 V oIP phone on your LAN. 3 Use NA T (Network Address Translatio n) with multiple public IP addresses.
Chapter 4 Tutorials NBG410W3G Series User’s Guide 66 4.2 DMZ Setup Example In this example the DMZ uses private IP ad dresses and the default subnet mask of 255.255.255.0. (See Appendix C on page 377 for information on subn etting.) Y ou can also use a static public IP address for your file server .
Chapter 4 Tutorials NBG410W3G Series User’s Guide 67 Figure 20 DMZ T utorial: N ETWORK > DMZ > S tatic DHCP 4.2.1.3 Public and Private IP Addresse s 1 In Windows Networkin g (NetBIOS over TCP/IP) select Allow between DMZ and LAN. In this example, both the file server on the DMZ and a computer on the LAN use a W indows OS.
Chapter 4 Tutorials NBG410W3G Series User’s Guide 68 Figure 22 DMZ T utorial: ADV ANCED > NA T Overview This completes basic setup of your DMZ. 4.2.2 Advanced Setup In this scenario the file server runs an FTP (F ile T ransfer Protocol) download service.
Chapter 4 Tutorials NBG410W3G Series User’s Guide 69 Port Forwarding Setup 1 T o configure port forwarding , first configure a static IP on the file server if you haven’ t already . Se e Section 4.2.1.2 on pag e 66 . 2 Click ADV ANCED > NA T > Port Forwarding to open the Port Forwarding screen.
Chapter 4 Tutorials NBG410W3G Series User’s Guide 70 Y ou need to define two rules - one to drop a ll traffic from the W AN to the DMZ, the other to permit HTTP and FTP traf fic from the W AN to th e DMZ. This ensures that only HTTP and FTP traffic from the W AN to the DMZ is pe rmitted and all other traf fic is blocked.
Chapter 4 Tutorials NBG410W3G Series User’s Guide 71 Figure 26 DMZ T utorial: NETWOR K > Firewall > Rule Summary: Firewall - Edit 11 Repeat the firewall rule setup procedure to set up a rule for W AN1 to DMZ traffic with the same source and destination addresses.
Chapter 4 Tutorials NBG410W3G Series User’s Guide 72 Figure 27 DMZ T utorial: SECURITY > Firewall > Rule Summary Example This completes setup of a firewall ru les for the file server on your DMZ. 4.4 Setting Up a V oIP Phone with H.323 Y ou can use the ZyXEL Devi ce to manage calls from your V oIP enabled phone using H.
Chapter 4 Tutorials NBG410W3G Series User’s Guide 73 Figure 29 H.323 T utorial: NETWORK > LAN > St atic DHCP 4 Click NETWORK > LAN to display the LAN screen. Ensure that Server is selected in the drop-down box in the DHCP field. Set up ALG Follow these steps to set up ALG (Applicatio n Layer Gateway) to let your ZyXEL Device manage H.
Chapter 4 Tutorials NBG410W3G Series User’s Guide 74 6 T ype the IP address of your V oIP phone in the Server IP Address field. In this example 192.168.
Chapter 4 Tutorials NBG410W3G Series User’s Guide 75 field - 123.23.23 .23 and click Add so that the IP address appears in the Destination Address(es) field. If you are using a H.323 ser ver , use its IP address instead. 5 In the Edit Destination Addr ess section select Single Address in the drop-down box in the Addr ess T ype field.
Chapter 4 Tutorials NBG410W3G Series User’s Guide 76 Figure 33 H.323 T utorial: SECURITY > Firewall > Rule Summary 8 Repeat the firewall rule setup procedure to add a similar firewall ru le for H.323 traffic from the W AN to the LAN, using the sam e W AN IP address and LAN IP address settings.
Chapter 4 Tutorials NBG410W3G Series User’s Guide 77 Figure 34 H.323 T utorial: SECURITY > Firewall > Rule Summary That completes setup of your H.
Chapter 4 Tutorials NBG410W3G Series User’s Guide 78 Figure 35 T utorial Example: Using NA T with S tatic Public IP Addresses T o set up this network, we are going to: 1 Configure the W AN 1 connection to use the first public IP address (1.2.3.4). 2 Configure NA T address mapping for other publ ic IP addresses (1.
Chapter 4 Tutorials NBG410W3G Series User’s Guide 79 Figure 36 T utoria l Example: WAN Connection with a S tatic Public IP Address 1 Click NETWORK > W AN > W AN 1 . 2 Select PPPoE ( PPP over Ethernet ) from the Encapsulat ion drop-down list box.
Chapter 4 Tutorials NBG410W3G Series User’s Guide 80 7 The System screen displays. Click the Insert button to configure the IP address of the DNS server the ZyXEL Device can query to resolve domain names. Figure 38 T utorial Example: DNS > System 8 Select Public DNS Server and enter the first DNS server ’ s IP a ddress given by your ISP .
Chapter 4 Tutorials NBG410W3G Series User’s Guide 81 Figure 40 T utorial Example: DNS > System Edit-2 10 The DNS > System screen should look as shown. Figure 41 T utorial Example: DNS > System: Done 11 Go to the Home screen to check your W AN connection status.
Chapter 4 Tutorials NBG410W3G Series User’s Guide 82 Figure 42 T utorial Example: S tatus 4.5.3 Public IP Address Mapping T o have the local computers and servers use specific W AN IP addresses, you need to map static public IP addresses to them. " The one-to-one NA T addr ess mapping rules are for both incoming and outgoing connections.
Chapter 4 Tutorials NBG410W3G Series User’s Guide 83 Figure 43 T utorial Example: Mapping Multiple Pub lic IP Addresses to Inside Servers " The ZyXEL Device applies the rules in th e order that you s pecify . Y ou should put any one-to-on e rules before a many-to-one rule.
Chapter 4 Tutorials NBG410W3G Series User’s Guide 84 Figure 44 T utorial Example: NA T > NA T Overview 3 Click the Address Mapping tab. 4 Select W AN 1 . 5 Click the first rule’ s Edit icon ( ) in the Modify column to display the Addr ess Mapping Rule screen.
Chapter 4 Tutorials NBG410W3G Series User’s Guide 85 Figure 45 T utorial Example: NA T > Address Mapping 6 Map a public IP address to the web server . Select the One-to-One type and enter 192.168.1.12 as the local start IP address and 1.2.3.5 as the global start IP address.
Chapter 4 Tutorials NBG410W3G Series User’s Guide 86 Figure 47 T utorial Example: NA T Address Mappin g Edit: One-to-One (2) 9 Click the third rule’ s Edit icon ( ). 10 Map a public IP address to other outgoing LAN traffic. Select the Many-to-One type and enter 192.
Chapter 4 Tutorials NBG410W3G Series User’s Guide 87 Figure 49 T utorial Example: NA T Address Mapping Done " T o allow traffic from t he W AN to be forwarded throu gh the ZyXEL Device, you must also create a firewall rule. Refe r to Section 4.
Chapter 4 Tutorials NBG410W3G Series User’s Guide 88 Figure 50 T utorial Example: Forwarding Incoming FTP T raffic to a Loca l Computer 1 Click ADV ANCED > NA T > Address Mapping . 2 Click the forth rule’ s Edit icon ( ) to configure a server rule.
Chapter 4 Tutorials NBG410W3G Series User’s Guide 89 Figure 52 T utorial Example: NA T Port Forwarding 4.5.5 Allow W AN-to-LAN T raffic through the Firewall By default, the Zy XEL Device blocks any traf fi c initiated from the W AN to the LAN.
Chapter 4 Tutorials NBG410W3G Series User’s Guide 90 1 Click SECURITY > FIREW ALL . 2 Make sure the firewall is enabled and traffic from W AN 1 to the LAN is dropped. Figure 54 T utorial Example: Firewall Default Rule 3 Go to the Rule Summary screen.
Chapter 4 Tutorials NBG410W3G Series User’s Guide 91 6 Configure a firewall rule to allow HTTP traf fic from the W AN to the web server . Enter a descriptive name (W -L_W eb for example). Select Any in the Destination Address(es) box and click Delete .
Chapter 4 Tutorials NBG410W3G Series User’s Guide 92 Figure 57 T utorial Example: Firewall Rule: WAN t o LAN Service Edit for Web Server 8 Click the insert icon to configure a firewall rule to allow traf fic from the W AN to the mail server . Enter a descriptive name (W -L_Mail for example).
Chapter 4 Tutorials NBG410W3G Series User’s Guide 93 Figure 58 T utorial Example: Firewall Rule: WAN t o LAN Addres s Edit for Ma il Server 9 Select Any(All) in the A vailable Services box on the left, and click >> to add it to the Selected Service(s) box on the right.
Chapter 4 Tutorials NBG410W3G Series User’s Guide 94 10 Click the insert icon to configure a firewa ll rule to allow FTP traffic from the W AN to the FTP server . Enter a descriptive name (W -L_FTP for example). Select Any in the Destination Address(es) box and click Delete .
Chapter 4 Tutorials NBG410W3G Series User’s Guide 95 Figure 61 T utorial Example: Firewall Rule: WAN to LAN Service Edit for FTP Server 12 When you are done , the Rule Summary screen looks as shown.
Chapter 4 Tutorials NBG410W3G Series User’s Guide 96 4.5.6 T esting the Connections 1 Open the web browser on one of the local co mputers and enter any web site’ s URL in the address bar . If you can access the web site, your W AN 1 connection and NA T address mapping are configured successfully .
Chapter 4 Tutorials NBG410W3G Series User’s Guide 97 Figure 63 T utorial Example: NA T Address Mapping Done: Game Playing " T o allow traffic from t he W AN to be forwarded throu gh the ZyXEL Device, you must also create a firewall rule. Refe r to Section 4.
Chapter 4 Tutorials NBG410W3G Series User’s Guide 98.
99 P ART II Network LAN Screens (101) W AN Screens (1 11) DMZ Screens (135).
100.
NBG410W3G Series User’s Guide 101 C HAPTER 5 LAN Screens This chapter describes how to configure LAN settings. 5.1 LAN, W AN and the ZyXEL Device A network is a shared commun ication system to which ma ny computers are attached.
Chapter 5 LAN Screens NBG410W3G Series User’s Guide 102 feature of the ZyXEL Device . The Internet Assi gned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise.
Chapter 5 LAN Screens NBG410W3G Series User’s Guide 103 5.3.1 IP Pool Setup The ZyXEL Device is pre-configured with a pool of IP addresses for the computers on your LAN. See Chapter 22 on page 345 for the default IP pool range. Do not assign your LAN computers static IP addresses that are in the DHCP pool.
Chapter 5 LAN Screens NBG410W3G Series User’s Guide 104 The ZyXEL Device supports both IGMP version 1 ( IGMP-v1 ) and IGMP version 2 ( IGMP- v2 ). At start up, the ZyXEL Device queries all di rectly connected networks to gather group membership. After that, the ZyXEL Device peri odically updates this information.
Chapter 5 LAN Screens NBG410W3G Series User’s Guide 105 The following table describes the labels in this screen. T able 12 NETWORK > LAN LABEL DESCRIPTION LAN TCP/IP IP Address T ype the IP address of your Zy XEL Device in d otted decimal notation.
Chapter 5 LAN Screens NBG410W3G Series User’s Guide 106 5.8 LAN St atic DHCP This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. Every Ethernet device has a unique MAC (Med ia Access Control) addre ss.
Chapter 5 LAN Screens NBG410W3G Series User’s Guide 107 Figure 66 NETWORK > LAN > S tatic DHCP The following table describes the labels in this screen. 5.9 LAN IP Alias IP alias allows you to partition a physical network into dif fer ent logical networks over the same Ethernet interface.
Chapter 5 LAN Screens NBG410W3G Series User’s Guide 108 The ZyXEL Device supports three logical LAN interfaces via its single physical LAN Ethernet interface.
Chapter 5 LAN Screens NBG410W3G Series User’s Guide 109 The following table describes the labels in this screen. 5.10 LAN Port Roles Use the Port Roles screen to set ports as part of the LAN or DMZ interface. Ports 1~4 on the ZyXEL Device can be part of the LAN or DMZ interface.
Chapter 5 LAN Screens NBG410W3G Series User’s Guide 11 0 " Y our changes are also reflected in the DMZ Port Roles screen. Figure 69 NETWORK > LAN > Port Rol es The following table describes the labels in this screen.
NBG410W3G Series User’s Guide 111 C HAPTER 6 WAN Screens This chapter describes how to configure W A N settings. " W AN 2 refers to the 3G card on the supported ZyXEL Device. 6.1 W AN Overview • Use the W AN General scre en to configure operation mode, route priority and connection test for the ZyXEL Device.
Chapter 6 WAN Screens NBG410W3G Series User’s Guide 11 2 6.3 TCP/IP Priority (Metric) The metric represents the "cost of transmissi on". A router determines the best route for transmission by choosing a path with the lowest "cost".
Chapter 6 W AN Screen s NBG410W3G Series User’s Guide 11 3 Figure 71 NETWORK > W AN General.
Chapter 6 WAN Screens NBG410W3G Series User’s Guide 11 4 The following table describes the labels in this screen. T able 16 NETWORK > W AN General LABEL DESCRIPTION Active/Passive (Fail Over) Mode The ZyXEL Device uses the second highest priority W AN interface as a back up.
Chapter 6 W AN Screen s NBG410W3G Series User’s Guide 11 5 6.5 W AN IP Address Assignment Every computer on the Internet must have a unique IP address. If your networks are is olated from the Internet, for instance, only between your two branch of fices, you can as sign any IP addresses to the hosts without problems.
Chapter 6 WAN Screens NBG410W3G Series User’s Guide 11 6 Y ou can obtain your IP address from the IANA, from an ISP or have it assigned by a private network. If you belong to a small organization an d your Internet a ccess is through an ISP , the ISP can provide you with the Intern et addresses for your local networks.
Chapter 6 W AN Screen s NBG410W3G Series User’s Guide 11 7 6.8 W AN 1 Use this screen to change your ZyXEL Devi ce's W AN 1 ISP , IP and MAC settings. Click NETWORK > WA N > WA N 1 to display this screen. The scre en differs by the encapsulation.
Chapter 6 WAN Screens NBG410W3G Series User’s Guide 11 8 The following table describes the labels in this screen. T able 18 NETWORK > WAN > W AN 1 (Ethernet Encapsula tion) LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation Y ou must choose the Ethernet option when the WAN port is used as a regular Ethernet.
Chapter 6 W AN Screen s NBG410W3G Series User’s Guide 11 9 RIP Direction RIP (Routing Information Protocol ) a llows a route r to exchange routi ng information with other routers. The RIP Direction field controls the sending and receiv ing of RIP packet s.
Chapter 6 WAN Screens NBG410W3G Series User’s Guide 120 6.8.2 PPPoE Encap sulation The ZyXEL Device supports PPPoE (Point-to-Poin t Protocol over Ethernet ). PPPoE is an IETF standard (RFC 2516) speci fying how a personal computer (PC) interacts with a broadband modem (DSL, cable, wireless, etc .
Chapter 6 W AN Screen s NBG410W3G Series User’s Guide 121 Figure 73 N E T W O R K > WA N > WA N 1 ( PPPoE Encapsulation) The following table describes the labels in this screen.
Chapter 6 WAN Screens NBG410W3G Series User’s Guide 122 Authentication Ty p e The ZyXEL Device supports P AP (Password Authentication Protocol) a nd CHAP (Challenge Handshake Authentica tion Protoc ol). CHAP is more secure than P AP; however , P AP is readily avail able on more platforms.
Chapter 6 W AN Screen s NBG410W3G Series User’s Guide 123 6.8.3 PPTP Encap sulation Point-to-Point T unneling Protocol (PP TP) is a ne twork protocol that enables secure transfer of data from a remote client to a private server , creating a V irtual Private Network (VPN) using TCP/IP-based networks.
Chapter 6 WAN Screens NBG410W3G Series User’s Guide 124 Figure 74 NETWORK > W AN > WAN 1 (PP TP Encapsul ation) The following table describes the labels in this screen. T able 20 NETWORK > WAN > W AN 1 (PPTP Encapsulation) LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation Set the encapsulation method to PPTP .
Chapter 6 W AN Screen s NBG410W3G Series User’s Guide 125 Authentication Ty p e The ZyXEL Device supports P AP (Password Authentication Protocol) and CHAP (Challenge Handshake Authenticatio n Protoc ol). CHAP is more secure than P AP; however , P AP is readily availa ble on more p latforms.
Chapter 6 WAN Screens NBG410W3G Series User’s Guide 126 6.9 3G (W AN 2) 3G (Third Generation) is a digital, packet-s witched wireless technology . Bandwidth usage is optimized as multiple users shar e the same channel and bandwidt h is only allocated to users when they send data.
Chapter 6 W AN Screen s NBG410W3G Series User’s Guide 127 " The actual data rate you ob t ain varies depending on y our 3G card, the signal strength of the service provider ’s bas e station, your service plan, etc. " For NBG410W3G , you can use either t he built-in 3G modul e or an external USB dongle to establish a 3G connecti on.
Chapter 6 WAN Screens NBG410W3G Series User’s Guide 128 T o change yo ur ZyXEL Device's 3G W AN settings, click NETW ORK > WA N > 3G (W AN 2) or WIRELESS > 3G (W AN 2) . " The W AN 1 and W AN 2 IP addresses of a ZyXEL Device with multiple W AN interfaces must be on different subnet s.
Chapter 6 W AN Screen s NBG410W3G Series User’s Guide 129 Figure 75 NETWORK > W AN > 3G (WAN 2).
Chapter 6 WAN Screens NBG410W3G Series User’s Guide 130 The following table describes the labels in this screen. T able 22 NETWORK > WAN > 3G (W AN 2) LABEL DESCRIPTION W AN2 Se tup Enable Select this option to enable WAN 2. The Network T ype and Network Selection fields appear .
Chapter 6 W AN Screen s NBG410W3G Series User’s Guide 131 Authentication Ty p e The ZyXEL Device supp orts P AP (Password Auth entication Protocol) and CHAP (Challenge Handshake Authen tication Protoc ol). CHAP is more secure than P AP; however , P AP is read ily available on more platforms.
Chapter 6 WAN Screens NBG410W3G Series User’s Guide 132 Enable Mu lticast Select this check box to turn on IG MP (In ternet Group Multicast Protocol). IGMP is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data.
Chapter 6 W AN Screen s NBG410W3G Series User’s Guide 133 6.10 T raffic Redirect T raffic redirect forwards W AN traffic to a backup gateway when the ZyXEL D evice cannot connect to the Internet through its normal gate way . Connect the backup gateway on the W AN so that the ZyXEL Device still provid es firewall protection for the LAN.
Chapter 6 WAN Screens NBG410W3G Series User’s Guide 134 6.1 1 Configuring T raffic Redirect T o change your ZyXEL Device’ s traffic redirect settings, click NETWORK > WA N > T raffic Redirect . The screen appears as shown. Figure 78 NETWORK > WAN > T raffic Redirect The following table describes the labels in this screen.
NBG410W3G Series User’s Guide 135 C HAPTER 7 DMZ Screens This chapter describes how to configure the ZyXEL Device’ s DMZ. 7.1 DMZ The DeMilitarized Zone (DMZ) pr ovides a way for public servers (W eb, e-mail, FTP , etc.
Chapter 7 DMZ Scre ens NBG410W3G Series User’s Guide 136 Figure 79 NETWORK > DMZ The following table describes the labels in this screen. T able 24 NETWORK > DMZ LABEL DESCRIPTION DMZ TCP/IP IP Address T ype the IP address of your ZyXEL Device’s DMZ port in dotted decimal notation.
Chapter 7 DMZ Screens NBG410W3G Series User’s Guide 137 Multicast Select IGMP V -1 or IGMP V -2 or None . IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to estab lish membership in a Multicast group - it is not used to carry user data.
Chapter 7 DMZ Scre ens NBG410W3G Series User’s Guide 138 7.3 DMZ S t atic DHCP This table allows you to assign IP addresses on the DMZ to specific individual computers based on their MAC Addresses. Every Ethernet device has a unique MAC (Med ia Access Control) addre ss.
Chapter 7 DMZ Screens NBG410W3G Series User’s Guide 139 7.4 DMZ IP Alias IP alias allows you to partition a physical network into dif fer ent logical networks over the same Ethernet interface.
Chapter 7 DMZ Scre ens NBG410W3G Series User’s Guide 140 Figure 81 NETWORK > DMZ > IP Alias The following table describes the labels in this screen. T able 26 NETWORK > D MZ > IP Alias LABEL DESCRIPTION Enable IP Alias 1, 2 Select the check box to configure anot her DMZ network for the ZyXEL Device.
Chapter 7 DMZ Screens NBG410W3G Series User’s Guide 141 7.5 DMZ Public IP Address Example The following figure shows a simple network set up with public IP addresses on the W AN and DMZ and private IP addresses on the LAN. Lowe r case letters represent public IP addresses (like a.
Chapter 7 DMZ Scre ens NBG410W3G Series User’s Guide 142 Figure 83 DMZ Private and Public Address Example 7.7 DMZ Port Roles Use the Port Roles screen to set ports as part of the LAN and/or DMZ interface. Ports 1~4 on the ZyXEL Device can be part of the LAN and/or DMZ interface.
Chapter 7 DMZ Screens NBG410W3G Series User’s Guide 143 Figure 84 NETWORK > DMZ > Port Roles The following table describes the labels in this screen. T able 27 NETWORK > DMZ > Port Roles LABEL DESCRIPTION LAN Select a port’s LAN radio button to use the port as part of the LAN.
Chapter 7 DMZ Scre ens NBG410W3G Series User’s Guide 144.
145 P ART III W ireless W i-Fi (147).
146.
NBG410W3G Series User’s Guide 147 C HAPTER 8 Wi-Fi This chapter discusses how to configure wireless LAN on the ZyXEL Device. 8.1 Wi-Fi Introduction Y our ZyXEL Device comes with an internal W i-Fi card, providing AP (access point) functionality , and allowi ng you to set up a wireless LAN (WLAN).
Chapter 8 Wi-Fi NBG410W3G Series User’s Guide 148 Every wireless network must follow these basi c guidelines. • Every wireless client in the same wire less network must use the same SSID. The SSID is the name of the wireless netw ork. It stands for Service Set IDentity .
Chapter 8 Wi-Fi NBG410W3G Series User’s Guide 149 Y ou can use the MAC address filter to tell the AP which wireless client s are allowed or not allowed to use the wireless netw ork. If a wireless client is allowed to use the wireless network, it still has to have the correct se ttings (SSID, channel, and security).
Chapter 8 Wi-Fi NBG410W3G Series User’s Guide 150 The types of encryption you can choose depend on the ty pe of user authentication. (See Section 8.2.3 on page 149 for information about this.) For example, if the wireless network has a RADIUS server , you can choose WP A or WP A2 .
Chapter 8 Wi-Fi NBG410W3G Series User’s Guide 151 8.2.5 Additional Inst allation Requirement s for Using 802.1x • A computer with an IEEE 802.1 1b/g wireless LAN card. • A computer equipped with a web browser (with JavaScript enabled) and/or T elnet.
Chapter 8 Wi-Fi NBG410W3G Series User’s Guide 152 The following table describes the labels in this screen. T able 29 WIRELESS > Wi-Fi > Wireless Card LABEL DESCRIPTION Enable Wireless Card The wireless LAN thro ugh a wireless LAN card is turned off by default.
Chapter 8 Wi-Fi NBG410W3G Series User’s Guide 153 8.3.1 SSID Profile Configure wireless network secu rity by configuring and applying an SSID profile.
Chapter 8 Wi-Fi NBG410W3G Series User’s Guide 154 Figure 87 WIRELESS > Wi-Fi > Configuring SSID The following table describes the labels in this screen. 8.4 Configuring Wireless Security Click WIRELESS > W i-Fi > Security to open the Security screen.
Chapter 8 Wi-Fi NBG410W3G Series User’s Guide 155 The following table describes the security modes you can configure. Figure 88 WIRELESS > Wi-Fi > Security The following table describes the labels in this screen. T able 31 Security Modes SECURITY MODE DESCRIPTION None Select this to have no data encryption.
Chapter 8 Wi-Fi NBG410W3G Series User’s Guide 156 8.4.1 No Security " If you do not enable any wi reless security on your Zy XEL Device, your network is accessible to any wireless networking device within range. Figure 89 WIRELESS > Wi-Fi > Security: None The following table describes the wireless LAN security labels in this screen.
Chapter 8 Wi-Fi NBG410W3G Series User’s Guide 157 Figure 90 WIRELESS > Wi-Fi > Security: WEP The following table describes the labels in this screen. 8.4.3 IEEE 802.1x Only Click the WIRELESS > Wi-Fi > Security > Edit . Select 8021X-Only from the Security Mode list.
Chapter 8 Wi-Fi NBG410W3G Series User’s Guide 158 Figure 91 WIRELESS > Wi-Fi > Secu rity: 802.1x Only The following table describes the labels in this screen. 8.4.4 IEEE 802.1x + S tatic WEP Click the WIRELESS > Wi-Fi > Security > Edit .
Chapter 8 Wi-Fi NBG410W3G Series User’s Guide 159 Figure 92 WIRELESS > Wi-Fi > Security : 802.1x + S tatic WEP The following table describes the labels in this screen. T able 36 WIRELESS > Wi-Fi > Security : 802.1x + Static WEP LABEL DESCRIPTION Name T ype a name to identify this security profil e.
Chapter 8 Wi-Fi NBG410W3G Series User’s Guide 160 8.4.5 WP A, WP A2, WP A2-MIX Click WIRELESS > W i-Fi > Security > Edit . Select WP A , WP A2 or WP A2-MIX from the Security Mode list. Figure 93 WIRELESS > Wi-Fi > Security: WP A, WP A2 or WP A2-MIX The following table describes the labels in this screen.
Chapter 8 Wi-Fi NBG410W3G Series User’s Guide 161 8.4.6 WP A-PSK, WP A2-PSK, WP A2-PSK-MIX Click WIRELESS > Wi-Fi > Security > Edit . Select WP A-PSK , WP A2-PSK or WP A2- PSK-MIX from the Security Mode list. Figure 94 WIRELESS > Wi-Fi > Security: WP A(2)-PSK The following table describes the labels in this screen.
Chapter 8 Wi-Fi NBG410W3G Series User’s Guide 162 8.5 MAC Filter The MAC filter screen allows you to configure t h e ZyXEL Device to give exclusive access to specific devices ( Allow ) or exclude specific devices from accessing the ZyXEL De vice ( Deny ).
Chapter 8 Wi-Fi NBG410W3G Series User’s Guide 163 Figure 95 WIRELESS > Wi-Fi > MAC Filter The following table describes the labels in this menu. T able 39 WIRELESS > Wi-Fi > MAC Filter LABEL DESCRIPTION Association Define the filter action for the list of MAC addresses in the MAC address fi lter table.
Chapter 8 Wi-Fi NBG410W3G Series User’s Guide 164.
165 P ART IV Security Firewall (167) Certificates (195) Authentication Server (191).
166.
NBG410W3G Series User’s Guide 167 C HAPTER 9 Firewall This chapter shows you how to conf igure your ZyXEL Device’ s firewall. 9.1 Firewall Overview The networking term firewall is a system or group of systems that enforces an access-control policy between two networks.
Chapter 9 Firewall NBG410W3G Series User’s Guide 168 9.2 Packet Direction Matrix The ZyXEL Device’ s packet direc tion matrix al lows you to apply certain security settings (like firewall) to traffi c flowing in specific directions. For example, click SECURITY > FIREW ALL to open the following screen.
Chapter 9 Firewall NBG410W3G Series User’s Guide 169 Figure 98 Default Block T raf fic From W AN1 to DMZ Example 9.3 Packet Direction Examples Firewall rules are grouped based on the direction of travel of packets to which they apply . This section gives some examples of why you migh t configure firewall rules for specific connection directions.
Chapter 9 Firewall NBG410W3G Series User’s Guide 170 By default, the ZyXEL Device drops packet s traveling in the fo llowing directions. 9.4 Security Considerations " Incorrectly configuri ng the firewall may block valid access or introduce security risks to the ZyXEL Device and your protected network.
Chapter 9 Firewall NBG410W3G Series User’s Guide 171 1 Does this rule stop LAN us ers from accessing critical reso urces on the Internet? For example, if IRC is blocke d, are th ere us ers that requ.
Chapter 9 Firewall NBG410W3G Series User’s Guide 172 The ZyXEL Device applies the firewall rules in order . So for this example, when the ZyXEL Device receives traffic from the LAN, it checks it against the first rule.
Chapter 9 Firewall NBG410W3G Series User’s Guide 173 9.6 Asymmetrical Routes If an alternate gateway on the LAN has an IP address in the same subnet as the ZyXEL Device’ s LAN IP address, return traf fic may no t go through the ZyXEL Device. This is called an asymmetrical or “triangle” route.
Chapter 9 Firewall NBG410W3G Series User’s Guide 174 Figure 102 SECURITY > FIREWALL > Default Rule The following table describes the labels in this screen.
Chapter 9 Firewall NBG410W3G Series User’s Guide 175 9.8 Firewall Rule Summary Click SECURITY > FIREW ALL > Rule Summary to open the screen. This screen displays a list of the configured firewall rules. " The ordering of your rules is very important as rule s are applied in the order that they are listed.
Chapter 9 Firewall NBG410W3G Series User’s Guide 176 Figure 103 SECURITY > FIREW ALL > Rule Summary The following table describes the labels in this screen.
Chapter 9 Firewall NBG410W3G Series User’s Guide 177 9.8.1 Firewall Edit Rule In the Rule Summary screen, click the edit icon or the insert icon to display the Fire wall Edit Rule screen. Use this screen to create or edit a firewall rule . Refer to the following table for information on the labels.
Chapter 9 Firewall NBG410W3G Series User’s Guide 178 Figure 104 SECURITY > FIREW ALL > Rule Summary > Edit.
Chapter 9 Firewall NBG410W3G Series User’s Guide 179 The following table describes the labels in this screen. T able 44 SECURITY > FIREWALL > Rule Summary > Edit LABEL DESCRIPTION Rule Name Enter a descriptive name of up to 31 printable ASCII characters (except Extended ASCII characters) for the firewall rule.
Chapter 9 Firewall NBG410W3G Series User’s Guide 180 9.9 Anti-Probing Click SECURITY > FIREW ALL > Anti-Probing to open the following screen. Configure this screen to help keep the ZyXEL Device hidden from probing attempts.
Chapter 9 Firewall NBG410W3G Series User’s Guide 181 The following table describes the labels in this screen. 9.10 Firewall Thresholds For DoS attacks, the ZyXEL Device uses thresholds to determine when to start dropping sessions that do not become fully established (half-open sessions).
Chapter 9 Firewall NBG410W3G Series User’s Guide 182 9.10.1 Threshold V alues If everything is working properly , you probably do not need to ch ange the threshold settings as the default threshold values should work for mo st small of fices.
Chapter 9 Firewall NBG410W3G Series User’s Guide 183 The following table describes the labels in this screen. T able 46 SECURITY > FIREWALL > Threshold LABEL DESCRIPTION Disable DoS Attack Protec tion on Select the check boxes of any interfaces for which you want the ZyXEL Device to not use the Den ial of Service protection thresholds.
Chapter 9 Firewall NBG410W3G Series User’s Guide 184 9.12 Service Click SECURITY > FIREW ALL > Service to open the screen as shown next. U se this screen to configure custom services for use in firewall rules or view the services that are predefined in the ZyXEL Device.
Chapter 9 Firewall NBG410W3G Series User’s Guide 185 The following table describes the labels in this screen. 9.12.1 Firewall Edit Custom Service Click SECURITY > FIREW ALL > Service > Add to display the followi ng screen. Use this screen to configure a custom service entry not is not predefined in the ZyXEL Device.
Chapter 9 Firewall NBG410W3G Series User’s Guide 186 The following table describes the labels in this screen. 9.13 My Service Firewall Rule Example The following Internet firewa ll rule example allows a hypot hetical My Service connection from the Internet.
Chapter 9 Firewall NBG410W3G Series User’s Guide 187 Figure 1 1 1 My Service Firewall Rule Exam ple: Edit Custom Service 3 Click Rule Summary . Select WA N 1 and LAN from the Packet Dir ection drop-down list boxes and click Refresh to display existing firewall rules for the selected direction of travel of packets.
Chapter 9 Firewall NBG410W3G Series User’s Guide 188 Figure 1 13 My Service Firewall Rule Example: Rule Edit: Source and Destination Addresses 8 In the Edit Service section, use the arrows between A vailable Services and Selected Service(s) to configure it as follows.
Chapter 9 Firewall NBG410W3G Series User’s Guide 189 Figure 1 14 My Service Firewall Rule Example: Edit Rule: Service Configuration Rule 1 allows a My Service connection fro m W AN 1 to IP addres ses 10.
Chapter 9 Firewall NBG410W3G Series User’s Guide 190 Figure 1 15 My Service Firewall Rule Exampl e: Rule Summary: Completed.
NBG410W3G Series User’s Guide 191 C HAPTER 10 Authentication Server This chapter discusses how to configure the ZyXEL Device’ s authentication server feature. 10.1 Authentication Server Overview A ZyXEL Device can use either the local user database internal to the ZyXEL Device or an external RADIUS server to auth enticate wireless clients.
Chapter 10 Authen tication Serv er NBG410W3G Series User’s Guide 192 Figure 1 16 SECURITY > AUTH SERVER > Local User Dat a base.
Chapter 10 Authentication Server NBG410W3G Series User’s Guide 193 The following table describes the labels in this screen. 10.3 RADIUS Click SECURITY > AUTH SER VER > RADIUS to open the RADIUS screen. Configure this screen to use an external RA DIUS server to authenticate users.
Chapter 10 Authen tication Serv er NBG410W3G Series User’s Guide 194 Key Enter a password (up to 31 alphanumeri c characters) as the key to be shared between the external authentication server and the ZyXEL Device. The key is not sent over the network .
NBG410W3G Series User’s Guide 195 C HAPTER 11 Certificates This chapter gives background in formation about public-key certificates and explains how to use them. 1 1.1 Certificates Overview The ZyXEL Device can use certificates (also ca lled digital IDs) to authenticate users.
Chapter 11 Certificates NBG410W3G Series User’s Guide 196 Certification authorities maintain directory ser vers with databases of valid and revoked certificates. A directory of certificates that have been revoked before the scheduled exp iration is called a CRL (Certificate Revocation List ).
Chapter 11 Certificates NBG410W3G Series User’s Guide 197 Figure 1 19 Certificate Det ails 4 Use a secure method to verify that the certificate owner ha s the same information in the Thumbprint Algorithm and Thumbprint fields. The secure method may very based on your situation.
Chapter 11 Certificates NBG410W3G Series User’s Guide 198 1 1.5 My Certificates Click SECURITY > CER TIFICA TES > My Certificates to open the My Certificates screen. This is the ZyXEL Device’ s summary lis t of certificates and certification requests.
Chapter 11 Certificates NBG410W3G Series User’s Guide 199 Subject This field displays identi fying informa t ion about the certificate’s owner , such as CN (Common Name), OU (Organiza tional Unit or department), O (Organization or company) and C (Country).
Chapter 11 Certificates NBG410W3G Series User’s Guide 200 1 1.6 My Certificate Det ails Click SECURITY > CER TIFICA TES > My Certificates to open the My Certificates screen (see Figure 121 on page 198 ). Click the details icon to open the My Certificate Details screen.
Chapter 11 Certificates NBG410W3G Series User’s Guide 201 Serial Number T his field displays th e certificate’ s identification number given by the certification authority or generated b y the ZyXEL De vice.
Chapter 11 Certificates NBG410W3G Series User’s Guide 202 1 1.7 My Certificate Export Click SECURITY > CERTIFICA TES > My Certificates and then a ce rtificate’ s export icon to open the My Certificate Export screen.
Chapter 11 Certificates NBG410W3G Series User’s Guide 203 1 1.8 My Certificate Import Click SECURITY > CER TIFICA TES > My Certificates and then Import to open the My Certificate I mport screen. Follow the instructions in this screen to save an existing certificate from a computer to the ZyXEL Device.
Chapter 11 Certificates NBG410W3G Series User’s Guide 204 Figure 124 SECURITY > CERTIFICA TES > My Certificates > Import The following table describes the labels in this screen. When you import a binary PKCS#12 format certificate, another screen displays for y ou to enter the password.
Chapter 11 Certificates NBG410W3G Series User’s Guide 205 1 1.9 My Certificate Create Click SECURITY > CER TIFICA TES > My Certificates > Create to open the My Certificate Cr eate screen.
Chapter 11 Certificates NBG410W3G Series User’s Guide 206 Figure 127 SECURITY > CERTIFICA TES > My Cert ificates > Crea te (Advanced) The following table describes the labels in this screen.
Chapter 11 Certificates NBG410W3G Series User’s Guide 207 Common Name Select a radio button to identify th e certificate’s owner by IP address, domain name or e-mail address. T y pe the IP address (in dotted decimal notation), domain name or e-mail address in the field provide d.
Chapter 11 Certificates NBG410W3G Series User’s Guide 208 Subject Alternative Name Select a radio button to identify the cert ifica te’s owner by IP address, domain name or e-mail address. T y pe the IP address (in dotted decimal notation), domain name or e-mail address in the field provide d.
Chapter 11 Certificates NBG410W3G Series User’s Guide 209 After you click Apply in the My Certificate Create screen, you see a screen that tells you the ZyXEL Device is generating the self-signe d certificate or certification request.
Chapter 11 Certificates NBG410W3G Series User’s Guide 210 Figure 128 SECURITY > CERTIFICA TES > T rusted CAs The following table describes the labels in this screen.
Chapter 11 Certificates NBG410W3G Series User’s Guide 21 1 1 1.1 1 T rusted CA Det ails Click SECURITY > CER TIFICA TES > T rusted CAs to open the T rusted CAs screen.
Chapter 11 Certificates NBG410W3G Series User’s Guide 212 Figure 129 SECURITY > CERTIFICA TES > T rusted CAs > Details The following table describes the labels in this screen. T able 58 SECURITY > CERTIFICA TES > T rusted CAs > Details LABEL DESCRIPTION Name This field displays the id entifying name of this certi ficate.
Chapter 11 Certificates NBG410W3G Series User’s Guide 213 Certification Path Click the Refresh button to have this read-only text box display the end entity’s certificat e and a list of cert ification authority certificat es that shows the hierarchy of certification author ities that validate the end entity’ s certificate.
Chapter 11 Certificates NBG410W3G Series User’s Guide 214 1 1.12 T rusted CA Import Click SECURITY > CER TIFICA TES > T rusted CAs to open the T rusted CAs screen and then click Import to open the T rusted CA Import screen.
Chapter 11 Certificates NBG410W3G Series User’s Guide 215 Figure 130 SECURITY > CERTIFICA TES > T rusted CAs > Import The following table describes the labels in this screen. 1 1.13 T rusted Remote Host s Click SECURITY > CER TIFICA TES > T rusted Remote Hosts to open the T rusted Remote Hosts screen.
Chapter 11 Certificates NBG410W3G Series User’s Guide 216 Figure 131 SECURITY > CERTIFICA TES > Trusted Remote Host s The following table describes the labels in this screen.
Chapter 11 Certificates NBG410W3G Series User’s Guide 217 1 1.14 T rusted Remote Host s Import Click SECURITY > CER TIFICA TES > T rusted Remote Hosts to open the T rusted Remote Hosts screen and then click Import to open the T rusted Remote Host Import screen.
Chapter 11 Certificates NBG410W3G Series User’s Guide 218 1 1.15 T rusted Remote Host Certificate Det ails Click SECURITY > CER TIFICA TES > T rusted Remote Hosts to open the T rusted Remote Hosts screen. Click the details icon to open the T rusted Remote Host Details screen.
Chapter 11 Certificates NBG410W3G Series User’s Guide 219 The following table describes the labels in this screen. T able 62 SECURITY > CERTIFICA TES > T rusted Remote Hosts > Details LABEL DESCRIPTION Name This field displays the identi fying name of this certificate .
Chapter 11 Certificates NBG410W3G Series User’s Guide 220 1 1.16 Directory Servers Click SECURITY > CER TIFICA TES > Dire c tory Servers to open the Dir ec tory Servers screen. This screen displays a summary list of di rectory servers (that contain lists of valid and revoked certificates) that have bee n saved into the ZyXEL Device.
Chapter 11 Certificates NBG410W3G Series User’s Guide 221 The following table describes the labels in this screen. 1 1.17 Directory Server Add or Edit Click SECURITY > CER TIFICA TES > Directory Servers to open the Directory Servers screen. Click Add (or the details icon) to open the Directory Server Add screen.
Chapter 11 Certificates NBG410W3G Series User’s Guide 222 Access Protocol Use the drop-down list box to se lect the access protocol used by the directory server . LDAP (Lightweight Directory Access Prot ocol) is a protocol over TCP that specifies how clients access directories o f certificates and lists of revoked certificates.
223 P ART V Advanced Network Address T ranslation (NA T) (225) S tatic Route (243) DNS (247) Remote Management (259) UPnP (281) Custom Application (291) ALG Screen (293).
224.
NBG410W3G Series User’s Guide 225 C HAPTER 12 Network Address Translation (NAT) This chapter discusses how to configure NA T on the ZyXEL Device. 12.1 NA T Overview NA T (Network Address Translation - NA T , RFC 1631) is the translation of the IP address of a host in a packet.
Chapter 12 Network Addr ess Translation (NAT) NBG410W3G Series User’s Guide 226 " NA T never changes the IP address (e ither local or global) of an out side host.
Chapter 12 N etwork A ddress Trans lation (NAT ) NBG410W3G Series User’s Guide 227 Figure 136 How NA T Works 12.1.4 NA T Application The following figure illustrates a possible NA T application, wher e three inside LANs (logical LANs using IP Alias) behind the ZyXEL Devi ce can communicate with three distinct W AN networks.
Chapter 12 Network Addr ess Translation (NAT) NBG410W3G Series User’s Guide 228 Figure 137 NA T Application With IP Alias 12.1.5 Port Restricted Cone NA T ZyXEL Device ZyNOS version 4.
Chapter 12 N etwork A ddress Trans lation (NAT ) NBG410W3G Series User’s Guide 229 Figure 138 Port Restricted Cone NA T Example 12.1.6 NA T Mapping T ypes NA T supports five types of IP/port mapping. They are: • One to One : In One-to-One mode, the ZyXEL Devi ce maps one local IP address to one global IP address.
Chapter 12 Network Addr ess Translation (NAT) NBG410W3G Series User’s Guide 230 The following table summarizes the NA T mapping types. 12.2 Using NA T " Y ou must create a firewall rule in addi tion to setting up SUA/NA T , to allow traffic from the W AN to be forw arded through the ZyXEL Device.
Chapter 12 N etwork A ddress Trans lation (NAT ) NBG410W3G Series User’s Guide 231 Figure 139 ADV ANCED > NA T > NA T Overview The following table describes the labels in this screen. T able 67 ADVANCED > NAT > NAT Overview LABEL DESCRIPTION Global Settings Max.
Chapter 12 Network Addr ess Translation (NAT) NBG410W3G Series User’s Guide 232 12.4 NA T Address Mapping Click ADV ANCED > NA T > Address Mapping to open the following screen.
Chapter 12 N etwork A ddress Trans lation (NAT ) NBG410W3G Series User’s Guide 233 Figure 140 ADV ANCED > NA T > Address Mapping The following table describes the labels in this screen.
Chapter 12 Network Addr ess Translation (NAT) NBG410W3G Series User’s Guide 234 12.4.2 NA T Address Mapping Edit Click the edit icon to display the NA T Address Mapping Edit screen. Use this screen to edit an address mapping rule. See Section 12.1 on page 225 for information on NA T and address mapping.
Chapter 12 N etwork A ddress Trans lation (NAT ) NBG410W3G Series User’s Guide 235 The following table describes the labels in this screen. 12.5 Port Forwarding A port forwarding set is a list of in.
Chapter 12 Network Addr ess Translation (NAT) NBG410W3G Series User’s Guide 236 " If you do not assign a Default Server IP address, the Zy XEL Device discards all packet s received for ports that are not specified here or in the remote management setup.
Chapter 12 N etwork A ddress Trans lation (NAT ) NBG410W3G Series User’s Guide 237 Figure 142 Multiple Servers Behind NA T Example 12.5.4 NA T and Multiple W A N The ZyXEL Device has two W AN interfaces.
Chapter 12 Network Addr ess Translation (NAT) NBG410W3G Series User’s Guide 238 Figure 143 Port T ranslation Example 12.6 Port Forwarding Screen Click ADV ANCED > NA T > Port Forwarding to open the Port Forwarding screen.
Chapter 12 N etwork A ddress Trans lation (NAT ) NBG410W3G Series User’s Guide 239 Figure 144 ADV ANCED > NA T > Port Forwarding The following table describes the labels in this screen.
Chapter 12 Network Addr ess Translation (NAT) NBG410W3G Series User’s Guide 240 12.7 Port T riggering Some services use a dedicated range of ports on the client side and a dedica ted range of ports on the server side.
Chapter 12 N etwork A ddress Trans lation (NAT ) NBG410W3G Series User’s Guide 241 Figure 146 ADV ANCED > NA T > Port T riggering The following table describes the labels in this screen.
Chapter 12 Network Addr ess Translation (NAT) NBG410W3G Series User’s Guide 242.
NBG410W3G Series User’s Guide 243 C HAPTER 13 Static Route This chapter shows you how to configure static routes for your ZyXEL Device. 13.1 IP S t atic Route The ZyXEL Device usually uses th e default gateway to route outbound traf fic from local computers to the Internet.
Chapter 13 Static Rou te NBG410W3G Series User’s Guide 244 13.2 IP S t atic Route Click ADV ANCED > ST A TIC ROUTE to op en the IP S tatic Route screen. The first two static route entries are for de fa ult W AN 1 and W AN 2 routes on a ZyXEL Device with multiple W AN interfaces.
Chapter 13 Static Route NBG410W3G Series User’s Guide 245 The following table describes the labels in this screen. 13.2.1 IP St atic Route Edit Click the edit icon in the IP S tatic Route screen. The screen shown next appears. Use this screen to configure the required information for a static route.
Chapter 13 Static Rou te NBG410W3G Series User’s Guide 246 Gateway IP Address Enter the IP address of the g ateway . The gateway is a route r or switch on the same network segment as the device's LAN or WA N port. The gateway helps forward packets to their destinations.
NBG410W3G Series User’s Guide 247 C HAPTER 14 DNS This chapter shows you how to configure the DNS screens. 14.1 DNS Overview DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa.
Chapter 14 DNS NBG410W3G Series User’s Guide 248 14.4 Address Record An address record contains the mapping of a fu lly qualified domain na me (FQDN) to an IP address. An FQDN consists of a hos t and doma in name and includes the top-level domain. For example, www .
Chapter 14 DNS NBG410W3G Series User’s Guide 249 Figure 150 ADV ANCED > DNS > System DNS The following table describes the labels in this screen. LABEL DESCRIPTION Address Record An address record specifies the mapping of a fully qual ified domain name (FQDN) to an IP address.
Chapter 14 DNS NBG410W3G Series User’s Guide 250 14.6.1 Adding an Address Record Click Add in the System screen to open this screen. Use th is screen to add an address record. An address record contains the mapping of a fu lly qualified domain na me (FQDN) to an IP address.
Chapter 14 DNS NBG410W3G Series User’s Guide 251 The following table describes the labels in this screen. 14.6.2 Inserting a Name Server Record Click Inser t in the System screen to open this screen. Use this screen to insert a name server record. A name server record contains a DNS se rver ’ s IP ad dress.
Chapter 14 DNS NBG410W3G Series User’s Guide 252 The following table describes the labels in this screen. 14.7 DNS Cache DNS cache is the temporary storage area where a router stores responses from DNS servers. When the ZyXEL Device re ceives a positive or negative res ponse for a DNS query , it records the response in the DNS cache.
Chapter 14 DNS NBG410W3G Series User’s Guide 253 Figure 153 ADV ANCED > DNS > Cache The following table describes the labels in this screen. LABEL DESCRIPTION DNS Cache Setup Cache Positive DNS Resolutions Select the check box to record the positive DNS resolutions in the cache.
Chapter 14 DNS NBG410W3G Series User’s Guide 254 14.9 Configuring DNS DHCP Click ADV ANCED > DNS > DHCP to open the DNS DHCP screen shown next. Use this screen to configure the DNS server information that the ZyXEL Device sends to its LAN or DMZ DHCP clients.
Chapter 14 DNS NBG410W3G Series User’s Guide 255 14.10 Dynamic DNS Dynamic DNS allows you to update your curre nt dynamic IP address with one or many dynamic DNS services so that anyone can c ont act you (in NetMeeting, CU-SeeMe, etc.
Chapter 14 DNS NBG410W3G Series User’s Guide 256 " If you have a private W A N IP address, then you cannot use Dynamic DNS. 14.10.2 High A vailability A DNS server maps a domain name to a port's IP address.
Chapter 14 DNS NBG410W3G Series User’s Guide 257 Username Enter your user name. Y ou can use up to 31 alphanumeric characte rs (and the underscore). S paces are not allowed. Password Enter the password associated with the user name above . Y ou can use up to 31 alphanumeric characters (and the un derscore).
Chapter 14 DNS NBG410W3G Series User’s Guide 258.
NBG410W3G Series User’s Guide 259 C HAPTER 15 Remote Management This chapter provides information on the Remote Management screens. 15.1 Remote Management Overview Remote management allows you to determ ine which services/protocols can access which ZyXEL Device interface (if any) from which computers.
Chapter 15 Remo te Management NBG410W3G Series User’s Guide 260 3 Te l n e t 4 HTTPS and HTTP 15.1.1 Remote Management Limit ations Remote management do es not work when: 1 Y ou have not enabled that service on th e interface in the corresponding remote management screen.
Chapter 15 Remote Manag ement NBG410W3G Series User’s Guide 261 2 HTTP connection requests from a web browser go to port 80 (by defa ult) on the ZyXEL Device’ s WS (web server). Figure 157 HTTPS Implement ation " If you disable the HTTP service in the REMOTE MGMT > WWW screen, then the ZyXEL Device blocks all HTTP c onnection attempts.
Chapter 15 Remo te Management NBG410W3G Series User’s Guide 262 Figure 158 ADV ANCED > REMOTE MGMT > WWW The following table describes the labels in this screen. T able 76 ADVANCED > REMOTE MGMT > WWW LABEL DESCRIPTION HTTPS Serve r Certifica te Select the Server Certificate that the ZyXEL Device will use to identify itself.
Chapter 15 Remote Manag ement NBG410W3G Series User’s Guide 263 15.4 HTTPS Example If you haven’t changed the default HTTPS port on the ZyXEL Device, then in your browser enter “https://ZyXEL De.
Chapter 15 Remo te Management NBG410W3G Series User’s Guide 264 If Accept this certificate temporarily for this session is selected, then click OK to continue in Netscape. Select Accept this certificate permanently to import the ZyXEL Devi ce’ s certificate into the SSL client.
Chapter 15 Remote Manag ement NBG410W3G Series User’s Guide 265 • The actual IP address of the HTTPS server (the IP address of the ZyXEL Device’ s port that you are trying to access) does not matc h the common name specified in the ZyXEL Device’ s HTTPS server certificate that your brow ser received.
Chapter 15 Remo te Management NBG410W3G Series User’s Guide 266 Figure 163 Replace Certificate Click Apply in the Replace Certificate scre en to create a certificate using your ZyXEL Device’ s MAC address that will be specific to this device. Click CERTIFICA TES to open the My Certificates screen.
Chapter 15 Remote Manag ement NBG410W3G Series User’s Guide 267 Figure 165 Common ZyXEL Device Certificate 15.5 SSH Y ou can use SSH (Secure SHell) to secure ly access the ZyXEL Device’ s command line interface. Specify which interfaces allow SS H acces s and from which IP address the access can come.
Chapter 15 Remo te Management NBG410W3G Series User’s Guide 268 Figure 167 How SSH Works 1 Host Identification The SSH client s ends a connection reque s t to the SSH server .
Chapter 15 Remote Manag ement NBG410W3G Series User’s Guide 269 15.8 Configuring SSH Click ADV ANCED > REMOTE MGMT > SSH to change yo ur ZyXEL Device’ s Secure Shell settings. " It is recommended that y ou disable T elnet and FTP when you configure SSH for secure connections.
Chapter 15 Remo te Management NBG410W3G Series User’s Guide 270 15.9 Secure T elnet Using SSH Exampl es This section shows two examples using a comm and interface and a graphical interface SSH client program to remotely a ccess the ZyXEL Device. The configuration and connection steps are similar for most SSH client programs.
Chapter 15 Remote Manag ement NBG410W3G Series User’s Guide 271 2 Enter “ ssh –1 192.168.1.1 ”. This command forces your computer to connect to the ZyXEL Device using SSH version 1. If this is the first time you are connecting to the ZyXEL Device using SSH, a message displa ys prompting you to save the host information of the ZyXEL Device.
Chapter 15 Remo te Management NBG410W3G Series User’s Guide 272 Figure 172 Secure FTP: Firmware Upload Example 15.1 1 T elnet Y ou can use T elnet to access the ZyXEL De vice’ s command line inte rfa ce. Specify which interfaces allow T elnet access and fro m which IP address the access can come .
Chapter 15 Remote Manag ement NBG410W3G Series User’s Guide 273 The following table describes the labels in this screen. 15.13 FTP Y ou can use FTP (File T ransfer Protocol) to upload and download t.
Chapter 15 Remo te Management NBG410W3G Series User’s Guide 274 The following table describes the labels in this screen. 15.14 SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP pro tocol suite.
Chapter 15 Remote Manag ement NBG410W3G Series User’s Guide 275 Figure 175 SNMP Managemen t Model An SNMP managed network consis ts of two main types of comp onent: agen ts and a manager . An agent is a management software module that resi des in a managed device (the ZyXEL Device).
Chapter 15 Remo te Management NBG410W3G Series User’s Guide 276 15.14.2 SNMP T rap s The ZyXEL Device will send traps to the SNMP manager when any on e of the following events occurs: 15.14.3 REMOTE MANAGEMENT : SNMP T o change your ZyXEL Device’ s SNMP settings, click ADV ANCED > REMOTE MGMT > SNMP .
Chapter 15 Remote Manag ement NBG410W3G Series User’s Guide 277 The following table describes the labels in this screen. 15.15 DNS Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. Refer to Chapter 6 on page 1 11 for more information.
Chapter 15 Remo te Management NBG410W3G Series User’s Guide 278 The following table describes the labels in this screen. 15.16 Introducing V ant age CNM V antage CNM (Centralized Network Management).
Chapter 15 Remote Manag ement NBG410W3G Series User’s Guide 279 Figure 178 ADV ANCED > REMOTE MGMT > CNM The following table describes the labels in this screen.
Chapter 15 Remo te Management NBG410W3G Series User’s Guide 280 15.17.1 Additional Configuration for V ant age CNM If you have NA T router s or firewalls between the ZyXEL Devi ce and the V antage CNM server , you must configure them to forward TCP ports 8080 (HTTP), 443 (HTTPS) and 20 and 21 (FTP).
NBG410W3G Series User’s Guide 281 C HAPTER 16 UPnP This chapter introduces the Universal Plug and Play feature. 16.1 Universal Plug and Play Overview Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectiv ity between devices.
Chapter 16 UPnP NBG410W3G Series User’s Guide 282 All UPnP-enabled devices may communicate freely with eac h other without additional configuration. Disable UPnP if this is not your intention. 16.1.4 UPnP and ZyXEL ZyXEL has achieved UPnP certification from th e Universal Plug and Play Forum UPnP™ Implementers Corp.
Chapter 16 UPnP NBG410W3G Series User’s Guide 283 16.3 Displaying UPnP Port Mapping Click ADV ANCED > UPnP > Ports to display the UPnP Ports sc reen. Use this screen to view the NA T port mapping rules that UPnP creates on the ZyXEL Device. Figure 180 ADV ANCED > UPnP > Ports The following table describes the labels in this screen.
Chapter 16 UPnP NBG410W3G Series User’s Guide 284 16.4 Inst alling UPnP in Windows Example This section shows ho w to install UPnP in W indows Me and W indows XP .
Chapter 16 UPnP NBG410W3G Series User’s Guide 285 16.4.1 Inst alling UPnP in Windows Me Follow the steps below to in stall UPnP in Wi ndows Me. 1 Click St a r t , Settings and Co ntrol Panel . Double-click Add/Remove Programs . 2 Click on the Win d o ws S et u p tab and select Communication in the Components selection box.
Chapter 16 UPnP NBG410W3G Series User’s Guide 286 16.4.2 Inst alling UPnP in Windows XP Follow the steps below to install UPnP in W indows XP . 16.5 Using UPnP in Windows XP Example This section shows yo u how to use the UPnP feature in W indows XP .
Chapter 16 UPnP NBG410W3G Series User’s Guide 287 16.5.1 Auto-discover Y our UPnP-enabled Network Device 1 Click St a r t and Contr ol Panel . Double-click Network Connections . An icon disp lays under Inte rnet Gateway . 2 Right-click the icon and select Properties .
Chapter 16 UPnP NBG410W3G Series User’s Guide 288 " When the UPnP-enabled device is disconn ected from your computer , all port mappings will be delet ed automatically .
Chapter 16 UPnP NBG410W3G Series User’s Guide 289 Follow the steps below to access the web configurator . 1 Click St a r t and then Contr ol Panel . 2 Double-click Network Connections . 3 Select My Network Places under Other Places . 4 An icon with the d escription for each UPnP-enabled device displays under Local Network .
Chapter 16 UPnP NBG410W3G Series User’s Guide 290 6 Right-click the icon for your ZyXEL device and select Properties . A properties window displays with basic information about the ZyXEL device.
NBG410W3G Series User’s Guide 291 C HAPTER 17 Custom Application This chapter covers how to set the ZyXEL De vice’ s to monitor custom port numbers for specific applications. 17.1 Custom Application Use custom application to have the ZyXEL Device’ s ALG feature monitor traffic on custom ports, in addition to the default ports.
Chapter 17 Custom Application NBG410W3G Series User’s Guide 292 Figure 181 ADV ANCED > Custom APP The following table describes the labels in this screen. T able 86 ADV ANCED > Custom AP P LABEL DESCRIPTION Applic ation Select the application for which you want the ZyXEL Devi ce to monitor specific ports.
NBG410W3G Series User’s Guide 293 C HAPTER 18 ALG Screen This chapter co vers how to use the ZyXEL Dev ice ’ s ALG feature to allow certain applications to pass through the ZyXEL Device. 18.1 ALG Introduction An Application Layer Gateway (ALG) manages a specific protocol (such as SIP , H.
Chapter 18 ALG Screen NBG410W3G Series User’s Guide 294 18.1.3 ALG and Multiple W AN When the ZyXEL Device has two W AN interfaces and uses the second highest priority W AN interfaces as a back up, traffic cannot pass through when the primar y W AN connection fails.
Chapter 18 ALG Scr een NBG410W3G Series User’s Guide 295 Figure 182 H.323 ALG Examp le • W ith multiple W A N IP addresses on the ZyXEL Device, you can configure different firewall and port forwarding rules to allo w incoming calls from each W AN IP address to go to a specific IP address on the LAN or DMZ.
Chapter 18 ALG Screen NBG410W3G Series User’s Guide 296 18.5.2 SIP ALG Det ails • SIP clients can be connected to the LAN or DMZ. A SIP server must be on the W AN. • Y ou can make and receive calls between the LAN and the W AN, between the DMZ and the W AN.
Chapter 18 ALG Scr een NBG410W3G Series User’s Guide 297 Figure 185 ADV ANCED > ALG The following table describes the labels in this screen. T able 87 ADV ANCED > ALG LABEL DESCRIPTION Enable FT P ALG Select this check box to allow FTP sessions to pass through th e ZyXEL Device.
Chapter 18 ALG Screen NBG410W3G Series User’s Guide 298.
299 P ART VI Logs and Maintenance Logs Screens (301) Maintenance (325).
300.
NBG410W3G Series User’s Guide 301 C HAPTER 19 Logs Screens This chapter contains inform ation about configuring genera l log settings and viewing the ZyXEL Device’ s logs. Refer to Section 19.5 on page 312 for exa mple log message explanations. 19.
Chapter 19 Logs Scre ens NBG410W3G Series User’s Guide 302 The following table describes the labels in this screen. 19.2 Log Description Example The following is an example of how a log di splays in the command line interpreter and a description of the sample log.
Chapter 1 9 Logs Scre ens NBG410W3G Series User’s Guide 303 19.2.1 About the Cert ificate Not T rusted Log myZyXEL.com and the update server use cer tificates signed by V eriSign to identify themselves.
Chapter 19 Logs Scre ens NBG410W3G Series User’s Guide 304 Figure 188 myZyXEL.com: Certificate Download 19.3 Configuring Log Settings T o change your ZyXEL De vice’ s log settings, click LOGS > Log Settings .
Chapter 1 9 Logs Scre ens NBG410W3G Series User’s Guide 305 Figure 189 LOGS > Log Settings.
Chapter 19 Logs Scre ens NBG410W3G Series User’s Guide 306 The following table describes the labels in this screen. T able 90 LOGS > Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below .
Chapter 1 9 Logs Scre ens NBG410W3G Series User’s Guide 307 19.4 Configuring Report s The Reports screen displays which computers on th e LAN or DMZ send and receive the most traffic, what kinds of traf fic are used the most and which web sites are visited the most often.
Chapter 19 Logs Scre ens NBG410W3G Series User’s Guide 308 Figure 190 LOGS > Report s " Enabling the ZyXEL Device ’s reporting function decreases the overall throughput by about 1 Mbps. The following table describes the labels in this screen.
Chapter 1 9 Logs Scre ens NBG410W3G Series User’s Guide 309 " All of the recorded reports dat a is erased when you tu rn off the ZyXEL Device. 19.
Chapter 19 Logs Scre ens NBG410W3G Series User’s Guide 310 " Computers take turns using dynamical ly assigned LAN or DMZ IP addresses. The ZyXEL Device continues recording th e bytes sent to or from a LAN or DMZ IP address when it is assi gned to a different computer .
Chapter 1 9 Logs Scre ens NBG410W3G Series User’s Guide 31 1 Figure 193 LOGS > Reports: Pro tocol/Por t Example The following table describes the labels in this screen.
Chapter 19 Logs Scre ens NBG410W3G Series User’s Guide 312 19.4.4 System Report s Specifications The following table lists detailed specifications on the reports feature. 19.5 Log Descriptions This section provides descriptio ns of example log messages.
Chapter 1 9 Logs Scre ens NBG410W3G Series User’s Guide 313 Connect to Daytime server fail The router was n ot able to connect to the Daytime server . Connect to Time server fail The router was not ab le to connect to the T ime server . Connect to NTP server fail The router wa s not able to co nnect to the NTP se rver .
Chapter 19 Logs Scre ens NBG410W3G Series User’s Guide 314 T able 98 Access Contro l Logs LOG MESSAGE DESCRIPTION Firewall default policy: [ TCP | UDP | IGMP | ESP | GRE | OSPF ] <Packet Directio.
Chapter 1 9 Logs Scre ens NBG410W3G Series User’s Guide 315 F or type and code details, see T able 1 10 on page 321 . Exceed MAX incomplete, sent TCP RST The router sent a TCP reset packet when the nu mber of incomplete connections (TCP and UDP) exceeded the user- configured threshold.
Chapter 19 Logs Scre ens NBG410W3G Series User’s Guide 316 Remote Management: HTTPS denied Attempted use of H TTPS service was blocked according to remo te management settings. Remote Management: SSH denied Attempted us e of SSH service was block ed according to remote management settings.
Chapter 1 9 Logs Scre ens NBG410W3G Series User’s Guide 317 For type and code details, see T able 1 10 on page 321 . T able 106 Attack Logs LOG MESSAGE DESCRIPTION attack [ TCP | UDP | IGMP | ESP | GRE | OSPF ] The firewall detected a TCP/ UDP/IGMP/ESP/GR E/OSPF attack.
Chapter 19 Logs Scre ens NBG410W3G Series User’s Guide 318 IP address in FTP port command is different from the client IP address. It maybe a bounce attack. The IP address in an FTP port command is different from the client IP address. It may be a bounce attack.
Chapter 1 9 Logs Scre ens NBG410W3G Series User’s Guide 319 Warning: (%ESN% or %IMSI%) Over data budget! (budget =%CONFIGURED_BUDGET%(2 decimals Mbytes, used = %USED_VOLUME%(2 decimals) Mbytes). This shows that the preconfigured d ata limit was exceeded .
Chapter 19 Logs Scre ens NBG410W3G Series User’s Guide 320 Failed to decode the received ARL The router received a corrupted ARL (Autho rity Revocation List) from the LDAP server wh ose address and port are recorded in the Source field.
Chapter 1 9 Logs Scre ens NBG410W3G Series User’s Guide 321 27 Path was not verified. 28 Maximum path length reached. T able 109 ACL Setting Notes P ACKET DIRECTION DIRECT ION DESCRIPTION (L to W) LAN to W AN ACL set for packets traveling from the LAN to the W AN.
Chapter 19 Logs Scre ens NBG410W3G Series User’s Guide 322 0 Echo mess age 11 T ime Exceeded 0 T ime to live exceeded in transit 1 Fragment reassembly time exceeded 12 Parameter Problem 0 Pointer in.
Chapter 1 9 Logs Scre ens NBG410W3G Series User’s Guide 323 19.6 Syslog Logs There are two types of syslog: event logs and traffic logs. The device generates an event log when a system event occurs, for example, when a user logs in or the device is under attack.
Chapter 19 Logs Scre ens NBG410W3G Series User’s Guide 324 The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC for detailed information on each type.
NBG410W3G Series User’s Guide 325 C HAPTER 20 Maintenance This chapter displays informat ion on the maintenance screens. 20.1 Maintenance Overview The maintenanc e screens can help you view system informa tio n, upload new firmware, manage configuratio n and restart your ZyXEL Device.
Chapter 20 Maintenance NBG410W3G Series User’s Guide 326 Figure 194 MAINTENANCE > General Setup The following table describes the labels in this screen. 20.3 Configuring Password Click MAINTENANCE > Password to open the following scre en. Use this screen to change the ZyXEL Device’ s management pas sword.
Chapter 20 Maintenance NBG410W3G Series User’s Guide 327 Figure 195 MAINTENANCE > Password The following table describes the labels in this screen.
Chapter 20 Maintenance NBG410W3G Series User’s Guide 328 Figure 196 MAINTENANCE > T ime and Date The following table describes the labels in this screen. T able 1 15 MAINTENANCE > T ime and Date LABEL DESCRIPTION Current T ime and Date Current T ime T his field displays the ZyXEL Device ’s present time.
Chapter 20 Maintenance NBG410W3G Series User’s Guide 329 T ime Protocol Select the time service protocol that your time server uses. Not all time servers support all protocols, so you may ha ve to check with your ISP/network administrator or use trial and error to find a protocol that works.
Chapter 20 Maintenance NBG410W3G Series User’s Guide 330 20.5 Pre-defined NTP T ime Server Pools When you turn on the ZyXEL De vice for the first time, the date and time start at 2000-01-01 00:00:00. The ZyXEL Device then attempts to synchronize with an N TP time server from one of the 0.
Chapter 20 Maintenance NBG410W3G Series User’s Guide 331 Figure 198 Synchronization is Successful If the update was not successful, the following screen appears. Click Return to go back to the Tim e an d Da t e screen. Figure 199 Synchronization Fail 20.
Chapter 20 Maintenance NBG410W3G Series User’s Guide 332 Figure 200 MAINTENANCE > Firmware Upload The following table describes the labels in this screen. 1 Do not turn off the ZyXEL Device wh ile firmware uploa d is in progress! After you see the Firmware Upload in Pr ocess screen, wait two minutes before logging into the ZyXEL Device again.
Chapter 20 Maintenance NBG410W3G Series User’s Guide 333 Figure 202 Network T emporarily Disconnected After two minutes, log in again an d check your new firmware version in the HOME screen. If the upload was not successful, the following screen will appear .
Chapter 20 Maintenance NBG410W3G Series User’s Guide 334 Figure 204 MAINTENANCE > Backup and Restore 20.7.1 Backup Configuration Backup configuration allows you to b ack up (save) the ZyXEL Device’ s current configuration to a file on your co mputer .
Chapter 20 Maintenance NBG410W3G Series User’s Guide 335 After you see a “restore configuration successf ul” scree n, you must then wait one minute before logging into th e ZyXEL Device again. Figure 205 Configuration Upload Successfu l The ZyXEL Device automatically restarts in this time causing a temporary network disconnect.
Chapter 20 Maintenance NBG410W3G Series User’s Guide 336 Figure 208 Reset W arning Message Y ou can also press the hardware RESET button to reset the factor y defaults of your ZyXEL Device. Refer to Section 2.3 on page 45 for more information on the RESET button.
337 P ART VII T roubleshooting and S pecifications T roubleshooting (339) Product Specification s (345).
338.
NBG410W3G Series User’s Guide 339 C HAPTER 21 Troubleshooting This chapter offers some sugg estions to solve problems you might encounter . The potential problems are divided into the following categories. • Power , Hardware Connections, and LEDs • ZyXEL Device Access and Login • Internet Access • 3G Connection 21.
Chapter 21 Trou bleshooting NBG410W3G Series User’s Guide 340 21.2 ZyXEL Device Access and Login V I forgot the LAN IP addre ss for the ZyXEL Device. 1 The default LAN IP address is 192.168.1.1 . 2 Use the console port to lo g in to the ZyXEL Device.
Chapter 21 Trou bleshooting NBG410W3G Series User’s Guide 341 • If there is a DHCP server on your netwo r k, make sure your computer is u sing a dynamic IP address.
Chapter 21 Trou bleshooting NBG410W3G Series User’s Guide 342 V I cannot use FTP to upload / download the configuratio n file. / I cannot use FTP to upload new firmware. See the troubleshooting suggestions for I cannot see or access the Login screen in the web configurator .
Chapter 21 Trou bleshooting NBG410W3G Series User’s Guide 343 1 Check the hardware connections , and make su re the LEDs are be having as expected. See the Quick S tart Guide and Section 1.5.1 on p age 39 . 2 If you use PPPoA or PPPoE encapsulation, chec k the idle time-out setting.
Chapter 21 Trou bleshooting NBG410W3G Series User’s Guide 344 V The 3G SIGNAL STRENG TH LED shows the 3G si gnal is weak or not available. • Check that your 3G service provider has coverage in your area. • Check that in the 3G (W AN2) screen you have selecte d the correct 3G service for your area.
NBG410W3G Series User’s Guide 345 C HAPTER 22 Product Specifications This chapter gives details about your ZyX EL Device’ s hardware and firmware features. 22.1 General ZyXEL Device S pecifications The following tables summarize the ZyXEL De vice’ s hardware and firmware features.
Chapter 22 Product Specifications NBG410W3G Series User’s Guide 346 T able 120 Firmware Specifications FEATURE DESCRIPTION Default IP Address 192.168 .1.1 Default Subnet Mask 255.255 .255.0 (24 bits) Default Password 1234 Default DHCP Pool 1 92.168.
Chapter 22 Product Specifications NBG410W3G Series User’s Guide 347 22.2 W a ll-mounting Instructions Complete the following step s to hang your ZyXEL Device on a wall. " See T able 1 19 on page 345 for the size of screws to use and how far ap art to place them.
Chapter 22 Product Specifications NBG410W3G Series User’s Guide 348 1 Be careful to avoid damaging pipes or cables located in side the wall when drilling holes for the screws. 3 Do not insert the screws all the way into th e wall. Leave a small gap of about 0.
Chapter 22 Product Specifications NBG410W3G Series User’s Guide 349 22.3 Power Adaptor Sp ecifications NORTH AMERICAN PLUG ST ANDARDS AC POWER ADAPT OR MODEL PSA18R-120P (ZA)-R INPUT POWER 100-240V AC, 50/60HZ, 0.5A OUTPUT POWER 12VDC, 1.5A POWER CONSUMPTION 18 W MAX.
Chapter 22 Product Specifications NBG410W3G Series User’s Guide 350.
351 P ART VIII Appendices and Index " The appendices provide general informatio n. Some details may not apply to your ZyXEL Device. Pop-up W indows, JavaScripts and Java Permissions (353) Setting.
352.
NBG410W3G Series User’s Guide 353 A PPENDIX A Pop-up Windows, JavaScript s and Java Permissions In order to use the web configurator you need to allow: • W eb browser pop-u p windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default).
Appendix A Po p-up Wind ows, JavaS cripts and Ja va Permission s NBG410W3G Series User’s Guide 354 2 Clear the Block pop-ups check box in the Pop-up Block e r section of the screen. This disables any web po p-up blockers you may have ena bled. Figure 213 Internet Options: Privacy 3 Click Apply to save this setting.
Appendix A Pop-u p Windows, JavaScripts and Java Permissio ns NBG410W3G Series User’s Guide 355 Figure 214 Internet Options: Privacy 3 T ype the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”.
Appendix A Po p-up Wind ows, JavaS cripts and Ja va Permission s NBG410W3G Series User’s Guide 356 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScript s If pages of the web configura tor do not display properly in Internet Explorer, check that JavaScripts are allowed.
Appendix A Pop-u p Windows, JavaScripts and Java Permissio ns NBG410W3G Series User’s Guide 357 Figure 217 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer , click To o l s , Internet Options and then the Security tab. 2 Click the Custom Level.
Appendix A Po p-up Wind ows, JavaS cripts and Ja va Permission s NBG410W3G Series User’s Guide 358 JA V A (Sun) 1 From Internet Explorer , click To o l s , Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is sele cted.
Appendix A Pop-u p Windows, JavaScripts and Java Permissio ns NBG410W3G Series User’s Guide 359 Figure 220 Mozilla Firefox: T ools > Options Click Content .
Appendix A Po p-up Wind ows, JavaS cripts and Ja va Permission s NBG410W3G Series User’s Guide 360.
NBG410W3G Series User’s Guide 361 A PPENDIX B Setting up Y our Computer ’ s IP Address All computers must have a 10M or 100M Et hernet adapter card and TCP/IP installed.
Appendix B Setting up Your Computer’s IP Address NBG410W3G Series User’s Guide 362 Figure 222 WIndows 95/98 /Me: Networ k: Configura tion Inst alling Components The Network window Configuration tab displays a list of installed components. Y ou need a network adapter , the TCP/IP protocol and Client for Microso ft Networks.
Appendix B Setting up Your Computer’s IP Address NBG410W3G Series User’s Guide 363 Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • If your IP address is dynamic, select Obtain an IP address automatically .
Appendix B Setting up Your Computer’s IP Address NBG410W3G Series User’s Guide 364 Figure 224 Windows 95/98/Me : TCP/IP Pr operties: DNS Configuration 4 Click the Gateway tab. • If you do not know you r gateway’ s IP addr ess, remove previously installed gateways.
Appendix B Setting up Your Computer’s IP Address NBG410W3G Series User’s Guide 365 Figure 225 Windows XP: S tart Menu 2 In the Control Panel , double-click Network Connections ( Network and Dial-up Connections in W indow s 2000/NT). Figure 226 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Pr operties .
Appendix B Setting up Your Computer’s IP Address NBG410W3G Series User’s Guide 366 Figure 227 Windows XP: Control Panel: Network Connections: Pro perties 4 Select Internet Protocol (TCP/IP) (under the Genera l tab in W in XP) and then click Properties .
Appendix B Setting up Your Computer’s IP Address NBG410W3G Series User’s Guide 367 Figure 229 Windows XP: Internet Protocol (TCP/IP) Propert ies 6 If you do not know your gateway's IP ad dress, remove any previously installed gateways in the IP Settings tab and click OK .
Appendix B Setting up Your Computer’s IP Address NBG410W3G Series User’s Guide 368 Figure 230 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Pr operties window (the General tab in W indow s XP): • Click Obtain DNS server address automatically if yo u do not know your DNS server IP address(es).
Appendix B Setting up Your Computer’s IP Address NBG410W3G Series User’s Guide 369 Figure 231 Windows XP: Internet Protocol (TCP/IP) Propert ies 8 Click OK to close the Internet Protocol (TCP/IP) Properties window . 9 Click Close ( OK in W i ndows 2000/NT) to close the Local Area Connection Properties window .
Appendix B Setting up Your Computer’s IP Address NBG410W3G Series User’s Guide 370 Figure 232 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 233 Macintosh O S 8/9: TC P/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list.
Appendix B Setting up Your Computer’s IP Address NBG410W3G Series User’s Guide 371 • T ype your IP address in the IP Address box. • T ype your subnet mask in the Subnet mask box. • T ype the IP address of your ZyXEL Device in the Router address box.
Appendix B Setting up Your Computer’s IP Address NBG410W3G Series User’s Guide 372 Figure 235 Macintosh O S X: Netw ork 4 For statically assigned settings, do the following: •F r o m t h e Configure box, select Manually . • T ype your IP address in the IP Address box.
Appendix B Setting up Your Computer’s IP Address NBG410W3G Series User’s Guide 373 " Make sure you are logged in as the root administrator . Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE.
Appendix B Setting up Your Computer’s IP Address NBG410W3G Series User’s Guide 374 • If you have a dyna mic IP address, clic k Automatically obtain IP address settings with and select dhcp from the drop down list.
Appendix B Setting up Your Computer’s IP Address NBG410W3G Series User’s Guide 375 Figure 240 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 • If you have a static IP address, enter static in t he BOOTPROTO= field. T ype IPADDR = followed by the IP address (in do tted decimal notation) and type NETMASK = followed by the subnet mask.
Appendix B Setting up Your Computer’s IP Address NBG410W3G Series User’s Guide 376 V erifying Settings Enter ifconfig in a terminal screen to ch eck your TCP/IP properties. Figure 244 Red Hat 9.0: Checking TCP/IP Properties [root@localhost]# ifconfig eth0 Link encap:Ethernet HWadd r 00:50:BA:72:5B:44 inet addr:172.
NBG410W3G Series User’s Guide 377 A PPENDIX C IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify ind ividual devices on a network. Every networking device (includin g computers, servers, routers, printe rs, etc.
Appendix C IP Addresses a nd Subnetti ng NBG410W3G Series User’s Guide 378 Figure 245 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the s ubnet mask.
Appendix C IP Addresses and Subnetting NBG410W3G Series User’s Guide 379 Subnet masks are expressed in dotted decimal no tation just like IP addresses. The follow ing examples show the binary and decimal not ation for 8-bit, 16-bit, 24-bit an d 29-bit subnet masks.
Appendix C IP Addresses a nd Subnetti ng NBG410W3G Series User’s Guide 380 Subnetting Y ou can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the c ompany network for security reasons.
Appendix C IP Addresses and Subnetting NBG410W3G Series User’s Guide 381 Figure 247 Subnetting Example: Af ter Subnetting In a 25-bit subnet the host ID has 7 bits , so each sub-network has a maximum of 2 7 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’ s address itself, all ones is the subnet’ s broadcast address).
Appendix C IP Addresses a nd Subnetti ng NBG410W3G Series User’s Guide 382 Example: Eight Subnet s Similarly , use a 27-bit mask to create eight subnets (000, 00 1, 010, 01 1, 100, 101, 1 10 and 111 ) . The following table shows IP address last octet values for each subnet.
Appendix C IP Addresses and Subnetting NBG410W3G Series User’s Guide 383 Subnet Planning The following table is a summary for su bnet planning on a network with a 24-bit network number . The following table is a summary for su bnet planning on a network with a 16-bit network number .
Appendix C IP Addresses a nd Subnetti ng NBG410W3G Series User’s Guide 384 Configuring IP Addresses Where you obtain your netwo rk number depends on your particular situation. If the ISP or your network administrator assigns yo u a bloc k of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
NBG410W3G Series User’s Guide 385 A PPENDIX D Common Services The following table l ists some commonly-used se rvices and their associated protocols and port numbers. For a comprehensive list of port numbers, ICMP type/code numbers and services, visit the IANA (Internet Assigned Number Authority) web site .
Appendix D Common Services NBG410W3G Series User’s Guide 386 FTP TCP TCP 20 21 File Tr a nsfer Program, a program to enable fast transfer of files, including large fil es that may not be possible by e-mail. H.323 TCP 1720 NetMeeting uses this protocol.
Appendix D Common Services NBG410W3G Series User’s Guide 387 RTE L N ET TC P 107 Remote T elnet. RTS P TCP/UDP 554 The Real Time S treaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet. SFTP TCP 11 5 Simple File Transfer Protocol.
Appendix D Common Services NBG410W3G Series User’s Guide 388.
NBG410W3G Series User’s Guide 389 A PPENDIX E W ireless LANs Wireless LAN T opologies This section discusses ad-hoc and in frastructure w ireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an inde pendent (Ad-hoc) WLAN that connects a se t of computers with wireless adapters (A, B, C).
Appendix E Wireless LANs NBG410W3G Series User’s Guide 390 Figure 249 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlappi ng BSSs, each containing an access point, with each access point connected together by a wired network.
Appendix E Wir eless LANs NBG410W3G Series User’s Guide 391 Figure 250 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by wireless devices to transmit and receive data.
Appendix E Wireless LANs NBG410W3G Series User’s Guide 392 Figure 251 RTS/ CT S When station A sends data to the AP , it might not know that the station B is already using the channel.
Appendix E Wir eless LANs NBG410W3G Series User’s Guide 393 If the Fragmentation Threshold value is smaller than the RT S / C T S value (see previously) you set then the R TS (Request T o Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmen ted before they reach R TS/CTS size.
Appendix E Wireless LANs NBG410W3G Series User’s Guide 394 W ireless security methods availabl e on the ZyXEL Device are data encryption, wireless client authentication, restricting access by devi ce MAC address and hiding the ZyXEL Device identity .
Appendix E Wir eless LANs NBG410W3G Series User’s Guide 395 Determines the network services available to authenticated users once they are connected to the network.
Appendix E Wireless LANs NBG410W3G Series User’s Guide 396 For EAP-TLS authentication type, you must firs t hav e a wired connection to the network and obtain the certificate(s) from a certificate authorit y (CA).
Appendix E Wir eless LANs NBG410W3G Series User’s Guide 397 Dynamic WEP Key Exchange The AP maps a unique ke y that is generated w ith the RADIUS server . This key expires when the wireless connection times out, disconnects or reauthentic ation times out.
Appendix E Wireless LANs NBG410W3G Series User’s Guide 398 Encryption Both WP A and WP A2 improve data encryp tion by using T emporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IE EE 802.
Appendix E Wir eless LANs NBG410W3G Series User’s Guide 399 Wireless Client WP A Supplicant s A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WP A.
Appendix E Wireless LANs NBG410W3G Series User’s Guide 400 3 The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over the network, but is derived from the PSK and the SSID.
Appendix E Wir eless LANs NBG410W3G Series User’s Guide 401 Antenna Overview An antenna couples RF signals onto air . A tran smitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air . The antenna also operates in reverse by capturing RF signals fro m the air .
Appendix E Wireless LANs NBG410W3G Series User’s Guide 402 Positioning Antennas In general, antennas should be mounted as high as practically possible and free of obstructions. In point-to–point ap plication, position both antennas at the same height and in a direct line of si ght to each othe r to attain the best performance.
NBG410W3G Series User’s Guide 403 A PPENDIX F Importing Certificates This appendix shows importing certificat es examples using In ternet Ex plorer 5.
Appendix F Importi ng Certificates NBG410W3G Series User’s Guide 404 1 In Internet Explorer , double click th e lock shown in the following screen. Figure 255 Login Screen 2 Click Install Certificate to open the Install Certificate wizard.
Appendix F Importing Certificates NBG410W3G Series User’s Guide 405 Figure 257 Certificate Import Wizard 1 4 Select where you would like to store the certificate and then click Next . Figure 258 Certificate Import Wizard 2 5 Click Finish to complete the Import Certificate wizard.
Appendix F Importi ng Certificates NBG410W3G Series User’s Guide 406 Figure 259 Certificate Import Wizard 3 6 Click Ye s to add the ZyXEL Device certificate to the root store.
Appendix F Importing Certificates NBG410W3G Series User’s Guide 407 Figure 261 Certificate General Information af ter Import Enrolling and Importing SSL Client Certificates The SSL client needs a certificate if Authenticate Client Certificates is selected on the ZyXEL Device.
Appendix F Importi ng Certificates NBG410W3G Series User’s Guide 408 Figure 262 ZyXEL Device Trusted CA Screen The CA sends you a package containing the CA ’ s trusted certificate(s), your personal certificate(s) and a password to inst all the personal certificate(s).
Appendix F Importing Certificates NBG410W3G Series User’s Guide 409 Figure 263 CA Certificate Example 2 Click Install Certificate and follow the wizard as show n earlier in this appendix. Inst allin g Y our Personal Certificate(s) Y ou need a password in a dvance.
Appendix F Importi ng Certificates NBG410W3G Series User’s Guide 410 2 The file name and path of the certificate y ou double-clicked should automatically appear in the File name text box. Click Br ow se if you wish to import a different certificate.
Appendix F Importing Certificates NBG410W3G Series User’s Guide 41 1 Figure 267 Personal Certificate Import Wizard 4 5 Click Finish to complete the wizard and begin the import process. Figure 268 Personal Certificate Import Wizard 5 6 Y ou should see the following screen when the ce rtificate is correctly installed on your computer .
Appendix F Importi ng Certificates NBG410W3G Series User’s Guide 412 Using a Certificate When Accessing the ZyXEL Device Example Use the following procedure to access the ZyXEL Device via HTTPS. 1 Enter ‘https://ZyXEL Device IP Address/ in your browser ’ s web address field.
Appendix F Importing Certificates NBG410W3G Series User’s Guide 413.
Appendix F Importi ng Certificates NBG410W3G Series User’s Guide 414.
NBG410W3G Series User’s Guide 415 A PPENDIX G Legal Information Copyright Copyright © 2008 by ZyXEL Communications Corporation. The contents of this publication may not be reprod uced in any part o.
Appendix G Legal Information NBG410W3G Series User’s Guide 416 This device has been tested and foun d to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. Thes e limits are designed to provide reasonable protection against harmful interference in a resi dential installation.
Appendix G Legal Information NBG410W3G Series User’s Guide 417 This Class B digital apparatus complies with Canadian ICES-003. Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada. Vie wing Certifications 1 Go to http://www .
Appendix G Legal Information NBG410W3G Series User’s Guide 418.
NBG410W3G Series User’s Guide 419 A PPENDIX H Customer Support In the event of problems that cannot be solved by using this manual, you should contact your vendor . If you cannot contact yo ur vendor , then contac t a ZyXEL office for the region in which you bought the dev ice.
Appendix H Custo mer Support NBG410W3G Series User’s Guide 420 • Address: 1005F , ShengGao Internationa l T ower , No.137 XianXia Rd., Shanghai • W eb: http://www .zyxel.cn Cost a Rica • Support E-mail: soporte@zyxel.co.cr • Sales E-mail: sales@zyxel.
Appendix H Customer Support NBG410W3G Series User’s Guide 421 Germany • Support E-mail: support@zyxel.de • Sales E-mail: sales@zyxel.de • T elephone: +49-2405-6909-69 • Fax: +49-2405-6909-99 • W eb: www .zyxel.de • Re g u l ar M a i l: ZyXEL Deut schland GmbH.
Appendix H Custo mer Support NBG410W3G Series User’s Guide 422 Malaysia • Support E-mail: support@zyxel.com.my • Sales E-mail: sales@zyxel.com.my • T elephone: +603-8076-9933 • Fax: +603-8076- 9833 • W eb: http://www .zyxel.com.my • Regular Mail: ZyXEL Malaysia Sdn Bhd.
Appendix H Customer Support NBG410W3G Series User’s Guide 423 Singapore • Support E-mail: support@zyxel.com.sg • Sales E-mail: sales@zyxel.com.sg • T elephone: +65-6899-6678 • Fax: +65-6899-8887 • W eb: http://www .zyxel.com.sg • Regular Mail: ZyXEL Singapore Pte Ltd.
Appendix H Custo mer Support NBG410W3G Series User’s Guide 424 T urkey • Support E-mail: cso@zyxel.com.tr • T elephone: +90 212 222 55 22 • Fax: +90-212-220-2 526 • W eb: http:www .
Index NBG410W3G Series User’s Guide 425 Index Numerics 3G introduction 126 3G . See th ird generation 126 A access point 147 See also AP . address assignment 11 5 , 247 Advanced Encryption St andard See AES.
Index NBG410W3G Series User’s Guide 426 DHCP clients 326 DHCP table 56 disclaimer 415 DNS 277 DNS server private LAN 248 DNS server address assignment 11 6 DNS service 236 domain name 325 Domain Name System. See DNS. DoS 167 , 183 Dynamic DNS 255 , 256 Dynamic Host Configurat ion Protocol.
Index NBG410W3G Series User’s Guide 427 IP protocol type 179 ISP paramete rs 59 L LAN 104 load balancing 111 load sharing 111 loading a confi guration file 334 local (user) database 149 and encryption 150 M MAC address 11 6 , 148 filter 162 MAC address filter 148 maintenance 325 Management Information Base.
Index NBG410W3G Series User’s Guide 428 PSK 398 R RADIUS 394 message types 395 messages 395 shared secret key 395 RADIUS server 149 Real T ime T ransport Protocol .
Index NBG410W3G Series User’s Guide 429 subnetting 380 syntax conventions 4 system name 325 timeout 260 T target market 35 TCP maximum incomplete 183 TCP/IP priority 11 2 Te l n e t 272 telnet 272 t.
Index NBG410W3G Series User’s Guide 430 with RADIUS application example 399 WP A2 397 user authentication 398 vs WP A2-PSK 398 wireless client supplicant 399 with RADIUS application example 399 WP A.
デバイスZyXEL Communications NBG410W3G Seriesの購入後に(又は購入する前であっても)重要なポイントは、説明書をよく読むことです。その単純な理由はいくつかあります:
ZyXEL Communications NBG410W3G Seriesをまだ購入していないなら、この製品の基本情報を理解する良い機会です。まずは上にある説明書の最初のページをご覧ください。そこにはZyXEL Communications NBG410W3G Seriesの技術情報の概要が記載されているはずです。デバイスがあなたのニーズを満たすかどうかは、ここで確認しましょう。ZyXEL Communications NBG410W3G Seriesの取扱説明書の次のページをよく読むことにより、製品の全機能やその取り扱いに関する情報を知ることができます。ZyXEL Communications NBG410W3G Seriesで得られた情報は、きっとあなたの購入の決断を手助けしてくれることでしょう。
ZyXEL Communications NBG410W3G Seriesを既にお持ちだが、まだ読んでいない場合は、上記の理由によりそれを行うべきです。そうすることにより機能を適切に使用しているか、又はZyXEL Communications NBG410W3G Seriesの不適切な取り扱いによりその寿命を短くする危険を犯していないかどうかを知ることができます。
ですが、ユーザガイドが果たす重要な役割の一つは、ZyXEL Communications NBG410W3G Seriesに関する問題の解決を支援することです。そこにはほとんどの場合、トラブルシューティング、すなわちZyXEL Communications NBG410W3G Seriesデバイスで最もよく起こりうる故障・不良とそれらの対処法についてのアドバイスを見つけることができるはずです。たとえ問題を解決できなかった場合でも、説明書にはカスタマー・サービスセンター又は最寄りのサービスセンターへの問い合わせ先等、次の対処法についての指示があるはずです。