ZyXEL Communications NBG318S Wireless Ethernet Adapter User Manual NBG 318 User s Guide

ZyXEL Communications Corporation Wireless Ethernet Adapter NBG 318 User s Guide

Users Manual 4

Appendix B Pop-up Windows, JavaScripts and Java PermissionsNBG318S User’s Guide 231Figure 132 Internet Options: Privacy3Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4Click Add to move the IP address to the list of Allowed sites.Figure 133 Pop-up Blocker Settings
Appendix B Pop-up Windows, JavaScripts and Java PermissionsNBG318S User’s Guide2325Click Close to return to the Privacy screen. 6Click Apply to save this setting. JavaScriptsIf pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. 1In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 134 Internet Options: Security 2Click the Custom Level... button. 3Scroll down to Scripting. 4Under Active scripting make sure that Enable is selected (the default).5Under Scripting of Java applets make sure that Enable is selected (the default). 6Click OK to close the window.
Appendix B Pop-up Windows, JavaScripts and Java PermissionsNBG318S User’s Guide 233Figure 135 Security Settings - Java ScriptingJava Permissions1From Internet Explorer, click Tools, Internet Options and then the Security tab. 2Click the Custom Level... button. 3Scroll down to Microsoft VM. 4Under Java permissions make sure that a safety level is selected.5Click OK to close the window.Figure 136 Security Settings - Java
Appendix B Pop-up Windows, JavaScripts and Java PermissionsNBG318S User’s Guide234JAVA (Sun)1From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2Make sure that Use Java 2 for <applet> under Java (Sun) is selected.3Click OK to close the window.Figure 137 Java (Sun)
NBG318S User’s Guide 235APPENDIX C IP Addresses and SubnettingThis appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts.Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks.Introduction to IP AddressesOne part of the IP address is the network number, and the other part is the host ID. In the same way that houses on a street share a common street name, the hosts on a network share a common network number. Similarly, as each house has its own house number, each host on the network has its own unique identifying number - the host ID. Routers use the network number to send packets to the correct network, while the host ID determines to which host on the network the packets are delivered.StructureAn IP address is made up of four parts, written in dotted decimal notation (for example, 192.168.1.1). Each of these four parts is known as an octet. An octet is an eight-digit binary number (for example 11000000, which is 192 in decimal notation). Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal.The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID.
Appendix C IP Addresses and SubnettingNBG318S User’s Guide236Figure 138 Network Number and Host IDHow much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet MasksA subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation). The term “subnet” is short for “sub-network”.A subnet mask has 32 bits. If a bit in the subnet mask is a “1” then the corresponding bit in the IP address is part of the network number. If a bit in the subnet mask is “0” then the corresponding bit in the IP address is part of the host ID. The following example shows a subnet mask identifying the network number (in bold text) and host ID of an IP address (192.168.1.2 in decimal).By convention, subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits.Subnet masks can be referred to by the size of the network number part (the bits with a “1” value). For example, an “8-bit mask” means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes.Table 98 Subnet Mask - Identifying Network Number1ST OCTET:(192)2ND OCTET:(168)3RD OCTET:(1)4TH OCTET(2)IP Address (Binary) 11000000 10101000 00000001 00000010Subnet Mask (Binary) 11111111 11111111 11111111 00000000Network Number 11000000 10101000 00000001Host ID 00000010
Appendix C IP Addresses and SubnettingNBG318S User’s Guide 237Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Network SizeThe size of the network number determines the maximum number of possible hosts you can have on your network. The larger the number of network number bits, the smaller the number of remaining host ID bits. An IP address with host IDs of all zeros is the IP address of the network (192.168.1.0 with a 24-bit subnet mask, for example). An IP address with host IDs of all ones is the broadcast address for that network (192.168.1.255 with a 24-bit subnet mask, for example).As these two IP addresses cannot be used for individual hosts, calculate the maximum number of possible hosts in a network as follows:NotationSince the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/” followed by the number of bits in the mask after the address. For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with subnet mask 255.255.255.128. The following table shows some possible subnet masks using both notations. Table 99 Subnet MasksBINARYDECIMAL1ST OCTET2ND OCTET3RD OCTET 4TH OCTET8-bit mask 11111111 00000000 00000000 00000000 255.0.0.016-bit mask 11111111 11111111 00000000 00000000 255.255.0.024-bit mask 11111111 11111111 11111111 00000000 255.255.255.029-bit mask 11111111 11111111 11111111 11111000 255.255.255.248Table 100 Maximum Host NumbersSUBNET MASK HOST ID SIZE MAXIMUM NUMBER OF HOSTS8 bits 255.0.0.0 24 bits 224 – 2 1677721416 bits 255.255.0.0 16 bits 216 – 2 6553424 bits 255.255.255.0 8 bits 28 – 2 25429 bits 255.255.255.248 3 bits 23 – 2 6Table 101 Alternative Subnet Mask NotationSUBNET MASK ALTERNATIVE NOTATIONLAST OCTET (BINARY)LAST OCTET (DECIMAL)255.255.255.0 /24 0000 0000 0255.255.255.128 /25 1000 0000 128
Appendix C IP Addresses and SubnettingNBG318S User’s Guide238SubnettingYou can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons.In this example, the company network address is 192.168.1.0. The first three octets of the address (192.168.1) are the network number, and the remaining octet is the host ID, allowing a maximum of 28 – 2 or 254 possible hosts.The following figure shows the company network before subnetting. Figure 139 Subnetting Example: Before SubnettingYou can “borrow” one of the host ID bits to divide the network 192.168.1.0 into two separate sub-networks. The subnet mask is now 25 bits (255.255.255.128 or /25).The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. The following figure shows the company network after subnetting. There are now two sub-networks, A and B. 255.255.255.192 /26 1100 0000 192255.255.255.224 /27 1110 0000 224255.255.255.240 /28 1111 0000 240255.255.255.248 /29 1111 1000 248255.255.255.252 /30 1111 1100 252Table 101 Alternative Subnet Mask Notation (continued)SUBNET MASK ALTERNATIVE NOTATIONLAST OCTET (BINARY)LAST OCTET (DECIMAL)
Appendix C IP Addresses and SubnettingNBG318S User’s Guide 239Figure 140 Subnetting Example: After SubnettingIn a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 27 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address).192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127 with mask 255.255.255.128 is its broadcast address. Therefore, the lowest IP address that can be assigned to an actual host for subnet A is 192.168.1.1 and the highest is 192.168.1.126. Similarly, the host ID range for subnet B is 192.168.1.129 to 192.168.1.254.Example: Four Subnets The previous example illustrated using a 25-bit subnet mask to divide a 24-bit address into two subnets. Similarly, to divide a 24-bit address into four subnets, you need to “borrow” two host ID bits to give four possible combinations (00, 01, 10 and 11). The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192. Each subnet contains 6 host ID bits, giving 26 - 2 or 62 hosts for each subnet (a host ID of all zeroes is the subnet itself, all ones is the subnet’s broadcast address). Table 102 Subnet 1IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address (Decimal) 192.168.1. 0IP Address (Binary) 11000000.10101000.00000001. 00000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.0Lowest Host ID: 192.168.1.1Broadcast Address: 192.168.1.63Highest Host ID: 192.168.1.62
Appendix C IP Addresses and SubnettingNBG318S User’s Guide240Example: Eight SubnetsSimilarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet.Table 103 Subnet 2IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address 192.168.1. 64IP Address (Binary) 11000000.10101000.00000001. 01000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.64Lowest Host ID: 192.168.1.65Broadcast Address: 192.168.1.127Highest Host ID: 192.168.1.126Table 104 Subnet 3IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address 192.168.1. 128IP Address (Binary) 11000000.10101000.00000001. 10000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.128Lowest Host ID: 192.168.1.129Broadcast Address: 192.168.1.191Highest Host ID: 192.168.1.190Table 105 Subnet 4IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address 192.168.1. 192IP Address (Binary) 11000000.10101000.00000001. 11000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.192Lowest Host ID: 192.168.1.193Broadcast Address: 192.168.1.255Highest Host ID: 192.168.1.254Table 106 Eight SubnetsSUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESSBROADCAST ADDRESS1 0 1 30 31232 33 62 63364 65 94 95496 97 126 127
Appendix C IP Addresses and SubnettingNBG318S User’s Guide 241Subnet PlanningThe following table is a summary for subnet planning on a network with a 24-bit network number.The following table is a summary for subnet planning on a network with a 16-bit network number. 5128 129 158 1596160 161 190 1917192 193 222 2238224 225 254 255Table 106 Eight Subnets (continued)SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESSBROADCAST ADDRESSTable 107 24-bit Network Number Subnet PlanningNO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET1255.255.255.128 (/25) 21262255.255.255.192 (/26) 4623255.255.255.224 (/27) 8304255.255.255.240 (/28) 16 145255.255.255.248 (/29) 32 66255.255.255.252 (/30) 64 27255.255.255.254 (/31) 128 1Table 108 16-bit Network Number Subnet PlanningNO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET1255.255.128.0 (/17) 2327662255.255.192.0 (/18) 4163823255.255.224.0 (/19) 881904255.255.240.0 (/20) 16 40945255.255.248.0 (/21) 32 20466255.255.252.0 (/22) 64 10227255.255.254.0 (/23) 128 5108255.255.255.0 (/24) 256 2549255.255.255.128 (/25) 512 12610 255.255.255.192 (/26) 1024 6211 255.255.255.224 (/27) 2048 3012 255.255.255.240 (/28) 4096 1413 255.255.255.248 (/29) 8192 6
Appendix C IP Addresses and SubnettingNBG318S User’s Guide242Configuring IP AddressesWhere you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established. If this is the case, it is recommended that you select a network number from 192.168.0.0 to 192.168.255.0. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise. You must also enable Network Address Translation (NAT) on the NBG318S. Once you have decided on the network number, pick an IP address for your NBG318S that is easy to remember (for instance, 192.168.1.1) but make sure that no other device on your network is using that IP address.The subnet mask specifies the network number portion of an IP address. Your NBG318S will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the NBG318S unless you are instructed to do otherwise.Private IP AddressesEvery machine on the Internet must have a unique address. If your networks are isolated from the Internet (running only between two branch offices, for example) you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks:• 10.0.0.0 — 10.255.255.255• 172.16.0.0 — 172.31.255.255• 192.168.0.0 — 192.168.255.255You can obtain your IP address from the IANA, from an ISP, or it can be assigned from a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses.Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space.14 255.255.255.252 (/30) 16384 215 255.255.255.254 (/31) 32768 1Table 108 16-bit Network Number Subnet Planning (continued)NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET
NBG318S User’s Guide 243APPENDIX D Setting up Your Computer’s IPAddressAll computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer. Windows 3.1 requires the purchase of a third-party TCP/IP application package.TCP/IP should already be installed on computers using Windows NT/2000/XP, Macintosh OS 7 and later operating systems.After the appropriate TCP/IP components are installed, configure the TCP/IP settings in order to "communicate" with your network. If you manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the Prestige’s LAN port.Windows 95/98/MeClick Start, Settings, Control Panel and double-click the Network icon to open the Network window.
Appendix D Setting up Your Computer’s IP AddressNBG318S User’s Guide244Figure 141 WIndows 95/98/Me: Network: ConfigurationInstalling ComponentsThe Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks.If you need the adapter:1In the Network window, click Add.2Select Adapter and then click Add.3Select the manufacturer and model of your network adapter and then click OK.If you need TCP/IP:1In the Network window, click Add.2Select Protocol and then click Add.3Select Microsoft from the list of manufacturers.4Select TCP/IP from the list of network protocols and then click OK.If you need Client for Microsoft Networks:1Click Add.2Select Client and then click Add.3Select Microsoft from the list of manufacturers.4Select Client for Microsoft Networks from the list of network clients and then click OK.5Restart your computer so the changes you made take effect.
Appendix D Setting up Your Computer’s IP AddressNBG318S User’s Guide 245Configuring 1In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties2Click the IP Address tab.• If your IP address is dynamic, select Obtain an IP address automatically. • If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields.Figure 142 Windows 95/98/Me: TCP/IP Properties: IP Address3Click the DNS Configuration tab.• If you do not know your DNS information, select Disable DNS.• If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in).
Appendix D Setting up Your Computer’s IP AddressNBG318S User’s Guide246Figure 143 Windows 95/98/Me: TCP/IP Properties: DNS Configuration4Click the Gateway tab.• If you do not know your gateway’s IP address, remove previously installed gateways.• If you have a gateway IP address, type it in the New gateway field and click Add.5Click OK to save and close the TCP/IP Properties window.6Click OK to close the Network window. Insert the Windows CD if prompted.7Turn on your Prestige and restart your computer when prompted.Verifying Settings1Click Start and then Run.2In the Run window, type "winipcfg" and then click OK to open the IP Configuration window.3Select your network adapter. You should see your computer's IP address, subnet mask and default gateway.Windows 2000/NT/XPThe following example figures use the default Windows XP GUI theme.1Click start (Start in Windows 2000/NT), Settings, Control Panel.
Appendix D Setting up Your Computer’s IP AddressNBG318S User’s Guide 247Figure 144 Windows XP: Start Menu2In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT).Figure 145 Windows XP: Control Panel3Right-click Local Area Connection and then click Properties.
Appendix D Setting up Your Computer’s IP AddressNBG318S User’s Guide248Figure 146 Windows XP: Control Panel: Network Connections: Properties4Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties.Figure 147 Windows XP: Local Area Connection Properties5The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).• If you have a dynamic IP address click Obtain an IP address automatically.• If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. • Click Advanced.
Appendix D Setting up Your Computer’s IP AddressNBG318S User’s Guide 249Figure 148 Windows XP: Internet Protocol (TCP/IP) Properties6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK.Do one or more of the following if you want to configure additional IP addresses:•In the IP Settings tab, in IP addresses, click Add.•In TCP/IP Address, type an IP address in IP address and a subnet mask in Subnet mask, and then click Add.• Repeat the above two steps for each IP address you want to add.• Configure additional default gateways in the IP Settings tab by clicking Add in Default gateways.•In TCP/IP Gateway Address, type the IP address of the default gateway in Gateway. To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric.• Click Add. • Repeat the previous three steps for each default gateway you want to add.• Click OK when finished.
Appendix D Setting up Your Computer’s IP AddressNBG318S User’s Guide250Figure 149 Windows XP: Advanced TCP/IP Properties7In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP):• Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).• If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them.
Appendix D Setting up Your Computer’s IP AddressNBG318S User’s Guide 251Figure 150 Windows XP: Internet Protocol (TCP/IP) Properties8Click OK to close the Internet Protocol (TCP/IP) Properties window.9Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window.10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT).11 Turn on your Prestige and restart your computer (if prompted).Verifying Settings1Click Start, All Programs, Accessories and then Command Prompt.2In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab.Macintosh OS 8/9 1Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel.
Appendix D Setting up Your Computer’s IP AddressNBG318S User’s Guide252Figure 151 Macintosh OS 8/9: Apple Menu2Select Ethernet built-in from the Connect via list.Figure 152 Macintosh OS 8/9: TCP/IP3For dynamically assigned settings, select Using DHCP Server from the Configure: list.4For statically assigned settings, do the following:
Appendix D Setting up Your Computer’s IP AddressNBG318S User’s Guide 253•From the Configure box, select Manually.• Type your IP address in the IP Address box.• Type your subnet mask in the Subnet mask box.• Type the IP address of your Prestige in the Router address box.5Close the TCP/IP Control Panel.6Click Save if prompted, to save changes to your configuration.7Turn on your Prestige and restart your computer (if prompted).Verifying SettingsCheck your TCP/IP properties in the TCP/IP Control Panel window.Macintosh OS X1Click the Apple menu, and click System Preferences to open the System Preferences window.Figure 153 Macintosh OS X: Apple Menu2Click Network in the icon bar. • Select Automatic from the Location list.• Select Built-in Ethernet from the Show list. • Click the TCP/IP tab.3For dynamically assigned settings, select Using DHCP from the Configure list.
Appendix D Setting up Your Computer’s IP AddressNBG318S User’s Guide254Figure 154 Macintosh OS X: Network4For statically assigned settings, do the following:•From the Configure box, select Manually.• Type your IP address in the IP Address box.• Type your subnet mask in the Subnet mask box.• Type the IP address of your Prestige in the Router address box.5Click Apply Now and close the window.6Turn on your Prestige and restart your computer (if prompted).Verifying SettingsCheck your TCP/IP properties in the Network window.Linux This section shows you how to configure your computer’s TCP/IP settings in Red Hat Linux 9.0. Procedure, screens and file location may vary depending on your Linux distribution and release version.
Appendix D Setting up Your Computer’s IP AddressNBG318S User’s Guide 255"Make sure you are logged in as the root administrator. Using the K Desktop Environment (KDE)Follow the steps below to configure your computer IP address using the KDE. 1Click the Red Hat button (located on the bottom left corner), select System Setting and click Network.Figure 155 Red Hat 9.0: KDE: Network Configuration: Devices 2Double-click on the profile of the network card you wish to configure. The Ethernet Device General screen displays as shown.
Appendix D Setting up Your Computer’s IP AddressNBG318S User’s Guide256Figure 156 Red Hat 9.0: KDE: Ethernet Device: General • If you have a dynamic IP address click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields. 3Click OK to save the changes and close the Ethernet Device General screen. 4If you know your DNS server IP address(es), click the DNS tab in the Network Configuration screen. Enter the DNS server information in the fields provided. Figure 157 Red Hat 9.0: KDE: Network Configuration: DNS 5Click the Devices tab. 6Click the Activate button to apply the changes. The following screen displays. Click Yes to save the changes in all screens.
Appendix D Setting up Your Computer’s IP AddressNBG318S User’s Guide 257Figure 158 Red Hat 9.0: KDE: Network Configuration: Activate 7After the network card restart process is complete, make sure the Status is Active in the Network Configuration screen.Using Configuration FilesFollow the steps below to edit the network configuration files and set your computer IP address. 1Assuming that you have only one network card on the computer, locate the ifconfig-eth0 configuration file (where eth0 is the name of the Ethernet card). Open the configuration file with any plain text editor.• If you have a dynamic IP address, enter dhcp in the BOOTPROTO= field. The following figure shows an example. Figure 159 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 • If you have a static IP address, enter static in the BOOTPROTO= field. Type IPADDR= followed by the IP address (in dotted decimal notation) and type NETMASK= followed by the subnet mask. The following example shows an example where the static IP address is 192.168.1.10 and the subnet mask is 255.255.255.0. Figure 160 Red Hat 9.0: Static IP Address Setting in ifconfig-eth0 DEVICE=eth0ONBOOT=yesBOOTPROTO=dhcpUSERCTL=noPEERDNS=yesTYPE=EthernetDEVICE=eth0ONBOOT=yesBOOTPROTO=staticIPADDR=192.168.1.10NETMASK=255.255.255.0USERCTL=noPEERDNS=yesTYPE=Ethernet
Appendix D Setting up Your Computer’s IP AddressNBG318S User’s Guide2582If you know your DNS server IP address(es), enter the DNS server information in the resolv.conf file in the /etc directory. The following figure shows an example where two DNS server IP addresses are specified.Figure 161 Red Hat 9.0: DNS Settings in resolv.conf 3After you edit and save the configuration files, you must restart the network card. Enter./network restart in the /etc/rc.d/init.d directory. The following figure shows an example.Figure 162 Red Hat 9.0: Restart Ethernet Card 23.7.1 Verifying SettingsEnter ifconfig in a terminal screen to check your TCP/IP properties. Figure 163 Red Hat 9.0: Checking TCP/IP Properties nameserver 172.23.5.1nameserver 172.23.5.2[root@localhost init.d]# network restartShutting down interface eth0: [OK]Shutting down loopback interface: [OK]Setting network parameters: [OK]Bringing up loopback interface: [OK]Bringing up interface eth0: [OK][root@localhost]# ifconfig eth0 Link encap:Ethernet HWaddr 00:50:BA:72:5B:44 inet addr:172.23.19.129 Bcast:172.23.19.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:717 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:730412 (713.2 Kb) TX bytes:1570 (1.5 Kb) Interrupt:10 Base address:0x1000 [root@localhost]#
NBG318S User’s Guide 259APPENDIX E Wireless LANsWireless LAN TopologiesThis section discusses ad-hoc and infrastructure wireless LAN topologies.Ad-hoc Wireless LAN ConfigurationThe simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an Ad-hoc network or Independent Basic Service Set (IBSS). The following diagram shows an example of notebook computers using wireless adapters to form an Ad-hoc wireless LAN. Figure 164 Peer-to-Peer Communication in an Ad-hoc NetworkBSSA Basic Service Set (BSS) exists when all communications between wireless stations or between a wireless station and a wired network client go through one access point (AP). Intra-BSS traffic is traffic between wireless stations in the BSS. When Intra-BSS is enabled, wireless station A and B can access the wired network and communicate with each other. When Intra-BSS is disabled, wireless station A and B can still access the wired network but cannot communicate with each other.
Appendix E Wireless LANsNBG318S User’s Guide260Figure 165 Basic Service SetESSAn Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS).This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood. An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless stations within the same ESS must have the same ESSID in order to communicate.
Appendix E Wireless LANsNBG318S User’s Guide 261Figure 166 Infrastructure WLANChannelA channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference. Interference occurs when radio signals from different access points overlap causing interference and degrading performance.Adjacent channels partially overlap however. To avoid interference due to overlap, your AP should be on a channel at least five channels away from a channel that an adjacent AP is using. For example, if your region has 11 channels and an adjacent AP is using channel 1, then you need to select a channel between 6 or 11.RTS/CTSA hidden node occurs when two stations are within range of the same access point, but are not within range of each other. The following figure illustrates a hidden node. Both stations (STA) are within range of the access point (AP) or wireless gateway, but out-of-range of each other, so they cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other.
Appendix E Wireless LANsNBG318S User’s Guide262Figure 167 RTS/CTSWhen station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.RTS/CTS is designed to prevent collisions due to hidden nodes. An RTS/CTS defines the biggest size data frame you can send before an RTS (Request To Send)/CTS (Clear to Send) handshake is invoked.When a data frame exceeds the RTS/CTS value you set (between 0 to 2432 bytes), the station that wants to transmit this frame must first send an RTS (Request To Send) message to the AP for permission to send it. The AP then responds with a CTS (Clear to Send) message to all other stations within its range to notify them to defer their transmission. It also reserves and confirms with the requesting station the time frame for the requested transmission.Stations can send frames smaller than the specified RTS/CTS directly to the AP without the RTS (Request To Send)/CTS (Clear to Send) handshake. You should only configure RTS/CTS if the possibility of hidden nodes exists on your network and the "cost" of resending large frames is more than the extra network overhead involved in the RTS (Request To Send)/CTS (Clear to Send) handshake. If the RTS/CTS value is greater than the Fragmentation Threshold value (see next), then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. "Enabling the RTS Threshold causes redundant network overhead that could negatively affect the throughput performance instead of providing a remedy.Fragmentation ThresholdA Fragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes) that can be sent in the wireless network before the AP will fragment the packet into smaller data frames.A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference.
Appendix E Wireless LANsNBG318S User’s Guide 263If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.Preamble TypeA preamble is used to synchronize the transmission timing in your wireless network. There are two preamble modes: Long and Short. Short preamble takes less time to process and minimizes overhead, so it should be used in a good wireless network environment when all wireless stations support it. Select Long if you have a ‘noisy’ network or are unsure of what preamble mode your wireless stations support as all IEEE 802.11b compliant wireless adapters must support long preamble. However, not all wireless adapters support short preamble. Use long preamble if you are unsure what preamble mode the wireless adapters support, to ensure interpretability between the AP and the wireless stations and to provide more reliable communication in ‘noisy’ networks. Select Dynamic to have the AP automatically use short preamble when all wireless stations support it, otherwise the AP uses long preamble."The AP and the wireless stations MUST use the same preamble mode in order to communicate.IEEE 802.11g Wireless LANIEEE 802.11g is fully compatible with the IEEE 802.11b standard. This means an IEEE 802.11b adapter can interface directly with an IEEE 802.11g access point (and vice versa) at 11 Mbps or lower depending on range. IEEE 802.11g has several intermediate rate steps between the maximum and minimum data rates. The IEEE 802.11g data rate and modulation are as follows:IEEE 802.1xIn June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional accounting and control features. It is supported by Windows XP and a number of network devices. Some advantages of IEEE 802.1x are:Table 109 IEEE 802.11gDATA RATE (MBPS) MODULATION1 DBPSK (Differential Binary Phase Shift Keyed)2 DQPSK (Differential Quadrature Phase Shift Keying)5.5 / 11 CCK (Complementary Code Keying) 6/9/12/18/24/36/48/54 OFDM (Orthogonal Frequency Division Multiplexing)
Appendix E Wireless LANsNBG318S User’s Guide264• User based identification that allows for roaming.• Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and accounting management on a network RADIUS server. • Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional authentication methods to be deployed with no changes to the access point or the wireless stations. RADIUSRADIUS is based on a client-server model that supports authentication, authorization and accounting. The access point is the client and the server is the RADIUS server. The RADIUS server handles the following tasks:• Authentication Determines the identity of the users.• AuthorizationDetermines the network services available to authenticated users once they are connected to the network.• AccountingKeeps track of the client’s network activity. RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless station and the network RADIUS server. Types of RADIUS MessagesThe following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication:• Access-RequestSent by an access point requesting authentication.• Access-RejectSent by a RADIUS server rejecting access.• Access-AcceptSent by a RADIUS server allowing access. • Access-ChallengeSent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access-Request message. The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting:• Accounting-RequestSent by the access point requesting accounting.• Accounting-ResponseSent by the RADIUS server to indicate that it has started or stopped accounting.
Appendix E Wireless LANsNBG318S User’s Guide 265In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password, they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is also encrypted to protect the network from unauthorized access. Types of Authentication This appendix discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and LEAP. The type of authentication you use depends on the RADIUS server or the AP. Consult your network administrator for more information.EAP-MD5 (Message-Digest Algorithm 5)MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless station. The wireless station ‘proves’ that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text. However, MD5 authentication has some weaknesses. Since the authentication server needs to get the plaintext passwords, the passwords must be stored. Thus someone other than the authentication server may access the password file. In addition, it is possible to impersonate an authentication server as MD5 authentication method does not perform mutual authentication. Finally, MD5 authentication method does not support data encryption with dynamic session key. You must configure WEP encryption keys for data encryption. EAP-TLS (Transport Layer Security)With EAP-TLS, digital certifications are needed by both the server and the wireless stations for mutual authentication. The server presents a certificate to the client. After validating the identity of the server, the client sends a different certificate to the server. The exchange of certificates is done in the open before a secured tunnel is created. This makes user identity vulnerable to passive attacks. A digital certificate is an electronic ID card that authenticates the sender’s identity. However, to implement EAP-TLS, you need a Certificate Authority (CA) to handle certificates, which imposes a management overhead. EAP-TTLS (Tunneled Transport Layer Service) EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-side authentications to establish a secure connection. Client authentication is then done by sending username and password through the secure connection, thus client identity is protected. For client authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2.
Appendix E Wireless LANsNBG318S User’s Guide266PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco.LEAPLEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x. Dynamic WEP Key ExchangeThe AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed.If this feature is enabled, it is not necessary to configure a default encryption key in the Wireless screen. You may still configure and store keys here, but they will not be used while Dynamic WEP is enabled."EAP-MD5 cannot be used with dynamic WEP key exchangeFor added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, a simple user name and password pair is more practical. The following table is a comparison of the features of authentication types.WPA(2)Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE 802.11i) is a wireless security standard that defines stronger encryption, authentication and key management than WPA. Table 110 Comparison of EAP Authentication TypesEAP-MD5 EAP-TLS EAP-TTLS PEAP LEAPMutual Authentication No Yes Yes Yes YesCertificate – Client No Yes Optional Optional NoCertificate – Server No Yes Yes Yes NoDynamic Key Exchange No Yes Yes Yes YesCredential Integrity None Strong Strong Strong ModerateDeployment Difficulty Easy Hard Moderate Moderate ModerateClient Identity Protection No No Yes Yes No
Appendix E Wireless LANsNBG318S User’s Guide 267Key differences between WPA(2) and WEP are improved data encryption and user authentication. EncryptionBoth WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. In addition to TKIP, WPA2 also uses Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption. Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and distributed by the authentication server. It includes a per-packet key mixing function, a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism.TKIP regularly changes and rotates the encryption keys so that the same encryption key is never used twice. The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients. This all happens in the background automatically.WPA2 AES (Advanced Encryption Standard) is a block cipher that uses a 256-bit mathematical algorithm called Rijndael.The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has been tampered with and the packet is dropped. By generating unique data encryption keys for every data packet and by creating an integrity checking mechanism (MIC), TKIP makes it much more difficult to decode data on a Wi-Fi network than WEP, making it difficult for an intruder to break into the network. The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference between the two is that WPA-PSK uses a simple common password, instead of user-specific credentials. The common-password approach makes WPA-PSK susceptible to brute-force password-guessing attacks but it's still an improvement over WEP as it employs an easier-to-use, consistent, single, alphanumeric password. User AuthenticationWPA or WPA2 applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients using an external RADIUS database. If both an AP and the wireless clients support WPA2 and you have an external RADIUS server, use WPA2 for stronger data encryption. If you don't have an external RADIUS server, you should use WPA2 -PSK (WPA2 -Pre-Shared Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client. As long as the passwords match, a wireless client will be granted access to a WLAN. If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not.Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure than WPA or WPA2.
Appendix E Wireless LANsNBG318S User’s Guide26823.7.2 WPA(2)-PSK Application ExampleA WPA(2)-PSK application looks as follows.1First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters (including spaces and symbols).2The AP checks each wireless client's password and (only) allows it to join the network if the password matches.3The AP derives and distributes keys to the wireless clients.4The AP and wireless clients use the TKIP or AES encryption process to encrypt data exchanged between them.Figure 168 WPA(2)-PSK Authentication23.7.3 WPA(2) with RADIUS Application ExampleYou need the IP address of the RADIUS server, its port number (default is 1812), and the RADIUS shared secret. A WPA(2) application example with an external RADIUS server looks as follows. "A" is the RADIUS server. "DS" is the distribution system.1The AP passes the wireless client's authentication request to the RADIUS server.2The RADIUS server then checks the user's identification against its database and grants or denies network access accordingly.3The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients.
Appendix E Wireless LANsNBG318S User’s Guide 269Security Parameters SummaryRefer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. MAC address filters are not dependent on how you configure these security features.Table 111 Wireless Security Relational MatrixAUTHENTICATION METHOD/ KEY MANAGEMENT PROTOCOLENCRYPTION METHODENTER MANUAL KEY IEEE 802.1XOpen None No DisableEnable without Dynamic WEP KeyOpen WEP No Enable with Dynamic WEP KeyYes Enable without Dynamic WEP KeyYes DisableShared WEP No Enable with Dynamic WEP KeyYes Enable without Dynamic WEP KeyYes DisableWPA TKIP No EnableWPA-PSK TKIP Yes EnableWPA2 AES No EnableWPA2-PSK AES Yes Enable
Appendix E Wireless LANsNBG318S User’s Guide270
NBG318S User’s Guide 271APPENDIX F ServicesThe following table lists some commonly-used services and their associated protocols and port numbers.•Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like.•Protocol: This is the type of IP protocol used by the service. If this is TCP/UDP, then the service uses the same port number with TCP and UDP. If this is User-Defined, the Port(s) is the IP protocol number, not the port number.•Port(s): This value depends on the Protocol.• If the Protocol is TCP, UDP, or TCP/UDP, this is the IP port number.• If the Protocol is USER, this is the IP protocol number.•Description: This is a brief explanation of the applications that use this service or the situations in which this service is used.Table 112 Examples of ServicesNAME PROTOCOL PORT(S) DESCRIPTIONAH (IPSEC_TUNNEL)User-Defined 51 The IPSEC AH (Authentication Header) tunneling protocol uses this service.AIM TCP 5190 AOL’s Internet Messenger service.AUTH TCP 113 Authentication protocol used by some servers.BGP TCP 179 Border Gateway Protocol.BOOTP_CLIENT UDP 68 DHCP Client.BOOTP_SERVER UDP 67 DHCP Server.CU-SEEME TCP/UDPTCP/UDP 764824032A popular videoconferencing solution from White Pines Software.DNS TCP/UDP 53 Domain Name Server, a service that matches web names (e.g. www.zyxel.com) to IP numbers.ESP (IPSEC_TUNNEL)User-Defined 50 The IPSEC ESP (Encapsulation Security Protocol) tunneling protocol uses this service.FINGER TCP 79 Finger is a UNIX or Internet related command that can be used to find out if a user is logged on.FTP TCPTCP2021File Transfer Program, a program to enable fast transfer of files, including large files that may not be possible by e-mail.
Appendix F ServicesNBG318S User’s Guide272H.323 TCP 1720 NetMeeting uses this protocol.HTTP TCP 80 Hyper Text Transfer Protocol - a client/server protocol for the world wide web.HTTPS TCP 443 HTTPS is a secured http session often used in e-commerce.ICMP User-Defined 1Internet Control Message Protocol is often used for diagnostic purposes.ICQ UDP 4000 This is a popular Internet chat program.IGMP (MULTICAST) User-Defined 2Internet Group Multicast Protocol is used when sending packets to a specific group of hosts.IKE UDP 500 The Internet Key Exchange algorithm is used for key distribution and management.IMAP4 TCP 143 The Internet Message Access Protocol is used for e-mail.IMAP4S TCP 993 This is a more secure version of IMAP4 that runs over SSL.IRC TCP/UDP 6667 This is another popular Internet chat program.MSN Messenger TCP 1863 Microsoft Networks’ messenger service uses this protocol. NetBIOS TCP/UDPTCP/UDPTCP/UDPTCP/UDP137138139445The Network Basic Input/Output System is used for communication between computers in a LAN.NEW-ICQ TCP 5190 An Internet chat program.NEWS TCP 144 A protocol for news groups.NFS UDP 2049 Network File System - NFS is a client/server distributed file service that provides transparent file sharing for network environments.NNTP TCP 119 Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service.PING User-Defined 1Packet INternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote host is reachable.POP3 TCP 110 Post Office Protocol version 3 lets a client computer get e-mail from a POP3 server through a temporary connection (TCP/IP or other).POP3S TCP 995 This is a more secure version of POP3 that runs over SSL.PPTP TCP 1723 Point-to-Point Tunneling Protocol enables secure transfer of data over public networks. This is the control channel.Table 112 Examples of Services (continued)NAME PROTOCOL PORT(S) DESCRIPTION
Appendix F ServicesNBG318S User’s Guide 273PPTP_TUNNEL (GRE)User-Defined 47 PPTP (Point-to-Point Tunneling Protocol) enables secure transfer of data over public networks. This is the data channel.RCMD TCP 512 Remote Command Service.REAL_AUDIO TCP 7070 A streaming audio service that enables real time sound over the web.REXEC TCP 514 Remote Execution Daemon.RLOGIN TCP 513 Remote Login.ROADRUNNER TCP/UDP 1026 This is an ISP that provides services mainly for cable modems.RTELNET TCP 107 Remote Telnet.RTSP TCP/UDP 554 The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet. SFTP TCP 115 The Simple File Transfer Protocol is an old way of transferring files between computers.SMTP TCP 25 Simple Mail Transfer Protocol is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another.SMTPS TCP 465 This is a more secure version of SMTP that runs over SSL.SNMP TCP/UDP 161 Simple Network Management Program.SNMP-TRAPS TCP/UDP 162 Traps for use with the SNMP (RFC:1215).SQL-NET TCP 1521 Structured Query Language is an interface to access data on many different types of database systems, including mainframes, midrange systems, UNIX systems and network servers.SSDP UDP 1900 The Simple Service Discovery Protocol supports Universal Plug-and-Play (UPnP).SSH TCP/UDP 22 Secure Shell Remote Login Program.STRM WORKS UDP 1558 Stream Works Protocol.SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server.TACACS UDP 49 Login Host Protocol used for (Terminal Access Controller Access Control System).TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments. It operates over TCP/IP networks. Its primary function is to allow users to log into remote host systems.Table 112 Examples of Services (continued)NAME PROTOCOL PORT(S) DESCRIPTION
Appendix F ServicesNBG318S User’s Guide274TFTP UDP 69 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol).VDOLIVE TCPUDP7000user-definedA videoconferencing solution. The UDP port number is specified in the application.Table 112 Examples of Services (continued)NAME PROTOCOL PORT(S) DESCRIPTION
NBG318S User’s Guide 275APPENDIX G Legal InformationCopyrightCopyright © 2006 by ZyXEL Communications Corporation.The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation.Published by ZyXEL Communications Corporation. All rights reserved.DisclaimerZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice.TrademarksZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.Certifications Federal Communications Commission (FCC) Interference StatementThe device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:• This device may not cause harmful interference.• This device must accept any interference received, including interference that may cause undesired operations.This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This device generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation.
Appendix G Legal InformationNBG318S User’s Guide276If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures:1Reorient or relocate the receiving antenna.2Increase the separation between the equipment and the receiver.3Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.4Consult the dealer or an experienced radio/TV technician for help.FCC Radiation Exposure Statement• This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter. •To comply with FCC RF exposure compliance requirements, a eparation distance of at least 20 cmmust be maintained between the antenna of this device and all persons.注意 !依據 低功率電波輻射性電機管理辦法第十二條 經型式認證合格之低功率射頻電機,非經許可,公司、商號或使用者均不得擅自變更頻率、加大功率或變更原設計之特性及功能。第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通信;經發現有干擾現象時,應立即停用,並改善至無干擾時方得繼續使用。前項合法通信,指依電信規定作業之無線電信。低功率射頻電機須忍受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。 本機限在不干擾合法電臺與不受被干擾保障條件下於室內使用。 Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.This device has been designed for the WLAN 2.4 GHz network throughout the EC region and Switzerland, with restrictions in France. This Class B digital apparatus complies with Canadian ICES-003.Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.Viewing Certifications1Go to http://www.zyxel.com.2Select your product on the ZyXEL home page to go to that product's page.3Select the certification you wish to view from this page.
Appendix G Legal InformationNBG318S User’s Guide 277ZyXEL Limited WarrantyZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.NoteRepair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser.To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.RegistrationRegister your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products.
Appendix G Legal InformationNBG318S User’s Guide278
NBG318S User’s Guide 279APPENDIX H Customer SupportPlease have the following information ready when you contact customer support.Required Information• Product model and serial number.• Warranty Information.• Date that you received your device.• Brief description of the problem and the steps you took to solve it.Corporate Headquarters (Worldwide)• Support E-mail: support@zyxel.com.tw• Sales E-mail: sales@zyxel.com.tw• Telephone: +886-3-578-3942• Fax: +886-3-578-2439• Web Site: www.zyxel.com, www.europe.zyxel.com• FTP Site: ftp.zyxel.com, ftp.europe.zyxel.com• Regular Mail: ZyXEL Communications Corp., 6 Innovation Road II, Science Park, Hsinchu 300, TaiwanCosta Rica• Support E-mail: soporte@zyxel.co.cr• Sales E-mail: sales@zyxel.co.cr• Telephone: +506-2017878• Fax: +506-2015098• Web Site: www.zyxel.co.cr• FTP Site: ftp.zyxel.co.cr• Regular Mail: ZyXEL Costa Rica, Plaza Roble Escazú, Etapa El Patio, Tercer Piso, San José, Costa RicaCzech Republic• E-mail: info@cz.zyxel.com• Telephone: +420-241-091-350• Fax: +420-241-091-359• Web Site: www.zyxel.cz• Regular Mail: ZyXEL Communications, Czech s.r.o., Modranská 621, 143 01 Praha 4 - Modrany, Ceská Republika
Appendix H Customer SupportNBG318S User’s Guide280Denmark• Support E-mail: support@zyxel.dk• Sales E-mail: sales@zyxel.dk• Telephone: +45-39-55-07-00• Fax: +45-39-55-07-07• Web Site: www.zyxel.dk • Regular Mail: ZyXEL Communications A/S, Columbusvej, 2860 Soeborg, DenmarkFinland• Support E-mail: support@zyxel.fi• Sales E-mail: sales@zyxel.fi• Telephone: +358-9-4780-8411• Fax: +358-9-4780 8448• Web Site: www.zyxel.fi• Regular Mail: ZyXEL Communications Oy, Malminkaari 10, 00700 Helsinki, FinlandFrance• E-mail: info@zyxel.fr • Telephone: +33-4-72-52-97-97• Fax: +33-4-72-52-19-20• Web Site: www.zyxel.fr• Regular Mail: ZyXEL France, 1 rue des Vergers, Bat. 1 / C, 69760 Limonest, FranceGermany• Support E-mail: support@zyxel.de• Sales E-mail: sales@zyxel.de• Telephone: +49-2405-690969• Fax: +49-2405-6909-99• Web Site: www.zyxel.de• Regular Mail: ZyXEL Deutschland GmbH., Adenauerstr. 20/A2 D-52146, Wuerselen, GermanyHungary• Support E-mail: support@zyxel.hu• Sales E-mail: info@zyxel.hu• Telephone: +36-1-3361649• Fax: +36-1-3259100• Web Site: www.zyxel.hu• Regular Mail: ZyXEL Hungary, 48, Zoldlomb Str., H-1025, Budapest, HungaryKazakhstan• Support: http://zyxel.kz/support• Sales E-mail: sales@zyxel.kz
Appendix H Customer SupportNBG318S User’s Guide 281• Telephone: +7-3272-590-698• Fax: +7-3272-590-689• Web Site: www.zyxel.kz• Regular Mail: ZyXEL Kazakhstan, 43, Dostyk ave.,Office 414, Dostyk Business Centre, 050010, Almaty, Republic of KazakhstanNorth America• Support E-mail: support@zyxel.com• Sales E-mail: sales@zyxel.com• Telephone: +1-800-255-4101, +1-714-632-0882• Fax: +1-714-632-0858• Web Site: www.us.zyxel.com• FTP Site: ftp.us.zyxel.com• Regular Mail: ZyXEL Communications Inc., 1130 N. Miller St., Anaheim, CA 92806-2001, U.S.A.Norway• Support E-mail: support@zyxel.no • Sales E-mail: sales@zyxel.no• Telephone: +47-22-80-61-80• Fax: +47-22-80-61-81• Web Site: www.zyxel.no• Regular Mail: ZyXEL Communications A/S, Nils Hansens vei 13, 0667 Oslo, NorwayPoland• E-mail: info@pl.zyxel.com• Telephone: +48 (22) 333 8250• Fax: +48 (22) 333 8251• Web Site: www.pl.zyxel.com• Regular Mail: ZyXEL Communications, ul. Okrzei 1A, 03-715 Warszawa, PolandRussia• Support: http://zyxel.ru/support• Sales E-mail: sales@zyxel.ru• Telephone: +7-095-542-89-29• Fax: +7-095-542-89-25• Web Site: www.zyxel.ru• Regular Mail: ZyXEL Russia, Ostrovityanova 37a Str., Moscow, 117279, RussiaSpain• Support E-mail: support@zyxel.es• Sales E-mail: sales@zyxel.es• Telephone: +34-902-195-420• Fax: +34-913-005-345
Appendix H Customer SupportNBG318S User’s Guide282• Web Site: www.zyxel.es • Regular Mail: ZyXEL Communications, Arte, 21 5ª planta, 28033 Madrid, SpainSweden• Support E-mail: support@zyxel.se• Sales E-mail: sales@zyxel.se• Telephone: +46-31-744-7700• Fax: +46-31-744-7701• Web Site: www.zyxel.se• Regular Mail: ZyXEL Communications A/S, Sjöporten 4, 41764 Göteborg, SwedenUkraine• Support E-mail: support@ua.zyxel.com• Sales E-mail: sales@ua.zyxel.com• Telephone: +380-44-247-69-78• Fax: +380-44-494-49-32• Web Site: www.ua.zyxel.com• Regular Mail: ZyXEL Ukraine, 13, Pimonenko Str., Kiev, 04050, UkraineUnited Kingdom• Support E-mail: support@zyxel.co.uk• Sales E-mail: sales@zyxel.co.uk• Telephone: +44-1344 303044, 08707 555779 (UK only)• Fax: +44-1344 303034• Web Site: www.zyxel.co.uk• FTP Site: ftp.zyxel.co.uk• Regular Mail: ZyXEL Communications UK, Ltd.,11 The Courtyard, Eastern Road, Bracknell, Berkshire, RG12 2XB, United Kingdom (UK)“+” is the (prefix) number you dial to make an international telephone call.
IndexNBG318S User’s Guide 283IndexNumerics802.11 Mode 88AActiveX 142address resolution protocol (ARP) 105Alert 190alternative subnet mask notation 237any IPnote 105AP (Access Point) 261Asymmetrical routes 136and IP alias 136see also triangle routes 136BBackup configuration 205Bandwidth management 68application-based 153classes and priorities 158monitor 162overview 153priority 154services 155subnet-based 153Bandwidth management monitor 51Basic wireless security 59BitTorrent 155BSS 259CCA 265Certificate Authority 265certifications 275notices 276viewing 276changing the NMK 110Channel 47, 261Interference 261channel 73command interface 33Configuration 204backup 205reset the factory defaults 206restore 205contact information 279Content FilteringDays and Times 141Restrict Web Features 141Cookies 142copyright 275CPU usage 47CTS (Clear to Send) 262customer support 279DDaylight saving 188DDNS 129see also Dynamic DNSDHCP 51, 115DHCP serversee also Dynamic Host Configuration ProtocolDHCP client information 117DHCP client list 117DHCP server 103, 115DHCP table 51, 117DHCP client informationDHCP statusDimensions 223disclaimer 275DNS 65, 116DNS serversee also Domain name systemDNS (Domain Name System) 168DNS server 116Domain name 57vs host name. see also system nameDomain Name System 116duplex setting 48
IndexNBG318S User’s Guide284Dynamic DNS 129Dynamic Host Configuration Protocol 115Dynamic WEP Key Exchange 266DynDNS Wildcard 129EEAP Authentication 265e-mail 91Encryption 267encryption 76and local (user) database 77key 77WPA compatible 77ESS 260ESSID 217Extended Service Set 260Extended wireless security 60FFactory LAN defaults 103FCC interference statement 275File Transfer Program 155Firewall 135Firewall overviewguidelines 136ICMP packets 138network securityStateful inspection 135ZyXEL device firewall 135Firmware upload 203file extensionusing HTTPfirmware version 47Fragmentation Threshold 87, 262FTP 33, 168FTP. see also File Transfer Program 155Ggateway 150General wireless LAN screen 79HHidden Node 261HTTP 155Humidity 223Hyper Text Transfer Protocol 155IIANA 242IBSS 259IEEE 802.11g 263IGMP 93, 104see also Internet Group Multicast ProtocolversionIGMP version 93, 104Independent Basic Service Set 259Install UPnP 173Windows Me 173Windows XP 174Internet Assigned Numbers AuthoritySee IANAInternet connectionEthernetPPPoE. see also PPP over EthernetPPTPWAN connectionInternet connection wizard 60Internet Group Multicast Protocol 93, 104IP Address 106, 121IP address 65dynamicIP alias 106IP packet transmission 104BroadcastMulticastUnicastIP Pool 115JJava 142LLAN 103
IndexNBG318S User’s Guide 285IP pool setup 103LAN overview 103LAN Setup 93LAN setup 103LAN TCP/IP 103Link type 48local (user) database 76and encryption 77Local Area Network 103Log 189MMAC 86MAC address 75, 93cloning 67, 93MAC address filter 75MAC address filtering 86MAC filter 86managing the devicegood habits 33using FTP. See FTP.using Telnet. See command interface.using the command interface. See command interface.using the web configurator. See web configurator.Media access control 86Memory usage 47Metric 151MSN messenger 155MSN Webcam 155Multicast 93, 104IGMP 93, 104NNAT 119, 121, 242overview 119port forwarding 119see also Network Address Translationserver sets 119NAT session 126NAT Traversal 171Navigation Panel 48navigation panel 48NetBIOS 102, 108see also Network Basic Input/Output System 102Network Address Translation 119, 121Network Basic Input/Output System 108NMKchanging 110OOperating Channel 47Output Power 88PP2P 155peer-to-peer 155Point-to-Point Protocol over Ethernet 61, 96Point-to-Point Tunneling Protocol 62, 98Pool Size 115Port forwarding 119, 121default server 119example 120local server 121port numbersservicesport speed 48power line network scenario 110Power Specification 223PPPoE 61, 96benefits 62dial-up connectionsee also Point-to-Point Protocol over Ethernet 61PPTP 62, 98see also Point-to-Point Tunneling Protocol 62Preamble Mode 263priorities 79Private 151private network 110product registration 277QQoS 79QoS priorities 79Quality of Service (QoS) 88
IndexNBG318S User’s Guide286RRADIUS 264Shared Secret Key 265RADIUS Message Types 264RADIUS Messages 264RADIUS server 76registrationproduct 277related documentation 3Remote management 165and NAT 166and the firewall 165FTP 168limitations 165remote management session 165system timeout 166Reset button 45, 206Reset the device 45Restore configuration 205Restrict Web Features 142RF (Radio Frequency) 224RoadRunner 95Roaming 87roaming 77requirements 78RTS (Request To Send) 262RTS Threshold 261, 262RTS/CTS Threshold 87Ssafety warnings 6Security Parameters 269Service and port numbers 156Service Set 80Service Set IDentification 80Service Set IDentity. See SSID.servicesand port numbers 271and protocols 271Session Initiated Protocol 155Simple Mail Transfer Protocol 192SIP 155SMTP 192SNMP 136SSID 47, 73, 80Static DHCP 116Static Route 149Static routeand remote nodeoverviewStatus 45subnet 235Subnet Mask 106subnet mask 65, 236subnetting 238Summary 51Bandwidth management monitor 51DHCP table 51Packet statistics 52Wireless station status 53syntax conventions 4System General Setup 185System Name 186System name 56vs computer nameSystem restart 206TTCP/IP configuration 115Telnet 166Temperature 223Time setting 186trademarks 275Triangle routesand IP alias 136see also asymmetrical routes 136trigger port 124Trigger port forwarding 124example 124process 124UUniversal Plug and Play 171Application 171UPnP 171Forum 172security issues 171URL Keyword Blocking 142Use Authentication 267user authentication 76local (user) database 76RADIUS server 76User Name 130
IndexNBG318S User’s Guide 287VVoIP 155VPN 98WWANIP address assignment 64WAN advanced 101WAN IP address 64WAN IP address assignment 66WAN MAC address 93warranty 277note 277Web Configuratorhow to access 43Overview 43Web configuratornavigating 45web configurator 33Web Proxy 142WEP Encryption 82WEP encryption 81WEP key 81Wi-Fi Multimedia QoS 79Wildcard 129Windows Networking 108Wireless association list 53wireless channel 217wireless LAN 217Wireless LAN wizard 57Wireless networkbasic guidelines 73channel 73encryption 76example 73MAC address filter 75overview 73security 74SSID 73Wireless security 74overview 75type 75wireless security 217Wireless tutorial 35Wizard setup 55Bandwidth management 68complete 69Internet connection 60system information 56wireless LAN 57WLANInterference 261Security Parameters 269WMM 79WMM priorities 79World Wide Web 155WPA compatible 77WPA, WPA2 266WWW 91, 155XXbox Live 155ZZyNOS 47
IndexNBG318S User’s Guide288

Navigation menu