ZyXEL Communications NBG318S Wireless Ethernet Adapter User Manual NBG 318 User s Guide

Download:
Mirror Download [FCC.gov]
Document ID	812925
Application ID	qlRU3uEs8UNenNx5myIyJQ==
Document Description	Users Manual 4
Short Term Confidential	No
Permanent Confidential	No
Supercede	No
Document Type	User Manual
Display Format	Adobe Acrobat PDF - pdf
Filesize	204.46kB (2555759 bits)
Date Submitted	2007-07-06 00:00:00
Date Available	2007-07-06 00:00:00
Creation Date	2007-07-03 18:06:37
Producing Software	Acrobat Distiller 5.0.5 (Windows)
Document Lastmod	2007-07-03 18:07:10
Document Title	NBG-318 User’s Guide
Document Creator	FrameMaker 7.1
Document Author:	Adrian Reid

Appendix B Pop-up Windows, JavaScripts and Java Permissions
Figure 132 Internet Options: Privacy
3 Type the IP address of your device (the web page that you do not want to have blocked)
with the prefix “http://”. For example, http://192.168.167.1.
4 Click Add to move the IP address to the list of Allowed sites.
Figure 133 Pop-up Blocker Settings
NBG318S User’s Guide
231
Appendix B Pop-up Windows, JavaScripts and Java Permissions
5 Click Close to return to the Privacy screen.
6 Click Apply to save this setting.
JavaScripts
If pages of the web configurator do not display properly in Internet Explorer, check that
JavaScripts are allowed.
1 In Internet Explorer, click Tools, Internet Options and then the Security tab.
Figure 134 Internet Options: Security
232
Click the Custom Level... button.
Scroll down to Scripting.
Under Active scripting make sure that Enable is selected (the default).
Under Scripting of Java applets make sure that Enable is selected (the default).
Click OK to close the window.
NBG318S User’s Guide
Appendix B Pop-up Windows, JavaScripts and Java Permissions
Figure 135 Security Settings - Java Scripting
Java Permissions
From Internet Explorer, click Tools, Internet Options and then the Security tab.
Click the Custom Level... button.
Scroll down to Microsoft VM.
Under Java permissions make sure that a safety level is selected.
Click OK to close the window.
Figure 136 Security Settings - Java
NBG318S User’s Guide
233
Appendix B Pop-up Windows, JavaScripts and Java Permissions
JAVA (Sun)
1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab.
2 Make sure that Use Java 2 for  under Java (Sun) is selected.
3 Click OK to close the window.
Figure 137 Java (Sun)
234
NBG318S User’s Guide
APPENDIX
IP Addresses and Subnetting
This appendix introduces IP addresses and subnet masks.
IP addresses identify individual devices on a network. Every networking device (including
computers, servers, routers, printers, etc.) needs an IP address to communicate across the
network. These networking devices are also known as hosts.
Subnet masks determine the maximum number of possible hosts on a network. You can also
use subnet masks to divide one network into multiple sub-networks.
Introduction to IP Addresses
One part of the IP address is the network number, and the other part is the host ID. In the same
way that houses on a street share a common street name, the hosts on a network share a
common network number. Similarly, as each house has its own house number, each host on
the network has its own unique identifying number - the host ID. Routers use the network
number to send packets to the correct network, while the host ID determines to which host on
the network the packets are delivered.
Structure
An IP address is made up of four parts, written in dotted decimal notation (for example,
192.168.1.1). Each of these four parts is known as an octet. An octet is an eight-digit binary
number (for example 11000000, which is 192 in decimal notation).
Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in
decimal.
The following figure shows an example IP address in which the first three octets (192.168.1)
are the network number, and the fourth octet (16) is the host ID.
NBG318S User’s Guide
235
Appendix C IP Addresses and Subnetting
Figure 138 Network Number and Host ID
How much of the IP address is the network number and how much is the host ID varies
according to the subnet mask.
Subnet Masks
A subnet mask is used to determine which bits are part of the network number, and which bits
are part of the host ID (using a logical AND operation). The term “subnet” is short for “subnetwork”.
A subnet mask has 32 bits. If a bit in the subnet mask is a “1” then the corresponding bit in the
IP address is part of the network number. If a bit in the subnet mask is “0” then the
corresponding bit in the IP address is part of the host ID.
The following example shows a subnet mask identifying the network number (in bold text)
and host ID of an IP address (192.168.1.2 in decimal).
Table 98 Subnet Mask - Identifying Network Number
1ST
OCTET:
(192)
2ND
OCTET:
(168)
3RD
OCTET:
(1)
4TH OCTET
(2)
IP Address (Binary)
11000000
10101000
00000001
00000010
Subnet Mask (Binary)
11111111
11111111
11111111
00000000
Network Number
11000000
10101000
00000001
Host ID
00000010
By convention, subnet masks always consist of a continuous sequence of ones beginning from
the leftmost bit of the mask, followed by a continuous sequence of zeros, for a total number of
32 bits.
Subnet masks can be referred to by the size of the network number part (the bits with a “1”
value). For example, an “8-bit mask” means that the first 8 bits of the mask are ones and the
remaining 24 bits are zeroes.
236
NBG318S User’s Guide
Appendix C IP Addresses and Subnetting
Subnet masks are expressed in dotted decimal notation just like IP addresses. The following
examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet
masks.
Table 99 Subnet Masks
BINARY
DECIMAL
1ST
OCTET
2ND
OCTET
3RD
OCTET
4TH OCTET
8-bit mask
11111111
00000000
00000000
00000000
255.0.0.0
16-bit mask
11111111
11111111
00000000
00000000
255.255.0.0
24-bit mask
11111111
11111111
11111111
00000000
255.255.255.0
29-bit mask
11111111
11111111
11111111
11111000
255.255.255.248
Network Size
The size of the network number determines the maximum number of possible hosts you can
have on your network. The larger the number of network number bits, the smaller the number
of remaining host ID bits.
An IP address with host IDs of all zeros is the IP address of the network (192.168.1.0 with a
24-bit subnet mask, for example). An IP address with host IDs of all ones is the broadcast
address for that network (192.168.1.255 with a 24-bit subnet mask, for example).
As these two IP addresses cannot be used for individual hosts, calculate the maximum number
of possible hosts in a network as follows:
Table 100 Maximum Host Numbers
SUBNET MASK
HOST ID SIZE
MAXIMUM NUMBER OF HOSTS
8 bits
255.0.0.0
24 bits
224
16 bits
255.255.0.0
16 bits
216 – 2
65534
24 bits
255.255.255.0
8 bits
28 – 2
254
3 bits
23
29 bits
255.255.255.248
–2
16777214
–2
Notation
Since the mask is always a continuous number of ones beginning from the left, followed by a
continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the
number of ones instead of writing the value of each octet. This is usually specified by writing
a “/” followed by the number of bits in the mask after the address.
For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with subnet mask
255.255.255.128.
The following table shows some possible subnet masks using both notations.
Table 101 Alternative Subnet Mask Notation
SUBNET MASK
ALTERNATIVE
NOTATION
LAST OCTET
(BINARY)
LAST OCTET
(DECIMAL)
255.255.255.0
/24
0000 0000
255.255.255.128
/25
1000 0000
128
NBG318S User’s Guide
237
Appendix C IP Addresses and Subnetting
Table 101 Alternative Subnet Mask Notation (continued)
SUBNET MASK
ALTERNATIVE
NOTATION
LAST OCTET
(BINARY)
LAST OCTET
(DECIMAL)
255.255.255.192
/26
1100 0000
192
255.255.255.224
/27
1110 0000
224
255.255.255.240
/28
1111 0000
240
255.255.255.248
/29
1111 1000
248
255.255.255.252
/30
1111 1100
252
Subnetting
You can use subnetting to divide one network into multiple sub-networks. In the following
example a network administrator creates two sub-networks to isolate a group of servers from
the rest of the company network for security reasons.
In this example, the company network address is 192.168.1.0. The first three octets of the
address (192.168.1) are the network number, and the remaining octet is the host ID, allowing a
maximum of 28 – 2 or 254 possible hosts.
The following figure shows the company network before subnetting.
Figure 139 Subnetting Example: Before Subnetting
You can “borrow” one of the host ID bits to divide the network 192.168.1.0 into two separate
sub-networks. The subnet mask is now 25 bits (255.255.255.128 or /25).
The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets;
192.168.1.0 /25 and 192.168.1.128 /25.
The following figure shows the company network after subnetting. There are now two subnetworks, A and B.
238
NBG318S User’s Guide
Appendix C IP Addresses and Subnetting
Figure 140 Subnetting Example: After Subnetting
In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 27 – 2 or 126
possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s
broadcast address).
192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127 with mask
255.255.255.128 is its broadcast address. Therefore, the lowest IP address that can be assigned
to an actual host for subnet A is 192.168.1.1 and the highest is 192.168.1.126.
Similarly, the host ID range for subnet B is 192.168.1.129 to 192.168.1.254.
Example: Four Subnets
The previous example illustrated using a 25-bit subnet mask to divide a 24-bit address into two
subnets. Similarly, to divide a 24-bit address into four subnets, you need to “borrow” two host
ID bits to give four possible combinations (00, 01, 10 and 11). The subnet mask is 26 bits
(11111111.11111111.11111111.11000000) or 255.255.255.192.
Each subnet contains 6 host ID bits, giving 26 - 2 or 62 hosts for each subnet (a host ID of all
zeroes is the subnet itself, all ones is the subnet’s broadcast address).
Table 102 Subnet 1
IP/SUBNET MASK
NETWORK NUMBER
LAST OCTET BIT
VALUE
IP Address (Decimal)
192.168.1.
IP Address (Binary)
11000000.10101000.00000001.
00000000
Subnet Mask (Binary)
11111111.11111111.11111111.
11000000
Subnet Address:
192.168.1.0
Lowest Host ID: 192.168.1.1
Broadcast Address:
192.168.1.63
Highest Host ID: 192.168.1.62
NBG318S User’s Guide
239
Appendix C IP Addresses and Subnetting
Table 103 Subnet 2
IP/SUBNET MASK
NETWORK NUMBER
LAST OCTET BIT
VALUE
IP Address
192.168.1.
64
IP Address (Binary)
11000000.10101000.00000001.
01000000
Subnet Mask (Binary)
11111111.11111111.11111111.
11000000
Subnet Address:
192.168.1.64
Lowest Host ID: 192.168.1.65
Broadcast Address:
192.168.1.127
Highest Host ID: 192.168.1.126
Table 104 Subnet 3
IP/SUBNET MASK
NETWORK NUMBER
LAST OCTET BIT
VALUE
IP Address
192.168.1.
128
IP Address (Binary)
11000000.10101000.00000001.
10000000
Subnet Mask (Binary)
11111111.11111111.11111111.
11000000
Subnet Address:
192.168.1.128
Lowest Host ID: 192.168.1.129
Broadcast Address:
192.168.1.191
Highest Host ID: 192.168.1.190
Table 105 Subnet 4
IP/SUBNET MASK
NETWORK NUMBER
LAST OCTET BIT
VALUE
IP Address
192.168.1.
192
IP Address (Binary)
11000000.10101000.00000001.
11000000
Subnet Mask (Binary)
11111111.11111111.11111111.
11000000
Subnet Address:
192.168.1.192
Lowest Host ID: 192.168.1.193
Broadcast Address:
192.168.1.255
Highest Host ID: 192.168.1.254
Example: Eight Subnets
Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and
111).
The following table shows IP address last octet values for each subnet.
Table 106 Eight Subnets
240
SUBNET
SUBNET
ADDRESS
FIRST ADDRESS
LAST
ADDRESS
BROADCAST
ADDRESS
30
31
32
33
62
63
64
65
94
95
96
97
126
127
NBG318S User’s Guide
Appendix C IP Addresses and Subnetting
Table 106 Eight Subnets (continued)
SUBNET
SUBNET
ADDRESS
FIRST ADDRESS
LAST
ADDRESS
BROADCAST
ADDRESS
128
129
158
159
160
161
190
191
192
193
222
223
224
225
254
255
Subnet Planning
The following table is a summary for subnet planning on a network with a 24-bit network
number.
Table 107 24-bit Network Number Subnet Planning
NO. “BORROWED”
HOST BITS
SUBNET MASK
NO. SUBNETS
NO. HOSTS PER
SUBNET
255.255.255.128 (/25)
126
255.255.255.192 (/26)
62
255.255.255.224 (/27)
30
255.255.255.240 (/28)
16
14
255.255.255.248 (/29)
32
255.255.255.252 (/30)
64
255.255.255.254 (/31)
128
The following table is a summary for subnet planning on a network with a 16-bit network
number.
Table 108 16-bit Network Number Subnet Planning
NO. “BORROWED”
HOST BITS
SUBNET MASK
NO. SUBNETS
NO. HOSTS PER
SUBNET
255.255.128.0 (/17)
32766
255.255.192.0 (/18)
16382
255.255.224.0 (/19)
8190
255.255.240.0 (/20)
16
4094
255.255.248.0 (/21)
32
2046
255.255.252.0 (/22)
64
1022
255.255.254.0 (/23)
128
510
255.255.255.0 (/24)
256
254
255.255.255.128 (/25)
512
126
10
255.255.255.192 (/26)
1024
62
11
255.255.255.224 (/27)
2048
30
12
255.255.255.240 (/28)
4096
14
13
255.255.255.248 (/29)
8192
NBG318S User’s Guide
241
Appendix C IP Addresses and Subnetting
Table 108 16-bit Network Number Subnet Planning (continued)
NO. “BORROWED”
HOST BITS
SUBNET MASK
NO. SUBNETS
NO. HOSTS PER
SUBNET
14
255.255.255.252 (/30)
16384
15
255.255.255.254 (/31)
32768
Configuring IP Addresses
Where you obtain your network number depends on your particular situation. If the ISP or
your network administrator assigns you a block of registered IP addresses, follow their
instructions in selecting the IP addresses and the subnet mask.
If the ISP did not explicitly give you an IP network number, then most likely you have a single
user account and the ISP will assign you a dynamic IP address when the connection is
established. If this is the case, it is recommended that you select a network number from
192.168.0.0 to 192.168.255.0. The Internet Assigned Number Authority (IANA) reserved this
block of addresses specifically for private use; please do not use any other number unless you
are told otherwise. You must also enable Network Address Translation (NAT) on the
NBG318S.
Once you have decided on the network number, pick an IP address for your NBG318S that is
easy to remember (for instance, 192.168.1.1) but make sure that no other device on your
network is using that IP address.
The subnet mask specifies the network number portion of an IP address. Your NBG318S will
compute the subnet mask automatically based on the IP address that you entered. You don't
need to change the subnet mask computed by the NBG318S unless you are instructed to do
otherwise.
Private IP Addresses
Every machine on the Internet must have a unique address. If your networks are isolated from
the Internet (running only between two branch offices, for example) you can assign any IP
addresses to the hosts without problems. However, the Internet Assigned Numbers Authority
(IANA) has reserved the following three blocks of IP addresses specifically for private
networks:
• 10.0.0.0 — 10.255.255.255
• 172.16.0.0 — 172.31.255.255
• 192.168.0.0 — 192.168.255.255
You can obtain your IP address from the IANA, from an ISP, or it can be assigned from a
private network. If you belong to a small organization and your Internet access is through an
ISP, the ISP can provide you with the Internet addresses for your local networks. On the other
hand, if you are part of a much larger organization, you should consult your network
administrator for the appropriate IP addresses.
Regardless of your particular situation, do not create an arbitrary IP address; always follow the
guidelines above. For more information on address assignment, please refer to RFC 1597,
Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP
Address Space.
242
NBG318S User’s Guide
APPENDIX
Setting up Your Computer’s IP
Address
All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed.
Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all
versions of UNIX/LINUX include the software components you need to install and use TCP/
IP on your computer. Windows 3.1 requires the purchase of a third-party TCP/IP application
package.
TCP/IP should already be installed on computers using Windows NT/2000/XP, Macintosh OS
7 and later operating systems.
After the appropriate TCP/IP components are installed, configure the TCP/IP settings in order
to "communicate" with your network.
If you manually assign IP information instead of using dynamic assignment, make sure that
your computers have IP addresses that place them in the same subnet as the Prestige’s LAN
port.
Windows 95/98/Me
Click Start, Settings, Control Panel and double-click the Network icon to open the Network
window.
NBG318S User’s Guide
243
Appendix D Setting up Your Computer’s IP Address
Figure 141 WIndows 95/98/Me: Network: Configuration
Installing Components
The Network window Configuration tab displays a list of installed components. You need a
network adapter, the TCP/IP protocol and Client for Microsoft Networks.
If you need the adapter:
1 In the Network window, click Add.
2 Select Adapter and then click Add.
3 Select the manufacturer and model of your network adapter and then click OK.
If you need TCP/IP:
In the Network window, click Add.
Select Protocol and then click Add.
Select Microsoft from the list of manufacturers.
Select TCP/IP from the list of network protocols and then click OK.
If you need Client for Microsoft Networks:
Click Add.
Select Client and then click Add.
Select Microsoft from the list of manufacturers.
Select Client for Microsoft Networks from the list of network clients and then click
OK.
5 Restart your computer so the changes you made take effect.
244
NBG318S User’s Guide
Appendix D Setting up Your Computer’s IP Address
Configuring
1 In the Network window Configuration tab, select your network adapter's TCP/IP entry
and click Properties
2 Click the IP Address tab.
• If your IP address is dynamic, select Obtain an IP address automatically.
• If you have a static IP address, select Specify an IP address and type your
information into the IP Address and Subnet Mask fields.
Figure 142 Windows 95/98/Me: TCP/IP Properties: IP Address
3 Click the DNS Configuration tab.
• If you do not know your DNS information, select Disable DNS.
• If you know your DNS information, select Enable DNS and type the information in
the fields below (you may not need to fill them all in).
NBG318S User’s Guide
245
Appendix D Setting up Your Computer’s IP Address
Figure 143 Windows 95/98/Me: TCP/IP Properties: DNS Configuration
4 Click the Gateway tab.
• If you do not know your gateway’s IP address, remove previously installed gateways.
• If you have a gateway IP address, type it in the New gateway field and click Add.
5 Click OK to save and close the TCP/IP Properties window.
6 Click OK to close the Network window. Insert the Windows CD if prompted.
7 Turn on your Prestige and restart your computer when prompted.
Verifying Settings
1 Click Start and then Run.
2 In the Run window, type "winipcfg" and then click OK to open the IP Configuration
window.
3 Select your network adapter. You should see your computer's IP address, subnet mask
and default gateway.
Windows 2000/NT/XP
The following example figures use the default Windows XP GUI theme.
1 Click start (Start in Windows 2000/NT), Settings, Control Panel.
246
NBG318S User’s Guide
Appendix D Setting up Your Computer’s IP Address
Figure 144 Windows XP: Start Menu
2 In the Control Panel, double-click Network Connections (Network and Dial-up
Connections in Windows 2000/NT).
Figure 145 Windows XP: Control Panel
3 Right-click Local Area Connection and then click Properties.
NBG318S User’s Guide
247
Appendix D Setting up Your Computer’s IP Address
Figure 146 Windows XP: Control Panel: Network Connections: Properties
4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click
Properties.
Figure 147 Windows XP: Local Area Connection Properties
5 The Internet Protocol TCP/IP Properties window opens (the General tab in
Windows XP).
• If you have a dynamic IP address click Obtain an IP address automatically.
• If you have a static IP address click Use the following IP Address and fill in the IP
address, Subnet mask, and Default gateway fields.
• Click Advanced.
248
NBG318S User’s Guide
Appendix D Setting up Your Computer’s IP Address
Figure 148 Windows XP: Internet Protocol (TCP/IP) Properties
If you do not know your gateway's IP address, remove any previously installed
gateways in the IP Settings tab and click OK.
Do one or more of the following if you want to configure additional IP addresses:
• In the IP Settings tab, in IP addresses, click Add.
• In TCP/IP Address, type an IP address in IP address and a subnet mask in Subnet
mask, and then click Add.
• Repeat the above two steps for each IP address you want to add.
• Configure additional default gateways in the IP Settings tab by clicking Add in
Default gateways.
• In TCP/IP Gateway Address, type the IP address of the default gateway in Gateway.
To manually configure a default metric (the number of transmission hops), clear the
Automatic metric check box and type a metric in Metric.
• Click Add.
• Repeat the previous three steps for each default gateway you want to add.
• Click OK when finished.
NBG318S User’s Guide
249
Appendix D Setting up Your Computer’s IP Address
Figure 149 Windows XP: Advanced TCP/IP Properties
7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows
XP):
• Click Obtain DNS server address automatically if you do not know your DNS
server IP address(es).
• If you know your DNS server IP address(es), click Use the following DNS server
addresses, and type them in the Preferred DNS server and Alternate DNS server
fields.
If you have previously configured DNS servers, click Advanced and then the DNS
tab to order them.
250
NBG318S User’s Guide
Appendix D Setting up Your Computer’s IP Address
Figure 150 Windows XP: Internet Protocol (TCP/IP) Properties
8 Click OK to close the Internet Protocol (TCP/IP) Properties window.
9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection
Properties window.
10 Close the Network Connections window (Network and Dial-up Connections in
Windows 2000/NT).
11 Turn on your Prestige and restart your computer (if prompted).
Verifying Settings
1 Click Start, All Programs, Accessories and then Command Prompt.
2 In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can
also open Network Connections, right-click a network connection, click Status and
then click the Support tab.
Macintosh OS 8/9
1 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP
Control Panel.
NBG318S User’s Guide
251
Appendix D Setting up Your Computer’s IP Address
Figure 151 Macintosh OS 8/9: Apple Menu
2 Select Ethernet built-in from the Connect via list.
Figure 152 Macintosh OS 8/9: TCP/IP
3 For dynamically assigned settings, select Using DHCP Server from the Configure: list.
4 For statically assigned settings, do the following:
252
NBG318S User’s Guide
Appendix D Setting up Your Computer’s IP Address
• From the Configure box, select Manually.
• Type your IP address in the IP Address box.
• Type your subnet mask in the Subnet mask box.
• Type the IP address of your Prestige in the Router address box.
5 Close the TCP/IP Control Panel.
6 Click Save if prompted, to save changes to your configuration.
7 Turn on your Prestige and restart your computer (if prompted).
Verifying Settings
Check your TCP/IP properties in the TCP/IP Control Panel window.
Macintosh OS X
1 Click the Apple menu, and click System Preferences to open the System Preferences
window.
Figure 153 Macintosh OS X: Apple Menu
2 Click Network in the icon bar.
• Select Automatic from the Location list.
• Select Built-in Ethernet from the Show list.
• Click the TCP/IP tab.
3 For dynamically assigned settings, select Using DHCP from the Configure list.
NBG318S User’s Guide
253
Appendix D Setting up Your Computer’s IP Address
Figure 154 Macintosh OS X: Network
4 For statically assigned settings, do the following:
• From the Configure box, select Manually.
• Type your IP address in the IP Address box.
• Type your subnet mask in the Subnet mask box.
• Type the IP address of your Prestige in the Router address box.
5 Click Apply Now and close the window.
6 Turn on your Prestige and restart your computer (if prompted).
Verifying Settings
Check your TCP/IP properties in the Network window.
Linux
This section shows you how to configure your computer’s TCP/IP settings in Red Hat Linux
9.0. Procedure, screens and file location may vary depending on your Linux distribution and
release version.
254
NBG318S User’s Guide
Appendix D Setting up Your Computer’s IP Address
Make sure you are logged in as the root administrator.
Using the K Desktop Environment (KDE)
Follow the steps below to configure your computer IP address using the KDE.
1 Click the Red Hat button (located on the bottom left corner), select System Setting and
click Network.
Figure 155 Red Hat 9.0: KDE: Network Configuration: Devices
2 Double-click on the profile of the network card you wish to configure. The Ethernet
Device General screen displays as shown.
NBG318S User’s Guide
255
Appendix D Setting up Your Computer’s IP Address
Figure 156 Red Hat 9.0: KDE: Ethernet Device: General
• If you have a dynamic IP address click Automatically obtain IP address settings
with and select dhcp from the drop down list.
• If you have a static IP address click Statically set IP Addresses and fill in the
Address, Subnet mask, and Default Gateway Address fields.
3 Click OK to save the changes and close the Ethernet Device General screen.
4 If you know your DNS server IP address(es), click the DNS tab in the Network
Configuration screen. Enter the DNS server information in the fields provided.
Figure 157 Red Hat 9.0: KDE: Network Configuration: DNS
5 Click the Devices tab.
6 Click the Activate button to apply the changes. The following screen displays. Click Yes
to save the changes in all screens.
256
NBG318S User’s Guide
Appendix D Setting up Your Computer’s IP Address
Figure 158 Red Hat 9.0: KDE: Network Configuration: Activate
7 After the network card restart process is complete, make sure the Status is Active in the
Network Configuration screen.
Using Configuration Files
Follow the steps below to edit the network configuration files and set your computer IP
address.
1 Assuming that you have only one network card on the computer, locate the ifconfigeth0 configuration file (where eth0 is the name of the Ethernet card). Open the
configuration file with any plain text editor.
• If you have a dynamic IP address, enter dhcp in the BOOTPROTO= field. The following
figure shows an example.
Figure 159 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp
USERCTL=no
PEERDNS=yes
TYPE=Ethernet
• If you have a static IP address, enter static in the BOOTPROTO= field. Type
IPADDR= followed by the IP address (in dotted decimal notation) and type NETMASK=
followed by the subnet mask. The following example shows an example where the
static IP address is 192.168.1.10 and the subnet mask is 255.255.255.0.
Figure 160 Red Hat 9.0: Static IP Address Setting in ifconfig-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.1.10
NETMASK=255.255.255.0
USERCTL=no
PEERDNS=yes
TYPE=Ethernet
NBG318S User’s Guide
257
Appendix D Setting up Your Computer’s IP Address
2 If you know your DNS server IP address(es), enter the DNS server information in the
resolv.conf file in the /etc directory. The following figure shows an example where
two DNS server IP addresses are specified.
Figure 161 Red Hat 9.0: DNS Settings in resolv.conf
nameserver 172.23.5.1
nameserver 172.23.5.2
3 After you edit and save the configuration files, you must restart the network card.
Enter./network restart in the /etc/rc.d/init.d directory. The following
figure shows an example.
Figure 162 Red Hat 9.0: Restart Ethernet Card
[root@localhost init.d]# network restart
Shutting down interface eth0:
Shutting down loopback interface:
Setting network parameters:
Bringing up loopback interface:
Bringing up interface eth0:
[OK]
[OK]
[OK]
[OK]
[OK]
23.7.1 Verifying Settings
Enter ifconfig in a terminal screen to check your TCP/IP properties.
Figure 163 Red Hat 9.0: Checking TCP/IP Properties
[root@localhost]# ifconfig
eth0
Link encap:Ethernet HWaddr 00:50:BA:72:5B:44
inet addr:172.23.19.129 Bcast:172.23.19.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:717 errors:0 dropped:0 overruns:0 frame:0
TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:730412 (713.2 Kb) TX bytes:1570 (1.5 Kb)
Interrupt:10 Base address:0x1000
[root@localhost]#
258
NBG318S User’s Guide
APPENDIX
Wireless LANs
Wireless LAN Topologies
This section discusses ad-hoc and infrastructure wireless LAN topologies.
Ad-hoc Wireless LAN Configuration
The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of
computers with wireless stations (A, B, C). Any time two or more wireless adapters are within
range of each other, they can set up an independent network, which is commonly referred to as
an Ad-hoc network or Independent Basic Service Set (IBSS). The following diagram shows an
example of notebook computers using wireless adapters to form an Ad-hoc wireless LAN.
Figure 164 Peer-to-Peer Communication in an Ad-hoc Network
BSS
A Basic Service Set (BSS) exists when all communications between wireless stations or
between a wireless station and a wired network client go through one access point (AP).
Intra-BSS traffic is traffic between wireless stations in the BSS. When Intra-BSS is enabled,
wireless station A and B can access the wired network and communicate with each other.
When Intra-BSS is disabled, wireless station A and B can still access the wired network but
cannot communicate with each other.
NBG318S User’s Guide
259
Appendix E Wireless LANs
Figure 165 Basic Service Set
ESS
An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an
access point, with each access point connected together by a wired network. This wired
connection between APs is called a Distribution System (DS).
This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not
only provide communication with the wired network but also mediate wireless network traffic
in the immediate neighborhood.
An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their
associated wireless stations within the same ESS must have the same ESSID in order to
communicate.
260
NBG318S User’s Guide
Appendix E Wireless LANs
Figure 166 Infrastructure WLAN
Channel
A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels
available depend on your geographical area. You may have a choice of channels (for your
region) so you should use a different channel than an adjacent AP (access point) to reduce
interference. Interference occurs when radio signals from different access points overlap
causing interference and degrading performance.
Adjacent channels partially overlap however. To avoid interference due to overlap, your AP
should be on a channel at least five channels away from a channel that an adjacent AP is using.
For example, if your region has 11 channels and an adjacent AP is using channel 1, then you
need to select a channel between 6 or 11.
RTS/CTS
A hidden node occurs when two stations are within range of the same access point, but are not
within range of each other. The following figure illustrates a hidden node. Both stations (STA)
are within range of the access point (AP) or wireless gateway, but out-of-range of each other,
so they cannot "hear" each other, that is they do not know if the channel is currently being
used. Therefore, they are considered hidden from each other.
NBG318S User’s Guide
261
Appendix E Wireless LANs
Figure 167
RTS/CTS
When station A sends data to the AP, it might not know that the station B is already using the
channel. If these two stations send data at the same time, collisions may occur when both sets
of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
RTS/CTS is designed to prevent collisions due to hidden nodes. An RTS/CTS defines the
biggest size data frame you can send before an RTS (Request To Send)/CTS (Clear to Send)
handshake is invoked.
When a data frame exceeds the RTS/CTS value you set (between 0 to 2432 bytes), the station
that wants to transmit this frame must first send an RTS (Request To Send) message to the AP
for permission to send it. The AP then responds with a CTS (Clear to Send) message to all
other stations within its range to notify them to defer their transmission. It also reserves and
confirms with the requesting station the time frame for the requested transmission.
Stations can send frames smaller than the specified RTS/CTS directly to the AP without the
RTS (Request To Send)/CTS (Clear to Send) handshake.
You should only configure RTS/CTS if the possibility of hidden nodes exists on your network
and the "cost" of resending large frames is more than the extra network overhead involved in
the RTS (Request To Send)/CTS (Clear to Send) handshake.
If the RTS/CTS value is greater than the Fragmentation Threshold value (see next), then the
RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will
be fragmented before they reach RTS/CTS size.
Enabling the RTS Threshold causes redundant network overhead that could
negatively affect the throughput performance instead of providing a remedy.
Fragmentation Threshold
A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432
bytes) that can be sent in the wireless network before the AP will fragment the packet into
smaller data frames.
A large Fragmentation Threshold is recommended for networks not prone to interference
while you should set a smaller threshold for busy networks or networks that are prone to
interference.
262
NBG318S User’s Guide
Appendix E Wireless LANs
If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously)
you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as
data frames will be fragmented before they reach RTS/CTS size.
Preamble Type
A preamble is used to synchronize the transmission timing in your wireless network. There are
two preamble modes: Long and Short.
Short preamble takes less time to process and minimizes overhead, so it should be used in a
good wireless network environment when all wireless stations support it.
Select Long if you have a ‘noisy’ network or are unsure of what preamble mode your wireless
stations support as all IEEE 802.11b compliant wireless adapters must support long preamble.
However, not all wireless adapters support short preamble. Use long preamble if you are
unsure what preamble mode the wireless adapters support, to ensure interpretability between
the AP and the wireless stations and to provide more reliable communication in ‘noisy’
networks.
Select Dynamic to have the AP automatically use short preamble when all wireless stations
support it, otherwise the AP uses long preamble.
The AP and the wireless stations MUST use the same preamble mode in order
to communicate.
IEEE 802.11g Wireless LAN
IEEE 802.11g is fully compatible with the IEEE 802.11b standard. This means an IEEE
802.11b adapter can interface directly with an IEEE 802.11g access point (and vice versa) at
11 Mbps or lower depending on range. IEEE 802.11g has several intermediate rate steps
between the maximum and minimum data rates. The IEEE 802.11g data rate and modulation
are as follows:
Table 109 IEEE 802.11g
DATA RATE (MBPS)
MODULATION
DBPSK (Differential Binary Phase Shift Keyed)
DQPSK (Differential Quadrature Phase Shift Keying)
5.5 / 11
CCK (Complementary Code Keying)
6/9/12/18/24/36/48/54
OFDM (Orthogonal Frequency Division Multiplexing)
IEEE 802.1x
In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to
support extended authentication as well as providing additional accounting and control
features. It is supported by Windows XP and a number of network devices. Some advantages
of IEEE 802.1x are:
NBG318S User’s Guide
263
Appendix E Wireless LANs
• User based identification that allows for roaming.
• Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for
centralized user profile and accounting management on a network RADIUS server.
• Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional
authentication methods to be deployed with no changes to the access point or the wireless
stations.
RADIUS
RADIUS is based on a client-server model that supports authentication, authorization and
accounting. The access point is the client and the server is the RADIUS server. The RADIUS
server handles the following tasks:
• Authentication
Determines the identity of the users.
• Authorization
Determines the network services available to authenticated users once they are connected
to the network.
• Accounting
Keeps track of the client’s network activity.
RADIUS is a simple package exchange in which your AP acts as a message relay between the
wireless station and the network RADIUS server.
Types of RADIUS Messages
The following types of RADIUS messages are exchanged between the access point and the
RADIUS server for user authentication:
• Access-Request
Sent by an access point requesting authentication.
• Access-Reject
Sent by a RADIUS server rejecting access.
• Access-Accept
Sent by a RADIUS server allowing access.
• Access-Challenge
Sent by a RADIUS server requesting more information in order to allow access. The
access point sends a proper response from the user and then sends another Access-Request
message.
The following types of RADIUS messages are exchanged between the access point and the
RADIUS server for user accounting:
• Accounting-Request
Sent by the access point requesting accounting.
• Accounting-Response
Sent by the RADIUS server to indicate that it has started or stopped accounting.
264
NBG318S User’s Guide
Appendix E Wireless LANs
In order to ensure network security, the access point and the RADIUS server use a shared
secret key, which is a password, they both know. The key is not sent over the network. In
addition to the shared key, password information exchanged is also encrypted to protect the
network from unauthorized access.
Types of Authentication
This appendix discusses some popular authentication types: EAP-MD5, EAP-TLS, EAPTTLS, PEAP and LEAP.
The type of authentication you use depends on the RADIUS server or the AP. Consult your
network administrator for more information.
EAP-MD5 (Message-Digest Algorithm 5)
MD5 authentication is the simplest one-way authentication method. The authentication server
sends a challenge to the wireless station. The wireless station ‘proves’ that it knows the
password by encrypting the password with the challenge and sends back the information.
Password is not sent in plain text.
However, MD5 authentication has some weaknesses. Since the authentication server needs to
get the plaintext passwords, the passwords must be stored. Thus someone other than the
authentication server may access the password file. In addition, it is possible to impersonate an
authentication server as MD5 authentication method does not perform mutual authentication.
Finally, MD5 authentication method does not support data encryption with dynamic session
key. You must configure WEP encryption keys for data encryption.
EAP-TLS (Transport Layer Security)
With EAP-TLS, digital certifications are needed by both the server and the wireless stations
for mutual authentication. The server presents a certificate to the client. After validating the
identity of the server, the client sends a different certificate to the server. The exchange of
certificates is done in the open before a secured tunnel is created. This makes user identity
vulnerable to passive attacks. A digital certificate is an electronic ID card that authenticates the
sender’s identity. However, to implement EAP-TLS, you need a Certificate Authority (CA) to
handle certificates, which imposes a management overhead.
EAP-TTLS (Tunneled Transport Layer Service)
EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the
server-side authentications to establish a secure connection. Client authentication is then done
by sending username and password through the secure connection, thus client identity is
protected. For client authentication, EAP-TTLS supports EAP methods and legacy
authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2.
NBG318S User’s Guide
265
Appendix E Wireless LANs
PEAP (Protected EAP)
Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection,
then use simple username and password methods through the secured connection to
authenticate the clients, thus hiding client identity. However, PEAP only supports EAP
methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card),
for client authentication. EAP-GTC is implemented only by Cisco.
LEAP
LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE
802.1x.
Dynamic WEP Key Exchange
The AP maps a unique key that is generated with the RADIUS server. This key expires when
the wireless connection times out, disconnects or reauthentication times out. A new WEP key
is generated each time reauthentication is performed.
If this feature is enabled, it is not necessary to configure a default encryption key in the
Wireless screen. You may still configure and store keys here, but they will not be used while
Dynamic WEP is enabled.
EAP-MD5 cannot be used with dynamic WEP key exchange
For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use
dynamic keys for data encryption. They are often deployed in corporate environments, but for
public deployment, a simple user name and password pair is more practical. The following
table is a comparison of the features of authentication types.
Table 110 Comparison of EAP Authentication Types
EAP-MD5
EAP-TLS
EAP-TTLS
PEAP
LEAP
Mutual Authentication
No
Yes
Yes
Yes
Yes
Certificate – Client
No
Yes
Optional
Optional
No
Certificate – Server
No
Yes
Yes
Yes
No
Dynamic Key Exchange
No
Yes
Yes
Yes
Yes
Credential Integrity
None
Strong
Strong
Strong
Moderate
Deployment Difficulty
Easy
Hard
Moderate
Moderate
Moderate
Client Identity Protection
No
No
Yes
Yes
No
WPA(2)
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE
802.11i) is a wireless security standard that defines stronger encryption, authentication and
key management than WPA.
266
NBG318S User’s Guide
Appendix E Wireless LANs
Key differences between WPA(2) and WEP are improved data encryption and user
authentication.
Encryption
Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol
(TKIP), Message Integrity Check (MIC) and IEEE 802.1x. In addition to TKIP, WPA2 also
uses Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining
Message authentication code Protocol (CCMP) to offer stronger encryption.
Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and
distributed by the authentication server. It includes a per-packet key mixing function, a
Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with
sequencing rules, and a re-keying mechanism.
TKIP regularly changes and rotates the encryption keys so that the same encryption key is
never used twice. The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP
that then sets up a key hierarchy and management system, using the pair-wise key to
dynamically generate unique data encryption keys to encrypt every data packet that is
wirelessly communicated between the AP and the wireless clients. This all happens in the
background automatically.
WPA2 AES (Advanced Encryption Standard) is a block cipher that uses a 256-bit
mathematical algorithm called Rijndael.
The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data
packets, altering them and resending them. The MIC provides a strong mathematical function
in which the receiver and the transmitter each compute and then compare the MIC. If they do
not match, it is assumed that the data has been tampered with and the packet is dropped.
By generating unique data encryption keys for every data packet and by creating an integrity
checking mechanism (MIC), TKIP makes it much more difficult to decode data on a Wi-Fi
network than WEP, making it difficult for an intruder to break into the network.
The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference
between the two is that WPA-PSK uses a simple common password, instead of user-specific
credentials. The common-password approach makes WPA-PSK susceptible to brute-force
password-guessing attacks but it's still an improvement over WEP as it employs an easier-touse, consistent, single, alphanumeric password.
User Authentication
WPA or WPA2 applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to
authenticate wireless clients using an external RADIUS database.
If both an AP and the wireless clients support WPA2 and you have an external RADIUS
server, use WPA2 for stronger data encryption. If you don't have an external RADIUS server,
you should use WPA2 -PSK (WPA2 -Pre-Shared Key) that only requires a single (identical)
password entered into each access point, wireless gateway and wireless client. As long as the
passwords match, a wireless client will be granted access to a WLAN.
If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending
on whether you have an external RADIUS server or not.
Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is
less secure than WPA or WPA2.
NBG318S User’s Guide
267
Appendix E Wireless LANs
23.7.2 WPA(2)-PSK Application Example
A WPA(2)-PSK application looks as follows.
1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key
(PSK) must consist of between 8 and 63 ASCII characters (including spaces and
symbols).
2 The AP checks each wireless client's password and (only) allows it to join the network if
the password matches.
3 The AP derives and distributes keys to the wireless clients.
4 The AP and wireless clients use the TKIP or AES encryption process to encrypt data
exchanged between them.
Figure 168 WPA(2)-PSK Authentication
23.7.3 WPA(2) with RADIUS Application Example
You need the IP address of the RADIUS server, its port number (default is 1812), and the
RADIUS shared secret. A WPA(2) application example with an external RADIUS server
looks as follows. "A" is the RADIUS server. "DS" is the distribution system.
1 The AP passes the wireless client's authentication request to the RADIUS server.
2 The RADIUS server then checks the user's identification against its database and grants
or denies network access accordingly.
3 The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then
sets up a key hierarchy and management system, using the pair-wise key to dynamically
generate unique data encryption keys to encrypt every data packet that is wirelessly
communicated between the AP and the wireless clients.
268
NBG318S User’s Guide
Appendix E Wireless LANs
Security Parameters Summary
Refer to this table to see what other security parameters you should configure for each
Authentication Method/ key management protocol type. MAC address filters are not
dependent on how you configure these security features.
Table 111 Wireless Security Relational Matrix
AUTHENTICATION
ENCRYPTIO
METHOD/ KEY
MANAGEMENT PROTOCOL N METHOD
ENTER
MANUAL KEY
IEEE 802.1X
Open
No
Disable
None
Enable without Dynamic WEP
Key
Open
Shared
WEP
WEP
No
Enable with Dynamic WEP Key
Yes
Enable without Dynamic WEP
Key
Yes
Disable
No
Enable with Dynamic WEP Key
Yes
Enable without Dynamic WEP
Key
Yes
Disable
WPA
TKIP
No
Enable
WPA-PSK
TKIP
Yes
Enable
WPA2
AES
No
Enable
WPA2-PSK
AES
Yes
Enable
NBG318S User’s Guide
269
Appendix E Wireless LANs
270
NBG318S User’s Guide
APPENDIX
Services
The following table lists some commonly-used services and their associated protocols and port
numbers.
• Name: This is a short, descriptive name for the service. You can use this one or create a
different one, if you like.
• Protocol: This is the type of IP protocol used by the service. If this is TCP/UDP, then the
service uses the same port number with TCP and UDP. If this is User-Defined, the Port(s)
is the IP protocol number, not the port number.
• Port(s): This value depends on the Protocol.
• If the Protocol is TCP, UDP, or TCP/UDP, this is the IP port number.
• If the Protocol is USER, this is the IP protocol number.
• Description: This is a brief explanation of the applications that use this service or the
situations in which this service is used.
Table 112 Examples of Services
NAME
PROTOCOL
PORT(S)
DESCRIPTION
AH
(IPSEC_TUNNEL)
User-Defined
51
The IPSEC AH (Authentication Header)
tunneling protocol uses this service.
AIM
TCP
5190
AOL’s Internet Messenger service.
AUTH
TCP
113
Authentication protocol used by some
servers.
BGP
TCP
179
Border Gateway Protocol.
BOOTP_CLIENT
UDP
68
DHCP Client.
BOOTP_SERVER
UDP
67
DHCP Server.
CU-SEEME
TCP/UDP
TCP/UDP
7648
24032
A popular videoconferencing solution from
White Pines Software.
DNS
TCP/UDP
53
Domain Name Server, a service that
matches web names (e.g. www.zyxel.com)
to IP numbers.
ESP
(IPSEC_TUNNEL)
User-Defined
50
The IPSEC ESP (Encapsulation Security
Protocol) tunneling protocol uses this
service.
FINGER
TCP
79
Finger is a UNIX or Internet related
command that can be used to find out if a
user is logged on.
FTP
TCP
TCP
20
21
File Transfer Program, a program to enable
fast transfer of files, including large files that
may not be possible by e-mail.
NBG318S User’s Guide
271
Appendix F Services
Table 112 Examples of Services (continued)
272
NAME
PROTOCOL
PORT(S)
DESCRIPTION
H.323
TCP
1720
NetMeeting uses this protocol.
HTTP
TCP
80
Hyper Text Transfer Protocol - a client/
server protocol for the world wide web.
HTTPS
TCP
443
HTTPS is a secured http session often used
in e-commerce.
ICMP
User-Defined
Internet Control Message Protocol is often
used for diagnostic purposes.
ICQ
UDP
4000
This is a popular Internet chat program.
IGMP (MULTICAST) User-Defined
Internet Group Multicast Protocol is used
when sending packets to a specific group of
hosts.
IKE
UDP
500
The Internet Key Exchange algorithm is
used for key distribution and management.
IMAP4
TCP
143
The Internet Message Access Protocol is
used for e-mail.
IMAP4S
TCP
993
This is a more secure version of IMAP4 that
runs over SSL.
IRC
TCP/UDP
6667
This is another popular Internet chat
program.
MSN Messenger
TCP
1863
Microsoft Networks’ messenger service
uses this protocol.
NetBIOS
TCP/UDP
TCP/UDP
TCP/UDP
TCP/UDP
137
138
139
445
The Network Basic Input/Output System is
used for communication between
computers in a LAN.
NEW-ICQ
TCP
5190
An Internet chat program.
NEWS
TCP
144
A protocol for news groups.
NFS
UDP
2049
Network File System - NFS is a client/
server distributed file service that provides
transparent file sharing for network
environments.
NNTP
TCP
119
Network News Transport Protocol is the
delivery mechanism for the USENET
newsgroup service.
PING
User-Defined
Packet INternet Groper is a protocol that
sends out ICMP echo requests to test
whether or not a remote host is reachable.
POP3
TCP
110
Post Office Protocol version 3 lets a client
computer get e-mail from a POP3 server
through a temporary connection (TCP/IP or
other).
POP3S
TCP
995
This is a more secure version of POP3 that
runs over SSL.
PPTP
TCP
1723
Point-to-Point Tunneling Protocol enables
secure transfer of data over public
networks. This is the control channel.
NBG318S User’s Guide
Appendix F Services
Table 112 Examples of Services (continued)
NAME
PROTOCOL
PORT(S)
DESCRIPTION
PPTP_TUNNEL
(GRE)
User-Defined
47
PPTP (Point-to-Point Tunneling Protocol)
enables secure transfer of data over public
networks. This is the data channel.
RCMD
TCP
512
Remote Command Service.
REAL_AUDIO
TCP
7070
A streaming audio service that enables real
time sound over the web.
REXEC
TCP
514
Remote Execution Daemon.
RLOGIN
TCP
513
Remote Login.
ROADRUNNER
TCP/UDP
1026
This is an ISP that provides services mainly
for cable modems.
RTELNET
TCP
107
Remote Telnet.
RTSP
TCP/UDP
554
The Real Time Streaming (media control)
Protocol (RTSP) is a remote control for
multimedia on the Internet.
SFTP
TCP
115
The Simple File Transfer Protocol is an old
way of transferring files between
computers.
SMTP
TCP
25
Simple Mail Transfer Protocol is the
message-exchange standard for the
Internet. SMTP enables you to move
messages from one e-mail server to
another.
SMTPS
TCP
465
This is a more secure version of SMTP that
runs over SSL.
SNMP
TCP/UDP
161
Simple Network Management Program.
SNMP-TRAPS
TCP/UDP
162
Traps for use with the SNMP (RFC:1215).
SQL-NET
TCP
1521
Structured Query Language is an interface
to access data on many different types of
database systems, including mainframes,
midrange systems, UNIX systems and
network servers.
SSDP
UDP
1900
The Simple Service Discovery Protocol
supports Universal Plug-and-Play (UPnP).
SSH
TCP/UDP
22
Secure Shell Remote Login Program.
STRM WORKS
UDP
1558
Stream Works Protocol.
SYSLOG
UDP
514
Syslog allows you to send system logs to a
UNIX server.
TACACS
UDP
49
Login Host Protocol used for (Terminal
Access Controller Access Control System).
TELNET
TCP
23
Telnet is the login and terminal emulation
protocol common on the Internet and in
UNIX environments. It operates over TCP/
IP networks. Its primary function is to allow
users to log into remote host systems.
NBG318S User’s Guide
273
Appendix F Services
Table 112 Examples of Services (continued)
274
NAME
PROTOCOL
PORT(S)
DESCRIPTION
TFTP
UDP
69
Trivial File Transfer Protocol is an Internet
file transfer protocol similar to FTP, but
uses the UDP (User Datagram Protocol)
rather than TCP (Transmission Control
Protocol).
VDOLIVE
TCP
UDP
7000
userdefined
A videoconferencing solution. The UDP port
number is specified in the application.
NBG318S User’s Guide
APPENDIX
Legal Information
Copyright
Copyright © 2006 by ZyXEL Communications Corporation.
The contents of this publication may not be reproduced in any part or as a whole, transcribed,
stored in a retrieval system, translated into any language, or transmitted in any form or by any
means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or
otherwise, without the prior written permission of ZyXEL Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimer
ZyXEL does not assume any liability arising out of the application or use of any products, or
software described herein. Neither does it convey any license under its patent rights nor the
patent rights of others. ZyXEL further reserves the right to make changes in any products
described herein without notice. This publication is subject to change without notice.
Trademarks
ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL
Communications, Inc. Other trademarks mentioned in this publication are used for
identification purposes only and may be properties of their respective owners.
Certifications
Federal Communications Commission (FCC) Interference Statement
The device complies with Part 15 of FCC rules. Operation is subject to the following two
conditions:
• This device may not cause harmful interference.
• This device must accept any interference received, including interference that may cause
undesired operations.
This device has been tested and found to comply with the limits for a Class B digital device
pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable
protection against harmful interference in a residential installation. This device generates,
uses, and can radiate radio frequency energy, and if not installed and used in accordance with
the instructions, may cause harmful interference to radio communications. However, there is
no guarantee that interference will not occur in a particular installation.
NBG318S User’s Guide
275
Appendix G Legal Information
If this device does cause harmful interference to radio/television reception, which can be
determined by turning the device off and on, the user is encouraged to try to correct the
interference by one or more of the following measures:
1 Reorient or relocate the receiving antenna.
2 Increase the separation between the equipment and the receiver.
3 Connect the equipment into an outlet on a circuit different from that to which the
receiver is connected.
4 Consult the dealer or an experienced radio/TV technician for help.
FCC Radiation Exposure Statement
• This transmitter must not be co-located or operating in conjunction with any other antenna
or transmitter.
•To comply with FCC RF exposure compliance requirements, a eparation distance of at least 20 cm
must be maintained between the antenna of this device and all persons.
注意 !
依據 低功率電波輻射性電機管理辦法
第十二條 經型式認證合格之低功率射頻電機，非經許可，公司、商號或使用
者均不得擅自變更頻率、加大功率或變更原設計之特性及功能。
第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通信；經發現
有干擾現象時，應立即停用，並改善至無干擾時方得繼續使用。
前項合法通信，指依電信規定作業之無線電信。低功率射頻電機須忍
受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。
本機限在不干擾合法電臺與不受被干擾保障條件下於室內使用。
Notices
Changes or modifications not expressly approved by the party responsible for compliance
could void the user's authority to operate the equipment.
This device has been designed for the WLAN 2.4 GHz network throughout the EC region and
Switzerland, with restrictions in France.
This Class B digital apparatus complies with Canadian ICES-003.
Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.
Viewing Certifications
1 Go to http://www.zyxel.com.
2 Select your product on the ZyXEL home page to go to that product's page.
3 Select the certification you wish to view from this page.
276
NBG318S User’s Guide
Appendix G Legal Information
ZyXEL Limited Warranty
ZyXEL warrants to the original end user (purchaser) that this product is free from any defects
in materials or workmanship for a period of up to two years from the date of purchase. During
the warranty period, and upon proof of purchase, should the product have indications of failure
due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the
defective products or components without charge for either parts or labor, and to whatever
extent it shall deem necessary to restore the product or components to proper operating
condition. Any replacement will consist of a new or re-manufactured functionally equivalent
product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty
shall not apply if the product has been modified, misused, tampered with, damaged by an act
of God, or subjected to abnormal working conditions.
Note
Repair or replacement, as provided under this warranty, is the exclusive remedy of the
purchaser. This warranty is in lieu of all other warranties, express or implied, including any
implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in
no event be held liable for indirect or consequential damages of any kind to the purchaser.
To obtain the services of this warranty, contact ZyXEL's Service Center for your Return
Material Authorization number (RMA). Products must be returned Postage Prepaid. It is
recommended that the unit be insured when shipped. Any returned products without proof of
purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of
ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products
will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty
gives you specific legal rights, and you may also have other rights that vary from country to
country.
Registration
Register your product online to receive e-mail notices of firmware upgrades and information
at www.zyxel.com for global products, or at www.us.zyxel.com for North American products.
NBG318S User’s Guide
277
Appendix G Legal Information
278
NBG318S User’s Guide
APPENDIX
Customer Support
Please have the following information ready when you contact customer support.
Required Information
•
•
•
•
Product model and serial number.
Warranty Information.
Date that you received your device.
Brief description of the problem and the steps you took to solve it.
Corporate Headquarters (Worldwide)
•
•
•
•
•
•
•
Support E-mail: support@zyxel.com.tw
Sales E-mail: sales@zyxel.com.tw
Telephone: +886-3-578-3942
Fax: +886-3-578-2439
Web Site: www.zyxel.com, www.europe.zyxel.com
FTP Site: ftp.zyxel.com, ftp.europe.zyxel.com
Regular Mail: ZyXEL Communications Corp., 6 Innovation Road II, Science Park,
Hsinchu 300, Taiwan
Costa Rica
•
•
•
•
•
•
•
Support E-mail: soporte@zyxel.co.cr
Sales E-mail: sales@zyxel.co.cr
Telephone: +506-2017878
Fax: +506-2015098
Web Site: www.zyxel.co.cr
FTP Site: ftp.zyxel.co.cr
Regular Mail: ZyXEL Costa Rica, Plaza Roble Escazú, Etapa El Patio, Tercer Piso, San
José, Costa Rica
Czech Republic
•
•
•
•
•
E-mail: info@cz.zyxel.com
Telephone: +420-241-091-350
Fax: +420-241-091-359
Web Site: www.zyxel.cz
Regular Mail: ZyXEL Communications, Czech s.r.o., Modranská 621, 143 01 Praha 4 Modrany, Ceská Republika
NBG318S User’s Guide
279
Appendix H Customer Support
Denmark
•
•
•
•
•
•
Support E-mail: support@zyxel.dk
Sales E-mail: sales@zyxel.dk
Telephone: +45-39-55-07-00
Fax: +45-39-55-07-07
Web Site: www.zyxel.dk
Regular Mail: ZyXEL Communications A/S, Columbusvej, 2860 Soeborg, Denmark
Finland
•
•
•
•
•
•
Support E-mail: support@zyxel.fi
Sales E-mail: sales@zyxel.fi
Telephone: +358-9-4780-8411
Fax: +358-9-4780 8448
Web Site: www.zyxel.fi
Regular Mail: ZyXEL Communications Oy, Malminkaari 10, 00700 Helsinki, Finland
France
•
•
•
•
•
E-mail: info@zyxel.fr
Telephone: +33-4-72-52-97-97
Fax: +33-4-72-52-19-20
Web Site: www.zyxel.fr
Regular Mail: ZyXEL France, 1 rue des Vergers, Bat. 1 / C, 69760 Limonest, France
Germany
•
•
•
•
•
•
Support E-mail: support@zyxel.de
Sales E-mail: sales@zyxel.de
Telephone: +49-2405-690969
Fax: +49-2405-6909-99
Web Site: www.zyxel.de
Regular Mail: ZyXEL Deutschland GmbH., Adenauerstr. 20/A2 D-52146, Wuerselen,
Germany
Hungary
•
•
•
•
•
•
Support E-mail: support@zyxel.hu
Sales E-mail: info@zyxel.hu
Telephone: +36-1-3361649
Fax: +36-1-3259100
Web Site: www.zyxel.hu
Regular Mail: ZyXEL Hungary, 48, Zoldlomb Str., H-1025, Budapest, Hungary
Kazakhstan
• Support: http://zyxel.kz/support
• Sales E-mail: sales@zyxel.kz
280
NBG318S User’s Guide
Appendix H Customer Support
•
•
•
•
Telephone: +7-3272-590-698
Fax: +7-3272-590-689
Web Site: www.zyxel.kz
Regular Mail: ZyXEL Kazakhstan, 43, Dostyk ave.,Office 414, Dostyk Business Centre,
050010, Almaty, Republic of Kazakhstan
North America
•
•
•
•
•
•
•
Support E-mail: support@zyxel.com
Sales E-mail: sales@zyxel.com
Telephone: +1-800-255-4101, +1-714-632-0882
Fax: +1-714-632-0858
Web Site: www.us.zyxel.com
FTP Site: ftp.us.zyxel.com
Regular Mail: ZyXEL Communications Inc., 1130 N. Miller St., Anaheim, CA 928062001, U.S.A.
Norway
•
•
•
•
•
•
Support E-mail: support@zyxel.no
Sales E-mail: sales@zyxel.no
Telephone: +47-22-80-61-80
Fax: +47-22-80-61-81
Web Site: www.zyxel.no
Regular Mail: ZyXEL Communications A/S, Nils Hansens vei 13, 0667 Oslo, Norway
Poland
•
•
•
•
•
E-mail: info@pl.zyxel.com
Telephone: +48 (22) 333 8250
Fax: +48 (22) 333 8251
Web Site: www.pl.zyxel.com
Regular Mail: ZyXEL Communications, ul. Okrzei 1A, 03-715 Warszawa, Poland
Russia
•
•
•
•
•
•
Support: http://zyxel.ru/support
Sales E-mail: sales@zyxel.ru
Telephone: +7-095-542-89-29
Fax: +7-095-542-89-25
Web Site: www.zyxel.ru
Regular Mail: ZyXEL Russia, Ostrovityanova 37a Str., Moscow, 117279, Russia
Spain
•
•
•
•
Support E-mail: support@zyxel.es
Sales E-mail: sales@zyxel.es
Telephone: +34-902-195-420
Fax: +34-913-005-345
NBG318S User’s Guide
281
Appendix H Customer Support
• Web Site: www.zyxel.es
• Regular Mail: ZyXEL Communications, Arte, 21 5ª planta, 28033 Madrid, Spain
Sweden
•
•
•
•
•
•
Support E-mail: support@zyxel.se
Sales E-mail: sales@zyxel.se
Telephone: +46-31-744-7700
Fax: +46-31-744-7701
Web Site: www.zyxel.se
Regular Mail: ZyXEL Communications A/S, Sjöporten 4, 41764 Göteborg, Sweden
Ukraine
•
•
•
•
•
•
Support E-mail: support@ua.zyxel.com
Sales E-mail: sales@ua.zyxel.com
Telephone: +380-44-247-69-78
Fax: +380-44-494-49-32
Web Site: www.ua.zyxel.com
Regular Mail: ZyXEL Ukraine, 13, Pimonenko Str., Kiev, 04050, Ukraine
United Kingdom
•
•
•
•
•
•
•
Support E-mail: support@zyxel.co.uk
Sales E-mail: sales@zyxel.co.uk
Telephone: +44-1344 303044, 08707 555779 (UK only)
Fax: +44-1344 303034
Web Site: www.zyxel.co.uk
FTP Site: ftp.zyxel.co.uk
Regular Mail: ZyXEL Communications UK, Ltd.,11 The Courtyard, Eastern Road,
Bracknell, Berkshire, RG12 2XB, United Kingdom (UK)
“+” is the (prefix) number you dial to make an international telephone call.
282
NBG318S User’s Guide
Index
Index
Numerics
802.11 Mode 88
ActiveX 142
address resolution protocol (ARP) 105
Alert 190
alternative subnet mask notation 237
any IP
note 105
AP (Access Point) 261
Asymmetrical routes 136
and IP alias 136
see also triangle routes 136
Backup configuration 205
Bandwidth management 68
application-based 153
classes and priorities 158
monitor 162
overview 153
priority 154
services 155
subnet-based 153
Bandwidth management monitor 51
Basic wireless security 59
BitTorrent 155
BSS 259
CA 265
Certificate Authority 265
certifications 275
notices 276
viewing 276
NBG318S User’s Guide
changing the NMK 110
Channel 47, 261
Interference 261
channel 73
command interface 33
Configuration 204
backup 205
reset the factory defaults 206
restore 205
contact information 279
Content Filtering
Days and Times 141
Restrict Web Features 141
Cookies 142
copyright 275
CPU usage 47
CTS (Clear to Send) 262
customer support 279
Daylight saving 188
DDNS 129
see also Dynamic DNS
DHCP 51, 115
DHCP server
see also Dynamic Host Configuration Protocol
DHCP client information 117
DHCP client list 117
DHCP server 103, 115
DHCP table 51, 117
DHCP client information
DHCP status
Dimensions 223
disclaimer 275
DNS 65, 116
DNS server
see also Domain name system
DNS (Domain Name System) 168
DNS server 116
Domain name 57
vs host name. see also system name
Domain Name System 116
duplex setting 48
283
Index
Dynamic DNS 129
Dynamic Host Configuration Protocol 115
Dynamic WEP Key Exchange 266
DynDNS Wildcard 129
Hidden Node 261
HTTP 155
Humidity 223
Hyper Text Transfer Protocol 155
EAP Authentication 265
e-mail 91
Encryption 267
encryption 76
and local (user) database 77
key 77
WPA compatible 77
ESS 260
ESSID 217
Extended Service Set 260
Extended wireless security 60
Factory LAN defaults 103
FCC interference statement 275
File Transfer Program 155
Firewall 135
Firewall overview
guidelines 136
ICMP packets 138
network security
Stateful inspection 135
ZyXEL device firewall 135
Firmware upload 203
file extension
using HTTP
firmware version 47
Fragmentation Threshold 87, 262
FTP 33, 168
FTP. see also File Transfer Program 155
IANA 242
IBSS 259
IEEE 802.11g 263
IGMP 93, 104
see also Internet Group Multicast Protocol
version
IGMP version 93, 104
Independent Basic Service Set 259
Install UPnP 173
Windows Me 173
Windows XP 174
Internet Assigned Numbers Authority
See IANA
Internet connection
Ethernet
PPPoE. see also PPP over Ethernet
PPTP
WAN connection
Internet connection wizard 60
Internet Group Multicast Protocol 93, 104
IP Address 106, 121
IP address 65
dynamic
IP alias 106
IP packet transmission 104
Broadcast
Multicast
Unicast
IP Pool 115
gateway 150
General wireless LAN screen 79
Java 142
LAN 103
284
NBG318S User’s Guide
Index
IP pool setup 103
LAN overview 103
LAN Setup 93
LAN setup 103
LAN TCP/IP 103
Link type 48
local (user) database 76
and encryption 77
Local Area Network 103
Log 189
Network Basic Input/Output System 108
NMK
changing 110
MAC 86
MAC address 75, 93
cloning 67, 93
MAC address filter 75
MAC address filtering 86
MAC filter 86
managing the device
good habits 33
using FTP. See FTP.
using Telnet. See command interface.
using the command interface. See command
interface.
using the web configurator. See web configurator.
Media access control 86
Memory usage 47
Metric 151
MSN messenger 155
MSN Webcam 155
Multicast 93, 104
IGMP 93, 104
P2P 155
peer-to-peer 155
Point-to-Point Protocol over Ethernet 61, 96
Point-to-Point Tunneling Protocol 62, 98
Pool Size 115
Port forwarding 119, 121
default server 119
example 120
local server 121
port numbers
services
port speed 48
power line network scenario 110
Power Specification 223
PPPoE 61, 96
benefits 62
dial-up connection
see also Point-to-Point Protocol over Ethernet 61
PPTP 62, 98
see also Point-to-Point Tunneling Protocol 62
Preamble Mode 263
priorities 79
Private 151
private network 110
product registration 277
NAT 119, 121, 242
overview 119
port forwarding 119
see also Network Address Translation
server sets 119
NAT session 126
NAT Traversal 171
Navigation Panel 48
navigation panel 48
NetBIOS 102, 108
see also Network Basic Input/Output System 102
Network Address Translation 119, 121
NBG318S User’s Guide
Operating Channel 47
Output Power 88
QoS 79
QoS priorities 79
Quality of Service (QoS) 88
285
Index
RADIUS 264
Shared Secret Key 265
RADIUS Message Types 264
RADIUS Messages 264
RADIUS server 76
registration
product 277
related documentation 3
Remote management 165
and NAT 166
and the firewall 165
FTP 168
limitations 165
remote management session 165
system timeout 166
Reset button 45, 206
Reset the device 45
Restore configuration 205
Restrict Web Features 142
RF (Radio Frequency) 224
RoadRunner 95
Roaming 87
roaming 77
requirements 78
RTS (Request To Send) 262
RTS Threshold 261, 262
RTS/CTS Threshold 87
safety warnings 6
Security Parameters 269
Service and port numbers 156
Service Set 80
Service Set IDentification 80
Service Set IDentity. See SSID.
services
and port numbers 271
and protocols 271
Session Initiated Protocol 155
Simple Mail Transfer Protocol 192
SIP 155
SMTP 192
SNMP 136
SSID 47, 73, 80
Static DHCP 116
Static Route 149
286
Static route
and remote node
overview
Status 45
subnet 235
Subnet Mask 106
subnet mask 65, 236
subnetting 238
Summary 51
Bandwidth management monitor 51
DHCP table 51
Packet statistics 52
Wireless station status 53
syntax conventions 4
System General Setup 185
System Name 186
System name 56
vs computer name
System restart 206
TCP/IP configuration 115
Telnet 166
Temperature 223
Time setting 186
trademarks 275
Triangle routes
and IP alias 136
see also asymmetrical routes 136
trigger port 124
Trigger port forwarding 124
example 124
process 124
Universal Plug and Play 171
Application 171
UPnP 171
Forum 172
security issues 171
URL Keyword Blocking 142
Use Authentication 267
user authentication 76
local (user) database 76
RADIUS server 76
User Name 130
NBG318S User’s Guide
Index
VoIP 155
VPN 98
WAN
IP address assignment 64
WAN advanced 101
WAN IP address 64
WAN IP address assignment 66
WAN MAC address 93
warranty 277
note 277
Web Configurator
how to access 43
Overview 43
Web configurator
navigating 45
web configurator 33
Web Proxy 142
WEP Encryption 82
WEP encryption 81
WEP key 81
Wi-Fi Multimedia QoS 79
Wildcard 129
Windows Networking 108
Wireless association list 53
wireless channel 217
wireless LAN 217
Wireless LAN wizard 57
Wireless network
basic guidelines 73
channel 73
encryption 76
example 73
MAC address filter 75
overview 73
security 74
SSID 73
Wireless security 74
overview 75
type 75
wireless security 217
Wireless tutorial 35
Wizard setup 55
Bandwidth management 68
complete 69
Internet connection 60
NBG318S User’s Guide
system information 56
wireless LAN 57
WLAN
Interference 261
Security Parameters 269
WMM 79
WMM priorities 79
World Wide Web 155
WPA compatible 77
WPA, WPA2 266
WWW 91, 155
Xbox Live 155
ZyNOS 47
287
Index
288
NBG318S User’s Guide
Source Exif Data: 
File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.4
Linearized                      : No
Modify Date                     : 2007:07:03 18:07:10+08:00
Create Date                     : 2007:07:03 18:06:37+08:00
Title                           : NBG-318 User’s Guide
Author                          : Adrian Reid
Creator                         : FrameMaker 7.1
Producer                        : Acrobat Distiller 5.0.5 (Windows)
Page Count                      : 58
Mod Date                        : 2007:07:03 18:07:10+08:00
Creation Date                   : 2007:07:03 18:06:37+08:00
Metadata Date                   : 2007:07:03 18:07:10+08:00

EXIF Metadata provided by EXIF.tools
FCC ID Filing: I88NBG318S

				
				

							
		
		

			
Navigation menu