ZyXEL Communications NBG334SH1 Wireless Router User Manual SMG 700 User s Guide V1 00 Nov 2004

ZyXEL Communications Corporation Wireless Router SMG 700 User s Guide V1 00 Nov 2004

users manual pt3

Download: ZyXEL Communications NBG334SH1 Wireless Router User Manual SMG 700 User        s Guide V1 00  Nov 2004
Mirror Download [FCC.gov]ZyXEL Communications NBG334SH1 Wireless Router User Manual SMG 700 User        s Guide V1 00  Nov 2004
Document ID811558
Application IDQiLVaYPocTl+3smNH+tr+Q==
Document Descriptionusers manual pt3
Short Term ConfidentialNo
Permanent ConfidentialNo
SupercedeNo
Document TypeUser Manual
Display FormatAdobe Acrobat PDF - pdf
Filesize102.16kB (1276972 bits)
Date Submitted2007-07-03 00:00:00
Date Available2007-07-05 00:00:00
Creation Date2007-07-02 15:53:21
Producing SoftwareAcrobat Distiller 5.0.5 (Windows)
Document Lastmod2007-07-02 15:53:36
Document TitleSMG-700 User’s Guide V1.00 (Nov 2004)
Document CreatorFrameMaker 7.1
Document Author: Cindy Yang

Chapter 16 Universal Plug-and-Play (UPnP)
Figure 95 Internet Connection Properties
4 You may edit or delete the port mappings or click Add to manually add port mappings.
ZyXEL NBG-334SH User’s Guide
161
Chapter 16 Universal Plug-and-Play (UPnP)
Figure 96 Internet Connection Properties: Advanced Settings
Figure 97 Internet Connection Properties: Advanced Settings: Add
5 When the UPnP-enabled device is disconnected from your computer, all port mappings
will be deleted automatically.
6 Select Show icon in notification area when connected option and click OK. An icon
displays in the system tray.
162
ZyXEL NBG-334SH User’s Guide
Chapter 16 Universal Plug-and-Play (UPnP)
Figure 98 System Tray Icon
7 Double-click on the icon to display your current Internet connection status.
Figure 99 Internet Connection Status
Web Configurator Easy Access
With UPnP, you can access the web-based configurator on the ZyXEL Device without finding
out the IP address of the ZyXEL Device first. This comes helpful if you do not know the IP
address of the ZyXEL Device.
Follow the steps below to access the web configurator.
1 Click Start and then Control Panel.
2 Double-click Network Connections.
3 Select My Network Places under Other Places.
ZyXEL NBG-334SH User’s Guide
163
Chapter 16 Universal Plug-and-Play (UPnP)
Figure 100 Network Connections
4 An icon with the description for each UPnP-enabled device displays under Local
Network.
5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator
login screen displays.
164
ZyXEL NBG-334SH User’s Guide
Chapter 16 Universal Plug-and-Play (UPnP)
Figure 101 Network Connections: My Network Places
6 Right-click on the icon for your ZyXEL Device and select Properties. A properties
window displays with basic information about the ZyXEL Device.
Figure 102 Network Connections: My Network Places: Properties: Example
ZyXEL NBG-334SH User’s Guide
165
Chapter 16 Universal Plug-and-Play (UPnP)
166
ZyXEL NBG-334SH User’s Guide
P ART IV
Maintenance and
Troubleshooting
System (169)
Logs (173)
Tools (187)
Configuration Mode (193)
Troubleshooting (195)
167
168
CHAPTER
17
System
This chapter provides information on the System screens.
17.1 System Overview
See the chapter about wizard setup for more information on the next few screens.
17.2 System General Screen
Click Maintenance > System. The following screen displays.
Figure 103 System General
ZyXEL NBG-334SH User’s Guide
169
Chapter 17 System
The following table describes the labels in this screen.
Table 67 System General
LABEL
DESCRIPTION
System Name
System Name is a unique name to identify the ZyXEL Device in an Ethernet
network. It is recommended you enter your computer’s “Computer name” in this
field (see the chapter about wizard setup for how to find your computer’s name).
This name can be up to 30 alphanumeric characters long. Spaces are not
allowed, but dashes “-” and underscores "_" are accepted.
Domain Name
Enter the domain name (if you know it) here. If you leave this field blank, the ISP
may assign a domain name via DHCP.
The domain name entered by you is given priority over the ISP assigned domain
name.
Administrator
Inactivity Timer
Type how many minutes a management session can be left idle before the
session times out. The default is 5 minutes. After it times out you have to log in
with your password again. Very long idle timeouts may have security risks. A
value of "0" means a management session never times out, no matter how long it
has been left idle (not recommended).
Password Setup
Change your ZyXEL Device’s password (recommended) using the fields as
shown.
Old Password
Type the default password or the existing password you use to access the
system in this field.
New Password
Type your new system password (up to 30 characters). Note that as you type a
password, the screen displays an asterisk (*) for each character you type.
Retype to Confirm
Type the new password again in this field.
Apply
Click Apply to save your changes back to the ZyXEL Device.
Reset
Click Reset to begin configuring this screen afresh.
17.3 Time Setting Screen
To change your ZyXEL Device’s time and date, click Maintenance > System > Time
Setting. The screen appears as shown. Use this screen to configure the ZyXEL Device’s time
based on your local time zone.
170
ZyXEL NBG-334SH User’s Guide
Chapter 17 System
Figure 104 Time Setting
The following table describes the labels in this screen.
Table 68 Time Setting
LABEL
DESCRIPTION
Current Time and
Date
Current Time
This field displays the time of your ZyXEL Device.
Each time you reload this page, the ZyXEL Device synchronizes the time with
the time server.
Current Date
This field displays the date of your ZyXEL Device.
Each time you reload this page, the ZyXEL Device synchronizes the date with
the time server.
Time and Date
Setup
Manual
Select this radio button to enter the time and date manually. If you configure a
new time and date, Time Zone and Daylight Saving at the same time, the new
time and date you entered has priority and the Time Zone and Daylight Saving
settings do not affect it.
New Time
(hh:mm:ss)
This field displays the last updated time from the time server or the last time
configured manually.
When you set Time and Date Setup to Manual, enter the new time in this field
and then click Apply.
New Date
(yyyy/mm/dd)
This field displays the last updated date from the time server or the last date
configured manually.
When you set Time and Date Setup to Manual, enter the new date in this field
and then click Apply.
ZyXEL NBG-334SH User’s Guide
171
Chapter 17 System
Table 68 Time Setting
LABEL
DESCRIPTION
Get from Time
Server
Select this radio button to have the ZyXEL Device get the time and date from
the time server you specified below.
Auto
Select Auto to have the ZyXEL Device automatically search for an available
time server and synchronize the date and time with the time server after you
click Apply.
User Defined Time
Server Address
Select User Defined Time Server Address and enter the IP address or URL
(up to 20 extended ASCII characters in length) of your time server. Check with
your ISP/network administrator if you are unsure of this information.
Time Zone Setup
172
Time Zone
Choose the time zone of your location. This will set the time difference between
your time zone and Greenwich Mean Time (GMT).
Daylight Savings
Daylight saving is a period from late spring to early fall when many countries set
their clocks ahead of normal local time by one hour to give more daytime light in
the evening.
Select this option if you use Daylight Saving Time.
Start Date
Configure the day and time when Daylight Saving Time starts if you selected
Daylight Savings. The o'clock field uses the 24 hour format. Here are a
couple of examples:
Daylight Saving Time starts in most parts of the United States on the first
Sunday of April. Each time zone in the United States starts using Daylight
Saving Time at 2 A.M. local time. So in the United States you would select
First, Sunday, April and type 2 in the o'clock field.
Daylight Saving Time starts in the European Union on the last Sunday of March.
All of the time zones in the European Union start using Daylight Saving Time at
the same moment (1 A.M. GMT or UTC). So in the European Union you would
select Last, Sunday, March. The time you type in the o'clock field depends on
your time zone. In Germany for instance, you would type 2 because Germany's
time zone is one hour ahead of GMT or UTC (GMT+1).
End Date
Configure the day and time when Daylight Saving Time ends if you selected
Daylight Savings. The o'clock field uses the 24 hour format. Here are a
couple of examples:
Daylight Saving Time ends in the United States on the last Sunday of October.
Each time zone in the United States stops using Daylight Saving Time at 2 A.M.
local time. So in the United States you would select Last, Sunday, October
and type 2 in the o'clock field.
Daylight Saving Time ends in the European Union on the last Sunday of
October. All of the time zones in the European Union stop using Daylight Saving
Time at the same moment (1 A.M. GMT or UTC). So in the European Union you
would select Last, Sunday, October. The time you type in the o'clock field
depends on your time zone. In Germany for instance, you would type 2 because
Germany's time zone is one hour ahead of GMT or UTC (GMT+1).
Apply
Click Apply to save your changes back to the ZyXEL Device.
Reset
Click Reset to begin configuring this screen afresh.
ZyXEL NBG-334SH User’s Guide
CHAPTER
18
Logs
This chapter contains information about configuring general log settings and viewing the
ZyXEL Device’s logs. Refer to the appendices for example log message explanations.
18.1 View Log
The web configurator allows you to look at all of the ZyXEL Device’s logs in one location.
Click Maintenance > Logs to open the View Log screen.
Use the View Log screen to see the logs for the categories that you selected in the Log
Settings screen (see Section 18.2 on page 174). Options include logs about system
maintenance, system errors, access control, allowed or blocked web sites, blocked web
features (such as ActiveX controls, Java and cookies), attacks (such as DoS) and IPSec.
Log entries in red indicate system error logs. The log wraps around and deletes the old entries
after it fills. Click a column heading to sort the entries. A triangle indicates ascending or
descending sort order.
Figure 105 View Log
ZyXEL NBG-334SH User’s Guide
173
Chapter 18 Logs
The following table describes the labels in this screen.
Table 69 View Log
LABEL
DESCRIPTION
Display
The categories that you select in the Log Settings page (see Section 18.2 on
page 174) display in the drop-down list box.
Select a category of logs to view; select All Logs to view logs from all of the log
categories that you selected in the Log Settings page.
Time
This field displays the time the log was recorded. See the chapter on system
maintenance and information to configure the ZyXEL Device’s time and date.
Message
This field states the reason for the log.
Source
This field lists the source IP address and the port number of the incoming
packet.
Destination
This field lists the destination IP address and the port number of the incoming
packet.
Note
This field displays additional information about the log entry.
Email Log Now
Click Email Log Now to send the log screen to the e-mail address specified in
the Log Settings page (make sure that you have first filled in the Address Info
fields in Log Settings).
Refresh
Click Refresh to renew the log screen.
Clear Log
Click Clear Log to delete all the logs.
18.2 Log Settings
You can configure the ZyXEL Device’s general log settings in one location.
Click Maintenance > Logs > Log Settings to open the Log Settings screen.
Use the Log Settings screen to configure to where the ZyXEL Device is to send logs; the
schedule for when the ZyXEL Device is to send the logs and which logs and/or immediate
alerts the ZyXEL Device to send.
An alert is a type of log that warrants more serious attention. They include system errors,
attacks (access control) and attempted access to blocked web sites or web sites with restricted
web features such as cookies, active X and so on. Some categories such as System Errors
consist of both logs and alerts. You may differentiate them by their color in the View Log
screen. Alerts display in red and logs display in black.
Alerts are e-mailed as soon as they happen. Logs may be e-mailed as soon as the log is full
(see Log Schedule). Selecting many alert and/or log categories (especially Access Control)
may result in many e-mails being sent.
174
ZyXEL NBG-334SH User’s Guide
Chapter 18 Logs
Figure 106 Log Settings
The following table describes the labels in this screen.
Table 70 Log Settings
LABEL
DESCRIPTION
E-mail Log Settings
Mail Server
Enter the server name or the IP address of the mail server for the e-mail
addresses specified below. If this field is left blank, logs and alert messages will
not be sent via E-mail.
Mail Subject
Type a title that you want to be in the subject line of the log e-mail message that
the ZyXEL Device sends. Not all ZyXEL Device models have this field.
Send Log To
The ZyXEL Device sends logs to the e-mail address specified in this field. If this
field is left blank, the ZyXEL Device does not send logs via e-mail.
ZyXEL NBG-334SH User’s Guide
175
Chapter 18 Logs
Table 70 Log Settings
LABEL
DESCRIPTION
Send Alerts To
Alerts are real-time notifications that are sent as soon as an event, such as a
DoS attack, system error, or forbidden web access attempt occurs. Enter the Email address where the alert messages will be sent. Alerts include system
errors, attacks and attempted access to blocked web sites. If this field is left
blank, alert messages will not be sent via E-mail.
SMTP
Authentication
SMTP (Simple Mail Transfer Protocol) is the message-exchange standard for
the Internet. SMTP enables you to move messages from one e-mail server to
another.
Select the check box to activate SMTP authentication. If mail server
authentication is needed but this feature is disabled, you will not receive the email logs.
User Name
Enter the user name (up to 31 characters) (usually the user name of a mail
account).
Password
Enter the password associated with the user name above.
Log Schedule
This drop-down menu is used to configure the frequency of log messages being
sent as E-mail:
• Daily
• Weekly
• Hourly
• When Log is Full
• None.
If you select Weekly or Daily, specify a time of day when the E-mail should be
sent. If you select Weekly, then also specify which day of the week the E-mail
should be sent. If you select When Log is Full, an alert is sent when the log fills
up. If you select None, no log messages are sent.
Day for Sending Log Use the drop down list box to select which day of the week to send the logs.
176
Time for Sending
Log
Enter the time of the day in 24-hour format (for example 23:00 equals 11:00 pm)
to send the logs.
Clear log after
sending mail
Select the checkbox to delete all the logs after the ZyXEL Device sends an Email of the logs.
Syslog Logging
The ZyXEL Device sends a log to an external syslog server.
Active
Click Active to enable syslog logging.
Syslog Server IP
Address
Enter the server name or IP address of the syslog server that will log the
selected categories of logs.
Log Facility
Select a location from the drop down list box. The log facility allows you to log
the messages to different files in the syslog server. Refer to the syslog server
manual for more information.
Log
Select the categories of logs that you want to record.
Send Immediate
Alert
Select log categories for which you want the ZyXEL Device to send E-mail
alerts immediately.
Apply
Click Apply to save your changes.
Reset
Click Reset to begin configuring this screen afresh.
ZyXEL NBG-334SH User’s Guide
Chapter 18 Logs
18.3 Log Descriptions
This section provides descriptions of example log messages.
Table 71 System Maintenance Logs
LOG MESSAGE
DESCRIPTION
Time calibration is
successful
The router has adjusted its time based on information from
the time server.
Time calibration failed
The router failed to get information from the time server.
WAN interface gets IP:%s
A WAN interface got a new IP address from the DHCP,
PPPoE, PPTP or dial-up server.
DHCP client IP expired
A DHCP client's IP address has expired.
DHCP server assigns%s
The DHCP server assigned an IP address to a client.
Successful WEB login
Someone has logged on to the router's web configurator
interface.
WEB login failed
Someone has failed to log on to the router's web configurator
interface.
Successful TELNET login
Someone has logged on to the router via telnet.
TELNET login failed
Someone has failed to log on to the router via telnet.
Successful FTP login
Someone has logged on to the router via ftp.
FTP login failed
Someone has failed to log on to the router via ftp.
NAT Session Table is Full!
The maximum number of NAT session table entries has been
exceeded and the table is full.
Starting Connectivity
Monitor
Starting Connectivity Monitor.
Time initialized by Daytime
Server
The router got the time and date from the Daytime server.
Time initialized by Time
server
The router got the time and date from the time server.
Time initialized by NTP
server
The router got the time and date from the NTP server.
Connect to Daytime server
fail
The router was not able to connect to the Daytime server.
Connect to Time server fail
The router was not able to connect to the Time server.
Connect to NTP server fail
The router was not able to connect to the NTP server.
Too large ICMP packet has
been dropped
The router dropped an ICMP packet that was too large.
Configuration Change: PC =
0x%x, Task ID = 0x%x
The router is saving configuration changes.
Successful SSH login
Someone has logged on to the router’s SSH server.
SSH login failed
Someone has failed to log on to the router’s SSH server.
Successful HTTPS login
Someone has logged on to the router's web configurator
interface using HTTPS protocol.
HTTPS login failed
Someone has failed to log on to the router's web configurator
interface using HTTPS protocol.
ZyXEL NBG-334SH User’s Guide
177
Chapter 18 Logs
Table 72 System Error Logs
LOG MESSAGE
DESCRIPTION
%s exceeds the max.
number of session per
host!
This attempt to create a NAT session exceeds the maximum
number of NAT session table entries allowed to be created per
host.
setNetBIOSFilter: calloc
error
The router failed to allocate memory for the NetBIOS filter
settings.
readNetBIOSFilter: calloc
error
The router failed to allocate memory for the NetBIOS filter
settings.
WAN connection is down.
A WAN connection is down. You cannot access the network
through this interface.
Table 73 Access Control Logs
LOG MESSAGE
DESCRIPTION
Firewall default policy: [TCP |
UDP | IGMP | ESP | GRE | OSPF]

Attempted TCP/UDP/IGMP/ESP/GRE/OSPF access
matched the default policy and was blocked or forwarded
according to the default policy’s setting.
Firewall rule [NOT] match:[TCP |
UDP | IGMP | ESP | GRE | OSPF]
, 
Attempted TCP/UDP/IGMP/ESP/GRE/OSPF access
matched (or did not match) a configured firewall rule
(denoted by its number) and was blocked or forwarded
according to the rule.
Triangle route packet forwarded:
[TCP | UDP | IGMP | ESP | GRE |
OSPF]
The firewall allowed a triangle route session to pass
through.
Packet without a NAT table entry
blocked: [TCP | UDP | IGMP | ESP
| GRE | OSPF]
The router blocked a packet that didn't have a
corresponding NAT table entry.
Router sent blocked web site
message: TCP
The router sent a message to notify a user that the router
blocked access to a web site that the user requested.
Table 74 TCP Reset Logs
178
LOG MESSAGE
DESCRIPTION
Under SYN flood attack,
sent TCP RST
The router sent a TCP reset packet when a host was under a SYN
flood attack (the TCP incomplete count is per destination host.)
Exceed TCP MAX
incomplete, sent TCP RST
The router sent a TCP reset packet when the number of TCP
incomplete connections exceeded the user configured threshold.
(the TCP incomplete count is per destination host.) Note: Refer to
TCP Maximum Incomplete in the Firewall Attack Alerts screen.
Peer TCP state out of
order, sent TCP RST
The router sent a TCP reset packet when a TCP connection state
was out of order.Note: The firewall refers to RFC793 Figure 6 to
check the TCP state.
ZyXEL NBG-334SH User’s Guide
Chapter 18 Logs
Table 74 TCP Reset Logs (continued)
LOG MESSAGE
DESCRIPTION
Firewall session time
out, sent TCP RST
The router sent a TCP reset packet when a dynamic firewall
session timed out.
The default timeout values are as follows:
ICMP idle timeout: 3 minutes
UDP idle timeout: 3 minutes
TCP connection (three way handshaking) timeout: 270 seconds
TCP FIN-wait timeout: 2 MSL (Maximum Segment Lifetime set in
the TCP header).
TCP idle (established) timeout (s): 150 minutes
TCP reset timeout: 10 seconds
Exceed MAX incomplete,
sent TCP RST
The router sent a TCP reset packet when the number of
incomplete connections (TCP and UDP) exceeded the userconfigured threshold. (Incomplete count is for all TCP and UDP
connections through the firewall.)Note: When the number of
incomplete connections (TCP + UDP) > “Maximum Incomplete
High”, the router sends TCP RST packets for TCP connections
and destroys TOS (firewall dynamic sessions) until incomplete
connections < “Maximum Incomplete Low”.
Access block, sent TCP
RST
The router sends a TCP RST packet and generates this log if you
turn on the firewall TCP reset mechanism (via CI command: "sys
firewall tcprst").
Table 75 Packet Filter Logs
LOG MESSAGE
DESCRIPTION
[TCP | UDP | ICMP | IGMP |
Generic] packet filter
matched (set:%d, rule:%d)
Attempted access matched a configured filter rule (denoted
by its set and rule number) and was blocked or forwarded
according to the rule.
Table 76 ICMP Logs
LOG MESSAGE
DESCRIPTION
Firewall default policy: ICMP
, ,

ICMP access matched the default policy and was
blocked or forwarded according to the user's setting. For
type and code details, see Table 85 on page 184.
Firewall rule [NOT] match: ICMP
, ,
, 
ICMP access matched (or didn’t match) a firewall rule
(denoted by its number) and was blocked or forwarded
according to the rule. For type and code details, see
Table 85 on page 184.
Triangle route packet forwarded:
ICMP
The firewall allowed a triangle route session to pass
through.
Packet without a NAT table entry
blocked: ICMP
The router blocked a packet that didn’t have a
corresponding NAT table entry.
Unsupported/out-of-order ICMP:
ICMP
The firewall does not support this kind of ICMP packets
or the ICMP packets are out of order.
Router reply ICMP packet: ICMP
The router sent an ICMP reply packet to the sender.
ZyXEL NBG-334SH User’s Guide
179
Chapter 18 Logs
Table 77 CDR Logs
LOG MESSAGE
DESCRIPTION
board%d line%d channel%d,
call%d,%s C01 Outgoing Call
dev=%x ch=%x%s
The router received the setup requirements for a call. “call” is
the reference (count) number of the call. “dev” is the device
type (3 is for dial-up, 6 is for PPPoE, 10 is for PPTP).
"channel" or “ch” is the call channel ID.For example,"board 0
line 0 channel 0, call 3, C01 Outgoing Call dev=6 ch=0
"Means the router has dialed to the PPPoE server 3 times.
board%d line%d channel%d,
call%d,%s C02 OutCall
Connected%d%s
The PPPoE, PPTP or dial-up call is connected.
board%d line%d channel%d,
call%d,%s C02 Call
Terminated
The PPPoE, PPTP or dial-up call was disconnected.
Table 78 PPP Logs
LOG MESSAGE
DESCRIPTION
ppp:LCP Starting
The PPP connection’s Link Control Protocol stage has started.
ppp:LCP Opening
The PPP connection’s Link Control Protocol stage is opening.
ppp:CHAP Opening
The PPP connection’s Challenge Handshake Authentication Protocol stage is
opening.
ppp:IPCP
Starting
The PPP connection’s Internet Protocol Control Protocol stage is starting.
ppp:IPCP Opening
The PPP connection’s Internet Protocol Control Protocol stage is opening.
ppp:LCP Closing
The PPP connection’s Link Control Protocol stage is closing.
ppp:IPCP Closing
The PPP connection’s Internet Protocol Control Protocol stage is closing.
Table 79 UPnP Logs
LOG MESSAGE
DESCRIPTION
UPnP pass through Firewall
UPnP packets can pass through the firewall.
Table 80 Content Filtering Logs
LOG MESSAGE
DESCRIPTION
%s: Keyword blocking
The content of a requested web page matched a user defined
keyword.
%s: Not in trusted web
list
The web site is not in a trusted domain, and the router blocks all traffic
except trusted domain sites.
%s: Forbidden Web site The web site is in the forbidden web site list.
180
%s: Contains ActiveX
The web site contains ActiveX.
%s: Contains Java
applet
The web site contains a Java applet.
%s: Contains cookie
The web site contains a cookie.
ZyXEL NBG-334SH User’s Guide
Chapter 18 Logs
Table 80 Content Filtering Logs (continued)
LOG MESSAGE
DESCRIPTION
%s: Proxy mode
detected
The router detected proxy mode in the packet.
%s
The content filter server responded that the web site is in the blocked
category list, but it did not return the category type.
%s:%s
The content filter server responded that the web site is in the blocked
category list, and returned the category type.
%s(cache hit)
The system detected that the web site is in the blocked list from the
local cache, but does not know the category type.
%s:%s(cache hit)
The system detected that the web site is in blocked list from the local
cache, and knows the category type.
%s: Trusted Web site
The web site is in a trusted domain.
%s
When the content filter is not on according to the time schedule or you
didn't select the "Block Matched Web Site” check box, the system
forwards the web content.
Waiting content filter
server timeout
The external content filtering server did not respond within the timeout
period.
DNS resolving failed
The ZyXEL Device cannot get the IP address of the external content
filtering via DNS query.
Creating socket failed The ZyXEL Device cannot issue a query because TCP/IP socket
creation failed, port:port number.
Connecting to content
filter server fail
The connection to the external content filtering server failed.
License key is invalid The external content filtering license key is invalid.
Table 81 Attack Logs
LOG MESSAGE
DESCRIPTION
attack [TCP | UDP | IGMP
| ESP | GRE | OSPF]
The firewall detected a TCP/UDP/IGMP/ESP/GRE/OSPF attack.
attack ICMP (type:%d,
code:%d)
The firewall detected an ICMP attack. For type and code details,
see Table 85 on page 184.
land [TCP | UDP | IGMP |
ESP | GRE | OSPF]
The firewall detected a TCP/UDP/IGMP/ESP/GRE/OSPF land
attack.
land ICMP (type:%d,
code:%d)
The firewall detected an ICMP land attack. For type and code
details, see Table 85 on page 184.
ip spoofing - WAN [TCP |
UDP | IGMP | ESP | GRE |
OSPF]
The firewall detected an IP spoofing attack on the WAN port.
ip spoofing - WAN ICMP
(type:%d, code:%d)
The firewall detected an ICMP IP spoofing attack on the WAN
port. For type and code details, see Table 85 on page 184.
icmp echo: ICMP (type:%d,
code:%d)
The firewall detected an ICMP echo attack. For type and code
details, see Table 85 on page 184.
syn flood TCP
The firewall detected a TCP syn flood attack.
ports scan TCP
The firewall detected a TCP port scan attack.
teardrop TCP
The firewall detected a TCP teardrop attack.
ZyXEL NBG-334SH User’s Guide
181
Chapter 18 Logs
Table 81 Attack Logs (continued)
LOG MESSAGE
DESCRIPTION
teardrop UDP
The firewall detected an UDP teardrop attack.
teardrop ICMP (type:%d,
code:%d)
The firewall detected an ICMP teardrop attack. For type and code
details, see Table 85 on page 184.
illegal command TCP
The firewall detected a TCP illegal command attack.
NetBIOS TCP
The firewall detected a TCP NetBIOS attack.
ip spoofing - no routing
entry [TCP | UDP | IGMP |
ESP | GRE | OSPF]
The firewall classified a packet with no source routing entry as an
IP spoofing attack.
ip spoofing - no routing
entry ICMP (type:%d,
code:%d)
The firewall classified an ICMP packet with no source routing
entry as an IP spoofing attack.
vulnerability ICMP
(type:%d, code:%d)
The firewall detected an ICMP vulnerability attack. For type and
code details, see Table 85 on page 184.
traceroute ICMP (type:%d,
code:%d)
The firewall detected an ICMP traceroute attack. For type and
code details, see Table 85 on page 184.
Table 82 PKI Logs
182
LOG MESSAGE
DESCRIPTION
Enrollment successful
The SCEP online certificate enrollment was successful. The
Destination field records the certification authority server IP address
and port.
Enrollment failed
The SCEP online certificate enrollment failed. The Destination field
records the certification authority server’s IP address and port.
Failed to resolve

The SCEP online certificate enrollment failed because the certification
authority server’s address cannot be resolved.
Enrollment successful
The CMP online certificate enrollment was successful. The Destination
field records the certification authority server’s IP address and port.
Enrollment failed
The CMP online certificate enrollment failed. The Destination field
records the certification authority server’s IP address and port.
Failed to resolve 
The CMP online certificate enrollment failed because the certification
authority server’s IP address cannot be resolved.
Rcvd ca cert: 
The router received a certification authority certificate, with subject
name as recorded, from the LDAP server whose IP address and port
are recorded in the Source field.
Rcvd user cert:

The router received a user certificate, with subject name as recorded,
from the LDAP server whose IP address and port are recorded in the
Source field.
Rcvd CRL :

The router received a CRL (Certificate Revocation List), with size and
issuer name as recorded, from the LDAP server whose IP address and
port are recorded in the Source field.
Rcvd ARL :

The router received an ARL (Authority Revocation List), with size and
issuer name as recorded, from the LDAP server whose address and
port are recorded in the Source field.
ZyXEL NBG-334SH User’s Guide
Chapter 18 Logs
Table 82 PKI Logs (continued)
LOG MESSAGE
DESCRIPTION
Failed to decode the
received ca cert
The router received a corrupted certification authority certificate from
the LDAP server whose address and port are recorded in the Source
field.
Failed to decode the
received user cert
The router received a corrupted user certificate from the LDAP server
whose address and port are recorded in the Source field.
Failed to decode the
received CRL
The router received a corrupted CRL (Certificate Revocation List) from
the LDAP server whose address and port are recorded in the Source
field.
Failed to decode the
received ARL
The router received a corrupted ARL (Authority Revocation List) from
the LDAP server whose address and port are recorded in the Source
field.
Rcvd data  too
large! Max size
allowed: 
The router received directory data that was too large (the size is listed)
from the LDAP server whose address and port are recorded in the
Source field. The maximum size of directory data that the router allows
is also recorded.
Cert trusted: 
The router has verified the path of the certificate with the listed subject
name.
Due to ,
cert not trusted:

Due to the reasons listed, the certificate with the listed subject name
has not passed the path verification. The recorded reason codes are
only approximate reasons for not trusting the certificate. Please see
Table 85 on page 184 for the corresponding descriptions of the codes.
Table 83 802.1X Logs
LOG MESSAGE
DESCRIPTION
Local User Database accepts
user.
A user was authenticated by the local user database.
Local User Database reports user
credential error.
A user was not authenticated by the local user database
because of an incorrect user password.
Local User Database does not
find user`s credential.
A user was not authenticated by the local user database
because the user is not listed in the local user database.
RADIUS accepts user.
A user was authenticated by the RADIUS Server.
RADIUS rejects user. Pls check
RADIUS Server.
A user was not authenticated by the RADIUS Server.
Please check the RADIUS Server.
Local User Database does not
support authentication method.
The local user database only supports the EAP-MD5
method. A user tried to use another authentication
method and was not authenticated.
User logout because of session
timeout expired.
The router logged out a user whose session expired.
User logout because of user
deassociation.
The router logged out a user who ended the session.
User logout because of no
authentication response from
user.
The router logged out a user from which there was no
authentication response.
User logout because of idle
timeout expired.
The router logged out a user whose idle timeout period
expired.
User logout because of user
request.
A user logged out.
ZyXEL NBG-334SH User’s Guide
183
Chapter 18 Logs
Table 83 802.1X Logs (continued)
LOG MESSAGE
DESCRIPTION
Local User Database does not
support authentication method.
A user tried to use an authentication method that the
local user database does not support (it only supports
EAP-MD5).
No response from RADIUS. Pls
check RADIUS Server.
There is no response message from the RADIUS server,
please check the RADIUS server.
Use Local User Database to
authenticate user.
The local user database is operating as the
authentication server.
Use RADIUS to authenticate user. The RADIUS server is operating as the authentication
server.
No Server to authenticate user.
There is no authentication server to authenticate a user.
Local User Database does not
find user`s credential.
A user was not authenticated by the local user database
because the user is not listed in the local user database.
Table 84 ACL Setting Notes
PACKET DIRECTION
DIRECTION
DESCRIPTION
(L to W)
LAN to WAN
ACL set for packets traveling from the LAN to the WAN.
(W to L)
WAN to LAN
ACL set for packets traveling from the WAN to the LAN.
(L to L/P)
LAN to LAN/
ZyXEL Device
ACL set for packets traveling from the LAN to the LAN or
the ZyXEL Device.
(W to W/P)
WAN to WAN/
ZyXEL Device
ACL set for packets traveling from the WAN to the WAN
or the ZyXEL Device.
Table 85 ICMP Notes
TYPE
CODE
Echo Reply
Echo reply message
Destination Unreachable
Net unreachable
Host unreachable
Protocol unreachable
Port unreachable
A packet that needed fragmentation was dropped because it was set to Don't
Fragment (DF)
Source route failed
Source Quench
A gateway may discard internet datagrams if it does not have the buffer space
needed to queue the datagrams for output to the next network on the route to
the destination network.
Redirect
184
DESCRIPTION
Redirect datagrams for the Network
Redirect datagrams for the Host
ZyXEL NBG-334SH User’s Guide
Chapter 18 Logs
Table 85 ICMP Notes (continued)
TYPE
CODE
DESCRIPTION
Redirect datagrams for the Type of Service and Network
Redirect datagrams for the Type of Service and Host
Echo
Echo message
Time Exceeded
11
Time to live exceeded in transit
Fragment reassembly time exceeded
Parameter Problem
12
Pointer indicates the error
Timestamp
13
Timestamp request message
Timestamp Reply
14
Timestamp reply message
Information Request
15
Information request message
Information Reply
16
Information reply message
Table 86 Syslog Logs
LOG MESSAGE
DESCRIPTION
Mon dd
hr:mm:ss hostname
src=""
dst=""
msg="" note=""
devID="" cat="
"This message is sent by the system ("RAS" displays as
the system name if you haven’t configured one) when the
router generates a syslog. The facility is defined in the web
MAIN MENU->LOGS->Log Settings page. The severity is
the log’s syslog class. The definition of messages and
notes are defined in the various log charts throughout this
appendix. The “devID” is the last three characters of the
MAC address of the router’s LAN port. The “cat” is the
same as the category in the router’s logs.
The following table shows RFC-2408 ISAKMP payload types that the log displays. Please
refer to the RFC for detailed information on each type.
Table 87 RFC-2408 ISAKMP Payload Types
LOG DISPLAY
PAYLOAD TYPE
SA
Security Association
PROP
Proposal
TRANS
Transform
KE
Key Exchange
ID
Identification
CER
Certificate
CER_REQ
Certificate Request
HASH
Hash
ZyXEL NBG-334SH User’s Guide
185
Chapter 18 Logs
Table 87 RFC-2408 ISAKMP Payload Types (continued)
186
LOG DISPLAY
PAYLOAD TYPE
SIG
Signature
NONCE
Nonce
NOTFY
Notification
DEL
Delete
VID
Vendor ID
ZyXEL NBG-334SH User’s Guide
CHAPTER
19
Tools
This chapter shows you how to upload a new firmware, upload or save backup configuration
files and restart the ZyXEL Device.
19.1 Firmware Upload Screen
Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a
"*.bin" extension, e.g., "ZyXEL Device.bin". The upload process uses HTTP (Hypertext
Transfer Protocol) and may take up to two minutes. After a successful upload, the system will
reboot. See the Firmware and Configuration File Maintenance chapter for upgrading firmware
using FTP/TFTP commands.
Click Maintenance > Tools. Follow the instructions in this screen to upload firmware to your
ZyXEL Device.
Figure 107 Maintenance Firmware Upload
The following table describes the labels in this screen.
Table 88 Maintenance Firmware Upload
LABEL
DESCRIPTION
File Path
Type in the location of the file you want to upload in this field or click Browse... to find
it.
Browse...
Click Browse... to find the .bin file you want to upload. Remember that you must
decompress compressed (.zip) files before you can upload them.
Upload
Click Upload to begin the upload process. This process may take up to two minutes.
Do not turn off the ZyXEL Device while firmware upload is in progress!
ZyXEL NBG-334SH User’s Guide
187
Chapter 19 Tools
After you see the Firmware Upload In Process screen, wait two minutes before logging into
the ZyXEL Device again.
Figure 108 Upload Warning
The ZyXEL Device automatically restarts in this time causing a temporary network
disconnect. In some operating systems, you may see the following icon on your desktop.
Figure 109 Network Temporarily Disconnected
After two minutes, log in again and check your new firmware version in the Status screen.
If the upload was not successful, the following screen will appear. Click Return to go back to
the Firmware screen.
Figure 110 Upload Error Message
19.2 Configuration Screen
See the Firmware and Configuration File Maintenance chapter for transferring configuration
files using FTP/TFTP commands.
Click Maintenance > Tools > Configuration. Information related to factory defaults, backup
configuration, and restoring configuration appears as shown next.
188
ZyXEL NBG-334SH User’s Guide
Chapter 19 Tools
Figure 111 Configuration
19.2.1 Backup Configuration
Backup configuration allows you to back up (save) the ZyXEL Device’s current configuration
to a file on your computer. Once your ZyXEL Device is configured and functioning properly,
it is highly recommended that you back up your configuration file before making
configuration changes. The backup configuration file will be useful in case you need to return
to your previous settings.
Click Backup to save the ZyXEL Device’s current configuration to your computer.
19.2.2 Restore Configuration
Restore configuration allows you to upload a new or previously saved configuration file from
your computer to your ZyXEL Device.
Table 89 Maintenance Restore Configuration
LABEL
DESCRIPTION
File Path
Type in the location of the file you want to upload in this field or click Browse... to find
it.
Browse...
Click Browse... to find the file you want to upload. Remember that you must
decompress compressed (.ZIP) files before you can upload them.
Upload
Click Upload to begin the upload process.
Do not turn off the ZyXEL Device while configuration file upload is in progress
After you see a “configuration upload successful” screen, you must then wait one minute
before logging into the ZyXEL Device again.
ZyXEL NBG-334SH User’s Guide
189
Chapter 19 Tools
Figure 112 Configuration Restore Successful
The ZyXEL Device automatically restarts in this time causing a temporary network
disconnect. In some operating systems, you may see the following icon on your desktop.
Figure 113 Temporarily Disconnected
If you uploaded the default configuration file you may need to change the IP address of your
computer to be in the same subnet as that of the default ZyXEL Device IP address
(192.168.1.1). See your Quick Start Guide for details on how to set up your computer’s IP
address.
If the upload was not successful, the following screen will appear. Click Return to go back to
the Configuration screen.
Figure 114 Configuration Restore Error
19.2.3 Back to Factory Defaults
Pressing the Reset button in this section clears all user-entered configuration information and
returns the ZyXEL Device to its factory defaults.
You can also press the RESET button on the rear panel to reset the factory defaults of your
ZyXEL Device. Refer to the chapter about introducing the web configurator for more
information on the RESET button.
19.3 Restart Screen
System restart allows you to reboot the ZyXEL Device without turning the power off.
190
ZyXEL NBG-334SH User’s Guide
Chapter 19 Tools
Click Maintenance > Tools > Restart. Click Restart to have the ZyXEL Device reboot. This
does not affect the ZyXEL Device's configuration.
Figure 115 System Restart
ZyXEL NBG-334SH User’s Guide
191
Chapter 19 Tools
192
ZyXEL NBG-334SH User’s Guide
CHAPTER
20
Configuration Mode
Click Maintenance > Config Mode to open the following screen. This screen allows you to
hide or display the advanced screens of some features or the advanced features, such as MAC
filter or static route. Basic is selected by default and you cannot see the advanced screens or
features. If you want to view and configure all screens including the advanced ones, select
Advanced and click Apply.
Figure 116 Config Mode
The following table includes the screens that you can view and configure only when you select
Advanced.
Table 90 Config Mode: Advanced Screens
CATEGORY
LINK
TAB
Network
Wireless LAN
MAC Filter
Advanced
QoS
WAN
Advanced
LAN
IP Alias
Advanced
Security
ZyXEL NBG-334SH User’s Guide
DHCP Server
Advanced
NAT
Advanced
Firewall
Services
Content Filter
Schedule
193
Chapter 20 Configuration Mode
Table 90 Config Mode: Advanced Screens
CATEGORY
LINK
TAB
Management
Static Route
IP Static Route
Bandwidth MGMT
Advanced
Monitor
Remote MGMT
Telnet
FTP
DNS
Maintenance
194
Logs
Log Settings
ZyXEL NBG-334SH User’s Guide
CHAPTER
21
Troubleshooting
This chapter offers some suggestions to solve problems you might encounter. The potential
problems are divided into the following categories.
•
•
•
•
Power, Hardware Connections, and LEDs
ZyXEL Device Access and Login
Internet Access
Advanced Features
21.1 Power, Hardware Connections, and LEDs
The ZyXEL Device does not turn on. None of the LEDs turn on.
7 Make sure you are using the power adaptor or cord included with the ZyXEL Device.
8 Make sure the power adaptor or cord is connected to the ZyXEL Device and plugged in
to an appropriate power source. Make sure the power source is turned on.
9 Disconnect and re-connect the power adaptor or cord to the ZyXEL Device.
10 If the problem continues, contact the vendor.
One of the LEDs does not behave as expected.
Make sure you understand the normal behavior of the LED. See Section 1.5 on page 31.
Check the hardware connections. See the Quick Start Guide.
Inspect your cables for damage. Contact the vendor to replace any damaged cables.
Disconnect and re-connect the power adaptor to the ZyXEL Device.
If the problem continues, contact the vendor.
ZyXEL NBG-334SH User’s Guide
195
Chapter 21 Troubleshooting
21.2 ZyXEL Device Access and Login
I forgot the IP address for the ZyXEL Device.
1 The default IP address is 192.168.1.1.
2 If you changed the IP address and have forgotten it, you might get the IP address of the
ZyXEL Device by looking up the IP address of the default gateway for your computer.
To do this in most Windows computers, click Start > Run, enter cmd, and then enter
ipconfig. The IP address of the Default Gateway might be the IP address of the ZyXEL
Device (it depends on the network), so enter this IP address in your Internet browser.
3 If this does not work, you have to reset the device to its factory defaults. See Section
21.4 on page 199.
I forgot the password.
1 The default password is 1234.
2 If this does not work, you have to reset the device to its factory defaults. See Section
21.4 on page 199.
I cannot see or access the Login screen in the web configurator.
1 Make sure you are using the correct IP address.
• The default IP address is 192.168.1.1.
• If you changed the IP address (Section 7.3 on page 102), use the new IP address.
• If you changed the IP address and have forgotten it, see the troubleshooting
suggestions for I forgot the IP address for the ZyXEL Device.
2 Check the hardware connections, and make sure the LEDs are behaving as expected. See
the Quick Start Guide.
3 Make sure your Internet browser does not block pop-up windows and has JavaScripts
and Java enabled. See Appendix B on page 207.
4 Make sure your computer is in the same subnet as the ZyXEL Device. (If you know that
there are routers between your computer and the ZyXEL Device, skip this step.)
• If there is a DHCP server on your network, make sure your computer is using a
dynamic IP address. See Section 7.3 on page 102. Your ZyXEL Device is a DHCP
server by default.
• If there is no DHCP server on your network, make sure your computer’s IP address is
in the same subnet as the ZyXEL Device. See Section 7.3 on page 102.
5 Reset the device to its factory defaults, and try to access the ZyXEL Device with the
default IP address. See Section 7.3 on page 102.
196
ZyXEL NBG-334SH User’s Guide
Chapter 21 Troubleshooting
6 If the problem continues, contact the network administrator or vendor, or try one of the
advanced suggestions.
Advanced Suggestions
• Try to access the ZyXEL Device using another service, such as Telnet. If you can access
the ZyXEL Device, check the remote management settings and firewall rules to find out
why the ZyXEL Device does not respond to HTTP.
• If your computer is connected to the WAN port or is connected wirelessly, use a computer
that is connected to a LAN/ETHERNET port.
I can see the Login screen, but I cannot log in to the ZyXEL Device.
1 Make sure you have entered the password correctly. The default password is 1234. This
field is case-sensitive, so make sure [Caps Lock] is not on.
2 You cannot log in to the web configurator while someone is using Telnet to access the
ZyXEL Device. Log out of the ZyXEL Device in the other session, or ask the person
who is logged in to log out.
3 Disconnect and re-connect the power adaptor or cord to the ZyXEL Device.
4 If this does not work, you have to reset the device to its factory defaults. See Section
21.4 on page 199.
I cannot Telnet to the ZyXEL Device.
See the troubleshooting suggestions for I cannot see or access the Login screen in the web
configurator. Ignore the suggestions about your browser.
I cannot use FTP to upload / download the configuration file. / I cannot use
FTP to upload new firmware.
See the troubleshooting suggestions for I cannot see or access the Login screen in the web
configurator. Ignore the suggestions about your browser.
21.3 Internet Access
I cannot access the Internet.
ZyXEL NBG-334SH User’s Guide
197
Chapter 21 Troubleshooting
1 Check the hardware connections, and make sure the LEDs are behaving as expected. See
the Quick Start Guide.
2 Make sure you entered your ISP account information correctly in the wizard. These
fields are case-sensitive, so make sure [Caps Lock] is not on.
3 If you are trying to access the Internet wirelessly, make sure the wireless settings in the
wireless client are the same as the settings in the AP.
4 Disconnect all the cables from your device, and follow the directions in the Quick Start
Guide again.
5 If the problem continues, contact your ISP.
I cannot access the Internet anymore. I had access to the Internet (with the
ZyXEL Device), but my Internet connection is not available anymore.
1 Check the hardware connections, and make sure the LEDs are behaving as expected. See
the Quick Start Guide and Section 1.5 on page 31.
2 Reboot the ZyXEL Device.
3 If the problem continues, contact your ISP.
The Internet connection is slow or intermittent.
1 There might be a lot of traffic on the network. Look at the LEDs, and check Section 1.5
on page 31. If the ZyXEL Device is sending or receiving a lot of information, try closing
some programs that use the Internet, especially peer-to-peer applications.
2 Check the signal strength. If the signal strength is low, try moving the ZyXEL Device
closer to the AP if possible, and look around to see if there are any devices that might be
interfering with the wireless network (for example, microwaves, other wireless
networks, and so on).
3 Reboot the ZyXEL Device.
4 If the problem continues, contact the network administrator or vendor, or try one of the
advanced suggestions.
Advanced Suggestions
• Check the settings for bandwidth management. If it is disabled, you might consider
activating it. If it is enabled, you might consider changing the allocations.
• Check the settings for QoS. If it is disabled, you might consider activating it. If it is
enabled, you might consider raising or lowering the priority for some applications.
198
ZyXEL NBG-334SH User’s Guide
Chapter 21 Troubleshooting
21.4 Resetting the ZyXEL Device to Its Factory Defaults
If you reset the ZyXEL Device, you lose all of the changes you have made. The ZyXEL
Device re-loads its default settings, and the password resets to 1234. You have to make all of
your changes again.
You will lose all of your changes when you push the RESET button.
To reset the ZyXEL Device,
1 Make sure the PWR LED is on and not blinking.
2 Press and hold the RESET button for five to ten seconds. Release the RESET button
when the PWR LED begins to blink. The default settings have been restored.
If the ZyXEL Device restarts automatically, wait for the ZyXEL Device to finish restarting,
and log in to the web configurator. The password is “1234”.
If the ZyXEL Device does not restart automatically, disconnect and reconnect the ZyXEL
Device’s power. Then, follow the directions above again.
21.5 Advanced Features
I can log in, but I cannot see some of the screens or fields in the Web
Configurator.
You may be accessing the Web Configurator in Basic mode. Some screens and fields are
available only in Advanced mode. Use the Maintenance > Config Mode screen to select
Advanced mode.
I set up URL keyword blocking, but I can still access a Web site that should be
blocked.
Make sure that you select the Enable URL Keyword Blocking check box in the Content
Filtering screen. Make sure that the keywords that you type are listed in the Keyword List.
If a keyword that is listed in the Keyword List is not blocked when it is found in a URL,
customize the keyword blocking using commands. See the Customizing Keyword Blocking
URL Checking section in the Content Filter chapter.
ZyXEL NBG-334SH User’s Guide
199
Chapter 21 Troubleshooting
200
ZyXEL NBG-334SH User’s Guide

Source Exif Data:
File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.4
Linearized                      : No
Modify Date                     : 2007:07:02 15:53:36+08:00
Create Date                     : 2007:07:02 15:53:21+08:00
Title                           : SMG-700 User’s Guide V1.00 (Nov 2004)
Author                          : Cindy Yang
Creator                         : FrameMaker 7.1
Producer                        : Acrobat Distiller 5.0.5 (Windows)
Page Count                      : 40
Mod Date                        : 2007:07:02 15:53:36+08:00
Creation Date                   : 2007:07:02 15:53:21+08:00
Metadata Date                   : 2007:07:02 15:53:36+08:00
EXIF Metadata provided by EXIF.tools
FCC ID Filing: I88NBG334SH1

Navigation menu