Configuration: Basic Gateway TCP/IP Wireless Print Server USB
WAR NING : TO PREVENT FIRE OR SHOCK HAZARD, DO NOT EXPOSE THIS PRODUCT TO RAIN OR
MOISTURE. THE UNIT MUST NOT BE EXPOSED TO DRIPPING OR SPLASHING. DO NOT PLACE OBJECTS
FILLED WITH LIQUIDS, SUCH AS VASES, ON THE UNIT.
CAUTION: TO PREVENT ELECTRICAL SHOCK, THIS EQUIPMENT REQUIRES A GROUNDING
CONDUCTOR IN THE LINE CORD. THE LINE CORD PROVIDED WITH THE EQUIPMENT IS ACCEPTABLE
FOR USE WITH NEMA STYLE 5-15R AC RECEPTACLE SUPPLYING NOMINAL 120 VOLTS. DO NOT
CONNECT THE PLUG INTO AN EXTENSION CORD, RECEPTACLE, OR OTHER OUTLET UNLESS THE
PLUG CAN BE FULLY INSERTED WITH NO PART OF THE BLADES EXPOSED.
CAUTION: TO ENSURE REGULATORY AND SAFETY COMPLIANCE, USE ONLY THE PROVIDED POWER
AND INTERFACE CABLES.
CAUTION: DO NOT OPEN THE UNIT. DO NOT PERFORM ANY SERVICING OTHER THAN THAT CONTAINED
IN THE INSTALLATION AND TROUBLESHOOTING INSTRUCTIONS. REFER ALL SERVICING TO QUALIFIED
SERVICE PERSONNEL.
CAUTION: CHANGES AND MODIFICATIONS NOT EXPRESSLY APPROVED BY MOTOROLA FOR
COMPLIANCE COULD VOID USER’S AUTHORITY TO OPERATE THE EQUIPMENT.
CAUTION: Exposure to Radio Frequency Radiation. To comply with the FCC RF exposure compliance
requirements, the separation distance between the antenna and any person’s body (including hands, wrists, feet
and ankles) must be at least 8 inches (20 cm).
This device complies with part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This
device may not cause harmful interference, and (2) this device must accept any interference received, including
interference that may cause undesired operation.
Note: This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to
part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference
in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not
installed and used in accordance with the instructions, may cause harmful interference to radio communications.
However, there is no guarantee that interference will not occur in a particular installation. If this equipment does
cause harmful interference to radio or television reception, which can be determined by turning the equipment off
and on, the user is encouraged to try to correct the interference by one or more of the following measures:
•Reorient or relocate the receiving antenna.
•Increase the separation between the equipment and receiver.
•Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
•Consult the dealer or an experienced radio/TV technician for help.
This device must be installed and used in strict accordance with the manufacturer’s instructions as described in
the user documentation that comes with the product.
Postpone cable modem installation until there is no risk of thunderstorm or lightning activity in the area.
Do not overload outlets or extension cords, as this can result in a risk of fire or electric shock. Overloaded AC
outlets, extension cords, frayed power cords, damaged or cracked wire insulation, and broken plugs are
dangerous. They may result in a shock or fire hazard.
Route power supply cords so that they are not likely to be walked on or pinched by items placed upon or against
them. Pay particular attention to cords where they are attached to plugs and convenience receptacles, and
examine the point where they exit from the product.
Place this equipment in a location that is close enough to an electrical outlet to accommodate the length of the
power cord.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Place this equipment on a stable surface.
Be sure that the outside cable system is grounded, so as to provide some protection against voltage surges and
built-up static charges. Article 820-20 of the NEC (Section 54, Part I of the Canadian Electrical Code) provides
guidelines for proper grounding and, in particular, specifies the CATV cable ground shall be connected in the
grounding system of the building, as close to the point of cable entry as practical.
When using this device, basic safety precautions should always be followed to reduce the risk of fire, electric
shock and injury to persons, including the following:
•Read all of the instructions {listed here and/or in the user manual} before you operate this equipment. Give
particular attention to all safety precautions. Retain the instructions for future reference.
•Comply with all warning and caution statements in the instructions. Observe all warning and caution symbols
that are affixed to this equipment.
•Comply with all instructions that accompany this equipment.
•Avoid using this product during an electrical storm. There may be a risk of electric shock from lightning. For
added protection for this product during a lightning storm, or when it is left unattended and unused for long
periods of time, unplug it from the wall outlet, and disconnect the cable system. This will prevent damage to
the product due to lightning and power surges.
•Avoid damaging the cable modem with static by touching the coaxial cable when it is attached to the earth
grounded coaxial cable TV wall outlet.
•Always first touch the coaxial cable connector on the cable modem when disconnecting or re-connecting USB
or Ethernet cable from the cable modem or the user’s PC.
•Operate this product only from the type of power source indicated on the product’s marking label. If you are
not sure of the type of power supplied to your home, consult your dealer or local power company.
•Upon completion of any service or repairs to this products, ask the service technician to perform safety
checks to determine that the product is in safe operating condition.
It is recommended that the customer install an AC surge protector in the AC outlet to which this device is
connected. This is to avoid damaging the equipment by local lightning strikes and other electrical surges.
Different types of cord sets may be used for connections to the main supply circuit. Use only a main line cord that
complies with all applicable product safety requirements of the country of use.
Installation of this product must be in accordance with national wiring codes.
Place unit to allow for easy access when disconnecting the power cord/adapter of the device from the AC wall
outlet.
Wipe the unit with a clean, dry cloth. Never use cleaning fluid or similar chemicals. Do not spray cleaners directly
on the unit or use forced air to remove dust.
This product was qualified under test conditions that included the use of the supplied cables between system
components. To be in compliance with regulations, the user must use these cables and install them properly.
Connect the unit to a grounding type AC wall outlet using the power cord supplied with the unit.
Do not cover the device, or block the airflow to the device with any other objects. Keep the device away from
excessive heat and humidity and keep the device free from vibration and dust.
Installation must at all times conform to local regulations.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
This product is provided with a separate Regulatory, Safety, Software License, and Warranty Information card. If
one is not provided with this product, please ask your service provider or point-of-purchase representative, as the
case may be.
•THIS PRODUCT IS IN COMPLIANCE WITH ONE OR MORE OF THE STANDARDS LISTED ON THE
REGULATORY, SAFETY, SOFTWARE LICENSE, AND WARRANTY INFORMATION CARD. NOT ALL
STANDARDS APPLY TO ALL MODELS.
•NO WARRANTIES OF ANY KIND ARE PROVIDED BY MOTOROLA WITH RESPECT TO THIS PRODUCT,
EXCEPT AS STATED ON THE REGULATORY, SAFETY, SOFTWARE LICENSE, AND WARRANTY INFORMATION CARD. MOTOROLA’S WARRANTIES DO NOT APPLY TO PRODUCT THAT HAS BEEN
REFURBISHED OR REISSUED BY YOUR SERVICE PROVIDER.
All rights reserved. No part of this publication may be reproduced in any form or by any means or used to make any derivative work (such as
translation, transformation or adaptation) without written permission from Motorola, Inc.
Motorola reserves the right to revise this publication and to make changes in content from time to time without obligation on the part of Motorola
to provide notification of such revision or change. Motorola provides this guide without warranty of any kind, either implied or expressed,
including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Motorola may make improvements or
changes in the product(s) described in this manual at any time.
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. Microsoft, Windows, Windows Me, and Windows NT are
registered trademarks and
Microsoft Corporation.
Corporation. Linux is a registered trademark of Linus Torvalds. Acrobat Reader is a registered trademark of Adobe Systems, Inc. Netscape and
Navigator are registered trademarks of
States and other countries. All other
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Overview
Thank you for purchasing a Motorola® SURFboard® Wireless Cable Modem Gateway SBG1000 for your home,
home office, or small business/enterprise. Applications where the SBG1000 is especially useful include:
•Households having multiple computers requiring connection to the Internet and each other
•Small businesses or home offices requiring fast, affordable, and secure Internet access
•Internet gamers desiring easier setup for:
®
— Programs such as DirectX
— Sites such as MSN Games by Zone.com or Battle.net
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Home networking enables you to access and move information between two or more computers in your home or
business. Your home network connects to the cable TV system and enables you to connect to the Internet or other
networks connected to the Internet. The SBG1000 acts as the central connection point between your computers
and the Internet. It directs (routes) computer data to the Internet and between your computers. A SURFboard
cable modem in the SBG1000 passes information between your home network computers and the Internet.
An SBG1000:
•Combines a SURFboard cable modem, IEEE 802.11b wireless access point, router with 10/100Base-T
switch, and an advanced firewall into one compact unit
•Eliminates the need for these five separate products, enabling you to maximize the potential of your existing
resources
•Enables you to create a custom network sharing a single broadband connection, files, printers, and other
peripherals like scanners, with or without wires
•Offers enhanced network security for wired and wireless users
•Provides easy setup
•Enables cable operators to add future value-added services
This product is subject to change. Not all features described in this guide are available on all SBG1000 models.
For the most recent documentation, visit the Support and Downloads page on the Motorola Broadband website
http://broadband.motorola.com.
Easy Setup
It is much easier to configure a local area network (LAN) using an SBG1000 than it is using typical networking
equipment:
•The Installation Assistant application on the SBG1000 Installation CD-ROM enables easy connection to the
cable network.
•For basic operation, most default settings require no modification.
•The Setup Program provides a graphical user interface (GUI) for easy configuration of necessary wireless,
Ethernet, router, DHCP, and security settings. For a list of issues, see “Basic Configuration”.
Network Connection Types
The SBG1000 provides different network connection types for your computers to exchange data. The connection
between your computers and the SBG1000 may be with a wireless or a wired connection or a combination of the
two. Your network can use one or any combination of all the following network connections:
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Powerful Features in a Single Unit
An SBG1000 combines high-speed Internet access, networking, and computer security for a home or small-office
LAN. An SBG1000 provides:
•An integrated high-speed SURFboard cable modem for continuous broadband access to the Internet and
other online services, with much faster data transfer than traditional dial-up or ISDN modems.
•A single broadband connection for up to 253 computers to surf the web; all computers on the LAN
communicate as if they were connected to the same physical network.
•An IEEE 802.11bWi-Fi certified wireless access pointto enable laptop users to remain connected while
moving around the home or small office or to connect desktop computers without installing network wiring.
Depending on distance, wireless connection speeds can match that of Ethernet at 11 Mbps.
•A USB connection for a single PC.
•A router with a five-port 10/100Base-T Ethernet switch, supporting half- or full-duplex connections,
dual-purpose switch/uplink ports, and Auto-MDIX.
•An HPNA connection to connect computers to the LAN over existing telephone wiring with up to 10 Mbps
throughput.
•A built-in DHCP server to easily configure a combined wired and/or wireless Class C private LAN.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Optional Accessories
Accessories available for the SBG1000 include wireless adapters and an external high-gain diversity antenna.
While any WiFi-compliant client products will work with the SBG1000, Motorola has optional accessories available
for use with the SBG1000.
You can use the Motorola PCC11b wireless card or the USB11b wireless adapter, which comply with the
IEEE 802.11b wireless standard, to connect a PC to the wireless LAN:
USB11b Wireless
Adapter
PCC11b Wireless CardA credit-card sized adapter that connects a laptop to the wireless LAN. You can roam in, or
Connects a desktop, laptop, printer, or other peripheral device to the wireless LAN. It has a
built-in antenna and a six foot (two meter) long cable that connects to the PC USB port.
Its light indicates:
• Off — Not connected to a USB port or not receiving power from the PC
• Yellow — Not installed or initializing
• Green — Installed and operational
• Flashing Green — Receiving data from another wireless LAN device
• Flashing Yellow — Transmitting data to another wireless LAN device
around, the home or small office and remain connected. It fits in a
standard slot on the laptop supporting a 3.3 Volt PC card. The PCC11b has also has a
built-in antenna.
PCMCIA Type II
Motorola USB11b Wireless Adapter (left) and PCC11b Wireless Card
For installation instructions, see the documentation provided with each product.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
The Motorola ANT11b External Diversity Antenna increases wireless LAN performance and coverage, even in
obstructed locations. The External Diversity Antenna specifications are:
Frequency2400 to 2500 MHz
Gain5 dBi peak gain, nominal
Pattern TypeDirectional, vertically polarized
ConnectionReverse-polarity TNC male, RG-142 cable
For information about connecting the external antenna to the SBG1000, see “Installing the Optional External
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Rear Panel
The rear panel provides cabling connectors, status lights, and the power receptacle:
134685722
KeyItemDescription
1The printer port provides a connection for one printer.
2The SBG1000 includes twoantennas. The optional Motorola External Diversity Antenna described in
“Optional Accessories” provides higher gain to increase wireless LAN performance and coverage.
3Use the HPNA ports to connect an HPNA LAN:
• Connect the bottom HPNA port to the telephone jack using telephone wire terminated with RJ-11
connectors.
• You can connect a telephone to the top HPNA port.
4Use Ethernet ports 1 to 5 to connect an Ethernet LAN cable with RJ-45 connectors. You can connect
…
5For Windows only, use the USB port for Connecting a PC to the USB Port. You cannot connect the
6
7The cable port provides a connection to the coaxial cable outlet.
8The power connector to the AC power outlet.
•
Ethernet-equipped computers, hubs, bridges, or switches.
SBG1000 USB port to a Macintosh or UNIX computer.
If you experience a problem, you can push this recessed button to restart the SBG1000 (see
“Troubleshooting”). To reset all values to their defaults, hold down the button for more than five
seconds. Resetting may take 5 to 30 minutes because the SBG1000 must find and lock on the
appropriate communications channels.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Label on the Bottom
To receive data service, you need to provide the MAC address marked HFC MAC ID to your cable provider:
HFC MAC address
SBG1000 LAN Choices
The SBG1000 enables you to connect up to 253 client computers on a combination of:
•Wireless LAN
•Wired Ethernet LAN
•USB Connection
•HPNA LAN
Each computer needs appropriate network adapter hardware and driver software. The clients on the Ethernet,
wireless, HPNA, or USB interfaces can share:
•Internet access with a single cable provider account, subject to cable provider terms and conditions
•Files, printers, storage devices, multi-user software applications, games, and video conferencing
Wireless and wired network connections use Windows networking to share files and peripheral devices such as
printers, CD-ROM drives, floppy disk drives, and Iomega
®
Zip Drives.
Caution!
If you are using a wired LAN only and have no wireless clients (stations), be sure you disable the
wireless interface on the Wireless > NETWORK Page. Turn off Enable Wireless Interface.
If you are using a wireless LAN with one or more wireless clients, be sure to enable wireless security
as described in “Setting Up the Wireless LAN”.
For an overview of SBG1000 network security, see “Security”.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Wireless LAN
Wireless communication occurs over radio waves rather than a wire. Like a cordless telephone, a wireless LAN
uses radio signals instead of wires to exchange data. A wireless network eliminates the need for expensive and
intrusive wiring to connect computers throughout the home or office. Mobile users can remain connected to the
network even when carrying their laptop to different locations in the home or office.
Each computer on a wireless LAN requires an adapter described in “Optional Accessories”:
Laptop PCsUse a Motorola PCC11b Wireless Card in the PCMCIA slot.
Desktop PCs Use a Motorola USB11b Wireless Adapter to connect the USB port.
Sample wireless network connections
To set up the SBG1000, on a computer wired to the SBG1000 over Ethernet or USB, perform the procedures in
“Setting Up the Wireless LAN”. Do not attempt to configure the SBG1000 over a wireless connection.
To set up each wireless client (station):
1Insert the PCC11b and USB11b Wireless Adapter CD-ROM in the CD-ROM drive on the client.
2Install the device software from the CD.
3Connect the Motorola PCC11b wireless card or USB11b wireless adapter following the instructions supplied
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Wired Ethernet LAN
Each computer on the 10/100Base-T Ethernet LAN requires an Ethernet network interface card (NIC) and driver
software installed.
Because the SBG1000 Ethernet ports support auto-MDIX, you can use straight-through or cross-over cable to
connect a hub, switch, or computer. Use category 5 cabling for all Ethernet connections.
The physical wiring arrangement has no connection to the logical network allocation of IP addresses.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
A wired Ethernet LAN with more than five computers requires one or more hubs or switches. You can connect a
hub or switch to any Ethernet port on the SBG1000.
The following illustration is an example of an Ethernet LAN you can set up using the SBG1000. Cable the LAN in
an appropriate manner for the site. A complete discussion of Ethernet cabling is beyond the scope of this
document.
Sample Ethernet connections including hubs or switches
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
USB Connection
You can connect a single PC running Windows®98, Windows XP™, Windows Me®, or Windows®2000 to the
SBG1000 USB V1.1 port. For cabling instructions, see “Connecting a PC to the USB Port”.
Caution!
Before plugging in the USB cable, be sure the SBG1000 Installation CD-ROM is inserted in the PC
CD-ROM drive.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
HPNA LAN
To eliminate the need to install network wiring, the SBG1000 provides a Home Phoneline Network Alliance (HPNA
or HomePNA) V2.0 connection. HPNA networks use existing telephone lines to connect the computers without
interfering with telephone voice service, DSL, ISDN, modems, or fax machines. HPNA networks can extend up to
1000 feet (300 meters).
Sample HPNA network connections
Phone
system
Each computer requires an HPNA adapter to connect to the HPNA network. HPNA adapters (sold elsewhere) are
available for PCI or USB. After installing the HPNA adapter, you must install HPNA driver software on the
computer following the instructions provided with the HPNA adapter.
HPNA 2.0 supports 10 Mbps data transfer similar to Ethernet 10Base-T.
If there is more than one telephone line, you must make all HPNA connections to the same line. You can connect
a telephone to the top HPNA port on the Rear Panel.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Security
The Motorola SURFboard Wireless Cable Modem Gateway provides:
•A firewall to protect the SBG1000 LAN from undesired attacks over the Internet
•Security measures to prevent eavesdropping of wireless data
Network Address Translation (NAT) provides some security because the IP addresses of SBG1000 LAN
computers are not visible on the Internet.
The logical network diagram does not necessarily correspond to the network cabling. A full discussion of network
security is beyond the scope of this document.
SBG1000 security measures shown in a logical network diagram
Internet
SBG1000
Caution!
DMZ computer
Firewall
ComputerComputer
Wired Ethernet and/or HPNA LAN
If you are using a wired LAN only and have no wireless clients (stations), be sure you disable the
wireless interface by turning off Enable Wireless Interface on the Wireless > NETWORK Page.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Firewall
The SBG1000 firewall protects the SBG1000 LAN from undesired attacks and other intrusions from the Internet. It
provides an advanced integrated stateful-inspection firewall supporting intrusion detection, session tracking, and
denial-of-service attack prevention. The firewall:
•Maintains state data for every TCP/IP session on the OSI network and transport layers
•Monitors all incoming and outgoing packets, applies the firewall policy to each one, and screens for improper
packets and intrusion attempts
•Provides comprehensive logging for all:
— User authentications
— Rejected internal and external connection requests
— Session creation and termination
— Outside attacks (intrusion detection)
You can configure the firewall filters to set rules for port usage. For information about choosing a predefined
firewall policy template, see “Setting the Firewall Policy”.
DMZ
A de-militarized zone (DMZ) is one or more computers logically located outside the firewall between an SBG1000
LAN and the Internet. A DMZ prevents direct access by outside users to private data.
For example, you can set up a web serveron a DMZ computer to enable outside users to access your website
without exposing confidential data on your network.
A DMZ can also be useful to play interactive games that may have a problem running through a firewall. You can
leave a computer used for gaming only exposed to the Internet while protecting the rest of your network. For more
information, see “Gaming Configuration Guidelines”.
Port Triggering
When you run a PC application that accesses the Internet, it typically initiates communications with a computer on
the Internet. In some applications, especially gaming, the computer on the Internet also initiates communications
with your PC. Because NAT does not normally allow these incoming connections to occur, the SBG1000 supports
port triggering.
The SBG1000 is preconfigured with port triggering for common applications. You can also configure additional
port triggers if needed on the Gateway > PORT TRIGGERS — custom Page.
Wireless Security
Because wireless LAN signals are transmitted using radio signals, it may be possible for your neighbor or
someone else you do not want to access your wireless LAN. To prevent unauthorized eavesdropping of data
transmitted over the wireless LAN, you must enable wireless security. The default SBG1000 settings provide no
security for transmitted data.
The SBG1000 enables you to use the following wireless security measures:
•Restrict access to computers having the same unique network name as the SBG1000.
•Encrypt data transmitted over the wireless interface by configuring a Wired Equivalency Privacy (WEP) key
on the SBG1000 and wireless LAN clients (stations).
•Define a MAC access control list to restrict wireless LAN access to clients based on the MAC address.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
If you disable ESSID broadcasting to enable closed network operation, the SBG1000 does not transmit the
network name (ESSID). This provides additional protection because only wireless stations configured with your
network name can communicate with the SBG1000. Closed network operation is an enhancement of the
IEEE 802.11b standard.
For information about configuring a wireless security, see “Setting Up the Wireless LAN”.
Port Forwarding
Port forwarding is the configuration of SBG logical data ports for applications having special network
requirements.
The SBG1000 opens logical data ports when a computer on its LAN sends data, such as e-mail messages or web
data, to the Internet. A logical data port is different from a physical port, such as an Ethernet port. Data from a
protocol must go through certain data ports. Here are the data ports used by some protocols:
ProtocolPort
FTP20, 21
HTTP80
NTP123
Secure Shell22
SMTP e-mail25
Tel net23
Some applications, such as games and videoconferencing, require multiple data ports. If you enable NAT, this can
cause problems because NAT assumes that data sent through one port will return to the same port. You may need
to configure port forwarding to run applications with special requirements.
To configure port forwarding, you must specify an inbound (source) port or range of ports. The inbound port opens
only when data is sent to the inbound port and closes again after a specified time elapses with no data sent to it.
You can configure up to 32 port forwarding entries using the Gateway > PORT FORWARDING — config Page.
Virtual Private Networks
The SBG1000 supports multiple tunnel VPN pass-through operation to securely connect remote computers over
the Internet. The SBG1000:
•Is compatible with Point to Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP)
•Is fully interoperable with any IPSec client or gateway and ANX certified IPSec stacks
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Print Server
The SBG1000 enables you to use the same printer with a built-in print server connection, so you do not need a
printer for each computer on the network. All computers connected to the SBG1000 can print to a single printer
connected to the SBG1000.
You can connect a printer to the SBG1000 back panel using a standard DB-25 connector. The print server:
•Enables Windows, UNIX, Linux, or Macintosh computers on the wired or wireless SBG1000 LAN to share a
printer
•Supports the SMB, LPR, AppleTalk® printing protocols
Printer connection
For more information, see “Configuring the Print Server”.
Related Documentation
The following documents also provide information you can use with the SBG1000:
•SBG1000 Quick Installation Guide
•PCC11b Wireless Card Quick Start Guide and on-line help on the PCC11b and USB11b Wireless Adapter
CD-ROM
•USB11b Wireless Adapter Quick Start Guide and on-line help on the PCC11b and USB11b Wireless Adapter
CD-ROM
•Motorola Diversity Antenna Installation Sheet
For the most recent documentation, visit the Support and Downloads page on the Motorola Broadband website
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Installation
The following subsections provide information about installing the SBG1000 hardware:
•Before You Begin
•Precautions
•Signing Up for Service
•Computer System Requirements
•Connecting the SBG1000 to the Cable System
•Cabling the LAN
•Obtaining an IP Address for Ethernet
•Connecting a PC to the USB Port
•Connecting the Printer
•Wall Mounting
•Installing the Optional External Diversity Antenna
For information about wireless LAN setup, see “Setting Up the Wireless LAN”.
Before You Begin
Before you begin the installation, check that you received the following items with your SBG1000:
ItemDescription
Power cordConnects the SBG1000 to the AC electrical outlet
10/100Base-T
Ethernet cable
USB cableConnects to the USB port
Phone wire jumper with
RJ-11 connectors
SBG1000 Installation
CD-ROM
You will need 75-ohm coaxial cable with F-type connectors to connect the SBG1000 to the nearest cable outlet. If
a TV is connected to the cable outlet, you may need a 5 to 900 MHz RF splitter and two additional coaxial cables
to use both the TV and the SBG1000.
Connects to the Ethernet port
Connects to a telephone line used for the HPNA network
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Determine the connection types you will make to the SBG1000. Check that you have the required cables,
adapters, and adapter software. You may need:
Wireless LANAn IEEE 802.11b wireless adapter and driver software for each computer having a wireless
connection (see “Optional Accessories”)
Ethernet LANEthernet cables and network interface cards (NICs) with accompanying installation software
To connect more than five computers to the SBG1000, one or more Ethernet hubs or switches
USBA USB cable and the SBG1000 Installation CD-ROM containing the software for USB installation
HPNA LAN Telephone jumper cables
An HPNA adapter and driver software for each computer connected using HPNA
PrinterA printer cable
If you are installing the optional Motorola External Diversity Antenna, you may need a pair of needle nose pliers.
Coaxial cable, RF splitters, hubs, and switches are available at consumer electronic stores.
Precautions
Postpone SBG1000 installation until there is no risk of thunderstorm or lightning activity in the area.
To avoid damaging the SBG1000 or computers with static electricity:
Always first connect the coaxial cable to
the grounded cable TV wall outlet.
Before you connect or disconnect the
USB or Ethernet cable from the
SBG1000 or PC, always touch the
coaxial cable connector on the SBG1000
to release any static charges.
To avoid potential shock, always unplug the power cord from the wall outlet or other power source before
disconnecting it from the SBG1000 rear panel.
To prevent overheating the SBG1000, do not block the ventilation holes on the bottom of the unit.
Do not open the unit. Refer all service to your cable provider.
Wipe the unit with a clean, dry cloth. Never use cleaning fluid or similar chemicals. Do not spray cleaners directly
on the unit or use forced air to remove dust.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Signing Up for Service
You must sign up with a cable provider to access the Internet and other online services.
To activate your service, call your local cable provider.
You need to provide the MAC address marked HFC MAC ID printed on the Label on the Bottom. You can record it
in the SBG1000 Quick Installation Guide.
You should ask your cable provider the following questions:
•Do you have any special system requirements?
•When can I begin to use my SBG1000?
•Are there any files I need to download after I am connected?
•Do I need a user name or password to access the Internet or use e-mail?
Computer System Requirements
You can connect Microsoft Windows, Macintosh, UNIX, or Linux computers equipped as follows to the
SBG1000 LAN:
•One of the following:
Ethernet10Base-T or 10/100Base-T Ethernet adapter with proper NIC driver software installed
Wireless
HPNAHPNA phone line adapter installed with proper HPNA driver software
Any IEEE 802.11b device
For information about the Motorola PCC11b Wireless Card (
USB11b Wireless Adapter, see “Optional Accessories
”.
PCMCIA type II 3.3 V slot) or
•PC with Pentium class or better processor
•Windows
or Linux operating system with operating system CD-ROM available
®
98, Windows® 98 SE, Windows Me®, Windows® 2000, Windows XPTM, Windows NT®, Macintosh,
•Minimum 16 MB RAM recommended
•10 MB available hard disk space
You can use any web browser such as Microsoft® Internet Explorer or Netscape Navigator® with the SBG1000.
You can use the USB connection with any PC running Windows 98, Windows 2000, Windows Me, or Windows XP
that has a USB interface. The USB connection requires special USB driver software that is supplied on the
SBG1000 Installation CD-ROM. You can upgrade your USB drivers from our Support and Downloads page.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Connecting a PC to the USB Port
You can connect a single PC running Windows 98, Windows XP, Windows Me, or Windows 2000 to the SBG1000
USB port.
Caution!
Before plugging in the USB cable, be sure the SBG1000 Installation CD-ROM is inserted in the PC
CD-ROM drive.
To connect a PC to the USB port:
1Insert the SBG1000 Installation CD-ROM in the CD-ROM drive.
2Connect the USB cable to the USB port on the SBG1000.
3Connect the other end to the USB port on the computer.
4Install the USB driver following the appropriate procedure for “Setting Up a USB Driver”.
Connecting the Printer
Connect the printer to the Motorola SURFboard Wireless Cable Modem Gateway printer port. If a cable was
supplied with the printer, use that cable. Consult your printer documentation to determine cabling requirements
from the SBG1000 to the printer.
After connecting the printer, power it on and follow the instructions for “Configuring the Print Server”.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Wall Mounting
If you mount the unit on the wall, you must:
•Locate the unit as specified by the local or national codes governing residential or business cable TV and
communications services.
•Follow all local standards for installing a network interface unit/network interface device (NIU/NID).
If possible, mount the unit to concrete, masonry, a wooden stud, or other very solid wall material. Use anchors if
necessary; for example, if you must mount the unit on drywall.
To mount your SBG1000 on the wall:
1Print the Wall Mounting Template on page 28:
Click the Print icon or choose Print from the File menu to display the Print dialog box. (The following image is
from Adobe Acrobat Reader® running on Windows 2000; there may be slight differences in your version.)
Be sure you print the template at 100% scale. Be sure Fit to page is not checked in the Print dialog box.
Click the OK button to print the template.
2Measure the printed template with a ruler to ensure that it is the correct size.
3Use a center punch to mark the center of the holes.
4On the wall, locate the marks for the mounting holes.
Caution!
Before drilling holes, check the structure for potential damage to water, gas, or electric lines.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Installing the Optional External Diversity Antenna
The optional Motorola External Diversity Antenna ANT11b provides an indoor operating range with WEP enabled
of at least:
DistanceData Transfer Rate
100 feet (30 meters)11 Mbps
165 feet (50 meters)5.5 Mbps
230 feet (75 meters)2 Mbps
300 feet (95 meters)1 Mbps
The maximum wireless operation distance depends on the type of materials through which the signal must pass
and the location of the diversity antennas and clients (stations). Motorola cannot guarantee wireless operation for
all supported distances in all environments.
To install the optional Motorola External Diversity Antenna:
1Be sure the SBG1000 is unplugged.
As with all electronic equipment, avoid potential shock by always unplugging the power cord from the wall
outlet or other power source before disconnecting it from the SBG1000 rear panel or external power supply.
2Remove the antennas on the SBG1000 by unscrewing the connectors. You may need a pair of needle nose
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Basic Configuration
The following sections provide information about basic SBG1000 configuration:
•Starting the SBG1000 Setup Program
•Changing the Default Password
•Enabling Remote Access
•Setting the Firewall Policy
•Gaming Configuration Guidelines
For more advanced configuration information, see “Configuring TCP/IP”, “Setting Up the Wireless LAN”,
“Configuring the Print Server”, or “Setting Up a USB Driver”.
For normal operation, you do not need to change most default settings. The following caution statements
summarize the issues you must be aware of:
Caution!
To prevent unauthorized configuration, change the default password immediately when you first
configure the SBG1000. See “Changing the Default Password”.
Firewalls are not foolproof. Choose the most secure firewall policy you can. See “Setting the Firewall
Policy”.
If you are using a wired LAN only and have no wireless clients, be sure you disable the wireless
interface by turning off Enable Wireless Interface on the Wireless > NETWORK Page.
For a wireless LAN only, be sure you follow the instructions in “Setting Up the Wireless LAN”.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
5Click Log In to display the SBG1000 user configuration and status windows:
ClickTo Perform
CableConfigure and monitor the cable system connection.
GatewayConfigure and monitor the gateway preferences (see Configuring the Gateway).
WirelessConfigure and monitor the wireless interface (see “Setting Up the Wireless LAN”).
FirewallConfigure and monitor the firewall (see “Setting the Firewall Policy”).
PrinterConfigure the print server (see “Configuring the Print Server”).
AdminChanging the Default Password.
InfoDisplay information about the
RebootRestart the SBG1000. It is the same as pressing the reset button on the rear panel for less than five seconds.
Log OutLog out of the SBG1000.
If you have difficulty starting the SBG1000 Setup Program, see “Troubleshooting” for information.
Router is a configuration option that may appear on your window but may not be supported.
After you edit some fields and click Apply, you are warned that you must reboot for your change to take effect.
Rebooting takes 10 to 15 seconds. After rebooting, you must log-in again.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Changing the Default Password
Caution!
To prevent unauthorized configuration, change the default password immediately when you first
configure the Motorola SURFboard Wireless Cable Modem Gateway.
To change the default password:
1On the SBG1000 Setup Program screen, click Admin to display the ADMIN — basic page:
2In the Old Password field, type the old password. The default password is “motorola” (this field is case
sensitive).
3In the New Password field, type the new password.
4In the Verify Password field, type the new password again.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Setting the Firewall Policy
The SBG1000 firewall protects the SBG1000 LAN from undesired attacks and other intrusions from the Internet.
This section describes using the Firewall > POLICY — basic page to
templates provided with the SBG1000.
Caution!
Firewalls are not foolproof. Choose the most secure firewall policy you can. To enable easy network
setup, the default firewall policy is None, which provides no security.
To select a predefined policy for all packets processed by the SBG1000 firewall:
1On the SBG1000 Setup Program left panel, click Firewall.
2Click POLICY.
3Click basic to display the predefined firewall policy templates:
choose one of the predefined firewall policy
4Select the most secure firewall policy you can:
HighThe safest predefined firewall policy template, providing the highest security. We recommend this setting.
Medium A predefined firewall policy template providing a common configuration having modest risk.
LowA predefined firewall policy template providing minimum security, with a higher risk of intrusions.
Custom You may need to create a custom firewall policy on the Firewall > POLICY — advanced Page. Do not
create a custom policy unless you have the necessary expertise and the need to do so.
NoneDisables the firewall. To enable easy network setup, it is the default. After you set up your network, use
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
5Click Apply to apply your changes.
After you edit some fields and click Apply, you are warned that you must reboot for your change to take effect.
Rebooting takes 10 to 15 seconds. After rebooting, you must log-in again.
If you have the need, you can:
•View the rules for the High, Medium, or Low predefined policy templates or create a custom policy on the
Firewall > POLICY — advanced Page
•Configure a firewall alert on Firewall > ALERT — basic Page and Firewall > ALERT — email Page
•View the firewall logs on the Firewall > LOGS — config Page
For information about how the firewall can affect gaming, see “Gaming Configuration Guidelines”.
The predefined policies provide outbound Internet access for computers on the SBG1000 LAN. The SBG1000
firewall uses stateful inspection to allow inbound responses when there already is an outbound session running
corresponding to the data flow. For example, if you use a web browser, outbound HTTP connections are permitted
on port 80. Inbound responses from the Internet are allowed because an outbound session is established.
When required, you can configure the SBG1000 firewall to allow inbound packets without first establishing an
outbound session. You also need to configure a port forwarding entry on the Gateway > PORT FORWARDING —
config Page or a DMZ client on the Gateway > LAN — nat config Page.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Firewall > POLICY — advanced Page
Do not create a custom firewall policy unless you have the necessary expertise and the need to do so. Instead,
select one of the predefined policy templates as described in “Setting the Firewall Policy”.
To create a custom firewall policy, first select Custom and click Apply on the Firewall > POLICY — basic Page.
Then use this page to configure a custom firewall policy:
To base the custom policy on a predefined firewall policy template, choose High, Medium, or Low in the Policy Temp late field and click Apply Policy Template.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Firewall > LOGS — config Page
If you enable the firewall by specifying a policy other than None (see “Setting the Firewall Policy”), you can use
this page to enable session, blocking, or intrusion logging.
Firewall > LOGS — config page fields
Field or ButtonDescription
Enable Session LogCheck this box to log every data session from the private LAN that was authorized by the
SBG1000 firewall. Usually, the session log displays a history of normal data traffic. It also lists
the start of sessions the firewall terminated because:
• The policy was changed
• They were eventually determined to be an intrusion or attack
To display the session log, click session.
Enable Blocking LogCheck this box to log inbound and outbound packets that the SBG1000 firewall:
• Does not allow to pass because they use protocols and/or ports not explicitly allowed by
the active policy
• Determines to be invalid because of a session or reassembly timeout
To display the blocking log, click blocking.
Enable Intrusion LogCheck this box to log attacks using common network intrusion tactics that the SBG1000
firewall detects and stops.
To display the intrusion log, click intrusion.
ApplyClick to apply your changes.
If you enable the firewall, the blacklist log is always generated. Any IP address the firewall determines to have
breached the active policy is added to the blacklist log. To view the blacklist log, click blacklist. The firewall blocks
all traffic to and from a blacklisted IP address for 24 hours or until you reboot the SBG1000 or manually clear the
blacklist by clicking Clear on the Firewall > LOGS — blacklist page.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Gaming Configuration Guidelines
The following subsections provide information about configuring the SBG1000 firewall and DMZ for gaming.
Configuring the Firewall for Gaming
By default, the SBG1000 firewall is disabled. If, as recommended, you enable the firewall, refer to the game’s
documentation to ensure that the necessary ports are open for use by that game.
The pre-defined SBG firewall policies affect X-Box Live
Low XBox Live data can pass through the firewall. No user action is required.
Medium or high To enable X-Box Live traffic to pass, you must configure:
• Choose Custom on the Firewall > POLICY — basic Page
• UDP 88:88 and UDP/TCP 3074:3074 on the Firewall > POLICY — advanced Page
Configuring Port Triggers
Because the SBG has pre-defined port triggers for games using any of the following applications, no user action is
required to enable them:
•DirectX
®
7 and Direct X® 8
TM
as follows:
•MSN Games by Zone.com
•Battle.net
For a list of games supported by Battle.net, visit http://www.battle.net.
You may need to create custom port triggers to enable other games to operate properly. If you set custom port
triggers and enable the firewall, you must customize the firewall to allow traffic through those ports. To create
custom port triggers, use the Gateway > PORT TRIGGERS — custom Page.
®
Configuring a Gaming DMZ Host
Caution!
The gaming DMZ host is not protected by the firewall. It is open to communication or hacking from any
computer on the Internet. Consider carefully before configuring a device to be in the DMZ.
Some games and game devices require one of:
•The use of random ports
•The forwarding of unsolicited traffic
For example, to connect a PlayStation® 2 for PS2® on-line gaming, designate it as the gaming DMZ host because
the ports required vary from game to game. For these games, we recommend configuring the gaming computer or
device as a gaming DMZ device.
To configure a gaming DMZ device, on the Gateway > LAN — dhcp leases Page:
1Reserve a private IP address for the computer or game device MAC address.
2Designate the device as a DMZ device.
You can reserve IP addresses for multiple devices, but only one can be designated as the gaming DMZ at once.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Configuring the Gateway
This section describes the Gateway configuration pages in the SBG1000 Setup Program:
•Gateway > STATUS Page
•Gateway > WAN Page
•Gateway > LAN — nat config Page
•Gateway > LAN — dhcp server config Page
•Gateway > LAN — dhcp leases Page
•Gateway > PORT FORWARDING — status Page
•Gateway > PORT FORWARDING — config Page
•Gateway > PORT TRIGGERS — predefined Page
•Gateway > PORT TRIGGERS — custom Page
•Gateway > LOG Page
After you edit some fields and click Apply, you are warned that you must reboot for your change to take effect.
Rebooting takes 10 to 15 seconds. After rebooting, you must log-in again.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Gateway > STATUS Page
This page displays the gateway status information:
These fields display settings that are set on the other Gateway pages. For field descriptions, see the following
subsections that describe the fields on each tab.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Gateway > WAN Page
Use this page to configure the external (public) wide area network (WAN) interface:
Gateway > WAN page fields
FieldDescription
Host NameIf the cable provider requires a hostname to access to their network, type the hostname they
provided in this field. The default is None.
Enable DHCP ClientEnabling the DHCP client causes the wireless gateway to automatically obtain the public IP
address, subnet mask, domain name, and DNS server(s). Most commonly, the DHCP client is
enabled if the cable provider automatically assigns a public IP address from their DHCP server.
Enable DHCP Client is on by default.
Disable DHCP ClientIf the cable provider does not automatically assign a public IP address using DHCP, they must
provide a static IP address. Select Disable DHCP Client. When you disable the DHCP client,
you must type the static IP address, subnet mask, DNS server(s), and domain name (if
necessary) in the fields provided. Disable DHCP Client is off by default.
Static IP AddressIf Disable DHCP Client is on, type the static IP address provided by the cable provider, in
dotted-decimal format. The default is None.
Static IP Subnet MaskIf Disable DHCP Client is on, type the subnet mask associated with the static IP address, in
dotted-decimal format. The default is None.
WAN Default GatewayWhen using a statically assigned IP address from your ISP, enter the default gateway the SBG
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Gateway > WAN page fields (continued)
FieldDescription
DNS IP Address 1
DNS IP Address 2
DNS IP Address 3
TCP Session Wait
Timeout
UDP Session Wait
Timeout
ICMP Session Wait
Timeout
ApplyClick to apply your changes.
The cable provider DNS server provides name-to-IP address resolution. If the cable provider
does not automatically assign DNS addresses from their DHCP server, they must provide at
least one DNS server IP address to enter in these fields, in dotted-decimal format. The default
is None.
Sets the maximum time in seconds to wait before assuming a TCP session has timed out. The
default is 24 hours.
Sets the maximum time in seconds to wait before assuming a UDP session has timed out. The
default is 300 seconds (5 minutes).
Sets the maximum time in seconds to wait before assuming an ICMP session has timed out.
The default is 300 seconds (5 minutes).
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Gateway > LAN — dhcp leases Page
Use this page to configure dhcp leases:
Gateway > LAN — dhcp leases page fields
FieldDescription
GAMING DMZ
Enable Gaming DMZCheck this box to designate the selected computer or gaming device as the gaming DMZ
host. For more information, see “Configuring a Gaming DMZ Host”. This can be useful if you
have difficulties running certain applications; typically gaming applications.
(Gaming) DMZ HostThe gaming DMZ host is a computer with a reserved IP address designated as the default
DMZ host. Only one gaming DMZ host can be active at once.
The gaming DMZ host is not protected by the firewall. It is open to communication or hacking
from any computer on the Internet. Consider carefully before configuring a computer to be in
the DMZ.
The benefit of using a gaming DMZ host instead of a NAT passthrough host is that a gaming
DMZ host does not require a public IP address as does a NAT passthrough host. If the
application requires a public IP address, configure the computer for NAT passthrough on the
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Gateway > LAN — dhcp leases page fields (continued)
FieldDescription
RESERVE NEW IP
ADDRESS
MAC AddressType the MAC address of the DHCP client for which a reserved IP address is required. The
IP AddressSets the host portion of the reserved IP address for the LAN client having the specified MAC
Host NameIf your ISP requires a hostname to access their network, enter the hostname provided to you
AddClick Add to reserve a new IP address.
CURRENTLY RESERVED
IP ADDRESSES
MAC AddressDisplays the client MAC address.
IP AddressDisplays its reserved IP address
Host NameDisplays its host name.
MethodDisplays dynamic and static lease status. Add or delete dynamic or static lease status in this
DeleteClick this box to remove the reserved IP address for the client.
DeleteClick this button to remove the reserved IP addresses for clients designated by the Delete
You can reserve up to 32 IP addresses assigned by the SBG1000 DHCP server for specific
LAN clients. For example, to ensure that they always receive the same private IP address,
you can reserve IP addresses for a private FTP server or gaming DMZ device.
format is 16 hexadecimal numerals.
address. When the LAN client requests an IP address, the SBG1000 DHCP server assigns
the client this IP address.
in the Host Name field.
Displays all DHCP clients having reserved IP addresses.
field.
box.
Gateway > PORT FORWARDING — status Page
Use this page to display the configured port forwarding entries on the SBG1000 LAN. The fields are the same as
on the Gateway > PORT FORWARDING — config Page:
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Gateway > PORT FORWARDING — config Page
Use this page to configure up to 32 virtual servers:
Gateway > PORT FORWARDING — config page fields
FieldDescription
ADD NEW PORT
FORWARDING ENTRY
Tem plat eIf you select Custom, you must set the Name, Port Start, Port End, and LAN IP Address.
NameType a unique identifier for the custom virtual server. The typical practice is to use the
Port StartSets the LAN internal interface port or the start of a port range. Inbound Internet connection
Port EndIf a range of ports is required, sets the end of the port range.
LAN IP AddressSets the private LAN IP address for the port forwarding page. An Internet user must know the
EnableCheck this box to enable the port forwarding entries to be accessed through NAT.
AddClick to add the virtual server to the PORT FORWARDING list.
PORT FORWARDINGDisplays the configured custom virtual servers.
You can configure up to 32 virtual servers.
If you select a predefined template such as HTTP or FTP, the Name, Port Start, Port End
values are provided. You only need to enter LAN IP Address and change default values only
if necessary.
protocol as a unique identifier (for example “ftp”).
requests are statically mapped to this port.
public IP address to access any port forwarding entry you define on the private LAN.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Gateway > PORT TRIGGERS — predefined Page
When you run a PC application that accesses the Internet, it communicates with a computer on the Internet. In
some applications, especially gaming, the computer on the Internet also communicates with your PC. Because
NAT does not normally allow these incoming connections, the SBG1000 supports port triggering.
The SBG1000 is preconfigured with port triggering for common applications. You can also configure additional
port triggers if needed. Configuring port triggers for an application requires:
•The application transport protocol — TCP or UDP
•The application port number
You can use the default values for the remaining parameters.
Only one PC at a time connected to the SBG1000 can use an application requiring port triggering. Use this page
to view predefined port triggers:
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Verifying the IP Address in Windows 2000 or Windows XP
To check the IP address:
1On the Windows Desktop, click Start.
2Select Run. The Run window is displayed.
3Ty pe cmd and click OK to display a command prompt window.
4Ty pe ipconfig and press ENTER to display the IP configuration. A display similar to the following indicates a
normal configuration:
If an Autoconfiguration IP Address is displayed as in the following window, there is an incorrect connection
between the PC and the SBG1000 or there are cable network problems. Check the cable connections and
determine if you can view cable-TV channels on your television:
After verifying the cable connections and proper cable-TV operation, renew the IP address.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Setting Up the Wireless LAN
You can use the SBG1000 as an access point for a wireless LAN without changing its default settings.
Caution!
The default SBG1000 settings provide no security for wireless data. After the wireless LAN is
operational, be sure to enable wireless security.
To enable security for your SBG1000 wireless LAN, you can do the following on the SBG1000:
To
Configure an Extended
Service Set Identifier (ESSID)
and enable closed network
operation
Enable Wired Equivalent
Privacy (WEP) encryption
and configure a WEP key
Restrict access to computers
with known MAC addresses
Perform on the
SBG1000
Configuring the Wireless
Network Name on the
SBG1000
Configuring WEP on the
SBG1000
Configuring a MAC
Access Control List on
the SBG1000
AdvantagesDisadvantages
Provides a unique name to
distinguish from other
nearby wireless LANs
Encrypts wireless dataYou must configure the WEP key
No configuration on client
required
No code that can be broken
You must configure the ESSID
on each client computer
Does not encrypt wireless data
on each client computer
You must input each client MAC
address on the SBG1000
Does not encrypt wireless data
Connect at least one computer to the SBG1000 Ethernet or USB port to use for performing configuration. Do not
attempt to configure the SBG1000 over a wireless connection.
You need to configure each wireless client station to access the SBG1000 LAN as described in “Configuring the
Wireless Clients”.
Caution!
Never provide the ESSID or WEP key to anyone who is not authorized to use your wireless LAN.
For descriptions of all wireless configuration fields, see “Wireless Pages in the SBG1000 Setup Program”.
Another common-sense step to improve wireless security is to place wireless components away from windows.
This decreases the signal strength outside the intended area.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Configuring the Wireless Network Name on the SBG1000
If you enable Closed Network on the SBG1000 Wireless > SECURITY — advanced Page, you must configure the
same network name (ESSID) on all wireless LAN clients (stations). Never provide the ESSID to anyone who is not
authorized to use your wireless LAN.
To configure the ESSID:
1Start the SBG1000 Setup Program as described in “Starting the SBG1000 Setup Program”.
2On the left frame, click Wireless.
3Click the NETWORK tab to display:
4In the ESSID field, type a unique name. It can be any alphanumeric, case-sensitive string up to
32 characters. The default is “Motorola.” Do not use the default ESSID.
5Click Save Changes to save your changes.
6To restrict wireless LAN access to clients configured with the same Network Name (ESSID) as the SBG1000,
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Configuring WEP on the SBG1000
Caution!
The default settings provide no security for wireless data. After the wireless LAN is operational, be sure
to enable Shared Key Authentication and Wired Equivalent Privacy (WEP) encryption. You must
configure the same WEP key on the SBG1000 access point and all wireless clients (stations). Never
provide the WEP key to anyone who is not authorized to use the wireless LAN.
To enable WEP and set the key on the SBG1000:
1On the SBG1000 Setup Program left frame, click Wireless.
2Click the SECURITY tab to display the Wireless > SECURITY — basic page:
3Set the following:
AuthenticationSets whether shared key authentication is enabled to provide data privacy on the wireless LAN:
• Open System — Any wireless LAN client can transmit data to any other client without
authentication. Open authentication provides no security for transmitted data. It is the default.
• Shared Key — All data transmitted over the wireless LAN is encrypted. The SBG1000
and transfers data to and from all clients having shared key authentication enabled and an identical
WEP key.
EncryptionUse a WEP key length that is compatible with your wireless client adapters. Choose one of:
• Enable 64-Bit — Use only if you have wireless clients that do not support 128-bit encryption
• Enable 128-Bit — The recommended setting for stronger encryption; supported by the Motorola
PCC11b wireless card, USB11b wireless adapter, and most current wireless adapters
• Disable WEP — Recommended during network setup only
Key 1 to Key 4Sets the active WEP key. You can enter up to four 64-bit or 128-bit WEP keys containing the
non-case-sensitive hexadecimal characters 0 to 9 and A to F. Only one key can be active:
• For 64-bit encryption, set the 10-character long key under Enable 64-Bit.
• For 128-bit encryption, set the 26-character long key under Enable 128-Bit.
For optimal security, we recommend changing the WEP keys frequently. Never provide the WEP key
to anyone who is not authorized to use your wireless LAN.
4If necessary, click Reset Wireless Defaults to reset the wireless defaults.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Configuring the Wireless Clients
For each wireless client computer (station), install the wireless client card or adapter — such as a Motorola
PCC11b wireless card or Motorola USB11b wireless adapter — following the instructions supplied with the card or
adapter.
Configure the card or adapter to obtain an IP address automatically. The Motorola PCC11b wireless card and
Motorola USB11b wireless adapter are supplied with a client configuration program called Wireless Client Manger,
which is installed in the Windows Startup group.
If Wireless Client Manager is running, the icon is displayed on the Windows task bar. Double-click the icon to
launch the utility.
After you correctly set the network name and WEP key on the client computer to match the SBG1000, you should
be able to use the computer to surf the Internet.
Configuring a Wireless Client with a Network Name (ESSID)
To distinguish it from other nearby wireless LANs, you can identify your wireless LAN with a unique network name
(also known as a network identifier or ESSID). When prompted for the network identifier, network name, or ESSID,
type the name set in the ESSID field on the Wireless > NETWORK Page in the SBG1000 Setup Program. For
more information, see “Configuring the Wireless Network Name on the SBG1000”.
After you specify the network name, many wireless cards or adapters automatically scan for anaccess point such
as the SBG1000 and the proper channel and data rate. If your card requires you to manually start scanning for an
access point, do so following the instructions in the documentation supplied with the card.
Never provide the ESSID to anyone who is not authorized to use your wireless LAN.
Configuring a Wireless Client for WEP
If shared key Authentication is enabled and a WEP key is set on the SBG1000 as described in “Configuring WEP
on the SBG1000”, you must enter the same WEP key on the wireless client. The SBG1000 cannot authenticate a
client if:
•Shared key Authentication is enabled on the SBG1000 but not on the client
•The client WEP key does not match the SBG1000 WEP key
Caution!
If shared key authentication is not enabled and no WEP key is set, there is no encryption for wireless
data. You must configure the same WEP key on the SBG1000 and all wireless clients. Never provide
the WEP key to anyone who is not authorized to use your wireless LAN.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Wireless Pages in the SBG1000 Setup Program
Use the Wireless pages to control and monitor the wireless interface:
•Wireless > STATUS Page
•Wireless > NETWORK Page
•Wireless > SECURITY — basic Page
•Wireless > SECURITY — advanced Page
•Wireless > STATISTICS page
After you edit some fields and click Apply, you are warned that you must reboot for your change to take effect.
Rebooting takes 10 to 15 seconds. After rebooting, you must log-in again.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Wireless > NETWORK Page
Use this page for:
•Configuring the Wireless Network Name on the SBG1000
•Configuring other wireless LAN settings
You can use the SBG1000 to operate a wireless LAN without changing its default settings.
Wireless > NETWORK page fields
Field Description
Enable Wireless
Interface
ESSIDSets a unique network name for the SBG1000 wireless LAN to distinguish between multiple
ChannelSets the wireless radio channel. You can change the channel if you encounter interference on
Home
Check this box to enable the wireless interface.
If you are not using the wireless interface, be sure this box us unchecked (disabled).
wireless LANs in the vicinity. If you enable Closed Network operation, all clients on the wireless
LAN must have the same ESSID (network name) as the SBG1000. It can be any alphanumeric, case-sensitive string up to 32 characters. The default is “Motorola.” We strongly
recommend not using the default. Never provide the ESSID to anyone who is not authorized to
use your wireless LAN.
the default channel. The default is 1 (one), except in countries where the first channel
permitted for wireless operation is not one.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Wireless > NETWORK page fields (continued)
Field Description
Basic RatesSets the wireless data transmission rates that all wireless LAN clients must be able to receive:
• 1, 2 Mbps. The
LAN has only legacy IEEE 802.11b clients.
• 1, 2, 5.5, and 11 Mbps. The
obstacles or interference, it automatically steps down to the highest rate that allows
transmission. Use this setting if the wireless LAN has fully-compliant IEEE 802.11b clients.
The default is 1, 2, 5.5, and 11 Mbps.
SBG1000 attempts to associate at 2 Mbps. Use this setting if the wireless
SBG1000 attempts to associate at 11 Mbps. If there are
Transmit PowerSets the transmit power on the
mW. The default is 32 mW. Transmit power control is an optional IEEE 802.11b feature.
RTS ThresholdThe Request To Send Threshold sets the packet size at which the access point issues an RTS
before sending the packet. A low RTS can help when many clients are associated with the
SBG1000 wireless access point — 1, 2, 5, 10, 25, 50, or 100
SBG1000 or when the clients are far apart and can detect the SBG1000 but not each other.
The value can be 0 to 2347 bytes. The default is 2347.
Fragmentation
Threshold
Enable Short Preamble Short preamble can improve throughput when the
Sets the size at which packets are fragmented (sent as several packets instead of as one
packet). A low Fragmentation Threshold can help when communication is poor or when there
is a significant interference.
The default is 2346. The value can be 256 to 2346 bytes.
SBG1000 access point and associated
clients operate at 2, 5.5, or 11 Mbps. If you enable short preamble, be sure all wireless clients
also support short preamble. Short preamble is an optional IEEE 802.11b feature that is useful
if maximum throughput is important and interoperability with legacy IEEE 802.11b equipment is
not required. The default is Disabled.
New StationType the MAC address of the wireless client to add to the MAC access control list. Use
the format xx:xx:xx:xx:xx:xx. The MAC access control list can contain one to 32 clients.
Add StationClick to add the New Station to the MAC access control list.
Wireless > STATISTICS page
Use this page to display wireless statistics.
Wireless > STATISTICS page fields
Field or ButtonDescription
Tra nsm itt ed
Fragment Count
Multicast
Tra nsm itt ed
Fragment Count
Failed CountThe number of MSDUs not transmitted successfully because the number of transmit attempts
Retry CountThe number of successfully transmitted MSDUs after one or more retransmissions.
Multiple Retry Count The number of successfully transmitted MSDUs after more than one retransmission.
Home
The number of acknowledged MAC protocol data units (MPDUs) with an address in the
address 1 field or an MPDU with a multicast address in the address 1 field of type data or
management.
The number of transmitted fragments when the multicast bit is set in the destination MAC
address of a successfully transmitted MAC service data unit (MSDU). When operating as a
STA in an ESS, where these frames are directed to the AP, this implies having received an
acknowledgment to all associated MPDUs.
exceeded the IEEE 802.11b short or long retry limit.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Wireless > STATISTICS page fields (continued)
Field or ButtonDescription
Frame Duplicate
Count
Request To Send
Success Count
Request To Send
Failure Count
Acknowledge Failed
Count
Received Fragment
Count
Multicast Received
Fragment Count
Frame Check
Sequence Error
Count
Transmitted Frame
Count
WEP Undecryptable
Count
RefreshClick to collect new data.
The number of frames received where the Sequence Control field indicated the frame was a
duplicate.
The number of CTS messages received in response to RTS messages.
The number of CTS messages not received in response to RTS messages.
The number of acknowledgment messages not received when expected from a data
message transmission.
The number of successfully received MPDUs of type Data or Management.
The number of MSDUs received when the multicast bit was set in the destination MAC
address.
The number of FCS errors detected in a received MPDU.
The number of successfully transmitted MSDUs.
This number of frames received with the WEP subfield of the Frame Control field set to one
and the WEP On key value mapped to the client MAC address. This indicates that the frame
should not have been encrypted or was discarded due to the receiving client not having WEP
enabled.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Configuring the Print Server
The SBG1000 print server supports a connected printer using Microsoft, UNIX (Linux), or Apple printing.
To configure the print server
1Start the Setup Program as described in “Starting the SBG1000 Setup Program”.
2On the left frame, click Printer to display the Printer CONFIGURATION > basic page:
3(Optional) For a printer that supports bi-directional communication, you can enable Extended Capabilities
Port (ECP) Mode, which can provide a performance benefit over a standard port.
4Use the following pages to configure the print server for the necessary platform(s):
WindowsPrinter > CONFIGURATION — Microsoft smb Page
MacintoshPrinter > CONFIGURATION — Apple Page
5Power off the SBG1000.
6Connect the printer to the printer port on the SBG1000 rear panel.
7Power on the printer.
8Power on the SBG1000. If printer configuration was successful, the printer icon lights on the SBG1000 front
panel.
If the printer icon is not displayed, check the printer cable connection and power the printer and the SBG1000
off and on again. Verify that Enable printer is checked on the Printer CONFIGURATON > basic page.
9Add the printer to each computer following one of:
•Adding a Printer in Windows 98 or Windows Me
•Adding a Printer in Windows 2000
•Adding a Printer in Windows XP
For information about using the line printer (lpr) command to print a file, see “Printing a File Using a Command”.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Printer > CONFIGURATION — Apple Page
Use this page to configure the print server for AppleTalk printing:
Printer > CONFIGURATION — Apple page fields
FieldDescription
AppleTalk ZoneSets the AppleTalk zone having access to the print server. The zone name can be up to 32
characters long. The default “*” enables all AppleTalk zones to use the printer(s) connected to
the print server.
Printer TypeSets the printer type. The default, LaserWriter, is used for most AppleTalk printers. If you have
an Epson printer that supports AppleTalk, it has a different printer type, found in the Epson
printer manual or web site. The
AppleTalk zone and printer type are the same.
Communication Protocol Standard - if the printer uses a communication protocol that supports sending and receiving
ASCII data. The Standard protocol is typically supported on devices using RS-232 and
centronics channels. The default is ASCII.
Binary Communication Protocol (BCP) - if the printer can send and receive binary data. BCP is
used by some devices for flow control, status request, abort job, and end of file functions. BCP
can provide a significant performance advantage over ASCII printing on serial and parallel
ports.
Tagged Binary Communication Protocol (TBCP) - for a printer containing a
language-independent feature to determine which language interprets a print job. TBCP is
typically supported by PJL printers.
To determine the protocol a printer supports, see the documentation provided with the printer.
ApplyClick to apply your changes.
SBG1000 print server only responds to the Chooser if the
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Printer > CONFIGURATION — lpr Page
This page enables you to configure the print server for Printing a File Using a Command in Windows, UNIX, or
Linux. There is usually no reason to change the defaults.
Printer > CONFIGURATION — lpr page fields
FieldDescription
Printer IP AddressDisplays the printer IP address, which is based on the SBG1000 LAN IP address. The default
is 192.168.100.1.
Queue NameSets the queue name; typically lpx; where x is 0, 1, 2,... The default is L1.
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
21 In the Network path or queue name field, type \\Print Server Name\Queue Nameand click Next. It must
match the Print Server Name\Queue Name set on the Printer > CONFIGURATION — Microsoft smb Page.
The default is \\SBG1000\P1.
22 Click the manufacturer of the printer connected to the SBG1000.
23 Click the printer model.
If your printer is not listed, its driver software is not installed in Windows on the PC. You need to provide the
driver from a disk supplied with the printer or download the driver from the Internet.