ARRIS SBG940-1 User Manual

User Guide

SBG940

Wireless Cable Modem Gateway

Overview Installation Troubleshooting Contact FAQ Specifications Glossary License

Configuration: Basic Gateway TCP/IP Wireless USB

WAR N ING: TO PREVENT FIRE OR SHOCK HAZARD, DO NOT EXPOSE THIS PRODUCT TO RAIN OR

MOISTURE. THE UNIT MUST NOT BE EXPOSED TO DRIPPING OR SPLASHING. DO NOT PLACE OBJECTS FILLED WITH LIQUIDS, SUCH AS VASES, ON THE UNIT.

CAUTION: TO PREVENT ELECTRIC SHOCK, THIS EQUIPMENT MAY REQUIRE A GROUNDING CONDUCTOR IN THE LINE CORD. CONNECT THE UNIT TO A GROUNDING TYPE AC WALL OUTLET USING THE POWER CORD SUPPLIED WITH THE UNIT.

CAUTION: THIS PRODUCT WAS QUALIFIED UNDER TEST CONDITIONS THAT INCLUDED THE USE OF THE SUPPLIED CABLES BETWEEN SYSTEMS COMPONENTS. TO ENSURE REGULATORY AND SAFETY COMPLIANCE, USE ONLY THE PROVIDED POWER AND INTERFACE CABLES AND INSTALL THEM PROPERLY.

CAUTION: DIFFERENT TYPES OF CORD SETS MAY BE USED FOR CONNECTIONS TO THE MAIN SUPPLY CIRCUIT. USE ONLY A MAIN LINE CORD THAT COMPLIES WITH ALL APPLICABLE PRODUCT SAFETY REQUIREMENTS OF THE COUNTRY OF USE.

CAUTION: INSTALLATION OF THIS PRODUCT MUST BE IN ACCORDANCE WITH NATIONAL WIRING CODES AND CONFORM TO LOCAL REGULATIONS.

CAUTION: DO NOT OPEN THE UNIT. DO NOT PERFORM ANY SERVICING OTHER THAN THAT CONTAINED IN THE INSTALLATION AND TROUBLESHOOTING INSTRUCTIONS. REFER ALL SERVICING TO QUALIFIED SERVICE PERSONNEL.

CAUTION: CHANGES AND MODIFICATIONS NOT EXPRESSLY APPROVED BY MOTOROLA FOR COMPLIANCE COULD VOID USER’S AUTHORITY TO OPERATE THE EQUIPMENT.

When using this device, basic safety precautions should always be followed to reduce the risk of fire, electric shock and injury to persons, including the following:

• Read all of the instructions listed here and/or in the user manual before you operate this equipment. Give

particular attention to all safety precautions. Retain the instructions for future reference.

• This device must be installed and used in strict accordance with manufacturer’s instructions as described in

the user documentation that comes with the product.

• Comply with all warning and caution statements in the instructions. Observe all warning and caution symbols

that are affixed to this equipment.

• Comply with all instructions that accompany this equipment.

• Do not overload outlets or extension cords, as this can result in a risk of fire or electric shock. Overloaded AC

outlets, extension cords, frayed power cords, damaged or cracked wire insulation, and broken plugs are dangerous. They may result in a shock or fire hazard.

• Route power supply cords so that they are not likely to be walked on or pinched by items placed upon or

against them. Pay particular attention to cords where they are attached to plugs and convenience receptacles, and examine the point where they exit from the product.

• Place this equipment in a location that is close enough to an electrical outlet to accommodate the length of

the power cord.

• Place unit to allow for easy access when disconnecting the power cord of the device from the AC wall outlet.

• Do not connect the plug into an extension cord, receptacle, other outlet unless the plug can be fully inserted

with no part of the blades exposed.

• Place this equipment on a stable surface.

Home

ExitPrint

ii SBG940 User Guide

Overview Installation Troubleshooting Contact FAQ Specifications Glossary License

Configuration: Basic Gateway TCP/IP Wireless USB

• Postpone cable modem installation until there is no risk of thunderstorm or lightning activity in the area.

• Avoid using this product during an electrical storm. There may be a risk of electric shock from lightning. For

added protection for this product during a lightning storm, or when it is left unattended and unused for long periods of time, unplug it from the wall outlet, and disconnect the cable system. This will prevent damage to the product due to lightning and power surges.

• It is recommended that the customer install an AC surge protector in the AC outlet to which this device is

connected. This is to avoid damaging the equipment by local lightning strikes and other electrical surges.

• Do not cover the device, or block the airflow to the device with any other objects. Keep the device away from

excessive heat and humidity and keep the device free from vibration and dust.

• Wipe the unit with a clean, dry cloth. Never use cleaning fluid or similar chemicals. Do not spray cleaners

directly on the unit or use forced air to remove dust.

• Avoid damaging the cable modem with static by touching the coaxial cable when it is attached to the earth

grounded coaxial cable TV wall outlet.

• Always first touch the coaxial cable connector on the cable modem when disconnecting or re-connecting USB

or Ethernet cable from the cable modem or the user’s PC.

• Operate this product only from the type of power source indicated on the product’s marking label. If you are

not sure of the type of power supplied to your home, consult your dealer or local power company.

• Upon completion of any service or repairs to this product, ask the service technician to perform safety checks

to determine that the product is in safe operating condition.

Be sure that the outside cable system is grounded, so as to provide some protection against voltage surges and built-up static charges. Article 820-20 of the NEC (Section 54, Part I of the Canadian Electrical Code) provides guidelines for proper grounding and, in particular, specifies the CATV cable ground shall be connected in the grounding system of the building, as close to the point of cable entry as practical.

Apparaten skall anslutas till jordat uttag när den ansluts ett näverk.

FCC Compliance Class B Digital Device

This device complies with part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.

Note: This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

• Reorient or relocate the receiving antenna.

• Increase the separation between the equipment and receiver.

• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.

• Consult the dealer or an experienced radio/TV technician for help.

Home

ExitPrint

iii SBG940 User Guide

Overview Installation Troubleshooting Contact FAQ Specifications Glossary License

Configuration: Basic Gateway TCP/IP Wireless USB

FCC Certification

This product contains a radio transmitter and accordingly has been certified as compliant with 47 CFR Part 15 of the FCC Rules for intentional radiators. Products that contain a radio transmitter are labeled with FCC ID and the FCC logo.

CAUTION: Exposure to Radio Frequency Radiation.

To comply with the FCC RF exposure compliance requirements, the separation distance between the antenna and any person’s body (including hands, wrists, feet and ankles) must be at least 20 cm (8 inches).

Canada - Industry Canada (IC)

The wireless radio of this device complies with RSS 210 and RSS 102 of Industry Canada.

This Class B digital device complies with Canadian ICES-003.

Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.

To prevent radio interference to the licensed service, this device is intended to be operated indoors and away from windows to provide maximum shielding. Equipment (or its transmit antenna) that is installed outdoors is subject to licensing.

Only use the antenna(s) provided with this product or an antenna approved by Motorola.

Regulatory, Safety, Software License, and Warranty Information Card

This product is provided with a separate Regulatory, Safety, Software License, and Warranty Information card. If one is not provided with this product, please ask your service provider or point-of-purchase representative, as the case may be.

• THIS PRODUCT IS IN COMPLIANCE WITH ONE OR MORE OF THE STANDARDS LISTED ON THE

REGULATORY, SAFETY, SOFTWARE LICENSE, AND WARRANTY INFORMATION CARD. NOT ALL STANDARDS APPLY TO ALL MODELS.

• NO WARRANTIES OF ANY KIND ARE PROVIDED BY MOTOROLA WITH RESPECT TO THIS PRODUCT,

EXCEPT AS STATED ON THE REGULATORY, SAFETY, SOFTWARE LICENSE, AND WARRANTY INFORMATION CARD. MOTOROLA’S WARRANTIES DO NOT APPLY TO PRODUCT THAT HAS BEEN REFURBISHED OR REISSUED BY YOUR SERVICE PROVIDER.

All rights reserved. No part of this publication may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation or adaptation) without written permission from Motorola, Inc.

Motorola reserves the right to revise this publication and to make changes in content from time to time without obligation on the part of Motorola to provide notification of such revision or change. Motorola provides this guide without warranty of any kind, either implied or expressed, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Motorola may make improvements or changes in the product(s) described in this manual at any time.

MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. Microsoft, Windows, Windows Me, Windows NT, and Xbox are registered trademarks and used by permission of Microsoft Corporation. trademark of Iomega Corporation. Linux is a registered trademark of Linus Torvalds. Acrobat Reader is a registered trademark of Adobe Systems, Inc. Netscape and Navigator are registered trademarks of Computer Entertainment Inc. trademark of the Wi-Fi Alliance. All other

Windows XP and Xbox Live are trademarks of

Macintosh and AppleTalk are registered trademarks

UNIX is a registered trademark of the Open Group in the United States and other countries. Wi-Fi is a registered

product or service names are the property of their respective owners.

Netscape Communications Corporation

Microsoft Corporation. Microsoft Windows screen shots are

of Apple Computer, Inc. Iomega is a registered

. PlayStation is a registered trademark of

Sony

Home

ExitPrint

iv SBG940 User Guide

Contents

Overview Installation Troubleshooting Contact FAQ Specifications Glossary License

Configuration: Basic Gateway TCP/IP Wireless USB

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Easy Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Network Connection Types . . . . . . . . . . . . . . . . . . . . . . 2

Powerful Features in a Single Unit . . . . . . . . . . . . . . . . . 2

Sample Hybrid LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Optional Accessories . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Front Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Rear Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Label on the Bottom of the SBG940 . . . . . . . . . . . . . . . 7

SBG940 LAN Choices . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Wireless LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Wired Ethernet LAN . . . . . . . . . . . . . . . . . . . . . . . . . . 9

USB Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

DMZ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Port Triggering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Wireless Security . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Port Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Virtual Private Networks . . . . . . . . . . . . . . . . . . . . . . . . 14

Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . 14

Installation. . . . . . . . . . . . . . . . . . . . . . . . . 15

Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Precautions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Signing Up for Service . . . . . . . . . . . . . . . . . . . . . . . . . 16

Computer System Requirements . . . . . . . . . . . . . . . . . 17

Connecting the SBG940 to the Cable System . . . . . . . 18

Cabling the LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Obtaining an IP Address for Ethernet . . . . . . . . . . . . . 19

Obtaining an IP Address in Windows 98,

Windows 98 SE, or Windows Me . . . . . . . . . . . . . . . 19

Obtaining an IP Address in Windows 2000 or

Windows XP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Obtaining an IP Address on Macintosh or UNIX

Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Connecting a PC to the USB Port . . . . . . . . . . . . . . . . 20

Wall Mounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Wall Mounting Template . . . . . . . . . . . . . . . . . . . . . 23

Basic Configuration . . . . . . . . . . . . . . . . . 24

Starting the SBG940 Setup Program . . . . . . . . . . . . . . 25

Changing the Default Password . . . . . . . . . . . . . . . . . 27

Enabling Remote Access . . . . . . . . . . . . . . . . . . . . . . . 28

Getting Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Setting the Firewall Policy . . . . . . . . . . . . . . . . . . . . . . 30

Firewall > POLICY — advanced Page . . . . . . . . . . 32

Firewall > ALERT — basic Page . . . . . . . . . . . . . . . 34

Firewall > ALERT — email Page . . . . . . . . . . . . . . . 35

Firewall > LOGS Page . . . . . . . . . . . . . . . . . . . . . . 36

Gaming Configuration Guidelines . . . . . . . . . . . . . . . . 37

Configuring the Firewall for Gaming . . . . . . . . . . . . 37

Configuring Port Triggers . . . . . . . . . . . . . . . . . . . . 37

Configuring a Gaming DMZ Host . . . . . . . . . . . . . . 38

Configuring the Gateway . . . . . . . . . . . . . 39

Gateway > STATUS Page . . . . . . . . . . . . . . . . . . . . . 40

Gateway > WAN Page . . . . . . . . . . . . . . . . . . . . . . . . 41

Gateway > LAN — nat config Page . . . . . . . . . . . . . . 43

Gateway > LAN — dhcp server config Page . . . . . . . . 44

Gateway > LAN — dhcp leases Page . . . . . . . . . . . . . 45

Gateway > PORT FORWARDING — status Page . . . 46

Gateway > PORT FORWARDING — config Page . . . 47

Gateway > PORT TRIGGERS — predefined Page . . 48

Gateway > PORT TRIGGERS — custom Page . . . . . 50

Gateway > LOG Page . . . . . . . . . . . . . . . . . . . . . . . . . 51

Configuring TCP/IP . . . . . . . . . . . . . . . . . . 52

Configuring TCP/IP in Windows 95, Windows 98, or

Windows Me . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Configuring TCP/IP in Windows 2000 . . . . . . . . . . . . . 55

Configuring TCP/IP in Windows XP . . . . . . . . . . . . . . 59

Verifying the IP Address in Windows 95, Windows 98,

or Windows Me . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Verifying the IP Address in Windows 2000 or Windows XP .64

Setting Up Your Wireless LAN. . . . . . . . . 66

Encrypting Wireless LAN Transmissions . . . . . . . . . . 67

Configuring WPA on the SBG940 . . . . . . . . . . . . . . 68

Configuring WEP on the SBG940 . . . . . . . . . . . . . . 70

Restricting Wireless LAN Access . . . . . . . . . . . . . . . . 72

Configuring the Wireless Network Name on

the SBG940 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Configuring a MAC Access Control List on the SBG940 .75

Configuring the Wireless Clients . . . . . . . . . . . . . . . . . 76

Configuring a Wireless Client for WPA . . . . . . . . . . 77

Configuring a Wireless Client for WEP . . . . . . . . . . 77

Configuring a Wireless Client with the Network

Name (ESSID) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Home

ExitPrint

v SBG940 User Guide

Overview Installation Troubleshooting Contact FAQ Specifications Glossary License

Configuration: Basic Gateway TCP/IP Wireless USB

Wireless Pages in the SBG940 Setup Program . . . . . .78

Wireless > STATUS Page . . . . . . . . . . . . . . . . . . . . 79

Wireless > NETWORK Page . . . . . . . . . . . . . . . . . .80

Wireless > SECURITY — basic Page . . . . . . . . . . . 82

Wireless > SECURITY — advanced Page . . . . . . . .83

Wireless > STATISTICS page . . . . . . . . . . . . . . . . .84

Setting Up a USB Driver . . . . . . . . . . . . . . 86

Setting Up a USB Driver in Windows 98 . . . . . . . . . . .87

Setting Up a USB Driver in Windows 2000 . . . . . . . . . 91

Setting Up a USB Driver in Windows Me . . . . . . . . . . . 94

Setting Up a USB Driver in Windows XP . . . . . . . . . . .95

Removing the USB Driver from Windows 98 or

Windows Me . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Removing the USB Driver from Windows 2000 . . . . . . 99

Removing the USB Driver from Windows XP . . . . . . .102

Troubleshooting . . . . . . . . . . . . . . . . . . . 107

Front-Panel Lights and Error Conditions . . . . . . . . . .108

Frequently-Asked Questions. . . . . . . . . 110

Specifications . . . . . . . . . . . . . . . . . . . . . 112

Glossary. . . . . . . . . . . . . . . . . . . . . . . . . . 114

Software License . . . . . . . . . . . . . . . . . . 132

Home

ExitPrint

vi SBG940 User Guide

Overview Installation Troubleshooting Contact FAQ Specifications Glossary License

Configuration: Basic Gateway TCP/IP Wireless USB

Overview

Thank you for purchasing a Motorola® SURFboard® Wireless Cable Modem Gateway SBG940 for your home, home office, or small business/enterprise. Applications where the SURFboard Gateway (SBG) is especially useful include:

• Households having multiple computers requiring connection to the Internet and each other

• Small businesses or home offices requiring fast, affordable, and secure Internet access

• Internet gamers desiring easier setup for:

— Programs such as DirectX® 7 or DirectX® 8

— Sites such as MSN Games by Zone.com or Battle.net

• Video conferencing

The features and physical appearance of your SBG940 may differ slightly from the picture.

A home network enables you to share information between two or more computers. You can connect your home network to the Internet through the cable TV system. The SBG940 is the central connection point between your computers and the Internet. It directs (routes) information between the computers connected to your home network. A built-in cable modem transmits information between your home network and the Internet. An SBG940:

• Combines four separate products — a DOCSIS

Ethernet 10/100Base-T connections, and firewall — into one compact unit

cable modem, IEEE 802.11g wireless access point,

• Enables you to create a custom network sharing a single broadband connection, files, and peripherals, with

or without wires

• Has an advanced firewall for enhanced network security for wired and wireless users

• Provides easy setup

This product is subject to change. Not all features described in this guide are available on all SBG940 models.

For the most recent documentation, visit the Cable Modems and Gateways page on the Motorola Broadband website http://broadband.motorola.com/.

Home

ExitPrint

1 SBG940 User Guide

Overview Installation Troubleshooting Contact FAQ Specifications Glossary License

Configuration: Basic Gateway TCP/IP Wireless USB

Easy Setup

It is much easier to configure a local area network (LAN) using an SBG940 than using traditional networking equipment:

• For basic operation, most default settings require no modification.

• The Setup Program provides a graphical user interface (GUI) for easy configuration of necessary wireless,

Ethernet, router, DHCP, and security settings. For information about using the Setup Program, see “Basic

Configuration”.

Network Connection Types

The SBG940 provides different network connection types for your computers to exchange data. The connection between your computers and the SBG940 may be with a wireless or a wired connection or a combination of the two. Your network can use one or any combination of all the following network connections:

• Ethernet local area network (LAN)

• Wireless LAN (IEEE 802.11g that also supports IEEE 802.11b wireless clients)

• Universal Serial Bus (USB)

Powerful Features in a Single Unit

An SBG940 combines high-speed Internet access, networking, and computer security for a home or small-office LAN. An SBG940 provides:

• An integrated high-speed SURFboard cable modem for continuous broadband access to the Internet and

other online services, with much faster data transfer than traditional dial-up or ISDN modems

• A single broadband connection for up to 253 computers to surf the web; all computers on the LAN

communicate as if they were connected to the same physical network

• An IEEE 802.11g wireless access point to enable laptop users to remain connected while moving around the

home or small office or to connect desktop computers without installing network wiring. Depending on distance, wireless connection speeds can match that of Ethernet.

• A USB connection for a single PC

• Four 10/100Base-T Ethernet uplink ports supporting half- or full-duplex connections and Auto-MDIX

• Routing for a wireless LAN (WLAN) or a wired Ethernet LAN; you can connect more than four computers

using hubs and/or switches

• A built-in DHCP server to easily configure a combined wired and/or wireless Class C private LAN

• An advanced firewall supporting stateful-inspection, intrusion detection, DMZ, denial-of-service attack

prevention, and Network Address Translation (NAT)

• Virtual private network (VPN) pass-through operation supporting IPSec, PPTP, or L2TP to securely connect

remote computers over the Internet

• Port Forwarding to configure ports to run applications having special network requirements

Home

ExitPrint

2 SBG940 User Guide

Overview Installation Troubleshooting Contact FAQ Specifications Glossary License

Configuration: Basic Gateway TCP/IP Wireless USB

Sample Hybrid LAN

The sample LAN illustrated on this page contains the following devices, all protected by the SBG940 firewall Clockwise from top-right, the devices are:

• A PDA on a wireless connection

• One desktop Apple Macintosh

• One desktop PC on a wireless connection using a Motorola Wireless PCI Adapter

• A laptop PC on a wireless connection using a Motorola Wireless Notebook Adapter

• One PC connected to the USB port

• Three computers connected to Ethernet port one using a hub or switch

• One computer connected directly to Ethernet port two

computer on a wireless connection

Internet

SBG940

Ethernet

High-speed HFC

cable network

Wireless

Firewall

To A C power

USB

Hub or switch

Home

ExitPrint

3 SBG940 User Guide

Overview Installation Troubleshooting Contact FAQ Specifications Glossary License

Configuration: Basic Gateway TCP/IP Wireless USB

Optional Accessories

All networks are composed of multiple devices. The SBG940 works with any IEEE 802.11g or IEEE 802.11b compliant client product. Motorola supplies a range of accessories for use with the SBG940. Some examples are:

Wireless Ethernet

Bridge WE800G

Wireless Notebook

Adapter WN825G

For up-to-date information about accessories and home networking options, including product documentation, visit the Motorola Home Networking page http://broadband.motorola.com/consumers/home_networking.asp.

Wireless USB

Adapter WU830G

Ethernet Broadband

Router BR700

Wireless PCI Adapter

WPCI810G

Home

ExitPrint

4 SBG940 User Guide

Overview Installation Troubleshooting Contact FAQ Specifications Glossary License

Configuration: Basic Gateway TCP/IP Wireless USB

Front Panel

The front panel provides indicator lights. The display is dark unless there is a connection or activity on an interface:

123

Key Light Flashing On

1 Never flashes The AC power is connected properly

2 DS Scanning for a receive (downstream)

channel connection

3 US Scanning for a send (upstream) channel

connection

4 ONLINE Scanning for a network connection The startup process is complete and the SBG940

5 Transmitting or receiving data over

the Internet

6 Ethernet activity on the port (1 to 4) There is a connection to the port (1 to 4):

7 USB activity Lights green if there is a proper USB connection

8 Wireless activity The wireless interface is on (Enable Wireless

Home

ExitPrint

5 SBG940 User Guide

The downstream channel is connected

The upstream channel is connected

is online

Is never lit solid

• Green for 100Base-T

• Yellow for 10Base-T

Interface is selected on the Wireless > NETWORK

Page in the SBG940 Setup Program)

Overview Installation Troubleshooting Contact FAQ Specifications Glossary License

Configuration: Basic Gateway TCP/IP Wireless USB

Rear Panel

The rear panel provides cabling connectors, status lights, and the power receptacle:

2345671

Key Item Description

1 An adjustable, but non-removable antenna. Do not attempt to force this antenna off the unit.

2 Use any Ethernet port to connect an Ethernet LAN cable with RJ-45 connectors to an

Ethernet-equipped computer, hub, bridge, switch or Xbox or PlayStation

3 For Windows only, use the USB port for Connecting a PC to the USB Port. You cannot connect the

SBG940 USB port to a Macintosh or UNIX

5 Use the cable connector to connect to the coaxial cable outlet.

6 Removable, adjustable antenna. If necessary, contact your cable provider about obtaining an optional

7 Use the AC connector to connect to the AC power outlet.

RESET If you experience a problem, you can push this recessed button to restart the SBG940 (see

“Troubleshooting”). To reset all values to their defaults, hold down the button for more than five seconds appropriate communications channels.

Motorola wireless high gain antenna to increase WLAN performance and coverage.

. Resetting may take 5 to 30 minutes because the SBG940 must find and lock on the

computer.

2 gaming console.

Home

ExitPrint

6 SBG940 User Guide

Overview Installation Troubleshooting Contact FAQ Specifications Glossary License

Configuration: Basic Gateway TCP/IP Wireless USB

Label on the Bottom of the SBG940

To receive data service, you need to provide the MAC address marked HFC MAC ID to your cable provider:

HFC MAC ID

SBG940 LAN Choices

The SBG940 enables you to connect up to 253 client computers on a combination of:

• Wireless LAN

• Wired Ethernet LAN

• USB Connection

Each computer needs appropriate network adapter hardware and driver software. The clients on the Ethernet, wireless, or USB interfaces can share:

• Internet access with a single cable provider account, subject to cable provider terms and conditions

• Files, printers, storage devices, multi-user software applications, games, and video conferencing

Wireless and wired network connections use Windows networking to share files and peripheral devices such as printers, CD-ROM drives, floppy disk drives, and Iomega

Zip Drives.

Home

ExitPrint

7 SBG940 User Guide

Overview Installation Troubleshooting Contact FAQ Specifications Glossary License

Configuration: Basic Gateway TCP/IP Wireless USB

Wireless LAN

Wireless communication occurs over radio waves rather than a wire. Like a cordless telephone, a WLAN uses radio signals instead of wires to exchange data. A wireless network eliminates the need for expensive and intrusive wiring to connect computers throughout the home or office. Mobile users can remain connected to the network even when carrying their laptop to different locations in the home or office.

Each computer on a WLAN requires a wireless adapter shown in “Optional Accessories”:

Laptop PCs Use a Motorola Wireless Notebook Adapter or compatible product in the PCMCIA slot.

Desktop PCs Use a Motorola Wireless PCI Adapter, Wireless USB Adapter, or compatible product in the PCI slot or

USB port, respectively.

Sample wireless network connections

To A C power

SBG940

Computer with wired

connection used to

run SBG940

Setup Program

To set up the SBG940, on a computer wired to the SBG940 over Ethernet or USB, perform the procedures in “Setting Up Your Wireless LAN”. Do not attempt to configure the SBG940 over a wireless connection.

Your maximum wireless operation distance depends on the type of materials through which the signal must pass and the location of your antennas and clients (stations). Motorola cannot guarantee wireless operation for all

supported distances in all environments.

An optional Motorola high gain antenna can improve wireless performance. For information about available optional antennas for your SBG940, contact your cable provider.

Home

ExitPrint

8 SBG940 User Guide

Overview Installation Troubleshooting Contact FAQ Specifications Glossary License

Configuration: Basic Gateway TCP/IP Wireless USB

Wired Ethernet LAN

Each computer on the 10/100Base-T Ethernet LAN requires an Ethernet network interface card (NIC) and driver software installed. Because the SBG940 Ethernet port supports auto-MDIX, you can use straight-through or cross-over cable to connect a hub, switch, or computer. Use category 5 cabling for all Ethernet connections.

The physical wiring arrangement has no connection to the logical network allocation of IP addresses.

Sample Ethernet to computer connection

Coaxial

cable

To A C power

Category 5 Ethernet cable

SBG940

Home

ExitPrint

9 SBG940 User Guide

Overview Installation Troubleshooting Contact FAQ Specifications Glossary License

Configuration: Basic Gateway TCP/IP Wireless USB

A wired Ethernet LAN with more than four computers requires one or more hubs, switches, or routers. You can:

• Connect a hub or switch to any Ethernet port on the SBG940

• Use Ethernet hubs, switches, or routers to connect up to 253 computers to the SBG940

The following illustration is an example of an Ethernet LAN you can set up using the SBG940. Cable the LAN in an appropriate manner for the site. A complete discussion of Ethernet cabling is beyond the scope of this document.

Sample Ethernet connection to hubs or switches

To A C power

SBG940

Add additional hubs or switches

for further expansion

Home

ExitPrint

10 SBG940 User Guide

Overview Installation Troubleshooting Contact FAQ Specifications Glossary License

Configuration: Basic Gateway TCP/IP Wireless USB

USB Connection

You can connect a single PC running Windows®98, Windows XP™, Windows Me®, or Windows®2000 to the SBG940 USB V1.1 port. For cabling instructions, see “Connecting a PC to the USB Port”.

Caution!

Before plugging in the USB cable, be sure the SBG940 Installation CD-ROM is inserted in the PC CD-ROM drive.

Sample USB connection

To A C power

SBG940

Home

ExitPrint

11 SBG940 User Guide

Overview Installation Troubleshooting Contact FAQ Specifications Glossary License

Configuration: Basic Gateway TCP/IP Wireless USB

Security

The SBG940 provides:

• A firewall to protect the SBG940 LAN from undesired attacks over the Internet

• For wireless transmissions, data encryption and network access control

Network Address Translation (NAT) provides some security because the IP addresses of SBG940 LAN computers are not visible on the Internet.

This diagram does not necessarily correspond to the network cabling. A full discussion of network security is beyond the scope of this document.

SBG940 security measures shown in a logical network diagram

Internet

SBG940

DMZ computer

Firewall

Wireless Security:

Encryption, MAC access control,

or closed network operation

ComputerComputer

Wired Ethernet LAN Wireless LAN

LaptopComputer PDA

Firewall

The SBG940 firewall protects the SBG940 LAN from undesired attacks and other intrusions from the Internet. It provides an advanced integrated stateful-inspection firewall supporting intrusion detection, session tracking, and denial-of-service attack prevention. The firewall:

• Maintains state data for every TCP/IP session on the OSI network and transport layers

• Monitors all incoming and outgoing packets, applies the firewall policy to each one, and screens for improper

packets and intrusion attempts

• Provides comprehensive logging for all:

— User authentications

— Rejected internal and external connection requests

— Session creation and termination

— Outside attacks (intrusion detection)

You can configure the firewall filters to set rules for port usage. For information about choosing a predefined firewall policy template, see “Setting the Firewall Policy”.

Home

ExitPrint

12 SBG940 User Guide

Overview Installation Troubleshooting Contact FAQ Specifications Glossary License

Configuration: Basic Gateway TCP/IP Wireless USB

DMZ

A de-militarized zone (DMZ) is one or more computers logically located outside the firewall between an SBG940 LAN and the Internet. A DMZ prevents direct access by outside users to private data.

For example, you can set up a web server on a DMZ computer to enable outside users to access your website without exposing confidential data on your network.

A DMZ can also be useful to play interactive games that may have a problem running through a firewall. You can leave a computer used for gaming only exposed to the Internet while protecting the rest of your network. For more information, see “Gaming Configuration Guidelines”.

Port Triggering

When you run an application that accesses the Internet, it typically initiates communications with a computer on the Internet. For some applications, especially gaming, the computer on the Internet also initiates communications with your computer. Because NAT does not normally allow these incoming connections:

• The SBG940 has preconfigured port triggers for common applications.

• If needed, you can configure additional port triggers on the Gateway > PORT TRIGGERS — custom Page.

Wireless Security

Because WLAN data is transmitted using radio signals, it may be possible an unauthorized person to access your WLAN unless you prevent them from doing so. To prevent unauthorized eavesdropping of data transmitted over

your LAN, you must enable wireless security. The default SBG940 settings neither provide security for transmitted data nor protect network data from unauthorized intrusions.

The SBG940 provides the following wireless security measures, which are described in “Setting Up Your Wireless

LAN”:

• To prevent unauthorized eavesdropping, you must encrypt data transmitted over the wireless interface using

one of:

— If all of your wireless clients support Wi-Fi

WPA (see “Configuring WPA on the SBG940” and “Configuring a Wireless Client for WPA”).

— Otherwise, configure a Wired Equivalency Privacy (WEP) key on the SBG940 and each WLAN client

(see “Configuring WEP on the SBG940” and “Configuring a Wireless Client for WEP”).

Protected Access (WPA) encryption, we recommend using

• To protect LAN data from unauthorized intrusions, you can restrict WLAN access to computers having one or

both of:

— Known MAC addresses (see “Configuring a MAC Access Control List on the SBG940”)

— The same unique network name (ESSID) as the SBG940 (see “Configuring the Wireless Network Name

on the SBG940” and “Configuring a Wireless Client with the Network Name (ESSID)”)

Restricting access to computers having the same network name is also called “disabling ESSID broadcasting” or “enabling closed network operation.”

Home

ExitPrint

13 SBG940 User Guide

Overview Installation Troubleshooting Contact FAQ Specifications Glossary License

Configuration: Basic Gateway TCP/IP Wireless USB

Port Forwarding

The SBG940 opens logical data ports when a computer on its LAN sends data, such as e-mail messages or web data, to the Internet. A logical data port is different from a physical port, such as an Ethernet port. Data from a protocol must go through certain data ports.

Some applications, such as games and videoconferencing, require multiple data ports. If you enable NAT, this can cause problems because NAT assumes that data sent through one port will return to the same port. You may need to configure port forwarding to run applications with special requirements.

To configure port forwarding, you must specify an inbound (source) port or range of ports. The inbound port opens only when data is sent to the inbound port and closes again after a specified time elapses with no data sent to it. You can configure up to 32 port forwarding entries using the Gateway > PORT FORWARDING — config Page.

Virtual Private Networks

The SBG940 supports multiple tunnel VPN pass-through operation to securely connect remote computers over the Internet. The SBG940:

• Is compatible with Point to Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP)

• Is fully interoperable with any IPSec client or gateway and ANX certified IPSec stacks