User Guide
SBG940 Wireless Cable
Modem Gateway
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
WARNING: T O PREVENT FIRE OR SHOCK HAZARD, DO NOT EXPOSE THIS PRODUCT TO RAIN OR
MOISTURE. THE UNIT MUST NOT BE EXPOSED TO DRIPPING OR SPLASHING. DO NOT PLACE OBJECTS
FILLED WITH LIQUIDS, SUCH AS VASES, ON THE UNIT.
CAUTION: TO PREVENT ELECTRIC SHOCK, THIS EQUIPMENT MAY REQUIRE A GROUNDING
CONDUCTOR IN THE LINE CORD. CONNECT THE UNIT TO A GROUNDING TYPE AC WALL OUTLET USING
THE POWER CORD SUPPLIED WITH THE UNIT.
CAUTION: THIS PRODUCT WAS QUALIFIED UNDER TEST CONDITIONS THAT INCLUDED THE USE OF
THE SUPPLIED CABLES BETWEEN SYSTEMS COMPONENTS. TO ENSURE REGULATORY AND SAFETY
COMPLIANCE, USE ONLY THE PROVIDED POWER AND INTERF ACE CABLES AND INSTALL THEM PROPERLY.
CAUTION: DIFFERENT TYPES OF CORD SETS MA Y BE USED FOR CONNECTIONS T O THE MAIN SUPPLY
CIRCUIT. USE ONLY A MAIN LINE CORD THAT COMPLIES WITH ALL APPLICABLE PRODUCT SAFETY
REQUIREMENTS OF THE COUNTRY OF USE.
CAUTION: INSTALLATION OF THIS PRODUCT MUST BE IN ACCORDANCE WITH NATIONAL WIRING
CODES AND CONFORM TO LOCAL REGULATIONS.
CAUTION: DO NOT OPEN THE UNIT . DO NOT PERFORM ANY SER VICING OTHER THAN THA T CONTAINED
IN THE INST ALLATION AND TROUBLESHOOTING INSTRUCTIONS. REFER ALL SERVICING TO QUALIFIED
SERVICE PERSONNEL.
CAUTION: CHANGES AND MODIFICATIONS NOT EXPRESSLY APPROVED BY MOTOROLA FOR
COMPLIANCE COULD VOID USER’S AUTHORITY TO OPERATE THE EQUIPMENT.
When using this device, basic safety precautions should always be followed to reduce the risk of fire, electric
shock and injury to persons, including the following:
• Read all of the instructions listed here and/or in the user manual before you operate this equipment. Give
particular attention to all safety precautions. Retain the instructions for future reference.
• This device must be installed and used in strict accordance with manufacturer’s instructions as described in
the user documentation that comes with the product.
• Comply with all warning and caution statements in the instructions. Observe all warning and caution symbols
that are affixed to this equipment.
• Comply with all instructions that accompany this equipment.
• Do not overload outlets or extension cords, as this can result in a risk of fire or electric shock. Overloaded AC
outlets, extension cords, frayed power cords, damaged or cracked wire insulation, and broken plugs are
dangerous. They may result in a shock or fire hazard.
• Route power supply cords so that they are not likely to be walked on or pinched by items placed upon or
against them. Pay particular attention to cords where they are attached to plugs and convenience
receptacles, and examine the point where they exit from the product.
• Place this equipment in a location that is close enough to an electrical outlet to accommodate the length of
the power cord.
• Place unit to allow for easy access when disconnecting the power cord of the device from the AC wall outlet.
• Do not connect the plug into an extension cord, receptacle, or other outlet unless the plug can be fully
inserted with no part of the blades exposed.
• Place this equipment on a stable surface.
SBG940 User Guide ii
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
• Postpone cable modem installation until there is no risk of thunderstorm or lightning activity in the area.
• Avoid using this product during an electrical storm. There may be a risk of electric shock from lightning. For
added protection for this product during a lightning storm, or when it is left unattended and unused for long
periods of time, unplug it from the wall outlet, and disconnect the cable system. This will prevent damage to
the product due to lightning and power surges.
• It is recommended that the customer install an AC surge protector in the AC outlet to which this device is
connected. This is to avoid damaging the equipment by local lightning strikes and other electrical surges.
• Do not cover the device, or block the airflow to the device with any other objects. Keep the device away from
excessive heat and humidity and keep the device free from vibration and dust.
• Wipe the unit with a clean, dry cloth. Never use cleaning fluid or similar chemicals. Do not spray cleaners
directly on the unit or use forced air to remove dust.
• Avoid damaging the cable modem with static by touching the coaxial cable when it is attached to the earth
grounded coaxial cable TV wall outlet.
• Always first touch the coaxial cable connector on the cable modem when disconnecting or re-connecting USB
or Ethernet cable from the cable modem or the user’s PC.
• Operate this product only from the type of power source indicated on the product’s marking label. If you are
not sure of the type of power supplied to your home, consult your dealer or local power company.
• Upon completion of any service or repairs to this product, ask the service technician to perform safety checks
to determine that the product is in safe operating condition.
Caring for the Environment by Recycling
When you see this symbol on a Motorola product, do not dispose of the product with residential or
commercial waste.
Recycling your Motorola Equipment
Please do not dispose of this product with your residential or commercial waste. Some countries or
regions, such as the European Union, have set up systems to collect and recycle electrical and
electronic waste items. Contact your local authorities for information about practices established for
your region. If collection systems are not available, call Motorola Customer Service for assistance.
SBG940 User Guide iii
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Be sure that the outside cable system is grounded, so as to provide some protection against voltage surges and
built-up static charges. Article 820-20 of the NEC (Section 54, Part I of the Canadian Electrical Code) provides
guidelines for proper grounding and, in particular, specifies the CATV cable ground shall be connected in the
grounding system of the building, as close to the point of cable entry as practical.
Apparaten skall anslutas till jordat uttag när den ansluts ett näverk.
FCC Compliance Class B Digital Device
This device complies with part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This
device may not cause harmful interference, and (2) this device must accept any interference received, including
interference that may cause undesired operation.
Note: This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to
part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference
in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not
installed and used in accordance with the instructions, may cause harmful interference to radio communications.
However, there is no guarantee that interference will not occur in a particular installation. If this equipment does
cause harmful interference to radio or television reception, which can be determined by turning the equipment off
and on, the user is encouraged to try to correct the interference by one or more of the following measures:
• Reorient or relocate the receiving antenna.
• Increase the separation between the equipment and receiver.
• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
• Consult the dealer or an experienced radio/TV technician for help.
SBG940 User Guide iv
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
FCC Certification
This product contains a radio transmitter and accordingly has been certified as compliant with 47 CFR Part 15 of
the FCC Rules for intentional radiators. Products that contain a radio transmitter are labeled with FCC ID and the
FCC logo.
CAUTION: Exposure to Radio Frequency Radiation.
T o comply with the FCC RF exposure compliance requirements, the separation distance between the antenna and
any person’s body (including hands, wrists, feet and ankles) must be at least 20 cm (8 inches).
Canada - Industry Canada (IC)
The wireless radio of this device complies with RSS 210 and RSS 102 of Industry Canada.
This Class B digital device complies with Canadian ICES-003.
Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.
To prevent radio interference to the licensed service, this device is intended to be operated indoors and away from
windows to provide maximum shielding. Equipment (or its transmit antenna) that is installed outdoors is subject to
licensing.
This device has been designed to operate with an antenna having a maximum gain of 9 dBi. Antenna having a
higher gain is strictly prohibited per regulations of Industry Canada. The required antenna impedance is 50 ohms.
To reduce potential radio interference to other users, the antenna type and its gain should be so chosen that the
equivalent isotropically radiated power (EIRP) is not more than that required for successful communication.
Only use the antenna(s) provided with this product or an antenna approved by Motorola.
Regulatory, Safety, Software License, and Warranty Information Card
This product is provided with a separate Regulatory, Safety, Software License, and Warranty Information card. If
one is not provided with this product, please ask your service provider or point-of-purchase representative, as the
case may be.
• THIS PRODUCT IS IN COMPLIANCE WITH ONE OR MORE OF THE STANDARDS LISTED ON THE
REGULATORY, SAFETY, SOFTWARE LICENSE, AND WARRANTY INFORMATION CARD. NOT ALL
STANDARDS APPLY TO ALL MODELS.
• NO WARRANTIES OF ANY KIND ARE PROVIDED BY MOTOROLA WITH RESPECT T O THIS PRODUCT,
EXCEPT AS STATED ON THE REGULATORY, SAFETY, SOFTWARE LICENSE, AND WARRANTY
INFORMATION CARD. MOTOROLA’S WARRANTIES DO NOT APPLY TO PRODUCT THAT HAS BEEN
REFURBISHED OR REISSUED BY YOUR SERVICE PROVIDER.
Copyright © 2005 by Motorola, Inc.
All rights reserved. No part of this publication may be reproduced in any form or by any means or used to make any derivative work (such as
translation, transformation or adaptation) without written permission from Motorola, Inc.
Motorola reserves the right to revise this publication and to make changes in content from time to time without obligation on the part of Motorola
to provide notification of such revision or change. Motorola provides this guide without warranty of any kind, either implied or expressed,
including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Motorola may make improvements or
changes in the product(s) described in this manual at any time.
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. Microsoft, Windows, Windows Me, Windows NT, and
Xbox are registered trademarks and
used by permission of Microsoft Corporation.
trademark of Iomega Corporation. Linux is a registered trademark of Linus Torvalds. Acrobat Reader is a registered trademark of Adobe Systems,
Inc. Netscape and Navigator are registered trademarks of
Computer Entertainment Inc.
trademark of the Wi-Fi Alliance. All other
Windows XP and Xbox Live are trademarks of
Macintosh and AppleTalk are registered trademarks
UNIX is a registered trademark of the Open Group in the United States and other countries. Wi-Fi is a registered
product or service names are the property of their respective owners.
Netscape Communications Corporation
Microsoft Corporation. Microsoft Windows screen shots are
of Apple Computer, Inc. Iomega is a registered
. PlayStation is a registered trademark of
Sony
SBG940 User Guide v
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Contents
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
Easy Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
Network Connection Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
Powerful Features in a Single Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Sample Hybrid LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Optional Accessories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
Front Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
Rear Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
Label on the Bottom of the SBG940 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
SBG940 LAN Choices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Wireless LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
Wired Ethernet LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
USB Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
DMZ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Port Triggering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Wireless Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Port Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Virtual Private Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Precautions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Signing Up for Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Computer System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
Connecting the SBG940 to the Cable System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Cabling the LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Obtaining an IP Address for Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Obtaining an IP Address in Windows 98, Windows 98 SE, or Windows Me . . . . . . . . . . . . . . . .20
Obtaining an IP Address in Windows 2000 or Windows XP . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Obtaining an IP Address on a Macintosh or UNIX Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Connecting a PC to the USB Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
Wall Mounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22
Wall Mounting Template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
SBG940 User Guide vi
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Basic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Starting the SBG940 Setup Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Changing the Default Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28
Enabling Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
Getting Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Setting the Firewall Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
Firewall > POLICY — advanced Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Firewall > ALERT — basic Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
Firewall > ALERT — email Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
Firewall > LOGS Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37
Gaming Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38
Configuring the Firewall for Gaming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38
Configuring Port Triggers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Configuring a Gaming DMZ Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39
Configuring the Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40
Gateway > STATUS Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41
Gateway > WAN Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42
Gateway > LAN — nat config Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
Gateway > LAN — dhcp server config Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45
Gateway > LAN — dhcp leases Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46
Gateway > PORT FORWARDING — status Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47
Gateway > PORT FORWARDING — config Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48
Gateway > PORT TRIGGERS — predefined Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49
Gateway > PORT TRIGGERS — custom Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51
Gateway > LOG Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52
Configuring TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53
Configuring TCP/IP in Windows 98, Windows 98 SE, or Windows Me . . . . . . . . . . . . . . . . . . . . . .53
Configuring TCP/IP in Windows 2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56
Configuring TCP/IP in Windows XP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60
Verifying the IP Address in Windows 98, Windows 98 SE, or Windows Me . . . . . . . . . . . . . . . . . .64
Verifying the IP Address in Windows 2000 or Windows XP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65
Setting Up Your Wireless LAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67
Encrypting Wireless LAN Transmissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68
Configuring WPA on the SBG940 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69
Configuring WEP on the SBG940 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71
SBG940 User Guide vii
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Restricting Wireless LAN Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73
Configuring the Wireless Network Name on the SBG940 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74
Configuring a MAC Access Control List on the SBG940 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76
Configuring the Wireless Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77
Configuring a Wireless Client for WPA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78
Configuring a Wireless Client for WEP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78
Configuring a Wireless Client with the Network Name (ESSID) . . . . . . . . . . . . . . . . . . . . . . . . . .78
Wireless Pages in the SBG940 Setup Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79
Wireless > STATUS Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80
Wireless > NETWORK Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .81
Wireless > SECURITY — basic Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83
Wireless > SECURITY — advanced Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84
Wireless > STATISTICS page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .87
Front-Panel Lights and Error Conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88
Setting Up a USB Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89
Setting Up a USB Driver in Windows 98 Second Edition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90
Setting Up a USB Driver in Windows 2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94
Setting Up a USB Driver in Windows Me . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .97
Setting Up a USB Driver in Windows XP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98
Removing the USB Driver from Windows 98 Second Edition or Windows Me . . . . . . . . . . . . . . . .99
Removing the USB Driver from Windows 2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101
Removing the USB Driver from Windows XP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103
Running the Motorola USB Driver Removal Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107
Contact Us. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109
Frequently-Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110
Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112
Glossary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114
Software License. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132
SBG940 User Guide viii
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Overview
Thank you for purchasing a Motorola® Wireless Cable Modem Gateway SBG940 for your home, home office, or
small business/enterprise. Applications where the Motorola SBG940 is especially useful in clude:
• Households having multiple computers requiring connection to the Internet and each other
• Small businesses or home offices requiring fast, affordable, and secure Internet access
• Internet gamers desiring easier setup for:
— Programs such as DirectX
— Sites such as MSN Games by Zone.com or Battle.net
• Video conferencing
®
7 or DirectX® 8
®
The features and physical appearance of your SBG940 may differ slightly from the picture.
A home network enables you to share information between two or more computers. You can connect your home
network to the Internet through the cable TV system. The SBG940 is the central connection point between your
computers and the Internet. It directs (routes) information between the computers connected to your home
network. A built-in cable modem transmits information between your home network and the Internet. An SBG940:
• Combines four separate products — a DOCSIS
Ethernet 10/100Base-T connections, and firewall — into one compact unit
®
cable modem, IEEE 802.11g wireless access point,
• Enables you to create a custom network sharing a single broadband connection, files, and peripherals, with
or without wires
• Has an advanced firewall for enhanced network security for wired and wireless users
• Provides easy setup
This product is subject to change. Not all features described in this guide are available on all SBG940 models.
For the most recent documentation, visit the Cable Modems and Gateways page on the Motorola website:
http://broadband.motorola.com/.
SBG940 User Guide 1
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Easy Setup
It is much easier to configure a local area network (LAN) using an SBG940 than using traditional networking
equipment:
• The Installation Assistant application on the SBG940 Installation CD-ROM enables easy connection to the
cable network.
• For basic operation, most default settings require no modification.
• The Setup Program provides a graphical user interface (GUI) for easy configuration of necessary wireless,
Ethernet, router, DHCP, and security settings. For information about using the Setup Program, see “Basic
Configuration”.
Network Connection Types
The SBG940 provides different network connection types for yo ur computers to exchange data. The connection
between your computers and the SBG940 may be with a wireless or a wired connection or a combination of the
two. Your network can use one or any combination of all the following network connections:
• Ethernet local area network (LAN)
• Wireless LAN (IEEE 802.11g that also supports IEEE 802.11b wireless clients)
• Universal Serial Bus (USB)
SBG940 User Guide 2
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Powerful Features in a Single Unit
An SBG940 combines high-speed Internet access, networking, and computer security for a ho me or small-office
LAN. An SBG940 provides:
• An integrated high-speed cable modem for continuous broadband access to the Internet and other online
services with much faster data transfer than traditional dial-up or ISDN modems
• A single broadband connection for up to 253 computers to surf the web; all computers on the LAN
communicate as if they were connected to the same physical network
• An IEEE 802.11g wireless access point to enable laptop users to remain connected while moving around the
home or small office or to connect desktop computers without installing network wiring. Depending on
distance, wireless connection speeds can match that of Ethernet.
• A USB connection for a single PC
• Four 10/100Base-T Ethernet uplink ports supporting half- or full-duplex connections and Auto-MDIX
• Routing for a wireless LAN (WLAN) or a wired Ethernet LAN; you can connect more than four computers
using hubs and/or switches
• A built-in DHCP server to easily configure a combined wired and/or wireless Class C private LAN
• An advanced firewall supporting stateful-inspection, intrusion detection, DMZ, denial-of-service attack
prevention, and Network Address Translation (NAT)
• Virtual private network (VPN) pass-through operation supporting IPSec, PPTP, or L2TP to securely connect
remote computers over the Internet
• Port Forwarding to configure ports to run applications having special network requirements
SBG940 User Guide 3
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Sample Hybrid LAN
The sample LAN illustrated on this page contains the following devices, al l protect ed by the SBG940 firewall.
Clockwise from top-right, the devices are:
• A PDA on a wireless connection
• One desktop Apple Macintosh
• One desktop PC on a wireless connection using a Motorola Wireless PCI Adapter
• A laptop PC on a wireless connection using a Motorola Wireless Notebook Adapter
• One PC connected to the USB port
• Three computers connected to Ethernet port one using a hub or switch
• One computer connected directly to Ethernet port two
®
computer on a wireless connection
Internet
SBG940
Ethernet
High-speed HFC
cable network
Wireless
Firewall
To AC
power
USB
Hub or switch
SBG940 User Guide 4
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Optional Accessories
All networks are composed of multiple devices. The SBG940 works with any IEEE 802.11g or IEEE 802.11b
compliant client product. Motorola supplies a range of accessories for use with the SBG940. Some examples are:
Wireless Ethernet
Bridge WE800G
Wireless Notebook
Adapter WN825G
For up-to-date information about accessories and home networking options, including product documentation,
visit the Motorola Home Networking page http://broadband.motorola.com/consumers/home_networking.asp.
Wireless USB
Adapter WU830G
Ethernet Broadband
Router BR700
Wireless PCI Adapter
WPCI810G
SBG940 User Guide 5
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Front Panel
The front panel provides indicator lights. The display is dark unless there is a connection or activity on an
interface:
123
4
68
5
7
Key Light Flashing On
1 Never flashes The AC power is connected properly
2 DS Scanning for a receive (downstream)
channel connection
3 US Scanning for a send (upstream) channel
connection
4 ONLINE Scanning for a net wo rk connection The startup process is comp le te and the SBG940
5 Transmitting or receiving data over
the Internet
6 Ethernet activity on the port (1 to 4) There is a connection to the port (1 to 4):
7 USB activity Lights green if there is a proper USB connection
8 Wireless activity The wireless interface is on (Enable Wireless
SBG940 User Guide 6
The downstream channel is connected
The upstream channel is connected
is online
Is never lit solid
• Green for 100Base-T
• Yellow for 10Base-T
Interface is selected on the Wireless > NETWORK
Page in the SBG940 Setup Program)
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Rear Panel
The rear panel provides cabling connectors, status lights, and the power receptacle:
2345671
Key Item Description
1 An adjustable, but non-removable antenna. Do not attempt to force this antenna off the unit.
2 Use any Ethernet port to connect an Ethernet LAN cable with RJ-45 connectors to an
Ethernet-equipped computer, hub, bridge, switch or Xbox or PlayStation
3 For Windows only, use the USB port for Connecting a PC to the USB Port. You cannot connect the
SBG940 USB port to a Macintosh or UNIX
4
5 Use the cable connector to connect to the coaxial cable outlet.
6 Removable, adjustable antenna. If necessary, contact your cable provider about obtaining an optional
7 Use the AC connector to connect to the AC power outlet.
RESET If you experience a problem, you can push this recessed button to restart the SBG940 (see
“Troubleshooting”). To reset all values to their defaults, hold down the button for more than five
seconds
appropriate communications channels.
Motorola wireless high gain antenna to increase WLAN performance and coverage.
. Resetting may take 5 to 30 minutes because the SBG940 must find and lock on the
®
computer.
®
2 gaming console.
SBG940 User Guide 7
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Label on the Bottom of the SBG940
To receive data service, you need to provide the MAC address marked HFC MAC ID to your cable provider:
HFC MAC ID
SBG940 LAN Choices
The SBG940 enables you to connect up to 253 client computers on a combination of:
• Wireless LAN
• Wired Ethernet LAN
• USB Connection
Each computer needs appropriate network adapter hardware and driver software. The clients on the Ethernet,
wireless, or USB interfaces can share:
• Internet access with a single cable provider account, subject to cable provider terms and conditions
• Files, printers, storage devices, multi-user software applications, games, and video conferencing
Wireless and wired network connections use Windows networking to share files and peripheral devices such as
printers, CD-ROM drives, floppy disk drives, and Iomega
®
Zip Drives.
SBG940 User Guide 8
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Wireless LAN
Wireless communication occurs over radio waves rather than a wire. Like a cordless telephone, a WLAN uses
radio signals instead of wires to exchange data. A wireless network eliminates the need for expensive and
intrusive wiring to connect computers throughout the home or office. Mobile users can remain connected to the
network even when carrying their laptop to different locations in the home or office.
Each computer on a WLAN requires a wireless adapter shown in “Optional Accessories”:
Laptop PCs Use a Motorola Wireless Notebook Adapter or compatible product in the PCMCIA slot.
Desktop PCs Use a Motorola Wireless PCI Adapter, Wireless USB Adapter, or compatible product in the PCI slot or
USB port, respectively.
Sample wireless network connections
To AC
power
SBG940
Computer with wired
connection used to
run SBG940
Setup Program
To set up the SBG940, on a computer wired to the SBG940 over Ethernet or USB, perform the procedures in
“Setting Up Your Wireless LAN”. Do not attempt to configure the SBG940 over a wireless connection.
Your maximum wireless operation distance depends on the type of materi als through which the signal must pass
and the location of your antennas and clients (stations). Motorola cannot guarantee wireless operation for all
supported distances in all environments.
An optional Motorola high gain antenna can improve wireless performance. For information abo ut available
optional antennas for your SBG940, contact your cable provider.
SBG940 User Guide 9
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Wired Ethernet LAN
Each computer on the 10/100Base-T Ethernet LAN requires an Ethernet network interface card (NIC) and driver
software installed. Because the SBG940 Ethernet port supports auto-MDIX, you can use straight-through or
cross-over cable to connect a hub, switch, or computer. Use category 5 cabling for all Ethernet connecti ons.
The physical wiring arrangement has no connection to the logical network allocation of IP addresses.
Sample Ethernet to computer connection
Coaxial
cable
To AC
power
Category 5 Ethernet cable
SBG940
SBG940 User Guide 10
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
A wired Ethernet LAN with more than four computers requires one or more hubs, switches, or routers. You can:
• Connect a hub or switch to any Ethernet port on the SBG940
• Use Ethernet hubs, switches, or routers to connect up to 253 computers to the SBG940
The following illustration is an example of an Ethernet LAN you can set up using the SBG940. Cable the LAN in an
appropriate manner for the site. A complete discussion of Ethernet cabling is beyond the scope of this document.
Sample Ethernet connection to hubs or switches
To AC
power
SBG940
Add additional hubs or switches
for further expansion
SBG940 User Guide 11
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
USB Connection
You can connect a single PC running Windows®98 Second Edition, Windows XP™, Windows Me®, or
Windows
®
2000 to the SBG940 USB V1.1 port. For cabling instructions, see “Connecting a PC to the USB Port”.
Caution!
Before plugging in the USB cable, be sure the SBG940 Installation CD-ROM is inserted in the PC
CD-ROM drive.
Sample USB connection
To AC
power
SBG940
SBG940 User Guide 12
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Security
The SBG940 provides:
• A firewall to protect the SBG940 LAN from undesired attacks over the Internet
• For wireless transmissions, data encryption and network access control
Network Address Translation (NAT) provides some security because the IP addresses of SBG940 LAN computers
are not visible on the Internet.
This diagram does not necessarily correspond to the network cabling. A full discussion of network security is
beyond the scope of this document.
SBG940 security measures shown in a logical network diagram
Internet
SBG940
DMZ computer
Firewall
Wireless Security:
Encryption, MAC access control,
or closed network operation
ComputerComputer
Wired Ethernet LAN Wireless LAN
LaptopComputer PDA
Firewall
The SBG940 firewall protects the SBG940 LAN from undesired attacks and other intrusions from the Internet. It
provides an advanced integrated stateful-inspection firewall supporting intrusion de tection, session tracking, and
denial-of-service attack prevention. The firewall:
• Maintains state data for every TCP/IP session on the OSI network and transport layers
• Monitors all incoming and outgoing packets, applies the firewall policy to each one, and screens for improper
packets and intrusion attempts
• Provides comprehensive logging for all:
— User authentications
— Rejected internal and external connection requests
— Session creation and termination
— Outside attacks (intrusion detection)
You can configure the firewall filters to set rules for port usage. For information about choosing a predefined
firewall policy template, see “Setting the Firewall Policy”.
SBG940 User Guide 13
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
DMZ
A de-militarized zone (DMZ) is one or more computers logically located outside the firewall between an SBG940
LAN and the Internet. A DMZ prevents direct access by outside users to private data.
For example, you can set up a web server on a DMZ computer to enable outside users to access your website
without exposing confidential data on your network.
A DMZ can also be useful to play interactive games that may have a problem running through a firewall. You can
leave a computer used for gaming only exposed to the Internet while protecting the rest of your network. For more
information, see “Gaming Configuration Guidelines”.
Port Triggering
When you run an application that accesses the Internet, it typically initiates communications with a computer on
the Internet. For some applications, especially gaming, the computer on the Internet also initiates communications
with your computer. Because NAT does not normally allow these incoming connections:
• The SBG940 has preconfigured port triggers for common applications.
• If needed, you can configure additional port triggers on the Gateway > PORT TRIGGERS — custom Page.
Wireless Security
Because WLAN data is transmitted using radio signals, it may be possible for an unauthorized person to access
your WLAN unless you prevent them from doing so. T o prevent unauthorized eavesdropping of data transmitted
over your LAN, you must enable wireless security. The default SBG940 settings neither provide security for
transmitted data nor protect network data from unauthorized intrusions.
The SBG940 provides the following wireless security measures, which are described in “Setting Up Your Wireless
LAN”:
• To prevent unauthorized eavesdropping, you must encrypt data transmitted over the wireless interface using
one of:
— If all of your wireless clients support Wi-Fi
WPA (see “Configuring WPA on the SBG940” and “Configuring a Wireless Client for WPA”).
— Otherwise, configure a Wired Equivalency Privacy (WEP) key on the SBG940 and each WLAN client
(see “Configuring WEP on the SBG940” and “Configuring a Wireless Client for WEP”).
®
Protected Access (WPA) encryption, we recommend using
• To protect LAN data from unauthorized intrusions, you can restrict WLAN access to computers having one or
both of:
— Known MAC addresses (see “Configuring a MAC Access Control List on the SBG940”)
— The same u niq ue ne two rk nam e (ESSID) as the SBG940 (see “Configuring the Wireless Network Name
on the SBG940” and “Configuring a Wireless Client with the Network Name (ESSID)”)
Restricting access to computers having the same network name is also called “disabling ESSID broadcasting” or
“enabling closed network operation.”
SBG940 User Guide 14
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Port Forwarding
The SBG940 opens logical data ports when a computer on its LAN sends data, such as e-mail messages or web
data, to the Internet. A logical data port is different from a physical port, such as an Ethernet port. Data from a
protocol must go through certain data ports.
Some applications, such as games and videoconferencing, require multiple data ports. If you enable NAT, this can
cause problems because NAT assumes that data sent through one port will return to the same port. Y ou may need
to configure port forwarding to run applications with special requirements.
To configure port forwarding, you must specify an inbound (source) port or range of ports. The inbound port opens
only when data is sent to the inbound port and closes again after a specified time elapses with no data sent to it.
You can configure up to 32 port forwarding entries using the Gateway > PORT FORWARDING — config Page.
Virtual Private Networks
The SBG940 supports multiple tunnel VPN pass-through operation to securely connect remote computers over
the Internet. The SBG940:
• Is compatible with Point to Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP)
• Is fully interoperable with any IPSec client or gateway and ANX certified IPSec stacks
Related Documentation
The SBG940 Quick Installation Guide also provides information about using the SBG940.
For information about and documentation for Motorola home-networ king products, visit the Motorola Home
Networking page http://broadband.motorola.com/consumers/home_networking.asp.
SBG940 User Guide 15
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Installation
The following subsections provide information about installing the SBG940 hardware:
• Before You Begin
• Precautions
• Signing Up for Service
• Computer System Requirements
• Connecting the SBG940 to the Cable System
• Cabling the LAN
• Obtaining an IP Address for Ethernet
• Connecting a PC to the USB Port
• Wall Mounting
For information about WLAN setup, see “Setting Up Your Wireless LAN”.
Before You Begin
Before you begin the installation, check that you received the following items with your SBG940:
Item Description
Power cord Connects the SBG940 to the AC electrical outlet
10/100Base-T
Ethernet cable
USB cable Connects to the USB port
SBG940 Installation
CD-ROM
SBG940 Quick
Installation Guide
Y ou must have the latest service p acks and patches inst alled on your computer for your operating system. You will
need 75-ohm coaxial cable with F-type connectors to connect the SBG940 to the nearest cable outlet. If a TV is
connected to the cable outlet, you may need a 5 to 900 MHz RF splitter and two additional coaxial cables to use
both the TV and the SBG940.
Determine the connection types you will make to the SBG940. Check that you have the required cables, adapters,
and adapter software. You may need:
Wireless LAN Wireless
Accessories”)
adapter and driver software for each computer having a wireless connection (see “Optional
Connects to the Ethernet port
Contains this User Guide and USB drivers
Contains basic information to get started with the SBG940
Wired Ethernet
LAN
USB A USB cable and the SBG940 Installation CD-ROM containing the software for USB installation
Coaxial cable, RF splitters, hubs, and switches are available at consumer electronic stores.
SBG940 User Guide 16
Ethernet cables and network interface cards (NICs) with accompanying installation software
To connect more than four computers to the SBG940, one or more Ethernet hubs or switches
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Precautions
Postpone SBG940 installation until there is no risk of thunderstorm or lightning activity in the area.
To avoid damaging the SBG940 or computers with static electricity:
Always make the wall connection first.
Before you connect or disconnect the USB or
Ethernet cables, always touch the coaxial cable
connector on the SBG940.
To avoid potential shock, always unplug the power cord from the wall outlet or other power source before
disconnecting it from the SBG940 rear panel.
To prevent overheating the SBG940, do not block the ventilation holes on the sides of the unit.
Do not open the unit. Refer all service to your cable provider.
Wipe the unit with a clean, dry cloth. Never use cleaning fluid or similar chemicals. Do not spray cleaners directly
on the unit or use forced air to remove dust.
Signing Up for Service
You must sign up with a cable provider to access the Internet and other online services.
To activate your service, call your local cable provider.
You need to provide the MAC address marked HFC MAC ID printed on the Label on the Bottom of the SBG940.
You can record it in the SBG940 Quick Installation Guide.
You should ask your cable provider the following questions:
• Do you have any special system requirements?
• When can I begin to use my SBG940?
• Are there any files I need to download after I am connected?
• Do I need a user name or password to access the Internet or use e-mail?
SBG940 User Guide 17
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Computer System Requirements
You can connect Microsoft Windows, Macintosh, UNIX®, or Linux® computers equipped as follows to the
SBG940 LAN:
• One of the following:
Ethernet 10Base-T or 10/100Base-T Ethernet adapter with proper driver software installed.
Wireless Any IEEE 802.11g or IEEE 802.11b device. For information about the Motorola WN825G
Wireless Card (PCMCIA type II 3.3 V slot) or WPCI810G Wireless Adapter, see “Optional
Accessories”.
• PC with Pentium class or better processor
®
• Windows
or Linux
• Minimum 16 MB RAM recommended
• 10 MB available hard disk space
You can use any web browser such as Microsoft® Internet Explorer or Netscape Navigator® with the SBG940.
Windows
98, Windows® 98 SE, Windows Me®, Windows® 2000, Windows XPTM, Windows NT®, Macintosh,
®
operating system with operating system CD-ROM available.
®
95 is not supported by the SBG940.
Windows 98, Windows NT, UNIX, Linux, or Macintosh computers must use the Ethernet connection.
Y ou can use the USB connection with any PC running Windows 98 Second Edition, Windows 2000, Windows Me,
or Windows XP that has a USB interface. The USB connection requires special USB driver software that is
supplied on the SBG940 Installation CD-ROM. You can upgrade your USB drivers from the Motorola Downloads
page http://broadband.motorola.com/noflash/usb_drivers.asp.
SBG940 User Guide 18
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Connecting the SBG940 to the Cable System
1 Be sure the computer is on and the SBG940 is unplugged.
2 Connect one end of the coaxial cable to the cable outlet or splitter.
3 Connect the other end of the coaxial cable to the cable conne ctor on the SBG940.
Hand-tighten the connectors to avoid damaging them.
4 Insert the SBG940 Installation CD-ROM into the CD-ROM drive.
5 Plug the power cord into the power connector on the SBG940.
6 Plug the power cord into the electrical outlet. This turns the SBG940 on. You do not need to unplug it when
not in use. The first time you plug in the SBG940, allow 5 to 30 minutes to find and lock on the appropriate
communications channels.
Step 2
To AC power
(steps 5 to 6)
Step 3
7 Check that the lights on the front panel cycle through this sequence:
Turns on when AC power is connected to the SBG940. Indi cat es t hat the po we r i s conne cte dproperly .
DS Flashes while scanning for the downstream rece ive channel. Changes t o solid green when the receive
channel is locked.
US Flashes while scanning for the upstream send channel. Changes to solid gre en when the send
channel is locked.
ONLINE Flashes during SBG940 registration and configuration. Changes to solid green when the SBG940
is registered.
Flashes when the SBG940 is transmitting or receiving data over the Internet.
Cabling the LAN
After connecting to the cable system, you can connect your wired Ethernet LAN. Some samples are shown in
“Wired Ethernet LAN”. On each networked computer, you must install proper drivers for the Ethernet adapter.
Detailed information about network cabling is beyond the scope of this document.
SBG940 User Guide 19
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Obtaining an IP Address for Ethernet
Obtaining an IP Address in Windows 98, Windows98 SE, or Windows Me
You must do the following on each Ethernet client PC running Windows 98, Windows 98 SE, or Windows Me :
1 On the Windows Desktop, click Start.
2 Select Run. The Run window is displayed.
3 Type winipcfg.exe and click OK. The IP Configuration window is displayed:
4 Click the Renew button to obtain an IP address for the PC from the DHCP server on the SBG940.
Obtaining an IP Address in Windows 2000 or Windows XP
You must do the following on each Ethernet client PC running Windows 2000 or Windows XP:
1 On the Windows Desktop, click Start.
2 Select Run. The Run window is displayed.
3 Type cmd and click OK to display a command prompt window.
4 Type ipconfig /renew and press ENTER to obtain an IP address for the PC from the DHCP server on the
SBG940.
5 Type exit and press ENTER to return to Windows.
Obtaining an IP Address on a Macintosh or UNIX Systems
Follow the instructions in your user manual.
SBG940 User Guide 20
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Connecting a PC to the USB Port
You can connect a single PC running Windows 98 Second Edition, Windows XP, Windows Me, or Windows 2000
to the SBG940 USB port.
Caution!
Before plugging in the USB cable, be sure the SBG940 Installation CD-ROM is inserted in the PC
CD-ROM drive.
To connect a PC to the USB port:
1 Insert the SBG940 Installation CD-ROM in the CD-ROM drive.
2 Install the USB driver following the appropriate procedure for “Setting Up a USB Driver”.
3 Connect the USB cable to the USB port on the SBG940 Rear Panel.
4 Connect the other end to the USB port on the computer.
Step 3
Step 1
To AC
power
Step 4
SBG940 User Guide 21
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Wall Mounting
If you mount the unit on the wall, you must:
• Locate the unit as specified by the local or national codes governing residential or business cable TV and
communications services.
• Follow all local standards for installing a network interface unit/network interface device (NIU/NID).
If possible, mount the unit to concrete, masonry, a wooden stud, or other very solid wall material. Use anchors if
necessary; for example, if you must mount th e un it on drywall.
To mount your SBG940 on the wall:
1 Print the Wall Mounting Template on page 24.
Go to page 24 and click the Print icon or choose Print from the File menu to display the Print dialog box.
(The following image is from Adobe Acrobat Reader
slight differences in your version.)
Select this to print
page 24 only.
Be sure you print the template at 100% scale. Be sure Fit to page is not selected.
To print the template only, select Current page as the Print Range.
Click the OK button to print the template.
®
version 4.0 running on Windows 2000; there may be
Be sure this is
not selected.
2 Measure the printed template with a ruler to ensure that it is the correct size.
3 Use a center punch to mark the center of the holes.
4 On the wall, locate the marks for the mounting holes.
Caution!
Before drilling holes, check the structure for potential damage to water, gas, or electric lines.
5 Drill the holes to a depth of at least 1
SBG940 User Guide 22
1
/2 inches (3.8 cm).
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
6
If necessary, seat an anchor in each hole.
1
Use M5 x 38 mm (#10-16 x 1
10.5 mm to mount the SBG940.
/2 inch) screws with a flat underside and maximum screw head diameter of
7 Using a screwdriver, turn each screw until part of it protrudes from the wall, as shown:
• There must be .16 inches (4.0 mm) between the wall and the underside of the screw head.
• The maximum distance from the wall to the top of the screw head is 7.6 mm (.3 in).
.3 inches (7.6 mm) maximum
.4 inches (10.5 mm) maximum
.16 inches (4.0 mm)
8 Place the SBG940 so the keyholes on the back of the unit are aligned above the mounting screws.
Be sure you do not damage the antennas.
9 Slide the SBG940 down until it stops against the top of the keyhole openin g.
SBG940 User Guide 23
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Wall Mounting Template
You can print this page to use as a wall mounting template.
Be sure you print it at 100% scale. In Acrobat Reader, be sure
that Fit To Page is not selected in the Print dialog box.
Measure the printed template with a ruler to ensure that it is
the correct size.
6.79 in.
17.24 cm.
SBG940 User Guide 24
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Basic Configuration
The following sections provide information about basic SBG940 configuration:
• Starting the SBG940 Setup Program
• Changing the Default Password
• Getting Help
• Setting the Firewall Policy
• Gaming Configuration Guidelines
For more advanced configuration information, see “Configuring TCP/IP”, “Setting Up Your Wireless LAN”, or
“Setting Up a USB Driver”.
For normal operation, you do not need to change most default settings. The following caution statements
summarize the issues you must be aware of:
Caution!
To prevent unauthorized configuration, change the default password immediately when you first
configure the SBG940. See “Changing the Default Password”.
Firewalls are not foolproof. Choose the most secure firewall policy you can. See “ Setting the
Firewall Policy”.
If you are using a wired LAN only and have no wireless clients, be sure you disable the wireless
interface by turning off Enable Wireless Interface on the Wireless > NETWORK Page.
For a wireless LAN only, be sure you follow the instructions in “Setting Up Your Wireless LAN”.
SBG940 User Guide 25
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Starting the SBG940 Setup Program
1 On a computer wired to the SBG940 over Ethernet or USB, open a web browser. Do not attempt to configure
the SBG940 over a wireless connection.
2 In the Address or Location field, type http://192.168.100.1 or http://192.168.0.1 and press ENTER to display
the Log In window:
3 In the User ID field, type the User Name; the default is “admin” (this field is case sensitive).
4 In the Password field, type the Password; the default is “motorola” (this field is case sensitive).
SBG940 User Guide 26
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
5
Click Log In to display the SBG940 user configuration and status windows:
Click To Perform
Cable Configure and monitor the cable system connection.
Gateway Configure and monitor the gateway preferences (see “Configuring the Gateway”).
Wireless Configure and monitor the wireless interface (see “Setting Up Your Wireless LAN”).
Firewall Configure and monitor the firewall (see “Setting the Firewall Policy”).
Admin Changing the Default Pa ssword.
Info Display information about the
Reboot Restart the SBG940. It is the same as pressing the reset button on the Rear Panel for less than five
seconds.
Log Out Log out of the SBG940.
If you have difficulty starting the SBG940 Setup Program, see “Troubleshooting” for information.
Router is a configuration option that may appear on your window but may not be supported.
For some settings, after you edit the field and click Apply, you are warned that you must reboot your SBG940
for your change to take effect. Rebooting takes 10 to 15 seconds. After rebooting, you must log in again.
SBG940 Setup Program.
SBG940 User Guide 27
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Changing the Default Password
Caution!
To prevent unauthorized configuration, change the default password immediately when you first
configure the Motorola SURFboard Wireless Cable Modem Gateway.
To change the default password:
1 On the SBG940 Setup Program left panel, click Admin to display the ADMIN — basic page:
2 In the Old Password field, type the old password. The default password is “motorola” (this fi eld is case
sensitive).
3 In the New Password field, type the new password (this field is case sensitive).
4 In the Verify Password field, type the new password again (this field is case sensitive).
5 Click Apply to apply your changes.
SBG940 User Guide 28
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Enabling Remote Access
You can enable remote access to the SBG940 over the Internet. You must know the userid, password, and
public IP address assigned to your SBG940 to run the Setup Program over the Internet. Remote access is
provided using a web browser on the remote client and connecting to the SBG940 web server.
To enable remote access to the SBG940:
1 On the SBG940 Setup Program left panel, click Admin to display the ADMIN — basic page.
2 Click advanced to display the ADMIN — advanced page.
3 Click the box next to Enable remote access to enable it.
4 Click Apply to apply your change.
Caution!
Enabling remote access makes it possible for Internet users not on your network to log on to your SBG940
and view or modify your network settings. We recommend that you not enable remote access unless you
need to do so. As soon as you no longer require remote access, we recommend that you disable it .
SBG940 User Guide 29
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Getting Help
To get help on any underlined item or field, click the text. For example, if you click a field or the help button on the
ADMIN — basic page, the following help is displayed:
This button also displays
help for the window.
You can scroll to browse the help or click an ot h er it e m to disp l ay he l p for th at ite m.
SBG940 User Guide 30
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Setting the Firewall Policy
The SBG940 firewall protects the SBG940 LAN from undesired attacks and other intrusions from the Internet. This
section describes using the Firewall > POLICY — basic page to
templates provided with the SBG940.
Caution!
Firewalls are not foolproof. Choose the most secure firewall policy you can. To enable easy network
setup, the default firewall policy is None, which provides no security.
To select a predefined policy for all packets processed by the SBG940 firewall:
1 On the SBG940 Setup Program left panel, click Firewall.
2 Click POLICY.
3 Click basic to display the predefined firewall policy templates:
choose one of the predefined firewall policy
4 Select the most secure firewall policy you can:
High The safest predefined firewall policy t emplate, prov iding th e highest securit y. We recommend this setting.
Medium A predefined firewall policy template providing a common configuration having modest risk.
Low A predefined firewall policy template providing minimum security, with a higher risk of intrusions.
Custom You may need to create a custom firewall policy on the Firewall > POLICY — advanced Pa ge. Do not
create a custom policy unless you have the necessary expertise and the need to do so.
None Disables the firewall. To enable easy network setup, it is the default. After you set up your network, use
High, Medium, or Low to improve your security.
SBG940 User Guide 31
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
5
Click Apply to apply your changes.
After you edit some fields and click Apply, you are warned that you must reboot your SBG940 for your change
to take effect. Rebooting takes 10 to 15 seconds. After rebooting, you must log in again.
If you have the need, you can:
• View the rules for the High, Medium, or Low predefined policy templates or create a custom policy on the
Firewall > POLICY — advanced Page
• Configure a firewall alert on Firewall > ALERT — basic Page and Firewall > ALERT — email Page
• View the firewall logs on the Firewall > LOGS Page
For information about how the firewall can affect gaming, see “Gaming Configuration Guidelines”.
The predefined policies provide outbound Internet access for computers on the SBG940 LAN. The SBG940
firewall uses stateful inspection to allow inbound responses when there already is an outbound session running
corresponding to the data flow. For example, if you use a web browser, outbound HTTP connections are permitted
on port 80. Inbound responses from the Internet are allowed because an outbound session is established.
When required, you can configure the SBG940 firewall to allow inbound packets without first establishing an
outbound session. You also need to configure a port forwarding entry on the
Gateway > PORT FORWARDING — config Page or a DMZ client on the Gateway > LAN — nat config Page.
SBG940 User Guide 32
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Firewall > POLICY — advanced Page
Do not create a custom firewall policy unless you have the necessary expertise and the need to do so. Instead,
select one of the predefined policy templates as described in “Setting the Firewall Policy”.
To create a custom firewall policy, first select Custom and click Apply on the Firewall > POLICY — ba s ic Page.
Then use this page to configure a custom firewall policy:
To base the custom policy on a predefined firewall policy template, choose High, Medium, or Low in the Policy
Template field and click Apply Policy Template.
SBG940 User Guide 33
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
.
Firewall > POLICY — advanced page fields
Field Description
NEW FILTER ENTRY Use these fields to set up one or more custom firewall filters, if you have the necessary
expertise.
Port ID Type the protocol being filtered.
Enable Select this box to enable firewall policy filtering for the port.
Allowed Protocol Select the allowed protocols from the drop-down list.
Port Range (From: To:) Sets the port range, which must contain all ports required by the protocol.
Protocol Number Sets the protocol number of the IP packets to allow.
Allow Inbound Enables you to specify the port(s) on which inbound packets can pass through the firewall
from the Internet to your LAN.
Allow Outbound Enables you to specify the port(s) on which outbound packets can pass through the
firewall from your LAN to the Internet. Stateful inspection ensures appropriate responses
for outbound sessions.
Add Click to add the new filter. It is displayed on the FIREWALL POLICY table.
FIREWALL POLICY Table Lists your custom firewall filters.
Enable Select this box to enable firewall policy filtering for the port.
Delete Select the Delete box to delete the filter.
Apply Click to apply your changes.
FIREWALL POLICY
TEMPLATE
Policy Template You can use this drop-down list to select a predefined policy template on which to base
your custom template — High, Medium, or Low . These templates are describ ed in “Setting
the Firewall Policy”
Apply Policy Template Click to apply the selected Policy Template and cancel any customizations.
SBG940 User Guide 34
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Firewall > ALERT — basic Page
You can use this page to set the alert mechanism for firewall intrusion detection events.
Firewall > ALERT — basic page fields
Field or Button Description
Intrusion Detection Select Email to be alerted through SMTP e-mail. An SMTP server that does not require any
authentication such as a user name or password must be present to receive the e-mail.
Apply Click to apply your changes.
SBG940 User Guide 35
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Firewall > ALERT — email Page
You can use this page to configure the e-mail alert parameters:
Firewall > ALERT — email page fields
Field or Button Description
E-mail Server IP Address Sets the e-mail server IP address in dotted-decimal format.
E-mail Server Port Sets the e-mail server port number.
E-mail Sender Sets the sender e-mail address.
E-mail Recipient List Sets the list of e-mail addresses that receive alerts from the
Apply Click to apply your changes.
SBG940 firewall.
SBG940 User Guide 36
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Firewall > LOGS Page
You can use this page to set which firewall events are logged.
Firewall > LOGS page fields
Field or Button Description
Enable Session Log Select this box to log every data session from the private LAN that was authorized by the
SBG940 firewall. Usually, the session log displays a history of normal data traffic. It also lists
the start of sessions the firewall terminated because:
• The policy was changed
• They were eventually determined to be an intrusion or attack
To display the session log, click session.
Enable Blocking Log Select this box to log inbound and outbound packets that the SBG940 firewall:
• Does not allow to pass because they use protocols and/or ports not explicitly allowed by
the active policy
• Determines to be invalid because of a session or reassembly timeout
To display the blocking log, click blocking.
Enable Intrusion Log Select this box to log attacks using common network intrusion tactics tha t the SBG940 firewall
detects and stops.
To display the intrusion log, click intrusion.
Apply Click to apply your changes.
If you enable the firewall, the blacklist log is always generated. Any IP address the firewall determines to have
breached the active policy is added to the blacklist log. To view the blacklist log, click blacklist. The firewall blocks
all traffic to and from a blacklisted IP address for 24 hours or until you reboot the SBG940 or manually clear the
blacklist by clicking Clear on the Firewall > LOGS — blacklist page.
SBG940 User Guide 37
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Gaming Configuration Guidelines
The following subsections provide information about configuring the SBG940 firewall and DMZ for gaming.
Configuring the Firewall for Gaming
By default, the SBG940 firewall is disabled. If, as recommended, you enable the firewall, refer to the game’s
documentation to ensure that the necessary ports are open for use by that game.
The pre-defined SBG940 firewall policies affect Xbox Live
Low Xbox Live data can pass through the firewall. No user action is required.
Medium or high To enable Xbox Live traffic to pass, you must configure:
• Choose Custom on the Firewall > POLICY — basic Page
• UDP 88:88 and UDP/TCP 3074:3074 on the Firewall > POLICY — advanced Page
Configuring Port Triggers
Because the SBG940 has pre-defined port triggers for games using any of the following applications, no user
action is required to enable them:
• DirectX 7 and DirectX 8
TM
as follows:
• MSN Games by Zone.com
• Battle.net
For a list of games supported by Battle.net, visit http://www.battle.net.
You may need to create custom port triggers to enable other games to operate properly. If you set custom port
triggers and enable the firewall, you must customize the firewall to allow traffic through those ports. To create
custom port triggers, use the Gateway > PORT TRIGGERS — custom Page.
®
SBG940 User Guide 38
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Configuring a Gaming DMZ Host
Caution!
The gaming DMZ host is not protected by the firewall. It is open to communication or hacking from any
computer on the Internet. Consider carefully before configuring a device to be in the DMZ.
Some games and game devices require one of:
• The use of random ports
• The forwarding of unsolicited traffic
For example, to connect a PlayStation
the ports required vary from game to game. For these games, we recommend configuring the gaming computer or
device as a gaming DMZ device.
To configure a gaming DMZ device, on the Gateway > LAN — dhcp leases Page:
1 Reserve a private IP address for the computer or gam e de vice MAC address.
2 Designate the device as a DMZ device.
®
2 for PS2® online gaming, designate it as the gaming DMZ host because
You can reserve IP addresses for multiple devices, but only one can be designated as the gaming DMZ at once.
SBG940 User Guide 39
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Configuring the Gateway
This section describes the Gateway configuration pages in the SBG940 Setup Program:
• Gateway > STATUS Page
• Gateway > WAN Page
• Gateway > LAN — nat config Page
• Gateway > LAN — dhcp server config Page
• Gateway > LAN — dhcp leases Page
• Gateway > PORT FORWARDING — status Page
• Gateway > PORT FORWARDING — config Page
• Gateway > PORT TRIGGERS — predefined Page
• Gateway > PORT TRIGGERS — custom Page
• Gateway > LOG Page
After you edit some fields and click Apply, you are warned that you must reboot your SBG940 for your change
to take effect. Rebooting takes 10 to 15 seconds. After rebooting, you must log in again.
SBG940 User Guide 40
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Gateway > STATUS Page
This page displays the gateway status information:
These fields display settings that are set on the other Gateway pages. For field descriptions, see the following
subsections that describe the fields on each tab.
SBG940 User Guide 41
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Gateway > WAN Page
Use this page to configure the external (public) wide area network (WAN) interface:
Gateway > WAN page fields
Field Description
Host Name If the cab le provi der requires a ho stn ame t o access th eir n etwork, type th e hostname they
provided in this field. The default is None.
Enable DHCP Client
(obtain dynamic IP
address)
Disable DHCP Client (use
static IP address)
Static IP Address If Disable DHCP Client is selected, type the static IP address provided by the c able
Static IP Subnet Mask If Disable DHCP Client is selected, type the subnet mask associated with the static IP
WAN Default Gateway When using a Static IP Address from the cable provider, type the default gateway IP
If you select Enable the DHCP Client, the SBG940 automatically obtains its public IP
address, subnet mask, domain name, and DNS server(s). Select En abl e the DHCP Client
if your cable provider automatically assigns a public IP addres s fr om their DHCP server.
Enable DHCP Client is selected by default.
If your cable provider does not automatically assign a public IP address using DHCP:
• Your cable provider must provide you with a Static IP Address, Static IP Subnet Mask,
WAN Default Gateway IP address, and one to three DNS IP Addresses.
• Y ou need to select Disable DHCP Client and type the Static IP address, Static IP Subnet
Mask, WAN Default Gateway, DNS server(s), and domain name (if necessary) in the
fields provided.
Disable DHCP Client is not selected by default.
provider in dotted-decimal format. The default is None.
address in dotted-decimal format. The default is None.
address on the WAN for the
SBG940 in dotted-decimal format.
SBG940 User Guide 42
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Gateway > WAN page fields (continued)
Field Description
DNS IP Address 1
DNS IP Address 2
DNS IP Address 3
TCP Session Wait
Timeout
UDP Session Wait
Timeout
ICMP Session Wait
Timeout
Apply Click to apply your changes.
The cable provider DNS server provides name-to-IP address resolution. If the cable
provider does not automatically assign DNS addresses from t heir DHCP server, they must
provide at least one DNS server IP address to enter in these fields in dotted-decimal
format. The default is None.
Sets the maximum time in seconds to wait before assuming a TCP session has timed out.
The default is 24 hours.
Sets the maximum time in seconds to wait before assumin g a UDP sessi on ha s timed o ut.
The default is 300 seconds (5 minutes).
Sets the maximum time in seconds to wait before assuming an ICMP session has timed
out. The default is 300 seconds (5 minutes).
SBG940 User Guide 43
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Gateway > LAN — nat config Page
Use this page to enable NAT and add clients to the CURRENT NAT PASSTHROUGH list:
Gateway > LAN — nat config page fields
Field or Button Description
LAN
Enable NAT If enabled, the single HFC IP Address (public IP address) assigned by the cable provider is
mapped to many private IP addresses on the SBG940 LAN.
Apply Click to apply your changes. You must reboot the SBG940.
NEW NAT
PASSTHROUGH
MAC Address Type the passthrough client MAC address. The format is 16 hexadecimal numerals.
Bypass Firewall
(True DMZ)
Add Click to add the MAC address to the CURRENT NAT PASSTHROUGH list.
CURRENT NAT
PASSTHROUGH
Delete Click to delete the selected MAC address from the NAT passthrough list.
Specifies up to 32 computers as passthrough clients not subject to NAT, using their MAC
addresses. To enable this feature, your cable operator may need to provide you with
additional public IP addresses.
Select this box to set the NAT passthrough computer as a DMZ client. Use this setting with
extreme caution because a DMZ client is completely open to Internet hackers.
Lists the computers on the LAN that are configured for NAT passthrough.
SBG940 User Guide 44
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Gateway > LAN — dhcp server config Page
Only experienced network administrators should use this page to perform advanced DHCP server configuration:
CAUTION!
Do not modify these settings unless you are an experienced network administrator with strong
knowledge of IP addressing, subnetting, and DHCP.
Gateway > LAN — dhcp server config page fields
Field Description
LAN IP Address You can type the IP address of the SBG940 for your private LAN. The default is
192.168.0.1.
LAN IP Subnet Mask Displays the subnet mask in dotted-decimal format. The default is 255.255.255.0.
Starting IP Address Enter the starting IP address to be assigned by the SBG940 DHCP server to clients in
dotted-decimal format. The default is 192. 168.0.2.
# of DHCP Users Sets the number of clients for the SBG940 DHCP server to assign a private IP address.
There are 253 possible client addresses. The default is 253.
DHCP Server Lease Time Sets the time in seconds that the SBG940 DHCP server leases an IP address to a client.
The default is 3600 seconds (60 minutes).
Domain Name Sets the domain na me for the SBG940 LAN. The default is None.
Time To Live Sets the TTL (hop limit) for outbound packets. The default is 64.
Interface Maximum
Transmission Unit
Sets the SBG940 LAN MTU in bytes. The minimum is 68 bytes. The default is 1500 bytes.
Apply Click to apply your changes. You must reboot the SBG940.
SBG940 User Guide 45
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Gateway > LAN — dhcp leases Page
Use this page to configure DHCP leases:
Gateway > LAN — dhcp leases page fields
Field Description
GAMING DMZ
Enable Gaming DMZ Select this box to designate the selected computer or gaming device as the gaming DMZ
host. For more information, see “Configuring a Gaming DMZ Host”. This can be useful if you
have difficulties running certain applications, typically gaming applications.
(Gaming) DMZ Host The gaming DMZ host is a computer with a reserved IP address designated as the default
DMZ host. Only one gaming DMZ host can be active at once.
The gaming DMZ host is not protected by the firewall. It is open to communication or hacki ng
from any computer on the Internet. Consider carefully before configuring a computer to be in
the DMZ.
The benefit of using a gaming DMZ host instead of a NAT passthrough host is that a gaming
DMZ host does not require a public IP address as does a NAT passthrough host. If the
application requires a public IP address, conf igure the computer for NAT passthrough on the
Gateway > LAN — nat config Page.
SBG940 User Guide 46
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Gateway > LAN — dhcp leases page fields (continued)
Field Description
RESERVE NEW IP
ADDRESS
MAC Address Type the MAC address of the DHCP client for which a reserved IP address is required. The
IP Address Sets the host portion of the reserved IP address for the LAN client having the specified MAC
Host Name If your ISP requires a host name to acce ss t heir net work, enter t he hostname provi ded to you
Add Click Add to reserve a new IP address.
CURRENTLY RESER VED
IP ADDRESSES
MAC Address Displays the client MAC address.
IP Address Displays its reserved IP address
Host Name Displays its host name.
Method Displays dynamic and static lease status. Add or delete dynamic or static lease status in this
Delete Select this box to designate the reserved IP address for deletion.
Delete Click this button to remove the reserved IP addresses for clients designated by the Delet e
You can reserve up to 32 IP addresses assigned by the SBG940 DHCP server for specific
LAN clients. For example, to ensure that they always receive the same private IP address,
you can reserve IP addresses for a private FTP server or gaming DMZ device.
format is 16 hexadecimal numerals.
address. When the LAN client requests an IP address, the SBG940 DHCP server assigns the
client this IP address.
in the Host Name field.
Displays all DHCP clients having reserved IP addresses.
field.
box.
Gateway > PORT FORWARDING — status Page
Use this page to display the configured port forwarding entries on the SBG940 LAN. The fields are the same as on
the Gateway > PORT FORWARDING — config Page:
SBG940 User Guide 47
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Gateway > PORT FORWARDING — config Page
Use this page to configure up to 32 virtual servers:
Gateway > PORT FORWARDING — config page fields
Field Description
ADD NEW PORT
FORWARDING ENTRY
Template If you select a predefined template such as HTTP or FTP, the Name, Port Start, Port End
Name Type a unique identifier for the custom virtual server. The typical practice is to use the
Port Start Sets the LAN internal interface port or the start of a port range. Inbound Internet
Port End If a range of ports is required, sets the end of the port range.
You can configure up to 32 virtual servers. If you select Custom, you must set the Name,
Port Start, Port End, and LAN IP Address.
values are provided. You only need to enter LAN IP Address and change default values
only if necessary.
protocol as a unique identifier (for example “ftp”).
connection requests are statically mapped to this port. The ports used by some common
applications are:
• FTP 20, 21
• HTTP 80
• NTP 123
• Secure Shell 22
• SMTP e-mail 25
• Telnet 23
SBG940 User Guide 48
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Gateway > PORT FORWARDING — config page fields (continued)
Field Description
LAN IP Address Sets the private LAN IP address for the port forwarding page. An Internet user must know
the public IP address to access any port forwarding entry you define on the private LAN.
Enable Select this box to enable the port forwarding entries to be accessed through NAT.
Add Click to add the virtual server to the PORT FORWARDING list.
PORT FORWARDING Displays the configured custom virtual servers.
Gateway > PORT TRIGGERS — predefined Page
When you run a PC application that accesses the Internet, it communicates with a computer on the Internet. In
some applications, especially gaming, the computer on the Internet also communicates with your PC. Because
NAT does not normally allow these incoming connections, the SBG940 supports port triggering.
The SBG940 is preconfigured with port triggering for common applications. You can also configure additional port
triggers if needed. Configuring port triggers for an application requires:
• The application transport protocol — TCP or UDP
• The application port number
You can use the default values for the remaining parameters.
SBG940 User Guide 49
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Only one computer at a time connected to the SBG940 can use an application requiring port triggering. Use this
page to view predefined port triggers:
Gateway > PORT TRIGGERS — predefined page fields
Field Description
Name Displays the unique name for the port triggers. This is typically the protocol name.
Enable Select this box to activate the port triggers for the predefined application.
Protocol Displays the transport protocol for the port trigger — TCP or UDP.
Port Range Displays the port range (From/To) for the port trigger.
Session Chaining Displays the session chaining selection for the port trigger — Disabl e, TCP, or TCP/UDP.
Session Interval Dis plays the session interval set for the port trigger.
Address Replace Displays the address replacement method for the port trigger.
Multi Host Displays the multi host selection for the port trigger.
SBG940 User Guide 50
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Gateway > PORT TRIGGERS — custom Page
Use this page to create a custom port trigger:
Gateway > PORT TRIGGERS — custom page fields
Field Description
ADD NEW SPECIAL
APPLICATION
Name Enter the unique name for the port trigger. This is typically the protocol.
Enable Select this box to enable the custom port trigger.
Protocol Sets the transport protocol for the port trigger — TCP or UDP.
Port Range
(From:To)
Session Chaining Enable session chaining if the application needs to open one or more ports in dif ferent ranges to
Session Interval Sets the session interval for the application:
Address Replace Sets the address replacement method for the application.
Multi Host Select if appropriate for the application.
Add Click to add the port trigger to the PORT TRIGGERS TABLE.
Sets the port range for the port trigger. Type the start of the range in the l eft field and the end in
the right field.
operate properly. The options are Disable, TCP, or TCP/UDP.
• If the port triggers detect traffic on the Port Range within th e Session Interval, i t is considered
to be related to the initial session.
• If the port triggers detect traffic on the Port Range after the Session Interval expires, it is
considered to be a new and unique session.
PORT TRIGGERS TABLE Lists all port triggers you defined and their parameters.
SBG940 User Guide 51
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Gateway > LOG Page
Use this page to view detailed information about the gateway:
Gateway > LOG page fields
Field Description
Time The date and time in the format yyyy-mm-dd hh:mm:ss
Priority Indicates the importance of the message.
Code Displays a code associated with the message.
Message Describes the event.
SBG940 User Guide 52
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Configuring TCP/IP
You must be sure all client computers are configured for TCP/IP (a protocol for communication betwe en
computers). Perform one of:
• Configuring TCP/IP in Windows 98, Windows 98 SE, or Windows Me
• Configuring TCP/IP in Windows 2000
• Configuring TCP/IP in Windows XP
• Follow the instructions in your Macintosh or UNIX user manual
After configuring TCP/IP, perform one of the following to verify the IP address:
• Verifying the IP Address in Windows 98, Windows 98 SE, or Windows Me
• Verifying the IP Address in Windows 2000 or Windows XP
• Follow the instructions in your Macintosh or UNIX user manual
Configuring TCP/IP in Windows 98, Windows 98 SE, or Windows Me
1 On the Windows Desktop, click Start.
2 Select Settings and then Control Panel from the pop-up menus to display the Control Panel win dow:
SBG940 User Guide 53
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
3
Double-click the Network icon to display the Network window:
Although your SBG model number may be different than in the images in this guide, the procedure is
the same.
4 Select the Configuration tab.
5 Verify that TCP/IP is installed for the adapter used to connect to the SBG940. If TCP/IP is installed, skip to
step 10. If TCP/IP is not installed for the adapter, continue with step 6.
6 Select the adapter to use for the SBG940 connection and click Add. The Select Network Component Type
window is displayed:
SBG940 User Guide 54
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
7
Click Protocol and click Add. The Select Network Protocol window is displayed:
8 Click Microsoft in the Manufacturers section and click TCP/IP in the Network Protocols section.
9 Click OK.
10 Click TCP/IP on the Network window. If there is more than one TCP/IP entry , choose the one for the Ethernet
card or USB port connected to the SBG940.
11 Click Properties. The TCP/IP Properties window is displayed:
12 Click the IP Address tab.
13 Click Obtain an IP address automatically.
14 Click OK to accept the TCP/IP settings.
15 Click OK to close the Network window.
16 Click OK when prompted to restart the computer and click OK again.
When you complete TCP/IP configuration, go to “Verifying the IP Address in Windows 98, Windows 98 SE, or
Windows Me”.
SBG940 User Guide 55
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Configuring TCP/IP in Windows 2000
1 On the Windows Desktop, click Start.
2 Select Settings and then Control Panel from the pop-up menus to display the Control Panel win dow:
3 Double-click the Network and Dial-up Connections icon to display the Network and Dial-up Connections
window:
In the steps that follow, a connection number such as 1, 2, or 3 is a reference displayed on PCs with multiple
network interfaces. PCs having only one network interface may display only the label
Local Area Connection
.
SBG940 User Guide 56
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
4
Click Local Area Connection number. The value of number varies from system to system. The Local Area
Connection number Status window is displayed:
5 Click Properties. Information similar to the following window is displayed:
6 If Internet Protocol (TCP/IP) is in the list of components, TCP/IP is installed. Y o u can skip to step 10.
If Internet Protocol (TCP/IP) is not in the list, click Install. The Select Network Component Type window is
displayed:
SBG940 User Guide 57
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
7
Click Protocol on the Select Network Component Type window and click Add. The Select Network Protocol
window is displayed:
8 Click Internet Protocol (TCP/IP).
9 Click OK. The Local Area Connection number Properties window is re-displayed.
10 Be sure the box next to Internet Protocol (TCP/IP) is selected.
SBG940 User Guide 58
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
11
Click Properties. The Internet Protocol (TCP/IP) Properties window is displayed:
12 Be sure Obtain IP address automatically and Obtain DNS server address automatically are selected.
13 Click OK to accept the TCP/IP settings.
14 Click Close to close the Local Area Connection number Properties window.
15 Click OK when prompted to restart the computer and click OK again.
When you complete the TCP/IP configuration, go to “Verifying the IP Address in Windows 2000 or Windows XP”.
SBG940 User Guide 59
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Configuring TCP/IP in Windows XP
1 On the Windows desktop, click Start to display the Start window:
2 Click Control Panel to display the Control Panel window. The display varies, depending on the Windows XP
view options. If the display is a Category view as shown below, continue with step 3. Otherwise, skip to
step 5.
SBG940 User Guide 60
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
3
Click Network and Internet Connections to display the Network and Internet Connections window:
4 Click Network Connections to display the LAN or High-speed Internet connections. Skip to step 7.
5 If a Classic view similar to below is displayed:
6 Double-click Network Connections to display the LAN or High-speed Internet connections.
SBG940 User Guide 61
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
7
Right-click on the network connection. If more than one connection is displayed, be sure to select the one for
your network interface:
8 Select Properties from the pop-up menu to display the Local Area Connection Properties window:
SBG940 User Guide 62
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
9
Select Internet Protocol (TCP/IP) and click Properties to display the Internet Protocol (TCP/IP) Properties
window:
10 Verify tha t the set ti n gs are correct, as shown above.
11 Click OK to close the TCP/IP Properties window.
12 Click OK to close the Local Area Connection Properties window.
When you complete the TCP/IP configuration, go to “Verifying the IP Address in Windows 2000 or Windows XP”.
SBG940 User Guide 63
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Verifying the IP Address in Windows 98, Windows 98 SE, or Windows Me
To check the IP address:
1 On the Windows Desktop, click Start.
2 Select Run. The Run window is displayed.
3 Type winipcfg.exe and click OK. The IP Configuration window is displayed. The Ethernet Adapter
Information field will vary depending on the system, as shown in the following examples:
The values for Adapter Address, IP Address, Subnet Mask, and Default Gateway on the PC will be different
than in the images.
In Windows 98, if IP Autoconfiguration Address is displayed as in the following image, call your service
provider:
4 Select the adapter name — the Ethernet card or USB device.
5 Click Renew.
6 Click OK after the system displays an IP address.
If after performing this procedure the computer cannot access the Internet, call your cable provider for help.
SBG940 User Guide 64
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Verifying the IP Address in Windows 2000 or Windows XP
To check the IP address:
1 On the Windows Desktop, click Start.
2 Select Run. The Run window is displayed.
3 Type cmd and click OK to display a command prompt window.
4 Type ipconfig and press ENTER to display the IP configuration. A display similar to the following indicates a
normal configuration:
If an Autoconfiguration IP Address is displayed as in the following window, there is an incorrect connection
between the PC and the SBG940 or there are cable network problems. Check the cable connections and
determine if you can view cable-TV channels on your television:
After verifying the cable connections and proper cable-TV operation, renew the IP address.
SBG940 User Guide 65
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
To renew the IP address:
1 Type ipconfig /renew and press ENTER. If a valid IP address is displayed as shown, Internet access should
be available.
2 Type exit and press ENTER to return to Windows.
If after performing this procedure the computer cannot access the Internet, call your cable provider for help.
SBG940 User Guide 66
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Setting Up Your Wireless LAN
You can use the SBG940 as an access point for a wireless LAN (WLAN) without changing its default settings.
Caution!
To prevent unauthorized eavesdropping or access to WLAN data, you must enable wireless security.
The default SBG940 settings provide no wireless security. After your WLAN is operational, be sure to
enable wireless security.
To enable security for your WLAN, you can do the following on the SBG940:
To Perform Use in Setup Program
Encrypt wireless transmissions
and restrict WLAN access
Further prevent unauthorized
WLAN intrusions
Connect at least one computer to the SBG940 Ethernet or USB port to perform configuration. Do not attempt to
configure the SBG940 over a wireless connection.
You need to configure each wireless client (station) to access the SBG940 LAN as described in “Configuring the
Wireless Clients”.
Encrypting Wireless LAN Transmissions Wireless > SECURITY — basic Page
Restricting Wireless LAN Access Wireless > SECURITY — advanced
Page
Caution!
Never provide your ESSID, WPA or WEP passphrase, or WEP key to anyone who is not authorized to
use your WLAN.
For descriptions of all wireless configuration fields, see “Configuring a Wireless Client with the Network Name
(ESSID)”.
Another step to improve wireless security is to place wireless components away from windows. This decreases
the signal strength outside the intended area.
SBG940 User Guide 67
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Encrypting Wireless LAN Transmissions
To prevent unauthorized viewing of data transmitted over your WLAN, you must encrypt your wireless
transmissions.
Use the Wireless > SECURITY — basic Page to encrypt your transmitted data. Choose one of:
Configure on the SBG940 Required On Each Wireless Client
If all of your wireless clients support Wi-Fi
Protected Access (WPA), we recommend
Configuring WPA on the SBG940
Otherwise, perform Configuring WEP on the
SBG940
If all of your wireless clients support WPA encryption, we recommend using WPA instead of WEP because WPA:
If you use a local pre-shared key (WPA-PSK) passphrase, you
must configure the identical passphrase to the SBG940 on each
wireless client. Home and small-office set tings typically use a
local passphrase.
Configuring a RADIUS server requires specialized knowledge
that is beyond the scope of this guide. For more information,
contact your network administrator.
Y ou must configure the i dentical WEP key to the SBG940 on each
wireless client.
• Provides much stronger encryption and is more secure
• Provides authentication to ensure that authorized users only can log in to your WLAN
• Is much easier to configure
• Uses a standard algorithm on all compliant products to generate a key from a textual passphrase
• Will be incorporated into the new IEEE 802.11i wireless networking standard
For new wireless LANs, we recommend purchasing client adapters that support WPA, such as the Motorola
Wireless Notebook Adapter WN825G, Wireless PCI Adapter WPCI810G, and Wireless USB Adapter WU830G.
For more information about the benefits of WPA, see the Wi-Fi Protected Access web page
http://www.wifialliance.org/OpenSection/protected_access.asp.
SBG940 User Guide 68
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Configuring WPA on the SBG940
To enable WPA and set the key on the SBG940:
1 On the SBG940 Setup Program left panel, click Wireless.
2 Click the SECURITY tab to display the Wireless > SECURITY — basic page:
3 In the Security Mode field, select WPA and click Apply.
4 Under WPA CONFIGURATION, choose one WPA Encryption type. Because performance may be slow with
TKIP, we recommend choosing AES if your clients support AES:
TKIP Temporal Key Integrity Protocol provides data encryption including a per-packet key mixing
function, message integrity check (MIC), initialization vector (IV), and re-keying mechanism.
AES The Advanced Encryption Standard algorithm implements symmetric key cryptography as a
block cipher using 128-bit keys. We recommend this setting if all of your wireless clients
support AES. The Motorola client adapters shown in “Optional Accessories” support AES.
SBG940 User Guide 69
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
5
Choose the WPA Authentication type:
Configuration: Basic Gateway TCP/IP Wireless USB
Remote
(Radius)
Local
(WPA-PSK)
If a Remote Authentication Dial-In User Service (RADIUS) server is availabl e, you can select this
option and go to step 6. A RADIUS server is typically used in a large corporate location.
If you choose Pre-Shared Key (PSK) local authentication, if the passphrase on any client
supporting WPA matches the PSK Passphrase set on the SBG940, the client can access the
SBG940 WLAN. To set the PSK Passphrase, go to step 7. A local key is typ ically used in a home
or small office.
6 For Remote (Radius) authentication only, set:
Radius Port The port used for remote authentication through a RADIUS server. It can be from 0 to 65535.
Radius Key The key for remote authentication. It can be from 0 to 255 ASCII characters.
Radius Server
Type
Radius Server The RADIUS server IP address in dotted-decimal format (xxx.xxx.xxx.xxx).
Currently IPv4 only .
7 For Local (WPA-PSK) authentication only, set:
PSK
Passphrase
The PSK password containing from 8 to 63 ASCII characters. You must set the identical
passphrase on each WLAN client (see “Configuring a Wireless Client for WPA”).
8 Click Save Changes.
If you need to restore the wireless defaults, click Reset Wireless Defaults.
SBG940 User Guide 70
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Configuring WEP on the SBG940
Use Wired Equivalent Privacy (WEP) only if you have wireless clients that do not support WPA.
Caution!
If you use WEP encryption, you must configure the same WEP key on the SBG940 access point and
all wireless clients (stations). Never provide your WEP key or passphrase to anyone who is not
authorized to use your WLAN.
To enable WEP and set the key on the SBG940:
1 On the SBG940 Setup Program left panel, click Wireless.
2 Click the SECURITY tab to display the Wireless > SECURITY — basic page:
3 In the Security Mode field, select WEP and click Apply.
4 In the WEP Passphrase field, type a passphrase containing from 8 to 31 ASCII characters. For privacy, your
passphrase displays as dots.
SBG940 User Guide 71
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
5
Click Generate WEP Keys. The following window is displayed:
6 Click OK. The WEP CONFIGURATION fields now appear something like:
Before performing step 7, consider the following:
• If all of your wireless adapters support 128-bit encryption, you can select Enable 128 Bit. Otherwise, you
must select Enable 64 Bit.
• For a WLAN client equipped with a Motorola wireless adapter, you can enter the WEP Passphrase when
you perform Configuring a Wireless Client for WEP. For all other wireless adapters, you will probably
need to enter the generated WEP key that you designate in step 7.
7 Under WEP CONFIGURATION, set:
WEP
Authentication
Encryption Use a WEP key length that is compatible with your wireless client adapters. Choose one of:
Key 1 to Key 4 Select the active key (1 to 4). Only one key can be active. Y ou can generate WEP keys f rom a
Sets whether shared key authentication is enabled to provide data privacy on the WLAN:
• Open System — Any WLAN client can transmit data to any other client without
authentication. It is the default, if the Security Mode is set to WEP.
• Shared Key — The SBG940 authenticates and transfers data to and f rom all cli en ts havin g
shared key authentication enabled. We recommend this setting.
• Enable 64-Bit — Use only if you have wireless cli ents tha t do not sup port 128 -bit en crypt ion
• Enable 128-Bit — We recommend this setting for stronger encryption; it is supported by th e
Motorola WN825G and WPCI810G wireless adapters and most current wireless adapters
passphrase as described in steps 4 to 6 or type non-case-sensitive hexadecimal charact ers 0
to 9 and A to F to define up to:
• Four 10-character long key 64-bit WEP keys
• Four 26-character long 128-bit WEP keys
We recommend changing the WEP keys frequently. Never provide the WEP key to anyone
who is not authorized to use your WLAN.
8 Click Save Changes to save your changes.
If you need to restore the wireless defaults, click Reset Wireless Defaults.
SBG940 User Guide 72
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Restricting Wireless LAN Access
The default SBG940 wireless settings enable any computer having a compatible wireless adapter to access your
WLAN. To protect your network from unauthorized intrusions, you can restrict access to your WLAN to a limited
number of computers on the Wireless > SECURITY — advanced Page.
You can configure one or both of:
Configure on the SBG940 Required On Each Wireless Client
Perform Configuring the Wireless Network Name on the
SBG940 to disable Extended Service Set Identifier (ESSID)
broadcasting to enable closed network operation
Perform Configuring a MAC Access Control List on the
SBG940 to restrict access to wireless clients with known
MAC addresses
You must configure the identical ESSID (network
name) to the SBG940.
No configuration is required on the client.
SBG940 User Guide 73
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Configuring the Wireless Network Name on the SBG940
If you disable ESSID broadcasting on the SBG940, the SBG940 does not transmit the network name (ESSID).
This provides additional protection because:
• Only wireless clients configured with your network name can communicate with the SBG940
• It is more difficult for unauthorized individuals who scan for unsecured WLANs to access your WLAN
Closed network operation is an enhancement of the IEEE 802.11b and IEEE 802.11g standards.
If you select Disable ESSID Broadcast, you must perform Configuring a Wireless Client with the Network Name
(ESSID) on all WLAN clients (stations). Never provide your ESSID to anyone who is not authorized to use
your WLAN.
To configure the ESSID on the SBG940:
1 Start the SBG940 Setup Program as described in “Starting the SBG940 Setup Program”.
2 On the left panel, click Wireless.
3 Click the NETWORK tab to display:
4 In the ESSID field, type a unique name. It can be any alphanumeric, case-sensitive string up to
32 characters. The default is “Motorola.” Do not use the default ESSID.
5 Click Save Changes to save your changes.
6 To restrict WLAN access to clients configured with the same Network Name (ESSID) as the SBG940, click
the SECURITY tab.
SBG940 User Guide 74
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
7
Click advanced to display the Wireless > SECURITY — advanced Page:
8 Select Disable ESSID Broadcast to restrict WLAN access to clients configured with the same Network
Name (ESSID) as the SBG940.
9 Click Apply to save your changes.
SBG940 User Guide 75
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Configuring a MAC Access Control List on the SBG940
You can restrict wireless access to one to 32 wireless clients, based on the client MAC address.
To configure a MAC access control list:
1 On the SBG940 Setup Program left panel, click Wireless.
2 Click the SECURITY tab.
3 Click advanced to display the Wireless > SECURITY — advanced Page:
4 To restrict wireless access to systems in the MAC access control list, select Allow Only Listed Stations
Access and click Apply.
5 To add a wireless client, type its MAC address in the format xx:xx:xx:xx:xx:xx in the New Station field and
click Add Station.
You can add up to 32 wireless clients to the MAC access control list.
SBG940 User Guide 76
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Configuring the Wireless Clients
For each wireless client computer (station), install the wireless adapter — such as a Motorola WN825G,
WPCI810G, or WU830G— following the instructions supplied with the adapter. Be sure to:
1 Insert the CD-ROM for the adapter in the CD-ROM drive on the client.
2 Install the device software from the CD.
3 Insert the adapter in the PCMCIA or PCI slot or connect it to the USB port.
Step 1
Step 3
Configure the adapter to obtain an IP address automatically. The Motorola wireless adapters are supplied with a
client configuration program called Wireless Client Manager, which is installed in the Windows Startup group.
On a PC with Wireless Client Manager installed, the icon is displayed on the Windows task bar. Double-click
the icon to launch the utility.
You may need to do the following to use a wireless client computer to surf the Internet:
Step 2
Step 2
Step 3
Step 1
If You Performed On Each Client, You Need to Perform
Configuring WPA on the SBG940 Configuring a Wireless Client for WPA
Configuring WEP on the SBG940 Configuring a Wireless Client for WEP
Configuring the Wireless Network Name on the SBG940 Configuring a Wireless Client with the Network Name
(ESSID)
Configuring a MAC Access Control List on the SBG940 No configuration on client required
SBG940 User Guide 77
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Configuring a Wireless Client for WPA
If you enabled WPA and set a PSK Passphrase by Configuring WPA on the SBG940, you must configure the
same passphrase (key) on each wireless client. The SBG940 cannot authenticate a client if:
• WPA is enabled on the SBG940 but not on the client
• The client passphrase does not match the SBG940 PSK Passphrase
For information about the WPA support in Windows XP, visit:
WPA Wireless Security for Home Networks http://www.microsoft.com/WindowsXP/expertzone/columns/
bowman/03july28.asp
Overview of the WP A Wireless Security Update in
Windows XP
You can download the Microsoft Windows XP Support Patch for Wi-Fi Protected Access from
http://www.microsoft.com/downloads/details.aspx?FamilyId=009D8425-CE2B-47A4-ABEC-274845DC9E91&disp
laylang=en
http://support.microsoft.com/?kbid=815485
Caution!
Never provide the PSK Passphrase to anyone who is not authorized to use your WLAN.
Configuring a Wireless Client for WEP
If you enabled WEP and set a key by Configuring WEP on the SBG940, you must configure the same WEP key on
each wireless client. The SBG940 cannot authenticate a client if:
• Shared Key Authentication is enabled on the SBG940 but not on the client
• The client WEP key does not match the SBG940 WEP key
On a WLAN client equipped with a Motorola wireless adapter, you can enter the WEP Passphrase you set when
you configured the SBG940. For all other wireless adapters, you must enter the 64-bit or 128-bit WEP key
generated by the SBG940.
Caution!
Never provide the WEP key to anyone who is not authorized to use your WLAN.
Configuring a Wireless Client with the Network Name (ESSID)
To distinguish it from other nearby WLANs, you can identify your WLAN with a unique network name (also known
as a network identifier or ESSID). When prompted for the network identifier, network name, or ESSID, type the
name set in the ESSID field on the Wireless > NETWORK Page in the SBG940 Setup Program. For more
information, see “Configuring the Wireless Network Name on the SBG940”.
After you specify the network name, many wireless cards or adapters automatically scan for an access point such
as the SBG940 and the proper channel and data rate. If your card requires you to manually start scanning for an
access point, do so following the instructions in the documentation supplied with the card.
SBG940 User Guide 78
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Wireless Pages in the SBG940 Setup Program
Use the Wireless pages to control and monitor the wireless interface:
• Wireless > STATUS Page
• Wireless > NETWORK Page
• Wireless > SECURITY — basic Page
• Wireless > SECURITY — advanced Page
• Wireless > STATISTICS page
After you edit some fields and click Apply, you are warned that you must reboot your SBG940 for your change
to take effect. Rebooting takes 10 to 15 seconds. After rebooting, you must log in again.
SBG940 User Guide 79
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Wireless > STATUS Page
You can use this display-only page to:
• View the wireless interface stat us
• Help perform Troubleshooting for wireless network problems
Wireless > STATUS Page Fields
Regulatory Domain Indicates the country the SBG940 is manufactured for. The list of channels depends on the
country’s standards for operation of wireless devices. Dependin g on the domain set at the factory,
USA FCC, Europe, Spain, France, Japan, or some other country name is displayed.
ESSID Displays the ESSID set on the Wireless > NETWORK Page. For more information, see
“Configuring the Wireless Network Name on the SBG940”. Never provide the ESSID to anyone
who is not authorized to use your WLAN.
Channel Displays the radio channel for the access point. If you encounter interference, you can set a
different channel on the Wireless > NETWORK Page.
RTS Threshold Displays the Request to Send Threshold set on the Wireless > NETWORK Page.
Frag Threshold Displays the Fragmentation Threshold set on the Wireless > NETWORK Page.
MAC Address Displays the SBG940 MAC address.
Security Mode Displays the enabled wireless encryption type. For more informati on, see “Configuring WPA on
the SBG940” or “Configuring WEP on the SBG940”.
MAC Access Control Displays the MAC Access Control setting (see “Configuring a MAC Access Control List on the
SBG940”):
• Allow Listed — Only clients in the MAC access control list can access the WLAN.
• Allow Any Station Access — Any wireless client can access the WLAN.
MAC Access Control List Displays the MAC addresses of wireless clients having access (see “Configuring a MAC Access
Control List on the SBG940”).
SBG940 User Guide 80
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Wireless > NETWORK Page
Use this page for:
• Configuring the Wireless Network Name on the SBG940
• Configuring other WLAN setting s
You can use the SBG940 to operate a WLAN without changing its default settings.
Wireless > NETWORK page fields
Field Description
WIRELESS
Enable Wireless
Interface
ESSID Sets a unique network name for the SBG940 WLAN to distinguish between multipl e WLANs in
Channel Sets the wireless radio channel. You can change the channel if you encounter interference on
SBG940 User Guide 81
Select this box to enable the wireless interface.
the vicinity. If you select Disable ESSID Broadcast on the Wireless > SECURITY — advanced
Page, all clients on the WLAN must have the same ESSID (network name) as the SBG940. It
can be any alphanumeric, case-sensitive string up to 32characters. The default is “Motorola.”
We strongly recommend not using the default. Never provide the ESSID to anyone who is not
authorized to use your WLAN.
the default channel. The default is 1 (one), except in countries where the first channel
permitted for wireless operation is not one.
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Wireless > NETWORK page fields (continued)
Field Description
Operating Mode Sets how the SBG940 communicates with wireless clients (stations):
• 11b/11g Standard — Enables all IEEE 802.11b and IEEE 802.11g clients to work with the
SBG940. We recommend using t his default setting in most cases because it is more flexible.
• 11g Enhanced — Choose this option only if all IEEE 802.11g client adapters on the network
support the performance-enhancing features of the IEEE11g Enhanced mode. It is not
supported by all IEEE 802.11g adapters.
ADVANCED SETUP
Transmit Power Sets the SBG940 wireless transmission power — 3, 6, 12, 25, 50, 75, or 100%. The default is
100%. You can turn down the Transmit Power to:
• Decrease “leakage” into outside areas such as the street
• Improve performance if you usually position your computer or laptop close to your SBG940
Transmission power control is an optional IEEE 802.11 feature.
RTS Threshold The Request To Send Threshold sets the minimum packet size for which the SBG940 issues
an RTS before sending a packet. A low RTS Threshold can help when many clients are
associated with the SBG940 or the clients are far apart and can detect the SBG940 but not
each other. It can be 0 to 2347 bytes. The default is 2347.
Fragmentation
Threshold
Beacon Period Sets the time between beacon frames sent by the SBG940 for wireless network
DTIM Period The delivery traffic indication message (DTIM) period is the number of Beacon Periods that
Sets the size at which packets are fragmented (sent as several packets instead of as one
packet). A low Fragmentation Threshold can help when communication is poor or there is a
significant interference. It can be 256 to 2346 bytes. The default is 2346.
synchronization. It can be from 1 to 999 ms. The default is 100 ms.
elapse before a wireless client operating in power save mode “listens” for buffered broadcast
or multicast messages from the SBG940. It can be from 1 to 99999. The default is 3.
SBG940 User Guide 82
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Wireless > SECURITY — basic Page
Use this page to configure how your SBG940 encrypts wireless transmissions. For information about using this
page, see “Encrypting Wireless LAN Transmissions”. After you enable WEP or WPA on the SBG940, you must
configure each WLAN client as described in “Configuring the Wireless Clients”.
Caution!
The default Security Mode setting None provides no security for transmitted data.
SBG940 User Guide 83
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Wireless > SECURITY — advanced Page
Use this page to configure advanced wireless security settings.
Wireless > Security — ADVANCED page fields
Field or Button Description
Disable ESSID Broadcast If selected, only wireless clients (stations) having the same Network Name (ESSID) as the
SBG940
enhancement to IEEE 802.11b. The default is not selected (off).
MAC ACCESS CONTROL
LIST
Allow Any Station
Access
Allow Only Listed
Stations Access
Apply Click to apply your change.
Listed Stations Lists the wireless client s in the MAC access control li st havin g ac cess if Allow Onl y Listed
Delete To delete a wireless client from the MAC access control list, select its Delete check box
SBG940 User Guide 84
You can restrict wireless access to one to 32 wireless clients, based on the client MAC
address.
If selected, any wireless client can access the SBG940 WLAN.
If selected, only wireless clients in the MAC access control list can access the SBG940
WLAN.
Stations Access is selected.
and click the Delete button.
can communicate with the SBG940. Closed network operat ion is a SBG940
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Wireless > Security — ADVANCED page fields (continued)
Field or Button Description
ADD NEW STATION
New Station Type the MAC address of the wireless client to add to the MAC access control list. Use the
format xx:xx:xx:xx:xx:xx. The MAC access control list can contain one to 32 clients.
Add Station Click to add the New Station to the MAC access control list.
Wireless > STATISTICS page
Use this page to display wireless statistics.
Wireless > STATISTICS page fields
Field or Button Description
Transmitted
Fragment Count
Multicast
Transmitted
Fragment Count
Failed Count The number of MSDUs not transmitted successfully because t he number of transmit at tempts
Retry Count The number of successfully transmitted MSDUs after one or more retransmissions.
SBG940 User Guide 85
The number of acknowledged MAC protocol data units (MPDUs) with an address in the
address 1 field or an MPDU with a multicast address in the address 1 field of type data or
management.
The number of transmitted fragments when the multicast bit is set in th e destination MAC
address of a successfully transmitted MAC service data unit (MSDU). When operating as a
STA in an ESS, where these frames are directed to the AP, this implies having received an
acknowledgment to all associated MPDUs.
exceeded the IEEE 802.11b short or long retry limit.
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Wireless > STATISTICS page fields (continued)
Field or Button Description
Multiple Retry Count The number of successfully transmitted MSDUs after more than one retransmission.
Frame Duplicate
Count
Request To Send
Success Count
Request To Send
Failure Count
Acknowledge Failed
Count
Received Fragment
Count
Multicast Received
Fragment Count
Frame Check
Sequence Error
Count
Transmitted Frame
Count
WEP Undecryptable
Count
Refresh Click to collect new data.
The number of frames received where the Sequence Control field indicated the frame was a
duplicate.
The number of CTS messages received in response to RTS messages.
The number of CTS messages not received in response to RTS messages.
The number of acknowledgment messages not received when expected from a data
message transmission.
The number of successfully received MPDUs of type Data or Management.
The number of MSDUs received when the multicast bit was set in the destination MAC
address.
The number of FCS errors detected in a received MPDU.
The number of successfully transmitted MSDUs.
This number of frames received with the WEP subfield of the Frame Control field set to one
and the WEP On key value mapped to the client MAC address. This indicates that the frame
should not have been encrypted or was discarded due to the receivi ng client not ha ving WEP
enabled.
SBG940 User Guide 86
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Troubleshooting
If the solutions listed here do not solve your problem, contact your cable provider. Before calling your cable
provider, try pressing the reset button on the rear panel. Resetting the SBG940 may take 5 to 30 minutes. Your
service provider may ask for the status of the lights as described in “Front-Panel Lights and Error Conditions”.
Problem Possible Solutions
Power light
is off
Cannot send or
receive data
Problems related to
unsuccessful USB
driver installation
The SBG940 Setup
Program will not
start
A wireless client(s)
cannot send or
receive data
Check that the SBG940 is properly plugged into the electrical outlet.
Check that the electrical outlet is working.
Press the Reset button.
On the top front panel, note which is the first light (starting from the left) that is off. This light
indicates where the error occurred as described in “Front-Panel Lights and Error Conditions.”
If you have cable TV, check that the TV is working and the picture is clear. If you cannot re ceive
regular TV channels, the data service will not function.
Check the coaxial cable at the SBG940 and wall outlet. Hand-tighten if necessary.
Check the IP address. Follow the steps for verifying the IP address for your system. See
“Configuring TCP/IP”. Call your cable provider if you need an IP address.
Check that the Ethernet cable is properly connected to the SBG940 and the comput er.
Remove the USB driver. Follow the appropriate procedure for your system in “Setting Up a
USB Driver”.
The web cache is full or close to full. In Internet Explorer, choose Internet Options from th e
Tools menu, and click the General tab. Click Delete Files and Clear History. Then try Starting
the SBG940 Setup Program again.
Perform the first four checks in “Cannot send or receive data.”
Check the Security Mode setting on the Wireless > SECURITY — basic Page:
• If you enabled WPA and configured a passphrase on the SBG940, be sure each affected
wireless client has the identical passphrase. If this does not solve the problem, check
whether the wireless client supports WPA.
• If you enabled WEP and configured a key on the SBG940, be sure each affected wireless
client has the identical WEP key. If this does not solve the problem, check whether the client
wireless adapter supports the type of WEP key configured on the SBG940.
• To temporarily eliminate the Security Mode as a potent ial iss ue, sele ct None and cl ick Apply.
After resolving your problem, be sure to re-enable wireless security.
On the Wireless > SECURITY — advanced Page:
• Check whether you turned on Disable ESSID Broadcast. If it is on, be sure the network
name (ESSID) on each affected wireless client is identical to the ESSID on the SBG940.
• Check whether you enabled Allow Only Listed Stations Access. If you did, be sure the
MAC address for each affected wireless client is correctly listed.
For detailed information, see “Setting Up Your Wire le s s LAN”.
Slow wireless
transmission speed
with WPA enabled
SBG940 User Guide 87
On the Wireless > SECURITY — basic Page, check whether the WP A Encryption type is
TKIP. If all of your wireless clients support AES, change the WPA Encryption to AES as
described in step 4 in “Configuring WPA on the SBG940”.
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Front-Panel Lights and Error Conditions
Light Turns Off During Startup If Turns Off During Normal Operation If
DS The downstream receive channel cannot be acquired The downstream channel is lost
US The upstream send channel cannot be acquired The upstream channel is lost
IP registration is unsuccessful The IP registration is lost
The SBG940 is not properly plugged into the power outlet The SBG940 is unplugged
SBG940 User Guide 88
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Setting Up a USB Driver
The following subsections describe setting up a USB driver if you connect a PC to the USB port on the SBG940.
Before connecting a PC to the USB port, perform the appropriate procedure for your Windows version:
• Setting Up a USB Driver in Windows 98 Second Edition
• Setting Up a USB Driver in Windows 2000
• Setting Up a USB Driver in Windows Me
• Setting Up a USB Driver in Windows XP
The SBG940 USB driver does not support Macintosh or UNIX computers. For those systems, you can connect
through Ethernet only.
Caution!
Be sure the SBG940 Installation CD-ROM is inserted in the CD-ROM drive before you plug in the
USB cable.
If you have a problem setting up the USB driver, remove it by performing one of:
• Removing the USB Driver from Windows 98 Second Edition or Windows Me
• Removing the USB Driver from Windows 2000
• Removing the USB Driver from Windows XP
Then perform “Running the Motorola USB Driver Removal Utility” on page 107.
SBG940 User Guide 89
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
Setting Up a USB Driver in Windows 98 Second Edition
1 Insert the SBG940 Installation CD-ROM in the CD-ROM drive. This CD contains the USB drivers and must be
inserted and read by the PC before you connect the SBG940 to the PC.
2 Connect the USB cable as shown in USB Connection.
A few seconds after you complete the USB connection, the Add New Hardware Wizard window is displayed:
3 Click Next. The following window is displayed:
4 Be sure “Search for the best driver for your device” is selected.
SBG940 User Guide 90
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
5
Click Next and the following window is displayed:
Be sure “CD-ROM drive” is the only box selected.
6 Click Next. The message “Please wait while Windows searches for a new driver for this device” is displayed.
If the computer successfully locates the driver, you can skip to step 9.
If the computer does not locate the driver, t he previous window is displayed again.
7 Select Specify a location and type the location of the CD-ROM drive:
To load the driver successfully, you may need to click Browse to manually select the NetMotCM.sys file on
the CD-ROM.
SBG940 User Guide 91
Overview Installation Troubleshooting Contact FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless USB
8
Click Next. The following window is displayed:
9 Select The updated driver... and click Next. If the following window is not displayed, verify that the SBG940
Installation CD-ROM is properly inserted in the CD-ROM drive. If you still cannot find the correct driver file,
click Cancel to cancel the installation and perform the procedure for “Removing the USB Driver from
Windows 98 Second Edition or Windows Me”. Then repeat this procedure.
Although your SBG model number may be different than in the images in this guide,
the procedure is the same.
10 After the window shown under step 9 is displayed, click Next.
If a window with the message Copying Files... displays and asks for the CD-ROM drive, type the CD-ROM
drive letter (for example, “D:”) and click OK.
If an Insert Disk window similar to the one below is displayed, Windows system files are needed to complete
the installation. T o install the files, insert your Windows 98 Second Edition CD-ROM in the CD-ROM drive and
click OK.
SBG940 User Guide 92
Loading...