ZyXEL NBG4615 User Manual
CHAPTER 14
Wireless LAN
14.1 Overview
This chapter discusses how to configure the wireless network settings in your
NBG4615. See the appendices for more detailed information about wireless
networks.
The following figure provides an example of a wireless network.
Figure 74 Example of a Wireless Network
The wireless network is the part in the blue circle. In this wireless network,
devices A and B are called wireless clients. The wireless clients use the access
point (AP) to interact with other devices (such as the printer) or with the Internet.
Your NBG4615 is the AP.
NBG4615 User’s Guide
129
Chapter 14 Wireless LAN
14.1.1 What You Can Do
•Use the General screen to enter the SSID, enable intra-BSS traffic and select
the channel. (Section 14.2 on page 133).
•Use the Security screen to configure wireless security between the NBG4615
and the wireless clients.
•Use the MAC Filter screen to allow or deny wireless stations based on their
MAC addresses from connecting to the NBG4615 (Section 14.4 on page 139).
•Use the Advanced screen to allow intra-BSS networking and set the RTS/CTS
Threshold (Section 14.5 on page 140).
•Use the QoS screen to ensure Quality of Service (QoS) in your wireless network
(Section 14.6 on page 141).
•Use the WPS screen to quickly set up a wireless network with strong security,
without having to configure security settings manually (Section 14.7 on page
142).
•Use the WPS Station screen to add a wireless station using WPS (Section 14.8
on page 143).
•Use the Scheduling screen to set the times your wireless LAN is turned on and
off (Section 14.9 on page 144).
•Use the WDS screen to configure Wireless Distribution System on your
NBG4615 (Section 14.10 on page 146).
14.1.2 What You Should Know
Every wireless network must follow these basic guidelines.
• E very wireless client in the same wireless network must use the same SSID.
The SSID is the name of the wireless network. It stands for Service Set IDentity.
• I f two wireless networks overlap, they should use different channels.
Like radio stations or television channels, each wireless network uses a specific
channel, or frequency, to send and receive information.
• E very wireless client in the same wireless network must use securit y compatible
with the AP.
Security stops unauthorized devices from using the wireless net work. It can also
protect the information that is sent in the wireless network.
Wireless Security Overview
The following sections introduce different types of wireless s ecurity you can set up
in the wireless network.
130
NBG4615 User’s Guide
Chapter 14 Wireless LAN
SSID
Normally , the AP acts like a beacon and regularl y broadcasts the SS ID in the area.
You can hide the SSID instead, in which case the AP does not broadcast the SS ID.
In addition, you should change the default SSID to something that is difficult to
guess.
This type of security is fairly weak, however, because there are ways for
unauthorized devices to get the SSID. In addition, unauthorized devices can still
see the information that is sent in the wireless network.
MAC Address Filter
Every wireless client has a unique identification number, called a MAC address.1 A
MAC address is usually written using twelve hexadecimal characters
example, 00A0C5000002 or 00:A0:C5:00:00:02. To get the MAC address for each
wireless client, see the appropriate User’s Guide or other documentation.
You can us e the MAC address filter to tell the AP which wireless clients are allowed
or not allowed to use the wireless network. If a wireless client is allowed to use the
wireless network, it still has to have the correct settings (SSID, channel, and
security). If a wireless client is not allowed to use the wireless network, it does not
matter if it has the correct settings.
This type of security does not protect the inf o rm at ion that is sent in the wireless
network. Furthermore, there are ways for unauthorized devices to get the MAC
address of an authorized wireless client. Then, they can use that MAC address to
use the wireless network.
2
; for
User Authentication
You can make every user log in to the wireless network before they can use it.
This is called user authentication. However, every wireless client in the wireless
network has to support IEEE 802.1x to do this.
For wireless networks, there are two typical places to store the user names and
passwords for each user.
• In the AP: this feature is called a local user database or a local database.
• In a RADIUS server: this is a server used in businesses more than in homes.
If your AP does not provide a local user database and if you do not have a RADIUS
server, you cannot set up user names and passwords for your users.
1. Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks.
These kinds of wireless devices might not have MAC addresses.
2. Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F.
NBG4615 User’s Guide
131
Chapter 14 Wireless LAN
Unauthorized devices can still see the information that is sent in the wireless
network, even if they cannot use the wireless network. Furthermore, there are
ways for unauthorized wireless users to get a valid user name and password.
Then, they can use that user name and password to use the wireless network.
Local user databases also have an additional limitation that is explained in the
next section.
Encryption
Wireless networks can use encryption to protect the informat ion that is sent in the
wireless network. Encryption is like a secret code. If you do not know the secret
code, you cannot understand the message.
The types of encryption you can choose depend on the type of user
authentication. (See page 131 for information about this.)
Table 41 Types of Encryption for Each Type of Authentication
Weakest No Security WPA
Strongest WPA2-PSK WPA2
NO AUTHENTICATION RADIUS SERVER
Static WEP
WPA-PSK
For example, if the wireless network has a RADIUS server, you can choose WPA
or WPA2. If users do not log in to the wireless network, you can choose no
encryption, Static WEP, WPA-PSK, or WPA2-PSK.
Usually, you should set up the strongest encryption that every wireless client in
the wireless network supports. For example, suppose the AP does not hav e a local
user database, and you do not have a RADIUS server. Therefore, there is no user
authentication. Suppose the wireless network has two wireless clients. Device A
only supports WEP, and device B supports WEP and WPA. Therefore, you should
set up Static WEP in the wireless network.
Note: It is recommended that wireless networks use WPA-PSK, WPA, or stronger
encryption. IEEE 802.1x and WEP encryption are better than none at all, but it
is still possible for unauthorized devices to figure out the original information
pretty quickly.
Note: It is not possible to use WPA-PSK, WPA or stronger encryption with a local user
database. In this case, it is better to set up stronger encryption with no
authentication than to set up weaker encryption with the local user database.
When you select WPA2 or WPA2-PSK in your NBG4615, you can also select an
option (WPA Compatible) to support WPA as well. In this case, if some wireless
clients support WPA and some support WPA2, you should set up WPA2-PSK or
132
NBG4615 User’s Guide
Chapter 14 Wireless LAN
WPA2 (depending on the type of wireless network login) and select the WPA
Compatible option in the NBG4615.
Many types of encryption use a key to protect the information in the wireless
network. The longer the key, the stronger the encryption. Every wireless client in
the wireless network must have the same key.
WPS
WiFi Protected Setup (WPS) is an industry standard specification, defined by the
WiFi Alliance. WPS allows you to quickly set up a wireless network with strong
security , without having to configure secu rity settings manually. Depending on the
devices in your network, you can either press a button (on the device itself, or in
its configuration utility) or enter a PIN (Personal Identification Number) in the
devices. Then, they connect and set up a secure network by themselves. See how
to set up a secure wireless network using WPS in the Section 13.2 on page 111.
WDS
Wireless Distribution System or WDS security is used between bridged APs. It is
independent of the security between the wired networks and their respective APs.
If you do not enable WDS security, traffic between APs is not encrypted. When
WDS security is enabled, both APs must use the same pre-shared key.
14.2 General Wireless LAN Screen
Use this screen to configure the SSIDs of the wireless LAN.
Note: If you are configuring the NBG4615 from a computer connected to the wireless
LAN and you change the NBG4615’s SSID, channel or security settings, you
will lose your wireless connection when you press Apply to confirm. You must
then change the wireless settings of your computer to match the NBG4615’s
new settings.
NBG4615 User’s Guide
133
Chapter 14 Wireless LAN
Click Network > Wireless LAN to open the General screen.
Figure 75 Network > Wireless LAN > General
The following table describes the general wireless LAN labels in this screen.
Table 42 Network > Wireless LAN > General
LABEL DESCRIPTION
Wireless LAN This shows whether the wireless LAN is ON or OFF. You can enable or
disable the wireless LAN by using the WLAN switch located on the back
panel of the NBG4615.
Network
Name(SSID)
or
Name(SSID1
~3)
Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a
Enable IntraBSS Traffic
The SSID (Service Set IDentity) identifies the Service Set with which a
wireless client is associated. Enter a descriptive name (up to 32 printable
characters found on a typical English language keyboard) for the wireless
LAN.
You can configure up to four SSIDs to enable multiple BSSs (Basic Service
Sets) on the NBG4615. This allows you to use one access point to provide
several BSSs simultaneously. You can then assign varying security types
to different SSIDs. Wireless clients can use different SSIDs to associate
with the same access point.
station cannot obtain the SSID through scanning using a site survey tool.
A Basic Service Set (BSS) exists when all communications between
wireless clients or between a wireless client and a wired network client go
through one access point (AP).
Intra-BSS traffic is traffic between wireless clients in the BS S. When IntraBSS is enabled, wireless clients can access the wired network and
communicate with each other. When Intra-BSS is disabled, wireless clients
can still access the wired network but cannot communicate with each
other.
134
NBG4615 User’s Guide
Chapter 14 Wireless LAN
Table 42 Network > Wireless LAN > General (continued)
LABEL DESCRIPTION
Channel
Selection
Auto Channel
Selection
Operating
Channel
Communicati
on between
wireless
clients with
different
SSIDs
Apply Click Apply to save your changes back to the NBG4615.
Cancel Click Cancel to reload the previous configuration for this screen.
Set the operating frequency/channel depending on your particular region.
Select a channel from the drop-down list box. The options vary depending
on the frequency band and the country you are in.
Refer to the Connection Wizard chapter for more inform ation on channels.
This option is only available if Auto Channel Selection is disabled.
Select this check box for the NBG4615 to automatically choose the
channel with the least interference. Deselect this check box if you wish to
manually select the channel using the Channel Section field.
This displays the channel the NBG4615 is currently using.
Select the check box to allow communication between wireless clients of
different SSIDs. Do not select the check box if you do not want to enable
this function.
See the rest of this chapter for information on the other labels in this screen.
14.3 Wireless Security Screen
Use this screen to select the wireless security mode for each SSID. Click Network
> Wireless LAN > Security to open the Security screen. The screen varies
depending on what you select in the Security Mode field.
14.3.1 No Security
Select No Security to allow wireless clients to communicate with the access
points without any data encryption.
NBG4615 User’s Guide
135
Chapter 14 Wireless LAN
Note: If you do not enable any wireless security on your NBG4615, your network is
accessible to any wireless networking device that is within range.
Figure 76 Network > Wireless LAN > Security: No Security
The following table describes the labels in this screen.
Table 43 Network > Wireless LAN > Security: No Security
LABEL DESCRIPTION
SSID Select the SSID for which you want to configure the security.
Security
Mode
Apply Click Apply to save your changes back to the NBG4615.
Cancel Click Cancel to reload the previous configuration for this screen.
Choose No Security from the drop-down list box.
14.3.2 WEP Encryption
WEP encryption scrambles the data transmitted bet ween the wireless stations and
the access points to keep network communications private. It encrypts unicast
and multicast communications in a network. Both the wireless stations and the
access points must use the same WEP key.
Your NBG4615 allows you to configure up to four 64-bit or 128-bit WEP keys but
only one key can be enabled at any one time.
136
NBG4615 User’s Guide
Select Static WEP from the Security Mode list.
Figure 77 Network > Wireless LAN > Security: Static WEP
Chapter 14 Wireless LAN
The following table describes the wireless LAN security labels in this screen.
Table 44 Network > Wireless LAN > Security: Static WEP
LABEL DESCRIPTION
SSID Select the SSID for which you want to configure the security.
Security Mode Select Static WEP to enable data encryption.
PassPhrase Enter a Passphrase (up to 26 printable characters) and click Generate.
A passphrase functions like a password. In WEP security mode, it is
further converted by the NBG4615 into a complicated string that is
referred to as the “key”. This key is requested from all devices wishing to
connect to a wireless network.
WEP
Encryption
Authentication
Method
ASCII Select this option in order to enter ASCII characters as WEP key.
Select 64-bits or 128-bits.
This dictates the length of the security key that the network is going to
use.
Select Auto or Shared Key from the drop-down list box.
This field specifies whether the wireless clients have to provide the WEP
key to login to the wireless client. Keep this setting at Auto unless you
want to force a key verification before communication between the
wireless client and the NBG4615 occurs.
Select Shared Key to force the clients to provide the WEP key prior to
communication.
NBG4615 User’s Guide
137
Chapter 14 Wireless LAN
Table 44 Network > Wireless LAN > Security: Static WEP (continued)
LABEL DESCRIPTION
Hex Select this option in order to enter hexadecimal characters as a WEP key.
The preceding "0x", that identifies a hexadecimal key, is entered
automatically.
Key 1 to Key 4 The WEP keys are used to encrypt data. Both the NBG4615 and the
wireless stations must use the same WEP key for data transmission.
If you chose 64-bit WEP, then enter any 5 ASCII characters or 10
hexadecimal characters ("0-9", "A-F").
If you chose 128-bit WEP, then enter 13 ASCII characters or 26
hexadecimal characters ("0-9", "A-F").
You must configure at least one key, only one key can be activated at
any one time. The default key is key 1.
Apply Click Apply to save your changes back to the NBG4615.
Cancel Click Cancel to reload the previous configuration for this screen.
14.3.3 WPA-PSK/WPA2-PSK
Select WPA-PSK or WPA2-PSK from the Security Mode list.
Figure 78 Network > Wireless LAN > Security: WPA-PSK/WPA2-PSK
The following table describes the labels in this screen.
Table 45 Network > Wireless LAN > Security: WPA-PSK/WPA2-PSK
LABEL DESCRIPTION
SSID Select the SSID for which you want to configure the security.
Security Mode Select WPA-PSK or WPA2-PSK to enable data encryption.
WPA
Compatible
This field appears when you choos e WPA2-PSK as the Security Mode.
Check this field to allow wireless devices using WPA-PSK security
mode to connect to your NBG4615.
138
NBG4615 User’s Guide
Table 45 Network > Wireless LAN > Security: WPA-PSK/WPA2-PSK (continued)
LABEL DESCRIPTION
Pre-Shared Key WPA-PSK/WPA2-PSK uses a simple common password for
authentication.
Type a pre-shared key from 8 to 63 case-sensitive keyboard characters.
Group Key
Update Timer
Apply Click Apply to save your changes back to the NBG4615.
Cancel Click Cancel to reload the previous configuration for this screen.
The Group Key Update Timer is the r ate at which the AP sends a new
group key out to all clients.
The default is 3600 seconds (60 minutes).
14.4 MAC Filter
The MAC filter screen allows you to configure the NBG4615 to give exclusive
access to devices (Allow) or exclude devices from accessing the NBG4615 (Deny).
Every Ethernet device has a unique MAC (Media Access Control) address. The MAC
address is assigned at the factory and consists of six pairs of hexadecimal
characters, for example, 00:A0:C5:00:00:02. You need to know the MAC address
of the devices to configure this screen.
Chapter 14 Wireless LAN
To change your NBG4615’s MAC filter settings, click Network > Wireless LAN >
MAC Filter. The screen appears as shown.
Figure 79 Network > Wireless LAN > MAC Filter
The following table describes the labels in this menu.
Table 46 Network > Wireless LAN > MAC Filter
LABEL DESCRIPTION
Access Policy
SSID Select the SSID for which you want to configure MAC filtering.
NBG4615 User’s Guide
139
Chapter 14 Wireless LAN
Table 46 Network > Wireless LAN > MAC Filter (continued)
LABEL DESCRIPTION
Policy Define the filter action for the list of MAC addresses in the MAC Address
Add a
station Mac
Address
MAC Filter Summary
Delete Click the delete icon to remove the MAC address from the list.
MAC
Address
Apply Click Apply to save your changes back to the NBG4615.
Cancel Click Cancel to reload the previous configuration for this screen.
table.
Select Disable to deactivate the MAC filtering rule you configure below.
Select Allow to permit access to the NBG4615, MAC addresses not listed
will be denied access to the NBG4615.
Select Reject to block access to the NBG4615, MAC addresses not listed
will be allowed to access the NBG4615
Enter the MAC addresses of the wireless station that are allowed or denied
access to the NBG4615 in these address fields. Enter the MAC addresses in
a valid MAC address format, that is, six hexadecimal character pairs, for
example, 12:34:56:78:9a:bc. Click Add.
This is the MAC address of the wireless station that are allowed or denied
access to the NBG4615.
14.5 Wireless LAN Advanced Screen
Use this screen to allow wireless advanced features, such as the output power,
RTS/CTS Threshold and high-throughput physical mode settings.
Click Network > Wireless LAN > Advanced. The screen appears as shown.
Figure 80 Network > Wireless LAN > Advanced
140
NBG4615 User’s Guide
Chapter 14 Wireless LAN
The following table describes the labels in this screen.
Table 47 Network > Wireless LAN > Advanced
LABEL DESCRIPTION
RTS/CTS
Threshold
Fragmentation
Threshold
Output Power Set the output power of the NBG4615 in this field. If there is a high
HT (High Throughput) Physical Mode - Use the fields below to configure the 802.11
wireless environment of your NBG4615.
Operating
Mode
Data with its frame size larger than this value will perform the RTS
(Request To Send)/CTS (Clear To Send) handshake.
Enter a value between 256 and 2432.
The threshold (number of bytes) for the fragmentation boundary for
directed messages. It is the maximum data fragment size that can be
sent. Enter an even number between 256 and 2346.
density of APs in an area, decrease the output power of the NBG4615 to
reduce interference with other APs. Select one of the following 100%,
90%, 75%, 50%, 25% or 10%. See the product specifications for
more information on your NBG4615’s output power.
Choose this according to the wireless mode(s) used in your network.
Mixed - Select this if the wireless clients in your network use different
wireless modes (for example, IEEE 802.11b/g and IEEE 802.1n modes)
Green - Select this if the wireless clients in your network uses only one
type of wireless mode (for example, IEEEE 802.11 n only)
Channel
Bandwidth
Guard Interval Select Auto to increase data throughput. However, this may make data
Extension
Channel
Apply Click Apply to save your changes back to the NBG4615.
Cancel Click Cancel to reload the previous configuration for this screen.
Select the channel bandwidth you want to use for your wireless network.
It is recommended that you select 20/40 (20/40 MHz).
Select 20 MHz if you want to lessen radio interference with other
wireless devices in your neighborhood.
transfer more prone to errors.
Select Long to prioritize data integrity. This may be because your
wireless network is busy and congested or the NBG4615 is located in an
environment prone to radio interference.
This is set to Auto by default.
If you select 20/40 as your Channel Bandwidth, the extension
channel enables the NBG4615 to get higher data throughput. This also
lowers radio interference and traffic.
14.6 Quality of Service (QoS) Screen
The QoS screen allows you to automatically give a service (such as VoIP and
video) a priority level.
NBG4615 User’s Guide
141
Chapter 14 Wireless LAN
Click Network > Wireless LAN > QoS. The following screen appears.
Figure 81 Network > Wireless LAN > QoS
The following table describes the labels in this screen.
Table 48 Network > Wireless LAN > QoS
LABEL DESCRIPTION
Enable WMM QoS Check this to have the NBG4615 automatically give a service a
Apply Click Apply to save your changes to the NBG4615.
Cancel Click Cancel to reload the previous configuration for this screen.
priority level according to the ToS value in the IP header of packets
it sends. WMM QoS (Wifi MultiMedia Quality of Service) gives high
priority to voice and video, which makes them run more smoothly.
14.7 WPS Screen
Use this screen to enable/disable WPS, view or generate a new PIN number and
check current WPS status. To open this screen, click Network > Wireless LAN >
WPS tab.
Note: With WPS, wireless clients can only connect to the wireless network using the
first SSID on the NBG4615.
Figure 82 Network > Wireless LAN > WPS
142
NBG4615 User’s Guide
Chapter 14 Wireless LAN
The following table describes the labels in this screen.
Table 49 Network > Wireless LAN > WPS
LABEL DESCRIPTION
WPS Setup
Enable WPS Select this to enable the WPS feature.
PIN Number This displays a PIN number last time system generated. Click Generate
to generate a new PIN number.
Status
Status This displays Configured when the NBG4615 has connected to a
wireless network using WPS or when Enable WPS is selected and
wireless or wireless security settings have been changed. The current
wireless and wireless security settings also appear in the screen.
This displays Unconfigured if WPS is disabled and there are no
wireless or wireless security changes on the NBG4615 or you click
Release_Configuration to remove the configured wireless and
wireless security settings.
Release
Configuration
802.11 Mode This is the 802.11 mode used. Only compliant WLAN devices can
SSID This is the name of the wireless network (the NBG4615’s first SSID).
Security This is the type of wireless security employed by the network.
Apply Click Apply to save your changes back to the NBG4615.
Cancel Click Cancel to reload the previous configuration for this screen.
This button is only available when the WPS status displays Configured.
Click this button to remove all configured wireless and wireless security
settings for WPS connections on the NBG4615.
associate with the NBG4615.
14.8 WPS Station Screen
Use this screen when you want to add a wireless station using WPS. To open this
screen, click Network > Wireless LAN > WPS Station tab.
NBG4615 User’s Guide
143
Chapter 14 Wireless LAN
Note: After you click Push Button on this screen, you have to press a similar button
in the wireless station utility within 2 minutes. To add the second wireless
station, you have to press these buttons on both device and the wireless station
again after the first 2 minutes.
Figure 83 Network > Wireless LAN > WPS Station
The following table describes the labels in this screen.
Table 50 Network > Wireless LAN > WPS Station
LABEL DESCRIPTION
Push Button Use this button when you use the PBC (Push Button Configuration)
method to configure wireless stations’s wireless settings. See Section
4.3.1 on page 32.
Click this to start WPS-aware wireless station scanning and the wireless
security information synchronization.
Or input
station’s PIN
number
Use this button when you use the PIN Configuration method to
configure wireless station’s wireless settings. See Section 4.3.2 on page
33.
Type the same PIN number generated in the wireless station’s utility.
Then click Start to associate to each other and perform the wireless
security information synchronization.
14.9 Scheduling Screen
Use this screen to set the times your wireless LAN is turned on and off. Wireless
LAN scheduling is disabled by default. The wireless LAN can be scheduled to turn
144
NBG4615 User’s Guide
Chapter 14 Wireless LAN
on or off on certain days and at certain times. To open this screen, click Network
> Wireless LAN > Scheduling tab.
Figure 84 Network > Wireless LAN > Scheduling
The following table describes the labels in this screen.
Table 51 Network > Wireless LAN > Scheduling
LABEL DESCRIPTION
Wireless LAN Scheduling
Enable Wireless
LAN Scheduling
Scheduling
WLAN Status Select On or Off to specify whether the Wireless LAN is turned on or off.
Day Select Everyday or the specific days to turn the Wireless LAN on or off.
For the
following times
(24-Hour
Format)
Apply Click Apply to save your changes back to the NBG4615.
Cancel Click Cancel to reload the previous configuration for this screen.
Select this to enable Wireless LAN scheduling.
This field works in conjunction with the Day and For the following
times fields.
If you select Everyday you can not select any specific days. This field
works in conjunction with the For the following times field.
Select a begin time using the first set of hour and minute (min) drop
down boxes and select an end time using the second set of hour and
minute (min) drop down boxes. If you have chosen On earlier for the
WLAN Status the Wireless LAN will turn on between the two times you
enter in these fields. If you have chosen Off earlier for the WLAN Status
the Wireless LAN will turn off between the two times you enter in these
fields.
NBG4615 User’s Guide
145
Chapter 14 Wireless LAN
14.10 WDS Screen
A Wireless Distribution System (WDS) is a wireless connection between two or
more APs. Use this screen to set the operating mode of your NBG4615 to AP +
Bridge or Bridge and establish wireless links with other APs. You need to know
the MAC address of the peer device, which also must be in bridge mode.
Note: You must enable the same wireless security settings on the NBG4615 and on
all wireless clients that you want to associate with it.
Click Network > Wir eless LAN > WDS tab. The foll owing screen opens with the
Basic Setting set to Disabled, and Security Mode set to No Security.
Figure 85 Network > Wireless LAN > WDS
146
The following table describes the labels in this screen.
Table 52 Network > Wireless LAN > WDS
LABEL DESCRIPTION
WDS Setup
Basic Settings Select the operating mode for your NBG4615.
• Disable - The NBG4615 works as an access point only and cannot
establish wireless links with other APs.
The NBG4615 functions as a bridge and access point
Local MAC
Address
• AP + Bridge -
simultaneously.
• Bridge - The NBG4615 acts as a wireless network bridge and
establishes wireless links with other APs.
You need to know the MAC address of the peer device, which also must
be in bridge mode. The NBG4615 can establish up to five wireless links
with other APs.
This is the MAC address of your NBG4615.
NBG4615 User’s Guide
Chapter 14 Wireless LAN
Table 52 Network > Wireless LAN > WDS (continued)
LABEL DESCRIPTION
Phy Mode Select the Phy mode you want the NBG4615 to use. This dictates the
maximum size of packets during data transmission.
This field is not available when you select Disable in the Basic Setting
field.
Remote MAC
Address
Security
EncrypType Select whether to use WEP, TKIP or AES encryption for your WDS
EncrypKey The Encryp Key is used to encrypt data. Peers must use the same key
Apply Click Apply to save your changes to NBG4615.
Cancel Click Cancel to reload the previous configuration for this screen.
This is the MAC address of the peer device that your NBG4615 wants to
make a bridge connection with.
You can connect to up to 4 peer devices.
connection in this field.
Otherwise, select No Security.
for data transmission.
NBG4615 User’s Guide
147
Chapter 14 Wireless LAN
148
NBG4615 User’s Guide
CHAPTER 15
IPv6
15.1 Overview
IPv6 (Internet Protocol version 6), is designed to enhance IP address size and
features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4
address) allows up to 3.4 x 1038 IP addresses.
• See Appendix G on page 325 for more information on IPv6.
15.1.1 What You Need to Know
IPv6 Addressing
The 128-bit IPv6 address is written as eight 16-bit hexadecimal blocks separated
by colons (:). This is an example IPv6 address
2001:0db8:1a2b:0015:0000:0000:1a2f:0000.
IPv6 addresses can be abbreviated in two ways:
• Leading zeros in a block can be omitted. So
2001:0db8:1a2b:0015:0000:0000:1a2f:0000 can be written as
2001:db8:1a2b:15:0:0:1a2f:0.
• Any number of consecutive blocks of zeros can b e replaced by a do uble colon. A
double colon can only appear once in an IPv6 address. So
2001:0db8:0000:0000:1a2f:0000:0000:0015 can be written as
2001:0db8::1a2f:0000:0000:0015, 2001:0db8:0000:0000:1a2f::0015,
2001:db8::1a2f:0:0:15 or 2001:db8:0:0:1a2f::15.
IPv6 Prefix and Prefix Length
Similar to an IPv4 subnet mask, IPv6 uses an address prefix to represent the
network address. An IPv6 prefix length specifies how many most significant bits
(start from the left) in the address compose the network address. The prefix
length is written as “/x” where x is a number. For example,
2001:db8:1a2b:15::1a2f:0/32
means that the first 32 bits (2001:db8) is the subnet prefix.
NBG4615 User’s Guide
149
Chapter 15 IPv6
15.2 The IPv6 Screen
Click Network > IPv6 to open the IPv6 screen. Use this screen to configure the
IPv6 settings for your NBG4615.
Figure 86 Network > IPv6
150
The following table describes the fields in this screen.
Table 53 Network > IPv6
LABEL DESCRIPTION
IPv6 Connection Type Setup
IPv6 Connection
Type
WAN IPv6 Address Setup
IPv6 Address Enter the static IPv6 address provided by your ISP using colon (:)
Subnet Prefix
Length
Gateway IP
Address
Select the IPv6 connection type:
• Ethernet: Select this if your ISP provides you a static IPv6
address. You need to enter the IPv6 information below according
to what your ISP provided.
• Link-local only: Use this connection mode for the NBG4615 to
communicate with other IPv6 devices on the LAN side. You do not
need to configure the settings below if you choose this mode.
hexadecimal notation.
Enter the bit number of the IPv6 subnet mask provided by your ISP.
Enter the IPv6 address of the default outgoing gateway using a colon
(:) hexadecimal notation.
NBG4615 User’s Guide
Chapter 15 IPv6
Table 53 Network > IPv6 (continued)
LABEL DESCRIPTION
First DNS Server Enter the primary DNS server's IP address in this field.
Second DNS
Server
LAN IPv6 Address Setup
LAN IPv6 address Enter a valid IPv6 address for the LAN using colon (:) hexadecimal
LAN IPv6 Link-local
Address
Address Autoconfiguration Setup
Enable Stateless
Address
Autoconfiguration
Router
Advertisement
Lifetime
Apply Click Apply to save your changes back to the NBG4615.
Cancel Click Cancel to reload the previous configuration for this screen.
Enter the secondary DNS server's IP address in this field.
notation.
This shows the IPv6 link-local address that the NBG4615 generates
automatically.
Select the checkbox to enable Stateless Address Autoconfiguration
on the NBG4615.
If this function is enabled, IP addresses are not generated by a DHCP
server. They are formed by combining network prefixes with an
interface identifier, which are derived from embedded IEEE
Identifiers.
Specify the lifetime of the router advertisement.
Router advertisement is a response to a router solicitation or a
periodical multicast advertisement from a router to advertise its
presence and other parameters, such as IPv6 prefix and DNS
information.
NBG4615 User’s Guide
151
Chapter 15 IPv6
152
NBG4615 User’s Guide
CHAPTER 16
WAN
16.1 Overview
This chapter discusses the NBG4615’s WAN screens. Use these screens to
configure your NBG4615 for Internet access.
A WAN (Wide Area Network) connection is an outside connection to another
network or the Internet. It connects your private networks such as a LAN (Local
Area Network) and other networks, so that a computer in one location can
communicate with computers in other locations.
Figure 87 LAN and WAN
16.2 What You Can Do
•Use the Internet Connection screen to enter your ISP information and set
how the computer acquires its IP, DNS and WAN MAC addresses (Section 16.4
on page 156).
•Use the Advanced screen to enable multicasting, configure Windows
networking and bridge (Section 16.5 on page 166).
•Use IGMP Snooping screen to enable IGMP snooping in the LAN ports (Section
16.6 on page 167).
NBG4615 User’s Guide
153
Chapter 16 WAN
16.3 What You Need To Know
The information in this section can help you configure the screens for your WAN
connection, as well as enable/disable some advanced features of your NBG4615.
16.3.1 Configuring Your Internet Connection
Encapsulation Method
Encapsulation is used to include data from an upper layer protocol into a lower
layer protocol. To set up a WAN connection to the Internet, you need to use the
same encapsulation method used by your ISP (Internet Service Provider). If your
ISP offers a dial-up Internet connection using PPPoE (PPP over Ethernet) or PPTP
(Point-to-Point Tunneling Protocol), they should also provide a username and
password (and service name) for user authentication.
WAN IP Address
The WAN IP address is an IP address for the NBG4615, which makes it accessible
from an outside network. It is used by the NBG4615 to communicate with other
devices in other networks. It can be static (fixed) or dynamically assigned by the
ISP each time the NBG4615 tries to access the Internet.
If your ISP assigns you a static WAN IP address, they should also assign you the
subnet mask and DNS server IP address(es) (and a gateway IP add ress if you use
the Ethernet or ENET ENCAP encapsulation method).
DNS Server Address Assignment
Use Domain Name System (DNS) to map a domain name to its corresponding IP
address and vice versa, for instance, the IP address of www.zyxel.com is
204.217.0.2. The DNS server is extremely important because without it, you must
know the IP address of a computer before you can access it.
The NBG4615 can get the DNS server addresses in the following ways.
1 The ISP tell s you the DNS server addresses, usually in the form of an information
sheet, when you sign up. If your ISP gives you DNS server addresses, manually
enter them in the DNS server fields.
154
2 If your ISP dynamically assigns the DNS server IP addresses (along with the
NBG4615’s WAN IP address), set the DNS server fields to get the DNS server
address from the ISP.
NBG4615 User’s Guide
WAN MAC Address
The MAC address screen allows users to configure the WAN port's MAC address by
either using the factory default or cloning the MAC address from a computer on
your LAN. Choose Factory Default to select the factory assigned default MAC
Address.
Otherwise, click Clone the computer's MAC address - IP Address and enter
the IP address of the computer on the LAN whose MAC you are cloning. Once it is
successfully configured, the address will be copied to configuration file. It is
recommended that you clone the MAC address prior to hooking up the WAN Port.
16.3.2 Multicast
Traditionally, IP packets are transmitted in one of either two ways - Unicast (1
sender - 1 recipient) or Broadcast (1 sender - everybody on the network).
Multicast delivers IP packets to a group of hosts on the network - not everybody
and not just 1.
Chapter 16 WAN
Figure 88 Multicast Example
In the multicast example above, systems A and D comprise one multicast group.
In multicasting, the server only needs to send one data stream and this is
delivered to systems A and D.
IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to
establish membership in a multicast group - it is not used to carry user data. The
NBG4615 supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP-
v2).
At start up, the NBG4615 queries all directly connected networks to gather group
membership. After that, the NBG4615 periodically updates this information. IP
multicasting can be enabled/disabled on the NBG4615 LAN and/or W AN interfaces
NBG4615 User’s Guide
155
Chapter 16 WAN
in the Web Configurator (LAN; WAN). Select None to disable IP multicasting on
these interfaces.
16.4 Internet Connection
Use this screen to change your NBG4615’s Internet access settings. Click WAN
from the Configuration menu. The screen differs according to the encapsulation
you choose.
16.4.1 Ethernet Encapsulation
This screen displays when you select Ethernet encapsulation.
Figure 89 Network > WAN > Internet Connection: Ethernet Encapsulation
156
NBG4615 User’s Guide
Chapter 16 WAN
The following table describes the labels in this screen.
Table 54 Network > WAN > Internet Connection: Ethernet Encapsulation
LABEL DESCRIPTION
ISP Parameters for Internet Access
Encapsulation You must choose the Ethernet option when the WAN port is used as a
regular Ethernet.
WAN IP Address Assignment
Get
automatically
from ISP
(Default)
Bigpond Select Enable if you subscribe to Internet service from BigPond in
Server Type the IP address of the BigPond server.
User Name Type the user name given to you by your ISP. You can use
Password Type the password associated with the user name above. Use up to 64
Retype to
Confirm
Use Fixed IP
Address
IP Address Enter your WAN IP address in this field if you selected Use Fixed IP
IP Subnet
Mask
Gateway IP
Address
WAN DNS Assignment
First DNS Server
Second DNS
Server
Select this option If your ISP did not assign y ou a fixed IP address. This
is the default selection.
Australia. Then configure the fields below with the information
provided.
alphanumeric and -_@$./ characters, and it can be up to 31 characters
long.
ASCII characters except [, ] and ?. This field can be blank.
Type your password again for confirmation.
Select this option If the ISP assigned a fixed IP address.
Address.
Enter the IP Subnet Mask in this field.
Enter a Gateway IP Address (if your ISP gave you one) in this field.
Select From ISP if your ISP dynamically assigns DNS server
information (and the NBG4615's WAN IP address). The field to the right
displays the (read-only) DNS server IP address that the ISP assigns.
Select User-Defined if you have the IP address of a DNS server. Enter
the DNS server's IP address in the field to the right. If you chose User-
Defined, but leave the IP address set to 0.0.0.0, User-Defined
changes to None after you click Apply. If you set a second choice to
User-Defined, and enter the same IP address, the second UserDefined changes to None after you click Apply.
WAN MAC
Address
NBG4615 User’s Guide
Select None if you do not want to configure DNS servers. If you do not
configure a DNS server, you must know the IP address of a computer in
order to access it.
The MAC address section allows users to configure the WAN port's MAC
address by either using the NBG4615’s MAC address, copying the MAC
address from a computer on your LAN or manually entering a MAC
address.
157
Chapter 16 WAN
T able 54 Network > WAN > Internet Connection: Ethernet Encapsulation (continued)
LABEL DESCRIPTION
Factory default Select Factory default to use the factory assigned default MAC
Address.
Clone the
computer’s MAC
address - IP
Address
Set WAN MAC
Address
Apply Click Apply to save your changes back to the NBG4615.
Cancel Click Cancel to begin configuring this screen afresh.
Select Clone the computer's MAC address - IP Address and enter
the IP address of the computer on the LAN whose MAC you are cloning.
Select this option and enter the MAC address you want to use.
16.4.2 PPPoE Encapsulation
The NBG4615 supports PPPoE (Point -to-Point Protocol over Ethernet). PPPoE is an
IETF standard (RFC 2516) specifying how a personal computer (PC) inter acts with
a broadband modem (DSL, cable, wireless, etc.) connection. The PPP over
Ethernet option is for a dial-up connection using PPPoE.
For the service provider, PPPoE offers an access and authentication method that
works with existing access control systems (for example Radius).
One of the benefits of PPPoE is the ability to let you access one of multiple network
services, a function known as dynamic servic e selection. This enables the service
provider to easily create and offer new IP services for individuals.
Operationally, PPPoE saves significant effort for both y ou and the ISP or carri er, as
it requires no specific configuration of the broadband modem at the customer site .
By implementing PPPoE directly on the NBG4615 (rather than individual
computers), the computers on the LAN do not need PPPoE software installed,
since the NBG4615 does that part of the task. Furthermore, with NAT, all of the
LANs’ computers will have access.
158
NBG4615 User’s Guide
Loading...