ZyXEL NBG4615 User Manual
14
Wireless LAN
14.1 Overview
This chapter discusses how to configure the wireless network settings in your NBG4615. See the appendices for more detailed information about wireless networks.
The following figure provides an example of a wireless network.
Figure 74 Example of a Wireless Network
The wireless network is the part in the blue circle. In this wireless network, devices A and B are called wireless clients. The wireless clients use the access point (AP) to interact with other devices (such as the printer) or with the Internet. Your NBG4615 is the AP.
|
129 |
NBG4615 User’s Guide |
|
|
|
Chapter 14 Wireless LAN
14.1.1What You Can Do
•Use the General screen to enter the SSID, enable intra-BSS traffic and select the channel. (Section 14.2 on page 133).
•Use the Security screen to configure wireless security between the NBG4615 and the wireless clients.
•Use the MAC Filter screen to allow or deny wireless stations based on their MAC addresses from connecting to the NBG4615 (Section 14.4 on page 139).
•Use the Advanced screen to allow intra-BSS networking and set the RTS/CTS Threshold (Section 14.5 on page 140).
•Use the QoS screen to ensure Quality of Service (QoS) in your wireless network (Section 14.6 on page 141).
•Use the WPS screen to quickly set up a wireless network with strong security, without having to configure security settings manually (Section 14.7 on page 142).
•Use the WPS Station screen to add a wireless station using WPS (Section 14.8 on page 143).
•Use the Scheduling screen to set the times your wireless LAN is turned on and off (Section 14.9 on page 144).
•Use the WDS screen to configure Wireless Distribution System on your NBG4615 (Section 14.10 on page 146).
14.1.2What You Should Know
Every wireless network must follow these basic guidelines.
•Every wireless client in the same wireless network must use the same SSID. The SSID is the name of the wireless network. It stands for Service Set IDentity.
•If two wireless networks overlap, they should use different channels.
Like radio stations or television channels, each wireless network uses a specific channel, or frequency, to send and receive information.
•Every wireless client in the same wireless network must use security compatible with the AP.
Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network.
Wireless Security Overview
The following sections introduce different types of wireless security you can set up in the wireless network.
130 |
|
|
NBG4615 User’s Guide |
|
|
|
|
|
Chapter 14 Wireless LAN
SSID
Normally, the AP acts like a beacon and regularly broadcasts the SSID in the area. You can hide the SSID instead, in which case the AP does not broadcast the SSID. In addition, you should change the default SSID to something that is difficult to guess.
This type of security is fairly weak, however, because there are ways for unauthorized devices to get the SSID. In addition, unauthorized devices can still see the information that is sent in the wireless network.
MAC Address Filter
Every wireless client has a unique identification number, called a MAC address.1 A MAC address is usually written using twelve hexadecimal characters2; for example, 00A0C5000002 or 00:A0:C5:00:00:02. To get the MAC address for each wireless client, see the appropriate User’s Guide or other documentation.
You can use the MAC address filter to tell the AP which wireless clients are allowed or not allowed to use the wireless network. If a wireless client is allowed to use the wireless network, it still has to have the correct settings (SSID, channel, and security). If a wireless client is not allowed to use the wireless network, it does not matter if it has the correct settings.
This type of security does not protect the information that is sent in the wireless network. Furthermore, there are ways for unauthorized devices to get the MAC address of an authorized wireless client. Then, they can use that MAC address to use the wireless network.
User Authentication
You can make every user log in to the wireless network before they can use it. This is called user authentication. However, every wireless client in the wireless network has to support IEEE 802.1x to do this.
For wireless networks, there are two typical places to store the user names and passwords for each user.
•In the AP: this feature is called a local user database or a local database.
•In a RADIUS server: this is a server used in businesses more than in homes.
If your AP does not provide a local user database and if you do not have a RADIUS server, you cannot set up user names and passwords for your users.
1.Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks. These kinds of wireless devices might not have MAC addresses.
2.Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F.
|
131 |
NBG4615 User’s Guide |
|
|
|
Chapter 14 Wireless LAN
Unauthorized devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network. Furthermore, there are ways for unauthorized wireless users to get a valid user name and password. Then, they can use that user name and password to use the wireless network.
Local user databases also have an additional limitation that is explained in the next section.
Encryption
Wireless networks can use encryption to protect the information that is sent in the wireless network. Encryption is like a secret code. If you do not know the secret code, you cannot understand the message.
The types of encryption you can choose depend on the type of user authentication. (See page 131 for information about this.)
Table 41 Types of Encryption for Each Type of Authentication
|
|
NO AUTHENTICATION |
RADIUS SERVER |
Weakest |
No Security |
WPA |
|
|
|
|
|
|
|
Static WEP |
|
|
|
|
|
|
|
WPA-PSK |
|
|
|
|
|
|
|
|
|
Strongest |
WPA2-PSK |
WPA2 |
|
|
|
|
|
For example, if the wireless network has a RADIUS server, you can choose WPA or WPA2. If users do not log in to the wireless network, you can choose no encryption, Static WEP, WPA-PSK, or WPA2-PSK.
Usually, you should set up the strongest encryption that every wireless client in the wireless network supports. For example, suppose the AP does not have a local user database, and you do not have a RADIUS server. Therefore, there is no user authentication. Suppose the wireless network has two wireless clients. Device A only supports WEP, and device B supports WEP and WPA. Therefore, you should set up Static WEP in the wireless network.
Note: It is recommended that wireless networks use WPA-PSK, WPA, or stronger encryption. IEEE 802.1x and WEP encryption are better than none at all, but it is still possible for unauthorized devices to figure out the original information pretty quickly.
Note: It is not possible to use WPA-PSK, WPA or stronger encryption with a local user database. In this case, it is better to set up stronger encryption with no authentication than to set up weaker encryption with the local user database.
When you select WPA2 or WPA2-PSK in your NBG4615, you can also select an option (WPA Compatible) to support WPA as well. In this case, if some wireless clients support WPA and some support WPA2, you should set up WPA2-PSK or
132 |
|
|
NBG4615 User’s Guide |
|
|
|
|
|
Chapter 14 Wireless LAN
WPA2 (depending on the type of wireless network login) and select the WPA Compatible option in the NBG4615.
Many types of encryption use a key to protect the information in the wireless network. The longer the key, the stronger the encryption. Every wireless client in the wireless network must have the same key.
WPS
WiFi Protected Setup (WPS) is an industry standard specification, defined by the WiFi Alliance. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually. Depending on the devices in your network, you can either press a button (on the device itself, or in its configuration utility) or enter a PIN (Personal Identification Number) in the devices. Then, they connect and set up a secure network by themselves. See how to set up a secure wireless network using WPS in the Section 13.2 on page 111.
WDS
Wireless Distribution System or WDS security is used between bridged APs. It is independent of the security between the wired networks and their respective APs. If you do not enable WDS security, traffic between APs is not encrypted. When WDS security is enabled, both APs must use the same pre-shared key.
14.2 General Wireless LAN Screen
Use this screen to configure the SSIDs of the wireless LAN.
Note: If you are configuring the NBG4615 from a computer connected to the wireless LAN and you change the NBG4615’s SSID, channel or security settings, you will lose your wireless connection when you press Apply to confirm. You must then change the wireless settings of your computer to match the NBG4615’s new settings.
|
133 |
NBG4615 User’s Guide |
|
|
|
Chapter 14 Wireless LAN
Click Network > Wireless LAN to open the General screen.
Figure 75 Network > Wireless LAN > General
The following table describes the general wireless LAN labels in this screen.
Table 42 Network > Wireless LAN > General
LABEL |
DESCRIPTION |
|
Wireless LAN |
This shows whether the wireless LAN is ON or OFF. You can enable or |
|
|
disable the wireless LAN by using the WLAN switch located on the back |
|
|
panel of the NBG4615. |
|
|
|
|
Network |
The SSID (Service Set IDentity) identifies the Service Set with which a |
|
Name(SSID) |
wireless client is associated. Enter a descriptive name (up to 32 printable |
|
or |
characters found on a typical English language keyboard) for the wireless |
|
LAN. |
||
|
||
Name(SSID1 |
You can configure up to four SSIDs to enable multiple BSSs (Basic Service |
|
~3) |
Sets) on the NBG4615. This allows you to use one access point to provide |
|
|
||
|
several BSSs simultaneously. You can then assign varying security types |
|
|
to different SSIDs. Wireless clients can use different SSIDs to associate |
|
|
with the same access point. |
|
|
|
|
Hide SSID |
Select this check box to hide the SSID in the outgoing beacon frame so a |
|
|
station cannot obtain the SSID through scanning using a site survey tool. |
|
|
|
|
Enable Intra- |
A Basic Service Set (BSS) exists when all communications between |
|
BSS Traffic |
wireless clients or between a wireless client and a wired network client go |
|
|
through one access point (AP). |
|
|
Intra-BSS traffic is traffic between wireless clients in the BSS. When Intra- |
|
|
BSS is enabled, wireless clients can access the wired network and |
|
|
communicate with each other. When Intra-BSS is disabled, wireless clients |
|
|
can still access the wired network but cannot communicate with each |
|
|
other. |
|
|
|
134 |
|
|
NBG4615 User’s Guide |
|
|
|
|
|
|
|
Chapter 14 Wireless LAN |
|
|
|
|
|
|
Table 42 Network > Wireless LAN > General (continued) |
||
|
LABEL |
DESCRIPTION |
|
|
Channel |
Set the operating frequency/channel depending on your particular region. |
|
|
Selection |
Select a channel from the drop-down list box. The options vary depending |
|
|
|
|
|
|
|
on the frequency band and the country you are in. |
|
|
|
Refer to the Connection Wizard chapter for more information on channels. |
|
|
|
This option is only available if Auto Channel Selection is disabled. |
|
|
|
|
|
|
Auto Channel |
Select this check box for the NBG4615 to automatically choose the |
|
|
Selection |
channel with the least interference. Deselect this check box if you wish to |
|
|
|
manually select the channel using the Channel Section field. |
|
|
|
|
|
|
Operating |
This displays the channel the NBG4615 is currently using. |
|
|
Channel |
|
|
|
|
|
|
|
Communicati |
Select the check box to allow communication between wireless clients of |
|
|
on between |
different SSIDs. Do not select the check box if you do not want to enable |
|
|
wireless |
this function. |
|
|
clients with |
|
|
|
different |
|
|
|
SSIDs |
|
|
|
|
|
|
|
Apply |
Click Apply to save your changes back to the NBG4615. |
|
|
|
|
|
|
Cancel |
Click Cancel to reload the previous configuration for this screen. |
|
|
|
|
|
See the rest of this chapter for information on the other labels in this screen.
14.3 Wireless Security Screen
Use this screen to select the wireless security mode for each SSID. Click Network > Wireless LAN > Security to open the Security screen. The screen varies depending on what you select in the Security Mode field.
14.3.1 No Security
Select No Security to allow wireless clients to communicate with the access points without any data encryption.
|
135 |
NBG4615 User’s Guide |
|
|
|
Chapter 14 Wireless LAN
Note: If you do not enable any wireless security on your NBG4615, your network is accessible to any wireless networking device that is within range.
Figure 76 Network > Wireless LAN > Security: No Security
The following table describes the labels in this screen.
Table 43 Network > Wireless LAN > Security: No Security
LABEL |
DESCRIPTION |
SSID |
Select the SSID for which you want to configure the security. |
|
|
Security |
Choose No Security from the drop-down list box. |
Mode |
|
|
|
Apply |
Click Apply to save your changes back to the NBG4615. |
|
|
Cancel |
Click Cancel to reload the previous configuration for this screen. |
|
|
14.3.2 WEP Encryption
WEP encryption scrambles the data transmitted between the wireless stations and the access points to keep network communications private. It encrypts unicast and multicast communications in a network. Both the wireless stations and the access points must use the same WEP key.
Your NBG4615 allows you to configure up to four 64-bit or 128-bit WEP keys but only one key can be enabled at any one time.
136 |
|
|
NBG4615 User’s Guide |
|
|
|
|
|
Chapter 14 Wireless LAN
Select Static WEP from the Security Mode list.
Figure 77 Network > Wireless LAN > Security: Static WEP
The following table describes the wireless LAN security labels in this screen.
Table 44 Network > Wireless LAN > Security: Static WEP
LABEL |
DESCRIPTION |
SSID |
Select the SSID for which you want to configure the security. |
|
|
Security Mode |
Select Static WEP to enable data encryption. |
|
|
PassPhrase |
Enter a Passphrase (up to 26 printable characters) and click Generate. |
|
A passphrase functions like a password. In WEP security mode, it is |
|
further converted by the NBG4615 into a complicated string that is |
|
referred to as the “key”. This key is requested from all devices wishing to |
|
connect to a wireless network. |
|
|
WEP |
Select 64-bits or 128-bits. |
Encryption |
This dictates the length of the security key that the network is going to |
|
|
|
use. |
|
|
Authentication |
Select Auto or Shared Key from the drop-down list box. |
Method |
This field specifies whether the wireless clients have to provide the WEP |
|
|
|
key to login to the wireless client. Keep this setting at Auto unless you |
|
want to force a key verification before communication between the |
|
wireless client and the NBG4615 occurs. |
|
Select Shared Key to force the clients to provide the WEP key prior to |
|
communication. |
|
|
ASCII |
Select this option in order to enter ASCII characters as WEP key. |
|
|
|
137 |
NBG4615 User’s Guide |
|
|
|
Chapter 14 Wireless LAN
Table 44 Network > Wireless LAN > Security: Static WEP (continued)
LABEL |
DESCRIPTION |
Hex |
Select this option in order to enter hexadecimal characters as a WEP key. |
|
The preceding "0x", that identifies a hexadecimal key, is entered |
|
automatically. |
|
|
Key 1 to Key 4 |
The WEP keys are used to encrypt data. Both the NBG4615 and the |
|
wireless stations must use the same WEP key for data transmission. |
|
If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 |
|
hexadecimal characters ("0-9", "A-F"). |
|
If you chose 128-bit WEP, then enter 13 ASCII characters or 26 |
|
hexadecimal characters ("0-9", "A-F"). |
|
You must configure at least one key, only one key can be activated at |
|
any one time. The default key is key 1. |
|
|
Apply |
Click Apply to save your changes back to the NBG4615. |
|
|
Cancel |
Click Cancel to reload the previous configuration for this screen. |
|
|
14.3.3 WPA-PSK/WPA2-PSK
Select WPA-PSK or WPA2-PSK from the Security Mode list.
Figure 78 Network > Wireless LAN > Security: WPA-PSK/WPA2-PSK
The following table describes the labels in this screen.
Table 45 Network > Wireless LAN > Security: WPA-PSK/WPA2-PSK
LABEL |
DESCRIPTION |
SSID |
Select the SSID for which you want to configure the security. |
|
|
Security Mode |
Select WPA-PSK or WPA2-PSK to enable data encryption. |
|
|
WPA |
This field appears when you choose WPA2-PSK as the Security Mode. |
Compatible |
Check this field to allow wireless devices using WPA-PSK security |
|
|
|
mode to connect to your NBG4615. |
|
|
138 |
|
|
NBG4615 User’s Guide |
|
|
|
|
|
|
|
Chapter 14 Wireless LAN |
|
|
|
|
|
|
Table 45 Network > Wireless LAN > Security: WPA-PSK/WPA2-PSK (continued) |
||
|
LABEL |
DESCRIPTION |
|
|
Pre-Shared Key |
WPA-PSK/WPA2-PSK uses a simple common password for |
|
|
|
authentication. |
|
|
|
Type a pre-shared key from 8 to 63 case-sensitive keyboard characters. |
|
|
|
|
|
|
Group Key |
The Group Key Update Timer is the rate at which the AP sends a new |
|
|
Update Timer |
group key out to all clients. |
|
|
|
The default is 3600 seconds (60 minutes). |
|
|
|
|
|
|
Apply |
Click Apply to save your changes back to the NBG4615. |
|
|
|
|
|
|
Cancel |
Click Cancel to reload the previous configuration for this screen. |
|
|
|
|
|
14.4 MAC Filter
The MAC filter screen allows you to configure the NBG4615 to give exclusive access to devices (Allow) or exclude devices from accessing the NBG4615 (Deny). Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. You need to know the MAC address of the devices to configure this screen.
To change your NBG4615’s MAC filter settings, click Network > Wireless LAN > MAC Filter. The screen appears as shown.
Figure 79 Network > Wireless LAN > MAC Filter
The following table describes the labels in this menu.
Table 46 Network > Wireless LAN > MAC Filter
LABEL DESCRIPTION
Access Policy
SSID |
Select the SSID for which you want to configure MAC filtering. |
|
|
|
139 |
NBG4615 User’s Guide |
|
|
|
Chapter 14 Wireless LAN
Table 46 Network > Wireless LAN > MAC Filter (continued)
LABEL |
DESCRIPTION |
Policy |
Define the filter action for the list of MAC addresses in the MAC Address |
|
table. |
|
Select Disable to deactivate the MAC filtering rule you configure below. |
|
Select Allow to permit access to the NBG4615, MAC addresses not listed |
|
will be denied access to the NBG4615. |
|
Select Reject to block access to the NBG4615, MAC addresses not listed |
|
will be allowed to access the NBG4615 |
|
|
Add a |
Enter the MAC addresses of the wireless station that are allowed or denied |
station Mac |
access to the NBG4615 in these address fields. Enter the MAC addresses in |
Address |
a valid MAC address format, that is, six hexadecimal character pairs, for |
|
example, 12:34:56:78:9a:bc. Click Add. |
|
|
MAC Filter Summary |
|
|
|
Delete |
Click the delete icon to remove the MAC address from the list. |
|
|
MAC |
This is the MAC address of the wireless station that are allowed or denied |
Address |
access to the NBG4615. |
|
|
Apply |
Click Apply to save your changes back to the NBG4615. |
|
|
Cancel |
Click Cancel to reload the previous configuration for this screen. |
|
|
14.5 Wireless LAN Advanced Screen
Use this screen to allow wireless advanced features, such as the output power, RTS/CTS Threshold and high-throughput physical mode settings.
Click Network > Wireless LAN > Advanced. The screen appears as shown.
Figure 80 Network > Wireless LAN > Advanced
140 |
|
|
NBG4615 User’s Guide |
|
|
|
|
|
Chapter 14 Wireless LAN
The following table describes the labels in this screen.
Table 47 Network > Wireless LAN > Advanced
LABEL |
DESCRIPTION |
RTS/CTS |
Data with its frame size larger than this value will perform the RTS |
Threshold |
(Request To Send)/CTS (Clear To Send) handshake. |
|
Enter a value between 256 and 2432. |
|
|
Fragmentation |
The threshold (number of bytes) for the fragmentation boundary for |
Threshold |
directed messages. It is the maximum data fragment size that can be |
|
sent. Enter an even number between 256 and 2346. |
|
|
Output Power |
Set the output power of the NBG4615 in this field. If there is a high |
|
density of APs in an area, decrease the output power of the NBG4615 to |
|
reduce interference with other APs. Select one of the following 100%, |
|
90%, 75%, 50%, 25% or 10%. See the product specifications for |
|
more information on your NBG4615’s output power. |
|
|
HT (High Throughput) Physical Mode - Use the fields below to configure the 802.11 wireless environment of your NBG4615.
Operating |
Choose this according to the wireless mode(s) used in your network. |
Mode |
Mixed - Select this if the wireless clients in your network use different |
|
|
|
wireless modes (for example, IEEE 802.11b/g and IEEE 802.1n modes) |
|
Green - Select this if the wireless clients in your network uses only one |
|
type of wireless mode (for example, IEEEE 802.11 n only) |
|
|
Channel |
Select the channel bandwidth you want to use for your wireless network. |
Bandwidth |
It is recommended that you select 20/40 (20/40 MHz). |
|
|
|
Select 20 MHz if you want to lessen radio interference with other |
|
wireless devices in your neighborhood. |
|
|
Guard Interval |
Select Auto to increase data throughput. However, this may make data |
|
transfer more prone to errors. |
|
Select Long to prioritize data integrity. This may be because your |
|
wireless network is busy and congested or the NBG4615 is located in an |
|
environment prone to radio interference. |
|
|
Extension |
This is set to Auto by default. |
Channel |
If you select 20/40 as your Channel Bandwidth, the extension |
|
|
|
channel enables the NBG4615 to get higher data throughput. This also |
|
lowers radio interference and traffic. |
|
|
Apply |
Click Apply to save your changes back to the NBG4615. |
|
|
Cancel |
Click Cancel to reload the previous configuration for this screen. |
|
|
14.6 Quality of Service (QoS) Screen
The QoS screen allows you to automatically give a service (such as VoIP and video) a priority level.
|
141 |
NBG4615 User’s Guide |
|
|
|
Chapter 14 Wireless LAN
Click Network > Wireless LAN > QoS. The following screen appears.
Figure 81 Network > Wireless LAN > QoS
The following table describes the labels in this screen.
Table 48 Network > Wireless LAN > QoS
LABEL |
DESCRIPTION |
Enable WMM QoS |
Check this to have the NBG4615 automatically give a service a |
|
priority level according to the ToS value in the IP header of packets |
|
it sends. WMM QoS (Wifi MultiMedia Quality of Service) gives high |
|
priority to voice and video, which makes them run more smoothly. |
|
|
Apply |
Click Apply to save your changes to the NBG4615. |
|
|
Cancel |
Click Cancel to reload the previous configuration for this screen. |
|
|
14.7 WPS Screen
Use this screen to enable/disable WPS, view or generate a new PIN number and check current WPS status. To open this screen, click Network > Wireless LAN > WPS tab.
Note: With WPS, wireless clients can only connect to the wireless network using the first SSID on the NBG4615.
Figure 82 Network > Wireless LAN > WPS
142 |
|
|
NBG4615 User’s Guide |
|
|
|
|
|
Chapter 14 Wireless LAN
The following table describes the labels in this screen.
Table 49 Network > Wireless LAN > WPS
LABEL |
DESCRIPTION |
WPS Setup |
|
|
|
Enable WPS |
Select this to enable the WPS feature. |
|
|
PIN Number |
This displays a PIN number last time system generated. Click Generate |
|
to generate a new PIN number. |
|
|
Status |
|
|
|
Status |
This displays Configured when the NBG4615 has connected to a |
|
wireless network using WPS or when Enable WPS is selected and |
|
wireless or wireless security settings have been changed. The current |
|
wireless and wireless security settings also appear in the screen. |
|
This displays Unconfigured if WPS is disabled and there are no |
|
wireless or wireless security changes on the NBG4615 or you click |
|
Release_Configuration to remove the configured wireless and |
|
wireless security settings. |
|
|
Release |
This button is only available when the WPS status displays Configured. |
Configuration |
Click this button to remove all configured wireless and wireless security |
|
|
|
settings for WPS connections on the NBG4615. |
|
|
802.11 Mode |
This is the 802.11 mode used. Only compliant WLAN devices can |
|
associate with the NBG4615. |
|
|
SSID |
This is the name of the wireless network (the NBG4615’s first SSID). |
|
|
Security |
This is the type of wireless security employed by the network. |
|
|
Apply |
Click Apply to save your changes back to the NBG4615. |
|
|
Cancel |
Click Cancel to reload the previous configuration for this screen. |
|
|
14.8 WPS Station Screen
Use this screen when you want to add a wireless station using WPS. To open this screen, click Network > Wireless LAN > WPS Station tab.
|
143 |
NBG4615 User’s Guide |
|
|
|
Chapter 14 Wireless LAN
Note: After you click Push Button on this screen, you have to press a similar button in the wireless station utility within 2 minutes. To add the second wireless station, you have to press these buttons on both device and the wireless station again after the first 2 minutes.
Figure 83 Network > Wireless LAN > WPS Station
The following table describes the labels in this screen.
Table 50 Network > Wireless LAN > WPS Station
LABEL |
DESCRIPTION |
Push Button |
Use this button when you use the PBC (Push Button Configuration) |
|
method to configure wireless stations’s wireless settings. See Section |
|
4.3.1 on page 32. |
|
Click this to start WPS-aware wireless station scanning and the wireless |
|
security information synchronization. |
|
|
Or input |
Use this button when you use the PIN Configuration method to |
station’s PIN |
configure wireless station’s wireless settings. See Section 4.3.2 on page |
number |
33. |
|
Type the same PIN number generated in the wireless station’s utility. |
|
Then click Start to associate to each other and perform the wireless |
|
security information synchronization. |
|
|
14.9 Scheduling Screen
Use this screen to set the times your wireless LAN is turned on and off. Wireless LAN scheduling is disabled by default. The wireless LAN can be scheduled to turn
144 |
|
|
NBG4615 User’s Guide |
|
|
|
|
|
Chapter 14 Wireless LAN
on or off on certain days and at certain times. To open this screen, click Network
> Wireless LAN > Scheduling tab.
Figure 84 Network > Wireless LAN > Scheduling
The following table describes the labels in this screen.
Table 51 Network > Wireless LAN > Scheduling
LABEL |
DESCRIPTION |
Wireless LAN Scheduling |
|
|
|
Enable Wireless |
Select this to enable Wireless LAN scheduling. |
LAN Scheduling |
|
|
|
Scheduling |
|
|
|
WLAN Status |
Select On or Off to specify whether the Wireless LAN is turned on or off. |
|
This field works in conjunction with the Day and For the following |
|
times fields. |
|
|
Day |
Select Everyday or the specific days to turn the Wireless LAN on or off. |
|
If you select Everyday you can not select any specific days. This field |
|
works in conjunction with the For the following times field. |
|
|
For the |
Select a begin time using the first set of hour and minute (min) drop |
following times |
down boxes and select an end time using the second set of hour and |
(24-Hour |
minute (min) drop down boxes. If you have chosen On earlier for the |
Format) |
WLAN Status the Wireless LAN will turn on between the two times you |
|
enter in these fields. If you have chosen Off earlier for the WLAN Status |
|
the Wireless LAN will turn off between the two times you enter in these |
|
fields. |
|
|
Apply |
Click Apply to save your changes back to the NBG4615. |
|
|
Cancel |
Click Cancel to reload the previous configuration for this screen. |
|
|
|
145 |
NBG4615 User’s Guide |
|
|
|
Chapter 14 Wireless LAN
14.10 WDS Screen
A Wireless Distribution System (WDS) is a wireless connection between two or more APs. Use this screen to set the operating mode of your NBG4615 to AP + Bridge or Bridge and establish wireless links with other APs. You need to know the MAC address of the peer device, which also must be in bridge mode.
Note: You must enable the same wireless security settings on the NBG4615 and on all wireless clients that you want to associate with it.
Click Network > Wireless LAN > WDS tab. The following screen opens with the
Basic Setting set to Disabled, and Security Mode set to No Security.
Figure 85 Network > Wireless LAN > WDS
The following table describes the labels in this screen.
Table 52 Network > Wireless LAN > WDS
LABEL |
DESCRIPTION |
WDS Setup |
|
|
|
Basic Settings |
Select the operating mode for your NBG4615. |
|
• Disable - The NBG4615 works as an access point only and cannot |
|
establish wireless links with other APs. |
|
• AP + Bridge - The NBG4615 functions as a bridge and access point |
|
simultaneously. |
|
• Bridge - The NBG4615 acts as a wireless network bridge and |
|
establishes wireless links with other APs. |
|
You need to know the MAC address of the peer device, which also must |
|
be in bridge mode. The NBG4615 can establish up to five wireless links |
|
with other APs. |
|
|
Local MAC |
This is the MAC address of your NBG4615. |
Address |
|
|
|
146 |
|
|
NBG4615 User’s Guide |
|
|
|
|
|
|
|
Chapter 14 Wireless LAN |
|
|
|
|
|
|
Table 52 Network > Wireless LAN > WDS (continued) |
||
|
LABEL |
DESCRIPTION |
|
|
Phy Mode |
Select the Phy mode you want the NBG4615 to use. This dictates the |
|
|
|
maximum size of packets during data transmission. |
|
|
|
This field is not available when you select Disable in the Basic Setting |
|
|
|
field. |
|
|
|
|
|
|
Remote MAC |
This is the MAC address of the peer device that your NBG4615 wants to |
|
|
Address |
make a bridge connection with. |
|
|
|
You can connect to up to 4 peer devices. |
|
|
|
|
|
|
Security |
|
|
|
|
|
|
|
EncrypType |
Select whether to use WEP, TKIP or AES encryption for your WDS |
|
|
|
connection in this field. |
|
|
|
Otherwise, select No Security. |
|
|
|
|
|
|
EncrypKey |
The Encryp Key is used to encrypt data. Peers must use the same key |
|
|
|
for data transmission. |
|
|
|
|
|
|
Apply |
Click Apply to save your changes to NBG4615. |
|
|
|
|
|
|
Cancel |
Click Cancel to reload the previous configuration for this screen. |
|
|
|
|
|
|
147 |
NBG4615 User’s Guide |
|
|
|
Chapter 14 Wireless LAN
148 |
|
|
NBG4615 User’s Guide |
|
|
|
|
|
15
IPv6
15.1 Overview
IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 1038 IP addresses.
•See Appendix G on page 325 for more information on IPv6.
15.1.1What You Need to Know
IPv6 Addressing
The 128-bit IPv6 address is written as eight 16-bit hexadecimal blocks separated by colons (:). This is an example IPv6 address
2001:0db8:1a2b:0015:0000:0000:1a2f:0000.
IPv6 addresses can be abbreviated in two ways:
•Leading zeros in a block can be omitted. So
2001:0db8:1a2b:0015:0000:0000:1a2f:0000 can be written as 2001:db8:1a2b:15:0:0:1a2f:0.
•Any number of consecutive blocks of zeros can be replaced by a double colon. A double colon can only appear once in an IPv6 address. So
2001:0db8:0000:0000:1a2f:0000:0000:0015 can be written as 2001:0db8::1a2f:0000:0000:0015, 2001:0db8:0000:0000:1a2f::0015, 2001:db8::1a2f:0:0:15 or 2001:db8:0:0:1a2f::15.
IPv6 Prefix and Prefix Length
Similar to an IPv4 subnet mask, IPv6 uses an address prefix to represent the network address. An IPv6 prefix length specifies how many most significant bits (start from the left) in the address compose the network address. The prefix length is written as “/x” where x is a number. For example,
2001:db8:1a2b:15::1a2f:0/32
means that the first 32 bits (2001:db8) is the subnet prefix.
|
149 |
NBG4615 User’s Guide |
|
|
|
Chapter 15 IPv6
15.2 The IPv6 Screen
Click Network > IPv6 to open the IPv6 screen. Use this screen to configure the IPv6 settings for your NBG4615.
Figure 86 Network > IPv6
The following table describes the fields in this screen.
Table 53 Network > IPv6
LABEL |
DESCRIPTION |
IPv6 Connection Type Setup |
|
|
|
IPv6 Connection |
Select the IPv6 connection type: |
Type |
• Ethernet: Select this if your ISP provides you a static IPv6 |
|
|
|
address. You need to enter the IPv6 information below according |
|
to what your ISP provided. |
|
• Link-local only: Use this connection mode for the NBG4615 to |
|
communicate with other IPv6 devices on the LAN side. You do not |
|
need to configure the settings below if you choose this mode. |
|
|
WAN IPv6 Address Setup |
|
|
|
IPv6 Address |
Enter the static IPv6 address provided by your ISP using colon (:) |
|
hexadecimal notation. |
|
|
Subnet Prefix |
Enter the bit number of the IPv6 subnet mask provided by your ISP. |
Length |
|
|
|
Gateway IP |
Enter the IPv6 address of the default outgoing gateway using a colon |
Address |
(:) hexadecimal notation. |
|
|
150 |
|
|
NBG4615 User’s Guide |
|
|
|
|
|
|
|
Chapter 15 IPv6 |
|
|
|
|
Table 53 Network > IPv6 (continued) |
|
|
LABEL |
DESCRIPTION |
|
First DNS Server |
Enter the primary DNS server's IP address in this field. |
|
|
|
|
Second DNS |
Enter the secondary DNS server's IP address in this field. |
|
Server |
|
|
|
|
|
LAN IPv6 Address Setup |
|
|
|
|
|
LAN IPv6 address |
Enter a valid IPv6 address for the LAN using colon (:) hexadecimal |
|
|
notation. |
|
|
|
|
LAN IPv6 Link-local |
This shows the IPv6 link-local address that the NBG4615 generates |
|
Address |
automatically. |
|
|
|
|
Address Autoconfiguration Setup |
|
|
|
|
|
Enable Stateless |
Select the checkbox to enable Stateless Address Autoconfiguration |
|
Address |
on the NBG4615. |
|
Autoconfiguration |
If this function is enabled, IP addresses are not generated by a DHCP |
|
|
|
|
|
server. They are formed by combining network prefixes with an |
|
|
interface identifier, which are derived from embedded IEEE |
|
|
Identifiers. |
|
|
|
|
Router |
Specify the lifetime of the router advertisement. |
|
Advertisement |
Router advertisement is a response to a router solicitation or a |
|
Lifetime |
|
|
periodical multicast advertisement from a router to advertise its |
|
|
|
|
|
|
presence and other parameters, such as IPv6 prefix and DNS |
|
|
information. |
|
|
|
|
Apply |
Click Apply to save your changes back to the NBG4615. |
|
|
|
|
Cancel |
Click Cancel to reload the previous configuration for this screen. |
|
|
|
|
151 |
NBG4615 User’s Guide |
|
|
|
Chapter 15 IPv6
152 |
|
|
NBG4615 User’s Guide |
|
|
|
|
|
16
WAN
16.1 Overview
This chapter discusses the NBG4615’s WAN screens. Use these screens to configure your NBG4615 for Internet access.
A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations.
Figure 87 LAN and WAN
16.2What You Can Do
•Use the Internet Connection screen to enter your ISP information and set how the computer acquires its IP, DNS and WAN MAC addresses (Section 16.4 on page 156).
•Use the Advanced screen to enable multicasting, configure Windows networking and bridge (Section 16.5 on page 166).
•Use IGMP Snooping screen to enable IGMP snooping in the LAN ports (Section 16.6 on page 167).
|
153 |
NBG4615 User’s Guide |
|
|
|
Chapter 16 WAN
16.3 What You Need To Know
The information in this section can help you configure the screens for your WAN connection, as well as enable/disable some advanced features of your NBG4615.
16.3.1 Configuring Your Internet Connection
Encapsulation Method
Encapsulation is used to include data from an upper layer protocol into a lower layer protocol. To set up a WAN connection to the Internet, you need to use the same encapsulation method used by your ISP (Internet Service Provider). If your ISP offers a dial-up Internet connection using PPPoE (PPP over Ethernet) or PPTP (Point-to-Point Tunneling Protocol), they should also provide a username and password (and service name) for user authentication.
WAN IP Address
The WAN IP address is an IP address for the NBG4615, which makes it accessible from an outside network. It is used by the NBG4615 to communicate with other devices in other networks. It can be static (fixed) or dynamically assigned by the ISP each time the NBG4615 tries to access the Internet.
If your ISP assigns you a static WAN IP address, they should also assign you the subnet mask and DNS server IP address(es) (and a gateway IP address if you use the Ethernet or ENET ENCAP encapsulation method).
DNS Server Address Assignment
Use Domain Name System (DNS) to map a domain name to its corresponding IP address and vice versa, for instance, the IP address of www.zyxel.com is 204.217.0.2. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it.
The NBG4615 can get the DNS server addresses in the following ways.
1The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign up. If your ISP gives you DNS server addresses, manually enter them in the DNS server fields.
2If your ISP dynamically assigns the DNS server IP addresses (along with the NBG4615’s WAN IP address), set the DNS server fields to get the DNS server address from the ISP.
154 |
|
|
NBG4615 User’s Guide |
|
|
|
|
|
Chapter 16 WAN
WAN MAC Address
The MAC address screen allows users to configure the WAN port's MAC address by either using the factory default or cloning the MAC address from a computer on your LAN. Choose Factory Default to select the factory assigned default MAC Address.
Otherwise, click Clone the computer's MAC address - IP Address and enter the IP address of the computer on the LAN whose MAC you are cloning. Once it is successfully configured, the address will be copied to configuration file. It is recommended that you clone the MAC address prior to hooking up the WAN Port.
16.3.2 Multicast
Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the network - not everybody and not just 1.
Figure 88 Multicast Example
In the multicast example above, systems A and D comprise one multicast group. In multicasting, the server only needs to send one data stream and this is delivered to systems A and D.
IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a multicast group - it is not used to carry user data. The NBG4615 supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMPv2).
At start up, the NBG4615 queries all directly connected networks to gather group membership. After that, the NBG4615 periodically updates this information. IP multicasting can be enabled/disabled on the NBG4615 LAN and/or WAN interfaces
|
155 |
NBG4615 User’s Guide |
|
|
|
Chapter 16 WAN
in the Web Configurator (LAN; WAN). Select None to disable IP multicasting on these interfaces.
16.4 Internet Connection
Use this screen to change your NBG4615’s Internet access settings. Click WAN from the Configuration menu. The screen differs according to the encapsulation you choose.
16.4.1 Ethernet Encapsulation
This screen displays when you select Ethernet encapsulation.
Figure 89 Network > WAN > Internet Connection: Ethernet Encapsulation
156 |
|
|
NBG4615 User’s Guide |
|
|
|
|
|
Chapter 16 WAN
The following table describes the labels in this screen.
Table 54 Network > WAN > Internet Connection: Ethernet Encapsulation
LABEL |
DESCRIPTION |
|
ISP Parameters for Internet Access |
||
|
|
|
Encapsulation |
You must choose the Ethernet option when the WAN port is used as a |
|
|
regular Ethernet. |
|
|
|
|
WAN IP Address Assignment |
||
|
|
|
Get |
Select this option If your ISP did not assign you a fixed IP address. This |
|
automatically |
is the default selection. |
|
from ISP |
|
|
(Default) |
|
|
|
|
|
Bigpond |
Select Enable if you subscribe to Internet service from BigPond in |
|
|
Australia. Then configure the fields below with the information |
|
|
provided. |
|
|
|
|
Server |
Type the IP address of the BigPond server. |
|
|
|
|
User Name |
Type the user name given to you by your ISP. You can use |
|
|
alphanumeric and -_@$./ characters, and it can be up to 31 characters |
|
|
long. |
|
|
|
|
Password |
Type the password associated with the user name above. Use up to 64 |
|
|
ASCII characters except [, ] and ?. This field can be blank. |
|
|
|
|
Retype to |
Type your password again for confirmation. |
|
Confirm |
|
|
|
|
|
Use Fixed IP |
Select this option If the ISP assigned a fixed IP address. |
|
Address |
|
|
|
|
|
IP Address |
Enter your WAN IP address in this field if you selected Use Fixed IP |
|
|
Address. |
|
|
|
|
IP Subnet |
Enter the IP Subnet Mask in this field. |
|
Mask |
|
|
|
|
|
Gateway IP |
Enter a Gateway IP Address (if your ISP gave you one) in this field. |
|
Address |
|
|
|
|
|
WAN DNS Assignment |
||
|
|
|
First DNS Server |
Select From ISP if your ISP dynamically assigns DNS server |
|
Second DNS |
information (and the NBG4615's WAN IP address). The field to the right |
|
displays the (read-only) DNS server IP address that the ISP assigns. |
||
Server |
||
|
||
|
Select User-Defined if you have the IP address of a DNS server. Enter |
|
|
the DNS server's IP address in the field to the right. If you chose User- |
|
|
Defined, but leave the IP address set to 0.0.0.0, User-Defined |
|
|
changes to None after you click Apply. If you set a second choice to |
|
|
User-Defined, and enter the same IP address, the second User- |
|
|
Defined changes to None after you click Apply. |
|
|
Select None if you do not want to configure DNS servers. If you do not |
|
|
configure a DNS server, you must know the IP address of a computer in |
|
|
order to access it. |
|
|
|
|
WAN MAC |
The MAC address section allows users to configure the WAN port's MAC |
|
Address |
address by either using the NBG4615’s MAC address, copying the MAC |
|
|
address from a computer on your LAN or manually entering a MAC |
|
|
address. |
|
|
|
|
|
157 |
NBG4615 User’s Guide |
|
|
|
Chapter 16 WAN
Table 54 Network > WAN > Internet Connection: Ethernet Encapsulation (continued)
LABEL |
DESCRIPTION |
Factory default |
Select Factory default to use the factory assigned default MAC |
|
Address. |
|
|
Clone the |
Select Clone the computer's MAC address - IP Address and enter |
computer’s MAC |
the IP address of the computer on the LAN whose MAC you are cloning. |
address - IP |
|
Address |
|
|
|
Set WAN MAC |
Select this option and enter the MAC address you want to use. |
Address |
|
|
|
Apply |
Click Apply to save your changes back to the NBG4615. |
|
|
Cancel |
Click Cancel to begin configuring this screen afresh. |
|
|
16.4.2 PPPoE Encapsulation
The NBG4615 supports PPPoE (Point-to-Point Protocol over Ethernet). PPPoE is an IETF standard (RFC 2516) specifying how a personal computer (PC) interacts with a broadband modem (DSL, cable, wireless, etc.) connection. The PPP over Ethernet option is for a dial-up connection using PPPoE.
For the service provider, PPPoE offers an access and authentication method that works with existing access control systems (for example Radius).
One of the benefits of PPPoE is the ability to let you access one of multiple network services, a function known as dynamic service selection. This enables the service provider to easily create and offer new IP services for individuals.
Operationally, PPPoE saves significant effort for both you and the ISP or carrier, as it requires no specific configuration of the broadband modem at the customer site.
By implementing PPPoE directly on the NBG4615 (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the NBG4615 does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access.
158 |
|
|
NBG4615 User’s Guide |
|
|
|
|
|
Loading...