Page 1
Default Login Details
User’s Guide
SBG5500 Series
SBG5500-A / SBG5500-B
Small Business Gateway
LAN IP Address http://192.168.1.1
User Name admin
Password 1234
Version 1.10 Edition 1, 12/2017
Copyright © 2017 Zyxel Communications Corporation
Page 2
IMPORTANT!
READ CAREFULLY BEFORE USE.
KEEP THIS GUIDE FOR FUTURE REFERENCE.
This is a User’s Guide for a series of products. Not all products support all firmware features. Screenshots
and graphics in this book may differ slightly from your product due to differences in your product
firmware or your computer operating system. Every effort has been made to ensure that the information
in this manual is accurate.
Related Documentation
•Quick Start Guide
The Quick Start Guide shows how to connect the SBG and access the Web Configurator wizards. It
contains information on setting up your network and configuring for Internet access.
•More Information
Go to support.zyxel.com to find other information on the SBG.
SBG5500 Series User’s Guide
2
Page 3
Document Conventions
SBG
Warnings and Notes
These are how warnings and notes are shown in this guide.
Warnings tell you about things that could harm you or your device.
Note: Notes tell you other important information (for example, other things you may need to
configure or helpful tips) or recommendations.
Syntax Conventions
• All models in this series may be referred to as the “SBG” in this guide.
• Product labels, screen names, field labels and field choices are all in bold font.
• A right angle bracket ( > ) within a screen name denotes a mouse click. For example, Configuration >
Log / Report > Log Settings means you first click Configuration in the navigation panel, then the Log
sub menu and finally the Log Settings tab to get to that screen.
Icons Used in Figures
Figures in this user guide may use the following generic icons. The SBG icon is not an exact
representation of your device.
SBG Generic Router Wireless Router / Access Point
Switch Firewall USB Storage Device
USB Dongle Cell Tower Printer
Server
SBG5500 Series User’s Guide
3
Page 4
Contents Overview
Contents Overview
User’s Guide ......................................................................................................................................12
Introducing the SBG ............................................................................................................................. 13
The Web Configurator ......................................................................................................................... 20
Wizard .................................................................................................................................................... 26
Technical Reference ........................................................................................................................44
Dashboard ............................................................................................................................................ 45
WAN/Internet ........................................................................................................................................ 48
LAN ......................................................................................................................................................... 85
Routing ................................................................................................................................................. 108
Network Address Translation (NAT) ................................................................................................... 122
Firewall ................................................................................................................................................. 138
VPN ....................................................................................................................................................... 159
Bandwidth Management .................................................................................................................. 194
Network Management ...................................................................................................................... 212
Log / Report ....................................................................................................................................... 215
Service / License ................................................................................................................................. 225
Device Name ...................................................................................................................................... 227
Host Name List ..................................................................................................................................... 228
Date / Time .......................................................................................................................................... 230
User Account ...................................................................................................................................... 233
USB Storage ......................................................................................................................................... 236
Diagnostic ........................................................................................................................................... 240
Firmware Upgrade .............................................................................................................................. 247
Backup / Restore ................................................................................................................................ 250
Language ............................................................................................................................................ 252
Restart / Shutdown ............................................................................................................................. 253
Troubleshooting .................................................................................................................................. 254
SBG5500 Series User’s Guide
4
Page 5
Table of Contents
Table of Contents
Document Conventions ......................................................................................................................3
Contents Overview .............................................................................................................................4
Table of Contents .................................................................................................................................5
Part I: User’s Guide.......................................................................................... 12
Chapter 1
Introducing the SBG...........................................................................................................................13
1.1 Overview ......................................................................................................................................... 13
1.2 Ways to Manage the SBG ............................................................................................................. 13
1.3 Good Habits for Managing the SBG ............................................................................................ 14
1.4 Applications for the SBG ............................................................................................................... 14
1.4.1 Internet Access ...................................................................................................................... 14
1.4.2 SBG’s USB Support ................................................................................................................. 16
1.5 LEDs (Lights) ..................................................................................................................................... 17
1.6 The RESET Button ............................................................................................................................. 18
Chapter 2
The Web Configurator........................................................................................................................20
2.1 Overview ......................................................................................................................................... 20
2.1.1 Accessing the Web Configurator ....................................................................................... 20
2.2 Web Configurator Layout .............................................................................................................. 21
2.2.1 Title Bar ................................................................................................................................... 22
2.2.2 Navigation Panel .................................................................................................................. 22
2.2.3 Main Window ......................................................................................................................... 25
Chapter 3
Wizard .................................................................................................................................................26
3.1 Overview ......................................................................................................................................... 26
3.2 Wizard Basic Setup ......................................................................................................................... 27
3.3 Wizard IPsec VPN Setup ................................................................................................................. 32
3.3.1 VPN Express Settings ............................................................................................................. 33
3.3.2 VPN Advanced Settings ....................................................................................................... 35
3.4 Wizard IPv6 Setup ........................................................................................................................... 40
SBG5500 Series User’s Guide
5
Page 6
Table of Contents
Part II: Technical Reference........................................................................... 44
Chapter 4
Dashboard..........................................................................................................................................45
4.1 Overview ......................................................................................................................................... 45
4.2 The Dashboard Screen .................................................................................................................. 45
Chapter 5
WAN/Internet......................................................................................................................................48
5.1 Overview ......................................................................................................................................... 48
5.1.1 What You Can Do in this Chapter ....................................................................................... 49
5.1.2 What You Need to Know ..................................................................................................... 49
5.1.3 Before You Begin ................................................................................................................... 52
5.2 The WAN Status Screen .................................................................................................................. 52
5.2.1 The xDSL Statistics Screen ..................................................................................................... 53
5.2.2 The SFP Status Screen ........................................................................................................... 55
5.3 The WAN Setup Screen .................................................................................................................. 56
5.3.1 Add/Edit Internet Connection .............................................................................................57
5.4 The Mobile Screen .......................................................................................................................... 68
5.5 The Port Setting Screen .................................................................................................................. 72
5.6 The Multi-WAN Screen .................................................................................................................... 73
5.6.1 Edit Multi-WAN ....................................................................................................................... 74
5.6.2 How to Configure Multi-WAN for Load Balancing and Failover ...................................... 75
5.7 The Dynamic DNS screen .............................................................................................................. 76
5.7.1 Edit Dynamic DNS ................................................................................................................. 77
5.8 The xDSL Advanced screen .......................................................................................................... 79
5.9 Technical Reference ...................................................................................................................... 81
Chapter 6
LAN ......................................................................................................................................................85
6.1 Overview ......................................................................................................................................... 85
6.1.1 What You Can Do in this Chapter ....................................................................................... 85
6.1.2 What You Need To Know ..................................................................................................... 86
6.1.3 Before You Begin ................................................................................................................... 87
6.2 The LAN Status Screen ................................................................................................................... 87
6.3 The LAN Setup Screen .................................................................................................................... 88
6.3.1 Edit LAN Setup ....................................................................................................................... 89
6.3.2 Edit LAN Setup IPv6 ............................................................................................................... 91
6.4 The Static DHCP Screen ................................................................................................................. 94
6.4.1 Edit Static DHCP .................................................................................................................... 94
6.5 The Additional Subnet Screen ....................................................................................................... 96
6.6 The Wake on LAN Screen .............................................................................................................. 96
6.6.1 Wake On LAN: Add/Edit ....................................................................................................... 97
SBG5500 Series User’s Guide
6
Page 7
Table of Contents
6.7 The VLAN / Interface Group Screen ............................................................................................ 98
6.7.1 VLAN / Interface Group: Add/Edit ...................................................................................... 99
6.8 The DNS Entry Screen ................................................................................................................... 103
6.9 The DNS Forwarder Screen .......................................................................................................... 103
6.9.1 DNS Forwarder: Add/Edit ................................................................................................... 104
6.10 Technical Reference .................................................................................................................. 105
6.10.1 LANs, WANs and the SBG ................................................................................................. 105
6.10.2 DHCP Setup ....................................................................................................................... 105
6.10.3 DNS Server Addresses ....................................................................................................... 106
6.10.4 LAN TCP/IP ......................................................................................................................... 106
Chapter 7
Routing ..............................................................................................................................................108
7.1 Overview ...................................................................................................................................... 108
7.1.1 What You Can Do in this Chapter ..................................................................................... 108
7.2 The Routing Status Screen ........................................................................................................... 109
7.3 The Policy Route Screen .............................................................................................................. 115
7.3.1 Add/Edit Policy Route ........................................................................................................ 116
7.4 The Static Route Screen ............................................................................................................... 118
7.4.1 Add/Edit Static Route ......................................................................................................... 119
7.5 The RIP Screen ............................................................................................................................... 120
Chapter 8
Network Address Translation (NAT)................................................................................................122
8.1 Overview ....................................................................................................................................... 122
8.1.1 What You Can Do in this Chapter ..................................................................................... 122
8.1.2 What You Need To Know ................................................................................................... 122
8.2 The Port Forwarding Screen ....................................................................................................... 123
8.2.1 Add/Edit Port Forwarding .................................................................................................. 125
8.3 The Port Triggering Screen ........................................................................................................... 126
8.3.1 Add/Edit Port Triggering Rule ............................................................................................ 128
8.4 The Address Mapping Screen ..................................................................................................... 129
8.4.1 Add/Edit Address Mapping Rule ....................................................................................... 130
8.5 The Default Server Screen ........................................................................................................... 131
8.5.1 Edit Default Server ............................................................................................................... 132
8.6 The ALG Screen ............................................................................................................................ 133
8.7 Technical Reference .................................................................................................................... 134
8.7.1 NAT Definitions ..................................................................................................................... 134
8.7.2 What NAT Does ................................................................................................................... 134
8.7.3 How NAT Works .................................................................................................................... 135
8.7.4 NAT Application .................................................................................................................. 135
Chapter 9
Firewall ..............................................................................................................................................138
SBG5500 Series User’s Guide
7
Page 8
Table of Contents
9.1 Overview ....................................................................................................................................... 138
9.1.1 What You Can Do in this Chapter ..................................................................................... 138
9.1.2 What You Need to Know ................................................................................................... 139
9.2 The Firewall Overview Screen ..................................................................................................... 140
9.3 The DoS Screen ............................................................................................................................. 141
9.4 The Firewall Rules Screen ............................................................................................................. 141
9.4.1 Add/Edit a Firewall Rule ..................................................................................................... 143
9.5 The Device Service Screen .......................................................................................................... 144
9.5.1 Edit a Device Service .......................................................................................................... 146
9.5.2 Add/Edit a Trust Domain .................................................................................................... 146
9.6 The Zone Control Screen ............................................................................................................. 147
9.7 The Scheduler Rule Screen .......................................................................................................... 148
9.7.1 Add/Edit a Scheduler Rule ................................................................................................. 149
9.8 The Service Screen ...................................................................................................................... 149
9.8.1 Add/Edit a Service ............................................................................................................. 150
9.9 The MAC Filter Screen .................................................................................................................. 151
9.9.1 MAC Filter: Add/Edit ........................................................................................................... 152
9.10 The Certificate Screen ............................................................................................................... 153
9.11 The AAA Server ........................................................................................................................... 154
9.11.1 Add/Edit an LDAP Server .................................................................................................155
9.11.2 Add/Edit an RADIUS Server .............................................................................................. 157
Chapter 10
VPN....................................................................................................................................................159
10.1 Overview ..................................................................................................................................... 159
10.2 What You Can Do in this Chapter ............................................................................................ 159
10.3 What You Need to Know ........................................................................................................... 159
10.4 The VPN Status Screen ............................................................................................................... 162
10.5 The IPsec VPN Screen ................................................................................................................ 163
10.5.1 Add/Edit a VPN Gateway ................................................................................................ 165
10.5.2 Add/Edit a VPN Connection ........................................................................................... 171
10.5.3 The Default_L2TP_VPN_GW IPsec VPN Rule ................................................................... 174
10.5.4 PPTP VPN Troubleshooting Tips ........................................................................................ 175
10.6 The PPTP VPN Screen ................................................................................................................. 176
10.6.1 PPTP VPN Troubleshooting Tips ........................................................................................ 178
10.7 The L2TP VPN Screen .................................................................................................................. 179
10.7.1 L2TP Setup - Server ............................................................................................................ 179
10.7.2 L2TP Setup - Client ............................................................................................................. 181
10.7.3 L2TP VPN Troubleshooting Tips ......................................................................................... 182
10.8 The L2TP Client Status Screen .................................................................................................... 185
10.9 Technical Reference .................................................................................................................. 186
10.9.1 IPsec Architecture ............................................................................................................. 186
10.9.2 Encapsulation .................................................................................................................... 187
SBG5500 Series User’s Guide
8
Page 9
Table of Contents
10.9.3 IKE Phases .......................................................................................................................... 188
10.9.4 Negotiation Mode ............................................................................................................ 189
10.9.5 IPsec and NAT ................................................................................................................... 190
10.9.6 VPN, NAT, and NAT Traversal ........................................................................................... 190
10.9.7 ID Type and Content ........................................................................................................ 191
10.9.8 Pre-Shared Key .................................................................................................................. 192
10.9.9 Diffie-Hellman (DH) Key Groups ...................................................................................... 192
Chapter 11
Bandwidth Management ................................................................................................................194
11.1 Overview .................................................................................................................................... 194
11.1.1 What You Can Do in this Chapter ................................................................................... 194
11.1.2 What You Need to Know ................................................................................................. 194
11.2 The General Screen .................................................................................................................. 196
11.3 The Queue Setup Screen ........................................................................................................... 197
11.3.1 Adding a QoS Queue ...................................................................................................... 198
11.4 The Classification Setup Screen ................................................................................................ 199
11.4.1 Add/Edit a QoS Class ....................................................................................................... 200
11.5 The Policer Setup Screen ........................................................................................................... 204
11.5.1 Add/Edit a QoS Policer ................................................................................................... 205
11.6 The Shaper Setup Screen .......................................................................................................... 206
11.6.1 Add/Edit a QoS Shaper .................................................................................................... 207
11.7 Technical Reference .................................................................................................................. 207
Chapter 12
Network Management ....................................................................................................................212
12.1 Overview ..................................................................................................................................... 212
12.1.1 What You Can Do in This Chapter .................................................................................. 212
12.2 The SNMP Screen ........................................................................................................................ 212
Chapter 13
Log / Report .....................................................................................................................................215
13.1 Overview ..................................................................................................................................... 215
13.1.1 What You Can Do in this Chapter ................................................................................... 215
13.1.2 What You Need To Know ................................................................................................. 215
13.2 The Log Viewer Screen .............................................................................................................. 216
13.3 Log Settings ................................................................................................................................. 217
13.3.1 Edit Log on USB Settings .................................................................................................... 218
13.3.2 Edit System and Email ....................................................................................................... 220
13.3.3 Edit Remote Server Log Settings ...................................................................................... 222
Chapter 14
Service / License..............................................................................................................................225
SBG5500 Series User’s Guide
9
Page 10
Table of Contents
14.1 Overview ..................................................................................................................................... 225
14.2 The License Screen ..................................................................................................................... 225
Chapter 15
Device Name ...................................................................................................................................227
15.1 Overview ..................................................................................................................................... 227
15.2 The Device Name Screen ......................................................................................................... 227
Chapter 16
Host Name List..................................................................................................................................228
16.1 Overview ..................................................................................................................................... 228
16.2 The Host Name Screen .............................................................................................................. 228
16.2.1 Add Host Name ................................................................................................................. 228
Chapter 17
Date / Time .......................................................................................................................................230
17.1 Overview ..................................................................................................................................... 230
17.2 The Date / Time Screen ............................................................................................................. 230
Chapter 18
User Account....................................................................................................................................233
18.1 Overview .................................................................................................................................... 233
18.2 What You Can Do in this Chapter ............................................................................................ 233
18.3 The User Account Screen .......................................................................................................... 233
18.3.1 Add/Edit a Users Account ...............................................................................................234
Chapter 19
USB Storage ......................................................................................................................................236
19.1 Overview ..................................................................................................................................... 236
19.1.1 What You Need To Know ................................................................................................. 236
19.1.2 Before You Begin ............................................................................................................... 237
19.2 The USB Storage Screen ............................................................................................................. 237
19.2.1 Add a USB Share ............................................................................................................... 239
Chapter 20
Diagnostic.........................................................................................................................................240
20.1 Overview ..................................................................................................................................... 240
20.1.1 What You Can Do in this Chapter ................................................................................... 240
20.1.2 What You Need to Know ................................................................................................. 240
20.2 The Network Tools Screen .......................................................................................................... 241
20.3 The 802.1ag Screen .................................................................................................................... 241
20.4 The OAM Ping Screen ................................................................................................................ 242
20.5 The Packet Capture Screen ...................................................................................................... 244
SBG5500 Series User’s Guide
10
Page 11
Table of Contents
Chapter 21
Firmware Upgrade ...........................................................................................................................247
21.1 Overview ..................................................................................................................................... 247
21.2 The Firmware Screen .................................................................................................................. 247
21.3 The Mobile Profile Screen .......................................................................................................... 249
Chapter 22
Backup / Restore .............................................................................................................................250
22.1 Overview ..................................................................................................................................... 250
22.2 The Backup / Restore Screen .................................................................................................... 250
Chapter 23
Language .........................................................................................................................................252
23.1 Overview ..................................................................................................................................... 252
23.2 The Language Screen ................................................................................................................ 252
Chapter 24
Restart / Shutdown...........................................................................................................................253
24.1 Overview ..................................................................................................................................... 253
24.2 The Restart / Shutdown Screen ................................................................................................. 253
Chapter 25
Troubleshooting................................................................................................................................254
25.1 Power, Hardware Connections, and LEDs ............................................................................... 254
25.2 SBG Access and Login ............................................................................................................... 255
25.3 Internet Access ........................................................................................................................... 256
25.4 USB Device Connection ............................................................................................................ 257
Appendix A Customer Support ..................................................................................................... 259
Appendix B Legal Information....................................................................................................... 265
Index .................................................................................................................................................270
SBG5500 Series User’s Guide
11
Page 12
PART I
User’s Guide
12
Page 13
1.1 Overview
The SBG is a VDSL router and Gigabit Ethernet (GbE) gateway. It has one DSL port and Gigabit Ethernet
for super-fast Internet access over telephone lines. The SBG5500-A can use the DSL port over POTS (Plain
Old Telephone Service) with an R-J11 connection, while the SBG5500-B uses DSL port over ISDN (Internet
Service Digital Network) with an RJ45 connection.
The SBG features a Gigabit Ethernet (GbE) WAN with Small Form Factor Pluggable (SFP) interface. SFP is
also known as Fiber Optics interface. The GbE WAN with SFP has a dual-personality combo design (GbE
+ Fiber) which enables increased bandwidth and extended coverage.
Features
• One DSL Port for Internet Connection
• Combo GbE and SFP Port for Internet Connection
• One USB Port for 3G/4G Connection and File Sharing
• Five GbE Ports for LAN Connection
• Firewall with Secure Network Management
• Secure Access via VPN (IPsec, PPTP, L2TP)
• Backward compatible with ADSL, ADSL2 and ADSL2+ in case VDSL is not available.
• Supports both Packet Transfer Mode (PTM) and Asynchronous Transfer Mode (ATM).
CHAPTER 1
Introducing the SBG
Only use firmware for your SBG’s specific model. Refer to the label on
the bottom of your SBG.
Use the USB port for file sharing or using a 3G/4G dongle for cellular WAN (Internet) backup connections.
1.2 Ways to Manage the SBG
Use any of the following methods to manage the SBG.
• Web Configurator. This is recommended for everyday management of the SBG using a (supported)
web browser.
• TR-069. SBG uses an auto-configuration server used to remotely configure your device via TR-069.
SBG5500 Series User’s Guide
13
Page 14
Chapter 1 Introducing the SBG
1.3 Good Habits for Managing the SBG
Do the following things regularly to make the SBG more secure and to manage the SBG more
effectively.
• Change the password. Use a password that’s not easy to guess and that consists of different types of
characters, such as numbers and letters. The password must have 6-64 printable characters [0-9][a-z]
[A-Z][!@#$%*].
• Write down the password and put it in a safe place.
• Back up the configuration (and make sure you know how to restore it). Restoring an earlier working
configuration may be useful if the device becomes unstable or even crashes. If you forget your
password, you will have to reset the SBG to its factory default settings. If you backed up an earlier
configuration file, you would not have to totally re-configure the SBG. You could simply restore your
last configuration.
1.4 Applications for the SBG
Here are some example uses for which the SBG is well suited.
1.4.1 Internet Access
As a small business gateway your SBG has multiple WAN interfaces, including, 3G/4G, DSL, fiber and
Gigabit Ethernet to share the network traffic load. You can configure multiple WAN load balance and
failover rules to distribute traffic amongst the different interfaces.
If you have DSL Internet service, connect the DSL port to the DSL or modem jack on a splitter or your
telephone jack. You can also have multiple WAN services over one ADSL or VDSL. The SBG cannot work
in ADSL and VDSL mode at the same time.
If you prefer not to use a DSL line or you already have a broadband modem/router in your network, use
the Ethernet WAN or SFP port. The SFP and GbE ports work as a Combo port, which means there are two
physical ports in the SBG, but they share a same port number and GbE works as a backup for the SFP
port if both are connected. You can also use a 3G/4G dongle for cellular backup WAN (Internet)
connections.
Note: If you connect all WAN ports the priority order will be DSL, Combo, and USB port.
Note: The ADSL and VDSL lines share the same WAN (layer-2) interfaces that you configure in
the SBG. Refer to Section 5.3 on page 56 for the Configuration > WAN / Internet > WAN
Setup screen.
SBG5500 Series User’s Guide
14
Page 15
Chapter 1 Introducing the SBG
SBG
SBG
SBG
Computers can connect to the SBG’s LAN ports.
Figure 1 SBG’s Internet Access Application: ADSL/VDSL
Figure 2 SBG’s Internet Access Application: ADSL
Figure 3 SBG’s Internet Access Application: 3G/4G WAN Backup
SBG5500 Series User’s Guide
15
Page 16
Chapter 1 Introducing the SBG
SBG
SBG
Figure 4 SBG’s Internet Access Application: DSL + SFP/GbE Combo + 3G/4G WAN Priority
You can also configure IP filtering on the SBG for secure Internet access. When the IP filter is on, all
incoming traffic from the Internet to your network is blocked by default unless it is initiated from your
network. This means that probes from the outside to your network are not allowed, but you can safely
browse the Internet and download files.
1.4.2 SBG’s USB Support
Use the USB port for file sharing or insert a 3G/4G dongle for cellular backup WAN (Internet) connections.
File Sharing
Use the USB port (built-in USB 2.0) to share files on USB memory sticks or USB hard drives (B). Use FTP to
access the files on the USB device.
Figure 5 USB File Sharing Application
SBG5500 Series User’s Guide
16
Page 17
1.5 LEDs (Lights)
This section describes the LEDs on the SBG.
The following figure shows the front and rear panels of the SBG.
Figure 6 SBG5500-A Front and Rear Panels
Figure 7 SBG5500-B Front and Rear Panels
Chapter 1 Introducing the SBG
None of the LEDs are on if the SBG is not receiving power. The location of the LEDs are highlighted in the
figures above,
Table 1 LED Descriptions
LED COLOR STATUS DESCRIPTION
POWER Green On The SBG is receiving power and ready for use.
Blinking The SBG is self-testing.
Red On The SBG detected an error while self-testing, or there is a device
malfunction.
Off The SBG is not receiving power.
SBG5500 Series User’s Guide
17
Page 18
Chapter 1 Introducing the SBG
Table 1 LED Descriptions (continued)
LED COLOR STATUS DESCRIPTION
INTERNET Green On The SBG has an IP connection but no traffic.
Your device has a WAN IP address (either static or assigned by a DHCP
server), PPP negotiation was successfully completed (if used) and the DSL
connection is up.
Blinking The SBG is sending or receiving IP traffic.
Red On The DSL port is connected to a DSL jack or the Ethernet WAN port is
connected to an Ethernet port but the SBG cannot access the Internet.
There is an Internet connection problem.
Off There is no Internet connection or the gateway is in bridged mode.
USB Green On The SBG recognizes a USB connection.
Off The SBG does not detect a USB connection.
DSL Green/
Amber
SFP Green On The SBG has established an SFP connection.
VPN Green On The SBG VPN tunnel is up.
ETHERNET
LAN 1-4 (On
Connector)
ETHERNET
WAN (On
Connector)
Green
(Left LED)
1GM
Amber
(Right LED)
10-100M
Green
(Left LED)
1GM
Amber
(Right LED)
10-100M
On The ADSL/VDSL line is up.
Blinking The SBG is initializing the ADSL/VDSL line.
Off The ADSL/VDSL line is down.
Blinking The SBG is sending or receiving data to/from the SFP connection.
Off The SBG has not established an SFP connection.
Off The SBG VPN tunnel is down.
On The SBG has a successful Ethernet connection with a device on the Local
Area Network (LAN).
Blinking The SBG is sending or receiving data to/from the LAN.
Off The SBG does not have an Ethernet connection with the LAN.
On The SBG has a successful Ethernet connection with a device on the Local
Area Network (LAN).
Blinking The SBG is sending or receiving data to/from the LAN.
Off The SBG does not have an Ethernet connection with the LAN.
On The Gigabit Ethernet connection is working.
Blinking The SBG is sending or receiving data to/from the Gigabit Ethernet link.
Off There is no Gigabit Ethernet link.
On The Gigabit Ethernet connection is working.
Blinking The SBG is sending or receiving data to/from the Gigabit Ethernet link.
Off There is no Gigabit Ethernet link.
1.6 The RESET Button
If you forget your password or cannot access the web configurator, you will need to use the RESET
button at the back of the device to reload the factory-default configuration file. This means that you will
lose all configurations that you had previously and the password will be reset to “1234”.
1 Make sure the POWER LED is on (not blinking).
SBG5500 Series User’s Guide
18
Page 19
Chapter 1 Introducing the SBG
2 To set the device back to the factory default settings, press the RESET button for five seconds or until the
POWER LED begins to blink and then release it. When the POWER LED begins to blink, the defaults have
been restored and the device restarts.
SBG5500 Series User’s Guide
19
Page 20
2.1 Overview
The web configurator is an HTML-based management interface that allows easy device setup and
management via Internet browser. Use Internet Explorer 8.0 and later versions, Mozilla Firefox 3 and later
versions, Chrome, or Safari 2.0 and later versions. The recommended screen resolution is 1024 by 768
pixels.
In order to use the web configurator you need to allow:
• Web browser pop-up windows from your device. Web pop-up blocking is enabled by default in
Windows XP SP (Service Pack) 2.
• JavaScript (enabled by default).
• Java permissions (enabled by default).
CHAPTER 2
The Web Configurator
2.1.1 Accessing the Web Configurator
1 Make sure your SBG hardware is properly connected (refer to the Quick Start Guide).
2 Launch your web browser. If the SBG does not automatically re-direct you to the login screen, go to
http://192.168.1.1.
3 A password screen displays. To access the administrative web configurator and manage the SBG, type
the default username admin and password 1234 in the password screen and click Login. If advanced
account security is enabled (see Section 18.3 on page 233) the number of dots that appears when you
type the password changes randomly to prevent anyone watching the password field from knowing the
length of your password. If you have changed the password, enter your password and click Login.
Figure 8 Password Screen
SBG5500 Series User’s Guide
20
Page 21
Chapter 2 The Web Configurator
A
B
C
4 The following screen displays if you have not yet changed your password from the default. Enter a new
password, retype it to confirm and click Apply. After changing the password your SBG will log out
automatically. so you can log in with your new password.
Figure 9 Change Password Screen
5 The Wizard appears automatically after login. Use the Wizard to configure SBG’s basic settings. See
Chapter 3 on page 26 for more information.
6 The Dashboard page appears after the Wizard set up, here you can view the SBG’s interface and
system information.
2.2 Web Configurator Layout
Figure 10 Screen Layout
As illustrated above, the main screen is divided into these parts:
• A - title bar
SBG5500 Series User’s Guide
21
Page 22
• B - navigation panel
• C - main window
2.2.1 Title Bar
The title bar provides some icons in the upper right corner.
The icons provide the following functions.
Table 2 Web Configurator Icons in the Title Bar
ICON DESCRIPTION
Chapter 2 The Web Configurator
Logout: Click this icon to log out of the web configurator.
Click a color from the palette to change the color of your web configurator.
2.2.2 Navigation Panel
Use the menu items on the navigation panel to open screens to configure SBG features. The following
tables describe each menu item.
Table 3 Navigation Panel Summary
LINK TAB FUNCTION
Dashboard Click this to go to the main Web Configurator screen.
Wizard Use this screen to configure the SBG’s basic settings. For more information
Configuration
Configuration
Site Map
WAN / Internet
WAN Status WAN Status Use this screen to view the WAN ports’ status.
xDSL Statistics Use this screen to view detailed DSL traffic statistics.
SFP Status Use this screen to view details about the SFP connection.
WAN Setup Use this screen to view and configure ISP parameters, WAN IP address
Mobile Use this screen to configure the mobile 3G/4G connection.
Port Setting Use this screen to set flexible ports as part of LAN or WAN interfaces.
Multi-WAN Use this screen to configure the multiple WAN load balance and failover
Dynamic
DNS
xDSL
Advanced
LAN / Home Network
see Chapter 3 on page 26.
Click this to view a summary of all the available screens in the
Configuration menu.
assignment, and other advanced properties. You can also add new WAN
connections.
rules to distribute traffic among different interfaces.
Use this screen to allow a static hostname alias for a dynamic IP address.
Use this screen to enable or disable DSL PHyR, ADSL, and VDSL functions.
SBG5500 Series User’s Guide
22
Page 23
Chapter 2 The Web Configurator
Table 3 Navigation Panel Summary (continued)
LINK TAB FUNCTION
LAN Status LAN Status Use this screen to view the status of all network traffic going through the
LAN ports of the SBG.
DHCP Client Use this screen to view the status of all devices connected to the SBG. You
can also set screen refresh time to see updates on new devices.
ARP Table Use this screen to view the ARP table. It displays the IP and MAC address
Multicast Status Use this screen to look at IGMP/MLD group status and traffic statistics.
LAN Setup Use this screen to configure LAN TCP/IP settings, and other advanced
Static DHCP Use this screen to assign specific IP addresses to individual MAC
Additional
Subnet
Wake on LAN Use this screen to remotely wake up a hibernating device on the local
VLAN /
Interface
Group
DNS Entry Use this screen to view and configure a domain name and DNS routes on
DNS
Forwarder
Routing
Routing
Status
Policy Route Use this screen to view and set up policy routes on the SBG.
Static Route Use this screen to view and set up static routes on the SBG.
RIP Use this screen to set up RIP (Routing Information Protocol) settings on the
NAT
Port
Forwarding
Port
Triggering
Address
Mapping
Default
Server
ALG Use this screen to enable or disable NAT ALG and SIP ALG.
Firewall / Security
Firewall
Overview
DoS Use this screen to activate protection against Denial of Service (DoS)
Firewall Rules Use this screen to add and view existing firewall rules to the SBG.
Device
Service
Zone Control Use this screen to set the firewall’s default actions based on the direction
of each DHCP connection.
properties.
addresses.
Use this screen to configure IP alias and public static IP.
network.
Use this screen to create a new interface group, which is a new LAN
bridge interface (subnet).
the SBG.
Use this screen to view and configure domain zone forwarder on the SBG.
Use this screen to view the IPv4 and IPv6 routing flow.
SBG.
Use this screen to make your local servers visible to the outside world.
Use this screen to change your SBG’s port triggering settings.
Use this screen to change your SBG’s address mapping settings.
Use this screen to configure a default server which receives packets from
ports that are not specified in the Port Forwarding screen.
Use this screen to enable the firewall.
attacks.
Use this screen to manage the services (such as HTTP and SSH) in the SBG.
of travel of packets.
SBG5500 Series User’s Guide
23
Page 24
Chapter 2 The Web Configurator
Table 3 Navigation Panel Summary (continued)
LINK TAB FUNCTION
Scheduler
Rule
Service Use this screen to add Internet services.
MAC Filter Use this screen to block or allow traffic from devices of certain MAC
Certificate Use this screen to view a summary list of certificates and manage
AAA Server Use this screen to manage the list of LDAP and RADIUS servers the SBG
VPN
VPN Status Use this screen to look at the status of VPN tunnels that are currently
IPsec VPN Use this screen to display and manage IPsec VPN gateways and
PPTP VPN Use this screen to configure the PPTP VPN settings in the SBG.
L2TP VPN Use this screen to configure L2TP over IPsec tunnels.
L2TP Client
Status
Bandwidth Management
General Use this screen to enable QoS and traffic prioritizing. You can also
Queue Setup Use this screen to configure QoS queues.
Classification
Setup
Policer Setup Use these screens to configure QoS policers.
Shaper Setup Use this screen to limit outgoing traffic transmission rate on the selected
Network Management
SNMP Use this screen to configure SNMP communities and services.
Log/Report
Log Viewer Use this screen to view the system logs on the SBG.
Log Settings Use this screen to change specify settings to recording your logs on the
Maintenance
Maintenance
Site Map
Service / License Use this screen to view the status of your licenses and update any license
Device Name Use this screen to give your SBG a name.
LAN Site Host
Name
Date / Time Use this screen to change your SBG5500-N’s time and date.
User Account Use this screen to manage user accounts, which includes configuring the
USB Storage Use this screen to enable USB storage sharing.
Use this screen to configure the days and times when a configured
restriction (such as User Access control) is enforced.
addresses to the SBG.
certificates and certification requests.
can use in authenticating users.
established.
connections.
Use this screen to view details about the L2TP clients.
configure the QoS rules and actions.
Use this screen to define a classifier.
interface.
SBG.
Click this to view a summary of all the available screens in the
Maintenance menu.
information.
Use this screen to add connected devices to the SBG.
username, password, retry times, file sharing, captive portal, and
customizing the login message.
SBG5500 Series User’s Guide
24
Page 25
Table 3 Navigation Panel Summary (continued)
LINK TAB FUNCTION
Diagnostic Network Tools Use this screen to ping an IP address or trace the route packets take to a
Firmware Upgrade
Firmware Use this screen to upload firmware to your device.
Mobile Profile Use this screen to update the mobile profile on the SBG.
Backup / Restore Use this screen to backup and restore your device’s configuration
Language Use this screen to change the SBG web configurator’s language,
Restart /
Shutdown
2.2.3 Main Window
Chapter 2 The Web Configurator
host
802.1ag Use this screen to configure CFM (Connectivity Fault Management) MD
(maintenance domain) to perform connectivity tests and view test
reports.
OAM Ping Use this screen to verify the connectivity of a specific PVC.
Packet Capture Use this screen to capture packets going through the SBG.
(settings) or reset the factory default settings.
Use this screen to reboot the SBG without turning the power off.
The main window displays information and configuration fields. It is discussed in the rest of this
document.
If you click Dashboard a graphic shows the connection status of the SBG’s ports. The connected
interfaces are in color and disconnected interfaces are gray.
Figure 11 Dashboard Screen
SBG5500 Series User’s Guide
25
Page 26
3.1 Overview
The Web Configurator's quick setup Wizard helps you configure Internet and VPN connection settings.
This chapter provides information on configuring the Wizard screens in the Web Configurator. See the
feature-specific chapters in this User’s Guide for background information.
Before you begin configuring your SBG register your device at myZyxel portal and check your current
license status.
The Wizard consists of the following setups:
• Wizard Basic Setup - Use Basic Setup to set up a WAN (Internet) connection. This Wizard creates
matching ISP account settings in the SBG if you use PPPoE. See Section 3.2 on page 27.
• Wizard IPsec VPN Setup - Use IPsec VPN Setup to configure an IPsec VPN (Virtual Private Network) rule
for a secure connection to another computer or network. See Section 3.3 on page 32.
• Wizard IPv6 Setup - Use IPv6 Setup to configure the IPv6 settings on your SBG. See Section 3.4 on page
40.
Figure 12 Wizard Setup
CHAPTER 3
Wizard
Note: See the technical reference chapters (starting on page 44) for background information
on the features in this chapter.
SBG5500 Series User’s Guide
26
Page 27
3.2 Wizard Basic Setup
The Wizard appears automatically after you log in the first time. Or you can go to the Wizard tab in the
navigation panel. Click the Welcome to Basic Setup down arrow to configure an interface to connect
to the Internet. Click Next to continue the Wizard, Back to return to the previous screen.
Figure 13 Wizard Basic Setup
Chapter 3 Wizard
1 Enter your Internet connection information in this screen. The screen and fields to enter may vary
depending on your current connection type and the Encapsulation you choose. You can also use this
screen to enable the VLAN tag in the SBG. Assign it a priority level (802.1p) and a VLAN ID for traffic
through this connection. Click Next.
SBG5500 Series User’s Guide
27
Page 28
Figure 14 Connect to the Internet
Chapter 3 Wizard
2 If you select the ADSL over ATM connection type, enter the VPI and VCI assigned to you and the
method of multiplexing used by your ISP.
Figure 15 ATM PVC Configuration
SBG5500 Series User’s Guide
28
Page 29
Chapter 3 Wizard
3 If you select PPPoE or PPPoA as your encapsulation, type the Username given to you by your ISP and
type the Password associated with the user name.
Figure 16 PPP information
4 Use this screen to specify which IPv4 address the SBG uses to connect to the Internet. If your ISP gave
you this information, enter it here. Otherwise select Obtain an IP Address Automatically.
Figure 17 IPv4 Address
5 Choose whether SBG gets DNS server addresses from the ISP automatically or uses the DNS server
addresses you got from the ISP. A DNS server is used for mapping a domain name to its corresponding IP
address and vice versa.
SBG5500 Series User’s Guide
29
Page 30
Figure 18 DNS Server
Chapter 3 Wizard
6 Choose the time zone for your device’s location. Click Save.
Figure 19 Date and Time
7 The SBG saves your settings and attempts to connect to the Internet. If the SBG failed to connect to the
Internet or if you want to modify any of the settings you previously configured you can click Back or go
to the Configuration > WAN/Internet > WAN Setup screen. Click Connection Test for the SBG to try
reconnecting with the same settings.
SBG5500 Series User’s Guide
30
Page 31
Figure 20 Basic Setup Completed
Chapter 3 Wizard
8 You can register your device and manage subscription services available for your SBG at myZyxel portal
for online services.
Figure 21 Register Device and Services
9 Once you completed the basic setup a summary of your settings displays. Click Finish to continue with
the Wizard setup.
SBG5500 Series User’s Guide
31
Page 32
Chapter 3 Wizard
Figure 22 Summary
3.3 Wizard IPsec VPN Setup
Click the IPsec VPN Setup down arrow to configure a VPN (Virtual Private Network) rule for a secure
connection to another computer or network.
Figure 23 Wizard IPsec VPN Setup
There are two types of VPN policies you can configure in the SBG. Select one and click Next.
•Express - Select Express to create a VPN rule with the default phase 1 and phase 2 settings and use a
pre-shared key as the authentication method. See Section 3.3.1 on page 33.
SBG5500 Series User’s Guide
32
Page 33
Chapter 3 Wizard
• Advanced - Select Advanced to change default settings an/or use certificates instead of a preshared key in the VPN rule. See Section 3.3.2 on page 35.
Figure 24 VPN Policy Type
3.3.1 VPN Express Settings
The following screens will display if you select Express in the previous screen.
1 Type the Rule Name used to identify this VPN connection (and VPN gateway). Then select the IKE
Version and Scenario that best describes your intended VPN connection. For more information on each
label see Section 10.5 on page 163.
SBG5500 Series User’s Guide
33
Page 34
Figure 25 VPN Express Settings
Chapter 3 Wizard
2 In My Interface select the type of encapsulation this connection is to use. Configure a Secure Gateway
IP as the peer SBG’s WAN IP address. Type a secure Pre-Shared Key. Set Local Policy to be the IP address
range of the network connected to the SBG and Remote Policy to be the IP address range of the
network connected to the peer SBG.
Figure 26 Secure Gateway
SBG5500 Series User’s Guide
34
Page 35
Chapter 3 Wizard
3 This screen shows a read-only summary of the VPN tunnel’s configuration. Click Save to apply your
changes.
Figure 27 Summary
4 Your SBG saves your settings. Now the VPN rule is configured on the SBG.
Figure 28 VPN Express Settings Completed
3.3.2 VPN Advanced Settings
The following screens will display if you select Advanced in the VPN Policy screen.
1 Type the Rule Name used to identify this VPN connection (and VPN gateway). Then select the IKE
Version and the Scenario that best describes your intended VPN connection. Then click Next. For more
information on each label see Section 10.5 on page 163.
SBG5500 Series User’s Guide
35
Page 36
Figure 29 VPN Advanced Settings
Chapter 3 Wizard
2 Use the following screen to setup Phase 1 Settings. Select an Encryption, Authentication Algorithm, and
Key Group, and define how often the SBG renegotiates the IKE SA in the Life Time field. For more
information on each label see Section 10.5 on page 163.
SBG5500 Series User’s Guide
36
Page 37
Figure 30 Phase 1 Settings
Chapter 3 Wizard
3 Use the following screen to setup Phase 2 Settings. Phase 2 in an IKE uses the SA that was established in
phase1 to negotiate Security Associations (SAs) for IPsec. For more information on each label on this
screen see Section 10.5 on page 163. Click Next.
SBG5500 Series User’s Guide
37
Page 38
Figure 31 Phase 2 Settings
Chapter 3 Wizard
4 A read-only summary of the VPN tunnel’s configuration will display. If you want to save your changes
click Save; otherwise go Back to modify any previous configurations.
SBG5500 Series User’s Guide
38
Page 39
Figure 32 Summary
Chapter 3 Wizard
5 Your SBG saves your settings. Now the rule is configured on the SBG. Click Finish to exit the VPN Setup
Wizard.
SBG5500 Series User’s Guide
39
Page 40
Chapter 3 Wizard
Figure 33 VPN Advanced Settings Completed
3.4 Wizard IPv6 Setup
Click the IPv6 Setup down arrow to configure the IPv6 settings on the SBG. Click Next to continue the
Wizard, Back to return to the previous screen.
SBG5500 Series User’s Guide
40
Page 41
Chapter 3 Wizard
Figure 34 Wizard IPv6 Setup
6 Select the WAN interface on which you want to have an IPv6 connection. Select Auto Detection for the
SBG to automatically detect the IPv6 Internet connection type, and the Wizard IPv6 setup is completed.
If you want to enter a static IPv6 address or obtain it from a DHCP server click Next.
Figure 35 Interface Setup
7 If you did not select Auto Detection the following screen displays. Use this screen to enter a static IPv6
address assigned by your ISP, and/or obtain an IPv6 address from a DHCPv6 server. The IP address
assigned by a DHCP server has priority over the IP address automatically generated by the SBG.
SBG5500 Series User’s Guide
41
Page 42
Figure 36 WAN Setup
Chapter 3 Wizard
8 Use this screen to configure the LAN IPv6 settings of the SBG. Select Delegate Prefix From WAN to
automatically obtain an IPv6 network prefix from the previously selected interface. Or select Static to
configure a static IPv6 address for the SBG’s LAN IPv6 address. Select the type of service that you are
registered from your DNS service provider. Click Next to save your settings.
Figure 37 LAN Setup
SBG5500 Series User’s Guide
42
Page 43
Chapter 3 Wizard
9 A read-only summary of the IPv6 settings will display. Click Finish to exit the Wizard IPv6 Setup.
Figure 38 Summary
SBG5500 Series User’s Guide
43
Page 44
PART II
Technical Reference
44
Page 45
4.1 Overview
After you log into the Web Configurator, the Dashboard screen appears. This shows the network
connection status of the SBG and clients connected to it.
You can use the Dashboard screen to look at the current status of the SBG, system resources, and
interfaces (LAN and WAN).
4.2 The Dashboard Screen
Use this screen to view the connections status of the SBG. When you click the Dashboard tab a network
map opens. You can view the number of devices connected to the SBG. Click on each interface icon
to view details about the SBG interfaces.
CHAPTER 4
Dashboard
Figure 39 Dashboard Screen
If you prefer to view the status in a list, click the arrow icon to show the Dashboard’s list view.
SBG5500 Series User’s Guide
45
Page 46
Chapter 4 Dashboard
Figure 40 Dashboard List View Screen
Each field is described in the following table.
Table 4 Dashboard List View Screen
LABEL DESCRIPTION
Device Information
Host Name This field displays the name used to identify the SBG on any network.
Serial Number This field displays the serial number of this SBG. The serial number is used for device
tracking and control.
MAC Address This field displays the MAC address used by the SBG.
Firmware Version This field displays the present firmware version.
System Status
System Uptime This field displays how long the SBG has been running since it last restarted or was
Current Date/Time This field displays the time in the SBG.
CPU Usage This field displays what percentage of the SBG’s processing capability is currently
Memory Usage This field displays what percentage of the SBG’s RAM is currently being used.
Firewall Status
Firewall Click the slide button to enable and disable the firewall on the SBG.
DoS Protection Click the slide button to activate protection against DoS attacks.
Multi-WAN
Load Balance This shows the active WAN interfaces in the SBG.
turned on.
Each time you reload this page, the SBG synchronizes the date with the time server.
being used.
SBG5500 Series User’s Guide
46
Page 47
Chapter 4 Dashboard
Table 4 Dashboard List View Screen
LABEL DESCRIPTION
Algorithm This field displays the type of load balancing algorithm currently used by the SBG.
WRR (Weighted Round Robin) to balance the traffic load between interfaces based
on their respective weights.
LLF (Least Load First) to send new session traffic through the least utilized trunk
member.
SPILLOVER to send network traffic through the first interface in the group member list
until there is enough traffic that the second interface needs to be used (and so on).
Failover This field displays the passive interfaces used for failover in the SBG.
VPN Status This field displays the SBG’s VPN connections and if the IP Sec SA is connected or
disconnected.
Dynamic DNS Status This field display the SBG’s dynamic DNS and the interface each DDNS uses.
Bandwidth Monitor
Interface This field displays the name of each interface in the SBG.
Upload Speed This displays interface’s current upload link speed.
Download Speed This displays interface’s current download link speed.
SBG5500 Series User’s Guide
47
Page 48
5.1 Overview
SBG
SBG
This chapter discusses the SBG’s WAN/Internet screens. Use these screens to configure your SBG for
Internet access.
A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It
connects your private networks, such as a LAN (Local Area Network) and other networks, so that a
computer in one location can communicate with computers in other locations.
Figure 41 LAN and WAN
CHAPTER 5
WAN/Internet
3G (third generation) standards for the sending and receiving of voice, video, and data in a mobile
environment.
You can attach a 3G/4G wireless adapter to the USB port and set the SBG to use this 3G connection as
your WAN or a backup when the wired WAN connection fails.
Figure 42 3G/4G WAN Connection
SBG5500 Series User’s Guide
48
Page 49
Chapter 5 WAN/Internet
5.1.1 What You Can Do in this Chapter
• Use the WAN Status screen to view the WAN traffic statistics (Section 5.3 on page 56).
• Use the WAN Setup screen to view, remove or add a WAN interface. You can also configure the WAN
settings on the SBG for Internet access (Section 5.3 on page 56).
• Use the Mobile screen to configure a 3G/4G WAN connection (Section 5.4 on page 68).
• Use the Port Setting screen to set flexible ports as part of LAN or WAN interfaces. (Section 5.5 on page
72).
• Use the Multi-WAN screen to configure the multiple WAN load balancing and failover rules to
distribute traffic among different interfaces (Section 5.6 on page 73).
• Use the Dynamic DNS screen to enable DDNS and configure the DDNS settings on the SBG (Section
5.7 on page 76).
• Use the xDSL Advanced screen to enable Annex M, DSL PhyR and other functions (Section 5.8 on
page 79).
Table 5 WAN Setup Overview
LAYER-2 INTERFACE INTERNET CONNECTION
CONNECTION DSL LINK TYPE MODE ENCAPSULATION CONNECTION SETTINGS
ADSL/VDSL over
PTM
ADSL over ATM EoA Routing PPPoE/PPP0A ATM PCV configuration, PPP
Ethernet N/A Routing IPoE/PPPoE PPP information, IPv4/IPv6 IP address,
3G N/A Nailed Up PPP/IPoE Dial string, APN (Access Point Name),
N/A Routing PPPoE PPP information, IPv4/IPv6 IP address,
Bridge N/A VLAN and QoS
Bridge N/A ATM PCV configuration, and QoS
Bridge N/A VLAN and QoS
On Demand PPP/IPoE Dial string, APN, Maximum idle time
routing feature, DNS server, VLAN,
QoS, and MTU
IPoE IPv4/IPv6 IP address, routing feature,
DNS server, VLAN, QoS, and MTU
information, IPv4/IPv6 IP address,
routing feature, DNS server, VLAN,
QoS, and MTU
IPoE/IPoA ATM PCV configuration, IPv4/IPv6 IP
address, routing feature, DNS server,
VLAN, QoS, and MTU
routing feature, DNS server, VLAN,
QoS, and MTU
IP address, DNS server
out, IP address, DNS server
5.1.2 What You Need to Know
The following terms and concepts may help as you read this chapter.
Encapsulation Method
Encapsulation is used to include data from an upper layer protocol into a lower layer protocol. To set up
a WAN connection to the Internet, you need to use the same encapsulation method used by your ISP
SBG5500 Series User’s Guide
49
Page 50
Chapter 5 WAN/Internet
(Internet Service Provider). If your ISP offers a dial-up Internet connection using PPPoE (PPP over
Ethernet), they should also provide a username and password (and service name) for user
authentication.
WAN IP Address
The WAN IP address is an IP address for the SBG, which makes it accessible from an outside network. It is
used by the SBG to communicate with other devices in other networks. It can be static (fixed) or
dynamically assigned by the ISP each time the SBG tries to access the Internet.
If your ISP assigns you a static WAN IP address, they should also assign you the subnet mask and DNS
server IP address(es).
ATM
Asynchronous Transfer Mode (ATM) is a WAN networking technology that provides high-speed data
transfer. ATM uses fixed-size packets of information called cells. With ATM, a high QoS (Quality of Service)
can be guaranteed. ATM uses a connection-oriented model and establishes a virtual circuit (VC)
between Finding Out More
PTM
Packet Transfer Mode (PTM) is packet-oriented and supported by the VDSL2 standard. In PTM, packets
are encapsulated directly in the High-level Data Link Control (HDLC) frames. It is designed to provide a
low-overhead, transparent way of transporting packets over DSL links, as an alternative to ATM.
3G
3G (Third Generation) is a digital, packet-switched wireless technology. Bandwidth usage is optimized as
multiple users share the same channel and bandwidth is only allocated to users when they send data. It
allows fast transfer of voice and non-voice data and provides broadband Internet access to mobile
devices.
IPv6 Introduction
IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in
IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 10
can use IPv4/IPv6 dual stack to connect to IPv4 and IPv6 networks, and supports IPv6 rapid deployment
(6RD).
38
IP addresses. The SBG
IPv6 Addressing
The 128-bit IPv6 address is written as eight 16-bit hexadecimal blocks separated by colons (:). This is an
example IPv6 address 2001:0db8:1a2b:0015:0000:0000:1a2f:0000.
IPv6 addresses can be abbreviated in two ways:
• Leading zeros in a block can be omitted. So 2001:0db8:1a2b:0015:0000:0000:1a2f:0000 can be
written as 2001:db8:1a2b:15:0:0:1a2f:0.
SBG5500 Series User’s Guide
50
Page 51
Chapter 5 WAN/Internet
SBG
• Any number of consecutive blocks of zeros can be replaced by a double colon. A double colon can
only appear once in an IPv6 address. So 2001:0db8:0000:0000:1a2f:0000:0000:0015 can be
written as 2001:0db8::1a2f:0000:0000:0015, 2001:0db8:0000:0000:1a2f::0015,
2001:db8::1a2f:0:0:15 or 2001:db8:0:0:1a2f::15.
IPv6 Prefix and Prefix Length
Similar to an IPv4 subnet mask, IPv6 uses an address prefix to represent the network address. An IPv6
prefix length specifies how many most significant bits (start from the left) in the address compose the
network address. The prefix length is written as “/x” where x is a number. For example,
2001:db8:1a2b:15::1a2f:0/32
means that the first 32 bits (2001:db8) is the subnet prefix.
IPv6 Subnet Masking
Both an IPv6 address and IPv6 subnet mask compose of 128-bit binary digits, which are divided into
eight 16-bit blocks and written in hexadecimal notation. Hexadecimal uses four bits for each character
(1 ~ 10, A ~ F). Each block’s 16 bits are then represented by four hexadecimal characters. For example,
FFFF:FFFF:FFFF:FFFF:FC00:0000:0000:0000.
IPv6 Rapid Deployment
Use IPv6 Rapid Deployment (6rd) when the local network uses IPv6 and the ISP has an IPv4 network.
When the SBG has an IPv4 WAN address and you set IPv4/IPv6 Mode to IPv4 Only, you can enable 6rd
to encapsulate IPv6 packets in IPv4 packets to cross the ISP’s IPv4 network.
The SBG generates a global IPv6 prefix from its IPv4 WAN address and tunnels IPv6 traffic to the ISP’s
Border Relay router (BR in the figure) to connect to the native IPv6 Internet. The local network can also
use IPv4 services. The SBG uses it’s configured IPv4 WAN IP to route IPv4 traffic to the IPv4 Internet.
Figure 43 IPv6 Rapid Deployment
SBG5500 Series User’s Guide
51
Page 52
Chapter 5 WAN/Internet
SBG
Dual Stack Lite
Use Dual Stack Lite when local network computers use IPv4 and the ISP has an IPv6 network. When the
SBG has an IPv6 WAN address and you set IPv4/IPv6 Mode to IPv6 Only, you can enable Dual Stack Lite
to use IPv4 computers and services.
The SBG tunnels IPv4 packets inside IPv6 encapsulation packets to the ISP’s Address Family Transition
Router (AFTR in the graphic) to connect to the IPv4 Internet. The local network can also use IPv6 services.
The VDSL Router uses it’s configured IPv6 WAN IP to route IPv6 traffic to the IPv6 Internet.
Figure 44 Dual Stack Lite
5.1.3 Before You Begin
You need to know your Internet access settings such as encapsulation and WAN IP address. Get this
information from your ISP.
5.2 The WAN Status Screen
Use this screen to show the number of bytes received and sent on the SBG. Click Configuration > WAN /
Internet to open the WAN Status screen.
Figure 45 Configuration > WAN / Internet > WAN Status
SBG5500 Series User’s Guide
52
Page 53
Chapter 5 WAN/Internet
The following table describes the labels in this screen.
Table 6 Configuration > WAN / Internet > WAN Status
LABEL DESCRIPTION
Name This displays the name of the WAN interface.
Status This shows Up if the connection to this interface is up, otherwise it will display Down.
Tx Bytes This indicates the number of bytes transmitted on this interface.
Rx Bytes This indicates the number of bytes received on this interface.
Tx Pkts This indicates the number of transmitted packets on this interface.
Rx Pkts This indicates the number of received packets on this interface.
5.2.1 The xDSL Statistics Screen
Use this screen to view detailed DSL statistics. Click Configuration > WAN / Internet > WAN Status and
click on the xDSL Statistics tab.
Figure 46 Configuration > WAN / Internet > WAN Status > xDSL Statistics
SBG5500 Series User’s Guide
53
Page 54
Chapter 5 WAN/Internet
The following table describes the labels in this screen.
Table 7 Configuration > WAN / Internet > WAN Status > xDSL Statistics
LABEL DESCRIPTION
Refresh Click this to refresh the statistics.
xDSL Training Status This displays the current state of setting up the DSL connection.
Mode This displays the ITU standard used for this connection.
Traffic Type This displays the type of traffic the DSL port is sending and receiving. Inactive displays
Link Uptime This displays how long the port has been running (or connected) since the last time it
xDSL Port Details
Upstream These are the statistics for the traffic direction going out from the port to the service
Downstream These are the statistics for the traffic direction coming into the port from the service
Line Rate These are the data transfer rates at which the port is sending and receiving data.
Actual Net Data Rate These are the rates at which the port is sending and receiving the payload data
Trellis Coding This displays whether or not the port is using Trellis coding for traffic it is sending and
SNR Margin This is the upstream and downstream Signal-to-Noise Ratio margin (in dB). A DMT sub-
Actual Delay This is the upstream and downstream interleave delay. It is the wait (in milliseconds)
Transmit Power This is the upstream and downstream far end actual aggregate transmit power (in
Receive Power Upstream is how much power the service provider is receiving from the port.
Actual INP Sudden spikes in the line’s level of external noise (impulse noise) can cause errors
Attainable Net Data Rate These are the highest theoretically possible transfer rates at which the port could
xDSL Counters
Downstream These are the statistics for the traffic direction coming into the port from the service
Upstream These are the statistics for the traffic direction going out from the port to the service
if the DSL port is not currently sending or receiving traffic.
was started.
provider.
provider.
without transport layer protocol headers and traffic.
receiving. Trellis coding helps to reduce the noise in ADSL transmissions. Trellis may
reduce throughput but it makes the connection more stable.
carrier’s SNR is the ratio between the received signal power and the received noise
power. The signal-to-noise ratio margin is the maximum that the received noise
power could increase with the system still being able to meet its transmission targets.
that determines the size of a single block of data to be interleaved (assembled) and
then transmitted. Interleave delay is used when transmission error correction (ReedSolomon) is necessary due to a less than ideal telephone line. The bigger the delay,
the bigger the data block size, allowing better error correction to be performed.
dBm).
Upstream is how much power the port is using to transmit to the service provider.
Downstream is how much port the service provider is using to transmit to the port.
Downstream is how much power the port is receiving from the service provider.
and result in lost packets. This could especially impact the quality of multimedia
traffic such as voice or video. Impulse noise protection (INP) provides a buffer to
allow for correction of errors caused by error correction to deal with this. The number
of DMT (Discrete Multi-Tone) symbols shows the level of impulse noise protection for
the upstream and downstream traffic. A higher symbol value provides higher error
correction capability, but it causes overhead and higher delay which may increase
error rates in received multimedia data.
send and receive payload data without transport layer protocol headers and traffic.
provider.
provider.
SBG5500 Series User’s Guide
54
Page 55
Table 7 Configuration > WAN / Internet > WAN Status > xDSL Statistics
LABEL DESCRIPTION
FEC This is the number of Far End Corrected blocks.
CRC This is the number of Cyclic Redundancy Checks.
ES This is the number of Errored Seconds meaning the number of seconds containing at
SES This is the number of Severely Errored Seconds meaning the number of seconds
UAS This is the number of UnAvailable Seconds.
LOS This is the number of Loss Of Signal seconds.
LOF This is the number of Loss Of Frame seconds.
LOM This is the number of Loss of Margin seconds.
Retr This is the number of DSL retraining count in BRCM DSL driver.
HostInitRetr This is the number of the retraining counts the host initiated.
FailedRetr This is the number of failed retraining counts
5.2.2 The SFP Status Screen
Chapter 5 WAN/Internet
least one errored block or at least one defect.
containing 30% or more errored blocks or at least one defect. This is a subset of ES.
Use this screen to view details about the SBG’s SFP connection and DDMI. Digital Diagnostics Monitoring
Interface (DDMI) SFP enables a real time link to be established between the SBG and the SFP
transceiver. View operating parameters within the fiber link. Click Configuration > WAN / Internet > WAN
Status and click on the SFP Status tab.
Figure 47 Configuration > WAN / Internet > WAN Status > SFP Status
SBG5500 Series User’s Guide
55
Page 56
Chapter 5 WAN/Internet
The following table describes the labels in this screen.
Table 8 Configuration > WAN / Internet > WAN Status > SFP Status
LABEL DESCRIPTION
Refresh Click Refresh to update this screen.
Transceiver Information
Status This field displays the status of the SFP transceiver.
Vendor This field displays the SFP transceiver’s vendor name.
Serial Number This field displays the SFP transceiver’s serial number provided by the vendor.
Revision This field displays the SFP transceiver’s serial number revision level for part number.
Data Code This field displays the SFP transceiver’s manufacturing data code.
Transceiver This field displays the SFP transceiver’s compatibility.
DDMI Information
Current This field displays the current value for the temperature, voltage, TX Bias, TX Power,
High Alarm Threshold This field displays the threshold value for a high alarm.
High Warn Threshold This field displays the threshold value for a high warning.
Low Warn Threshold This field displays the threshold value for a low warning.
Low Alarm Threshold This field displays the threshold value for a low warning.
RX power.
5.3 The WAN Setup Screen
Use this screen to change your SBG’s Internet access settings. Click Configuration > WAN / Internet >
WAN Setup from the menu. The summary table shows you the configured WAN services (connections)
on the SBG.
Figure 48 Configuration > WAN / Internet > WAN Setup
The following table describes the labels in this screen.
Table 9 Configuration > WAN / Internet > WAN Setup
LABEL DESCRIPTION
Add Click this button to create a new WAN connection.
Edit Click Edit to modify the WAN connection.
Remove Click Remove to delete a WAN connection.
SBG5500 Series User’s Guide
56
Page 57
Chapter 5 WAN/Internet
Table 9 Configuration > WAN / Internet > WAN Setup (continued)
LABEL DESCRIPTION
Multiple Entries
Turn On
Multiple Entries
Turn Off
# This is the index number of the WAN connection.
Status This field displays whether the connection is active or not. A green ON button signifies that this
Name This is the service name of the connection.
Type This shows whether it is an ATM, PTM, or Ethernet connection.
Mode This shows whether the connection is in routing or bridge mode.
Encapsulation This is the method of encapsulation used by this connection.
802.1p This indicates the IEEE 802.1p priority level assigned to traffic sent through this connection. This
802.1q This indicates the VLAN ID number assigned to traffic sent through this connection. This displays
IGMP Proxy This shows whether the SBG act as an IGMP proxy (green check mark) or not (red X) on this
NAT This shows whether NAT is activated (green check mark) or not (red X) for this connection.
Default
Gateway
IPv6 This shows whether IPv6 is activated (green check mark) or not (red X) for this connection. IPv6 is
MLD Proxy This shows whether Multicast Listener Discovery (MLD) is activated (green check mark) or not
Select one or more WAN connections and click this to enable them.
Use the [Shift] or [Ctrl] key to select multiple entries.
Select one or more WAN connections and click this to disable them.
Use the [Shift] or [Ctrl] key to select multiple entries.
connection is active. A gray OFF button signifies that this connection is not active.
Click the slide button to enable and disable the connection.
displays N/A when there is no priority level assigned.
N/A when there is no VLAN ID number assigned.
connection.
This shows whether the SBG use the WAN interface of this connection as the system default
gateway (green check mark) or not (red X).
not available when the connection uses the bridging service.
(red X) for this connection. MLD is not available when the connection uses the bridging service.
5.3.1 Add/Edit Internet Connection
Click Add or Edit in the Configuration > WAN / Internet > WAN Setup screen to configure a WAN
connection. The screen varies depending on the interface type, mode, encapsulation, and IPv4/IPv6
mode you select.
5.3.1.1 Routing Mode
Use Routing mode if your ISP give you one IP address only and you want multiple computers to share an
Internet account.
The screen varies when you select other interface type, encapsulation, and IPv6/IPv4 mode.
SBG5500 Series User’s Guide
57
Page 58
Chapter 5 WAN/Internet
Figure 49 WAN / Internet > WAN Setup > Add/Edit: Routing Mode
SBG5500 Series User’s Guide
58
Page 59
Chapter 5 WAN/Internet
The following table describes the labels in this screen.
Table 10 WAN Internet > WAN Setup > Add/Edit: Routing Mode
LABEL DESCRIPTION
General
Interface
Enable
Name Specify a descriptive name for this connection.
Type Select whether it is ADSL/VDSL over PTM, ADSL over ATM, or Ethernet connection.
Mode Select Routing if your ISP give you one IP address only and you want multiple computers to share
Encapsulation Select the method of encapsulation used by your ISP from the drop-down list box. This option is
Select this to activate the WAN configuration settings.
• ADSL/VDSL over PTM: The SBG uses the VDSL technology for data transmission over the DSL
port.
• ADSL over ATM: The SBG uses the ADSL technology for data transmission over the DSL port.
• Ethernet: The SBG transmits data over the Ethernet WAN port. Select this if you have a DSL
router or modem in your network already.
an Internet account.
available only when you select Routing in the Mode field.
• PPP over Ethernet (PPPoE): PPPoE (Point to Point Protocol over Ethernet) provides access
control and billing functionality in a manner similar to dial-up services using PPP. Select this if
you have a username and password for Internet access.
• IP over Ethernet (IPoE): In this type of Internet connection, IP packets are routed between the
Ethernet interface and the WAN interface and then formatted so that they can be
understood in a bridged environment.
• PPP over ATM (PPPoA): PPPoA allows just one PPPoA connection over a PVC.
• IP over ATM (IPoA): IPoA allows just one RFC 1483 routing connection over a PVC.
If your connection type is ADSL/VDSL over PTM or Ethernet, the choices are PPPoE and IPoE.
If your connection type is ADSL over ATM, the choices are PPPoE, PPPoA, IPoE and IPoA.
IPv4/IPv6 Mode Select IPv4 Only if you want the SBG to run IPv4 only.
Select IPv4 IPv6 Dualstack to allow the SBG to run IPv4 and IPv6 at the same time.
Select IPv6 Only if you want the SBG to run IPv6 only.
PPP Information This is available only when you select PPPoE or PPPoA in the Encapsulation field.
User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain
where domain identifies a service name, then enter both components exactly as given.
Password Enter the password associated with the user name above. Click Password Unmask to view the
password you entered.
Connection
Trigger
Idle Timeout This value specifies the time in minutes that elapses before the router automatically disconnects
PPPoE
Passthrough
ATM PVC Configuration (These fields appear when the Type is set to ADSL over ATM.)
VPI The valid range for the VPI is 0 to 255. Enter the VPI assigned to you.
Select Auto Connect if you do not want the connection to time out. Select On Demand to
specify the time of idle before the connection times out.
from the PPPoE server.
This field is not configurable if you select Auto Connect.
This field is available when you select PPPoE encapsulation.
In addition to the SBG’s built-in PPPoE client, you can enable PPPoE pass through to allow up to
ten hosts on the LAN to use PPPoE client software on their computers to connect to the ISP via
the SBG. Each host can have a separate account and a public WAN IP address.
PPPoE pass through is an alternative to NAT for application where NAT is not appropriate.
Disable PPPoE pass through if you do not need to allow hosts on the LAN to use PPPoE client
software on their computers to connect to the ISP.
SBG5500 Series User’s Guide
59
Page 60
Chapter 5 WAN/Internet
Table 10 WAN Internet > WAN Setup > Add/Edit: Routing Mode (continued)
LABEL DESCRIPTION
VCI The valid range for the VCI is 32 to 65535 (0 to 31 is reserved for local management of ATM
traffic). Enter the VCI assigned to you.
Encapsulation Select the method of multiplexing used by your ISP from the drop-down list box. Choices are:
• LLC/SNAP-BRIDGING: In LCC encapsulation, bridged PDUs are encapsulated by identifying
the type of the bridged media in the SNAP header. This is available only when you select IPoE
or PPPoE in the Select DSL Link Type field.
• VC/MUX: In VC multiplexing, each protocol is carried on a single ATM virtual circuit (VC). To
transport multiple protocols, the SBG needs separate VCs. There is a binding between a VC
and the type of the network protocol carried on the VC. This reduces payload overhead
since there is no need to carry protocol information in each Protocol Data Unit (PDU)
payload.
Service
Category
Peak Cell Rate Divide the DSL line rate (bps) by 424 (the size of an ATM cell) to find the Peak Cell Rate (PCR). This
Sustainable Cell
Rate
Select UBR Without PCR for applications that are non-time sensitive, such as e-mail.
Select CBR (Continuous Bit Rate) to specify fixed (always-on) bandwidth for voice or data traffic.
Select VBR-nrt (non real-time Variable Bit Rate) for connections that do not require closely
controlled delay and delay variation.
Select Realtime VBR (real-time Variable Bit Rate) for applications with bursty connections that
require closely controlled delay and delay variation.
is the maximum rate at which the sender can send cells. Type the PCR here.This field is not
available when you select UBR Without PCR.
The Sustainable Cell Rate (SCR) sets the average cell rate (long-term) that can be transmitted.
Type the SCR, which must be less than the PCR. Note that system default is 0 cells/sec.
This field is available only when you select VBR-nrt or Realtime VBR.
Maximum Burst
Size
IPv4 Address This is available only when you select IPv4 Only or IPv4 IPv6 Dualstack in the IPv4 / IPv6 Mode
Obtain an IP
Address
Automatically
Use the
Following IP
Address
IP Address Enter the static IP address provided by your ISP.
Subnet Mask Enter the subnet mask provided by your ISP.
Gateway IP
Address
Routing Feature This is available only when you select IPv4 Only or IPv4 IPv6 DualStack in the IPv4 / IPv6 Mode
Enable NAT Select this option to activate NAT on this connection.
Enable
IGMP Proxy
Apply as
Default
Gateway
Maximum Burst Size (MBS) refers to the maximum number of cells that can be sent at the peak
rate. Type the MBS, which is less than 65535.
This field is available only when you select VBR-nrt or Realtime VBR.
field.
A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed; the ISP
assigns you a different one each time you connect to the Internet. Select this if you have a
dynamic IP address.
Select this option if the ISP assigned a fixed IP address.
Enter the gateway IP address provided by your ISP.
field.
Internet Group Multicast Protocol (IGMP) is a network-layer protocol used to establish
membership in a Multicast group - it is not used to carry user data.
Select this option to have the SBG act as an IGMP proxy on this connection. This allows the SBG
to get subscribing information and maintain a joined member list for each multicast group. It can
reduce multicast traffic significantly.
Select this option to have the SBG use the WAN interface of this connection as the system
default gateway.
SBG5500 Series User’s Guide
60
Page 61
Chapter 5 WAN/Internet
Table 10 WAN Internet > WAN Setup > Add/Edit: Routing Mode (continued)
LABEL DESCRIPTION
DNS Server This is available only when you select IPv4 Only or IPv4 IPv6 Dualstack in the IPv4 / IPv6 Mode
field.
Obtain DNS
Server Address
Automatically
Use the
Following DNS
Server Address
DNS Server 1 Enter the first DNS server address.
DNS Server 2 Enter the second DNS server address.
DHCP Client
Options
Request Options Select Option 43 to have the SBG automatically add vendor specific information in the DHCP
Send Options
Option 60 Select this and enter the device identity you want the SBG to add in the DHCP discovery packets
Vendor
Class ID
Option 61 Select this and enter any string that identifies the device.
IAID Enter the Identity Association Identifier (IAID) of the device, for example, the WAN connection
DUID Type Select DUID-LLT to have the SBG use DUID-LLT (DUID Based on Link-layer Address Plus Time) for
Select this if you want the SBG to use the DNS server addresses assigned by your ISP.
Select this if you want the SBG to use the DNS server addresses you configure manually.
This is available only when you select IPv4 Only or IPv4 IPv6 Dualstack in the IPv4 / IPv6 Mode
field.
packets to request the vendor specific options from the DHCP server.
Select Option 120 to have the SBG get the IP address or a fully-qualified domain name of SIP
server from the DHCP server.
Select Option 121 to have the SBG get static route rules from the DHCP server.
that go to the DHCP server.
Enter the Vendor Class Identifier, such as the type of the hardware or firmware.
index number.
identification when exchanging DHCPv6 messages. You need to enter the hardware type, a
time value and the MAC address of the device.
Select DUID-EN to have the SBG use DUID-EN (DUID Assigned by Vendor Based upon Enterprise
Number) for identification when exchanging DHCPv6 messages. You need to enter the vendor’s
registered enterprise number.
Select DUID-LL to have the SBG use DUID-LL (DUID Based on Link-layer Address) for identification
when exchanging DHCPv6 messages. You need to enter the device’s hardware type and
hardware address (MAC address).
Hardware
Type
Time Enter the time that the DUID is generated.
Link-layer
Address
Enterprise
Number
Identifier Enter a unique identifier assigned by the vendor.
Option 125 Select this to have the SBG automatically generate and add vendor specific parameters in the
6RD Enable IPv6 rapid deployment to tunnel IPv6 traffic from the local network through the ISP’s IPv4
Enter the device’s hardware type, assigned by the IANA.
Enter the SBG’s hardware address, that is the MAC address.
Enter the vendor’s registered private enterprise number. An enterprise number is a unique
number that identifies a company.
DHCP discovery packets that go to the DHCP server.
network.
The 6RD (IPv6 rapid deployment) fields display when you set the IPv4 / IPv6 Mode field to IPv4
Only.
SBG5500 Series User’s Guide
61
Page 62
Chapter 5 WAN/Internet
Table 10 WAN Internet > WAN Setup > Add/Edit: Routing Mode (continued)
LABEL DESCRIPTION
Automatically
configured by
DHCPC
Manual
Configuration
Service Provider
IPv6 Prefix
IPv4 Mask
Length
Border Relay
IPv4 Address
VLAN These fields disappear when the Type is set to ADSL/VDSL over PTM and the method of
Enable Select this option to add the VLAN tag (specified below) to the outgoing traffic through this
802.1p IEEE 802.1p defines up to 8 separate traffic types by inserting a tag into a MAC-layer frame that
VLAN ID Type the VLAN ID number (from 1 to 4094) for traffic through this connection.
Interface Parameters
Egress
Bandwidth
Ingress
Bandwidth
MTU Enter the MTU (Maximum Transfer Unit) size for this traffic.
Select this to have the SBG detect IPv4 address automatically through DHCP.
This option is configurable only when you set the method of encapsulation to IPoE.
Select this to manually configure an IPv4 address of the relay server.
Enter an IPv6 prefix for tunneling IPv6 traffic to the ISP’s Border Relay router and connecting to
the native IPv6 Internet.
Enter the subnet mask number (1~32) for the IPv4 network.
When you select Manual Configuration, specify the relay server IPv4 address.
encapsulation is PPPoA or IPoA.
connection.
contains bits to define class of service.
Select the IEEE 802.1p priority level (from 0 to 7) to add to traffic through this connection. The
greater the number, the higher the priority level.
Enter the maximum amount of traffic, in kilobits per second, the SBG can send through the
interface to the network. Allowed values are 0 - 1048576.
This is reserved for future use.
Enter the maximum amount of traffic, in kilobits per second, the SBG can receive from the
network through the interface. Allowed values are 0 - 1048576.
Type the maximum size of each data packet, in bytes, that can move through this interface. If a
larger packet arrives, the SBG divides it into smaller fragments. Allowed values are 68 -1492.
Usually, this value is 1500.
Connectivity
Check
Enable
Connectivity
Check
Check Method Select the method that the gateway allows.
Check Period Enter the number of seconds between connection check attempts.
Check Timeout Enter the number of seconds to wait for a response before the attempt is a failure.
Check Fail
Tolerance
The interface can regularly check the connection to the gateway you specified to make sure it
is still available. You specify how often the interface checks the connection, how long to wait for
a response before the attempt is a failure, and how many consecutive failures are required
before the SBG stops routing to the gateway. The SBG resumes routing to the gateway the first
time the gateway passes the connectivity check.
Select this to turn on the connection check.
Select ICMP to have the SBG regularly ping the gateway you specify to make sure it is still
available.
Select TCP to have the SBG regularly perform a TCP handshake with the gateway you specify to
make sure it is still available.
Enter the number of consecutive failures before the SBG stops routing through the gateway.
SBG5500 Series User’s Guide
62
Page 63
Table 10 WAN Internet > WAN Setup > Add/Edit: Routing Mode (continued)
LABEL DESCRIPTION
Check Default
Gateway
Check This
Address
WAN MAC Address
Factory Default Select this to use the factory default MAC address,
Clone the
Computer MAC
address-IP
Address
Set MAC
Address
OK Click OK to save your changes back to the SBG.
Cancel Click Cancel to exit this screen without saving.
5.3.1.2 Bridge Mode
Click the Add or Edit in the Configuration > WAN / Internet > WAN Setup screen. Select Bridge as the
device mode. The screen varies depending on the interface type you select.
Chapter 5 WAN/Internet
Select this to use the default gateway for the connectivity check.
Select this to specify a domain name or IP address for the connectivity check. Enter that domain
name or IP address in the field next to it.
Select this to clone the MAC address from a computer on your LAN. Type the IP address of the
computer with the MAC address you are cloning.
Select this if you know the MAC address you want to use.
ADSL/VDSL over PTM or Ethernet
If you select ADSL/VDSL over PTM or Ethernet as the interface type, the following screen appears.
Figure 50 WAN / Internet > WAN Setup > Add/Edit: Bridge Mode (ADSL/VDSL over PTM or Ethernet)
SBG5500 Series User’s Guide
63
Page 64
Chapter 5 WAN/Internet
The following table describes the fields in this screen.
Table 11 WAN / Internet > WAN Setup > Add/Edit: Bridge Mode (ADSL/VDSL over PTM or Ethernet)
LABEL DESCRIPTION
General
Interface Enable Select this to activate the WAN configuration settings.
Name Enter a service name of the connection.
Type Select ADSL/VDSL over PTM as the interface that you want to configure. The SBG uses the VDSL
Mode Select Bridge when your ISP provides you more than one IP address and you want the
VLAN
Enable Select this to add the VLAN Tag (specified below) to the outgoing traffic through this
802.1p IEEE 802.1p defines up to 8 separate traffic types by inserting a tag into a MAC-layer frame that
VLAN ID Type the VLAN ID number (from 0 to 4094) for traffic through this connection.
WAN MAC Address
Factory Default Select this to use the factory default MAC address,
Clone the
Computer MAC
address-IP
Address
Set MAC
address
OK Click OK to save your changes.
Cancel Click Cancel to exit this screen without saving.
technology for data transmission over the DSL port. Otherwise, select Ethernet to have the SBG
transmits data over the Ethernet WAN port.
connected computers to get individual IP address from ISP’s DHCP server directly. If you select
Bridge, you cannot use routing functions, such as QoS, Firewall, DHCP server and NAT on traffic
from the selected LAN port(s).
connection.
contains bits to define class of service.
Select the IEEE 802.1p priority level (from 0 to 7) to add to traffic through this connection. The
greater the number, the higher the priority level.
Select this to clone the MAC address from a computer on your LAN. Type the IP address of the
computer with the MAC address you are cloning.
Select this if you know the MAC address you want to use.
ADSL over ATM
If you select ADSL over ATM as the interface type, the following screen appears.
SBG5500 Series User’s Guide
64
Page 65
Chapter 5 WAN/Internet
Figure 51 WAN / Internet > WAN Setup > Add/Edit: Bridge Mode (ADSL over ATM)
The following table describes the fields in this screen.
Table 12 WAN / Internet > WAN Setup > Add/Edit: Bridge Mode (ADSL over ATM)
LABEL DESCRIPTION
General
Interface Enable Select this to activate the WAN configuration settings.
Name Enter a service name of the connection.
Type Select ADSL over ATM as the interface for which you want to configure here. The SBG uses the
ADSL technology for data transmission over the DSL port.
Mode Select Bridge when your ISP provides you more than one IP address and you want the
ATM PVC Configuration (These fields appear when the Type is set to ADSL over ATM.)
VPI The valid range for the VPI is 0 to 255. Enter the VPI assigned to you.
VCI The valid range for the VCI is 32 to 65535 (0 to 31 is reserved for local management of ATM
connected computers to get individual IP address from ISP’s DHCP server directly. If you select
Bridge, you cannot use routing functions, such as QoS, Firewall, DHCP server and NAT on traffic
from the selected LAN port(s).
traffic). Enter the VCI assigned to you.
SBG5500 Series User’s Guide
65
Page 66
Chapter 5 WAN/Internet
Table 12 WAN / Internet > WAN Setup > Add/Edit: Bridge Mode (ADSL over ATM) (continued)
LABEL DESCRIPTION
Encapsulation Select the method of multiplexing used by your ISP from the drop-down list box. Choices are:
• LLC/SNAP-BRIDGING: In LCC encapsulation, bridged PDUs are encapsulated by identifying
the type of the bridged media in the SNAP header. This is available only when you select
IPoE or PPPoE in the Select DSL Link Type field.
• VC/MUX: In VC multiplexing, each protocol is carried on a single ATM virtual circuit (VC). To
transport multiple protocols, the SBG needs separate VCs. There is a binding between a VC
and the type of the network protocol carried on the VC. This reduces payload overhead
since there is no need to carry protocol information in each Protocol Data Unit (PDU)
payload.
Service
Category
Peak Cell Rate Divide the DSL line rate (bps) by 424 (the size of an ATM cell) to find the Peak Cell Rate (PCR). This
Sustainable Cell
Rate
Maximum Burst
Size
VLAN This section is available only when you select ADSL/VDSL over PTM in the Type field.
Enable Select this to add the VLAN Tag (specified below) to the outgoing traffic through this
802.1p IEEE 802.1p defines up to 8 separate traffic types by inserting a tag into a MAC-layer frame that
Select UBR Without PCR for applications that are non-time sensitive, such as e-mail.
Select CBR (Continuous Bit Rate) to specify fixed (always-on) bandwidth for voice or data traffic.
Select VBR-nrt (non real-time Variable Bit Rate) for connections that do not require closely
controlled delay and delay variation.
Select Realtime VBR (real-time Variable Bit Rate) for applications with bursty connections that
require closely controlled delay and delay variation.
is the maximum rate at which the sender can send cells. Type the PCR here.This field is not
available when you select UBR Without PCR.
The Sustainable Cell Rate (SCR) sets the average cell rate (long-term) that can be transmitted.
Type the SCR, which must be less than the PCR. Note that system default is 0 cells/sec.
This field is available only when you select VBR-nrt or Realtime VBR.
Maximum Burst Size (MBS) refers to the maximum number of cells that can be sent at the peak
rate. Type the MBS, which is less than 65535.
This field is available only when you select Non Realtime VBR or Realtime VBR.
connection.
contains bits to define class of service.
VLAN ID Type the VLAN ID number (from 0 to 4094) for traffic through this connection.
OK Click OK to save your changes.
Cancel Click Cancel to exit this screen without saving.
5.3.1.3 IPv6
Click the Add or Edit in the Configuration > WAN / Internet > WAN Setup screen. Click the IPv6 tab to
configure an IPv6 WAN interface connection. This screen is available only when you select IPv6 Only or
IPv4 IPv6 Dualstack in the IPv4 / IPv6 Mode field of the WAN Setup > Add/Edit screen.
Select the IEEE 802.1p priority level (from 0 to 7) to add to traffic through this connection. The
greater the number, the higher the priority level.
SBG5500 Series User’s Guide
66
Page 67
Chapter 5 WAN/Internet
Figure 52 WAN / Internet > WAN Setup > IPv6
The following table describes the labels in this screen.
Table 13 WAN / Internet > WAN Setup > IPv6
LABEL DESCRIPTION
IPv6 Address
Obtain an IPv6 Address
Automatically
Static IPv6 Address Select this if you have a fixed IPv6 address assigned by your ISP.
IPv6 Address Enter the IPv6 address assigned by your ISP.
Prefix Length Enter the address prefix length to specify how many most significant bits in an IPv6
Default Gateway Enter the IP address of the next-hop gateway. The gateway is a router or switch on
IPv6 Routing Feature
Enable MLD Proxy Select this check box to have the SBG act as an MLD proxy on this connection. This
Apply as Default Gateway Select this option to have the SBG use the WAN interface of this connection as the
IPv6 DNS Server
Obtain IPv6 DNS Info
Automatically
Use Following Static IPv6
DNS Address
Select this if you want to have the SBG use the IPv6 prefix from the connected
router’s Router Advertisement (RA) to generate an IPv6 address.
address compose the network address.
the same segment as your SBG's interface(s). The gateway helps forward packets to
their destinations.
allows the SBG to get subscription information and maintain a joined member list for
each multicast group. It can reduce multicast traffic significantly.
system default gateway.
Select this to have the SBG get the IPv6 DNS server addresses from the ISP
automatically.
Select Static to have the SBG use the IPv6 DNS server addresses you configure
manually.
SBG5500 Series User’s Guide
67
Page 68
Table 13 WAN / Internet > WAN Setup > IPv6
LABEL DESCRIPTION
DNS Server 1 Enter the first IPv6 DNS server address assigned by the ISP.
DNS Server 2 Enter the second IPv6 DNS server address assigned by the ISP.
Tunnel
(This is available only when you select IPv6 Only in the IPv4 / IPv6 Mode field.)
Enable DS-Lite Enable Dual Stack Lite to let local computers use IPv4 through an ISP’s IPv6 network.
DS-Lite Relay Server IP Specify the transition router’s IPv6 address.
OK Click OK to save your changes back to the SBG.
Cancel Click Cancel to exit this screen without saving.
5.4 The Mobile Screen
Use this screen to configure your 3G/4G settings. Click Configuration > WAN / Internet > Mobile.
Note: The actual data rate you obtain varies depending on the 3G/4G USB dongle you use,
the signal strength to the service provider’s base station, and so on.
Chapter 5 WAN/Internet
SBG5500 Series User’s Guide
68
Page 69
Chapter 5 WAN/Internet
Figure 53 Configuration > WAN / Internet > Mobile
SBG5500 Series User’s Guide
69
Page 70
Chapter 5 WAN/Internet
The following table describes the labels in this screen.
Table 14 Configuration > WAN / Internet > Mobile
LABEL DESCRIPTION
3G Connection Settings
Card
Description
Username Type the user name (of up to 64 ASCII printable characters) given to you by your service
Password Type the password (of up to 64 ASCII printable characters) associated with the user name
Authentication
Type
PIN A PIN (Personal Identification Number) code is a key to a 3G/4G card. Without the PIN code, you
Dial string Enter the phone number (dial string) used to dial up a connection to your service provider’s base
APN Enter the APN (Access Point Name) provided by your service provider. Connections with
This field displays the manufacturer and model name of your 3G/4G card if you inserted one in
the SBG. Otherwise, it displays N/A.
provider.
above.
Select an authentication type protocol for outgoing connection requests. Select Auto for the
SBG to accept any protocol when requested by the remote node. Select CHAP to accept only
CHAP and PAP for the SBG to accept only PAP.
cannot use the 3G card.
If your ISP enabled PIN code authentication, enter the 4-digit PIN code (0000 for example)
provided by your ISP. If you enter the PIN code incorrectly, the 3G/4G card may be blocked by
your ISP and you cannot use the account to access the Internet.
If your ISP disabled PIN code authentication, leave this field blank.
station. Your ISP should provide the phone number.
For example, *99# is the dial string to establish a GPRS or 3G or 4G connection in Taiwan.
different APNs may provide different services (such as Internet access or MMS (Multi-Media
Messaging Service)) and charge method.
You can enter up to 32 ASCII printable characters. Spaces are allowed.
Connection Select Nailed UP if you do not want the connection to time out.
Select on Demand if you do not want the connection up all the time and specify an idle timeout in the Max Idle Timeout field.
Max Idle
Timeout
IP Address
Obtain an IP
Address
Automatically
Use the
following static
IP address
IP Address Enter your WAN IP address in this field if you selected Use the following static IP address.
Subnet Mask Enter the Subnet Mask provided by your ISP.
DNS
Obtain DNS info
dynamically
Use the
following static
DNS IP address
DNS server 1 Enter the first DNS server address assigned by the ISP.
DNS server 2 Enter the second DNS server address assigned by the ISP.
This value specifies the time in minutes that elapses before the SBG automatically disconnects
from the ISP.
Select this option If your ISP did not assign you a fixed IP address.
Select this option If the ISP assigned a fixed IP address.
Select this to have the SBG get the DNS server addresses from the ISP automatically.
Select this to have the SBG use the DNS server addresses you configure manually.
SBG5500 Series User’s Guide
70
Page 71
Chapter 5 WAN/Internet
Table 14 Configuration > WAN / Internet > Mobile (continued)
LABEL DESCRIPTION
Connectivity
Check
Enable
Connectivity
Check
Check Method
Check Period
Check Timeout Enter the number of seconds to wait for a response before the attempt is a failure.
Check Fail
Tolerance
Check Default
Gateway
Check This
Address
Budget Setup
Enable Select this option to set a monthly limit for the user account of the installed 3G card. You must
The interface can regularly check the connection to the gateway you specified to make sure it
is still available. You specify how often the interface checks the connection, how long to wait for
a response before the attempt is a failure, and how many consecutive failures are required
before the SBG stops routing to the gateway. The SBG resumes routing to the gateway the first
time the gateway passes the connectivity check.
Select this to turn on the connection check.
Select the method that the gateway allows.
Select ICMP to have the SBG regularly ping the gateway you specify to make sure it is still
available.
Select TCP to have the SBG regularly perform a TCP handshake with the gateway you specify to
make sure it is still available.
Enter the number of seconds between connection check attempts.
Enter the number of consecutive failures before the SBG stops routing through the gateway.
Select this to use the default gateway for the connectivity check.
Select this to specify a domain name or IP address for the connectivity check. Enter that domain
name or IP address in the field next to it.
insert a 3G card before you enable budget control on the SBG.
You can set a limit on the total traffic and/or call time. The SBG takes the actions you specified
when a limit is exceeded during the month.
Time Budget Select this option and specify the amount of time (in hours) that the 3G connection can be used
within one month.
If you change the value after you configure and enable budget control, the SBG resets the
statistics.
Data Budget Select this option and specify the amount of data in Mega bytes or the number of packets that
can be transmitted via the 3G connection within one month.
Select Download to set a limit on the downstream traffic (from the ISP to the SBG).
Select Upload to set a limit on the upstream traffic (from the SBG to the ISP).
Select Download/Upload to set a limit on the total traffic in both directions.
If you change the value after you configure and enable budget control, the SBG resets the
statistics.
Reset All Budget
Counters On
Reset Time And
Data Budget
Counters
Before Over
Budget
Enable Log Select this to activate the logging function at the interval you set in the Interval field.
Interval Enter the time interval (in minutes) at which the SBG creates log messages.
Select the last or a specific day of the month to reset all budget counters. If the date you
specified is not available in a month, such as 30th or 31th of February, the SBG resets the budget
on the last day of the month.
Click this button to reset the time and data budgets immediately. The count starts over with the
3G connection’s full configured monthly time and data budgets. This does not affect the normal
monthly budget restart.
Enter a number from 1 to 99 in the percentage fields. The SBG takes actions when the specified
percentage of time budget or data limit is exceeded. If you change the value after you
configure and enable budget control, the SBG resets the statistics.
SBG5500 Series User’s Guide
71
Page 72
Chapter 5 WAN/Internet
Table 14 Configuration > WAN / Internet > Mobile (continued)
LABEL DESCRIPTION
When Over
Budget
Current
connection
Apply Click Apply to save your changes back to the SBG.
Reset Click Cancel to return to the previous configuration.
Specify the actions the SBG takes when the time or data limit is exceeded.
Select Keep to maintain the existing 3G connection or Drop to disconnect it when the data
transmission is over the set budget.
5.5 The Port Setting Screen
Click Configuration > WAN / Internet > Port Setting to display the following screen. Use the Port Setting
screen to set the SBG flexible ports as part of the LAN or WAN interfaces. This creates a hardware
connection between physical ports at the layer 2 (data link, MAC address level). This provides wirespeed throughput but no security.
Note the following if you are configuring from a computer connected to a LAN or WAN port and
change the port's role:
• A port's IP address varies as its role changes. Make sure your computer's IP address is in the same
subnet as the SBG's LAN or WAN IP address.
• Use the appropriate LAN or WAN IP address to access the SBG.
Figure 54 Configuration > WAN / Internet > Port Setting
The physical Ethernet ports are shown at the bottom and the Ethernet interfaces are shown at the
bottom of the screen. Use the radio buttons to select for which interface (network) you want to use
each physical port. For example, select a port’s LAN radio button to use the port as part of the LAN
interface. The port will use the SBG’s LAN IP address and MAC address.
Note: You will notice when Port 5 is WAN, Port 6 can only be WAN, this is because Port 6 has a
better performance as WAN and Port 5 works as failover.
Click Apply to save your changes and apply them to the SBG.
SBG5500 Series User’s Guide
72
Page 73
Chapter 5 WAN/Internet
Click Reset to change the port groups to their current configuration (last-saved values).
5.6 The Multi-WAN Screen
Use the Multi-WAN screen to configure the multiple WAN load balance and failover rules to distribute
traffic among different interfaces. This helps to increase overall network throughput and reliability. Load
balancing divides traffic loads between multiple interfaces. This allows you to improve quality of service
and maximize bandwidth utilization for multiple ISP links.
You can only configure one rule for each interface. Click Configuration > WAN / Internet > Multi-WAN to
display the following screen.
Figure 55 Configuration > WAN / Internet > Multi-WAN
The following table describes the labels in this screen.
Table 15 Configuration > WAN / Internet > Multi-WAN
LABEL DESCRIPTION
Configuration
Disconnect
Connections
Before Falling
Back
System Default The SBG automatically adds all external interfaces into the pre-configured system default
Edit Double-click an entry or select it and click Edit to open a screen where you can modify the
# This field is a sequential value, and it is not associated with any interface.
Name This field displays the label to identify the trunk.
Algorithm This field displays the load balancing method the trunk is set to use.
Apply Click Apply to save your changes to the SBG.
Reset Click Reset to return the screen to its last-saved settings.
Select this to terminate existing connections on an interface which is set to passive mode when
any interface set to active mode in the same trunk comes back up.
SYSTEM_DEFAULT_WAN_TRUNK. You cannot delete it.
entry’s settings.
SBG5500 Series User’s Guide
73
Page 74
5.6.1 Edit Multi-WAN
Select an existing multi-WAN and click Edit in the Multi-WAN screen to configure it.
Figure 56 Multi-WAN: Edit
Chapter 5 WAN/Internet
The following table describes the labels in this screen.
Table 16 Multi-WAN: Edit
LABEL DESCRIPTION
Name This field displays the label to identify the trunk.
Load Balancing
Algorithm
Load Balancing
Index(es)
Add Click this to add a member interface to the trunk. Select an interface and click Add to add a
Edit Select an entry and click Edit to modify the entry’s settings.
Remove To remove a member interface, select it and click Remove.
Select a load balancing method to use from the drop-down list box.
Select Weighted Round Robin to balance the traffic load between interfaces based on their
respective weights. An interface with a larger weight gets more chances to transmit traffic than
an interface with a smaller weight. For example, if the weight ratio of wan1 and wan2 interfaces
is 2:1, the SBG chooses wan1 for 2 sessions’ traffic and wan2 for 1 session’s traffic in each round
of 3 new sessions.
Select Least Load First to send new session traffic through the least utilized trunk member.
Select Spillover to send network traffic through the first interface in the group member list until
there is enough traffic that the second interface needs to be used (and so on).
This field is available if you selected to use the Least Load First or Spillover method.
Select Outbound, Inbound, or Outbound + Inbound to set the traffic to which the SBG applies the
load balancing method. Outbound means the traffic traveling from an internal interface (ex.
LAN) to an external interface (ex. WAN). Inbound means the opposite.
The table lists the trunk’s member interfaces. You can add, edit, remove, or move entries for user
configured trunks.
new member interface after the selected member interface.
SBG5500 Series User’s Guide
74
Page 75
Chapter 5 WAN/Internet
Table 16 Multi-WAN: Edit (continued)
LABEL DESCRIPTION
Move To move an interface to a different number in the list, click the Move icon. In the field that
appears, specify the number to which you want to move the interface.
# This column displays the priorities of the group’s interfaces. The order of the interfaces in the list is
important since they are used in the order they are listed.
Member Click this table cell and select an interface to be a group member.
Mode Click this table cell and select Active to have the SBG always attempt to use this connection.
Select Passive to have the SBG only use this connection when all of the connections set to
active are down. You can only set one of a group’s interfaces to passive mode.
Weight This field displays with the weighted round robin load balancing algorithm. Specify the weight
Ingress
Bandwidth
(1~10) for the interface. The weights of the different member interfaces form a ratio.This ratio
determines how much traffic the SBG assigns to each member interface.The higher an
interface’s weight is (relative to the weights of the interfaces), the more sessions that interface
should handle.
This field displays with the least load first load balancing algorithm. It displays the maximum
number of kilobits of data the SBG is to allow to come in through the interface per second.
Note: You can configure the bandwidth of an interface in the corresponding
interface edit screen.
Egress
Bandwidth
This field displays with the least load first or spillover load balancing algorithm. It displays the
maximum number of kilobits of data the SBG is to send out through the interface per second.
Note: You can configure the bandwidth of an interface in the corresponding
interface edit screen.
Total Bandwidth This field displays with the spillover load balancing algorithm. It displays the maximum number of
kilobits of data the SBG is to send out and allow to come in through the interface per second.
Note: You can configure the bandwidth of an interface in the corresponding
interface edit screen.
Spillover This field displays with the spillover load balancing algorithm. Specify the maximum bandwidth
OK Click OK to save your changes back to the SBG.
Cancel Click Cancel to exit this screen without saving.
of traffic in kilobits per second (1~1048576) to send out through the interface before using
another interface. When this spillover bandwidth limit is exceeded, the SBG sends new session
traffic through the next interface. The traffic of existing sessions still goes through the interface on
which they started.
The SBG uses the group member interfaces in the order that they are listed.
5.6.2 How to Configure Multi-WAN for Load Balancing and Failover
This example shows you how to configure multi-WAN for three WAN connections: an Ethernet WAN
connection, an ADSL WAN connection, and a 3G/4G (mobile) WAN connection. The available
bandwidth for the Ethernet WAN connection is 3 Mbps, and the available bandwidth for the ADSL WAN
connection is 1 Mbps.
As these two wired WAN connections have different bandwidths, you can set multi-WAN to send traffic
over these WAN connections in a 3:2 ratio. Most 3G/4G WAN connections charge the user for the
amount of data sent, so you can set multi-WAN to send traffic over the 3G/4G WAN connection only if
all other WAN connections are unavailable.
SBG5500 Series User’s Guide
75
Page 76
5.6.2.1 Configuring Multi-WAN
1 Click Configuration > WAN / Internet > Multi-WAN > Edit. By default, all available WAN connections on
the SBG are in active mode with a weight of 1, except for the mobile WAN connection which is set to
passive mode.
2 Select the Ethernet WAN (WAN1) connection and click Edit. Change the weight field to 3 and change
ADSL’s weight to 2. Click the OK button.
Chapter 5 WAN/Internet
3 You have finished the configuration. When both the Ethernet WAN and ADSL connections are up, the
SBG will send traffic over these two connections in a 3:2 ratio. When only one of these two connections
are up, the SBG will use that connection exclusively. Only when both of these two connections are
down will the SBG use the mobile WAN connection.
5.6.2.2 What Can Go Wrong?
• There can only be one WAN connection configured as passive mode at a time. If there is already a
WAN connection configured as passive mode, you will not be able to add or edit another WAN
connection in passive mode until the first WAN connection is changed to active mode or deleted.
• The SBG will automatically add newly created WAN connections (from the WAN / Internet > WAN
Setup screen) to the multi-WAN configuration as active mode with a weight of 1. If you are creating a
new WAN connection for other purposes (such as exclusive VPN use), you will need to delete that
WAN connection from the multi-WAN configuration. Deleting a WAN connection from the multi-WAN
screen does not delete the WAN connection from the WAN Setup page.
• A WAN connection can only be listed once in the multi-WAN configuration table.
5.7 The Dynamic DNS screen
Use this screen to change your SBG’s DDNS. Click Configuration > WAN / Internet > Dynamic DNS. The
screen appears as shown.
SBG5500 Series User’s Guide
76
Page 77
Chapter 5 WAN/Internet
Figure 57 Configuration > WAN / Internet > Dynamic DNS
The following table describes the labels in this screen.
Table 17 Configuration > WAN / Internet > Dynamic DNS
LABEL DESCRIPTION
Dynamic DNS
Add Click this to add a dynamic DNS.
Edit Select an entry and click Edit to modify the dynamic DNS’s settings.
Remove To remove an Dynamic DNS, select it and click Remove.
Multiple Entries Turn On Select one or more dynamic DNS entries and click this to enable them.
Multiple Entries Turn Off Select one or more dynamic DNS entries and click this to disable them.
# This is the number of an individual dynamic DNS.
Status This field displays whether the dynamic DNS is active or not. A green ON button
signifies that this dynamic DNS is active. A gray OFF button signifies that this dynamic
DNS is not active.
Profile Name This field displays the descriptive profile name for this entry.
DDNS Server This shows your Dynamic DNS service provider.
Domain Name This shows the domain name assigned to your SBG by your Dynamic DNS provider.
Interface This field displays the interface to use for updating the IP address mapped to the
Current IP This shows the IP address your Dynamic DNS provider has currently associated with
Result Accept - displays when DDNS profile was updated to server successfully.
domain name.
the Profile Name.
Not Accept - displays when DDNS profile is there was a problem during sync process.
Time This shows the last time the IP address the Dynamic DNS provider has associated with
5.7.1 Edit Dynamic DNS
Click Add or select an existing dynamic DNS and click Edit in the Dynamic DNS screen to configure it.
Login Fail - displays when a DDNS profile is incorrect and it failed
the profile name was updated.
SBG5500 Series User’s Guide
77
Page 78
Figure 58 Dynamic DNS: Add/Edit
Chapter 5 WAN/Internet
The following table describes the labels on this screen.
Table 18 Dynamic DNS: Add/Edit
LABEL DESCRIPTION
Enable Select Enable to use this dynamic DNS.
General
Profile Name When you are adding a dynamic DNS entry, type a descriptive name for this DDNS
DDNS Type Select your Dynamic DNS service provider from the drop-down list box.
DDNS Account
Username Type the user name used when you registered your domain name. You can use up
Password
DDNS Settings
Domain Name Type the domain name you registered. You can use up to 256 alphanumeric
Primary Binding Address
Interface Select the interface to use for updating the IP address mapped to the domain
Enable Wildcard Option Select the check box to enable DynDNS Wildcard.
entry in the SBG. You may use 1-32 alphanumeric characters, underscores(_), or
dashes (-), but the first character cannot be a number. This value is case-sensitive.
to 32 alphanumeric characters and the underscore. Spaces are not allowed.
Type the password provided by the DDNS provider. You can use up to 32
alphanumeric characters and the underscore. Spaces are not allowed.
characters.
name.
Enable off line Option (only
applies to custom DNS)
Enable the wildcard feature to alias subdomains to be aliased to the same IP
address as your (dynamic) domain name. This feature is useful if you want to be able
to use, for example, www.yourhost.dyndns.org and still reach your hostname.
This option applies for custom DNS. Check with your Dynamic DNS service provider to
have traffic redirected to a URL (that you can specify) while you are off line.
SBG5500 Series User’s Guide
78
Page 79
Chapter 5 WAN/Internet
Table 18 Dynamic DNS: Add/Edit
LABEL DESCRIPTION
OK Click OK to save your changes back to the SBG and exit this screen.
Cancel
Click Cancel to exit this screen without saving.
5.8 The xDSL Advanced screen
Use the xDSL Advanced screen to enable or disable PTM over ADSL, Annex M, and DSL PhyR functions.
The SBG supports the PhyR retransmission scheme. PhyR is a retransmission scheme designed to provide
protection against noise on the DSL line. It improves voice, video and data transmission resilience by
utilizing a retransmission buffer.
Click Configuration > WAN / Internet > xDSL Advanced to display the following screen.
Figure 59 Configuration > WAN / Internet > xDSL Advanced
SBG5500 Series User’s Guide
79
Page 80
Chapter 5 WAN/Internet
The following table describes the labels in this screen.
Table 19 Configuration > WAN / Internet > xDSL Advanced
LABEL DESCRIPTION
DSL Capabilities
PhyR US Enable or disable PhyR US (upstream) for upstream transmission to the WAN. PhyR US should be
PhyR DS Enable or disable PhyR DS (downstream) for downstream transmission from the WAN. PhyR DS
Bitswap Enable to allow the SBG to adapt to line changes when you are using G.dmt.
SRA Enable or disable Seamless Rate Adaption (SRA). Enable to have the SBG automatically adjust
ADSL Modulation
PTM over ADSL Enable to use PTM over ADSL. Since PTM has less overhead than ATM, some ISPs use PTM over
G.dmt ITU G.992.1 (better known as G.dmt) is an ITU standard for ADSL using discrete multitone
G.lite ITU G.992.2 (better known as G.lite) is an ITU standard for ADSL using discrete multitone
T1.413 ANSI T1.413 is a technical standard that defines the requirements for the single asymmetric
ADSL2 It optionally extends the capability of basic ADSL in data rates to 12 Mbit/s downstream and,
Annex L Annex L is an optional specification in the ITU-T ADSL2 recommendation G.992.3 titled Specific
ADSL2+ ADSL2+ extends the capability of basic ADSL by doubling the number of downstream channels.
Annex M You can enable Annex M for the SBG to use double upstream mode to increase the maximum
VDSL Profile VDSL2 profiles differ in the width of the frequency band used to transmit the broadband
8a, 8b, 8c, 8d,
12a, 12b, 17a,
US0, 30a
Apply Click Apply to save your changes back to the SBG.
Reset Click this button to return the screen to its last-saved settings.
enabled if data being transmitted upstream is sensitive to noise. However, enabling PhyR US can
decrease the US line rate. Enabling or disabling PhyR will require the CPE to retrain. For PhyR to
function, the DSLAM must also support PhyR and have it enabled.
should be enabled if data being transmitted downstream is sensitive to noise. However,
enabling PhyR DS can decrease the DS line rate. Enabling or disabling PhyR will require the CPE
to retrain. For PhyR to function, the DSLAM must also support PhyR and have it enabled.
Bit-swapping is a way of keeping the line more stable by constantly monitoring and redistributing
bits between channels.
the connection’s data rate according to line conditions without interrupting service.
ADSL for better performance.
modulation. G.dmt full-rate ADSL expands the usable bandwidth of existing copper telephone
lines, delivering high-speed data communications at rates up to 8 Mbit/s downstream and 1.3
Mbit/s upstream.
modulation. G.lite does not strictly require the use of DSL filters, but like all variants of ADSL
generally functions better with splitters.
digital subscriber line (ADSL) for the interface between the telecommunications network and
the customer installation in terms of their interaction and electrical characteristics.
depending on Annex version, up to 3.5 Mbit/s upstream (with a mandatory capability of ADSL2
transceivers of 8 Mbit/s downstream and 800 kbit/s upstream).
requirements for a Reach Extended ADSL2 (READSL2) system operating in the frequency band
above POTS, therefore it is often referred to as Reach Extended ADSL2 or READSL2.The main
difference between this specification and commonly deployed Annex A is the maximum
distance that can be used. The power of the lower frequencies used for transmitting data is
boosted up to increase the reach of this signal up to 7 kilometers (23,000 ft).
The data rates can be as high as 24 Mbit/s downstream and up to 1.4 Mbit/s upstream
depending on the distance from the DSLAM to the customer's premises.
upstream transfer rate.
signal.Profiles that use a wider frequency band can deliver higher maximum speeds.
The G.993.2 VDSL standard defines a wide range of profiles that can be used in different VDSL
deployment settings, such as in a central office, a street cabinet or a building.
The SBG must comply with at least one profile specified in G.993.2. but compliance with more
than one profile is allowed.
SBG5500 Series User’s Guide
80
Page 81
Chapter 5 WAN/Internet
5.9 Technical Reference
The following section contains additional technical information about the SBG features described in this
chapter.
Encapsulation
Be sure to use the encapsulation method required by your ISP. The SBG can work in bridge mode or
routing mode. When the SBG is in routing mode, it supports the following methods.
IP over Ethernet
IP over Ethernet (IPoE) is an alternative to PPPoE. IP packets are being delivered across an Ethernet
network, without using PPP encapsulation. They are routed between the Ethernet interface and the
WAN interface and then formatted so that they can be understood in a bridged environment. For
instance, it encapsulates routed Ethernet frames into bridged Ethernet cells.
PPP over ATM (PPPoA)
PPPoA stands for Point to Point Protocol over ATM Adaptation Layer 5 (AAL5). A PPPoA connection
functions like a dial-up Internet connection. The SBG encapsulates the PPP session based on RFC 1483
and sends it through an ATM PVC (Permanent Virtual Circuit) to the Internet Service Provider’s (ISP)
DSLAM (digital access multiplexer). Please refer to RFC 2364 for more information on PPPoA. Refer to RFC
1661 for more information on PPP.
PPP over Ethernet (PPPoE)
Point-to-Point Protocol over Ethernet (PPPoE) provides access control and billing functionality in a
manner similar to dial-up services using PPP. PPPoE is an IETF standard (RFC 2516) specifying how a
personal computer (PC) interacts with a broadband modem (DSL, cable, wireless, etc.) connection.
For the service provider, PPPoE offers an access and authentication method that works with existing
access control systems (for example RADIUS).
One of the benefits of PPPoE is the ability to let you access one of multiple network services, a function
known as dynamic service selection. This enables the service provider to easily create and offer new IP
services for individuals.
Operationally, PPPoE saves significant effort for both you and the ISP or carrier, as it requires no specific
configuration of the broadband modem at the customer site.
By implementing PPPoE directly on the SBG (rather than individual computers), the computers on the
LAN do not need PPPoE software installed, since the SBG does that part of the task. Furthermore, with
NAT, all of the LANs’ computers will have access.
ATM Traffic Classes
These are the basic ATM traffic classes defined by the ATM Forum Traffic Management 4.0 Specification.
Constant Bit Rate (CBR)
SBG5500 Series User’s Guide
81
Page 82
Chapter 5 WAN/Internet
Constant Bit Rate (CBR) provides fixed bandwidth that is always available even if no data is being sent.
CBR traffic is generally time-sensitive (doesn't tolerate delay). CBR is used for connections that
continuously require a specific amount of bandwidth. A PCR is specified and if traffic exceeds this rate,
cells may be dropped. Examples of connections that need CBR would be high-resolution video and
voice.
Variable Bit Rate (VBR)
The Variable Bit Rate (VBR) ATM traffic class is used with bursty connections. Connections that use the
Variable Bit Rate (VBR) traffic class can be grouped into real time (VBR-RT) or non-real time (VBR-nRT)
connections.
The VBR-RT (real-time Variable Bit Rate) type is used with bursty connections that require closely
controlled delay and delay variation. It also provides a fixed amount of bandwidth (a PCR is specified)
but is only available when data is being sent. An example of an VBR-RT connection would be video
conferencing. Video conferencing requires real-time data transfers and the bandwidth requirement
varies in proportion to the video image's changing dynamics.
The VBR-nRT (non real-time Variable Bit Rate) type is used with bursty connections that do not require
closely controlled delay and delay variation. It is commonly used for "bursty" traffic typical on LANs. PCR
and MBS define the burst levels, SCR defines the minimum level. An example of an VBR-nRT connection
would be non-time sensitive data file transfers.
Unspecified Bit Rate (UBR)
The Unspecified Bit Rate (UBR) ATM traffic class is for bursty data transfers. However, UBR doesn't
guarantee any bandwidth and only delivers traffic when the network has spare bandwidth. An example
application is background file transfer.
IP Address Assignment
A static IP is a fixed IP that your ISP gives you. A dynamic IP is not fixed; the ISP assigns you a different one
each time. The Single User Account feature can be enabled or disabled if you have either a dynamic or
static IP. However the encapsulation method assigned influences your choices for IP address and
default gateway.
Introduction to VLANs
A Virtual Local Area Network (VLAN) allows a physical network to be partitioned into multiple logical
networks. Devices on a logical network belong to one group. A device can belong to more than one
group. With VLAN, a device cannot directly talk to or hear from devices that are not in the same
group(s); the traffic must first go through a router.
In Multi-Tenant Unit (MTU) applications, VLAN is vital in providing isolation and security among the
subscribers. When properly configured, VLAN prevents one subscriber from accessing the network
resources of another on the same LAN, thus a user will not see the printers and hard disks of another user
in the same building.
VLAN also increases network performance by limiting broadcasts to a smaller and more manageable
logical broadcast domain. In traditional switched environments, all broadcast packets go to each and
every individual port. With VLAN, all broadcasts are confined to a specific broadcast domain.
SBG5500 Series User’s Guide
82
Page 83
Chapter 5 WAN/Internet
Introduction to IEEE 802.1Q Tagged VLAN
A tagged VLAN uses an explicit tag (VLAN ID) in the MAC header to identify the VLAN membership of a
frame across bridges - they are not confined to the switch on which they were created. The VLANs can
be created statically by hand or dynamically through GVRP. The VLAN ID associates a frame with a
specific VLAN and provides the information that switches need to process the frame across the network.
A tagged frame is four bytes longer than an untagged frame and contains two bytes of TPID (Tag
Protocol Identifier), residing within the type/length field of the Ethernet frame) and two bytes of TCI (Tag
Control Information), starts after the source address field of the Ethernet frame).
The CFI (Canonical Format Indicator) is a single-bit flag, always set to zero for Ethernet switches. If a
frame received at an Ethernet port has a CFI set to 1, then that frame should not be forwarded as it is to
an untagged port. The remaining twelve bits define the VLAN ID, giving a possible maximum number of
4,096 VLANs. Note that user priority and VLAN ID are independent of each other. A frame with VID
(VLAN Identifier) of null (0) is called a priority frame, meaning that only the priority level is significant and
the default VID of the ingress port is given as the VID of the frame. Of the 4096 possible VIDs, a VID of 0 is
used to identify priority frames and value 4095 (FFF) is reserved, so the maximum possible VLAN
configurations are 4,094.
TPID
2 Bytes
User Priority
3 Bits
CFI
1 Bit
VLAN ID
12 Bits
Multicast
IP packets are transmitted in either one of two ways - Unicast (1 sender - 1 recipient) or Broadcast (1
sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the network not everybody and not just 1.
Internet Group Multicast Protocol (IGMP) is a network-layer protocol used to establish membership in a
Multicast group - it is not used to carry user data. IGMP version 2 (RFC 2236) is an improvement over
version 1 (RFC 1112) but IGMP version 1 is still in wide use. If you would like to read more detailed
information about interoperability between IGMP version 2 and version 1, please see sections 4 and 5 of
RFC 2236. The class D IP address is used to identify host groups and can be in the range 224.0.0.0 to
239.255.255.255. The address 224.0.0.0 is not assigned to any group and is used by IP multicast
computers. The address 224.0.0.1 is used for query messages and is assigned to the permanent group of
all IP hosts (including gateways). All hosts must join the 224.0.0.1 group in order to participate in IGMP.
The address 224.0.0.2 is assigned to the multicast routers group.
At start up, the SBG queries all directly connected networks to gather group membership. After that, the
SBG periodically updates this information.
DNS Server Address Assignment
Use Domain Name System (DNS) to map a domain name to its corresponding IP address and vice versa,
for instance, the IP address of www.zyxel.com is 204.217.0.2. The DNS server is extremely important
because without it, you must know the IP address of a computer before you can access it.
The SBG can get the DNS server addresses in the following ways.
1 The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign up.
If your ISP gives you DNS server addresses, manually enter them in the DNS server fields.
SBG5500 Series User’s Guide
83
Page 84
Chapter 5 WAN/Internet
2 If your ISP dynamically assigns the DNS server IP addresses (along with the SBG’s WAN IP address), set the
DNS server fields to get the DNS server address from the ISP.
IPv6 Addressing
The 128-bit IPv6 address is written as eight 16-bit hexadecimal blocks separated by colons (:). This is an
example IPv6 address 2001:0db8:1a2b:0015:0000:0000:1a2f:0000.
IPv6 addresses can be abbreviated in two ways:
• Leading zeros in a block can be omitted. So 2001:0db8:1a2b:0015:0000:0000:1a2f:0000 can be
written as 2001:db8:1a2b:15:0:0:1a2f:0.
• Any number of consecutive blocks of zeros can be replaced by a double colon. A double colon can
only appear once in an IPv6 address. So 2001:0db8:0000:0000:1a2f:0000:0000:0015 can be
written as 2001:0db8::1a2f:0000:0000:0015, 2001:0db8:0000:0000:1a2f::0015,
2001:db8::1a2f:0:0:15 or 2001:db8:0:0:1a2f::15.
IPv6 Prefix and Prefix Length
Similar to an IPv4 subnet mask, IPv6 uses an address prefix to represent the network address. An IPv6
prefix length specifies how many most significant bits (start from the left) in the address compose the
network address. The prefix length is written as “/x” where x is a number. For example,
2001:db8:1a2b:15::1a2f:0/32
means that the first 32 bits (2001:db8) is the subnet prefix.
SBG5500 Series User’s Guide
84
Page 85
6.1 Overview
SBG
A Local Area Network (LAN) is a shared communication system to which many networking devices are
connected. It is usually located in one immediate area such as a building or floor of a building.
Use the LAN screens to help you configure a LAN DHCP server and manage IP addresses.
CHAPTER 6
LAN
6.1.1 What You Can Do in this Chapter
• Use the LAN Status screen to show the status of interfaces currently connected to the SBG (Section 6.2
on page 87).
• Use the LAN Setup screen to set the LAN IP address, subnet mask, and DHCP settings of your SBG
(Section 6.2 on page 87).
• Use the Static DHCP screen to assign IP addresses on the LAN to specific individual computers based
on their MAC Addresses (Section 6.4 on page 94).
• Use the Additional Subnet screen to configure IP alias and public static IP (Section 6.5 on page 96).
• Use the Wake on LAN screen to remotely turn on a device on the network (Section 6.6 on page 96).
• Use the VLAN / Interface Group screen to create multiple networks on the SBG (Section 6.7 on page
98).
• Use the DNS Entry screen to view, configure or remove DNS routes (Section 6.8 on page 103).
• Use the DNS Forwarder screen to view and configure domain zone forwarder on the SBG (Section 6.9
on page 103).
SBG5500 Series User’s Guide
85
Page 86
6.1.2 What You Need To Know
6.1.2.1 About LAN
IP Address
IP addresses identify individual devices on a network. Every networking device (including computers,
servers, routers, printers, etc.) needs an IP address to communicate across the network. These
networking devices are also known as hosts.
Subnet Mask
Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet
masks to divide one network into multiple sub-networks.
DHCP
A DHCP (Dynamic Host Configuration Protocol) server can assign your SBG an IP address, subnet mask,
DNS and other routing information when it's turned on.
Chapter 6 LAN
DNS
DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice
versa. The DNS server is extremely important because without it, you must know the IP address of a
networking device before you can access it. The DNS server addresses you enter when you set up DHCP
are passed to the client machines along with the assigned IP address and subnet mask.
There are two ways that an ISP disseminates the DNS server addresses.
• The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign
up. If your ISP gives you DNS server addresses, enter them in the DNS Server fields in the LAN Setup
screen.
• Some ISPs choose to disseminate the DNS server addresses using the DNS server extensions of IPCP (IP
Control Protocol) after the connection is up. If your ISP did not give you explicit DNS servers, chances
are the DNS servers are conveyed through IPCP negotiation. The SBG supports the IPCP DNS server
extensions through the DNS proxy feature.
Please note that DNS proxy works only when the ISP uses the IPCP DNS server extensions. It does not
mean you can leave the DNS servers out of the DHCP setup under all circumstances. If your ISP gives you
explicit DNS servers, make sure that you enter their IP addresses in the LAN Setup screen.
RADVD (Router Advertisement Daemon)
When an IPv6 host sends a Router Solicitation (RS) request to discover the available routers, RADVD with
Router Advertisement (RA) messages in response to the request. It specifies the minimum and maximum
intervals of RA broadcasts. RA messages containing the address prefix. IPv6 hosts can be generated
with the IPv6 prefix an IPv6 address.
SBG5500 Series User’s Guide
86
Page 87
6.1.3 Before You Begin
Find out the MAC addresses of your network devices if you intend to add them to the DHCP Client List
screen.
6.2 The LAN Status Screen
Use the LAN Status Screen to view the status of all interfaces connected to the SBG, details about DHCP
clients. Click on Configuration > LAN / Home Network > LAN Status to open the following screen. The
tables change depending on the table you click on.
Figure 60 Configuration > LAN / Home Network > LAN Status
Chapter 6 LAN
The following table describes the labels in the screen.
Table 20 Configuration > LAN / Home Network > LAN Status
LABEL DESCRIPTION
Refresh Click this to update the table.
LAN Status
Click this to show the interfaces currently connected to the SBG.
Name This shows the name of the LAN interface.
Status This shows Up if the SBG detect a connection through this port. Otherwise it shows
Down.
Tx Pkts This is the number of transmitted packets on this port.
Rx Pkts This is the number of received packets on this port.
Tx B/s This displays the transmission speed in bytes per second on this port.
Rx B/s This displays the reception speed in bytes per second on this port.
DHCP Client
Click this to look at the IP addresses currently assigned to DHCP clients and the IP addresses reserved for specific
MAC addresses.
# This field is a sequential value, and it is not associated with a specific entry.
Device Name This field displays the name used to identify this device on the network (the
computer name). The SBG learns these from the DHCP client requests.“None” shows
here for a static DHCP entry.
SBG5500 Series User’s Guide
87
Page 88
Chapter 6 LAN
Table 20 Configuration > LAN / Home Network > LAN Status
LABEL DESCRIPTION
IP Address This field displays the DHCP client’s IP address.
MAC Address This field displays the MAC address to which the IP address is currently assigned or for
which the IP address is reserved.
ARP Table
Click this to view IP-to-MAC address mapping(s).
# This is the ARP table entry number.
IP Address This is the learned IPv4 or IPv6 IP address of a device connected to a port.
MAC Address This is the MAC address of the device with the listed IP address.
Interface This is the interface used by the ARP entry.
Multicast Status
Click this to look at the current list of multicast groups the SBG has joined and which ports have joined it.
# This is the multicast status table entry number.
Type This is the protocol used by the interface.
Interface This field displays the name of an interface on the SBG that belongs to an IGMP
Multicast Group This field displays the name of the IGMP multicast group to which the interface
Host This shows the clients that are part of this multicast group.
multicast group.
belongs.
6.3 The LAN Setup Screen
Use this screen to set the Local Area Network IP address and subnet mask of your SBG. Click
Configuration > LAN / Home Network to open the LAN Setup screen.
Figure 61 Configuration > LAN / Home Network > LAN Setup
The following table describes the labels in this screen.
Table 21 Configuration > LAN / Home Network > LAN Setup
LABEL DESCRIPTION
Edit Select an entry and click Edit to modify it.
# This field is a sequential value, and it is not associated with a specific entry.
Group Name This field shows the interface group name.
Zone Name This field shows the security zone (LAN, WLAN, DMZ, or EXTRA) in which the LAN
interface is included.
IPv4 / Mask This field displays the LAN IPv4 address assigned to your SBG and the subnet mask of
your network in dotted decimal notation.
SBG5500 Series User’s Guide
88
Page 89
Table 21 Configuration > LAN / Home Network > LAN Setup
LABEL DESCRIPTION
DHCP This shows whether the SBG acts as DHCP Server or DHCP Relay agent. It shows
IPv6 This shows the IPv6 prefix and prefix length you configured when you enable IPv6 on
Address Assign This field displays 1 when the IPv6 address is assigned using IPv6 stateful
6.3.1 Edit LAN Setup
In Configuration > LAN / Home Network screen select an entry and click Edit to open the following
screen.
Figure 62 LAN Setup: Edit > General / IPv4
Chapter 6 LAN
Disable if the DHCP server has been stopped in the SBG.
the LAN interface and set
autoconfiguration (DHCPv6) or 0 when the SBG uses IPv6 stateless
autoconfiguration.
• Stateless: The SBG send IPv6 prefix information in router advertisements
periodically and in response to router solicitations.
• Stateful: The DHCPv6 server is enabled to have the SBG act as a DHCPv6 server
and pass IPv6 addresses to DHCPv6 clients.
SBG5500 Series User’s Guide
89
Page 90
Chapter 6 LAN
The following table describes the fields in this screen.
Table 22 LAN Setup: Edit > General / IPv4
LABEL DESCRIPTION
General
Group Name Select the interface group name for which you want to configure LAN settings. See Section 6.7
Zone Select the security zone (LAN, WLAN, DMZ, or EXTRA) in which to include the LAN interface. A
IPv4 / IPv6 Mode Select IPv4 only if you want the SBG to run IPv4 only.
IPv4 Address Setting
IP Address Enter the LAN IP address you want to assign to your SBG in dotted decimal notation, for
Subnet Mask Type the subnet mask of your network in dotted decimal notation, for example 255.255.255.0
IGMP Snooping
Enable IGMP
Snooping
IGMP Mode Select Standard Mode to have the SBG forward multicast packets to a port that joins the
DHCP Setting
DHCP Mode Select DHCP Server to have the SBG act as a DHCP server.
on page 98 for how to create a new interface group/VLAN.
newly created local network (interface group) belongs to the LAN zone by default.
Select IPv4 IPv6 Dualstack to allow the SBG to run IPv4 and IPv6 at the same time.
example, 192.168.1.1 (factory default).
(factory default). Your SBG automatically computes the subnet mask based on the IP Address
you enter, so do not change this field unless you are instructed to do so.
Select the check box to allow the SBG to passively learn multicast group.
multicast group and broadcast unknown multicast packets from the WAN to all LAN ports.
Select Blocking Mode to have the SBG block all unknown multicast packets from the WAN.
Select DHCP Relay to have the SBG act as a DHCP relay agent and forward DHCP request to the
DHCP server you specify.
Select DHCP Disable to stop the DHCP server on the SBG.
Beginning IP
Address
Ending IP
Address
Lease Time This is the period of time DHCP-assigned addresses use. DHCP automatically assigns IP addresses
DNS Server 1 Specify the IP address of the first DNS server for the DHCP clients to use. Use one of the following
This field specifies the first of the contiguous addresses in the IP address pool.
This field specifies the last of the contiguous addresses in the IP address pool.
to clients when they log in. DHCP centralizes IP address management on central computers that
run the DHCP server program. DHCP leases addresses, for a period of time, which means that
past addresses are “recycled” and made available for future reassignment to other systems.
This field is only available when you select DHCP Server in the DHCP Mode field.
ways to specify the IP address.
DNS Proxy - the clients use the IP address of the SBG LAN interface. The SBG redirects clients’ DNS
queries to a DNS server for resolving domain names.
Static - enter a static IP address.
From Wan Interface - select the WAN interface that receives the DNS server address from its
DHCP server.
SBG5500 Series User’s Guide
90
Page 91
Chapter 6 LAN
Table 22 LAN Setup: Edit > General / IPv4 (continued)
LABEL DESCRIPTION
DNS Server 2 Specify the IP address of the secondary DNS server for the DHCP clients to use. Use one of the
following ways to specify the IP address.
DNS Proxy - the clients use the IP address of the SBG LAN interface. The SBG redirects clients’ DNS
queries to a DNS server for resolving domain names.
Static - enter a static IP address.
From Wan Interface - select the WAN interface that receives the DNS server address from its
DHCP server.
Remote DHCP
Server
DHCP Option
Setup
TFTP Server
Name (option
66)
Bootfile Name
(option 67)
TFTP Server
Address (option
150)
OK
Cancel Click Cancel to restore your previously saved settings.
Enter the DHCP server’s address so the SBG forwards DHCP requests to this address.
This field is only available when you select DHCP Relay.
These fields display when you select DHCP Server in the DHCP Mode field. You may need to
configure them when you have VoIP phones on your LAN.
Enter the name of a TFTP server to assign it to the DHCP clients.
Enter the name of a bootfile to assign it to the DHCP clients.
Enter the IP address of a TFTP server to assign it to the DHCP clients.
Click OK to save your changes.
6.3.2 Edit LAN Setup IPv6
Click the IPv6 tab in Configuration > LAN / Home Network > LAN Setup > Edit to configure IPv6 LAN
settings on the SBG. This screen is available only when you select IPv4 IPv6 Dualstack in the IPv4 / IPv6
Mode field of the LAN Setup > Edit > General / IPv4 screen.
SBG5500 Series User’s Guide
91
Page 92
Figure 63 LAN Setup: Edit > IPv6
Chapter 6 LAN
The following table describes the labels in this screen.
Table 23 Configuration > LAN / Home Network > LAN Setup: Edit > IPv6
LABEL DESCRIPTION
Link Local Address
Static IPv6 Address Prefix This shows the static IPv6 address prefix used to represent the SBG network address.
Link Local Address Type Select EUI-64 to give clients a 64-bit Extended Unique Identifier (EUI) to link locally
without DHCP.
Select Manual to manually enter an interface ID for the LAN interface’s global IPv6
address.
LAN Identifier Enter an interface ID for the LAN interface’s global IPv6 address.
IP address This field shows an IPv6 address created using the Static IPv6 Address Prefix and the
LAN Identifier you input.
Address Setting
Delegate Prefix From WAN
Select this option and a WAN interface with IPv6 enabled to automatically obtain
an IPv6 network prefix from the service provider or an uplink router through the
specified WAN interface.
SBG5500 Series User’s Guide
92
Page 93
Chapter 6 LAN
Table 23 Configuration > LAN / Home Network > LAN Setup: Edit > IPv6
LABEL DESCRIPTION
Static Select this option to configure a fixed IPv6 address for the SBG’s LAN interface.
Note: This fixed address is for local hosts to access the Web Configurator
only as the global LAN IPv6 address might be changed by your ISP
any time. This address is not the routing gateway’s address for LAN
IPv6 hosts.
Static IPv6 Address Prefix Enter the address prefix to represent the SBG’s static LAN IPv6 address.
Prefix Length If you select Static, enter the IPv6 prefix length that the SBG uses to generate the LAN
IPv6 address.
An IPv6 prefix length specifies how many most significant bits (starting from the left)
in the address compose the network address. This field displays the bit number of the
IPv6 subnet mask.
LAN Global Identifier Type Select EUI-64 to allow clients to assign themselves a 64-bit Extended Unique Identifier
(EUI) without DHCP.
Select Manual if you want to enter the LAN identifier the clients use.
LAN Identifier Enter the LAN identifier clients use without DHCP.
IP Address This field shows an IPv6 address created using the Static IPv6 Address Prefix and the
LAN Identifier you input.
Route Advertisement State
LAN Address Assign Setup Select how you want to obtain an IPv6 address:
• Stateless / Auto: The SBG uses IPv6 stateless autoconfiguration. RADVD (Router
Advertisement Daemon) is enabled to have the SBG send IPv6 prefix information
in router advertisements periodically and in response to router solicitations.
DHCPv6 server is disabled.
• Stateful / DHCP: The SBG uses IPv6 stateful autoconfiguration. The DHCPv6 server
is enabled to have the SBG act as a DHCPv6 server and pass IPv6 addresses to
DHCPv6 clients.
LAN DNS Assign Setup Select how the SBG provide DNS server and domain name information to the clients:
• From Router Advertisement: The SBG provides DNS information through router
advertisements.
• From DHCPv6 Server: The SBG provides DNS information through DHCPv6.
DHCPv6 Setting
DHCPv6 Status This shows the status of the DHCPv6. DHCPv6 Server displays if you configured the
IPv6 Start Address
IPv6 End Address
IPv6 Domain Name
IPv6 DNS Values
IPv6 DNS Server 1-3
OK
Cancel Click Cancel to restore your previously saved settings.
SBG to act as a DHCPv6 server which assigns IPv6 addresses and/or DNS information
to clients.
If DHCPv6 is enabled, specify the first IPv6 address in the pool of addresses that can
be assigned to DHCPv6 clients.
If DHCPv6 is enabled, specify the last IPv6 address in the pool of addresses that can
be assigned to DHCPv6 clients.
If DHCPv6 is enabled, specify the domain name to be assigned to DHCPv6 clients.
Select From WAN Interface if your ISP dynamically assigns IPv6 DNS server
information.
Select Static if you have the IPv6 address of a DNS server. Enter the DNS server IPv6
addresses the SBG passes to the DHCP clients.
Select DNS Proxy if you have the DNS proxy service. The SBG redirects clients’ DNS
queries to a DNS server for resolving domain names.
Click OK to save your changes.
SBG5500 Series User’s Guide
93
Page 94
Chapter 6 LAN
6.4 The Static DHCP Screen
This table allows you to assign IP addresses on the LAN to specific individual computers based on their
MAC Addresses.
Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned
at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
Use this screen to change your SBG’s static DHCP settings. Click Configuration > LAN / Home Network >
Static DHCP to open the following screen.
Figure 64 Configuration > LAN / Home Network > Static DHCP
The following table describes the labels in this screen.
Table 24 Network Setting > LAN > Static DHCP
LABEL DESCRIPTION
Add Click this to add a new static DHCP entry.
Edit Click Edit to configure a static DHCP entry.
Remove Click Remove to delete a static DHCP entry.
Multiple Entries Turn OnSelect one or more static DHCP entry and click this to enable them.
Multiple Entries Turn
Off
# This is the index number of the DHCP entry.
Status This field displays whether the entry is active.
MAC Address This field displays the MAC address of a computer on the LAN.
IP Address This field displays the IP address relative to the MAC address field listed above.
6.4.1 Edit Static DHCP
If you click Add in the Static DHCP screen or Edit next to a static DHCP entry, the following screen
displays.
Select one or more static DHCP entry and click this to disable them.
Click the slide button to turn on or turn off the entry.
SBG5500 Series User’s Guide
94
Page 95
Chapter 6 LAN
Figure 65 Static DHCP: Add/Edit
The following table describes the labels in this screen.
Table 25 Static DHCP: Add/Edit
LABEL DESCRIPTION
Static DHCP Configuration
Enable Select this to activate the rule.
Group Name Select the interface group name for which you want to configure static DHCP settings. See
Section 6.7 on page 98 for how to create a new interface group.
Select Device Info If you select Manual Input, you can manually type in the MAC address and IP address of a
computer on your LAN. You can also choose the name of a computer from the drop list and
have the MAC Address and IP Address auto-detected.
MAC Address If you select Manual Input, enter the MAC address of a computer on your LAN.
IP Address If you select Manual Input, enter the IP address that you want to assign to the computer on
your LAN with the MAC address that you will also specify.
OK
Cancel Click Cancel to exit this screen without saving.
Click OK to save your changes.
SBG5500 Series User’s Guide
95
Page 96
Chapter 6 LAN
6.5 The Additional Subnet Screen
Use the Additional Subnet screen to configure IP alias.
IP alias allows you to partition a physical network into different logical networks over the same Ethernet
interface. The SBG supports multiple logical LAN interfaces via its physical Ethernet interface with the
SBG itself as the gateway for the LAN network. When you use IP alias, you can also configure firewall
rules to control access to the LAN's logical network (subnet).
Click Configuration > LAN / Home Network > Additional Subnet to display the screen shown next.
Figure 66 Configuration > LAN / Home Network > Additional Subnet
The following table describes the labels in this screen.
Table 26 Configuration > LAN / Home Network > Additional Subnet
LABEL DESCRIPTION
General
Group Name Select the interface group name for which you want to configure the IP alias settings. See
Section 6.7 on page 98 for how to create a new interface group. A newly created local network
(interface group) belongs to the LAN zone by default.
IP Alias Setup
Enable Select the check box to configure a LAN network for the SBG.
IP Address Enter the IP address of your SBG in dotted decimal notation.
Subnet Mask Your SBG will automatically calculate the subnet mask based on the IP address that you assign.
Apply Click Apply to save your changes.
Reset
Unless you are implementing subnetting, use the subnet mask computed by the SBG.
Click Reset to return the screen to its last-saved settings.
6.6 The Wake on LAN Screen
Use this screen to turn on a device on the LAN network. To use this feature, the remote device must also
support Wake On LAN.
SBG5500 Series User’s Guide
96
Page 97
Chapter 6 LAN
You need to know the MAC address of the LAN device. It may be on a label on the device or in its
documentation.
Figure 67 Configuration > LAN / Home Network > Wake on LAN
The following table describes the labels in this screen.
Table 27 Configuration > LAN / Home Network > Wake on LAN
LABEL DESCRIPTION
Add Click this to add a new device to Wake on LAN.
Remove Select a static DHCP entry and click Remove to delete it.
Wake Up Select a device and click this to enable the Wake on LAN feature.
# This field is a sequential value, and it is not associated with any entry.
Description This field shows a descriptive name for a device on the LAN network.
MAC Address This field shows the MAC address for a device on the LAN network.
6.6.1 Wake On LAN: Add/Edit
Use this screen to add a device and turn it on using Wake on LAN. Click Edit to open the following
screen.
Figure 68 Wake On LAN: Edit
SBG5500 Series User’s Guide
97
Page 98
Chapter 6 LAN
The following table describes the labels in this screen.
Table 28 Configuration > LAN / Home Network > Wake on LAN
LABEL DESCRIPTION
Wake From
Manual Type MAC Select this to enter the MAC address of the device to turn it on remotely.
Host Profile List Select this to look at the list of hosts connected to the SBG.
Host Profile List This is drop-down list that shows the IP addresses that can be found in the SBG’s LAN
Get MAC Address From IP If you selected Manual Type MAC you can enter a device’s IP address and click Get
Description Enter a descriptive name for the device you want to turn on.
MAC Address Enter the MAC address of the device to turn it on. A MAC address consists of six
Add New Host to Profile Select this check box to add this Host to the LAN Site Host list in the Maintenance >
Site Host list, see Section 16.2 on page 228. Select a host and it will then
automatically update the Description and MAC address fields.
to obtain its MAC address.
hexadecimal character pairs.
LAN Site Host Name screen, see Section 16.2 on page 228.
6.7 The VLAN / Interface Group Screen
Use Interface Group to create multiple networks on the SBG. You can manually add a LAN interface to
a new group. Alternatively, you can have the SBG automatically add the incoming traffic and the LAN
interface on which traffic is received to an interface group when its DHCP Vendor ID option information
matches one listed for the interface group.
Use the LAN screen to configure the private IP addresses the DHCP server on the SBG assigns to the
clients in the default and/or user-defined groups. If you set the SBG to assign IP addresses based on the
client’s DHCP Vendor ID option information, you must enable DHCP server and configure LAN TCP/IP
settings for both the default and user-defined groups.
Click Configuration > LAN / Home Network > VLAN / Interface Group to open the following screen.
Figure 69 Configuration > LAN / Home Network > VLAN / Interface Group
The following table describes the labels on this screen.
Table 29 Configuration > LAN / Home Network > VLAN / Interface Group
LABEL DESCRIPTION
VLAN/ Interface Group
Add Click Add to create a new interface group.
Edit Click Edit to configure an interface group.
SBG5500 Series User’s Guide
98
Page 99
Chapter 6 LAN
Table 29 Configuration > LAN / Home Network > VLAN / Interface Group
LABEL DESCRIPTION
Remove Click Remove to delete an interface group.
# This shows the index number of the interface group.
Mode This shows VLAN when this is a VLAN group.
This shows Interface Group when this is an interface group.
Group Name This shows the descriptive name of the group.
LAN Interface This shows the LAN interfaces in the group.
Criteria This shows the filtering criteria for the group.
6.7.1 VLAN / Interface Group: Add/Edit
If you click Add in the VLAN / Interface Group screen or select an existing group and click Edit the screen
displays as shown below.
The screen varies depending on whether you create a VLAN Group or an Interface Group.
Figure 70 VLAN / Interface Group: Add/Edit (VLAN Group)
SBG5500 Series User’s Guide
99
Page 100
Chapter 6 LAN
Figure 71 VLAN / Interface Group: Add/Edit (Interface Group)
The following table describes the labels in this screen.
Table 30 VLAN / Interface Group > Add/Edit
LABEL DESCRIPTION
VLAN / Interface Group
Group Name Enter the descriptive name of the VLAN or Interface Group. You can enter up to 65
characters. You can use numbers, letters, hyphens (-) and underscores(_). Spaces
are not allowed.
Mode
VLAN Click this check box to create a VLAN group.
Interface Group (To Bridge /
Bundle WAN Interfaces)
802.1p IEEE 802.1p defines up to 8 separate traffic types by inserting a tag into a MAC layer
802.1q Type the VLAN ID number (from 1 to 4094) for traffic through tagged member ports
VLAN Port Membership
Click this check box to create an interface group,
frame that contains bits to define class of service.
Select the IEEE 802.1p priority (from 0 to 7) to add to traffic the SBG sends through
tagged member ports of this group. The greater the number, the higher the priority
level.
of this group. A VLAN ID cannot be assigned to more than one group.
SBG5500 Series User’s Guide
100
Loading...