User Guide
Page 3
E-mail: techwriters@zyxel.com.tw NBG420N User's Guide 3 It contains information on setting up and running right away. The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, ...Quick Start Guide The Quick Start Guide is intended for people who want to configure the NBG420N using the web configurator. Thank you get up your network and configuring for Internet access...8226; Supporting Disk Refer to the included CD for support documents. • ZyXEL Web Site Please refer to www.zyxel.com for improvement to the following address, or use e-mail instead. User ...
E-mail: techwriters@zyxel.com.tw NBG420N User's Guide 3 It contains information on setting up and running right away. The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, ...Quick Start Guide The Quick Start Guide is intended for people who want to configure the NBG420N using the web configurator. Thank you get up your network and configuring for Internet access...8226; Supporting Disk Refer to the included CD for support documents. • ZyXEL Web Site Please refer to www.zyxel.com for improvement to the following address, or use e-mail instead. User ...
User Guide
Page 16
... (IKE Phase 2) Overview 167 15.2 The General Screen ...167 15.2.1 VPN Rule Setup (Basic 168 15.2.2 VPN Rule Setup (Advanced 173 15.2.3 VPN Rule Setup (Manual 179 15.3 The SA Monitor Screen 183 15.4 VPN and Remote Management 184 15.5 IPSec VPN Technical Reference 185 Part IV: Management 193 Chapter 16... Rule Configuration 205 17.10 Bandwidth Management Monitor 206 Chapter 18 Remote Management...209 18.1 Remote Management Overview 209 18.1.1 Remote Management Limitations 209 16 NBG420N User's Guide
... (IKE Phase 2) Overview 167 15.2 The General Screen ...167 15.2.1 VPN Rule Setup (Basic 168 15.2.2 VPN Rule Setup (Advanced 173 15.2.3 VPN Rule Setup (Manual 179 15.3 The SA Monitor Screen 183 15.4 VPN and Remote Management 184 15.5 IPSec VPN Technical Reference 185 Part IV: Management 193 Chapter 16... Rule Configuration 205 17.10 Bandwidth Management Monitor 206 Chapter 18 Remote Management...209 18.1 Remote Management Overview 209 18.1.1 Remote Management Limitations 209 16 NBG420N User's Guide
User Guide
Page 21
... Security > VPN > General > Rule Setup: IKE (Basic 169 Figure 107 Security > VPN > General > Rule Setup: IKE (Advanced 174 Figure 108 Security > VPN > General > Rule Setup: Manual 180 Figure 109 Security > VPN > SA Monitor 183 Figure 110 VPN for Remote Management Example 184 Figure 111 IKE SA: Main Negotiation Mode, Steps 1 - 2: IKE... MGMT > Advanced 203 Figure 123 Bandwidth Management Rule Configuration: Pre-defined Service 205 Figure 124 Management > Bandwidth MGMT > Advanced: User-defined Service Rule Configuration 206 NBG420N User's Guide 21
... Security > VPN > General > Rule Setup: IKE (Basic 169 Figure 107 Security > VPN > General > Rule Setup: IKE (Advanced 174 Figure 108 Security > VPN > General > Rule Setup: Manual 180 Figure 109 Security > VPN > SA Monitor 183 Figure 110 VPN for Remote Management Example 184 Figure 111 IKE SA: Main Negotiation Mode, Steps 1 - 2: IKE... MGMT > Advanced 203 Figure 123 Bandwidth Management Rule Configuration: Pre-defined Service 205 Figure 124 Management > Bandwidth MGMT > Advanced: User-defined Service Rule Configuration 206 NBG420N User's Guide 21
User Guide
Page 26
... ...168 Table 63 SECURITY > VPN > Rule Setup: IKE (Basic 170 Table 64 Security > VPN > Rule Setup: IKE (Advanced 175 Table 65 Security > VPN > Rule Setup: Manual 180 Table 66 Security > VPN > SA Monitor 184 Table 67 VPN Example: Matching ID Type and Content 186 Table 68 VPN Example: Mismatching ID Type... Rule Configuration . 206 Table 79 Management > Remote MGMT > WWW 210 Table 80 Management > Remote MGMT > Telnet 211 Table 81 Management > Remote MGMT > FTP 212 26 NBG420N User's Guide
... ...168 Table 63 SECURITY > VPN > Rule Setup: IKE (Basic 170 Table 64 Security > VPN > Rule Setup: IKE (Advanced 175 Table 65 Security > VPN > Rule Setup: Manual 180 Table 66 Security > VPN > SA Monitor 184 Table 67 VPN Example: Matching ID Type and Content 186 Table 68 VPN Example: Mismatching ID Type... Rule Configuration . 206 Table 79 Management > Remote MGMT > WWW 210 Table 80 Management > Remote MGMT > Telnet 211 Table 81 Management > Remote MGMT > FTP 212 26 NBG420N User's Guide
User Guide
Page 35
... on the device itself, or in its configuration utility) or enter a PIN (a unique Personal Identification Number that also has WPS activated. NBG420N User's Guide 35 Each WPS connection works between two devices. Depending on the devices you have, you to quickly set up a wireless ...network with strong security, without having to configure security settings manually. For more information on using WPS, see Section 6.1.2 on page 73. CHAPTER 2 The WPS Button 2.1 Overview Your NBG420N supports WiFi Protected Setup (WPS), which is an easy way to set up a ...
... on the device itself, or in its configuration utility) or enter a PIN (a unique Personal Identification Number that also has WPS activated. NBG420N User's Guide 35 Each WPS connection works between two devices. Depending on the devices you have, you to quickly set up a wireless ...network with strong security, without having to configure security settings manually. For more information on using WPS, see Section 6.1.2 on page 73. CHAPTER 2 The WPS Button 2.1 Overview Your NBG420N supports WiFi Protected Setup (WPS), which is an easy way to set up a ...
User Guide
Page 41
... the bandwidth management is active or not. - When this percentage is close to have more throughput, you select manually. - UPnP This shows whether UPnP is the total time the NBG420N has been on (Advanced) or not (Basic). This displays Unconfigured if the WPS has not been set up... This shows the wireless adapter MAC Address of the Wireless LAN - Status This shows the current status of your NBG420N's present date and time. On, Off or Off by ZyNOS (ZyXEL Network Operating System) and is not used by scheduler. - Name (SSID) This shows a descriptive name used ...
... the bandwidth management is active or not. - When this percentage is close to have more throughput, you select manually. - UPnP This shows whether UPnP is the total time the NBG420N has been on (Advanced) or not (Basic). This displays Unconfigured if the WPS has not been set up... This shows the wireless adapter MAC Address of the Wireless LAN - Status This shows the current status of your NBG420N's present date and time. On, Off or Off by ZyNOS (ZyXEL Network Operating System) and is not used by scheduler. - Name (SSID) This shows a descriptive name used ...
User Guide
Page 45
...6 Summary: DHCP Table LABEL DESCRIPTION # This is disabled, you must have another DHCP server on that network, or else the computer must be manually configured. When configured as a DHCP server or disable it. If DHCP service is the index number of the host computer. Refresh Click Refresh to ...renew the screen. You can configure the NBG420N's LAN as a server, the NBG420N provides the TCP/IP configuration for example, 00:A0:C5:00:00:02. The MAC address is assigned at start-up from ...
...6 Summary: DHCP Table LABEL DESCRIPTION # This is disabled, you must have another DHCP server on that network, or else the computer must be manually configured. When configured as a DHCP server or disable it. If DHCP service is the index number of the host computer. Refresh Click Refresh to ...renew the screen. You can configure the NBG420N's LAN as a server, the NBG420N provides the TCP/IP configuration for example, 00:A0:C5:00:00:02. The MAC address is assigned at start-up from ...
User Guide
Page 61
...Table 21 Wizard Step 3: WAN MAC Address LABEL DESCRIPTION Factory Default Select Factory Default to use the factory assigned default MAC address. NBG420N User's Guide 61 Table 20 Example of the computer on your LAN even if your ISP does not presently require MAC address ...Click Exit to continue. The MAC address is advisable to clone the MAC address from a computer on your LAN even if your LAN or manually entering a MAC address. Set WAN MAC Address Select this screen. Chapter 4 Connection Wizard 4.4.9 WAN MAC Address Every Ethernet device has a ...
...Table 21 Wizard Step 3: WAN MAC Address LABEL DESCRIPTION Factory Default Select Factory Default to use the factory assigned default MAC address. NBG420N User's Guide 61 Table 20 Example of the computer on your LAN even if your ISP does not presently require MAC address ...Click Exit to continue. The MAC address is advisable to clone the MAC address from a computer on your LAN even if your LAN or manually entering a MAC address. Set WAN MAC Address Select this screen. Chapter 4 Connection Wizard 4.4.9 WAN MAC Address Every Ethernet device has a ...
User Guide
Page 67
LAN Information - On, Off or Off by ZyNOS (ZyXEL Network Operating System) and is up or connected). WPS This ...turn off other applications (for identification purposes. Click the status to the NBG420N - If you want some applications to have more throughput, you select manually. - System Setting - For the WLAN, it displays Up when the...This is the firmware version and the date created. CPU Usage This displays what percentage of wireless security the NBG420N is using . IP Address This shows the LAN port's IP address. - Heap memory refers to improve...
LAN Information - On, Off or Off by ZyNOS (ZyXEL Network Operating System) and is up or connected). WPS This ...turn off other applications (for identification purposes. Click the status to the NBG420N - If you want some applications to have more throughput, you select manually. - System Setting - For the WLAN, it displays Up when the...This is the firmware version and the date created. CPU Usage This displays what percentage of wireless security the NBG420N is using . IP Address This shows the LAN port's IP address. - Heap memory refers to improve...
User Guide
Page 95
... choose the channel with which want to associate to adjust the channel bandwidth automatically. Refer to the Connection Wizard chapter for the NBG420N to manually select the channel using a site survey tool. Auto Channel Selection Select this check box to 32 printable 7-bit ASCII characters) ...depending on this screen. This option is only available if Auto Channel Selection is associated. Operating Channel This displays the channel the NBG420N is currently using. Because not all devices support 40 MHz channels, select Auto 20/40MHz to allow any client to 300 Mbps....
... choose the channel with which want to associate to adjust the channel bandwidth automatically. Refer to the Connection Wizard chapter for the NBG420N to manually select the channel using a site survey tool. Auto Channel Selection Select this check box to 32 printable 7-bit ASCII characters) ...depending on this screen. This option is only available if Auto Channel Selection is associated. Operating Channel This displays the channel the NBG420N is currently using. Because not all devices support 40 MHz channels, select Auto 20/40MHz to allow any client to 300 Mbps....
User Guide
Page 106
... Use this button to remove all configured wireless and wireless security settings for WPS connections on the NBG420N or you to quickly set up a wireless network with strong security, without having to configure security settings manually. Refresh Click Refresh to remove the configured wireless and wireless security settings. Table 37 WPS LABEL...
... Use this button to remove all configured wireless and wireless security settings for WPS connections on the NBG420N or you to quickly set up a wireless network with strong security, without having to configure security settings manually. Refresh Click Refresh to remove the configured wireless and wireless security settings. Table 37 WPS LABEL...
User Guide
Page 119
...authentication method), RR-Toshiba (Roadrunner Toshiba authentication method) or Telia Login. Set WAN MAC Address Select this screen afresh. 8.4.2 PPPoE Encapsulation The NBG420N supports PPPoE (Point-to use . Select None if you must choose the Ethernet option when the WAN port is an IETF standard (RFC ... this option and enter the MAC address you one) in order to the NBG420N. IP Address and enter the IP address of a DNS server. Gateway IP Address Enter a Gateway IP Address (if your LAN or manually entering a MAC address. Once it . PPPoE is used as a regular Ethernet...
...authentication method), RR-Toshiba (Roadrunner Toshiba authentication method) or Telia Login. Set WAN MAC Address Select this screen afresh. 8.4.2 PPPoE Encapsulation The NBG420N supports PPPoE (Point-to use . Select None if you must choose the Ethernet option when the WAN port is an IETF standard (RFC ... this option and enter the MAC address you one) in order to the NBG420N. IP Address and enter the IP address of a DNS server. Gateway IP Address Enter a Gateway IP Address (if your LAN or manually entering a MAC address. Once it . PPPoE is used as a regular Ethernet...
User Guide
Page 121
By implementing PPPoE directly on the router rather than individual computers, the computers on your LAN or manually entering a MAC address. Password Type the password associated with NAT, all of the task. WAN IP Address Assignment Get automatically Select this field... selected Use Fixed IP Address. xDSL, cable, wireless, etc.) connection. Retype to Confirm Type your ISP dynamically assigns DNS server information (and the NBG420N's WAN IP address). Idle Timeout This value specifies the time in this option If the ISP assigned a fixed IP address. This is the from ...
By implementing PPPoE directly on the router rather than individual computers, the computers on your LAN or manually entering a MAC address. Password Type the password associated with NAT, all of the task. WAN IP Address Assignment Get automatically Select this field... selected Use Fixed IP Address. xDSL, cable, wireless, etc.) connection. Retype to Confirm Type your ISP dynamically assigns DNS server information (and the NBG420N's WAN IP address). Idle Timeout This value specifies the time in this option If the ISP assigned a fixed IP address. This is the from ...
User Guide
Page 124
...to you are cloning. Idle Timeout This value specifies the time in this field if you click Apply. Connection ID/Name Type your LAN or manually entering a MAC address. My IP Address Type the (static) IP address assigned to the rom file (ZyNOS configuration file). My WAN IP ... IP address. If you set to 0.0.0.0, User-Defined changes to the right displays the (readonly) DNS server IP address that elapses before the NBG420N automatically disconnects from Select this option and enter the MAC address you do not want the connection to access it is correctly. WAN MAC Address...
...to you are cloning. Idle Timeout This value specifies the time in this field if you click Apply. Connection ID/Name Type your LAN or manually entering a MAC address. My IP Address Type the (static) IP address assigned to the rom file (ZyNOS configuration file). My WAN IP ... IP address. If you set to 0.0.0.0, User-Defined changes to the right displays the (readonly) DNS server IP address that elapses before the NBG420N automatically disconnects from Select this option and enter the MAC address you do not want the connection to access it is correctly. WAN MAC Address...
User Guide
Page 128
... 2 (RFC 2236) is an improvement over version 1 (RFC 1112) but IGMP version 1 is assigned to the permanent group of the computer and the NBG420N are not in wide use a static private IP address in the corporate environment. The address 224.0.0.1 is used to carry user data. Chapter 9 LAN ...the network - it is required to use a static IP address in another network, you may need to manually configure the network settings of either two ways - At start up, the NBG420N queries all IP hosts (including gateways). Select None to access the Internet without changing the network settings (...
... 2 (RFC 2236) is an improvement over version 1 (RFC 1112) but IGMP version 1 is assigned to the permanent group of the computer and the NBG420N are not in wide use a static private IP address in the corporate environment. The address 224.0.0.1 is used to carry user data. Chapter 9 LAN ...the network - it is required to use a static IP address in another network, you may need to manually configure the network settings of either two ways - At start up, the NBG420N queries all IP hosts (including gateways). Select None to access the Internet without changing the network settings (...
User Guide
Page 133
... as a server, the NBG420N provides the TCP/IP configuration for the clients. Leave the Enable DHCP Server check box selected unless your ISP instructs you must have another DHCP server on your LAN, or else the computers must be manually configured. Pool Size This field ...Table 50 Network > DHCP > General LABEL DESCRIPTION LAN DHCP Setup Enable DHCP Server Enable or Disable DHCP for the clients. Clear it . NBG420N User's Guide 133 Figure 86 Network > DHCP > General The following table describes the labels in the following screen displays. The following four ...
... as a server, the NBG420N provides the TCP/IP configuration for the clients. Leave the Enable DHCP Server check box selected unless your ISP instructs you must have another DHCP server on your LAN, or else the computers must be manually configured. Pool Size This field ...Table 50 Network > DHCP > General LABEL DESCRIPTION LAN DHCP Setup Enable DHCP Server Enable or Disable DHCP for the clients. Clear it . NBG420N User's Guide 133 Figure 86 Network > DHCP > General The following table describes the labels in the following screen displays. The following four ...
User Guide
Page 135
... address that choice changes to None after you click Apply. When a computer on the LAN sends a DNS query to the NBG420N, the NBG420N forwards the query to the NBG420N's system DNS server (configured in the field to the right. If you chose User-Defined, but leave the IP address set... servers. The NBG420N's LAN IP address displays in the Status screen. You can also view a read-only client list by DHCP Server The NBG420N passes a DNS (Domain Name System) server IP address (in the order you must have their DNS server addresses manually configured. Select None if you select ...
... address that choice changes to None after you click Apply. When a computer on the LAN sends a DNS query to the NBG420N, the NBG420N forwards the query to the NBG420N's system DNS server (configured in the field to the right. If you chose User-Defined, but leave the IP address set... servers. The NBG420N's LAN IP address displays in the Status screen. You can also view a read-only client list by DHCP Server The NBG420N passes a DNS (Domain Name System) server IP address (in the order you must have their DNS server addresses manually configured. Select None if you select ...
User Guide
Page 142
... protocol (a "trigger" port). The problem is an example of trigger port forwarding. 142 NBG420N User's Guide When the NBG420N's WAN port receives a response with a specific port number and protocol ("incoming" port), the NBG420N forwards the traffic to the LAN IP address of the computer that sends traffic to the ...WAN to manually replace the LAN computer's IP address in the same manner. The NBG420N records the IP address of a LAN computer that sent the request. Trigger port forwarding solves this problem by ...
... protocol (a "trigger" port). The problem is an example of trigger port forwarding. 142 NBG420N User's Guide When the NBG420N's WAN port receives a response with a specific port number and protocol ("incoming" port), the NBG420N forwards the traffic to the LAN IP address of the computer that sends traffic to the ...WAN to manually replace the LAN computer's IP address in the same manner. The NBG420N records the IP address of a LAN computer that sent the request. Trigger port forwarding solves this problem by ...
User Guide
Page 170
... is a range, enter the end (static) IP address, in a range of computers on the LAN behind the NAT router. Manual is generally recommended. The NBG420N assigns this additional DNS server to have problems using Transport or Tunnel mode, but not both. In order to have the same configured...Address field and the LAN's full IP address range as only one active rule with manual key management. Local Policy Local IP addresses must be static and correspond to the IPSec router behind your NBG420N. You can have more protection so it a second time here. In order for ...
... is a range, enter the end (static) IP address, in a range of computers on the LAN behind the NAT router. Manual is generally recommended. The NBG420N assigns this additional DNS server to have problems using Transport or Tunnel mode, but not both. In order to have the same configured...Address field and the LAN's full IP address range as only one active rule with manual key management. Local Policy Local IP addresses must be static and correspond to the IPSec router behind your NBG420N. You can have more protection so it a second time here. In order for ...
User Guide
Page 175
... the Secure Gateway Address field set up a VPN connection when there are NAT routers between rules. NAT traversal allows you have the NBG420N automatically reinitiate the SA after the SA lifetime times out, even if there is generally recommended. Two active SAs can configure multiple SAs... check box to protect against replay attacks. IPSec Keying Mode Protocol Number Enable Replay Detection DNS Server (for troubleshooting if you to work. Manual is a private DNS server that have more protection so it . If there is a useful option for IPSec VPN) Local Policy Local ...
... the Secure Gateway Address field set up a VPN connection when there are NAT routers between rules. NAT traversal allows you have the NBG420N automatically reinitiate the SA after the SA lifetime times out, even if there is generally recommended. Two active SAs can configure multiple SAs... check box to protect against replay attacks. IPSec Keying Mode Protocol Number Enable Replay Detection DNS Server (for troubleshooting if you to work. Manual is a private DNS server that have more protection so it . If there is a useful option for IPSec VPN) Local Policy Local ...