ZyXEL Communications SBG3300 series User Manual Download Page 31

Page: 31 / 79

Setting up the Access Point

Most access points and clients have the ability to hold up to 4 WEP keys

simultaneously. You need to specify one of the 4 keys as the default Key for data

encryption. To set up the Access Point, you will need to set one of the following
parameters:

64-bit WEP key (secret key) with 5 characters.

64-bit WEP key (secret key) with 10 hexadecimal digits.

128-bit WEP key (secret key) with 13 characters.

128-bit WEP key (secret key) with 26 hexadecimal digits.

IEEE 802.1x Introduction

The IEEE 802.1x port-based authentication is designed to prevent unauthorized

devices (clients) from gaining access to the network. As LANs extend to hotels,

airports and corporate lobbies, insecure environments could be created. The 802.1x

port-based network access control makes use of the physical access characteristics

IEEE 802 LAN infrastructures

, such as the 802.3 Ethernet, 802.11 Wireless LAN

and ADSL LRE (Long Reach Ethernet), in order to provide a means of authenticating
and authorizing devices attached to a LAN port that has point-to-point connection

Summary of Contents for SBG3300 series

Page 1: ...SBG3300 Series IPSec VPN and Multiple WAN Small Business Gateway Green Product Support Notes January 2013 Edition 1 0...

Page 2: ...less Configuration 39 Virtual Private Network Application Notes 44 What is a Virtual Private Network 44 IPSec VPN configuration 45 L2TP VPN configuration 48 PPTP VPN Overview 49 PPTP VPN Settings Conf...

Page 3: ...d NAT 64 What is BOOTP DHCP 65 What is DDNS 65 When do I need DDNS service 66 Wireless FAQ 67 What is a Wireless LAN 67 What are the advantages of Wireless LANs 67 What are the disadvantages of Wirele...

Page 4: ...cross an Access Point s radio link 75 What is WEP 75 What is the difference between 40 bit and 64 bit WEP 75 What is a WEP key 76 Can the SSID be encrypted 76 By turning off the broadcast of SSID can...

Page 5: ...flexibly and cost efficiently upgrade existing xDSL infrastructure Dual mode VDSL2 ADSL2 functionality SBG3300 series supports dual mode functionality that enables service providers to support ATM or...

Page 6: ...cy and productivity to enable the service provider to bring real multi play into residential user s life TR 069 Remote Management With TR 069 standard management specifications the service provider is...

Page 7: ......

Page 8: ...Scenario The ZyXEL device provides shared Internet Access by connecting the DSL port to the DSL or Modem jack on a splitter or your telephone jack The SBG3300 serves as a home gateway providing high s...

Page 9: ...g from 192 168 1 33 3 Default user s username password user 1234 Setting up the PC Windows OS 1 Ethernet Connection All PCs must have an Ethernet adapter card installed 2 TCP IP Installation You must...

Page 10: ...Cs otherwise you will not be able to access the Internet Click the WINS configuration tab and select Disable WINS Resolution Click the Gateway tab Highlight any installed gateways and click the Remove...

Page 11: ...iguring the router using a browser Accessing the Prestige Web Please enter the LAN IP address of the Prestige router in the URL location to retrieve the web screen from the device The default LAN IP o...

Page 12: ...ork Setting Broadband 3G WAN 2 Card Description will show what dongle model is plugged into SBG3300 Series 3 If SBG3300 Series supports that dongle 3G status will read Enable 4 Fill in the PIN number...

Page 13: ...ace NAT Port forwarding using FTP service to demonstrate Data service Quality of Service and WLAN setting to demonstrate WPS setup The following figure is a simplified overall scenario diagram of WAN...

Page 14: ...e Mode to Routing 5 Choose IPoE IP over Ethernet WAN service Type 6 Configure the PVC parameters VPI VCI In this example set 0 33 7 Please set Service Category to UBR without PCR for Data and IPTV ser...

Page 15: ...After completion you will see two new WAN interfaces as shown in the following screenshot...

Page 16: ...onnected networks to gather group membership After that the CPE updates the information by periodic queries The device implementation of IGMP is also compatible with version 1 The multicast setting ca...

Page 17: ...IGA The term inside refers to the set of networks that are subject to translation The NAT operates by mapping the ILA to the IGA required for communication with hosts on other networks It replaces th...

Page 18: ...ality is best demonstrated with the NAT port forwarding feature implemented in the CPE In a scenario shown in the above diagram we have an FTP server installed behind the CPE with an IP assigned by th...

Page 19: ...port forwarding rule for the FTP server 1 Go to Network Setting NAT Port Forwarding and click add new rule 2 Write the Service Name e g FTP 3 Select the WAN Interface e g ETHWAN 4 Enter the Server IP...

Page 20: ...mation we need to plug the 3G usb dongle into the USB port of SBG 3300 and then connect the console cable to SBG3300 After login the command line first thing is we need to enable the 3GWWAN debug mode...

Page 21: ...ut For example the 3G USB dongle I used in this example is Huawei The DefaultVID is the value for Vendor and DefaultPID is the value for ProdID Based on above picture we can know the DefaultVID is 12d...

Page 22: ...is 55534243123456780000000000000011060000000000000000000000000000 After got all information we can open the web browser again and go to Broadband Add New 3G Dongle page Click Add New Entry button and...

Page 23: ...USB hard drive 1 Plug a flash disk into the USB port 2 Go to Network Setting USB Service 3 Select Enable of File Sharing Services function 4 Set the Workgroup name e g Workgroup 5 Select the Folder f...

Page 24: ...be more than 2 characters Lock Period field can t be more than 2 characters Enable Disable file sharing service SAMBA File Share Name can t be empty when file sharing service SAMBA is enabled Used fo...

Page 25: ...than 1 character Idle Timeout field can t be more than 2 characters Lock Period field can t be more than 2 characters Enable Disable file sharing service SAMBA File Share Name can t be empty when file...

Page 26: ...erformance Without QoS all traffic data is equally likely to be dropped when the network is congested This can cause a reduction in network performance and make the network unfit for time critical app...

Page 27: ...Class Setup tab to set up QoS Classifiers 6 Configure the first Class rule for IPTV Select Data_IPTV in To Queue and input a name for it E g IPTV as follows 7 Enable the From Interface and set it to...

Page 28: ...V service 10 Click Add new Classifier to add the second class rule 11 To make sure the Class rules are correctly configured you can go to Network Setting QoS Monitor 5 Select 5 sec as the refresh inte...

Page 29: ...network can be intercepted The WEP relies on a secret key that is shared between a mobile station e g a laptop with a wireless Ethernet card and an access point i e a base station The secret key is u...

Page 30: ...key and produce a different RC4 key for each packet The IV is also included in the package The WEP keys secret key are available in two types 64 bit and 128 bit Often you will see them referenced as...

Page 31: ...t WEP key secret key with 26 hexadecimal digits IEEE 802 1x Introduction The IEEE 802 1x port based authentication is designed to prevent unauthorized devices clients from gaining access to the networ...

Page 32: ...ces offered by the Wireless AP The 802 1x contains three major components 1 Authenticator The device i e Wireless AP that facilitates the authentication for supplicant Wireless client attached to the...

Page 33: ...licant Some Wireless APs i e ZyXEL Wireless AP have a built in authentication server therefore an external RADIUS authentication server is not needed In this case the Wireless AP acts as both authenti...

Page 34: ...e unauthorized state ignoring all attempts by the client to authenticate The authenticator cannot provide authentication services to the supplicants through the port While the AP is setup as Force Una...

Page 35: ...the Extensible Authentication Protocol EAP and RFC 2284 The EAP was originally designed to run over PPP and to authenticate the dial in users but the 802 1x defines an encapsulation method for passing...

Page 36: ...t responds with an EAP response identity frame However if during boot up the supplicant does not receive an EAP request identity frame from the Wireless AP the client can initiate the authentication b...

Page 37: ...t contains the following fields protocol version packet type packet body length and packet body Most of the fields are obvious The packet type can have four different values and these values are descr...

Page 38: ...the IEEE 802 1x Extensible Authentication Protocol EAP to authenticate wireless clients using an external RADIUS database You cannot use the P 660HW Tx v2 s local user database for WPA authentication...

Page 39: ...unique encryption key because there is no key reuse WPA WPA2 Both WPA WPA2 offer a high level security for end users and administrators by utilizing EAP Extensible authentication Protocol for authent...

Page 40: ...5 You can choose to Generate password automatically 6 Click Apply View all the available wireless networks on your notebook 802 11bg wireless NIC required...

Page 41: ...notebook is now connected to the WLAN interface of the SBG3300 b Wireless Setup Hiding the SSID 1 Go to Network Setting Wireless LAN General 2 Check the Enable Wireless LAN box 3 Enter the Wireless Ne...

Page 42: ...ared Key e g E3617BF1AC 7 Click Apply View all the available wireless networks on your notebook As we can see we cannot find the SSID TEST_01 To connect to TEST_01 we need to configure the Wireless Ne...

Page 43: ...o to the Connection tab and check Connect when this network is in range checkbox We can then see the notebook connects to the TEST_01 even though the SSID is not displayed in the broadcast network lis...

Page 44: ...very high costs for installing the lines A VPN gives users a secure way to access corporate network resources over the Internet or other public or private networks without the expense of leasing site...

Page 45: ...2TP packets themselves are wrapped and hidden within the IPSec packets no information about the internal private network can be garnered from the encrypted packets Also it is not necessary to open UDP...

Page 46: ...eer Choose this if the remote IPSec router has a dynamic IP address Only the remote IPSec router can initiate the VPN tunnel Remote Access Server Role Choose this to allow incoming connections from IP...

Page 47: ...Create a new Phase 1 c Set the Interface to Any Remote Gateway to the WAN IP address of SBG3300 d Pre shared key encryption authentication and key group must be the same for both VPN server and clien...

Page 48: ...9 Click Monitor to check the VPN status L2TP VPN configuration 1 Go to VPN L2TP VPN 2 Check the Enable box for L2TP...

Page 49: ...s a method for implementing VPN It allows a user to create a secure VPN connection remotely to the local networks The intended use of this protocol is to provide similar levels of security and remote...

Page 50: ...x for PPTP VPN 3 Use the Windows 7 built in PPTP VPN client a Go to Start and click on Control Panel b Proceed to click View network status c Network and Sharing Center window will appear proceed to c...

Page 51: ...Set up a Connection or Network window appears Choose Connect to a workplace option and click Next e Proceed to click on Use my Internet connection VPN your computer should be connected to the network...

Page 52: ...f Fill in the IP address or host name of the VPN server computer that you plan to connect to and also name the connection Click Next...

Page 53: ...onnect now to establish the VPN connection if you are ready If not click Close and connect it later i If you click on network icon right hand corner of taskbar area you will notice that new VPN connec...

Page 54: ...y of the wireless network and thus is called Wi Fi Protected Setup There are several different methods defined in WPS to simplify the process of configuration SBG3300 supports two of those methods whi...

Page 55: ...rity of the wireless network and at the same time subscribe the device to it WPS configuration a WPS Setup 1 Go to Network Setting Wireless WPS 2 Check the Enable box for WPS 3 Click Apply Note You mu...

Page 56: ...in a system log according to the severity and maintain this log in itself a Activate the Maintenance Log 1 Go to Maintenance Log setting 2 Select Enable for Syslog Logging 3 Insert the parameters for...

Page 57: ...b View the log in the Web GUI 1 Go to System Monitor Log...

Page 58: ...Maintenance Tools Maintenance Procedure a Upgrading Firmware 1 Go to Maintenance Firmware Upgrade 2 Click Browse 3 Select the Firmware to upload and click Open 4 Click Upload...

Page 59: ...b Backing up the Configuration 1 Go to Maintenance Backup Restore 2 Click Backup 3 Click Save 4 Select the directory to save the configuration file and click Save...

Page 60: ...c Upload Configuration 1 Go to Maintenance Tools Configuration 2 Click Browse 3 Select the configuration file to upload and click Open...

Page 61: ...N port You should connect your computer to the LAN port and connect the ADSL line to the WAN port If the ISP uses PPPoE you need a user account and password to access the Internet What is PPPoE PPPoE...

Page 62: ...e ISP uses PPPoE Why does my provider use PPPoE PPPoE emulates a familiar Dial Up connection It allows your ISP to provide services using their existing network configuration over the broadband connec...

Page 63: ...hat are used and recognized internally on the local area network They are not intended to be recognized on the Internet The real IP from ISP instead can be recognized or pinged by another real IP The...

Page 64: ...192 168 1 1 default password is 1234 What network interfaces does the new device series support The new device series supports auto MDI MDIX 10 100M Ethernet LAN port to connect to the computer or Sw...

Page 65: ...request an IP address What is DDNS The Dynamic DNS service allows you to alias a dynamic IP address to a static hostname allowing your computer to be more easily accessed from various locations on the...

Page 66: ...cessed by using DNS name rather than using the dynamic IP address we can use the DDNS service The DDNS server allows to alias a dynamic IP address to a static hostname Whenever the ISP assigns you a n...

Page 67: ...ide LAN users with access to real time information anywhere in their organization This mobility supports productivity and service opportunities not possible with wired networks b Installation Speed an...

Page 68: ...ent costs which includes access points and Wireless LAN cards is higher than hubs and CAT 5 cables Where can you find wireless 802 11 networks Airports hotels and even coffee shops like Starbucks are...

Page 69: ...g the wireless Ethernet through a particular Access Point usable speed will be much lower on the order of 4 or 5 Mbps which is still substantially faster than most dialup cable and DSL modems What is...

Page 70: ...double the channel bandwidth from 20 MHz to 40 MHz and effectively doubles data rates and throughput It adds the MIMO feature which utilizes multiple transmission and reception antennas to allow highe...

Page 71: ...censed frequency range the same band But a Bluetooth device would not interfere with other 802 11 devices much more than another 802 11 device would interfere While more collisions are possible with t...

Page 72: ...difference between a WLAN and a WWAN WLANs are generally privately owned wireless systems that are deployed in a corporation warehouse hospital or educational campus setting Data rates are high and t...

Page 73: ...Direct Sequence Spread Spectrum Technology DSSS DSSS spreads its signal continuously over a wide frequency band DSSS maps the information bearing bit pattern at the sending station into a higher data...

Page 74: ...nd several other large corporations requested that the FCC allow the development of wireless networks within this frequency range What we have today is a protocol and system that allows for unlicensed...

Page 75: ...gned to prevent access to the network by intruders and to prevent the capture of wireless LAN traffic through eavesdropping WEP allows the administrator to define a set of respective Keys for each wir...

Page 76: ...ffic By turning off the broadcast of SSID can someone still sniff the SSID Many APs by default have broadcasting the SSID turned on Sniffers typically will find the SSID in the broadcast beacon packet...

Page 77: ...int A station can authenticate with any other station or access point using open system authentication if the receiving station designates open system authentication Share Key The optional authenticat...

Page 78: ...s from down to up or when an EAPOL start frame is received The switch requests the identity of the client and begins relaying authentication messages between the client and the authentication server E...

Page 79: ...n wireless AP gateway and wireless client As long as the passwords match a client will be granted access to the WLAN What is WPA2 WPA2 Wi Fi Protected Access 2 offers a higher security level than WPA...

Search results

Summary of Contents for SBG3300 series

Reviews:

Related manuals for SBG3300 series

Brands by name

Popular brands

ZyXEL Communications SBG3300 series, User Manual

Search results

Summary of Contents for SBG3300 series

Reviews:

Related manuals for SBG3300 series

Brands by name

Popular brands