Home » ZyXEL Manuals » Networking » ZyXEL VMG4927-B50A » Manual Viewer

ZyXEL VMG4927-B50A User Guide - Page 105

MAC Address Filter, 8.3.3, User Authentication, 8.3.4, Encryption

Add to My Manuals
Save this manual to your list of manuals

Page 105 highlights

Chapter 7 Wireless The following sections introduce different types of wireless security you can set up in the wireless network. 7.8.3.1 SSID Normally, the VMG acts like a beacon and regularly broadcasts the SSID in the area. You can hide the SSID instead, in which case the VMG does not broadcast the SSID. In addition, you should change the default SSID to something that is difficult to guess. This type of security is fairly weak, however, because there are ways for unauthorized wireless devices to get the SSID. In addition, unauthorized wireless devices can still see the information that is sent in the wireless network. 7.8.3.2 MAC Address Filter Every device that can use a wireless network has a unique identification number, called a MAC address.1 A MAC address is usually written using twelve hexadecimal characters2; for example, 00A0C5000002 or 00:A0:C5:00:00:02. To get the MAC address for each device in the wireless network, see the device's User's Guide or other documentation. You can use the MAC address filter to tell the VMG which devices are allowed or not allowed to use the wireless network. If a device is allowed to use the wireless network, it still has to have the correct information (SSID, channel, and security). If a device is not allowed to use the wireless network, it does not matter if it has the correct information. This type of security does not protect the information that is sent in the wireless network. Furthermore, there are ways for unauthorized wireless devices to get the MAC address of an authorized device. Then, they can use that MAC address to use the wireless network. 7.8.3.3 User Authentication Authentication is the process of verifying whether a wireless device is allowed to use the wireless network. You can make every user log in to the wireless network before using it. For wireless networks, you can store the user names and passwords for each user in a RADIUS server. This is a server used in businesses more than in homes. If you do not have a RADIUS server, you cannot set up user names and passwords for your users. Unauthorized wireless devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network. Furthermore, there are ways for unauthorized wireless users to get a valid user name and password. Then, they can use that user name and password to use the wireless network. 7.8.3.4 Encryption Wireless networks can use encryption to protect the information that is sent in the wireless network. Encryption is like a secret code. If you do not know the secret code, you cannot understand the message. Note: It is recommended that wireless networks use WPA2-PSK encryption. 1. Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks. These kinds of wireless devices might not have MAC addresses. 2. Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F. VMG4927-B50A / VMG9827-B50A User's Guide 105

Section	Page
VMG4927-B50A / VMG9827-B50A	1
Document Conventions	3
Contents Overview	4
Table of Contents	6
User’s Guide	15
VMG Introduction	16
1.1 Overview	16
1.1.1 Internet Access	16
1.1.2 Wireless Access	20
1.1.3 VoIP Features	20
1.2 Ways to Manage the VMG	21
1.3 Good Habits for Managing the VMG	21
1.4 Hardware	21
1.4.1 Front Panels	21
1.4.2 WPS Button	23
1.4.3 LEDs (Lights)	24
1.4.4 Rear Panel	26
1.4.5 RESET Button	27
1.4.6 Wall Mounting	27
The Web Configurator	29
2.1 Overview	29
2.1.1 Access the Web Configurator	29
2.2 Web Configurator Layout	31
2.2.1 Title Bar	31
2.2.2 Navigation Panel	32
Quick Start	36
3.1 Overview	36
3.2 Quick Start Setup	36
Tutorials	39
4.1 Overview	39
4.2 Set Up an ADSL PPPoE Connection	39
4.3 Set Up a Secure WiFi Network	42
4.3.1 Configure the WiFi Network Settings	42
4.3.2 Use WPS	44
4.3.3 Connect to the VMG’s WiFi Network Manually (No WPS)	46
4.3.4 Configure Wireless Security on the VMG	46
4.3.5 Configure Your Laptop	48
4.4 Set Up Multiple Wireless Groups	50
4.5 Configure Static Route for Routing to Another Network	53
4.6 Configure QoS Queue and Class Setup	55
4.7 Access the VMG Using DDNS	59
4.7.1 Register a DDNS Account on www.dyndns.org	59
4.7.2 Configure DDNS on Your VMG	60
4.7.3 Test the DDNS Setting	60
4.8 Configure the MAC Address Filter	60
Technical Reference	62
Network Map and Status Screens	63
5.1 Overview	63
5.2 Network Map	63
5.3 Status	65
Broadband	68
6.1 Overview	68
6.1.1 What You Can Do in this Chapter	68
6.1.2 What You Need to Know	69
6.1.3 Before You Begin	71
6.2 Broadband	72
6.2.1 Add/Edit Internet Connection	73
6.3 Advanced Settings	81
6.4 Ethernet WAN	84
6.5 Technical Reference	84
Wireless	90
7.1 Overview	90
7.1.1 What You Can Do in this Chapter	90
7.1.2 What You Need to Know	90
7.2 WiFi	91
7.2.1 WiFi Edit	91
7.3 Guest WiFi	93
7.3.1 Edit Guest WiFi	93
7.4 WPS	94
7.5 Advanced Settings	95
7.6 Channel Status	98
7.7 MESH	100
7.8 Technical Reference	102
7.8.1 Wireless Network Overview	102
7.8.2 Additional Wireless Terms	104
7.8.3 Wireless Security Overview	104
7.8.4 Signal Problems	106
7.8.5 BSS	106
7.8.6 MBSSID	107
7.8.7 Preamble Type	107
7.8.8 WiFi Protected Setup (WPS)	107
Home Networking	113
8.1 Overview	113
8.1.1 What You Can Do in this Chapter	113
8.1.2 What You Need To Know	114
8.1.3 Before You Begin	115
8.2 LAN Setup	115
8.3 Static DHCP	119
8.4 UPnP	120
8.4.1 Turn On UPnP in Windows 7 Example	121
8.5 Additional Subnet	123
8.6 STB Vendor ID	124
8.7 Wake on LAN	125
8.8 TFTP Server Name	125
8.9 Technical Reference	126
8.9.1 LANs, WANs and the VMG	126
8.9.2 DHCP Setup	127
8.9.3 DNS Server Addresses	127
8.9.4 LAN TCP/IP	127
Routing	129
9.1 Overview	129
9.2 Routing	129
9.2.1 Add/Edit Static Route	130
9.3 DNS Route	131
9.3.1 DNS Route Add	132
9.4 Policy Route	133
9.4.1 Add/Edit Policy Route	134
9.5 RIP Overview	135
9.5.1 RIP	135
Quality of Service (QoS)	137
10.1 Overview	137
10.1.1 What You Can Do in this Chapter	137
10.2 What You Need to Know	138
10.3 Quality of Service General Settings	139
10.4 Queue Setup	140
10.4.1 Adding a QoS Queue	142
10.5 Classification Setup	143
10.5.1 Add/Edit QoS Class	143
10.6 QoS Shaper Setup	147
10.6.1 Add/Edit a QoS Shaper	148
10.7 QoS Policer Setup	148
10.7.1 Add/Edit a QoS Policer	149
10.8 QoS Monitor	150
10.9 Technical Reference	151
Network Address Translation (NAT)	156
11.1 Overview	156
11.1.1 What You Can Do in this Chapter	156
11.1.2 What You Need To Know	156
11.2 Port Forwarding	157
11.2.1 Add/Edit Port Forwarding	159
11.3 Applications Settings	160
11.3.1 Add New Application	161
11.4 Port Triggering	162
11.4.1 Add/Edit Port Triggering Rule	163
11.5 DMZ	164
11.6 ALG	165
11.7 Address Mapping	166
11.7.1 Add/Edit Address Mapping Rule	167
11.8 Sessions	168
11.9 Technical Reference	169
11.9.1 NAT Definitions	169
11.9.2 What NAT Does	169
11.9.3 How NAT Works	170
11.9.4 NAT Application	170
Dynamic DNS Setup	173
12.1 Overview	173
12.1.1 What You Can Do in this Chapter	173
12.1.2 What You Need To Know	173
12.2 DNS Entry	174
12.2.1 Add/Edit DNS Entry	174
12.3 Dynamic DNS	175
IGMP/MLD	177
13.1 Overview	177
13.1.1 What You Need To Know	177
13.2 IGMP/MLD	177
VLAN Group	180
14.1 Overview	180
14.1.1 What You Can Do in this Chapter	180
14.2 VLAN Group	180
14.2.1 Add/Edit a VLAN Group	181
Interface Grouping	182
15.1 Overview	182
15.1.1 What You Can Do in this Chapter	182
15.2 Interface Grouping Overview	182
15.2.1 Interface Grouping Configuration	183
15.2.2 Interface Grouping Criteria	185
Firewall	187
16.1 Overview	187
16.1.1 What You Can Do in this Chapter	187
16.1.2 What You Need to Know	188
16.2 Firewall	188
16.3 Protocol	189
16.3.1 Add/Edit a Service	190
16.4 Access Control	191
16.4.1 Add/Edit an ACL Rule	192
16.5 DoS	193
MAC Filter	195
17.1 Overview	195
17.2 MAC Filter	195
Parental Control	197
18.1 Overview	197
18.2 Parental Control	197
18.2.1 Add/Edit a Parental Control Profile	198
Scheduler Rule	201
19.1 Overview	201
19.2 Scheduler Rule	201
19.2.1 Add/Edit a Schedule	201
Certificates	203
20.1 Overview	203
20.1.1 What You Can Do in this Chapter	203
20.2 What You Need to Know	203
20.3 Local Certificates	203
20.3.1 Create Certificate Request	204
20.3.2 View Certificate Request	205
20.4 Trusted CA	206
20.4.1 View Trusted CA Certificate	207
20.4.2 Import Trusted CA Certificate	208
Voice	210
21.1 Overview	210
21.1.1 What You Can Do in this Chapter	210
21.1.2 What You Need to Know About VoIP	210
21.2 Before You Begin	211
21.3 SIP Account	211
21.3.1 SIP Account Add/Edit	212
21.4 SIP Service Provider	216
21.4.1 SIP Service Provider Add/Edit	217
21.5 Phone Device	221
21.5.1 Phone Device Edit	222
21.6 Region	223
21.7 Call Rule	223
21.8 Technical Reference	224
21.8.1 Quality of Service (QoS)	232
21.8.2 Phone Services Overview	232
Log	237
22.1 Overview	237
22.1.1 What You Can Do in this Chapter	237
22.1.2 What You Need To Know	237
22.2 System Log	238
22.3 Security Log	239
Traffic Status	240
23.1 Overview	240
23.1.1 What You Can Do in this Chapter	240
23.2 WAN Status	240
23.3 LAN Status	241
23.4 NAT Status	242
ARP Table	244
24.1 Overview	244
24.1.1 How ARP Works	244
24.2 ARP Table	244
Routing Table	246
25.1 Overview	246
25.2 Routing Table	246
Multicast Status	248
26.1 Overview	248
26.2 IGMP Status	248
26.3 MLD Status	248
xDSL Statistics	250
27.1 xDSL Statistics	250
System	253
28.1 Overview	253
28.2 System	253
User Account	254
29.1 Overview	254
29.2 User Account	254
29.2.1 User Account Add/Edit	255
Remote Management	256
30.1 Overview	256
30.2 MGMT Services	256
30.3 Trust Domain	257
30.3.1 Add Trust Domain	258
SNMP	259
31.1 Overview	259
31.2 SNMP	259
Time Settings	261
32.1 Overview	261
32.2 Time	261
Email Notification	263
33.1 Overview	263
33.2 Email Notification	263
33.2.1 Email Notification Edit	264
Log Setting	265
34.1 Overview	265
34.2 Log Settings	265
34.2.1 Example Email Log	266
Firmware Upgrade	268
35.1 Overview	268
35.2 Firmware	268
Backup/Restore	270
36.1 Overview	270
36.2 Backup/Restore	270
36.3 Reboot	272
Diagnostic	273
37.1 Overview	273
37.1.1 What You Can Do in this Chapter	273
37.2 What You Need to Know	273
37.3 Ping & TraceRoute & NsLookup	274
37.4 802.1ag	274
37.5 802.3ah	276
37.6 OAM Ping	277
Troubleshooting	279
38.1 Power, Hardware Connections, and LEDs	279
38.2 VMG Access and Login	280
38.3 Internet Access	281
38.4 Wireless Internet Access	283
38.5 UPnP	284
38.6 VoIP Call Quality	284
Appendices	286
Customer Support	287
Wireless LANs	293
IPv6	303
Services	311
Legal Information	315

Match case Limit results 1 per page

Chapter 7 Wireless

VMG4927-B50A / VMG9827-B50A User’s Guide

105

The following sections introduce different types of wireless security you can set up in the wireless

network.

7.8.3.1

SSID

Normally, the VMG acts like a beacon and regularly broadcasts the SSID in the area. You can hide the

SSID instead, in which case the VMG does not broadcast the SSID. In addition, you should change the

default SSID to something that is difficult to guess.

This type of security is fairly weak, however, because there are ways for unauthorized wireless devices to

get the SSID. In addition, unauthorized wireless devices can still see the information that is sent in the

wireless network.

7.8.3.2

MAC Address Filter

Every device that can use a wireless network has a unique identification number, called a MAC

address.

A MAC address is usually written using twelve hexadecimal characters

; for example,

00A0C5000002 or 00:A0:C5:00:00:02. To get the MAC address for each device in the wireless network,

see the device’s User’s Guide or other documentation.

You can use the MAC address filter to tell the VMG which devices are allowed or not allowed to use the

wireless network. If a device is allowed to use the wireless network, it still has to have the correct

information (SSID, channel, and security). If a device is not allowed to use the wireless network, it does

not matter if it has the correct information.

This type of security does not protect the information that is sent in the wireless network. Furthermore,

there are ways for unauthorized wireless devices to get the MAC address of an authorized device. Then,

they can use that MAC address to use the wireless network.

7.8.3.3

User Authentication

Authentication is the process of verifying whether a wireless device is allowed to use the wireless

network. You can make every user log in to the wireless network before using it. For wireless networks,

you can store the user names and passwords for each user in a RADIUS server. This is a server used in

businesses more than in homes. If you do not have a RADIUS server, you cannot set up user names and

passwords for your users.

Unauthorized wireless devices can still see the information that is sent in the wireless network, even if they

cannot use the wireless network. Furthermore, there are ways for unauthorized wireless users to get a

valid user name and password. Then, they can use that user name and password to use the wireless

network.

7.8.3.4

Encryption

Wireless networks can use encryption to protect the information that is sent in the wireless network.

Encryption is like a secret code. If you do not know the secret code, you cannot understand the

message.

Note: It is recommended that wireless networks use

WPA2-PSK

encryption.

Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks. These

kinds of wireless devices might not have MAC addresses.

Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F.