Home » ZyXEL Manuals » Bridges & Routers » ZyXEL NBG4604 » Manual Viewer

ZyXEL NBG4604 User Guide - Page 73

MAC Address Filter, 3.1.3, User Authentication

Add to My Manuals
Save this manual to your list of manuals

Page 73 highlights

Chapter 6 Wireless LAN 6.3.1.1 SSID Normally, the AP acts like a beacon and regularly broadcasts the SSID in the area. You can hide the SSID instead, in which case the AP does not broadcast the SSID. In addition, you should change the default SSID to something that is difficult to guess. This type of security is fairly weak, however, because there are ways for unauthorized devices to get the SSID. In addition, unauthorized devices can still see the information that is sent in the wireless network. 6.3.1.2 MAC Address Filter Every wireless client has a unique identification number, called a MAC address.1 A MAC address is usually written using twelve hexadecimal characters2; for example, 00A0C5000002 or 00:A0:C5:00:00:02. To get the MAC address for each wireless client, see the appropriate User's Guide or other documentation. You can use the MAC address filter to tell the AP which wireless clients are allowed or not allowed to use the wireless network. If a wireless client is allowed to use the wireless network, it still has to have the correct settings (SSID, channel, and security). If a wireless client is not allowed to use the wireless network, it does not matter if it has the correct settings. This type of security does not protect the information that is sent in the wireless network. Furthermore, there are ways for unauthorized devices to get the MAC address of an authorized wireless client. Then, they can use that MAC address to use the wireless network. 6.3.1.3 User Authentication You can make every user log in to the wireless network before they can use it. This is called user authentication. However, every wireless client in the wireless network has to support IEEE 802.1x to do this. For wireless networks, there are two typical places to store the user names and passwords for each user. • In the AP: this feature is called a local user database or a local database. • In a RADIUS server: this is a server used in businesses more than in homes. If your AP does not provide a local user database and if you do not have a RADIUS server, you cannot set up user names and passwords for your users. 1. Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks. These kinds of wireless devices might not have MAC addresses. 2. Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F. NBG4604 User's Guide 73

Section	Page
NBG4604	1
Contents Overview	3
Table of Contents	5
User’s Guide	13
Introduction	15
1.1 Overview	15
1.2 Applications	15
1.3 Ways to Manage the NBG4604	16
1.4 Good Habits for Managing the NBG4604	16
1.5 LEDs	17
1.6 The WPS Button	18
1.7 Wall Mounting	18
Connection Wizard	21
2.1 Wizard Setup	21
2.2 Connection Wizard: STEP 1: System Information	22
2.2.1 System Name	22
2.2.2 Domain Name	23
2.3 Connection Wizard: STEP 2: Wireless LAN	24
2.3.1 Extend (WPA-PSK or WPA2-PSK) Security	26
2.4 Connection Wizard: STEP 3: Internet Configuration	26
2.4.1 Ethernet Connection	27
2.4.2 PPPoE Connection	28
2.4.3 PPTP Connection	29
2.4.4 Your IP Address	30
2.4.5 WAN IP Address Assignment	31
2.4.6 IP Address and Subnet Mask	31
2.4.7 DNS Server Address Assignment	32
2.4.8 WAN IP and DNS Server Address Assignment	33
2.4.9 WAN MAC Address	34
2.5 Connection Wizard Complete	35
The Web Configurator	37
3.1 Overview	37
3.2 Login Accounts	37
3.3 Accessing the Web Configurator	38
3.4 Resetting the NBG4604	40
3.4.1 Procedure to Use the Reset Button	40
3.5 Navigating the Web Configurator	40
3.6 Status Screen (Router Mode)	40
3.6.1 Navigation Panel	43
3.6.2 Summary: DHCP Table	45
3.6.3 Summary: Packet Statistics	46
3.6.4 Summary: WLAN Station Status	47
AP Mode	49
4.1 Overview	49
4.2 Setting your NBG4604 to AP Mode	49
4.3 Status Screen (AP Mode)	50
4.3.1 Navigation Panel	52
4.4 Configuring Your Settings	54
4.4.1 LAN Settings	54
4.4.2 WLAN and Maintenance Settings	54
4.5 Logging in to the Web Configurator in AP Mode	55
Tutorials	57
5.1 Overview	57
5.2 How to Connect to the Internet from an AP	57
5.2.1 Configure Wireless Security Using WPS on both your NBG4604 and Wireless Client	57
5.2.2 Enable and Configure Wireless Security without WPS on your NBG4604	61
5.3 Bandwidth Management for your Network	64
5.3.1 Configuring Bandwidth Management by Application	64
5.3.2 Configuring Bandwidth Management by Custom Application	65
5.3.3 Configuring Bandwidth Allocation by IP or IP Range	66
Technical Reference	69
Wireless LAN	71
6.1 Overview	71
6.2 What You Can Do	72
6.3 What You Should Know	72
6.3.1 Wireless Security Overview	72
6.4 General Wireless LAN Screen	75
6.4.1 No Security	77
6.4.2 WEP Encryption	78
6.4.3 WPA-PSK/WPA2-PSK	80
6.5 MAC Filter	81
6.6 Wireless LAN Advanced Screen	83
6.7 Quality of Service (QoS) Screen	84
6.7.1 Application Priority Configuration	86
6.8 WPS Screen	87
6.9 WPS Station Screen	88
6.10 Scheduling Screen	89
6.11 WDS Screen	90
6.11.1 Security Mode: Static WEP	92
6.11.2 Security Mode: WPA-PSK/WPA2-PSK	93
WAN	95
7.1 Overview	95
7.2 What You Can Do	95
7.3 What You Need To Know	96
7.3.1 Configuring Your Internet Connection	96
7.3.2 Multicast	97
7.3.3 NetBIOS over TCP/IP	98
7.3.4 Auto-Bridge	98
7.4 Internet Connection	99
7.4.1 Ethernet Encapsulation	99
7.4.2 PPPoE Encapsulation	100
7.4.3 PPTP Encapsulation	102
7.5 Advanced WAN Screen	105
LAN	107
8.1 Overview	107
8.2 What You Can Do	107
8.3 What You Need To Know	108
8.3.1 IP Pool Setup	108
8.3.2 LAN TCP/IP	108
8.4 LAN IP Screen	109
DHCP Server	111
9.1 Overview	111
9.2 What You Can Do	111
9.3 What You Need To Know	111
9.4 General Screen	112
9.5 Advanced Screen	112
9.6 Client List Screen	114
Network Address Translation (NAT)	117
10.1 Overview	117
10.2 What You Can Do	118
10.3 General NAT Screen	118
10.4 NAT Application Screen	119
10.5 NAT Advanced Screen	122
10.5.1 Trigger Port Forwarding Example	123
10.5.2 Two Points To Remember About Trigger Ports	124
Dynamic DNS	125
11.1 Overview	125
11.2 Dynamic DNS Screen	126
Firewall	129
12.1 Overview	129
12.2 What You Can Do	130
12.3 What You Need To Know	130
12.3.1 About the NBG4604 Firewall	130
12.4 General Firewall Screen	131
12.5 The Access Control Rule Screen	131
12.5.1 Add/Edit an ACL Rule	133
12.6 Services Screen	134
Content Filtering	137
13.1 Overview	137
13.2 What You Can Do	137
13.3 What You Need To Know	137
13.3.1 Content Filtering Profiles	137
13.4 Filter Screen	138
13.5 Technical Reference	139
13.5.1 Customizing Keyword Blocking URL Checking	139
Static Route	141
14.1 Overview	141
14.2 What You Can Do	141
14.3 IP Static Route Screen	142
14.3.1 Static Route Setup Screen	143
Bandwidth Management	145
15.1 Overview	145
15.2 What You Can Do	145
15.3 What You Need To Know	146
15.4 General Configuration	146
15.5 Advanced Configuration	147
15.5.1 Priority Levels	150
15.5.2 User Defined Service Rule Configuration	150
15.5.3 Predefined Bandwidth Management Services	151
15.5.4 Services and Port Numbers	152
Remote Management	153
16.1 Overview	153
16.2 What You Can Do	153
16.3 What You Need To Know	154
16.3.1 Remote Management Limitations	154
16.3.2 Remote Management and NAT	154
16.3.3 System Timeout	154
16.4 WWW Screen	155
16.5 The Telnet Screen	156
16.6 The FTP Screen	156
16.7 The SNMP Screen	157
16.7.1 Configuring SNMP	159
16.8 The ACS Screen	160
16.9 ACS Screen	161
16.9.1 STUN	161
16.10 Technical Reference	164
Universal Plug-and-Play (UPnP)	165
17.1 Overview	165
17.2 What You Can Do	165
17.3 What You Need to Know	165
17.4 UPnP Screen	166
17.5 Technical Reference	167
17.5.1 Using UPnP in Windows XP Example	167
17.5.2 Web Configurator Easy Access	170
System	173
18.1 Overview	173
18.2 What You Can Do	173
18.3 System General Screen	173
18.4 Time Setting Screen	175
Logs	179
19.1 Overview	179
19.2 What You Can Do	179
19.3 What You Need to Know	179
19.4 View Log Screen	180
19.5 Log Settings Screen	181
Tools	183
20.1 Overview	183
20.2 What You Can Do	183
20.3 Firmware Upload Screen	183
20.4 Configuration Screen	186
20.4.1 Backup Configuration	186
20.4.2 Restore Configuration	187
20.4.3 Back to Factory Defaults	188
20.5 Restart Screen	188
Sys OP Mode	189
21.1 Overview	189
21.2 What You Can Do	189
21.3 What You Need to Know	190
21.4 General Screen	191
Language	193
22.1 Language Screen	193
Troubleshooting	195
23.1 Power, Hardware Connections, and LEDs	195
23.2 NBG4604 Access and Login	196
23.3 Internet Access	198
23.4 Resetting the NBG4604 to Its Factory Defaults	199
23.5 Wireless Router/AP Troubleshooting	200
IP Addresses and Subnetting	203
Pop-up Windows, JavaScript and Java Permissions	213
Setting up Your Computer’s IP Address	221
23.5.1 Verifying Settings	238
Wireless LANs	239
23.5.2 WPA(2)-PSK Application Example	249
23.5.3 WPA(2) with RADIUS Application Example	249
Services	251
Legal Information	255

Match case Limit results 1 per page

Chapter 6 Wireless LAN

NBG4604 User’s Guide

6.3.1.1

SSID

Normally, the AP acts like a beacon and regularly broadcasts the SSID in the area.

You can hide the SSID instead, in which case the AP does not broadcast the SSID.

In addition, you should change the default SSID to something that is difficult to

guess.

This type of security is fairly weak, however, because there are ways for

unauthorized devices to get the SSID. In addition, unauthorized devices can still

see the information that is sent in the wireless network.

6.3.1.2

MAC Address Filter

Every wireless client has a unique identification number, called a MAC address.

MAC address is usually written using twelve hexadecimal characters

; for

example, 00A0C5000002 or 00:A0:C5:00:00:02. To get the MAC address for each

wireless client, see the appropriate User’s Guide or other documentation.

You can use the MAC address filter to tell the AP which wireless clients are allowed

or not allowed to use the wireless network. If a wireless client is allowed to use the

wireless network, it still has to have the correct settings (SSID, channel, and

security). If a wireless client is not allowed to use the wireless network, it does not

matter if it has the correct settings.

This type of security does not protect the information that is sent in the wireless

network. Furthermore, there are ways for unauthorized devices to get the MAC

address of an authorized wireless client. Then, they can use that MAC address to

use the wireless network.

6.3.1.3

User Authentication

You can make every user log in to the wireless network before they can use it.

This is called user authentication. However, every wireless client in the wireless

network has to support IEEE 802.1x to do this.

For wireless networks, there are two typical places to store the user names and

passwords for each user.

•

In the AP: this feature is called a local user database or a local database.

•

In a RADIUS server: this is a server used in businesses more than in homes.

If your AP does not provide a local user database and if you do not have a RADIUS

server, you cannot set up user names and passwords for your users.

Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks.

These kinds of wireless devices might not have MAC addresses.

Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F.