Home » ZyXEL Manuals » Bridges & Routers » ZyXEL NBG4604 » Manual Viewer

ZyXEL NBG4604 User Guide - Page 74

Encryption

Add to My Manuals
Save this manual to your list of manuals

Page 74 highlights

Chapter 6 Wireless LAN Unauthorized devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network. Furthermore, there are ways for unauthorized wireless users to get a valid user name and password. Then, they can use that user name and password to use the wireless network. Local user databases also have an additional limitation that is explained in the next section. 6.3.1.4 Encryption Wireless networks can use encryption to protect the information that is sent in the wireless network. Encryption is like a secret code. If you do not know the secret code, you cannot understand the message. The types of encryption you can choose depend on the type of user authentication. (See Section 6.3.1.3 on page 73 for information about this.) Table 24 Types of Encryption for Each Type of Authentication NO AUTHENTICATION RADIUS SERVER Weakest No Security WPA Static WEP WPA-PSK Strongest WPA2-PSK WPA2 For example if the wireless network has a RADIUS server, you can choose WPA or WPA2. If users do not log in to the wireless network, you can choose no encryption, Static WEP, WPA-PSK, or WPA2-PSK. Usually, you should set up the strongest encryption that every wireless client in the wireless network supports. For example, suppose the AP does not have a local user database, and you do not have a RADIUS server. Therefore, there is no user authentication. Suppose the wireless network has two wireless clients. Device A only supports WEP, and device B supports WEP and WPA. Therefore, you should set up Static WEP in the wireless network. Note: It is recommended that wireless networks use WPA-PSK, WPA, or stronger encryption. IEEE 802.1x and WEP encryption are better than none at all, but it is still possible for unauthorized devices to figure out the original information pretty quickly. Note: It is not possible to use WPA-PSK, WPA or stronger encryption with a local user database. In this case, it is better to set up stronger encryption with no authentication than to set up weaker encryption with the local user database. When you select WPA2 or WPA2-PSK in your NBG4604, you can also select an option (WPA Compatible) to support WPA as well. In this case, if some wireless clients support WPA and some support WPA2, you should set up WPA2-PSK or 74 NBG4604 User's Guide

Section	Page
NBG4604	1
Contents Overview	3
Table of Contents	5
User’s Guide	13
Introduction	15
1.1 Overview	15
1.2 Applications	15
1.3 Ways to Manage the NBG4604	16
1.4 Good Habits for Managing the NBG4604	16
1.5 LEDs	17
1.6 The WPS Button	18
1.7 Wall Mounting	18
Connection Wizard	21
2.1 Wizard Setup	21
2.2 Connection Wizard: STEP 1: System Information	22
2.2.1 System Name	22
2.2.2 Domain Name	23
2.3 Connection Wizard: STEP 2: Wireless LAN	24
2.3.1 Extend (WPA-PSK or WPA2-PSK) Security	26
2.4 Connection Wizard: STEP 3: Internet Configuration	26
2.4.1 Ethernet Connection	27
2.4.2 PPPoE Connection	28
2.4.3 PPTP Connection	29
2.4.4 Your IP Address	30
2.4.5 WAN IP Address Assignment	31
2.4.6 IP Address and Subnet Mask	31
2.4.7 DNS Server Address Assignment	32
2.4.8 WAN IP and DNS Server Address Assignment	33
2.4.9 WAN MAC Address	34
2.5 Connection Wizard Complete	35
The Web Configurator	37
3.1 Overview	37
3.2 Login Accounts	37
3.3 Accessing the Web Configurator	38
3.4 Resetting the NBG4604	40
3.4.1 Procedure to Use the Reset Button	40
3.5 Navigating the Web Configurator	40
3.6 Status Screen (Router Mode)	40
3.6.1 Navigation Panel	43
3.6.2 Summary: DHCP Table	45
3.6.3 Summary: Packet Statistics	46
3.6.4 Summary: WLAN Station Status	47
AP Mode	49
4.1 Overview	49
4.2 Setting your NBG4604 to AP Mode	49
4.3 Status Screen (AP Mode)	50
4.3.1 Navigation Panel	52
4.4 Configuring Your Settings	54
4.4.1 LAN Settings	54
4.4.2 WLAN and Maintenance Settings	54
4.5 Logging in to the Web Configurator in AP Mode	55
Tutorials	57
5.1 Overview	57
5.2 How to Connect to the Internet from an AP	57
5.2.1 Configure Wireless Security Using WPS on both your NBG4604 and Wireless Client	57
5.2.2 Enable and Configure Wireless Security without WPS on your NBG4604	61
5.3 Bandwidth Management for your Network	64
5.3.1 Configuring Bandwidth Management by Application	64
5.3.2 Configuring Bandwidth Management by Custom Application	65
5.3.3 Configuring Bandwidth Allocation by IP or IP Range	66
Technical Reference	69
Wireless LAN	71
6.1 Overview	71
6.2 What You Can Do	72
6.3 What You Should Know	72
6.3.1 Wireless Security Overview	72
6.4 General Wireless LAN Screen	75
6.4.1 No Security	77
6.4.2 WEP Encryption	78
6.4.3 WPA-PSK/WPA2-PSK	80
6.5 MAC Filter	81
6.6 Wireless LAN Advanced Screen	83
6.7 Quality of Service (QoS) Screen	84
6.7.1 Application Priority Configuration	86
6.8 WPS Screen	87
6.9 WPS Station Screen	88
6.10 Scheduling Screen	89
6.11 WDS Screen	90
6.11.1 Security Mode: Static WEP	92
6.11.2 Security Mode: WPA-PSK/WPA2-PSK	93
WAN	95
7.1 Overview	95
7.2 What You Can Do	95
7.3 What You Need To Know	96
7.3.1 Configuring Your Internet Connection	96
7.3.2 Multicast	97
7.3.3 NetBIOS over TCP/IP	98
7.3.4 Auto-Bridge	98
7.4 Internet Connection	99
7.4.1 Ethernet Encapsulation	99
7.4.2 PPPoE Encapsulation	100
7.4.3 PPTP Encapsulation	102
7.5 Advanced WAN Screen	105
LAN	107
8.1 Overview	107
8.2 What You Can Do	107
8.3 What You Need To Know	108
8.3.1 IP Pool Setup	108
8.3.2 LAN TCP/IP	108
8.4 LAN IP Screen	109
DHCP Server	111
9.1 Overview	111
9.2 What You Can Do	111
9.3 What You Need To Know	111
9.4 General Screen	112
9.5 Advanced Screen	112
9.6 Client List Screen	114
Network Address Translation (NAT)	117
10.1 Overview	117
10.2 What You Can Do	118
10.3 General NAT Screen	118
10.4 NAT Application Screen	119
10.5 NAT Advanced Screen	122
10.5.1 Trigger Port Forwarding Example	123
10.5.2 Two Points To Remember About Trigger Ports	124
Dynamic DNS	125
11.1 Overview	125
11.2 Dynamic DNS Screen	126
Firewall	129
12.1 Overview	129
12.2 What You Can Do	130
12.3 What You Need To Know	130
12.3.1 About the NBG4604 Firewall	130
12.4 General Firewall Screen	131
12.5 The Access Control Rule Screen	131
12.5.1 Add/Edit an ACL Rule	133
12.6 Services Screen	134
Content Filtering	137
13.1 Overview	137
13.2 What You Can Do	137
13.3 What You Need To Know	137
13.3.1 Content Filtering Profiles	137
13.4 Filter Screen	138
13.5 Technical Reference	139
13.5.1 Customizing Keyword Blocking URL Checking	139
Static Route	141
14.1 Overview	141
14.2 What You Can Do	141
14.3 IP Static Route Screen	142
14.3.1 Static Route Setup Screen	143
Bandwidth Management	145
15.1 Overview	145
15.2 What You Can Do	145
15.3 What You Need To Know	146
15.4 General Configuration	146
15.5 Advanced Configuration	147
15.5.1 Priority Levels	150
15.5.2 User Defined Service Rule Configuration	150
15.5.3 Predefined Bandwidth Management Services	151
15.5.4 Services and Port Numbers	152
Remote Management	153
16.1 Overview	153
16.2 What You Can Do	153
16.3 What You Need To Know	154
16.3.1 Remote Management Limitations	154
16.3.2 Remote Management and NAT	154
16.3.3 System Timeout	154
16.4 WWW Screen	155
16.5 The Telnet Screen	156
16.6 The FTP Screen	156
16.7 The SNMP Screen	157
16.7.1 Configuring SNMP	159
16.8 The ACS Screen	160
16.9 ACS Screen	161
16.9.1 STUN	161
16.10 Technical Reference	164
Universal Plug-and-Play (UPnP)	165
17.1 Overview	165
17.2 What You Can Do	165
17.3 What You Need to Know	165
17.4 UPnP Screen	166
17.5 Technical Reference	167
17.5.1 Using UPnP in Windows XP Example	167
17.5.2 Web Configurator Easy Access	170
System	173
18.1 Overview	173
18.2 What You Can Do	173
18.3 System General Screen	173
18.4 Time Setting Screen	175
Logs	179
19.1 Overview	179
19.2 What You Can Do	179
19.3 What You Need to Know	179
19.4 View Log Screen	180
19.5 Log Settings Screen	181
Tools	183
20.1 Overview	183
20.2 What You Can Do	183
20.3 Firmware Upload Screen	183
20.4 Configuration Screen	186
20.4.1 Backup Configuration	186
20.4.2 Restore Configuration	187
20.4.3 Back to Factory Defaults	188
20.5 Restart Screen	188
Sys OP Mode	189
21.1 Overview	189
21.2 What You Can Do	189
21.3 What You Need to Know	190
21.4 General Screen	191
Language	193
22.1 Language Screen	193
Troubleshooting	195
23.1 Power, Hardware Connections, and LEDs	195
23.2 NBG4604 Access and Login	196
23.3 Internet Access	198
23.4 Resetting the NBG4604 to Its Factory Defaults	199
23.5 Wireless Router/AP Troubleshooting	200
IP Addresses and Subnetting	203
Pop-up Windows, JavaScript and Java Permissions	213
Setting up Your Computer’s IP Address	221
23.5.1 Verifying Settings	238
Wireless LANs	239
23.5.2 WPA(2)-PSK Application Example	249
23.5.3 WPA(2) with RADIUS Application Example	249
Services	251
Legal Information	255

Match case Limit results 1 per page

Chapter 6 Wireless LAN

NBG4604 User’s Guide

Unauthorized devices can still see the information that is sent in the wireless

network, even if they cannot use the wireless network. Furthermore, there are

ways for unauthorized wireless users to get a valid user name and password.

Then, they can use that user name and password to use the wireless network.

Local user databases also have an additional limitation that is explained in the

next section.

6.3.1.4

Encryption

Wireless networks can use encryption to protect the information that is sent in the

wireless network. Encryption is like a secret code. If you do not know the secret

code, you cannot understand the message.

The types of encryption you can choose depend on the type of user

authentication. (See

Section 6.3.1.3 on page 73

for information about this.)

For example if the wireless network has a RADIUS server, you can choose

WPA

WPA2

. If users do not log in to the wireless network, you can choose no

encryption,

Static WEP

WPA-PSK

, or

WPA2-PSK

Usually, you should set up the strongest encryption that every wireless client in

the wireless network supports. For example, suppose the AP does not have a local

user database, and you do not have a RADIUS server. Therefore, there is no user

authentication. Suppose the wireless network has two wireless clients. Device A

only supports WEP, and device B supports WEP and WPA. Therefore, you should

set up

Static WEP

in the wireless network.

Note: It is recommended that wireless networks use WPA-PSK, WPA, or stronger

encryption. IEEE 802.1x and WEP encryption are better than none at all, but it

is still possible for unauthorized devices to figure out the original information

pretty quickly.

Note: It is not possible to use WPA-PSK, WPA or stronger encryption with a local user

database. In this case, it is better to set up stronger encryption with no

authentication than to set up weaker encryption with the local user database.

When you select

WPA2

WPA2-PSK

in your NBG4604, you can also select an

option (

WPA Compatible

) to support WPA as well. In this case, if some wireless

clients support WPA and some support WPA2, you should set up

WPA2-PSK

Table 24

Types of Encryption for Each Type of Authentication

NO AUTHENTICATION

RADIUS SERVER

Weakest

No Security

WPA

Static WEP

WPA-PSK

Strongest

WPA2-PSK

WPA2