ZyXEL SBG3300-N000 User Guide
ZyXEL SBG3300-N000 Manual
 |
View all ZyXEL SBG3300-N000 manuals
Add to My Manuals
Save this manual to your list of manuals |
ZyXEL SBG3300-N000 manual content summary:
- ZyXEL SBG3300-N000 | User Guide - Page 1
SBG3300-N Series Wireless N VDSL2 Combo WAN Small Business Security Gateway Version 1.00 Edition 1, 3/2013 Quick Start Guide User's Guide Default Login Details LAN IP Address http://192.168.1.1 User Name admin Passwordwww.zyxel.com 1234 Copyright © 2013 ZyXEL Communications Corporation - ZyXEL SBG3300-N000 | User Guide - Page 2
product due to differences in your product firmware or your computer operating system. Every effort has been made to ensure that the information in this manual is accurate. Related Documentation • Quick Start Guide The Quick Start Guide shows how to connect the SBG3300-N Series and access the Web - ZyXEL SBG3300-N000 | User Guide - Page 3
's Guide ...15 Introducing the Device ...17 The Web Configurator ...23 Quick Start ...31 Tutorials ...35 Technical Reference ...113 Status Screens ...115 Broadband ...119 Wireless ...147 LAN ...177 Routing ...199 Quality of Service (QoS) ...205 Network Address Translation (NAT 223 Dynamic DNS Setup - ZyXEL SBG3300-N000 | User Guide - Page 4
Contents Overview Firmware Upgrade ...345 Configuration ...347 Diagnostic ...350 Troubleshooting ...355 4 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 5
Guide 15 Chapter 1 Introducing the Device ...17 1.1 Overview ...17 1.2 Ways to Manage the Device 17 1.3 Good Habits for Managing the Device 17 1.4 Applications for the Device 18 1.4.1 Internet Access ...18 1.4.2 Device's USB Support Overview ...31 3.2 Quick Start Setup ...31 Chapter 4 Tutorials - ZyXEL SBG3300-N000 | User Guide - Page 6
Configuring a Remote Access Rule 64 4.12 PPTP VPN Tutorial ...65 4.12.1 Configuring PPTP VPN Setup (Server 65 4.12.2 Configuring PPTP VPN on Windows (Client 66 4.12.3 Configuring PPTP VPN on Overview ...115 5.2 The Status Screen ...115 Chapter 6 Broadband...119 6 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 7
Reference ...163 7.9.1 Wireless Network Overview 163 7.9.2 Additional Wireless Terms 165 7.9.3 Wireless Security Overview 165 7.9.4 Signal Problems ...167 7.9.5 BSS ...168 7.9.6 MBSSID ...168 7.9.7 Preamble Type ...169 7.9.8 WiFi Protected Setup (WPS 169 SBG3300-N Series User's Guide 7 - ZyXEL SBG3300-N000 | User Guide - Page 8
of Service (QoS Setup Screen 208 10.4.1 Adding a QoS Queue 210 10.5 The Class Setup Screen 210 10.5.1 Add/Edit QoS Class 212 10.6 The QoS Policer Setup Screen 215 10.6.1 Add/Edit a QoS Policer 216 10.7 The QoS Monitor Screen 217 10.8 Technical Reference ...218 8 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 9
How NAT Works ...236 11.8.4 NAT Application ...237 Chapter 12 Dynamic DNS Setup ...239 12.1 Overview ...239 12.1.1 What You Can Do in this Chapter Interface Group Configuration 244 13.2.2 Interface Grouping Criteria 245 Chapter 14 USB Service ...247 14.1 Overview ...247 14.1.1 What You Can Do in - ZyXEL SBG3300-N000 | User Guide - Page 10
15.1.2 What You Need to Know 252 15.2 The Firewall Screen ...253 15.3 The Service Screen ...253 15.3.1 Add/Edit a Service 255 15.4 The Access Control Screen 256 15.4.1 Add/Edit an ACL Rule 257 15.5 CA Certificate 274 19.4.2 Import Trusted CA Certificate 275 10 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 11
What You Need To Know 278 20.4 The Setup Screen ...278 20.4.1 Add/Edit VPN Rule 279 .3 PPTP VPN Setup ...297 21.4 The PPTP VPN Monitor Screen 298 21.5 PPTP VPN Troubleshooting Tips 298 Chapter L2TP VPN Monitor Screen 303 22.4 L2TP VPN Troubleshooting Tips 303 Chapter 23 Log ...307 23.1 Overview - ZyXEL SBG3300-N000 | User Guide - Page 12
/Edit a Users Account 326 Chapter 30 Remote Management...329 30.1 Overview ...329 30.2 The Remote MGMT Screen 329 Chapter 31 TR-069 Client...331 12 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 13
The Log Setting Screen 341 35.2.1 Example E-mail Log 342 Chapter 36 Firmware Upgrade ...345 36.1 Overview ...345 36.2 The Firmware Screen ...345 Chapter 37 Configuration ...347 37.1 Overview ...347 37.2 & NsLookup 351 38.4 802.1ag ...352 38.5 OAM Ping Test ...353 SBG3300-N Series User's Guide 13 - ZyXEL SBG3300-N000 | User Guide - Page 14
Table of Contents Chapter 39 Troubleshooting...355 39.1 Power, Hardware Connections, and LEDs 355 39.2 Device Access Java Permissions 393 Appendix D Wireless LANs 403 Appendix E IPv6 ...417 Appendix F Services...425 Appendix G Legal Information 429 Index ...433 14 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 15
PART I User's Guide 15 - ZyXEL SBG3300-N000 | User Guide - Page 16
16 - ZyXEL SBG3300-N000 | User Guide - Page 17
router and Gigabit Ethernet gateway. It has one DSL port and Gigabit Ethernet for super-fast Internet access over analog (POTS) telephone lines. The Device supports wired network without additional wiring. Only use firmware for your Device's specific model. Refer SBG3300-N Series User's Guide 17 - ZyXEL SBG3300-N000 | User Guide - Page 18
port to the DSL or MODEM jack on a splitter or your telephone jack. You can have multiple WAN services over one ADSL or VDSL. The Device cannot work in ADSL and VDSL mode at the same time. PPPoE ADSL / VDSL A WLAN LAN Bridging PPPoE IPoE PPPoA IPoA WAN ADSL A 18 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 19
network are not allowed, but you can safely browse the Internet and download files. 1.4.2 Device's USB Support The USB port of the Device is used for file-sharing. File Sharing Use the built-in USB graphic displays the labels of the LEDs. Figure 3 LEDs on the Device SBG3300-N Series User's Guide 19 - ZyXEL SBG3300-N000 | User Guide - Page 20
network is activated. The Device is communicating with other wireless clients. The Device is setting up a WPS connection. The wireless network is not activated. 20 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 21
off, press the WLAN button at the front of the Device for one second. Once the WLAN LED turns green, the wireless network is active. SBG3300-N Series User's Guide 21 - ZyXEL SBG3300-N000 | User Guide - Page 22
Chapter 1 Introducing the Device 22 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 23
HTML-based management interface that allows easy device setup and management via Internet browser. Use Internet Explorer . Web pop-up blocking is enabled by default in Windows XP SP (Service Pack) 2. • JavaScript (enabled by default). • Java permissions (enabled SBG3300-N Series User's Guide 23 - ZyXEL SBG3300-N000 | User Guide - Page 24
the page to configure the Device's time zone, basic Internet access, and wireless settings. See Chapter 3 on page 31 for more information. Figure 7 Status 24 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 25
screens where you can configure the Device's time zone Internet access, and wireless settings. Logout: Click this icon to log out of the web configurator. SBG3300-N Series User's Guide 25 - ZyXEL SBG3300-N000 | User Guide - Page 26
on the Device. multi-WAN Use this screen to configure the multiple WAN load balance and failover rules to distribute traffic among different interfaces. 26 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 27
to the Device. WPS Use this screen to configure and view your WPS (Wi-Fi Protected Setup) settings. WMM Use this screen to enable or disable Wi-Fi MultiMedia (WMM). Others Use USB Device Use this screen to enable file sharing via the Device. Security SBG3300-N Series User's Guide 27 - ZyXEL SBG3300-N000 | User Guide - Page 28
to manage the list of RADIUS servers the Device can use in authenticating users. PPTP VPN Setup Use this screen to configure the PPTP VPN settings in the Device. Monitor Use this screen Use this screen to enable specific traffic directions for network services. 28 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 29
Setting Use this screen to change your Device's log settings. Firmware Upgrade Use this screen to upload firmware to your device. Configuration Use this screen to backup and this screen to view information to help you identify problems with the DSL connection. SBG3300-N Series User's Guide 29 - ZyXEL SBG3300-N000 | User Guide - Page 30
Chapter 2 The Web Configurator 30 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 31
(starting on page 113) for background information on the features in this chapter. 3.2 Quick Start Setup 1 The Quick Start Wizard appears automatically after login. Or you can click the Click Start icon the Device's location and click Next. Figure 10 Time Zone SBG3300-N Series User's Guide 31 - ZyXEL SBG3300-N000 | User Guide - Page 32
this screen. The screen and fields to enter may vary depending on your current connection type. Click Next. Click Next. Figure 12 Internet Connection 32 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 33
wireless clients to connect to the Device. Click Save. Figure 13 Internet Connection 5 Your Device saves your settings and attempts to connect to the Internet. SBG3300-N Series User's Guide 33 - ZyXEL SBG3300-N000 | User Guide - Page 34
Chapter 3 Quick Start 34 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 35
and Class Setup, see service provider for any information you need to configure the Broadband screens. 1 Click Network Setting > Broadband to open the following screen. Click Add New WAN Interface. 2 In this example, the DSL connection has the following information. SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 36
IPv6/IPv4 Mode to IPv4 Only. 4 Enter the account information provided to you by your DSL service provider. 5 Configure this rule as your default Internet connection by selecting the Apply as Default Gateway 6 Leave the rest of the fields to the default settings. 36 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 37
7 Click Apply to save your settings. Chapter 4 Tutorials SBG3300-N Series User's Guide 37 - ZyXEL SBG3300-N000 | User Guide - Page 38
setup in the Broadband screen as follows. Try to connect to a website to see if you have correctly set up your Internet connection. Be sure to contact your service using WPS (Section 4.3.2 on page 40) or manual configuration (Section 4.3.3 on page 43). 4.3.1 Configuring SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 39
the Device (see Section 4.3.2 on page 40). He can also use the notebook's wireless client to search for the Device (see Section 4.3.3 on page 43). SBG3300-N Series User's Guide 39 - ZyXEL SBG3300-N000 | User Guide - Page 40
shows you how to set up a wireless network using WPS. It uses the Device as the AP and ZyXEL NWD210N as the wireless client which connects to the notebook. Note: The wireless client must be a WPS-aware > General screen before you can enable the WPS function. 40 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 41
of how to set up a wireless network and its security. Example WPS Process: PBC Method Wireless Client Device WITHIN 2 MINUTES Click "Connect" SECURITY INFO COMMUNICATION SBG3300-N Series User's Guide 41 - ZyXEL SBG3300-N000 | User Guide - Page 42
settings to the wireless client. This may take up to two minutes. The wireless client is then able to communicate with the Device securely. 42 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 43
using PIN method. Example WPS Process: PIN Method Wireless Client ZyXEL Device WITHIN 2 MINUTES Authentication by PIN SECURITY INFO COMMUNICATION 4.3.3 -shared key to establish an wireless Internet connection. Note: The Device supports IEEE 802.11b, IEEE 802.11g, and IEEE 802.11n wireless - ZyXEL SBG3300-N000 | User Guide - Page 44
Mode Pre-Shared Key COMPANY Company More Secure WPA2-PSK ForCompanyOnly VIP VIP More Secure WPA2-PSK ForVIPOnly GUEST Guest Basic Static WEP Guest12345678 44 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 45
and click Apply. 2 Click Network Setting > Wireless > More AP to open the following screen. Click the Edit icon to configure the second wireless network group. SBG3300-N Series User's Guide 45 - ZyXEL SBG3300-N000 | User Guide - Page 46
Chapter 4 Tutorials 3 Configure the screen using the provided parameters and click Apply. 4 In the More AP screen, click the Edit icon to configure the third wireless network group. 46 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 47
traffic flowing directions, you may connect a router to the Device's LAN. The router may be used to separate two department networks to configure a static routing rule for two network routings. In the following figure, router R is connected to the Device's LAN. R connects to two networks, N1 - ZyXEL SBG3300-N000 | User Guide - Page 48
traffic. N1 A R N2 B You need to specify a static routing rule on the Device to specify R as the router in charge of forwarding traffic to N2. In this case, the Device routes traffic from A to R and then R routes atm0 A 192.168.1.34 R's N1 192.168.1.253 48 N2 B SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 49
Click Add new static route in the Static Route screen. Chapter 4 Tutorials 4 Configure the Static Route Setup screen using the following settings: 4a Select the Active check box. Enter the Route Name as R. settings to allow specific traffic to pass through. SBG3300-N Series User's Guide 49 - ZyXEL SBG3300-N000 | User Guide - Page 50
Chapter 4 Tutorials 4.6 Configuring QoS Queue and Class Setup This section contains tutorials on how you can configure the QoS screen. Let's say you are a team FF:AA:FF:AA:FF Email traffic: Highest priority A colleague's computer Other traffic: Automatic classifier 50 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 51
Bandwidth to 10,000 kbps (or leave this blank to have the Device automatically determine this figure). Click Apply. Tutorial: Advanced > QoS 2 Click Queue Setup > Add new Queue to create a new queue. In the screen that opens, check Active and enter or select the following values: • Name: E-mail - ZyXEL SBG3300-N000 | User Guide - Page 52
follow the settings as shown in the screen below. Tutorial: Advanced > QoS > Class Setup Class Name From Interface Ether Type IP Address MAC Address To Queue Index Give a class Setting > QoS > Queue Setup screen, which is the Email queue created in this example. 52 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 53
queue (see the Source fields). 4 Verify that the queue setup works by checking Network Setting > QoS > Monitor. This shows the following settings as an example. • Hostname: zyxelrouter.dyndns.org • Service Type: Host with IP address • IP Address: Enter the WAN IP SBG3300-N Series User's Guide 53 - ZyXEL SBG3300-N000 | User Guide - Page 54
> DNS > Dynamic DNS screen. • Select Enable Dynamic DNS. • Select www.DynDNS.com as the service provider. • Type zyxelrouter.dyndns.org in the Host Name field. • Enter the user name (UserName1) and page should appear. You can then log into the Device and manage it. 54 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 55
check box to activate MAC filter function. 2 Select Allow. Then enter the host name and MAC address of Thomas' computer in this screen. Click Apply. SBG3300-N Series User's Guide 55 - ZyXEL SBG3300-N000 | User Guide - Page 56
account you are currently using. In this example, the account in use is admin. Click the Edit icon next to it. 2 Set the File Sharing Service (SAMBA) feature to Enable to allow uses to access shared files in USB storage. Enter mnt as the File Share Name. Click Apply. 56 - ZyXEL SBG3300-N000 | User Guide - Page 57
openssl command in Fedora 10. 1 First, you need to import the CA certificate. Go to the Security > Certificates > Trusted CA screen and click Import Certificate. SBG3300-N Series User's Guide 57 - ZyXEL SBG3300-N000 | User Guide - Page 58
OK. 3 In the Security > Certificates > Local Certificates screen, click Create Certificate Request. 4 Enter your information as shown in the following screen and click Apply. 58 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 59
portion, but do not use the "cat" command. 9 Paste it to the indicated part of the Certificate section in the View Certificate screen. Click Apply. SBG3300-N Series User's Guide 59 - ZyXEL SBG3300-N000 | User Guide - Page 60
Use 3DES Encryption 1 Click the Add New Entry button in the VPN > IPSec VPN > Setup screen and enter the following parameters: General Connection Name Application Scenario My Address Peer Gateway Address Site ETHWAN 22.23.24.25 Auto 1234567890 28800 Main 3DES 60 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 61
Remote Subnet Mask SHA1 DH2 3600 ESP Tunnel 3DES SHA1 DH2 Subnet 192.168.1.0 255.255.255.0 Subnet 172.23.9.0 255.255.255.0 Chapter 4 Tutorials SBG3300-N Series User's Guide 61 - ZyXEL SBG3300-N000 | User Guide - Page 62
Chapter 4 Tutorials 2 You can see the new IPSec VPN rule you've just created in the VPN > IPSec VPN > Monitor screen. Select this rule and click Connect. 62 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 63
example of creating a Gateway-to-Gateway IPSec VPN rule with pre-shared secrets. 1 Click the Add New Entry button in the VPN > IPSec VPN > Setup screen. 2 Enter vpn2 as the Connection Name. Remove the existing encryption by clicking Remove icon or Reset button. Then select AES128 and click the Add - ZyXEL SBG3300-N000 | User Guide - Page 64
.4 Example 4: Configuring a Remote Access Rule Select Remote Access in the Application Scenario field in the General section. Other parameters are the same as example 1's. 64 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 65
) 1.Go to the VPN > PPTP VPN > Setup screen and configure the following. • Select the Enable checkbox. • Set Access Group 1 to 192.168.1.0/255.255.255.0. • Select DNS as User Defined and enter a DNS server address. The DNS server address in this example is 8.8.8.8. SBG3300-N Series User's Guide 65 - ZyXEL SBG3300-N000 | User Guide - Page 66
7 and Vista On Windows 7 and Vista, do the following to establish a PPTP VPN connection. 1 Click Start > Control Panel > Network and Internet > Network and Sharing Center > Setup a connection or network > Connect to a workplace. Click Next. 66 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 67
2 Select No, create a new connection. Click Next. Chapter 4 Tutorials 3 Select Use my Internet connection (VPN). SBG3300-N Series User's Guide 67 - ZyXEL SBG3300-N000 | User Guide - Page 68
a name. Select Don't connect now; just set it up so I can connect later. Click Next. 5 Click Create. Enter the user name and password later. 68 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 69
6 Click Close. Do not connect yet. Chapter 4 Tutorials 7 Click the Network icon in your system tray, then click Network and Sharing Center on Vista or Open Network and Sharing Center on Windows 7. On Windows 7 On Vista SBG3300-N Series User's Guide 69 - ZyXEL SBG3300-N000 | User Guide - Page 70
Chapter 4 Tutorials 8 On Vista, click Manage Network Connections. 9 On Windows 7, click Change adapter settings. 70 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 71
10 Double-click the new connection icon. Chapter 4 Tutorials 11 The connection screen appears. Click Properties. 12 The Properties window appears. Click Security. SBG3300-N Series User's Guide 71 - ZyXEL SBG3300-N000 | User Guide - Page 72
) and the Allow these protocols radio button. Select Microsoft CHAP Version 2 (MS-CHAP v2) and clear all of the other check boxes. Click OK. 72 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 73
Allow these protocols radio button. Select Microsoft CHAP Version 2 (MS-CHAP v2) and clear all of the other check boxes. Do not click OK yet. SBG3300-N Series User's Guide 73 - ZyXEL SBG3300-N000 | User Guide - Page 74
and password are verified. The connection is then established. 19 (Vista) Click the Network icon in your system tray, then click the L2TP connection. 74 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 75
. 21 (Windows 7) Click the Network icon in your system tray, then right click the PPTP connection and select Status to open the connection status screen. SBG3300-N Series User's Guide 75 - ZyXEL SBG3300-N000 | User Guide - Page 76
do the following to establish a PPTP VPN connection. 1 Click Start > Control Panel > Network Connections. Select Create a new connection. 2 Click Next in the welcome screen. 76 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 77
3 Select Connect to the network at my workplace and click Next. Chapter 4 Tutorials 4 Select Virtual Private Network connection and click Next. 5 Type your Company Name, use PPTP to SBG3300 in this example, and click Next. SBG3300-N Series User's Guide 77 - ZyXEL SBG3300-N000 | User Guide - Page 78
Chapter 4 Tutorials 6 Select Do not dial the initial connection and click Next. 7 Enter the domain name or WAN IP address that you want to connect to (172.16.1.2 in this example). Click Next. 8 Click Finish. 78 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 79
server declines) and the Allow these protocols radio button. Select Microsoft CHAP Version 2 (MS-CHAP v2) and clear all of other check boxes. Click OK. SBG3300-N Series User's Guide 79 - ZyXEL SBG3300-N000 | User Guide - Page 80
and password are verified. The connection is then established. 14 An icon displays in your system tray. Double-click it to open a status screen. 80 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 81
exactly match what your Android device displays. The example settings in these sections match the PPTP VPN configuration example in Section 4.12 on page 65. SBG3300-N Series User's Guide 81 - ZyXEL SBG3300-N000 | User Guide - Page 82
VPN Server: This is the WAN IP address of the Device, in this example, 172.16.1.2 • Enable Encryption: checked. • DNS search domains: not used. 82 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 83
not match what your iOS device displays. The example settings in these sections match the PPTP VPN configuration example in Section 4.12 on page 65. SBG3300-N Series User's Guide 83 - ZyXEL SBG3300-N000 | User Guide - Page 84
this configuration. • Password: This is the password for account. • Secret: This is your pre-shared key for your VPN connection, in this example, 1234567890. 84 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 85
will begin PPTP connection. 4.13 L2TP VPN Tutorial This section illustrates how to set up a basic L2TP VPN tunnel between the Device and a remote client. SBG3300-N Series User's Guide 85 - ZyXEL SBG3300-N000 | User Guide - Page 86
rules. Click the Edit icon of the Default_L2TPVPN entry. 2 Select the Enable checkbox. 3 Select Pre-Shared Key and configure a password. This example uses 1234567890. 86 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 87
> L2TP VPN > Setup screen and configure the following: • Select the Enable checkbox. • Set Access Group 1 to 192.168.2.0/255.255.255.0. • Select DNS as User Defined and enter a DNS server address. The DNS server address in this example is 8.8.8.8. • Click Apply. SBG3300-N Series User's Guide 87 - ZyXEL SBG3300-N000 | User Guide - Page 88
However, before you configure the client, it is suggested to make sure the computer is running the Microsoft IPSec service. For Windows Vista and Windows 7 1 Click the Start button and enter "services" in the text box. Then click Services under the Programs window. 88 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 89
Chapter 4 Tutorials 2 In the Services window, scroll down to find IPsec Policy Agent. Make sure the status is Started. If not, click Start the service in the left panel. For Windows XP 1 Click Start > Run and enter "services.msc" in the text box. Click OK. SBG3300-N Series User's Guide 89 - ZyXEL SBG3300-N000 | User Guide - Page 90
Make sure the status is Started. If not, click Start the service in the left panel. 4.13.4 Configuring L2TP VPN on Windows 7 and Vista In Windows 7 and Vista do the following to establish an L2TP VPN connection. 1 Click Start > Control Panel > Network and Internet. 90 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 91
Chapter 4 Tutorials 2 Click Network and Sharing Center > Setup a connection or network > Connect to a workplace. Click Next. 3 Select No, create a new connection. Click Next. SBG3300-N Series User's Guide 91 - ZyXEL SBG3300-N000 | User Guide - Page 92
(172.16.1.2 in this example) and give this connection a name. Select Don't connect now; just set it up so I can connect later. Click Next. 92 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 93
6 Click Create. Enter the user name and password later. Chapter 4 Tutorials 7 Click Close. Do not connect yet. SBG3300-N Series User's Guide 93 - ZyXEL SBG3300-N000 | User Guide - Page 94
Chapter 4 Tutorials 8 Click the Network icon in your system tray, then click Network and Sharing Center on Vista or Open Network and Sharing Center on Windows 7. On Windows 7 On Vista 9 On Vista, click Manage Network Connections. 94 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 95
10 On Windows 7, click Change adapter settings. Chapter 4 Tutorials 11 Double-click the new connection icon. SBG3300-N Series User's Guide 95 - ZyXEL SBG3300-N000 | User Guide - Page 96
Allow these protocols radio button. Select Microsoft CHAP Version 2 (MS-CHAP v2) and clear all of other check boxes. Do not click OK yet. 96 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 97
rule. In this example, enter 1234567890. Click OK to return to the Connect window. 16 (Vista) Select Advanced (custom settings) radio button and click Settings. SBG3300-N Series User's Guide 97 - ZyXEL SBG3300-N000 | User Guide - Page 98
all of other check boxes. Click OK. 18 (Vista) Click Networking. Select L2TP IPsec VPN as the Type of VPN. Then click IPsec Settings. 98 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 99
> User Account screen. Refer to Chapter 29 on page 325. 21 A window appears while the username and password are verified. The connection is then established. SBG3300-N Series User's Guide 99 - ZyXEL SBG3300-N000 | User Guide - Page 100
details. The address 10.2.1.2 and 10.2.1.12 are addresses allocated from the L2TP IP Address Pool you configured on the Device (10.2.1.1 - 10.2.1.32). 100 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 101
to make sure your access works. 4.13.5 Configuring L2TP VPN on Windows XP On Windows XP, do the following to establish an L2TP VPN connection. SBG3300-N Series User's Guide 101 - ZyXEL SBG3300-N000 | User Guide - Page 102
Chapter 4 Tutorials 1 Click Start > Control Panel > Network Connections. 2 Select Create a new connection. 3 Click Next in the welcome screen. 4 Select Connect to the network at my workplace and click Next. 102 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 103
5 Select Virtual Private Network connection and click Next. Chapter 4 Tutorials 6 Type your Company Name, in this example, use L2TP to SBG3300, and click Next. 7 Select Do not dial the initial connection and click Next. SBG3300-N Series User's Guide 103 - ZyXEL SBG3300-N000 | User Guide - Page 104
172.16.1.2 in this example). Click Next. 9 Click Finish. 10 The connection screen appears. Click Properties > Security. Select Advanced (custom settings) and click Settings. 104 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 105
-shared key used in the IPSec configuration that the Device is using for the Default_L2TPVPN IPSec VPN rule. In this example, enter 1234567890. Click OK. SBG3300-N Series User's Guide 105 - ZyXEL SBG3300-N000 | User Guide - Page 106
Account screen. Refer to Chapter 29 on page 325. 15 A window appears after the username and password are verified. The connection is then established. 106 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 107
not exactly match what your Android device displays. The example settings in these sections match the L2TP VPN configuration example in Section on page 86. SBG3300-N Series User's Guide 107 - ZyXEL SBG3300-N000 | User Guide - Page 108
PSK. • Server address: This is the WAN IP address of the Device, in this example, 172.16.1.2 • L2TP secret and IPSec identifier: Not used. 108 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 109
configured on the Device. Note: The user account must have been configured in the Maintenance > User Account screen. Refer to Chapter 29 on page 325. SBG3300-N Series User's Guide 109 - ZyXEL SBG3300-N000 | User Guide - Page 110
settings in these sections matches the L2TP VPN configuration example in Section on page 86. 1 On your iOS device, select Home > Settings > General > Network. 110 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 111
pre-shared key for your VPN connection, in this example, 1234567890. • Send All Traffic: This example uses the route-all configuration (ON). 4 Save the configuration. SBG3300-N Series User's Guide 111 - ZyXEL SBG3300-N000 | User Guide - Page 112
Chapter 4 Tutorials 5 The saved configuration appears on the VPN screen. Select it and then slide the VPN bar to the ON position. Your iOS device will begin L2TP connection. 112 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 113
PART II Technical Reference 113 - ZyXEL SBG3300-N000 | User Guide - Page 114
114 - ZyXEL SBG3300-N000 | User Guide - Page 115
Information Host Name This field displays the Device system name. It is used for identification. Model Number This shows the model number of your Device. Firmware Version This is the current version of the firmware inside the Device. SBG3300-N Series User's Guide 115 - ZyXEL SBG3300-N000 | User Guide - Page 116
. IP Subnet Mask This is the current subnet mask in the LAN. DHCP This field displays what DHCP services the Device is providing to the LAN. Choices are: Server - The Device is a DHCP server in the or turn off the device (unplug the power) for a few seconds. 116 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 117
This field displays the scenario type for the IPSec SA. Scenario Remote Gateway Address This field displays the remote gateway Address used in the SA. SBG3300-N Series User's Guide 117 - ZyXEL SBG3300-N000 | User Guide - Page 118
Chapter 5 Status Screens 118 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 119
settings on the Device for Internet access (Section 6.2 on page 123). • Use the 3G WAN screen to configure 3G WAN connection (Section 6.3 on page 133). SBG3300-N Series User's Guide 119 - ZyXEL SBG3300-N000 | User Guide - Page 120
(Section 6.7 on page 139). Table 6 WAN Setup Overview LAYER-2 INTERFACE INTERNET CONNECTION CONNECTION ADSL/VDSL you need to use the same encapsulation method used by your ISP (Internet Service Provider). If your ISP offers a dial-up Internet connection using PPPoE SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 121
called cells. With ATM, a high QoS (Quality of Service) can be guaranteed. ATM uses a connection-oriented model and use IPv4/IPv6 dual stack to connect to IPv4 and IPv6 networks, and supports IPv6 rapid deployment (6RD). IPv6 Addressing The 128-bit IPv6 address is SBG3300-N Series User's Guide 121 - ZyXEL SBG3300-N000 | User Guide - Page 122
encapsulation packets to the ISP's Address Family Transition Router (AFTR in the graphic) to connect to the IPv4 Internet. The local network can also use IPv6 services. The VDSL Router uses it's configured IPv6 WAN IP to route IPv6 traffic to the IPv6 Internet. 122 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 123
from the menu. The summary table shows you the configured WAN services (connections) on the Device. Figure 21 Network Setting > Broadband The connection. # This is the index number of the entry. Name This is the service name of the connection. Type This shows whether it is an ATM, PTM, - ZyXEL SBG3300-N000 | User Guide - Page 124
shows whether Multicast Listener Discovery (MLD) is activated or not for this connection. MLD is not available when the connection uses the bridging service. Click the Edit icon to configure the WAN connection. Click the Delete icon to remove the WAN connection. 124 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 125
in this screen. Table 8 Routing Mode LABEL DESCRIPTION General Active Select this to activate the WAN configuration settings. Name Specify a descriptive name for this connection. SBG3300-N Series User's Guide 125 - ZyXEL SBG3300-N000 | User Guide - Page 126
Select this if you have a DSL router or modem in your network already. Select in a manner similar to dial-up services using PPP. Select this if you so that you can have multiple services/connections over one PVC. You can different VLAN IDs for different services. EoA supports ENET ENCAP (IPoE), PPPoE - ZyXEL SBG3300-N000 | User Guide - Page 127
to time out. This value specifies the time in minutes that elapses before the router automatically disconnects from the PPPoE server. PPPoE Service Name This field is not configurable if you select PPP Auto Connect. Enter the name of your PPPoE service here. SBG3300-N Series User's Guide 127 - ZyXEL SBG3300-N000 | User Guide - Page 128
if you want the Device use the DNS server addresses you configure manually. Enter the first DNS server address assigned by the ISP. to have the Device use the IPv6 prefix from the connected router's Router Advertisement (RA) to generate an IPv6 address. Select the Get SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 129
The gateway is a router or switch on the server addresses you configure manually. Enter the first the ISP's Border Relay router and connecting to the IPv6 network. Specify the transition router's IPv6 address. These fields that contains bits to define class of service. 802.1q Select the IEEE 802.1p - ZyXEL SBG3300-N000 | User Guide - Page 130
PTM) LABEL DESCRIPTION General Active Select this to activate the WAN configuration settings. Name Enter a service name of the connection. Type Select ADSL/VDSL over PTM as the interface that you want and NAT on traffic from the selected LAN port(s). 130 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 131
inserting a tag into a MAC-layer frame that contains bits to define class of service. 802.1q QoS Rate Limit Apply Cancel Select the IEEE 802.1p priority level Select this to activate the WAN configuration settings. Name Enter a service name of the connection. Type Select ADSL over ATM as the - ZyXEL SBG3300-N000 | User Guide - Page 132
MAC address or all connections share one MAC address but use different VLAN IDs for different services. EoA supports ENET ENCAP (IPoE), PPPoE and RFC1483/2684 bridging encapsulation methods. PPPoA (PPP over ATM) when you select Non Realtime VBR or Realtime VBR. 132 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 133
Cancel to exit this screen without saving. 6.3 The 3G WAN Screen Use this screen to configure your 3G settings. Click Network Setting > Broadband > 3G WAN. SBG3300-N Series User's Guide 133 - ZyXEL SBG3300-N000 | User Guide - Page 134
Chapter 6 Broadband Note: The actual data rate you obtain varies depending the 3G card you use, the signal strength to the service provider's base station, and so on. Figure 25 Network Setting > Broadband > 3G WAN 134 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 135
number (dial string) used to dial up a connection to your service provider's base station. Your ISP should provide the phone number. APN the Device use the DNS server addresses you configure manually. following static DNS IP address Primary DNS server Enter SBG3300-N Series User's Guide 135 - ZyXEL SBG3300-N000 | User Guide - Page 136
New 3G Dongle screen to show the following. Enter the information for a new 3G dongle to add it. Figure 27 Add 3G Dongle Information 136 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 137
enable or disable PTM over ADSL, Annex M, and DSL PhyR functions. The Device supports the PhyR retransmission scheme. PhyR is a retransmission scheme designed to provide protection against noise to function, the DSLAM must also support PhyR and have it enabled. SBG3300-N Series User's Guide 137 - ZyXEL SBG3300-N000 | User Guide - Page 138
or disabling PhyR will require the CPE to retrain. For PhyR to function, the DSLAM must also support PhyR and have it enabled. Apply Click Apply to save your changes back to the Device. Cancel . Cancel Click Cancel to return to the previous configuration. 138 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 139
interfaces. This helps to increase overall network throughput and reliability. Load balancing divides traffic loads between multiple interfaces. This allows you to improve quality of service and maximize bandwidth utilization for multiple ISP links. SBG3300-N Series User's Guide 139 - ZyXEL SBG3300-N000 | User Guide - Page 140
the multi-WAN screen or the Edit icon next to an existing multi-WAN rule to configure it. Figure 32 multi-WAN: Add/Edit 140 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 141
connection which is set to passive mode. 2 Click the Delete icon next to the VDSL WAN connection as it is not needed in this example. SBG3300-N Series User's Guide 141 - ZyXEL SBG3300-N000 | User Guide - Page 142
are not currently configured in multi-WAN. 6.8 Technical Reference The following section contains additional technical information about the Device features described in this chapter. 142 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 143
or routing mode. When the Device is in routing mode, it supports the following methods. IP over Ethernet IP over Ethernet (IPoE) an ATM PVC (Permanent Virtual Circuit) to the Internet Service Provider's (ISP) DSLAM (digital access multiplexer). Please refer SBG3300-N Series User's Guide 143 - ZyXEL SBG3300-N000 | User Guide - Page 144
hear from devices that are not in the same group(s); the traffic must first go through a router. In Multi-Tenant Unit (MTU) applications, VLAN is vital in providing isolation and security among the provides the information that switches need to process the frame 144 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 145
224.0.0.2 is assigned to the multicast routers group. At start up, the Device vice versa, for instance, the IP address of www.zyxel.com is 204.217.0.2. The DNS server is extremely important up. If your ISP gives you DNS server addresses, manually enter them in the DNS server fields. 2 If your - ZyXEL SBG3300-N000 | User Guide - Page 146
as "/x" where x is a number. For example, 2001:db8:1a2b:15::1a2f:0/32 means that the first 32 bits (2001:db8) is the subnet prefix. 146 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 147
159). • Use the WMM screen to enable Wi-Fi MultiMedia (WMM) to ensure quality of service in wireless networks for multimedia applications (Section 7.6 on page 160). • Use the Others screen to LAN channel noises and view the results (Section 7.8 on page 163). SBG3300-N Series User's Guide 147 - ZyXEL SBG3300-N000 | User Guide - Page 148
wireless connection when you press Apply to confirm. You must then change the wireless settings of your computer to match the Device's new settings. 148 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 149
Setting > Wireless > General LABEL DESCRIPTION Wireless Network Setup Wireless You can Enable or Disable the wireless Device automatically determine a channel to use. If you are having problems with wireless interference, changing the channel may help. Try to SBG3300-N Series User's Guide 149 - ZyXEL SBG3300-N000 | User Guide - Page 150
adjacent radio channels to increase throughput. The wireless clients must also support 40 MHz. It is often better to use the 20 MHz Wireless Network Name (SSID) The SSID (Service Set IDentity) identifies the service set with which a wireless device is associated SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 151
support it and you have a RADIUS server. If your wireless devices support nothing stronger than WEP, use the highest encryption level available. Your Device allows you to configure up to four 64-bit or 128-bit WEP keys but only one key can be enabled at any one time. SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 152
them. WEP Encryption Select 64-bits or 128-bits. This dictates the length of the security key that the network is going to use. 152 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 153
.../less WPA-PSK Compatible If you did not select Generate password automatically, you can manually type a preshared key from 8 to 64 case-sensitive keyboard characters. Click more connect to your Device. The Device supports WPA-PSK and WPA2-PSK simultaneously. SBG3300-N Series User's Guide 153 - ZyXEL SBG3300-N000 | User Guide - Page 154
Level Select More Secure to enable WPA(2)-PSK data encryption. Security Mode Choose WPA or WPA2 from the drop-down list box. Authentication Server 154 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 155
this value unless your network administrator instructs you to do so with additional Select this if you want the Device to support WPA and WPA2 simultaneously. Select the encryption type screen allows you to enable and configure multiple Basic Service Sets (BSSs) on the Device. Click Network Setting - ZyXEL SBG3300-N000 | User Guide - Page 156
the set of parameters relating to one of the Device's BSSs. The SSID (Service Set IDentifier) identifies the Service Set with which a wireless device is associated. Security Modify This field displays the name following screen displays. Figure 39 More AP: Edit 156 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 157
Table 25 More AP: Edit LABEL DESCRIPTION Wireless Network Setup Wireless You can Enable or Disable the wireless LAN in Settings Wireless Network Name (SSID) The SSID (Service Set IDentity) identifies the service set with which a wireless device is associated SBG3300-N Series User's Guide 157 - ZyXEL SBG3300-N000 | User Guide - Page 158
to give exclusive access to specific devices (Allow) or exclude specific devices from accessing the ZyXEL Device (Deny). Every Ethernet device has a unique MAC (Media Access Control) address. The save your changes. Click Cancel to exit this screen without saving. 158 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 159
Setup (WPS) on your Device. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually. Set up each WPS connection between two devices. Both devices must support Push Button Configuration (PBC). SBG3300-N Series User's Guide 159 - ZyXEL SBG3300-N000 | User Guide - Page 160
WMM Power Save in wireless networks for multimedia applications. Click Network Setting > Wireless > WMM. The following screen displays. Figure 42 Network Setting > Wireless > WMM 160 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 161
DESCRIPTION WMM Select On to have the Device automatically give a service a priority level according to the ToS value in the IP if the wireless device to which the Device is connected also supports this feature. Click Apply to save your changes. Click Cancel 2346. SBG3300-N Series User's Guide 161 - ZyXEL SBG3300-N000 | User Guide - Page 162
only when you set 802.11 Mode to 802.11b. Click Apply to save your changes. Click Cancel to restore your previously saved settings. 162 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 163
network. • A bridge is a radio that relays communications between access points and wireless clients, extending a network's range. Traditionally, a wireless network operates in one of two ways. SBG3300-N Series User's Guide 163 - ZyXEL SBG3300-N000 | User Guide - Page 164
must use the same SSID. The SSID is the name of the wireless network. It stands for Service Set IDentifier. • If two wireless networks overlap, they should use a different channel. Like radio stations , these bands are divided into numerous channels. This allows a 164 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 165
- but it is not very secure if you use a short key which is very easy to guess - for example, a three-letter word from the dictionary. SBG3300-N Series User's Guide 165 - ZyXEL SBG3300-N000 | User Guide - Page 166
to the wireless network before using it. However, every device in the wireless network has to support IEEE 802.1x to do this. For wireless networks, you can store the user names . 2. Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F. 166 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 167
in the wireless network supports. For example, Problems with interference occur when other radio waves interrupt the data signal. Interference may come from other radio transmissions, such as military or air traffic control communications, or from machines that are SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 168
motors or microwaves. Problems with absorption occur when physical objects (such as thick walls) are between the two radios, muffling the signal. 7.9.5 BSS A Basic Service Set (BSS) exists BSSs • A maximum of eight BSSs are allowed on one AP simultaneously. 168 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 169
supports WiFi Protected Setup (WPS), which is an easy way to set up a secure wireless network. WPS is an industry standard specification, defined by the WiFi Alliance. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually - ZyXEL SBG3300-N000 | User Guide - Page 170
to join the network. Take the following steps to set up a WPS connection between an access point or wireless router (referred to here as the AP) and a client device using the PIN method. 1 Ensure WPS is enabled the wireless client in the list, WPS was successful. 170 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 171
) and the WPA-PSK or WPA2-PSK pre-shared key to the enrollee. Whether WPA-PSK or WPA2-PSK is used depends on the standards supported by the devices. If the registrar is already part of a network, it sends the existing information. If not, it generates the SSID and WPA(2)-PSK - ZyXEL SBG3300-N000 | User Guide - Page 172
enrollee or registrar (if it supports both functions). If the registrar is setup. The following figure shows an example network. In step 1, both AP1 and Client 1 are unconfigured. When WPS is activated on both, they perform the handshake. In this example, AP1 172 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 173
AP1 In step 2, you add another wireless client to the network. You know that Client 1 supports registrar mode, but it is better to use AP1 for the WPS handshake with the new client REGISTRAR EXISTING CONNECTION CLIENT 1 ENROLLEE SECURITY INFO AP1 CLIENT 2 SBG3300-N Series User's Guide 173 - ZyXEL SBG3300-N000 | User Guide - Page 174
WPS handshake with the new access point. However, you know that Client 2 supports the registrar function, so you use it to perform the WPS handshake instead. registrar device to discover the key the network is using (if the device supports this feature). Then, you can enter the key into the non-WPS - ZyXEL SBG3300-N000 | User Guide - Page 175
(usually printed on a label on the bottom of the device). If there is an unknown MAC address you can remove it or reset the AP. SBG3300-N Series User's Guide 175 - ZyXEL SBG3300-N000 | User Guide - Page 176
Chapter 7 Wireless 176 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 177
server and manage IP addresses. LAN DSL 8.1.1 What You Can Do in this Chapter • Use the LAN Setup screen to set the LAN IP address, subnet mask, and DHCP settings of your Device (Section 8.2 on page the Ethernet WAN port as a LAN port (Section 8.8 on page 195). SBG3300-N Series User's Guide 177 - ZyXEL SBG3300-N000 | User Guide - Page 178
devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the service descriptions. NAT traversal allows the following: • Dynamic port mapping • Learning public IP addresses 178 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 179
ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum UPnP™ Implementers Corp. (UIC). ZyXEL's UPnP implementation supports Setting > LAN to open the LAN Setup screen. Follow these steps to configure Subnet Mask field. Unless instructed otherwise it is best to leave this - ZyXEL SBG3300-N000 | User Guide - Page 180
on page 243 for how to create a new interface group. LAN IP Setup IP Address Enter the LAN IP address you want to assign to your Device you enter, so do not change this field unless you are instructed to do so. IGMP Snooping Status Select the Enable IGMP Snooping SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 181
Device. LAN IPv6 Address Setup Delegate prefix Select this option to automatically obtain an IPv6 network prefix from the service provider from WAN or an uplink router. Static Select this option multicast group membership. It helps reduce multicast traffic. SBG3300-N Series User's Guide 181 - ZyXEL SBG3300-N000 | User Guide - Page 182
LAN Setup (continued) LABEL DESCRIPTION LAN IPv6 Address Assign Setup Select how you want to obtain an IPv6 address: • stateless + DNS send by RADVD: The Device uses IPv6 stateless autoconfiguration. RADVD (Router characters, for example, 00:A0:C5:00:00:02. 182 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 183
interface group name for which you want to configure static DHCP settings. See Chapter 13 on page 243 for how to create a new interface group. SBG3300-N Series User's Guide 183 - ZyXEL SBG3300-N000 | User Guide - Page 184
IP Address auto-detected. MAC Address If you select Manual Input, enter the MAC address of a computer on your LAN. IP Address If you select Manual Input, enter the IP address that you want to the screen shown next. Figure 55 Network Setting > LAN > UPnP 184 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 185
port in order to communicate with another UPnP enabled device; this eliminates the need to manually configure port forwarding for the UPnP enabled application. Apply Click Apply to save your Me. 1 Click Start and Control Panel. Double-click Add/Remove Programs. SBG3300-N Series User's Guide 185 - ZyXEL SBG3300-N000 | User Guide - Page 186
Components selection box. Click Details. Add/Remove Programs: Windows Setup: Communication 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box. Add/Remove Programs: Windows Setup: Communication: Components 186 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 187
menu and select Optional Networking Components .... Network Connections 4 The Windows Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details. Windows Optional Networking Components Wizard SBG3300-N Series User's Guide 187 - ZyXEL SBG3300-N000 | User Guide - Page 188
window, select the Universal Plug and Play check box. Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and Start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway. 188 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 189
2 Right-click the icon and select Properties. Network Connections Chapter 8 LAN 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Internet Connection Properties SBG3300-N Series User's Guide 189 - ZyXEL SBG3300-N000 | User Guide - Page 190
8 LAN 4 You may edit or delete the port mappings or click Add to manually add port mappings. Internet Connection Properties: Advanced Settings Internet Connection Properties: Advanced Settings: Add click OK. An icon displays in the system tray. System Tray Icon 190 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 191
the IP address of the Device. Follow the steps below to access the web configurator. 1 Click Start and then Control Panel. 2 Double-click Network Connections. SBG3300-N Series User's Guide 191 - ZyXEL SBG3300-N000 | User Guide - Page 192
Local Network. 5 Right-click on the icon for your Device and select Invoke. The web configurator login screen displays. Network Connections: My Network Places 192 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 193
Chapter 8 LAN 6 Right-click on the icon for your Device and select Properties. A properties window displays with basic information about the Device. Network Connections: My Network Places: Properties: Example SBG3300-N Series User's Guide 193 - ZyXEL SBG3300-N000 | User Guide - Page 194
Ethernet interface. The Device supports multiple logical LAN interfaces via ). If your ISP provides the Public LAN service, the Device may use an LAN IP Subnet LABEL DESCRIPTION IP Alias Setup Group Name Select the interface group LAN feature. Your ISP must support Public LAN and Static IP. IP - ZyXEL SBG3300-N000 | User Guide - Page 195
. Cancel Click Cancel to exit this screen without saving. 8.9 Technical Reference This section provides some technical background information about the topics covered in this chapter. SBG3300-N Series User's Guide 195 - ZyXEL SBG3300-N000 | User Guide - Page 196
configuration for the clients. If you turn DHCP service off, you must have another DHCP server on your LAN, or else the computer must be manually configured. IP Pool Setup The Device is pre-configured with a pool in the DNS Server fields in the DHCP Setup screen. 196 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 197
. The Device supports the IPCP DNS setup under all circumstances Setup screen. 8.9.4 LAN TCP/IP The Device has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support follow their instructions in selecting unless you are instructed to do otherwise. without problems. However - ZyXEL SBG3300-N000 | User Guide - Page 198
information on address assignment, please refer to RFC 1597, "Address Allocation for Private Internets" and RFC 1466, "Guidelines for Management of IP Address Space". 198 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 199
create one static route to connect to services offered by your ISP behind router R2. You create another static route to communicate with a separate network behind a router R3 connected to the LAN. Figure up RIP settings on the Device. (Section 9.4 on page 203). SBG3300-N Series User's Guide 199 - ZyXEL SBG3300-N000 | User Guide - Page 200
subnet mask of the final destination. This is the IP address of the gateway. The gateway is a router or switch on the same network segment as the device's LAN or WAN port. The gateway helps forward displays asking you to confirm that you want to delete the route. 200 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 201
number to be identical to the host ID. Enter the IP subnet mask here. The gateway is a router or switch on the same network segment as the device's LAN or WAN port. The gateway helps forward routing is applied to outgoing packets, prior to the normal routing. SBG3300-N Series User's Guide 201 - ZyXEL SBG3300-N000 | User Guide - Page 202
policy. Click the Delete icon to remove a policy from the Device. A window displays asking you to confirm that you want to delete the policy. 202 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 203
exit this screen without saving. 9.4 The RIP Screen Routing Information Protocol (RIP, RFC 1058 and RFC 1389) allows a device to exchange routing information with other routers. SBG3300-N Series User's Guide 203 - ZyXEL SBG3300-N000 | User Guide - Page 204
when receiving). RIP version 1 is universally supported but RIP version 2 carries more information. not advertise its route information to other routers in this interface. Enabled Apply Cancel Select and also listen for routing updates from neighboring routers. Select the check box to activate the - ZyXEL SBG3300-N000 | User Guide - Page 205
Service (QoS) 10.1 Overview Quality of Service alone is a problem such as Internet Setup screen lets you add, edit or delete QoS policers (Section 10.5 on page 210). • The Monitor screen lets you view the Device's QoS-related packet statistics (Section 10.7 on page 217). SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 206
destination traffic flows. All packets in the same flow are given the same priority. CoS (class of service) is a way of managing traffic in a network by grouping similar types of traffic together and treating (Before Traffic Shaping) Time (After Traffic Shaping) 206 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 207
of Service (QoS Traffic Policing) (After Traffic Policing) The Device supports three incoming traffic metering algorithms: Token Bucket Filter 218 for more information on each metering algorithm. 10.3 The Quality of Service General Screen Click Network Setting > QoS > General to open the screen - ZyXEL SBG3300-N000 | User Guide - Page 208
10 Quality of Service (QoS) The Device automatically sets this to the LAN interfaces' maximum supported connection speed. Select how the Device assigns priorities to Queue Setup Screen Click Network Setting > QoS > Queue Setup to open the screen as shown next. 208 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 209
Setting > QoS > Queue Setup Chapter 10 Quality of Service (QoS) The following table describes the labels in this screen. Table 44 Network Setting > QoS > Queue Setup LABEL DESCRIPTION Add new Queue Click rules move up by one when you take this action. SBG3300-N Series User's Guide 209 - ZyXEL SBG3300-N000 | User Guide - Page 210
Service (QoS) 10.4.1 Adding a QoS Queue Click Add new Queue or the edit icon in the Queue Setup screen to configure a queue. Figure 67 Queue Setup: Add The following table describes the labels in this screen. Table 45 Queue Setup (such as Telnet) to form a flow. 210 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 211
Chapter 10 Quality of Service (QoS) You can give applications. Click Network Setting > QoS > Class Setup to open the following screen. Figure 68 Network Setting > QoS > Class Setup The following table describes the labels in this screen when you take this action. SBG3300-N Series User's Guide 211 - ZyXEL SBG3300-N000 | User Guide - Page 212
Chapter 10 Quality of Service (QoS) 10.5.1 Add/Edit QoS Class Click Add new Classifier in the Class Setup screen or the Edit icon next to a classifier to open the following screen. Figure 69 Class Setup: Add/Edit 212 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 213
Chapter 10 Quality of Service (QoS) The following table describes the labels in this screen. Table 47 Class Setup: Add/Edit LABEL Active Class Name Classification Order DESCRIPTION Select this the packets that match the specified criteria from this classifier. SBG3300-N Series User's Guide 213 - ZyXEL SBG3300-N000 | User Guide - Page 214
Quality of Service (QoS) Table 47 Class Setup: Add/Edit (continued) LABEL Service DESCRIPTION This field Option 60) of the matched traffic, such as the type of the hardware or firmware. Packet Length DSCP If you select User Class ID (DHCP Option 77), enter . 214 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 215
of Service (QoS) Table 47 Class Setup: Add/Edit (continued) LABEL DESCRIPTION To Queue Index Select a queue that applies to this class. Apply Cancel You should have configured a queue in the Queue Setup screen rules move up by one when you take this action. SBG3300-N Series User's Guide 215 - ZyXEL SBG3300-N000 | User Guide - Page 216
10 Quality of Service (QoS) 10.6.1 Add/Edit a QoS Policer Click Add new Policer in the Policer Setup screen or the Edit icon next to a policer to show the following screen. Figure 71 Policer Setup: Add/Edit The following table describes the labels in this screen. Table 49 Policer Setup: Add/Edit - ZyXEL SBG3300-N000 | User Guide - Page 217
Chapter 10 Quality of Service (QoS) Table 49 Policer Setup: Add/Edit (continued) LABEL NonConforming Action Available Class DESCRIPTION Specify what the Device does for packets # This is the index number of the entry. Name This shows the name of the queue. SBG3300-N Series User's Guide 217 - ZyXEL SBG3300-N000 | User Guide - Page 218
Service for network control traffic such as router configuration messages. Level 6 Typically service) to give different priorities to different packet types. DiffServ (Differentiated Services) is a class of service (DSCPs) indicating the level of service desired. This allows the intermediary - ZyXEL SBG3300-N000 | User Guide - Page 219
2-bit unused field and a 6-bit DSCP field which can define up to 64 service levels. The following figure illustrates the DS field. DSCP is backward compatible with the three 1 DSCP 000000 000000 001110 001100 001010 001000 IP PACKET LENGTH (BYTE) >1100 250~1100 SBG3300-N Series User's Guide 219 - ZyXEL SBG3300-N000 | User Guide - Page 220
Chapter 10 Quality of Service (QoS) Table 52 Internal Layer2 and Layer3 QoS Mapping LAYER 2 LAYER 3 PRIORITY QUEUE 4 IEEE 802.1P USER PRIORITY (ETHERNET PRIORITY) 4 TOS (IP DSCP mark. The Device may drop these marked packets if the network is overloaded. 220 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 221
Chapter 10 Quality of Service (QoS) Configure the bucket size to be equal to or less than the amount of the bandwidth that the interface can support. It does not help if you set it to a bucket size and added into the two buckets at the CIR and PIR respectively. SBG3300-N Series User's Guide 221 - ZyXEL SBG3300-N000 | User Guide - Page 222
Chapter 10 Quality of Service (QoS) All packets are evaluated against the PIR. If a packet exceeds the PIR it is marked red. Otherwise it is evaluated bucket is equal to or greater than the size of the packet (in bytes). Otherwise, the packet is marked yellow. 222 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 223
• Use the Port Forwarding screen to configure forward incoming service requests to the server(s) on your local network (Section 11 IP address of a host in a packet as the packet traverses a router, for example, the local address refers to the IP address of a SBG3300-N Series User's Guide 223 - ZyXEL SBG3300-N000 | User Guide - Page 224
FTP on port 21. In some cases, such as for unknown services or where one server can support more than one service (for example both FTP and web service), it might be better to specify a range of port numbers. assign a default server IP address of 192.168.1.35 to a 224 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 225
a service. End Port This is the last external port number that identifies a service. Translation Start Port This is the first internal port number that identifies a service. Translation End This is the last internal port number that identifies a service. Port SBG3300-N Series User's Guide 225 - ZyXEL SBG3300-N000 | User Guide - Page 226
(continued) LABEL Protocol Modify DESCRIPTION This shows the IP protocol supported by this virtual server, whether it is TCP, UDP, or NAT enabled. Enter the WAN IP address for which the incoming service is destined. If the packet's destination IP address doesn't SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 227
the protocol supported by service forwards. WAN Interface This field shows the WAN interface through which the service is forwarded. Server IP Address This field displays the destination IP address for the service. Modify Click the Delete icon to delete the rule. SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 228
a service from the Triggering Screen Some services use a dedicated problem is that port forwarding only forwards a service to a single LAN IP address. In order to use the same service on a different LAN computer, you have to manually service closes, another computer on the LAN can use the service - ZyXEL SBG3300-N000 | User Guide - Page 229
Network Setting > NAT > Port Triggering LABEL Add new rule # Status Service Name WAN Interface Trigger Start Port DESCRIPTION Click this to create a a service. This is the last port number that identifies a service. This is the trigger transport layer protocol. SBG3300-N Series User's Guide 229 - ZyXEL SBG3300-N000 | User Guide - Page 230
describes the labels in this screen. Table 58 Port Triggering: Configuration Add/Edit LABEL Active Service Name WAN Interface Trigger Start Port DESCRIPTION Select the check box to enable this rule. Select the transport layer protocol from TCP, UDP, or TCP/UDP. 230 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 231
Screen In addition to the servers for specified services, NAT supports a default server IP address. A default server receives packets from ports that are not specified in the NAT Port Forwarding Setup SBG3300-N Series User's Guide 231 - ZyXEL SBG3300-N000 | User Guide - Page 232
Chapter 11 Network Address Translation (NAT) 11.6 The ALG Screen Some NAT routers may include a SIP Application Layer Gateway (ALG). A SIP ALG allows SIP calls to > Address Mapping to display the following screen. Figure 83 Network Setting > NAT > Address Mapping 232 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 233
to SUA (i.e., PAT, port address translation), the Device's Single User Account feature that previous routers supported only. Modify Many-to-Many: This mode maps multiple local IP addresses to shared global IP shown next. Figure 84 Address Mapping: Add/Edit SBG3300-N Series User's Guide 233 - ZyXEL SBG3300-N000 | User Guide - Page 234
port address translation), the Device's Single User Account feature that previous routers supported only. Local Start IP Local End IP Global Start IP Global End the IP address of a host in a packet as the packet traverses a router, for example, the local address refers to the IP address of a host - ZyXEL SBG3300-N000 | User Guide - Page 235
inquiries, thus preventing intruders from probing your network. For more information on IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT). SBG3300-N Series User's Guide 235 - ZyXEL SBG3300-N000 | User Guide - Page 236
Global IP Address IGA 1 IGA 2 IGA 3 IGA 4 SA IGA1 WAN Inside Local Address (ILA) 192.168.1.11 192.168.1.10 Inside Global Address (IGA) 236 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 237
about port numbers. Please also refer to the Supporting CD for more examples and details on port forwarding and NAT. Table 64 Services and Port Numbers SERVICES ECHO FTP (File Transfer Protocol) SMTP (Simple ) PORT NUMBER 7 21 25 53 79 80 110 119 161 162 1723 SBG3300-N Series User's Guide 237 - ZyXEL SBG3300-N000 | User Guide - Page 238
Multiple Servers Behind NAT Example A=192.168.1.33 192.168.1.1 B=192.168.1.34 C=192.168.1.35 D=192.168.1.36 IP address assigned by ISP 238 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 239
CHAPTER 12 Dynamic DNS Setup 12.1 Overview DNS DNS (Domain before you can access it. In addition to the system DNS server(s), each WAN interface (service) is set to have its own static or dynamic DNS server list. You can configure (Section 12.3 on page 241). SBG3300-N Series User's Guide 239 - ZyXEL SBG3300-N000 | User Guide - Page 240
Chapter 12 Dynamic DNS Setup 12.1.2 What You Need To Know DYNDNS Wildcard Enabling the wildcard feature for your host causes *.yourhost.dyndns.org to be to this computer. Click the Edit icon to edit the rule. Click the Delete icon to delete an existing rule. 240 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 241
Chapter 12 Dynamic DNS Setup 12.2.1 Add/Edit DNS Entry You can manually add or edit the Device's DNS name and IP address entry. Click Add new DNS entry Network Setting > DNS > Dynamic DNS. The screen appears as shown. Figure 90 Network Setting > DNS > Dynamic DNS SBG3300-N Series User's Guide 241 - ZyXEL SBG3300-N000 | User Guide - Page 242
Provider field, enter the user name you used to register for this service. If you select TZO in the Service Provider field, enter the password you used to register for this service. Click Apply to save your changes. Click Cancel to exit this screen without saving. 242 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 243
a different subnet from default LAN subnet (192.168.1.0/24). 13.2 The Interface Group Screen You can manually add a LAN interface to a new group. Alternatively, you can have the Device automatically add the LAN Interfaces This shows the LAN interfaces in the group. SBG3300-N Series User's Guide 243 - ZyXEL SBG3300-N000 | User Guide - Page 244
DHCP Vendor IDs Click Add to identify LAN hosts to add to the interface group by criteria such as the type of the hardware or firmware. See Section 13.2.2 on page 245 for more information. # This shows the index number of the rule. 244 - ZyXEL SBG3300-N000 | User Guide - Page 245
the matched traffic is received will belong to this group automatically. WildCard Support This shows if wildcard on DHCP option 60 is enabled. Remove 60) of the matched traffic, such as the type of the hardware or firmware. Enable wildcard on DHCP option 60 option Select this option to be able - ZyXEL SBG3300-N000 | User Guide - Page 246
the serial number of the device. Click Apply to save your changes back to the Device. Click Cancel to exit this screen without saving. 246 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 247
memory stick or a USB hard drive. In the USB Service screens, you can enable the file-sharing server. 14.1.1 . The file sharing feature on your Device supports File Allocation Table (FAT) and FAT32. Common the Device. CIFS protocol is supported on Microsoft Windows, Linux Samba and - ZyXEL SBG3300-N000 | User Guide - Page 248
Chapter 14 USB Service Samba SMB is a client-server protocol stick or hard drive connected to your Device with users on your network. The Device supports Samba. This allows network users to access shared files in USB storage. To use is connected to your network. 248 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 249
Service the Device, see the troubleshooting for suggestions. Use this screen to set up file Setting > USB Service > File Sharing. Figure 95 Network Setting > USB Service > File Sharing > File Sharing LABEL DESCRIPTION File Sharing Services Select Enable to activate file sharing through - ZyXEL SBG3300-N000 | User Guide - Page 250
Chapter 14 USB Service 250 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 251
Control screen to view and configure incoming/outgoing filtering rules (Section 15.4 on page 256). • Use the DoS screen to activate protection against Denial of Service (DoS) attacks (Section 15.5 on page 258). SBG3300-N Series User's Guide 251 - ZyXEL SBG3300-N000 | User Guide - Page 252
, making the system unavailable for legitimate users. DoS Denials of Service (DoS) attacks are aimed at devices and networks with a so users no longer have access to network resources. The ZyXEL Device is pre-configured to automatically detect and thwart all known SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 253
15.3 The Service Screen You can configure customized services and port numbers in the Service screen. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website. See Appendix F on page 425 for some examples. SBG3300-N Series User's Guide 253 - ZyXEL SBG3300-N000 | User Guide - Page 254
to add a new service. This is the name of your customized service. This is the description of your customized service. This shows the IP number or range of ports that defines your customized service. Other and the protocol number displays if the service uses another IP protocol. Click the Edit icon - ZyXEL SBG3300-N000 | User Guide - Page 255
service. If you select Any, the service is applied to all ports. Protocol Number Add Rule List Protocol Ports/Protocol Number Modify Service Name Type a single port number or the range of port numbers that define your customized service that defines the custom service. For other IP protocol - ZyXEL SBG3300-N000 | User Guide - Page 256
Firewall > Access Control LABEL Rules Storage Space usage Add new ACL rule # Name Direction Src IP Dst IP Service Modify DESCRIPTION This bar shows the percentage of the Device's space has been used. If the usage is of the rule. Enter the number in the # field. 256 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 257
You may select from WAN to LAN, WAN to Router, WAN to DMZ, LAN to WAN, LAN to Router, LAN to DMZ, DMZ to WAN, DMZ to LAN, and DMZ to Router. The DMZ zone is available when there's a specified the destination IP address. Select whether your IP type is IPv4 or IPv6. SBG3300-N Series User's Guide 257 - ZyXEL SBG3300-N000 | User Guide - Page 258
Cancel to exit this screen without saving. 15.5 The DoS Screen DoS (Denial of Service) attacks can flood your Internet connection with invalid packets and connection requests, using so much DoS to display the following screen. Figure 102 Security > Firewall > DoS 258 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 259
Enable to block ping request packets. Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. Chapter 15 Firewall SBG3300-N Series User's Guide 259 - ZyXEL SBG3300-N000 | User Guide - Page 260
Chapter 15 Firewall 260 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 261
screen to allow wireless and LAN clients access to the Device. Click Security > MAC Filter. The screen appears as shown. Figure 103 Security > MAC Filter SBG3300-N Series User's Guide 261 - ZyXEL SBG3300-N000 | User Guide - Page 262
character pairs, for example, 12:34:56:78:9a:bc. Click Apply to save your changes. Click Cancel to restore your previously saved settings. 262 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 263
MAC address of the LAN user's computer to which this rule applies. This shows the day(s) and time on which User Access control is enabled. SBG3300-N Series User's Guide 263 - ZyXEL SBG3300-N000 | User Guide - Page 264
Control Table 79 Security > User Access Control (continued) LABEL Network Service Website Block Modify DESCRIPTION This shows whether the network service is configured. If not, None will be shown. This shows sites. Figure 105 User Access Control Rule: Add/Edit 264 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 265
ones listed below. Click this to show a screen in which you can add a new service rule. You can configure the Service Name, Protocol, and Name of the new rule. This shows the index number of the the Device. Click Cancel to restore your previously saved settings. SBG3300-N Series User's Guide 265 - ZyXEL SBG3300-N000 | User Guide - Page 266
Chapter 17 User Access Control 266 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 267
to edit the schedule. Click the Delete icon to delete a scheduler rule. Note: You cannot delete a scheduler rule once it is applied to a certain feature. SBG3300-N Series User's Guide 267 - ZyXEL SBG3300-N000 | User Guide - Page 268
enforced. Description Enter a description for this scheduler rule. Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. 268 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 269
. You can use the Device to generate certification requests that contain identifying information and public keys and then send the certification requests to a certification authority. SBG3300-N Series User's Guide 269 - ZyXEL SBG3300-N000 | User Guide - Page 270
. Click the Remove icon to delete the certificate (or certification request). You cannot delete a certificate that one or more features is configured to use. 270 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 271
Auto to have the Device configure this field automatically. Or select Customize to enter it manually. Organization Name State/Province Name Country/Region Name Apply Cancel Type the IP address ( . Otherwise click Back to return to the Local Certificates screen. SBG3300-N Series User's Guide 271 - ZyXEL SBG3300-N000 | User Guide - Page 272
certificate into the Device. Note: You must remove any spaces from the certificate's filename before you can import it. Figure 111 Load Signed Certificate 272 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 273
request). Click the Remove button to delete the certificate (or certification request). You cannot delete a certificate that one or more features is configured to use. SBG3300-N Series User's Guide 273 - ZyXEL SBG3300-N000 | User Guide - Page 274
editor and save the file on a management computer for later distribution (via floppy disk for example). Click Back to return to the previous screen. 274 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 275
the text box to store it on the Device. OK Click OK to save your changes. Cancel Click Cancel to exit this screen without saving. SBG3300-N Series User's Guide 275 - ZyXEL SBG3300-N000 | User Guide - Page 276
Chapter 19 Certificates 276 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 277
the Device (X) and the remote IPSec router (Y). These routers then connect the local network (A) and remote network (B). 20.2 What You Can Do in this Chapter • Use the Setup screen to display and manage the use in authenticating users (Section 20.6 on page 287). SBG3300-N Series User's Guide 277 - ZyXEL SBG3300-N000 | User Guide - Page 278
.4 The Setup Screen The following figure helps explain the main fields in the web configurator. Figure 117 IPSec Fields Summary Local Network Remote Network Remote IPSec Router Local IP Address VPN Tunnel Local and remote IP addresses must be static. Remote IP Address 278 SBG3300-N Series - ZyXEL SBG3300-N000 | User Guide - Page 279
display the Setup screen. > Setup The following table describes the fields in this screen. Table 89 VPN > IPSec VPN > Setup LABEL the Secure Gateway Address of the IPSec router with which you're making the VPN a policy's Edit icon in the IPSec VPN > Setup screen to either add or edit a VPN policy - ZyXEL SBG3300-N000 | User Guide - Page 280
the IPSec VPN > Setup > Edit screen. Figure 119 VPN > IPSec VPN > Setup > Edit The following table describes the labels in this screen. Table 90 VPN > IPSec VPN > Setup > Edit LABEL DESCRIPTION General Enable Select the checkbox to activate this VPN policy. 280 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 281
> Setup > Edit to-Site - Choose this if the remote IPSec router has a static IP address or a domain name Manual, the specified IPsec VPN tunnel will be considered as connected at any time. You cannot disconnect the specified IPsec VPN tunnel in the IPsec Monitor screen. SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 282
20 IPSec VPN Table 90 VPN > IPSec VPN > Setup > Edit (continued) LABEL Pre-Shared Key DESCRIPTION Select this to have the Device and remote IPSec router use a pre-shared key (password) to identify each other this Device in the Local/Remote ID Content field. 282 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 283
VPN Table 90 VPN > IPSec VPN > Setup > Edit (continued) LABEL DESCRIPTION Phase 1 is faster but does not encrypt the identities The Device and the remote IPSec router must use the same negotiation mode. Select which key size and encryption algorithm to it. SBG3300-N Series User's Guide 283 - ZyXEL SBG3300-N000 | User Guide - Page 284
IPSec VPN > Setup > Edit ( IPSec router is there before it transmits data through the IKE SA. The remote IPSec router must support DPD. ) - provides encryption and the same services offered by AH, but its authentication is router must use the same active protocol. 284 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 285
VPN Table 90 VPN > IPSec VPN > Setup > Edit (continued) LABEL Encapsulation DESCRIPTION the encryption, but also the longer it takes to encrypt and decrypt information. Both routers must use the same DH key group. You cannot use a Policy (Local and subnet mask. SBG3300-N Series User's Guide 285 - ZyXEL SBG3300-N000 | User Guide - Page 286
VPN > Setup > Edit (continued) LABEL Local/Remote IP Address DESCRIPTION If you select Single in the Local/Remote IP Type field, specify the IP addresses of the devices behind the Device that can use the VPN tunnel. The local IP addresses must correspond to the remote IPSec router's configured - ZyXEL SBG3300-N000 | User Guide - Page 287
of RADIUS servers the Device can use in authenticating users. In the Web Configurator, click VPN > IPSec VPN > Radius. Figure 121 VPN > IPSec VPN > Radius SBG3300-N Series User's Guide 287 - ZyXEL SBG3300-N000 | User Guide - Page 288
the labels in this screen. Table 93 VPN > IPSec VPN > Radius LABEL Radius Setup Server Address Authentication Port Backup Server Address Backup Authentication Port Key DESCRIPTION Enter the address background information about the topics covered in this chapter. 288 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 289
2404, provide an authentication mechanism for the AH and ESP protocols. Key Management Key management allows you to determine whether to use IKE (ISAKMP) or manual key configuration in order to set up a VPN. SBG3300-N Series User's Guide 289 - ZyXEL SBG3300-N000 | User Guide - Page 290
and Tunnel mode. At the time of writing, the Device supports Tunnel mode only. Figure 123 Transport and Tunnel Mode IPSec to transmit it securely. A Tunnel mode is required for gateway services to provide access to internal systems. Tunnel mode is fundamentally SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 291
renegotiates the IPSec SA if there is traffic when the IPSec SA lifetime period expires. If an IPSec SA times out, then the IPSec router must renegotiate the SA the next time someone attempts to send traffic. 20.7.4 Negotiation Mode The phase 1 Negotiation Mode you select determines how the - ZyXEL SBG3300-N000 | User Guide - Page 292
VPN device at the receiving end finds a mismatch between the hash value and the data and assumes that the data has been maliciously altered. 292 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 293
AH ESP ESP MODE Transport Tunnel Transport Tunnel NAT N N Y* Y Y* - This is supported in the Device if you enable NAT traversal. 20.7.7 ID Type and Content With aggressive negotiation from remote IPSec routers that have dynamic WAN IP addresses. The Device can SBG3300-N Series User's Guide 293 - ZyXEL SBG3300-N000 | User Guide - Page 294
to be a real domain name or e-mail address. 20.7.7.1 ID Type and Content Examples Two IPSec routers must have matching ID type and content configuration in order to set up a VPN tunnel. The two party before you can communicate with them over a secure connection. 294 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 295
session keys. 768-bit, 1024-bit 1536-bit, 2048-bit, and 3072-bit Diffie-Hellman groups are supported. Upon completion of the Diffie-Hellman exchange, the two peers have a shared secret, but the IKE SA is not authenticated. For authentication, use pre-shared keys. SBG3300-N Series User's Guide 295 - ZyXEL SBG3300-N000 | User Guide - Page 296
VPN using TCP/IP-based networks. PPTP supports on-demand, multi-protocol and virtual private use, but you have to make sure that firewalls support both PPTP sessions. PPTP works on a client-server What You Can Do in this Chapter • Use the Setup screen to configure the PPTP VPN settings in the Device - ZyXEL SBG3300-N000 | User Guide - Page 297
to open the Setup screen as shown next. Figure 127 VPN > PPTP VPN > Setup This screen contains the following fields: Table 99 VPN > PPTP VPN > Setup LABEL DESCRIPTION PPTP Setup Enable Use this , which is configured in the Maintenance > User Account screen. SBG3300-N Series User's Guide 297 - ZyXEL SBG3300-N000 | User Guide - Page 298
lists the common troubleshooting tips for PPTP VPN. 1 A PPTP client device (such as a PC, smart phone, tablet) cannot connect to the Device. TIP: This could be due to one of the following reasons: a. The client device is not connected to the Internet successfully. 298 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 299
the local host or server behind the Device. Tip: This may be caused by one of the followings: a. The local host or server is disconnected. SBG3300-N Series User's Guide 299 - ZyXEL SBG3300-N000 | User Guide - Page 300
successfully but cannot browse the Internet. Tip: From the Device's GUI, click VPN > PPTP VPN > Setup. Check if DNS Server is configured. A client cannot browse the Internet without DNS resolved. Note that when older than version 4.1 for PPTP VPN connection. 300 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 301
to view settings for L2TP clients (Chapter 22 on page 303). Note: You need to configure the Default_L2TPVPN VPN rule in the VPN > IPSec > IPSec Setup screen. See Chapter 20 on page 277 for information on IPSec VPN. SBG3300-N Series User's Guide 301 - ZyXEL SBG3300-N000 | User Guide - Page 302
client connection request. It is configured in the Default_L2TPVPN IPSec VPN rule in the VPN > IPSec > IPSec Setup screen. See Chapter 20 on page 277 for information on IPSec VPN. IP Address Pool Enter the pool of VPN tunnel if the remote user does not respond. 302 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 303
L2TP VPN > Setup (continued) LABEL the first and second DNS servers manually. The WINS (Windows Internet Naming Service) server keeps a mapping table of disconnect. 22.4 L2TP VPN Troubleshooting Tips This section lists the common troubleshooting tips for L2TP VPN. SBG3300-N Series User's Guide 303 - ZyXEL SBG3300-N000 | User Guide - Page 304
IPSec > Edit Default_L2TPVPN. Select the Enable checkbox and click Apply. (2) Click VPN > L2TP VPN > Setup. Select the Enable checkbox and click Apply. f. L2TP or IPSec is not configured correctly on the reconnection may fail. Wait 60 seconds before reconnecting. 304 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 305
configured correctly. From the Device's GUI, go to the VPN > L2TP VPN > Setup screen to check. Note that all local hosts are by default accessible unless Access can be supported by the phase 1 setting in the Default_L2TPVPN IPSec VPN rule will be accepted by the SBG3300-N Series User's Guide 305 - ZyXEL SBG3300-N000 | User Guide - Page 306
proposals provided by a built-in L2TP client in the popular operating systems. The first proposal that can be supported by the phase 2 setting in the Default_L2TPVPN IPSec VPN rule will be accepted by the Device. The /-/SHA1 ESP/DES/SHA1 AH/-/SHA1 ESP/DES/MD5 306 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 307
taken immediately. 2 Critical: The system condition is critical. 3 Error: There is an error condition on the system. 4 Warning: There is a warning condition on the system. SBG3300-N Series User's Guide 307 - ZyXEL SBG3300-N000 | User Guide - Page 308
severity level of the logs that the device is to send to this syslog server. Messages This field states the reason for the log. 308 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 309
the severity level of the logs that the device is to send to this syslog server. Messages This field states the reason for the log. SBG3300-N Series User's Guide 309 - ZyXEL SBG3300-N000 | User Guide - Page 310
Chapter 23 Log 310 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 311
WAN screen. The figure in this screen shows the number of bytes received and sent on the Device. Figure 134 System Monitor > Network Status > WAN SBG3300-N Series User's Guide 311 - ZyXEL SBG3300-N000 | User Guide - Page 312
following screen. The figure in this screen shows the interface that is currently connected on the Device. Figure 135 System Monitor > Network Status > LAN 312 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 313
. Error This indicates the number of frames with errors received on this interface. Drop This indicates the number of received packets dropped on this interface. SBG3300-N Series User's Guide 313 - ZyXEL SBG3300-N000 | User Guide - Page 314
Chapter 24 Network Status 314 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 315
address). The replying device (which is either the IP address of the device being sought or the router that knows the way) replaces the broadcast address with the target's MAC address, swaps the sender is the learned IP address of a device connected to a port. SBG3300-N Series User's Guide 315 - ZyXEL SBG3300-N000 | User Guide - Page 316
. Device This is the type of interface used by the device. You can click on the device type to go to its configuration screen. 316 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 317
daemon or redirect. Metric M-Modified (redirect): The route is modified from a routing daemon or redirect. The metric represents the "cost of transmission". A router determines the best route for transmission by choosing a path with the lowest "cost". The smaller the number, the lower the "cost - ZyXEL SBG3300-N000 | User Guide - Page 318
the service used to forward the route. This indicates the name of the interface through which the route is forwarded. br0 indicates the LAN interface. ptm0 indicates the WAN interface using IPoE or in bridge mode. ppp0 indicates the WAN interface using PPPoE. 318 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 319
List This is the list of IP addresses that are allowed or not allowed to receive the multicast group's traffic depending on the filter mode. SBG3300-N Series User's Guide 319 - ZyXEL SBG3300-N000 | User Guide - Page 320
Chapter 27 IGMP Status 320 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 321
CHAPTER 28 xDSL Statistics 28.1 The xDSL Statistics Screen Use this screen to view detailed DSL statistics. Click System Monitor > xDSL Statistics to open the following screen. Figure 139 System Monitor > xDSL Statistics SBG3300-N Series User's Guide 321 - ZyXEL SBG3300-N000 | User Guide - Page 322
direction going out from the port to the service provider. These are the statistics for the traffic direction coming into the port from the service provider. Line Rate These are the data transfer transport layer protocol headers and traffic. xDSL Counters 322 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 323
traffic direction coming into the port from the service provider. Upstream These are the statistics for the traffic direction going out from the port to the service provider. FEC This is the number of . LOM This is the number of Loss of Margin seconds. SBG3300-N Series User's Guide 323 - ZyXEL SBG3300-N000 | User Guide - Page 324
Chapter 28 xDSL Statistics 324 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 325
before the Device locks the user out. Idle Timeout This field indicates the number of minutes that the system can idle before being logged out. SBG3300-N Series User's Guide 325 - ZyXEL SBG3300-N000 | User Guide - Page 326
or the Edit icon next to the user account you want to edit. The screen shown next appears. Figure 141 Users Configuration: Add/Edit 326 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 327
can configure the Device while User accounts can only view some status information. File Sharing Service (SAMBA) File Share Name File Share Directory File Sharing Writable Apply Cancel Users logged in changes. Click Cancel to exit this screen without saving. SBG3300-N Series User's Guide 327 - ZyXEL SBG3300-N000 | User Guide - Page 328
Chapter 29 User Account 328 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 329
: The Device is managed using the Web Configurator. 30.2 The Remote MGMT Screen Use this screen to configure through which interface(s) users can use which service(s) to manage the Device. Click Maintenance > Remote MGMT to open the following screen. Figure 142 Maintenance > Remote MGMT - ZyXEL SBG3300-N000 | User Guide - Page 330
Enter the Trust Domain IP address. Services This is the service you may use to access the Device. LAN/WLAN Select the Enable check box for the corresponding services that you want to allow access to Click Cancel to restore your previously saved settings. 330 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 331
or HTTPS. An administrator can use an ACS to remotely set up the Device, modify settings, perform firmware upgrades as well as monitor and diagnose the Device. You have to enable the device to be managed managed by an ACS. Figure 143 Maintenance > TR-069 Client SBG3300-N Series User's Guide 331 - ZyXEL SBG3300-N000 | User Guide - Page 332
imported in the Security > Certificates > Local Certificates screen. Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. 332 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 333
allows a manager station to manage and monitor the Device through the network. The Device supports SNMP version one (SNMPv1) and version two (SNMPv2c). The next figure illustrates an request and the agent returns responses using the following protocol operations: SBG3300-N Series User's Guide 333 - ZyXEL SBG3300-N000 | User Guide - Page 334
your SNMP traps to. Apply Click Apply to save your changes back to the Device. Cancel Click Cancel to restore your previously saved settings. 334 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 335
> Time. The screen appears as shown. Use this screen to configure the Device's time based on your local time zone. Figure 146 Maintenance > Time Setting SBG3300-N Series User's Guide 335 - ZyXEL SBG3300-N000 | User Guide - Page 336
. In Germany for instance, you would select 2 in the Hour field because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). 336 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 337
Table 119 Maintenance > Time Setting (continued) LABEL DESCRIPTION Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. Chapter 33 Time SBG3300-N Series User's Guide 337 - ZyXEL SBG3300-N000 | User Guide - Page 338
Chapter 33 Time 338 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 339
want to be in the from/sender line of the e-mail that the Device sends. Remove Click this button to delete the selected entry(ies). SBG3300-N Series User's Guide 339 - ZyXEL SBG3300-N000 | User Guide - Page 340
as well. Click this button to save your changes and return to the previous screen. Click this button to begin configuring this screen afresh. 340 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 341
. 35.2 The Log Setting Screen To change your Device's log settings, click Maintenance > Logs Setting. The screen appears as shown. Figure 149 Maintenance > Logs Setting SBG3300-N Series User's Guide 341 - ZyXEL SBG3300-N000 | User Guide - Page 342
mail in which a complete log has been sent. The following is an example of a log sent by e-mail. • You may edit the subject title. 342 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 343
Log Example Subject: Firewall Alert From Date: Fri, 07 Apr 2000 10:05:42 From: [email protected] To: [email protected] 1|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |default policy |forward | 09 src port:00520 dest port:00520 | | End of Firewall Log SBG3300-N Series User's Guide 343 - ZyXEL SBG3300-N000 | User Guide - Page 344
Chapter 35 Logs Setting 344 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 345
upload new firmware to your Device. You can download new firmware releases from your nearest ZyXEL FTP site (or www.zyxel.com) to use to upgrade your device's performance. Only use firmware for your device upload process. This process may take up to two minutes. SBG3300-N Series User's Guide 345 - ZyXEL SBG3300-N000 | User Guide - Page 346
minutes before logging into the Device again. Figure 152 Firmware Uploading The Device automatically restarts in this time causing Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen. If the upload was not successful, the following screen - ZyXEL SBG3300-N000 | User Guide - Page 347
file will be useful in case you need to return to your previous settings. Click Backup to save the Device's current configuration to your computer. SBG3300-N Series User's Guide 347 - ZyXEL SBG3300-N000 | User Guide - Page 348
the upload was not successful, the following screen will appear. Click OK to go back to the Configuration screen. Figure 157 Configuration Upload Error 348 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 349
Device hangs, for example. Click Maintenance > Reboot. Click Reboot to have the Device reboot. This does not affect the Device's configuration. Figure 160 Maintenance > Reboot SBG3300-N Series User's Guide 349 - ZyXEL SBG3300-N000 | User Guide - Page 350
38.1 Overview The Diagnostic screens display information to help you identify problems with the Device. The route between a CO VDSL switch and can take further action to check and resume services from the fault according to the line connectivity status report. SBG3300-N Series User's Guide 350 - ZyXEL SBG3300-N000 | User Guide - Page 351
determines the path a packet takes to the specified computer. Nslookup Click this button to perform a DNS lookup on the IP address of a computer you enter. SBG3300-N Series User's Guide 351 - ZyXEL SBG3300-N000 | User Guide - Page 352
remote end point. Send Linktrace Click this button to have the selected MEP send the LTMs (Link Trace Messages) to a specified remote end point. 352 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 353
-end loopback tests allow you to verify integrity of an end-to-end PVC. Note: The DSLAM to which the Device is connected must also support ATM F4 and/or F5 to use this test. SBG3300-N Series User's Guide 353 - ZyXEL SBG3300-N000 | User Guide - Page 354
this to perform an OAM F5 segment loopback test. F5 end-end Press this to perform an OAM F5 end-to-end loopback test. 354 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 355
CHAPTER 39 Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, to replace any damaged cables. 4 Turn the Device off and on. SBG3300-N Series User's Guide 355 - ZyXEL SBG3300-N000 | User Guide - Page 356
Chapter 39 Troubleshooting 5 If the problem continues, contact the vendor. 39.2 Device Access and Login I forgot the IP address 4 If it is possible to log in from another interface, check the service control settings for HTTP and HTTPS (Maintenance > Remote MGMT). 356 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 357
Troubleshooting 5 Reset the device to its factory defaults, and try to access the Device with the default IP address. See Section 1.6 on page 21. 6 If the problem Device using another service, such as Telnet the Device. See the troubleshooting suggestions for I cannot firmware. See the troubleshooting - ZyXEL SBG3300-N000 | User Guide - Page 358
Troubleshooting 39.3 Internet Access I cannot access the Internet. 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide 5 If the problem continues, contact your WAN connection using bridging service, make sure you SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 359
Troubleshooting 2 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.5 on page 19. 3 Turn the Device off and on. 4 If the problem . What wireless security modes does my Device support? Wireless security is vital to your network. - ZyXEL SBG3300-N000 | User Guide - Page 360
Chapter 39 Troubleshooting The available security modes in your Device the Edit icon on the account you are currently using. Check if the File Sharing Service (SAMBA) feature is enabled. You need to enable it to allow uses to access Re-connect the Ethernet cable. 360 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 361
39 Troubleshooting The Local Area Connection icon for UPnP disappears in the screen. Restart your computer. I cannot open special applications such as white board, file transfer and video when I use the MSN messenger. 1 Wait more than three minutes. 2 Restart the applications. SBG3300-N Series - ZyXEL SBG3300-N000 | User Guide - Page 362
Chapter 39 Troubleshooting 362 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 363
, configure the TCP/IP settings in order to "communicate" with your network. If you manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses window. Figure 165 WIndows 95/98/Me: Network: Configuration SBG3300-N Series User's Guide 363 - ZyXEL SBG3300-N000 | User Guide - Page 364
adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • If your IP address is dynamic, select Obtain an IP address automatically. 364 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 365
information in the fields below (you may not need to fill them all in). Figure 167 Windows 95/98/Me: TCP/IP Properties: DNS Configuration SBG3300-N Series User's Guide 365 - ZyXEL SBG3300-N000 | User Guide - Page 366
figures use the default Windows XP GUI theme. 1 Click start (Start in Windows 2000/NT), Settings, Control Panel. Figure 168 Windows XP: Start Menu 366 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 367
/NT). Figure 169 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. Figure 170 Windows XP: Control Panel: Network Connections: Properties SBG3300-N Series User's Guide 367 - ZyXEL SBG3300-N000 | User Guide - Page 368
. • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. 368 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 369
Settings tab by clicking Add in Default gateways. • In TCP/IP Gateway Address, type the IP address of the default gateway in Gateway. To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the - ZyXEL SBG3300-N000 | User Guide - Page 370
server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. 370 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 371
Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab. Windows Vista This section shows screens from Windows Vista Enterprise Version 6.0. SBG3300-N Series User's Guide 371 - ZyXEL SBG3300-N000 | User Guide - Page 372
Panel, double-click Network and Internet. Figure 176 Windows Vista: Control Panel 3 Click Network and Sharing Center. Figure 177 Windows Vista: Network And Internet 372 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 373
: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. Figure 179 Windows Vista: Network and Sharing Center SBG3300-N Series User's Guide 373 - ZyXEL SBG3300-N000 | User Guide - Page 374
. • If you have a static IP address click Use the following IP address and fill in the IP address, Subnet mask, and Default gateway fields. 374 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 375
Settings tab by clicking Add in Default gateways. • In TCP/IP Gateway Address, type the IP address of the default gateway in Gateway. To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the - ZyXEL SBG3300-N000 | User Guide - Page 376
server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. 376 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 377
Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab. SBG3300-N Series User's Guide 377 - ZyXEL SBG3300-N000 | User Guide - Page 378
Appendix A Setting up Your Computer's IP Address Macintosh OS 8/9 1 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. Figure 184 Macintosh OS 8/9: Apple Menu 378 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 379
assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type the Subnet mask box. • Type the IP address of your Device in the Router address box. 5 Close the TCP/IP Control Panel. 6 Click Save if SBG3300-N Series User's Guide 379 - ZyXEL SBG3300-N000 | User Guide - Page 380
For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet the Subnet mask box. • Type the IP address of your Device in the Router address box. 5 Click Apply Now and close the window. 6 Turn on your - ZyXEL SBG3300-N000 | User Guide - Page 381
. 1 Click the Red Hat button (located on the bottom left corner), select System Setting and click Network. Figure 188 Red Hat 9.0: KDE: Network Configuration: Devices SBG3300-N Series User's Guide 381 - ZyXEL SBG3300-N000 | User Guide - Page 382
Network Configuration screen. Enter the DNS server information in the fields provided. Figure 190 Red Hat 9.0: KDE: Network Configuration: DNS 5 Click the Devices tab. 382 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 383
Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=static IPADDR=192.168.1.10 NETMASK=255.255.255.0 USERCTL=no PEERDNS=yes TYPE=Ethernet SBG3300-N Series User's Guide 383 - ZyXEL SBG3300-N000 | User Guide - Page 384
:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:730412 (713.2 Kb) TX bytes:1570 (1.5 Kb) Interrupt:10 Base address:0x1000 [root@localhost]# 384 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 385
own house number, each host on the network has its own unique identifying number - the host ID. Routers use the network number to send packets to the correct network, while the host ID determines to which of 00000000 to 11111111 in binary, or 0 to 255 in decimal. SBG3300-N Series User's Guide 385 - ZyXEL SBG3300-N000 | User Guide - Page 386
a continuous sequence of ones beginning from the leftmost bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits. 386 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 387
number of bits in the mask after the address. For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with subnet mask 255.255.255.128. SBG3300-N Series User's Guide 387 - ZyXEL SBG3300-N000 | User Guide - Page 388
or /25). The "borrowed" host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. 388 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 389
IP Address (Decimal) IP Address (Binary) Subnet Mask (Binary) NETWORK NUMBER 192.168.1. 11000000.10101000.00000001. 11111111.11111111.11111111. LAST OCTET BIT VALUE 0 00000000 11000000 SBG3300-N Series User's Guide 389 - ZyXEL SBG3300-N000 | User Guide - Page 390
octet values for each subnet. Table 136 Eight Subnets SUBNET SUBNET ADDRESS 1 0 2 32 FIRST ADDRESS 1 33 LAST ADDRESS 30 62 BROADCAST ADDRESS 31 63 390 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 391
(/30) 16384 15 255.255.255.254 (/31) 32768 NO. HOSTS PER SUBNET 32766 16382 8190 4094 2046 1022 510 254 126 62 30 14 6 2 1 SBG3300-N Series User's Guide 391 - ZyXEL SBG3300-N000 | User Guide - Page 392
to change the subnet mask computed by the Device unless you are instructed to do otherwise. Private IP Addresses Every machine on the Internet must you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 393
to log into your device. Either disable pop-up blocking (enabled by default in Windows XP SP (Service Pack) 2) or allow pop-up blocking and create an exception for your device's IP address. Disable 1 In Internet Explorer, select Tools, Internet Options, Privacy. SBG3300-N Series User's Guide 393 - ZyXEL SBG3300-N000 | User Guide - Page 394
to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 394 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 395
address of your device (the web page that you do not want to have blocked) with the prefix "http://". For example, http://192.168.167.1. SBG3300-N Series User's Guide 395 - ZyXEL SBG3300-N000 | User Guide - Page 396
Apply to save this setting. JavaScript If pages of the web configurator do not display properly in Internet Explorer, check that JavaScript are allowed. 396 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 397
Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). SBG3300-N Series User's Guide 397 - ZyXEL SBG3300-N000 | User Guide - Page 398
then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 398 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 399
(Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for under Java (Sun) is selected. SBG3300-N Series User's Guide 399 - ZyXEL SBG3300-N000 | User Guide - Page 400
Java, Javascript and pop-ups in one screen. Click Tools, then click Options in the screen that appears. Figure 208 Mozilla Firefox: Tools > Options 400 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 401
Appendix C Pop-up Windows, JavaScript and Java Permissions Click Content.to show the screen below. Select the check boxes as shown in the following screen. Figure 209 Mozilla Firefox Content Security SBG3300-N Series User's Guide 401 - ZyXEL SBG3300-N000 | User Guide - Page 402
Appendix C Pop-up Windows, JavaScript and Java Permissions 402 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 403
an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS). The following diagram shows an example of notebook computers using wireless adapters to form and communicate with each other. When Intra-BSS is SBG3300-N Series User's Guide 403 - ZyXEL SBG3300-N000 | User Guide - Page 404
still access the wired network but cannot communicate with each other. Figure 211 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access wireless network traffic in the immediate neighborhood. 404 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 405
a hidden node. Both stations (STA) are within range of the access point (AP) or wireless gateway, but out-of-range of each other, so they SBG3300-N Series User's Guide 405 - ZyXEL SBG3300-N000 | User Guide - Page 406
is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. 406 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 407
Secure Note: You must enable the same wireless security settings on the Device and on all wireless clients that you want to associate with it. SBG3300-N Series User's Guide 407 - ZyXEL SBG3300-N000 | User Guide - Page 408
IEEE 802.1x are: • User based identification that allows for roaming. • Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and accounting management on a point and the RADIUS server for user accounting: 408 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 409
protocol that runs on top of the IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS Authority (CA) to handle certificates, which imposes a management overhead. SBG3300-N Series User's Guide 409 - ZyXEL SBG3300-N000 | User Guide - Page 410
LANs EAP-TTLS (Tunneled Transport Layer Service) EAP-TTLS is an extension of secure connection, thus client identity is protected. For client authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP Moderate No 410 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 411
and WEP are improved data encryption and user authentication. If both an AP and the wireless clients support WPA2 and you have an external RADIUS server, use WPA2 for stronger data encryption. If you -password approach makes WPA(2)-PSK susceptible to brute-force SBG3300-N Series User's Guide 411 - ZyXEL SBG3300-N000 | User Guide - Page 412
authentication. These two features are optional and may not be supported in all wireless devices. Key caching allows a wireless client client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA. At the time of . 412 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 413
and information exchanged in a handshake to create temporal encryption keys. They use these keys to encrypt data exchanged between them. Figure 215 WPA(2)-PSK Authentication SBG3300-N Series User's Guide 413 - ZyXEL SBG3300-N000 | User Guide - Page 414
Table 142 Wireless Security Relational Matrix AUTHENTICATION METHOD/ KEY MANAGEMENT PROTOCOL ENCRYPTIO N METHOD ENTER MANUAL KEY Open None No Open Shared WPA WPA-PSK WPA2 WPA2-PSK WEP No Yes in antenna gain results in a range increase of approximately 414 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 415
as close to the center of the coverage area as possible. For directional antennas, point the antenna in the direction of the desired coverage area. SBG3300-N Series User's Guide 415 - ZyXEL SBG3300-N000 | User Guide - Page 416
Appendix D Wireless LANs 416 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 417
-local unicast address format is as follows. Table 143 Link-local Unicast Address Format 1111 1110 10 0 Interface ID 10 bits 54 bits 64 bits SBG3300-N Series User's Guide 417 - ZyXEL SBG3300-N000 | User Guide - Page 418
the same functionality as IPv4 broadcast addresses. Broadcasting is not supported in IPv6. A multicast address allows a host to send routers on a local node. All hosts on a local connected link. All routers on a local connected link. All routers FF07:0:0:0:0:0:0:0 418 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 419
IA_NA before the lifetimes expire. After T1, the client sends the server (S1) (from which the addresses in the IA_NA were obtained) a Renew message. If SBG3300-N Series User's Guide 419 - ZyXEL SBG3300-N000 | User Guide - Page 420
IPv6 prefix (for example, 2001:db2::/48) to generate its LAN IP address. Through sending Router Advertisements (RAs) regularly by multicast, the Device passes the IPv6 prefix information to its LAN message (from the host) with a neighbor advertisement message. 420 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 421
router router solicitation message to query for a router and receives a router advertisement message, it adds the router router list cache if the router can be used as a default router a router. If default router list or router to discover multicast router or the router or switch. The router or - ZyXEL SBG3300-N000 | User Guide - Page 422
DHCPv6 on Windows XP Windows XP does not support DHCPv6. If your network uses DHCPv6 for IP If you use static IP addresses or Router Advertisement for IPv6 address assignment in your service. 3 Select Start > Control Panel > Administrative Tools > Services. 422 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 423
can obtain an IPv6 address from a DHCPv6 server. Example - Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default. DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer. To enable /IPv6) checkbox to enable it. 3 Click OK to save the change. SBG3300-N Series User's Guide 423 - ZyXEL SBG3300-N000 | User Guide - Page 424
%11 IPv4 Address 172.16.100.61 Subnet Mask 255.255.255.0 Default Gateway fe80::213:49ff:feaa:7125%11 172.16.100.254 424 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 425
• Protocol: This is the type of IP protocol used by the service. If this is TCP/UDP, then the service uses the same port number with TCP and UDP. If this is explanation of the applications that use this service or the situations in which this service is used. SBG3300-N Series User's Guide 425 - ZyXEL SBG3300-N000 | User Guide - Page 426
Services this service. AOL's Internet Messenger service. Authentication service that matches web names (for instance www.zyxel.com ) to IP numbers. The IPSEC ESP (Encapsulation Security Protocol) tunneling protocol uses this service Networks' messenger service uses this protocol. The Network - ZyXEL SBG3300-N000 | User Guide - Page 427
secure transfer of data over public networks. This is the data channel. Remote Command Service. A streaming audio service that enables real time sound over the web. Remote Execution Daemon. Remote Login. Management Program. Traps for use with the SNMP (RFC:1215). SBG3300-N Series User's Guide 427 - ZyXEL SBG3300-N000 | User Guide - Page 428
, including mainframes, midrange systems, UNIX systems and network servers. The Simple Service Discovery Protocol supports Universal Plug-and-Play (UPnP). Secure Shell Remote Login Program. Stream Works solution. The UDP port number is specified in the application. 428 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 429
manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL the instructions, may product in the U.S.A. is firmware-limited to channels 1 through SBG3300-N Series User's Guide 429 - ZyXEL SBG3300-N000 | User Guide - Page 430
ções da Directiva 1999/5/EC. ZyXEL izjavlja, da je ta oprema v skladu z bistvenimi zahtevami in ostalimi relevantnimi določili direktive 1999/5/EC. ZyXEL týmto vyhlasuje, že zariadenia spĺňa základné požiadavky a všetky príslušné ustanovenia Smernice 1999/5/EC. 430 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 431
. The requirements for any country may evolve. ZyXEL recommends that you check with the local authorities for rieure à 300 mètres doivent être notifiées à l'Institut Belge des services Postaux et des Télécommunications (IBPT). Visitez http://www.ibpt.be pour de SBG3300-N Series User's Guide 431 - ZyXEL SBG3300-N000 | User Guide - Page 432
will step on them or stumble over them. • Always disconnect all cables from this device before servicing or disassembling. • Use ONLY an appropriate power adaptor or cord for your device. • Connect electrical and electronic equipment should be treated separately. 432 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 433
166 Auto Configuration Server, see ACS 331 B backup configuration 347 Basic Service Set, See BSS 403 Basic Service Set, see BSS blinking LEDs 20 Broadband 119 broadcast 145 BSS 168, 403 example 168 SBG3300-N Series User's Guide Index Index C CA 269, 409 Canonical Format Indicator See CFI CCMs - ZyXEL SBG3300-N000 | User Guide - Page 434
default server address 231 Denials of Service, see DoS DH 295 DHCP 178, 196 Differentiated Services, see DiffServ 218 Diffie-Hellman key firmware 345 version 115 forwarding ports 224 fragmentation threshold 161, 165, 406 FTP 224, 237 G General wireless LAN screen 148 Guide Quick Start 2 434 SBG3300 - ZyXEL SBG3300-N000 | User Guide - Page 435
see ILA interface group 243 Internet wizard setup 31 Internet access 18 wizard setup 31 Internet Key Exchange 291 Internet Protocol Service Provider, see ISP IP address 178, 197 ping 351 private 197 WAN 120 IP Address Assignment 144 IP alias NAT applications 237 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 436
235 ILA 235 inside 235 IPSec 292 local 235 outside 235 port forwarding 224 port number 237 services 237 SIP ALG 232 activation 232 traversal 293 NAT example 238 negotiation mode 291 436 Network Address PSK 411 push button 21 Push Button Configuration, see PBC SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 437
SBG3300-N Series User's Guide Index S security wireless LAN 165 security associations. See VPN. Security Log 309 Security Parameter Index, see SPI service access control 329 Service Set 150, 157 Services 237 setup example 199 static VLAN status 115 firmware version 115 LAN 116 WAN 116 wireless LAN 116 status - ZyXEL SBG3300-N000 | User Guide - Page 438
335 TPID 144 TR-069 331 ACS setup 331 authentication 332 transport mode 290 trTCM Plug and Play, see UPnP upgrading firmware 345 UPnP 184 cautions 179 example 185 278 IPSec 277 local network 277 remote IPSec router 277 remote network 277 security associations (SA) SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 439
170 push button 21, 169 wireless security 407 Wireless tutorial 40 wizard setup Internet 31 WLAN interference 405 security parameters 414 WPA 167, 411 key -PSK 411 application example 413 WPA-PSK 167, 411 SBG3300-N Series User's Guide application example 413 WPS 169, 171 example 172 limitations 174 - ZyXEL SBG3300-N000 | User Guide - Page 440
Index 440 SBG3300-N Series User's Guide - ZyXEL SBG3300-N000 | User Guide - Page 441
Index SBG3300-N Series User's Guide 441 - ZyXEL SBG3300-N000 | User Guide - Page 442
Index 442 SBG3300-N Series User's Guide
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
-
350
-
351
-
352
-
353
-
354
-
355
-
356
-
357
-
358
-
359
-
360
-
361
-
362
-
363
-
364
-
365
-
366
-
367
-
368
-
369
-
370
-
371
-
372
-
373
-
374
-
375
-
376
-
377
-
378
-
379
-
380
-
381
-
382
-
383
-
384
-
385
-
386
-
387
-
388
-
389
-
390
-
391
-
392
-
393
-
394
-
395
-
396
-
397
-
398
-
399
-
400
-
401
-
402
-
403
-
404
-
405
-
406
-
407
-
408
-
409
-
410
-
411
-
412
-
413
-
414
-
415
-
416
-
417
-
418
-
419
-
420
-
421
-
422
-
423
-
424
-
425
-
426
-
427
-
428
-
429
-
430
-
431
-
432
-
433
-
434
-
435
-
436
-
437
-
438
-
439
-
440
-
441
-
442
 |
 |
Quick Start Guide
www.zyxel.com
SBG3300-N Series
Wireless N VDSL2 Combo WAN Small Business Security Gateway
Version 1.00
Edition 1, 3/2013
Copyright © 2013 ZyXEL Communications Corporation
User’s Guide
Default Login Details
LAN IP Address
User Name
admin
Password
1234