Home » ZyXEL Manuals » Wireless » ZyXEL VMG4825 » Manual Viewer

ZyXEL VMG4825 User Guide - Page 101

MAC Address Filter

Add to My Manuals
Save this manual to your list of manuals

Page 101 highlights

Chapter 7 Wireless people with the code key can understand the information, and only people who have been authenticated are given the code key. These security standards vary in effectiveness. Some can be broken, such as the old Wired Equivalent Protocol (WEP). Using WEP is better than using no security at all, but it will not keep a determined attacker out. Other security standards are secure in themselves but can be broken if a user does not use them properly. For example, the WPA-PSK security standard is very secure if you use a long key which is difficult for an attacker's software to guess - for example, a twenty-letter long string of apparently random numbers and letters - but it is not very secure if you use a short key which is very easy to guess - for example, a three-letter word from the dictionary. Because of the damage that can be done by a malicious attacker, it's not just people who have sensitive information on their network who should use security. Everybody who uses any wireless network should ensure that effective security is in place. A good way to come up with effective security keys, passwords and so on is to use obscure information that you personally will easily remember, and to enter it in a way that appears random and does not include real words. For example, if your mother owns a 1970 Dodge Challenger and her favorite movie is Vanishing Point (which you know was made in 1971) you could use "70dodchal71vanpoi" as your security key. The following sections introduce different types of wireless security you can set up in the wireless network. 7.9.3.1 SSID Normally, the VMG acts like a beacon and regularly broadcasts the SSID in the area. You can hide the SSID instead, in which case the VMG does not broadcast the SSID. In addition, you should change the default SSID to something that is difficult to guess. This type of security is fairly weak, however, because there are ways for unauthorized wireless devices to get the SSID. In addition, unauthorized wireless devices can still see the information that is sent in the wireless network. 7.9.3.2 MAC Address Filter Every device that can use a wireless network has a unique identification number, called a MAC address.1 A MAC address is usually written using twelve hexadecimal characters2; for example, 00A0C5000002 or 00:A0:C5:00:00:02. To get the MAC address for each device in the wireless network, see the device's User's Guide or other documentation. You can use the MAC address filter to tell the VMG which devices are allowed or not allowed to use the wireless network. If a device is allowed to use the wireless network, it still has to have the correct information (SSID, channel, and security). If a device is not allowed to use the wireless network, it does not matter if it has the correct information. This type of security does not protect the information that is sent in the wireless network. Furthermore, there are ways for unauthorized wireless devices to get the MAC address of an authorized device. Then, they can use that MAC address to use the wireless network. 1. Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks. These kinds of wireless devices might not have MAC addresses. 2. Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F. VMG4825-B10A User's Guide 101

Section	Page
VMG4825-B10A	1
Contents Overview	3
Table of Contents	5
User’s Guide	14
Introducing the VMG	15
1.1 Overview	15
1.2 Ways to Manage the VMG	15
1.3 Good Habits for Managing the VMG	15
1.4 Applications for the VMG	16
1.4.1 Internet Access	16
1.4.2 VMG’s USB Support	17
1.5 LEDs (Lights)	18
1.6 The RESET Button	20
1.7 Wireless Access	20
1.7.1 Using the WPS Button	20
The Web Configurator	22
2.1 Overview	22
2.1.1 Accessing the Web Configurator	22
2.2 Web Configurator Layout	24
2.2.1 Title Bar	24
2.2.2 Navigation Panel	25
Quick Start	29
3.1 Overview	29
3.2 Quick Start Setup	29
Tutorials	32
4.1 Overview	32
4.2 Setting Up an ADSL PPPoE Connection	32
4.3 Setting Up a Secure Wireless Network	35
4.3.1 Configuring the Wireless Network Settings	35
4.3.2 Using WPS	37
4.3.3 Without WPS	41
4.4 Setting Up Multiple Wireless Groups	42
4.5 Configuring Static Route for Routing to Another Network	45
4.6 Configuring QoS Queue and Class Setup	47
4.7 Access the VMG Using DDNS	51
4.7.1 Registering a DDNS Account on www.dyndns.org	51
4.7.2 Configuring DDNS on Your VMG	52
4.7.3 Testing the DDNS Setting	52
4.8 Configuring the MAC Address Filter	52
4.9 Access Your Shared Files From a Computer	53
Technical Reference	55
Network Map and Status Screens	56
5.1 Overview	56
5.2 The Network Map Screen	56
5.3 The Status Screen	57
Broadband	61
6.1 Overview	61
6.1.1 What You Can Do in this Chapter	61
6.1.2 What You Need to Know	62
6.1.3 Before You Begin	64
6.2 The Broadband Screen	65
6.2.1 Add/Edit Internet Connection	65
6.3 The Advanced Screen	74
6.4 The Ethernet WAN Screen	76
6.5 The 802.1x Screen	77
6.5.1 Modify 802.1X Settings	78
6.6 Technical Reference	78
Wireless	84
7.1 Overview	84
7.1.1 What You Can Do in this Chapter	84
7.1.2 What You Need to Know	84
7.2 The General Screen	85
7.2.1 No Security	87
7.2.2 Basic (WEP Encryption)	87
7.2.3 More Secure (WPA(2)-PSK)	88
7.3 The Guest/More AP Screen	90
7.3.1 Edit Guest/More AP	90
7.4 MAC Authentication	92
7.5 The WPS Screen	93
7.6 The WMM Screen	95
7.7 The Others Screen	96
7.8 The Channel Status Screen	98
7.9 Technical Reference	98
7.9.1 Wireless Network Overview	98
7.9.2 Additional Wireless Terms	100
7.9.3 Wireless Security Overview	100
7.9.4 Signal Problems	103
7.9.5 BSS	103
7.9.6 MBSSID	104
7.9.7 Preamble Type	104
7.9.8 WiFi Protected Setup (WPS)	104
Home Networking	111
8.1 Overview	111
8.1.1 What You Can Do in this Chapter	111
8.1.2 What You Need To Know	112
8.1.3 Before You Begin	113
8.2 The LAN Setup Screen	113
8.3 The Static DHCP Screen	117
8.4 The UPnP Screen	118
8.4.1 Turning On UPnP in Windows 7 Example	119
8.5 The Additional Subnet Screen	121
8.6 The STB Vendor ID Screen	122
8.7 The Wake on LAN Screen	122
8.8 The TFTP Server Name Screen	123
8.9 Technical Reference	123
8.9.1 LANs, WANs and the VMG	123
8.9.2 DHCP Setup	124
8.9.3 DNS Server Addresses	124
8.9.4 LAN TCP/IP	125
Routing	127
9.1 Overview	127
9.2 The Routing Screen	127
9.2.1 Add/Edit Static Route	128
9.3 The DNS Route Screen	129
9.3.1 The DNS Route Add Screen	130
9.4 The Policy Route Screen	130
9.4.1 Add/Edit Policy Route	132
9.5 RIP	133
9.5.1 The RIP Screen	133
Quality of Service (QoS)	134
10.1 Overview	134
10.1.1 What You Can Do in this Chapter	134
10.2 What You Need to Know	135
10.3 The Quality of Service General Screen	136
10.4 The Queue Setup Screen	137
10.4.1 Adding a QoS Queue	139
10.5 The Classification Setup Screen	140
10.5.1 Add/Edit QoS Class	140
10.6 The QoS Shaper Setup Screen	144
10.6.1 Add/Edit a QoS Shaper	145
10.7 The QoS Policer Setup Screen	145
10.7.1 Add/Edit a QoS Policer	146
10.8 Technical Reference	147
Network Address Translation (NAT)	152
11.1 Overview	152
11.1.1 What You Can Do in this Chapter	152
11.1.2 What You Need To Know	152
11.2 The Port Forwarding Screen	153
11.2.1 Add/Edit Port Forwarding	155
11.3 The Applications Screen	156
11.3.1 Add New Application	157
11.4 The Port Triggering Screen	157
11.4.1 Add/Edit Port Triggering Rule	159
11.5 The DMZ Screen	160
11.6 The ALG Screen	161
11.7 The Address Mapping Screen	161
11.7.1 Add/Edit Address Mapping Rule	162
11.8 The Sessions Screen	163
11.9 Technical Reference	164
11.9.1 NAT Definitions	164
11.9.2 What NAT Does	164
11.9.3 How NAT Works	165
11.9.4 NAT Application	165
Dynamic DNS Setup	168
12.1 Overview	168
12.1.1 What You Can Do in this Chapter	168
12.1.2 What You Need To Know	168
12.2 The DNS Entry Screen	169
12.2.1 Add/Edit DNS Entry	169
12.3 The Dynamic DNS Screen	170
VLAN Group	172
13.1 Overview	172
13.1.1 What You Can Do in this Chapter	172
13.2 The VLAN Group Screen	172
13.2.1 Add/Edit a VLAN Group	173
Interface Grouping	174
14.1 Overview	174
14.1.1 What You Can Do in this Chapter	174
14.2 The Interface Grouping Screen	174
14.2.1 Interface Group Configuration	175
14.2.2 Interface Grouping Criteria	177
USB Service	179
15.1 Overview	179
15.1.1 What You Can Do in this Chapter	179
15.1.2 What You Need To Know	179
15.1.3 Before You Begin	180
15.2 The File Sharing Screen	180
15.2.1 The Add New User Screen	181
15.3 The Media Server Screen	182
Firewall	184
16.1 Overview	184
16.1.1 What You Can Do in this Chapter	184
16.1.2 What You Need to Know	185
16.2 The Firewall Screen	185
16.3 The Protocol Screen	186
16.3.1 Add/Edit a Service	187
16.4 The Access Control Screen	188
16.4.1 Add/Edit an ACL Rule	188
16.5 The DoS Screen	190
MAC Filter	191
17.1 Overview	191
17.2 The MAC Filter Screen	191
Parental Control	193
18.1 Overview	193
18.2 The Parental Control Screen	193
18.2.1 Add/Edit a Parental Control Profile	194
Scheduler Rule	197
19.1 Overview	197
19.2 The Scheduler Rule Screen	197
19.2.1 Add/Edit a Schedule	197
Certificates	199
20.1 Overview	199
20.1.1 What You Can Do in this Chapter	199
20.2 What You Need to Know	199
20.3 The Local Certificates Screen	199
20.3.1 Create Certificate Request	200
20.3.2 Load Signed Certificate	202
20.4 The Trusted CA Screen	203
20.4.1 View Trusted CA Certificate	203
20.4.2 Import Trusted CA Certificate	204
Log	206
21.1 Overview	206
21.1.1 What You Can Do in this Chapter	206
21.1.2 What You Need To Know	206
21.2 The System Log Screen	207
21.3 The Security Log Screen	207
Traffic Status	209
22.1 Overview	209
22.1.1 What You Can Do in this Chapter	209
22.2 The WAN Status Screen	209
22.3 The LAN Status Screen	210
22.4 The NAT Status Screen	211
ARP Table	212
23.1 Overview	212
23.1.1 How ARP Works	212
23.2 ARP Table Screen	212
Routing Table	214
24.1 Overview	214
24.2 The Routing Table Screen	214
Multicast Status	216
25.1 Overview	216
25.2 The IGMP Status Screen	216
25.3 The MLD Status Screen	216
xDSL Statistics	218
26.1 The xDSL Statistics Screen	218
System	221
27.1 Overview	221
27.2 The System Screen	221
User Account	222
28.1 Overview	222
28.2 The User Account Screen	222
28.2.1 The User Account Add/Edit Screen	222
Remote Management	224
29.1 Overview	224
29.2 The MGMT Services Screen	224
29.3 The Trust Domain Screen	225
29.3.1 The Add Trust Domain Screen	225
SNMP	227
30.1 Overview	227
30.2 The SNMP Screen	227
Time Settings	229
31.1 Overview	229
31.2 The Time Screen	229
E-mail Notification	231
32.1 Overview	231
32.2 The E-mail Notification Screen	231
32.2.1 E-mail Notification Edit	231
Log Setting	233
33.1 Overview	233
33.2 The Log Settings Screen	233
33.2.1 Example E-mail Log	234
Firmware Upgrade	236
34.1 Overview	236
34.2 The Firmware Screen	236
Backup/Restore	238
35.1 Overview	238
35.2 The Backup/Restore Screen	238
35.3 The Reboot Screen	240
Diagnostic	241
36.1 Overview	241
36.1.1 What You Can Do in this Chapter	241
36.2 What You Need to Know	241
36.3 Ping & TraceRoute & NsLookup	242
36.4 802.1ag	242
36.5 OAM Ping	243
Troubleshooting	246
37.1 Power, Hardware Connections, and LEDs	246
37.2 VMG Access and Login	247
37.3 Internet Access	249
37.4 Wireless Internet Access	250
37.5 USB Device Connection	251
37.6 UPnP	251
Appendices	252
Customer Support	253
Wireless LANs	259
IPv6	272
Services	280
Legal Information	284

Match case Limit results 1 per page

Chapter 7 Wireless

VMG4825-B10A User’s Guide

101

people with the code key can understand the information, and only people who have been

authenticated are given the code key.

These security standards vary in effectiveness. Some can be broken, such as the old Wired

Equivalent Protocol (WEP). Using WEP is better than using no security at all, but it will not keep a

determined attacker out. Other security standards are secure in themselves but can be broken if a

user does not use them properly. For example, the WPA-PSK security standard is very secure if you

use a long key which is difficult for an attacker’s software to guess - for example, a twenty-letter

long string of apparently random numbers and letters - but it is not very secure if you use a short

key which is very easy to guess - for example, a three-letter word from the dictionary.

Because of the damage that can be done by a malicious attacker, it’s not just people who have

sensitive information on their network who should use security. Everybody who uses any wireless

network should ensure that effective security is in place.

A good way to come up with effective security keys, passwords and so on is to use obscure

information that you personally will easily remember, and to enter it in a way that appears random

and does not include real words. For example, if your mother owns a 1970 Dodge Challenger and

her favorite movie is Vanishing Point (which you know was made in 1971) you could use

“70dodchal71vanpoi” as your security key.

The following sections introduce different types of wireless security you can set up in the wireless

network.

7.9.3.1

SSID

Normally, the VMG acts like a beacon and regularly broadcasts the SSID in the area. You can hide

the SSID instead, in which case the VMG does not broadcast the SSID. In addition, you should

change the default SSID to something that is difficult to guess.

This type of security is fairly weak, however, because there are ways for unauthorized wireless

devices to get the SSID. In addition, unauthorized wireless devices can still see the information that

is sent in the wireless network.

7.9.3.2

MAC Address Filter

Every device that can use a wireless network has a unique identification number, called a MAC

address.

A MAC address is usually written using twelve hexadecimal characters

; for example,

00A0C5000002 or 00:A0:C5:00:00:02. To get the MAC address for each device in the wireless

network, see the device’s User’s Guide or other documentation.

You can use the MAC address filter to tell the VMG which devices are allowed or not allowed to use

the wireless network. If a device is allowed to use the wireless network, it still has to have the

correct information (SSID, channel, and security). If a device is not allowed to use the wireless

network, it does not matter if it has the correct information.

This type of security does not protect the information that is sent in the wireless network.

Furthermore, there are ways for unauthorized wireless devices to get the MAC address of an

authorized device. Then, they can use that MAC address to use the wireless network.

Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks. These kinds

of wireless devices might not have MAC addresses.

Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F.