Zyxel NBG4604 Router Manual PDF (Setup & Configuration Guide)

Page 71 / 268 Scroll up to view Page 66 - 70

NBG4604 User’s Guide

71

C

HAPTER

6

Wireless LAN

6.1

Overview

This chapter discusses how to configure the wireless network settings in your

NBG4604. See the appendices for more detailed information about wireless

networks.

The following figure provides an example of a wireless network.

Figure 43

Example of a Wireless Network

The wireless network is the part in the blue circle. In this wireless network,

devices

A

and

B

are called wireless clients. The wireless clients use the access

point (

AP

) to interact with other devices (such as the printer) or with the Internet.

Your NBG4604 is the AP.

Page 72 / 268

Chapter 6 Wireless LAN

NBG4604 User’s Guide

72

6.2

What You Can Do

•

Use the

General

screen (

Section 6.4 on page 75

) to enable the Wireless LAN,

enter the SSID and select the wireless security mode.

•

Use the

MAC Filter

screen (

Section 6.5 on page 81

) to allow or deny wireless

stations

based on their MAC addresses from connecting to the NBG4604.

•

Use the

Advanced

screen (

Section 6.6 on page 83

) to allow intra-BSS

networking and set the

RTS/CTS Threshold.

•

Use the

QoS

screen (

Section 6.7 on page 84

) to ensure Quality of Service (QoS)

in your wireless network.

•

Use the

WPS

screen (

Section 6.8 on page 87

) to quickly set up a wireless

network with strong security, without having to configure security settings

manually.

•

Use the

WPS Station

screen (

Section 6.9 on page 88

) to add a wireless station

using WPS.

•

Use the

Scheduling

screen (

Section 6.10 on page 89

) to set the times your

wireless LAN is turned on and off.

•

Use the

WDS

screen (

Section 6.11 on page 90

) to set the operating mode of

your NBG4604 to

AP + Bridge

or

Bridge Only

and establish wireless links with

other APs.

6.3

What You Should Know

Every wireless network must follow these basic guidelines.

•

Every wireless client in the same wireless network must use the same SSID.

The SSID is the name of the wireless network. It stands for Service Set IDentity.

•

If two wireless networks overlap, they should use different channels.

Like radio stations or television channels, each wireless network uses a specific

channel, or frequency, to send and receive information.

•

Every wireless client in the same wireless network must use security compatible

with the AP.

Security stops unauthorized devices from using the wireless network. It can also

protect the information that is sent in the wireless network.

6.3.1

Wireless Security Overview

The following sections introduce different types of wireless security you can set up

in the wireless network.

Page 73 / 268

Chapter 6 Wireless LAN

NBG4604 User’s Guide

73

6.3.1.1

SSID

Normally, the AP acts like a beacon and regularly broadcasts the SSID in the area.

You can hide the SSID instead, in which case the AP does not broadcast the SSID.

In addition, you should change the default SSID to something that is difficult to

guess.

This type of security is fairly weak, however, because there are ways for

unauthorized devices to get the SSID. In addition, unauthorized devices can still

see the information that is sent in the wireless network.

6.3.1.2

MAC Address Filter

Every wireless client has a unique identification number, called a MAC address.

1

A

MAC address is usually written using twelve hexadecimal characters

2

; for

example, 00A0C5000002 or 00:A0:C5:00:00:02. To get the MAC address for each

wireless client, see the appropriate User’s Guide or other documentation.

You can use the MAC address filter to tell the AP which wireless clients are allowed

or not allowed to use the wireless network. If a wireless client is allowed to use the

wireless network, it still has to have the correct settings (SSID, channel, and

security). If a wireless client is not allowed to use the wireless network, it does not

matter if it has the correct settings.

This type of security does not protect the information that is sent in the wireless

network. Furthermore, there are ways for unauthorized devices to get the MAC

address of an authorized wireless client. Then, they can use that MAC address to

use the wireless network.

6.3.1.3

User Authentication

You can make every user log in to the wireless network before they can use it.

This is called user authentication. However, every wireless client in the wireless

network has to support IEEE 802.1x to do this.

For wireless networks, there are two typical places to store the user names and

passwords for each user.

•

In the AP: this feature is called a local user database or a local database.

•

In a RADIUS server: this is a server used in businesses more than in homes.

If your AP does not provide a local user database and if you do not have a RADIUS

server, you cannot set up user names and passwords for your users.

1.

Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks.

These kinds of wireless devices might not have MAC addresses.

2.

Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F.

Page 74 / 268

Chapter 6 Wireless LAN

NBG4604 User’s Guide

74

Unauthorized devices can still see the information that is sent in the wireless

network, even if they cannot use the wireless network. Furthermore, there are

ways for unauthorized wireless users to get a valid user name and password.

Then, they can use that user name and password to use the wireless network.

Local user databases also have an additional limitation that is explained in the

next section.

6.3.1.4

Encryption

Wireless networks can use encryption to protect the information that is sent in the

wireless network. Encryption is like a secret code. If you do not know the secret

code, you cannot understand the message.

The types of encryption you can choose depend on the type of user

authentication. (See

Section 6.3.1.3 on page 73

for information about this.)

For example if the wireless network has a RADIUS server, you can choose

WPA

or

WPA2

. If users do not log in to the wireless network, you can choose no

encryption,

Static WEP

,

WPA-PSK

, or

WPA2-PSK

.

Usually, you should set up the strongest encryption that every wireless client in

the wireless network supports. For example, suppose the AP does not have a local

user database, and you do not have a RADIUS server. Therefore, there is no user

authentication. Suppose the wireless network has two wireless clients. Device A

only supports WEP, and device B supports WEP and WPA. Therefore, you should

set up

Static WEP

in the wireless network.

Note: It is recommended that wireless networks use WPA-PSK, WPA, or stronger

encryption. IEEE 802.1x and WEP encryption are better than none at all, but it

is still possible for unauthorized devices to figure out the original information

pretty quickly.

Note: It is not possible to use WPA-PSK, WPA or stronger encryption with a local user

database. In this case, it is better to set up stronger encryption with no

authentication than to set up weaker encryption with the local user database.

When you select

WPA2

or

WPA2-PSK

in your NBG4604, you can also select an

option (

WPA Compatible

) to support WPA as well. In this case, if some wireless

clients support WPA and some support WPA2, you should set up

WPA2-PSK

or

Table 24

Types of Encryption for Each Type of Authentication

NO AUTHENTICATION

RADIUS SERVER

Weakest

No Security

WPA

Static WEP

WPA-PSK

Strongest

WPA2-PSK

WPA2

Page 75 / 268

Chapter 6 Wireless LAN

NBG4604 User’s Guide

75

WPA2

(depending on the type of wireless network login) and select the

WPA

Compatible

option in the NBG4604.

Many types of encryption use a key to protect the information in the wireless

network. The longer the key, the stronger the encryption. Every wireless client in

the wireless network must have the same key.

6.3.1.5

WPS

WiFi Protected Setup (WPS) is an industry standard specification, defined by the

WiFi Alliance. WPS allows you to quickly set up a wireless network with strong

security, without having to configure security settings manually. Depending on the

devices in your network, you can either press a button (on the device itself, or in

its configuration utility) or enter a PIN (Personal Identification Number) in the

devices. Then, they connect and set up a secure network by themselves. See how

to set up a secure wireless network using WPS in the

Section 5.2.1 on page 57

.

6.4

General Wireless LAN Screen

Use this screen to enable the Wireless LAN, enter the SSID and select the wireless

security mode.

Note: If you are configuring the NBG4604 from a computer connected to the wireless

LAN and you change the NBG4604’s SSID, channel or security settings, you

will lose your wireless connection when you press

Apply

to confirm. You must

then change the wireless settings of your computer to match the NBG4604’s

new settings.

Click

Network

>

Wireless LAN

to open the

General

screen.

Figure 44

Network > Wireless LAN > General

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share