Zyxel NBG6716 Router Manual PDF (Setup & Configuration Guide)

Home

Manuals

Zyxel

NBG6716

Page 81 / 229 Scroll up to view Page 76 - 80

Chapter 10 WAN

NBG6716 User’s Guide

Figure 52

Network > WAN > Advanced

The following table describes the labels in this screen.

Table 29

Network > WAN > Advanced

LABEL

DESCRIPTION

Multicast Setup

Multicast

Select

IGMPv1/v2

to enable multicasting. This applies to traffic routed from the

WAN to the LAN.

Select

None

to disable this feature. This may cause incoming traffic to be dropped or

sent to all connected network devices.

Auto-Subnet Configuration

Enable Auto-IP-

Change mode

Select this option to have the NBG6716 change its LAN IP address to 10.0.0.1 or

192.168.1.1 accordingly when the NBG6716 gets a dynamic WAN IP address in the

same subnet as the LAN IP address 192.168.1.1 or 10.0.0.1.

The NAT, DHCP server and firewall functions on the NBG6716 are still available in this

mode.

Apply

Click

Apply

to save your changes back to the NBG6716.

Cancel

Click

Cancel

to begin configuring this screen afresh.

Page 82 / 229

NBG6716 User’s Guide

HAPTER

Wireless LAN

11.1

Overview

This chapter discusses how to configure the wireless network settings in your NBG6716. The

NBG6716 is able to function both 2.4GHz and 5GHz network at the same time. You can have

different wireless and wireless security settings for 2.4GHz and 5GHz wireless LANs. Click

Configuration > Network > Wireless LAN 2.4G

Wireless LAN 5G

to configure to do so.

See the appendices for more detailed information about wireless networks.

The following figure provides an example of a wireless network.

Figure 53

Example of a Wireless Network

The wireless network is the part in the blue circle. In this wireless network, devices

and

are

called wireless clients. The wireless clients use the access point (AP) to interact with other devices

(such as the printer) or with the Internet. Your NBG6716 is the AP.

Page 83 / 229

Chapter 11 Wireless LAN

NBG6716 User’s Guide

11.1.1

What You Can Do

•

Use the

General

screen to turn the wireless connection on or off, set up wireless security

between the NBG6716 and the wireless clients, and make other basic configuration changes

(

Section 11.2 on page 87

•

Use the

More AP

screen to set up multiple wireless networks on your NBG6716 (

Section 11.4 on

page 95

•

Use the

MAC Filter

screen to allow or deny wireless stations based on their MAC addresses from

connecting to the NBG6716 (

Section 11.5 on page 98

•

Use the

Advanced

screen to allow intra-BSS networking and set the RTS/CTS Threshold (

Section

11.6 on page 100

•

Use the

QoS

screen to ensure Quality of Service (QoS) in your wireless network (

Section 11.7 on

page 100

•

Use the

WPS

screen to quickly set up a wireless network with strong security, without having to

configure security settings manually (

Section 11.8 on page 101

•

Use the

WPS Station

screen to add a wireless station using WPS (

Section 11.9 on page 103

•

Use the

Scheduling

screen to set the times your wireless LAN is turned on and off (

Section

11.10 on page 103

11.1.2

What You Should Know

Every wireless network must follow these basic guidelines.

•

Every wireless client in the same wireless network must use the same SSID.

The SSID is the name of the wireless network. It stands for Service Set IDentity.

•

If two wireless networks overlap, they should use different channels.

Like radio stations or television channels, each wireless network uses a specific channel, or

frequency, to send and receive information.

•

Every wireless client in the same wireless network must use security compatible with the AP.

Security stops unauthorized devices from using the wireless network. It can also protect the

information that is sent in the wireless network.

Wireless Security Overview

The following sections introduce different types of wireless security you can set up in the wireless

network.

SSID

Normally, the AP acts like a beacon and regularly broadcasts the SSID in the area. You can hide the

SSID instead, in which case the AP does not broadcast the SSID. In addition, you should change

the default SSID to something that is difficult to guess.

This type of security is fairly weak, however, because there are ways for unauthorized devices to

get the SSID. In addition, unauthorized devices can still see the information that is sent in the

wireless network.

Page 84 / 229

Chapter 11 Wireless LAN

NBG6716 User’s Guide

MAC Address Filter

Every wireless client has a unique identification number, called a MAC address.

A MAC address is

usually written using twelve hexadecimal characters

; for example, 00A0C5000002 or

00:A0:C5:00:00:02. To get the MAC address for each wireless client, see the appropriate User’s

Guide or other documentation.

You can use the MAC address filter to tell the AP which wireless clients are allowed or not allowed to

use the wireless network. If a wireless client is allowed to use the wireless network, it still has to

have the correct settings (SSID, channel, and security). If a wireless client is not allowed to use the

wireless network, it does not matter if it has the correct settings.

This type of security does not protect the information that is sent in the wireless network.

Furthermore, there are ways for unauthorized devices to get the MAC address of an authorized

wireless client. Then, they can use that MAC address to use the wireless network.

User Authentication

You can make every user log in to the wireless network before they can use it. This is called user

authentication. However, every wireless client in the wireless network has to support IEEE 802.1x

to do this.

For wireless networks, there are two typical places to store the user names and passwords for each

user.

•

In the AP: this feature is called a local user database or a local database.

•

In a RADIUS server: this is a server used in businesses more than in homes.

If your AP does not provide a local user database and if you do not have a RADIUS server, you

cannot set up user names and passwords for your users.

Unauthorized devices can still see the information that is sent in the wireless network, even if they

cannot use the wireless network. Furthermore, there are ways for unauthorized wireless users to

get a valid user name and password. Then, they can use that user name and password to use the

wireless network.

Local user databases also have an additional limitation that is explained in the next section.

Encryption

Wireless networks can use encryption to protect the information that is sent in the wireless

network. Encryption is like a secret code. If you do not know the secret code, you cannot

understand the message.

Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks. These kinds

of wireless devices might not have MAC addresses.

Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F.

Page 85 / 229

Chapter 11 Wireless LAN

NBG6716 User’s Guide

The types of encryption you can choose depend on the type of user authentication. (See

page 84

for information about this.)

For example, if the wireless network has a RADIUS server, you can choose

WPA

WPA2

. If users

do not log in to the wireless network, you can choose no encryption,

Static WEP

WPA-PSK

, or

WPA2-PSK

Usually, you should set up the strongest encryption that every wireless client in the wireless

network supports. For example, suppose the AP does not have a local user database, and you do

not have a RADIUS server. Therefore, there is no user authentication. Suppose the wireless network

has two wireless clients. Device A only supports WEP, and device B supports WEP and WPA.

Therefore, you should set up

Static WEP

in the wireless network.

Note: It is recommended that wireless networks use

WPA-PSK

WPA

, or stronger

encryption. IEEE 802.1x and WEP encryption are better than none at all, but it is

still possible for unauthorized devices to figure out the original information pretty

quickly.

Note: It is not possible to use

WPA-PSK

WPA

or stronger encryption with a local user

database. In this case, it is better to set up stronger encryption with no

authentication than to set up weaker encryption with the local user database.

When you select

WPA2

WPA2-PSK

in your NBG6716, you can also select an option (

WPA

WPA-PSK Compatible

) to support WPA/WPA-PSK as well. In this case, if some wireless clients

support WPA and some support WPA2, you should set up

WPA2-PSK

WPA2

(depending on the

type of wireless network login) and select the

WPA

WPA-PSK Compatible

option in the

NBG6716.

Many types of encryption use a key to protect the information in the wireless network. The longer

the key, the stronger the encryption. Every wireless client in the wireless network must have the

same key.

Guest WLAN

Guest WLAN allows you to set up a wireless network where users can access to Internet via the

NBG6716 (

), but not other networks connected to the

. In the following figure, a guest user can

access the Internet from the guest wireless network

via

but not the home or company network

Note: The home or company network

and Guest WLAN network are independent

networks.

Note: Only Router mode supports guest WLAN.

Table 30

Types of Encryption for Each Type of Authentication

NO AUTHENTICATION

RADIUS SERVER

Weakest

No Security

WPA

Static WEP

WPA-PSK

Strongest

WPA2-PSK

WPA2

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share