CBIG 4131 User Guide
CBIG 4131 User Guide
CBIG 4131 User Guide
Table of Contents
iii
Table of Contents
Reports ....................................................................................................................... 39
Advanced Configuration .............................................................................................. 40
Port Configuration for Applications and Services................................................... 40
Issue ....................................................................................................................... 40
Solutions ................................................................................................................ 41
UPnP (Universal Plug and Play) ............................................................................... 41
Supported Operating Systems ............................................................................. 42
UPnP and the Gateway.......................................................................................... 42
How to use UPnP to Access Your Gateway on Windows 7/Vista ...................... 43
How to use UPnP to access your Gateway on Windows XP .............................. 43
Port Forwarding ......................................................................................................... 43
Use a Reserved IP Address .................................................................................. 43
Port triggering ............................................................................................................ 44
Port Filtering .............................................................................................................. 45
Configure a DMZ Host ............................................................................................... 46
Application Tab/DMZ ............................................................................................. 46
Dynamic DNS ............................................................................................................. 47
Assigning a Reserved IP (static IP) to a Device....................................................... 48
Support.......................................................................................................................... 50
Wireless Connection Troubleshooting..................................................................... 50
No Wireless Connectivity...................................................................................... 50
Poor Wireless Connectivity or Range .................................................................. 50
Change the Wireless Channel .............................................................................. 51
Make Sure That the Wireless Access Point Is Enabled ...................................... 51
Cannot Connect via WPS ...................................................................................... 52
Network Diagnostic Tools ......................................................................................... 52
Gateway Reboot and Reset Options ........................................................................ 54
Reset/Restore the Gateway via the Reset Button ............................................... 55
About this Setup and User Guide
Used symbols
Danger: The danger symbol indicates there may be a possibility of physical injury.
Note: The note symbol indicates that the text provides additional information about
a topic.
Getting Started
Introduction
This chapter provides a brief overview of the main features and components of the Gateway.
After this chapter, we will start with the installation.
Danger: Do not connect any cables to the Gateway until instructed to do so.
Features at a Glance
The Technicolor CGA4131 offers the following features:
• Compliance with DOCSIS 3.0 and 3.1 standards to deliver high-end performance and
reliability
• High performance Broadband Internet Connectivity
• Eight-line embedded digital voice adapter for wired telephony or fax service
• Two 802.11 Wi-Fi radios for dual-band concurrent operation, with up to eight SSIDs per
radio
• Eight IEEE 802.3 10/100/1000 Base-T Gigabit Ethernet LAN ports
• Wi-Fi Protected Setup™ (WPS) support with hardware push button for simplified and
secure wireless setup
• User configurable access control and firewall settings
• Compact design allows for horizontal or wall-mounted operation
• Color coded interface ports and corresponding cables to simplify installation and setup
• Front panel LEDs show operational status
• Optional battery backup with 8 hours standby and 5 hours talk time.
• IPv6 DS-Lite enabled
Front Panel
Front Panel View and LED Operations
The following images represent the front panel view of the CGA4131.
Figure 1: Front Panel
State Description
Solid on The port is connected.
Off The port is not connected
Blinking Data is being transferred
State Description
Solid on Telephone line is registered successfully with the call manager
Blinking Telephone line has either gone off-hook or is in active call
Off Telephone line is not registered with the call manager
WPS (Item W)
The LED blinks when the WPS button is pressed. It will blink for 2 minutes or until the wireless
client Wi-Fi is connected to the gateway, whichever is earlier. The LED will then turn solid
white for 2 minutes and will turn Off thereafter.
For more information about WPS, see How to Connect Your Wireless Client Via WPS.
State Description
Blinking WPS Process initialized (lasts for 2 minutes)
Off No WPS activity
Rear panel
The following image shows the back-panel view of the CGA4131.
Figure 3: Rear Panel View
Bottom Panel
Figure 4 shows the CGA4131 bottom panel and Battery Compartment with door on (Item A).
Danger: Do not remove the battery unless instructed by your service provider.
Wired Connection
If you want to connect a computer using a wired connection, your computer must be equipped
with an Ethernet Network Interface Card (NIC).
Setup
Complete the following to set up the Gateway:
• Connect your Gateway to your service provider’s network. For more information, see
Connect the Gateway to Your Service Provider’s Network.
• Power on the Gateway. For more information, see Power on the Gateway.
• Connect your wired devices to the Gateway. For more information, see Connect Your
Wired Devices.
• Connect your wireless devices to the Gateway. For more information, see Connect Your
Wireless Devices.
• Connect your phones. For more information, see How to Connect Your Phone.
After completing the setup procedure, the Gateway is ready for use. Optionally, you can further
configure the Gateway to your needs (for example, change the wireless security) using the
Gateway’s Admin Tool. For more information, see Admin Tool.
Cable
4. Wait at least two minutes to allow the Gateway to complete the startup phase.
Figure 6: Back Panel – Power Port
Requirements
• Both your network device (for example, a computer, a point of sale terminal, etc.) and
Gateway must have a free Ethernet port.
• Your network device must be configured to obtain an IP address automatically. This is
the default setting.
Procedure
Important: It is recommended to use Category 5e or Category 6 Ethernet cables
with the Gateway.
1. lug one end of the Ethernet cable into one of the RJ-45 Ethernet ports on the back of the
Gateway (see Figure 7).
2. Plug the other end of the Ethernet cable into the Ethernet port of your network device.
3. Your network device is now connected to your network. Use the same procedure to
connect other Ethernet devices (computers, network printers and so on).
Caution: If you want to connect your wireless client to the 5 GHz access point,
make sure that your wireless client supports 5 GHz connections.
Requirements
• Your wireless client must support WPS. Check the documentation of your wireless client
for this.
• Your Gateway must use WPA/WPA2-PSK (TKIP/AES) encryption (default encryption) or
WPA2-PSK (AES) encryption.
WPS methods
The following WPS methods are supported by your Gateway:
• Push Button Configuration (PBC): Place both the wireless client and the Gateway in
registration mode by pushing a hardware or software button.
• PIN code entry on the wireless client: Enter the Gateway’s WPS PIN code on the
wireless client. For more information, see How to Start a WPS Session.
• PIN code entry on the Gateway: Enter the wireless client’s WPS PIN code on the
Admin Tool. For more information, see How to Start a WPS Session.
The Gateway is now exchanging the security settings with the wireless client. Your wireless
client will prompt you when it is connected to the access point.
Troubleshooting
If you are having trouble connecting your wireless client via WPS, this may be caused by one
of the following reasons:
• WPS cannot be correctly executed: Configure your wireless manually. For more
information, see How to Manually Connect Your Wireless Client.
• Your wireless client is out of range: If possible, move your wireless client closer to your
Gateway or use a wireless repeater to extend the range of your wireless network.
Procedure
If you want to connect a computer using the wireless network, configure the wireless client on
your computer with the wireless settings printed on the Gateway's back panel label.
The Gateway’s back panel contains two items needed to establish a Wi-Fi connection:
• SSID (“Network Name”) is the name of the network. Either the 2.4GHz or 5GHz network
name can be used.
• Passphrase is the password used for the network name selected.
To configure these settings on:
• Windows 10, proceed with How to Connect Your Computer on Windows 10.
• Windows 8, proceed with How to Connect Your Computer on Windows 8.
• Windows 7, proceed with How to Connect Your Computer on Windows 7.
• Windows Vista, proceed with How to Connect Your Computer on Windows Vista.
• Windows XP, proceed with How to Connect Your Computer on Windows XP
• Mac OS X, proceed with How to Connect Your Computer on Mac OS X.
• On another operating system, consult the help of your wireless client or operating
system.
2. Double-click the Gateway’s Network Name (SSID). Use the Gateway’s Network Name
(SSID) as printed on the bottom panel label. For more information, see Bottom Panel.
Result: Windows prompts you to enter the security key (see Figure 10).
3. Type the Passphrase from the Gateway's bottom panel label in the Enter the network
security key box and click Next.
Result: Windows prompts you if it should turn on sharing.
Figure 10: Enter Network Security Key
2. Double-click the Gateway’s Network Name (SSID). Use the Gateway Network Name as
listed on the Gateway's back panel label.
Result: Windows prompts you to enter the security key (see Figure 10).
3. Type the Passphrase from the Gateway's bottom panel label in the Enter the network
security key box and click Next.
Result: Windows prompts you if it should turn on sharing.
4. Click Yes to turn on sharing.
2. Double-click the Gateway’s Network Name (SSID). The Gateway’s Network Name (SSID)
is listed on the Gateway's back panel label.
Result: Windows prompts you to enter the network security key.
3. Type the Passphrase from the Gateway's back panel label in the Security key or
passphrase box and click Connect.
Figure 13: Enter Network Key - Windows Vista
2. Double-click the Gateway’s Network Name (SSID) access point. The Gateway’s Network
Name (SSID) is listed on the Gateway's back panel label. For more information, see
Bottom Panel.
Result: Windows prompts you to enter the network security key.
3. Type the Passphrase, which is printed on the Gateway's bottom panel label, in the
Network key and Confirm network key boxes and then click Connect.
Result: You are now connected to the Gateway:
Figure 15: Enter Network Key - Windows XP
2. Double-click the Gateway’ Network Name (SSID). The Gateway’s Network Name (SSID)
is printed on the Gateway's side or back panel label.
Result: The Wi-Fi window prompts you to enter your WPA password.
Figure 17: Enter WPA Password
3. In the Password box, type the Passphrase, which is printed on the Gateway's bottom
panel label.
4. Select the Remember this network checkbox and click OK.
Result: You are now connected to the Gateway network.
1. Connect your traditional phone, external DECT base station or fax to an active RJ-11
Telephone jack on the back panel of your Gateway.
Figure 18: Telephone Ports
Note: You must connect Alarms dialers to either port 1 or 2. Be sure the Alarms
dialer is connected to an active telephone port connected to the phone network.
2. Plug the other end of the telephone cable into the telephone device.
3. Verify that each phone line is active by first checking for dial tone, and then by placing a
call to an active telephone number and checking that both parties can properly hear one
another.
Admin Tool
The Admin Tool allows you to configure the settings of your Gateway through your web
browser, using a computer or device that is currently connected to your Gateway (either wired
or wirelessly).
Note: The Admin Tool web pages are displayed differently for smaller screens if
you connect using a mobile device. The example in this guide shows the screens
as accessed using a computer.
Requirements
JavaScript must be enabled on your browser (this is the default setting). For more information,
consult the help of your web browser.
On Windows, it is also possible to access the Admin Tool using UPnP. For more
information, see UPnP (Universal Plug and Play).
Note: 192.168.0.1 is the default IP address of the Gateway. If at some point you
changed the IP address of the Gateway, use the new IP address instead.
2. The Gateway prompts you to enter the username and password. Enter your user name
(default: blank) and password (default: blank).
Result: The Admin Tool appears.
Figure 19: Admin Tool
Administration User The Administration screens present options to change the user
Remote Access name and password, add users, and reset the device.
Backup & Restore
Reboot & Reset
Troubleshooting
Remote Log
Diagnostic System Diagnostic screens provide some utilities to troubleshoot your
Interface network connection or Gateway.
Network
Wireless
Clients
Internet
To restore a previous configuration, click Browse and use the navigation window to locate the
file. The default file name is in the following format:
filename_YY_MM_DD_HOUR_MINUTES.gwc.
When the file has been located, click Restore to restore the settings. When the settings are
restored, the device will reboot to the restored settings.
Important: Do not edit the backup files; this may result in corrupt files making
them worthless as configuration backup.
Caution: Restoring a saved configuration will require the Gateway to restart. The
reboot will cause a short service interruption of the services provided by the
Gateway.
Note: If you are connecting the wireless client to the 5 GHz access point, make
sure the wireless client supports 5 GHz connections.
Wireless Client
The wireless client allows you to connect a wireless client to a wireless access point. Both
built-in and external (for example via USB) wireless clients are available.
Devices like tablets, smart TVs and smartphones usually have a built-in wireless client. Check
the documentation of your device for more information.
Or
• 802.11b only
• 802.11g only
• 802.11n only
• Mixed (802.11b and 802.11g)
• Mixed (802.11g and 802.11n)
• Mixed (802.11b, 802.11g and 802.11n)
For 5GHz:
• 802.11a only
• 802.11n only
• 802.11ac only
• Mixed (802.11a and 802.11n)
• Mixed (802.11n and 802.11ac)
• Mixed (802.11a, 802.11n and 802.11ac).
Channel Width:
The channel bandwidth can be selected manually for Wireless-N connections. For best
performance in a network using Wireless-N, Wireless-G, and Wireless-B devices, it is
suggested to use the AUTO (20 or 40MHz) channel setting.
Wireless-N connections will use the 40MHz channel if there is no interference, while Wireless-
G and Wireless-B will still use the 20MHz channel.
For Wireless-G and Wireless-B networking only, select 20MHz only. Then, only the 20MHz
channel will be used.
For 5GHz, the options include AUTO 20 or 40 or 80MHz. The 80MHz will only be used for AC.
Channel:
If AUTO (20 or 40MHz) is selected for the Radio Band setting the appropriate Standard
Channel setting will be automatically selected, depending on the Wide Channel setting.
If only 20MHz is selected as the Radio Band setting, select the appropriate channel from the
list provided to correspond with the network settings. All devices in the wireless network must
broadcast on the same channel to communicate.
MAC Address: The wireless MAC Address is displayed in this field.
Scan Nearby AP: The Scan button provides a mechanism for the AP to scan for neighboring
APs and provides various statistics on neighbors.
Note: Enabling Network Name (SSID) broadcast does not mean that everyone
can connect to your network. They still need the correct wireless network key
(password) to connect to the Gateway network. It only informs them that your
network is present.
MAC Filtering
When using MAC filtering, you allow or deny devices to access your network based on their
MAC address.
1. Go to the Admin Tool (http://192.168.0.1), using a computer or device that is currently
connected to your Gateway (either wired or wirelessly). For more information, see
Accessing the Admin Tool.
2. Click the Security tab then click the Device Filter tab.
Result: The Device Filter settings screen displays.
The Device Filter screen is used to allow or block devices connecting to the router, for both
LAN and Wi-Fi clients. The devices are allowed or blocked with respect to their MAC address,
which is added in the allowed devices list in this screen. You can add devices through auto-
learned devices under the device list or add a device manually under the Allowed Devices list.
Block All
When the Block All option is selected, all devices except in the Allowed Devices list are
blocked for Internet access.
Allow All
When the Allow All option is selected, all devices except in the Blocked Devices list are
allowed for Internet access.
Internet Security
The Gateway offers the following options to secure your Internet connection:
• Access Control
• Manage sites and devices
• Manage devices
• Managed services (Port Blocking)
• Firewall
• Reports
Access Control
The Access Control function:
• Prevents access to specific websites based on the URL or keywords.
• Prevents access requests from certain devices.
• Prevents access to specific applications or services (for example, FTP).
There are options within this feature to trust certain devices that are permitted to bypass these
rules.
Blocked Sites
To create a new entry in the Blocked Sites list, add the URL details, type and time of day for
the filter. There is an option to delete the URLs from the Blocked Sites list.
Trusted Devices
You can override the URL blocking feature for specific devices. They need to be added in the
Trusted Devices list with Trusted button enabled.
Manage Devices
The Device Filter screen is used to allow or block devices connecting to the router, for both
LAN and Wi-Fi clients. The devices are allowed or blocked based on their MAC address. There
are flexible rules that allow devices to be blocked based on the time of day.
On this screen, you can enable or disable the feature, select the filter type (Allow All or Deny
All) and add devices into the Blocked List. Each option is explained below.
Block All
When the Block All option is selected, all devices except in the Allowed Devices list are
blocked for Internet access.
Allow All
When the Allow All option is selected, all devices except in the Blocked Devices list are
allowed for Internet access.
You can enable this feature by enabling the Service Filter option.
Blocked Services
Creating the list of blocked services can be done by adding an entry and selecting the protocol
and port information. You can configure the time of the day configurations using the When
option (the time when the filter should be enabled).
Trusted Devices
Trusted devices can bypass the list of services that are blocked. The devices are identified by
their MAC address.
Firewall
The Gateway comes with an integrated firewall that helps you protect your network from
attacks from the Internet. This firewall has several predefined levels to allow you to adjust the
firewall to your needs.
The following table explains the traffic restrictions while setting the firewall level to various
levels – High, Medium, Low and Off.
High All unsolicited inbound traffic is All traffic except the following are Both inbound
blocked, and Intrusion Detection is restricted: and outbound
enabled. traffic are
• HTTP and HTTPS (TCP ports restricted
80, 443)
• DNS (TCP/UDP port 53)
• NTP (UDP ports 119, 123)
• Email (TCP ports 25, 110, 143,
465, 587, 993, 995)
• VPN (GRE, UDP port 500, TCP
port 1723)
• iTunes (TCP port 3689)
• Peer-to-Peer applications
• Kazaa (TCP/UDP port 1214)
• BitTorrent (TCP ports 6881-6999)
• Gnutella (TCP/UDP port 6346)
• Vuze (TCP ports 49152- 65534)
Intrusion Detection is enabled in the
Medium operating level. All other
inbound traffic is allowed by the
firewall. Please note that unsolicited
inbound traffic will not be forwarded
to devices on home network unless
they match a port forwarding /
triggering rule, or a DMZ host has
been configured.
The default Firewall setting is Minimum Security (Low). This means that all traffic passing
through the Gateway (from and to the Internet) is allowed.
Reports
The report screen displays all events generated by firewall rules. For example, if the firewall
breach attempt was registered, the same would be logged as a firewall breach attempt and
shown under firewall logs. Similarly, if there were incidents for Device filter, Service filter or Site
filter restrictions, they would be shown in the respective logs. Each line item in the report
display has the timestamp of the last such occurrence, with number of attempts and the
incident type with a brief description.
To display security reports, select the Security tab in the Gateway screen and then select the
Report tab. The following types of reports are available:
• Device Filter logs
• Site Filter logs
• Service Filter logs
• Email Settings logs
• Firewall Logs
Figure 29: Security Reports
Advanced Configuration
This chapter covers more advanced features. The following topics are covered:
• Port configuration for applications and services
• UPnP (Universal Plug and Play)
• Port Forwarding
• Port Triggering
• Port Filtering
• Configure a DMZ Host
• Dynamic DNS
• Assigning a Reserved IP (static IP) to a Device
Issue
When the Gateway receives an incoming message, the Gateway must decide to which
computer it should send this message. If the incoming message is a response to an outgoing
message originating from one of your computers, the Gateway sends the incoming message to
this computer.
Figure 30: Gateway Message Handling – Incoming Response to Outgoing Message
t
Solutions
To avoid this problem, the Gateway offers the following solutions:
• The Gateway supports automatic device discovery and port configuration for UPnP-
enabled devices. For more information, see UPnP (Universal Plug and Play).
• The Gateway allows you to assign a port to a device. For more information, see Port
Forwarding.
• The Gateway allows you to define a number of trigger ports. When a device sends data
over one of these ports, the Gateway will automatically assign several related ports to the
device. For more information, see Port triggering.
Note: If your computer is running Windows XP, you first must install the UPnP
component. For more information, see Windows help.
Port Forwarding
Port forwarding allows you to forward incoming Internet traffic arriving on a specific port to an
internal IP address. For example, if you are running a web server and the Gateway receives a
request on port 80, this request should be forwarded to your web server.
On this screen, you can select the range of ports and the types of traffic to be forwarded to an
IP address. The range information can be configured in Start Port and End Port fields. You
can select either TCP traffic alone or UDP traffic alone or both.
The Server IP should be the IP address of the target device. In the example above (Figure 34),
the 4131 is configured to forward TCP traffic on ports 2-20 to IP address 192.168.0.10.
The enable button enables the port forwarding feature; the entries can be deleted from the
table clicking the X in the Delete column.
Port triggering
Port triggering allows you to define a set of dynamic port forwarding rules that will be activated
as soon as a device sends traffic to the Internet over a specific port(s), the trigger port(s).
The difference compared to the port forwarding function described in Getting Started is that:
• Port triggering rules will only be activated if a local device is sending traffic over one of
the trigger ports. There must be outbound traffic first.
• Port triggering rules forward the traffic to any device that has initiated the communication
while port forwarding only forwards to a specific fixed IP.
• Port triggering rules allow you to translate the port numbers. This means that the
incoming port can differ from the target port.
• If no outgoing traffic is detected on the Trigger Range ports for 10 minutes, the Target
Range ports will close.
This is a safer method for opening specific ports for special applications such as, video
conferencing programs, interactive gaming, file transfer in chat programs, etc. They are
dynamically triggered and not held open constantly or erroneously left open via the router
administrator and exposed for potential hackers to discover.
Port Filtering
The Port Filter screen is used to block certain port requests coming from outside (WAN)
devices to the devices on your local network (LAN) connected through the router. You can set
the range of ports to be blocked by this feature.
1. Go to the Admin Tool (http://192.168.0.1), using a computer or device that is currently
connected to your Gateway (either wired or wirelessly). For more information, see
Accessing the Admin Tool.
2. On the Application menu, click Port Filter.
Result: The Port Filter screen appears (see Figure 36).
The screen displays the following Port Filter setup information, which can be viewed and
modified by the user:
• Range of Ports
• Traffic / Protocol
• Enable the filter
• Delete the filter entry
Application Tab/DMZ
Click the Application tab then click the DMZ tab. This screen displays DMZ setup information.
Here, a user can enable the DMZ feature, enter the host address (both IPv4 and IPv6) and
save the configuration.
Dynamic DNS
Dynamic DNS (DDNS) configures the Gateway's router functionality as a Dynamic DNS client.
Dynamic DNS allows a dynamic IP address to be aliased to a static, predefined host name so
that the host can be easily contacted by other hosts on the Internet, even if its IP address
changes. The CGA4131 supports a dynamic DNS client compatible with the Dynamic DNS
service (http://www.dyndns.com/).
1. Go to the Admin Tool (http://192.168.0.1), using a computer or device that is currently
connected to your Gateway (either wired or wirelessly). For more information, see
Accessing the Admin Tool.
2. On the Application menu, click DDNS.
Result: The Dynamic DNS screen appears (Figure 38).
This screen displays DDNS setup information. Here, you can set and display DDNS (Disable,
DynDns.org, TZO.com, Changeip.com, and Freedns.afraid.org), Username, Password and
Hostname.
Support
This section suggests solutions for issues that you may encounter while installing, configuring
or using your Gateway. If the suggestions do not resolve the problem, look at the support
screens on www.technicolor.com or contact your service provider.
This section describes the following topics:
• Wireless Connection Troubleshooting
• Network Diagnostic Tools
• Gateway Reboot and Reset Options
End of Document