ZyXEL Communications 802.11a/g Wireless CardBus Card ZyXEL AG-120 User Manual Download

Page: 1 / 396

www.zyxel.com

NWA-3500/NWA-3550

802.11a/g Dual Radio Wireless Business AP
802.11a/g Dual Radio Outdoor WLAN Business AP

Firmware Version 3.7

Edition 1, 1/2009

Default Login Details

IP Address

http://192.168.1.2

Password

1234

Summary of Contents for 802.11a/g Wireless CardBus Card ZyXEL AG-120

Page 1: ...550 802 11a g Dual Radio Wireless Business AP 802 11a g Dual Radio Outdoor WLAN Business AP Copyright 2009 ZyXEL Communications Corporation Firmware Version 3 7 Edition 1 1 2009 Default Login Details...

Page 2: ......

Page 3: ...g up your network and configuring for Internet access Note It is recommended you use the web configurator to configure the NWA Support Disc Refer to the included CD for support documents ZyXEL Web Sit...

Page 4: ...contact your vendor then contact a ZyXEL office for the region in which you bought the device See http www zyxel com web contact_us php for contact information Please have the following information re...

Page 5: ...font A key stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press th...

Page 6: ...ed in Figures Figures in this User s Guide may use the following generic icons The NWA icon is not an exact representation of your NWA Table 1 Common Icons NWA Computer Notebook Server Printer Telepho...

Page 7: ...OT use the device if the power adaptor or cord is damaged as it might cause electrocution If the power adaptor or cord is damaged remove it from the device and the power source Do NOT attempt to repai...

Page 8: ...Safety Warnings NWA 3500 NWA 3550 User s Guide 8...

Page 9: ...09 Wireless Configuration 119 SSID Screen 141 Wireless Security Screen 147 RADIUS Screen 161 Layer 2 Isolation Screen 165 MAC Filter Screen 171 IP Screen 175 Rogue AP Detection 179 Remote Management S...

Page 10: ...Contents Overview NWA 3500 NWA 3550 User s Guide 10...

Page 11: ...24 1 2 3 AP Bridge 25 1 2 4 MBSSID 26 1 2 5 Pre Configured SSID Profiles 27 1 2 6 Configuring Dual WLAN Adaptors 28 1 3 CAPWAP 28 1 4 Ways to Manage the NWA 29 1 5 Configuring Your NWA s Security Feat...

Page 12: ...ow 53 5 1 3 Before You Begin 54 5 2 Controller AP Navigation Menu 54 5 3 Controller AP Status Screen 55 5 4 AP List Screen 57 5 4 1 The AP Lists Edit Screen 59 5 5 Configuration Screen 60 5 6 Redundan...

Page 13: ...3 Setup 92 6 4 4 Configure the SERVER_1 Network 93 6 4 5 Configure the SERVER_2 Network 96 6 4 6 Checking your Settings and Testing the Configuration 96 6 4 6 1 Checking Settings 96 6 4 6 2 Testing th...

Page 14: ...8 5 Technical Reference 131 8 5 1 Spanning Tree Protocol STP 131 8 5 1 1 Rapid STP 131 8 5 1 2 STP Terminology 132 8 5 1 3 How STP Works 132 8 5 1 4 STP Port States 133 8 5 2 DFS 133 8 5 3 Roaming 133...

Page 15: ...Screen 161 11 3 What You Need To Know 162 11 4 The RADIUS Screen 163 Chapter 12 Layer 2 Isolation Screen 165 12 1 Overview 165 12 2 What You Can Do in the Layer 2 Isolation Screen 166 12 3 What You N...

Page 16: ...e FTP Screen 191 16 6 The WWW Screen 192 16 7 The SNMP Screen 194 16 8 Technical Reference 195 16 8 1 MIB 195 16 8 2 Supported MIBs 196 16 8 3 SNMP Traps 196 Chapter 17 Internal RADIUS Server 199 17 1...

Page 17: ...ce 232 19 6 1 Example Log Messages 232 19 6 2 Log Commands 233 19 6 3 Configuring What You Want the NWA to Log 233 19 6 4 Displaying Logs 234 19 6 5 Log Command Example 234 Chapter 20 VLAN 235 20 1 Ov...

Page 18: ...ics Screen 266 23 5 Association List Screen 268 23 6 Channel Usage Screen 269 23 7 F W Upload Screen 270 23 8 Configuration Screen 272 23 8 1 Backup Configuration 272 23 8 2 Restore Configuration 273...

Page 19: ...uide 19 Appendix C Pop up Windows JavaScripts and Java Permissions 335 Appendix D Importing Certificates 343 Appendix E IP Addresses and Subnetting 369 Appendix F Text File Based Auto Configuration 37...

Page 20: ...Table of Contents NWA 3500 NWA 3550 User s Guide 20...

Page 21: ...21 PART I Introduction Introducing the NWA 23 Introducing the Web Configurator 35 Status Screens 39 Management Mode 47 Tutorial 67...

Page 22: ...22...

Page 23: ...you to easily assign different types of security to groups of users The NWA controls network access with MAC address filtering rogue AP detection layer 2 isolation and an internal authentication serve...

Page 24: ...ternet access application for your NWA is shown as follows Clients A B and C can access the wired network through the NWAs Figure 1 Access Point Application 1 2 2 Bridge Repeater The NWA can act as a...

Page 25: ...h APs must use the same pre shared key See Section 8 4 2 on page 126 for more details Once the security settings of peer sides match one another the connection between devices is made At the time of w...

Page 26: ...ty settings refers to the traffic between the wireless stations and the NWA Figure 4 AP Bridge Application 1 2 4 MBSSID A BSS Basic Service Set is the set of devices forming a single wireless network...

Page 27: ...ing figure VoIP_SSID users have Quality of Service QoS priority SSID03 is the wireless network for standard users and Guest_SSID is the wireless network for guest users In this example the guest user...

Page 28: ...2 6 Configuring Dual WLAN Adaptors The NWA is equipped with dual wireless adaptors This means you can configure two different wireless networks to operate simultaneously In the following example the N...

Page 29: ...e CAPWAP managed APs NWA 3160 NWA 3163 NWA 3500 NWA 3550 NWA 8500 The following figure illustrates a CAPWAP wireless network The user U configures the controller AP C which then automatically updates...

Page 30: ...utton they can then reset the device s password to its default password log in and reconfigure its settings Change any default passwords on the NWA such as the password used for accessing the NWA s we...

Page 31: ...n configuring the MAC filter 1 6 Maintaining Your NWA Do the following things regularly to keep your NWA running Check the ZyXEL website www zyxel com tw regularly for new firmware for your NWA Ensure...

Page 32: ...section applies to the NWA 3500 only Figure 8 LEDs Table 3 LEDs LABEL LED COLOR STATUS DESCRIPTION 1 WL1 Green On The wireless adaptor WLAN1 is active Blinking The wireless adaptor WLAN1 is active an...

Page 33: ...Off The wireless adaptor WLAN2 is not active 4 ZyAIR Blue On The NWA is receiving power You can turn the ZyAIR LED off and on using the Web configurator See Section 8 4 on page 123 Blinking The NWA is...

Page 34: ...Chapter 1 Introducing the NWA NWA 3500 NWA 3550 User s Guide 34...

Page 35: ...our computer or computer network to connect to the NWA refer to the Quick Start Guide 2 Launch your web browser 3 Type 192 168 1 2 as the URL default 4 Type 1234 default as the password and click Logi...

Page 36: ...icate screen to create a certificate using your NWA s MAC address that will be specific to this device Figure 10 Replace Certificate Screen You should now see the Status screen See Chapter 2 on page 3...

Page 37: ...t configuration file Hold this button in for about 10 seconds the lights will begin to blink Use this method for cases when the password or IP address of the NWA is not known This applies to the NWA 3...

Page 38: ...l Password and Time Setting WIRELESS Wireless SSID Security RADIUS Layer 2 Isolation MAC Filter IP ROGUE AP Configuration Friendly AP Rogue AP REMOTE MGNT Telnet FTP WWW and SNMP AUTH SERVER Setting T...

Page 39: ...log into the NWA or click STATUS in the navigation menu Use the Status screens to look at the current status of the device system resources interfaces and SSID status The Status screen also provides d...

Page 40: ...u configured in the MGMT MODE screen The NWA works as a standalone AP by default Figure 12 The Status Screen Standalone AP Figure 13 The Status Screen AP Controller The following table describes the l...

Page 41: ...anagement mode This field displays the current operating mode of the second wireless module AP Bridge Repeater AP Bridge or MBSSID You can change the operating mode in the Wireless Wireless screen Man...

Page 42: ...N1 Associations This field is not available when the NWA is in AP controller management mode This field displays the number of wireless clients currently associated with the first wireless module Each...

Page 43: ...ireless clients connect to the NWA Redundancy This section is available only when the NWA is in AP controller management mode The redundancy feature should be also enabled and the NWA acts as the regu...

Page 44: ...to see which wireless channels are currently in use in the local area See Section 23 6 on page 269 SSID Information This link is available only when the NWA is in AP controller management mode Click...

Page 45: ...IPTION Table 6 Status AP Statistics LABEL DESCRIPTION AP Description This is the descriptive name configured for this AP in the Controller AP Lists 802 11 Mode This is the wireless standard supported...

Page 46: ...e NWA is in AP controller management mode Figure 16 Status SSID Information The following table describes the labels in this screen Table 7 Status SSID Information LABEL DESCRIPTION SSID Security Mode...

Page 47: ...visioning of Wireless Access Points This is ZyXEL s implementation of the IETF s Internet Engineering Task Force CAPWAP protocol RFC 4118 The CAPWAP dataflow is protected by DTLS Datagram Transport La...

Page 48: ...P CAPWAP managed APs must be DHCP clients supplied with an IP address by a DHCP server on your network Furthermore the AP controller must have a static IP address it cannot be a DHCP client 4 1 3 CAPW...

Page 49: ...ler uses its internal RADIUS server managed APs also use the AP controller s authentication server to authenticate wireless clients Only one AP controller can exist in any single broadcast domain If a...

Page 50: ...configurator neither managing nor managed by other devices Managed AP Select this to have the NWA managed by another NWA on your network When you do this the NWA can be configured ONLY by the manageme...

Page 51: ...the IP address of the secondary controller AP Apply Click this to save your changes Note If you change the mode in this screen the NWA restarts Wait a short while before you attempt to log in again I...

Page 52: ...Chapter 4 Management Mode NWA 3500 NWA 3550 User s Guide 52...

Page 53: ...o view information about your managed wireless network Use the AP Lists screen Section 5 4 on page 57 to manage connected APs Use the Configuration screen Section 5 5 on page 60 to control the way in...

Page 54: ...he wireless clients of the managed APs 5 1 3 Before You Begin Note The Controller AP options are only available when the NWA is set to function in this mode Therefore ensure that you have switched mod...

Page 55: ...Note A managed AP may potentially be turned off if it is within range of its controller AP while the controller AP updates its settings The managed AP retains the last settings acquired from the contr...

Page 56: ...y the NWA that are not currently active turned off or otherwise unreachable on the network Un managed This field displays the number of access points on the network that are not managed by the NWA but...

Page 57: ...e Controller AP Lists Screen LABEL DESCRIPTION Managed Access Points List This section lists the access points currently controlled by the NWA This always includes the NWA itself Index This is the ind...

Page 58: ...Access Points List This section lists the CAPWAP enabled access points in the area that are in managed AP mode but which are not currently controlled by the NWA Index This is the index number of an u...

Page 59: ...ED This field displays only if the managed AP supports this feature Select this box to disable the WLAN LED light Clear this box to enable the WLAN LED WLAN1 Radio Profile Select the radio profile you...

Page 60: ...ncrypt communications between the NWA and its managed APs This key is used to encrypt DTLS Datagram Transport Layer Security transmissions Enter 8 32 English keyboard characters The proprietary AutoPS...

Page 61: ...ng table describes the labels in this screen Table 12 The Controller Redundancy Screen LABEL DESCRIPTION Redundancy Select Enable to set the NWA either as a Primary AP Controller or as a Secondary Con...

Page 62: ...rity screen see Section 10 2 on page 136 The Profile Edit RADIUS screen see Section 11 2 on page 149 The Profile Edit Layer 2 Isolation screen see Section 12 2 on page 153 The Profile Edit MAC Filter...

Page 63: ...number of each radio profile Profile Name This field displays the identification name of each radio profile on the NWA 802 11 Mode This field displays the IEEE 802 11 wireless mode the radio profile u...

Page 64: ...0 User s Guide 64 5 8 The Radio Profile Edit Screen Use this screen to configure a specific radio profile In the Profile Edit Radio screen select a profile and click Edit The following screen displays...

Page 65: ...um MSDU MAC service data unit size turns off the RTS CTS handshake Setting this attribute to its smallest value 256 turns on the RTS CTS handshake Enter a value between 256 and 2346 Fragmentation Thre...

Page 66: ...rofile or profiles you want access points using this radio profile to use Each AP can use multiple SSID profiles simultaneously Configure SSID profiles in the Profile Edit SSID screens Index This is t...

Page 67: ...ing mode if you want to allow wireless clients to access your wired network all using the same security and Quality of Service QoS settings See Section 1 2 1 on page 24 for details Use Bridge Repeater...

Page 68: ...the first wireless network select WLAN1 in the WLAN Interface field and follow the steps in Section 6 1 2 on page 68 Then select WLAN2 in the WLAN Interface field and follow the same procedure to con...

Page 69: ...onfigure WDS Security Select 802 11 Mode and Channel ID Configure WDS Security Select SSID Profile Configure SSID Profile Edit Security Profile Configure RADIUS authentication optional Configure inter...

Page 70: ...ltiple Wireless Networks In this example you have been using your NWA as an access point for your office network See your Quick Start Guide for information on how to set up your NWA in Access Point mo...

Page 71: ...Quality of Service QoS setting see Chapter 8 on page 119 for information on QoS The guest network Guest_SSID has access to the Internet and the network printer only and a low QoS setting To configure...

Page 72: ...ating Mode Log in to the NWA see Section 2 1 on page 35 Click WIRELESS Wireless The Wireless screen appears In this example the NWA is using WLAN Interface 1 in Access Point operating mode and is curr...

Page 73: ...n one of the Profile list boxes number 3 in this example Select the Active box for the entry and click Apply to activate the profile Your standard wireless network SSID04 is now accessible to your wir...

Page 74: ...VoIP_SSID and Guest_SSID profiles you will need to set different security profiles Figure 35 Tutorial WIRELESS SSID The Voice over IP VoIP network will use the pre configured SSID profile so select Vo...

Page 75: ...he SSID to wireless clients scanning the area The standard network SSID04 is currently using the security01 profile so use a different profile for the VoIP network If you used the security01 profile a...

Page 76: ...you do not have a RADIUS server for authentication so select WPA2 PSK in the Security Mode field WPA2 PSK provides strong security that anyone with a compatible wireless client can use once they know...

Page 77: ...onfigure the Guest Network When you are setting up the wireless network for guests to your office your primary concern is to keep your network secure while allowing access to certain resources such as...

Page 78: ...t Disable from the Hide Name SSID list box This makes it easier for guests to configure their own computers wireless clients to your network s settings The standard network SSID04 is already using the...

Page 79: ...y that is supported by most wireless clients Even though your Guest_SSID clients do not have access to sensitive information on the network you should not leave the network without security An attacke...

Page 80: ...e 80 6 2 3 2 Set up Layer 2 Isolation Configure layer 2 isolation to control the specific devices you want the users on your guest network to access Click WIRELESS Layer 2 Isolation The following scre...

Page 81: ...ect its entry and click Edit The following screen displays Figure 45 Tutorial Layer 2 Isolation Profile Enter the MAC addresses and descriptions of the two network devices you want users on the guest...

Page 82: ...led Try to access each network using the correct security settings and then using incorrect security settings such as the WPA PSK for another active network If the behavior is different from expected...

Page 83: ...rity considerations In this example you want to ensure that your company s data is not accessible to an attacker gaining entry to your wireless network through a rogue AP Your wireless network operate...

Page 84: ...n configuring the rogue AP feature on your NWAs in this example you will need to use the information in the following table You need the IP addresses of your APs to access their Web configurators and...

Page 85: ...ings 1 Set up and save a friendly AP list 2 Activate periodic Rogue AP Detection 3 Set up e mail alerts 4 Configure your other access points 5 Test the setup 6 3 1 Set Up and Save a Friendly AP list T...

Page 86: ...o your network s security The Friendly AP screen now appears as follows Figure 49 Tutorial Friendly AP After Data Entry Table 17 Tutorial Friendly AP Information MAC ADDRESS DESCRIPTION 00 AA 00 AA 00...

Page 87: ...ist of friendly APs in order to provide a backup and upload it to your other access points Click the Configuration tab The following screen appears Figure 50 Tutorial Configuration 4 Click Export If a...

Page 88: ...teps to activate rogue AP detection on the first of your NWAs 1 In the ROGUE AP Configuration screen select Enable from the Rogue AP Period Detection field Figure 53 Tutorial Periodic Rogue AP Detecti...

Page 89: ...st of your four APs to send a log message to your e mail inbox whenever a rogue AP is discovered in your wireless network s coverage area 1 Click LOGS Log Settings The following screen appears Figure...

Page 90: ...it detects an access point not on the list Now you need to configure the other wireless access points on your network to do the same things For each access point take the following steps 1 From a com...

Page 91: ...ve the NWA perform a scan immediately Check the ROGUE AP Rogue AP screen You should see an entry in the list with the same MAC address as your rogue AP Check the LOGS View Logs screen You should see a...

Page 92: ...3 Setup In this example you have already set up the NWA in MBSSID mode see Chapter 12 on page 165 It uses two SSID profiles simultaneously You have configured each SSID profile as shown in the followi...

Page 93: ...k which are as follows 6 4 4 Configure the SERVER_1 Network First you will set up the SERVER_1 network which allows Alice to access secure server 1 via the network switch You will configure the MAC fi...

Page 94: ...e following screen displays showing the SSID profiles you already configured Figure 56 Tutorial SSID Profile 2 Select SERVER_1 s entry and click Edit The following screen displays Figure 57 Tutorial S...

Page 95: ...ave restricted users on the SERVER_1 network to access only the devices with the MAC addresses you entered 4 Click the MAC Filter tab When the MAC Filter screen appears select macfilter03 s entry and...

Page 96: ...Settings Take the following steps to check that the NWA is using the correct SSIDs MAC filters and layer 2 isolation profiles Table 21 Tutorial SERVER_2 Network Information SSID Screen Index 4 Profil...

Page 97: ...shown in the following figure Figure 60 Tutorial SSID Profiles Activated 2 Next click the SSID tab Check that each configured SSID profile uses the correct Security Layer 2 Isolation and MAC Filter p...

Page 98: ...should be unable to do so If you can do so MAC filtering is misconfigured 2 Test the SERVER_2 network Using Bob s computer and wireless client and the correct security settings do the following Attemp...

Page 99: ...because of their location You want to convert one of your NWA to a controller AP A which will allow you to manage all 4 NWA APs using the Web Configurator of this newly transformed NWA controller AP A...

Page 100: ...as A to serve as the secondary controller AP E Both controller APs A and E are in the 1st floor of the building recommended The NWA APs B C and D from the 2nd 3rd and 4th floors are going to be your m...

Page 101: ...ave both primary and secondary controller APs in the network the secondary controller AP s WLAN radio is turned off as long as the primary controller AP is turned on 1 Access the Web Configurator of t...

Page 102: ...mode in your network Changes made in the Web Configurator of the NWA primary AP controller are synchronized automatically with the secondary controller AP if there is one and the members of the manage...

Page 103: ...nuously managing it You can switch the NWA to standalone AP mode by pressing the reset button on the casing NWA 3500 only Previous configurations are lost 1 To set your NWA in managed AP mode open the...

Page 104: ...rial Registration Type If the Registration Type is set to Manual the controller AP add managed APs to a queue in the Un Managed Access Points List in the Controller AP Lists screen If the Registration...

Page 105: ...st have their WLAN Radio Profile set to disabled This means that their wireless functions are turned off Note The NWA controller AP uses WLAN Radio Profile to categorize different wireless settings pr...

Page 106: ...tility screen to check if radio6 SSID Mktg Grp 6 is in the list of wireless networks available Figure 71 Tutorial Checking your Setup MGNT Mode Settings Open the wireless client s screen that list the...

Page 107: ...on 119 SSID Screen 141 Wireless Security Screen 147 RADIUS Screen 161 Layer 2 Isolation Screen 165 MAC Filter Screen 171 IP Screen 175 Rogue AP Detection 179 Remote Management Screens 187 Internal RAD...

Page 108: ...108...

Page 109: ...ects to an Network Time Protocol NTP server to set the time on the device 7 2 What You Can Do in the System Screens Use the General screen see Section 7 4 on page 112 to specify the System name Domain...

Page 110: ...art of a much larger organization you should consult your network administrator for the appropriate IP addresses Note Regardless of your particular situation do not create an arbitrary IP address alwa...

Page 111: ...evice on your network is using that IP address The subnet mask specifies the network number portion of an IP address Your device will compute the subnet mask automatically based on the IP address that...

Page 112: ...o 30 alphanumeric characters long Spaces are not allowed but dashes and underscores _ are accepted Domain Name This is not a required field Leave this field blank or enter the domain name here if you...

Page 113: ...erver IP address that the DHCP assigns Select User Defined if you have the IP address of a DNS server Enter the DNS server s IP address in the field to the right If you chose User Defined but leave th...

Page 114: ...sword Type in your existing system password 1234 is the default password New Password Type your new system password up to 31 characters Note that as you type a password the screen displays an asterisk...

Page 115: ...S server profile of the RADIUS server that is to authenticate management logins to the NWA The NWA tests the user name and password against the RADIUS server when you apply your settings The user name...

Page 116: ...your NWA Each time you reload this page the NWA synchronizes the time with the time server if configured Current Date This field displays the last updated date from the time server Manual Select this...

Page 117: ...Time at 2 A M local time So in the United States you would select Second Sunday March and type 2 in the o clock field Daylight Saving Time starts in the European Union on the last Sunday of March All...

Page 118: ...following pre defined list of NTP time servers if you do not specify a time server or it cannot synchronize with the time server you specified When the NWA uses the pre defined list of NTP time serve...

Page 119: ...e above the NWA allows access to another bridge device A and a notebook computer B upon verifying their settings and credentials It denies access to other devices C and D with configurations that do n...

Page 120: ...When Intra BSS traffic blocking is disabled wireless station A and B can access the wired network and communicate with each other When Intra BSS traffic blocking is enabled wireless station A and B c...

Page 121: ...Repeater The NWA acts as a wireless network bridge and establishes wireless links with other APs You need to know the MAC address of the peer device which also must be in bridge mode The NWA can esta...

Page 122: ...ld use a different channel than an adjacent AP access point to reduce interference Wireless Mode The IEEE 802 1x standard was designed to extend the features of IEEE 802 11 to support extended authent...

Page 123: ...ther be used in conjunction with 802 1x security 8 4 Configuring Wireless Settings Click WIRELESS Wireless The screen varies depending upon the operating mode you select 8 4 1 Access Point Mode Select...

Page 124: ...and packet bursting Disable channel switching for DFS This field displays only when you select 802 11a in the 802 11 Mode field Select this if you do not want to use DFS Dynamic Frequency Selection C...

Page 125: ...k This value can be set from 1 to 100 Fragmentation Threshold The threshold number of bytes for the fragmentation boundary for directed messages It is the maximum data fragment size that can be sent E...

Page 126: ...educe signal interference Enable Breathing LED Select this check box to enable the blue breathing LED also known as the NWA LED Clear the check box to turn this LED off even when the NWA is on and dat...

Page 127: ...ireless Configuration NWA 3500 NWA 3550 User s Guide 127 To have the NWA act as a wireless bridge only click WIRELESS Wireless and select Bridge Repeater as the Operating Mode Figure 80 Wireless Bridg...

Page 128: ...ntegrity Protocol TKIP security on your WDS This option is compatible with other ZyXEL access points including that support WDS security Use this if the other access points on your network support WDS...

Page 129: ...for information on the other labels in this screen 8 4 3 AP Bridge Mode Select AP Bridge as the Operating Mode in the WIRELESS Wireless screen to have the NWA function as a bridge and access point sim...

Page 130: ...cribing the fields in the Access Point and Bridge Repeater operating modes for descriptions of the fields in this screen 8 4 4 MBSSID Mode Use this screen to have the NWA function in MBSSID mode Selec...

Page 131: ...have Table 29 Wireless MBSSID LABEL DESCRIPTION Operating Mode Select MBSSID in this field to display the screen as shown Select SSID Profile An SSID profile is the set of parameters relating to one...

Page 132: ...5 1 3 How STP Works After a bridge determines the lowest cost spanning tree with STP it enables the root port and the ports that are the designated ports for connected LANs and disables all other port...

Page 133: ...ther channel then resumes communications on the new channel 8 5 3 Roaming A wireless station is a device with an IEEE 802 11a b g compliant wireless interface An access point AP acts as a bridge betwe...

Page 134: ...a wireless station moves between coverage areas Wireless stations can still associate with other APs even if you disable roaming Enabling roaming ensures correct traffic forwarding bridge tables are u...

Page 135: ...on the access point the new access point must have the user profile for the wireless station The adjacent access points should use different radio channels when their coverage areas overlap All acces...

Page 136: ...the following figure Figure 85 Bridging Example Be careful to avoid bridge loops when you enable bridging in the NWA Bridge loops cause broadcast traffic to circle the network endlessly resulting in...

Page 137: ...ce in wireless networks It controls WLAN transmission priority on packets to be transmitted over the wireless network WMM QoS prioritizes wireless traffic according to delivery requirements WMM QoS is...

Page 138: ...e sensitive applications such as FTP File Transfer Protocol The following table shows some common applications their time sensitivity and their typical data packet sizes Note that the figures given ar...

Page 139: ...s of how to configure ATC WMM Use the ATC WMM function if you want to do the following enable WMM QoS on your wireless network and automatically assign a WMM priority to packets that do not already ha...

Page 140: ...ned an ATC value based on their WMM value not their size The following table shows how priorities are assigned for packets coming from the WLAN to the LAN when using ATC WMM Table 35 ATC WMM Priority...

Page 141: ...figure above the NWA has three SSID profiles configured a standard profile SSID04 a profile with high QoS settings for Voice over IP VoIP users VoIP_SSID and a guest profile that allows visitors acce...

Page 142: ...s you want to allow access to it Each SSID profile references the settings configured in the following screens Wireless Security one of the security profiles Wireless RADIUS one of the RADIUS profiles...

Page 143: ...each SSID profile on the NWA SSID This field displays the name of the wireless profile on the network When a wireless client scans for an AP to associate with this is the name that is broadcast and s...

Page 144: ...figure and click Edit to go to the SSID configuration screen Table 37 Wireless SSID LABEL DESCRIPTION Table 38 Wireless SSID Edi LABEL DESCRIPTION Profile Name Enter a name identifying this profile SS...

Page 145: ...on 8 5 8 on page 139 for more information on ATC WMM If you select WMM_VOICE WMM_VIDEO WMM_BEST_EFFORT or WMM_BACKGROUND the NWA applies that QoS setting to all of that SSID s traffic If you select NO...

Page 146: ...Chapter 9 SSID Screen NWA 3500 NWA 3550 User s Guide 146...

Page 147: ...ork Figure 91 Securing the Wireless Network In the figure above the NWA checks the identity of devices before giving them access to the network In this scenario computer A is denied access to the netw...

Page 148: ...t is sent in the wireless network even if they cannot use the wireless network Furthermore there are ways for unauthorized wireless users to get a valid user name and password Then they can use that u...

Page 149: ...A passphrase functions like a password In WEP security mode it is further converted by the NWA into a complicated string that is referred to as the key This key is requested from all devices wishing t...

Page 150: ...ing screens are configurable only in Access Point AP Bridge and MBSSID operating modes Use this screen to choose and edit a security profile Click Wireless Security The following screen displays Figur...

Page 151: ...varies according to the Security Mode you select 10 4 1 Security WEP Use this screen to set the selected profile to Wired Equivalent Privacy WEP security mode Select WEP in the Security Mode field to...

Page 152: ...t this option to enter ASCII characters as the WEP keys Hex Select this option to enter hexadecimal characters as the WEP keys The preceding 0x is entered automatically Key 1 to Key 4 The WEP keys are...

Page 153: ...ireless stations have to resend user names and passwords in order to stay connected Enter a time interval between 10 and 9999 seconds The default time interval is 1800 seconds 30 minutes Alternatively...

Page 154: ...ic 128 in this field ASCII Select this option to enter ASCII characters as the WEP keys Hex Select this option to enter hexadecimal characters as the WEP keys The preceding 0x is entered automatically...

Page 155: ...ter 0 to turn reauthentication off Note If wireless station authentication is done using a RADIUS server the reauthentication timer on the RADIUS server has priority Idle Timeout The NWA automatically...

Page 156: ...reauthentication timer on the RADIUS server has priority Idle Timeout The NWA automatically disconnects a wireless station from the wired network after a period of inactivity The wireless station nee...

Page 157: ...er The Group Key Update Timer is the rate at which the AP sends a new group key out to all clients The re keying process is the WPA equivalent of automatically changing the group key for an AP and all...

Page 158: ...same The only difference between the two is that WPA PSK uses a simple common password instead of user specific credentials Type a pre shared key from 8 to 63 case sensitive ASCII characters includin...

Page 159: ...e WEP key encrypting A higher bit key offers better security You can manually enter 64 bit 128 bit or 152 bit WEP keys More information on Wireless Security can be found in Appendix B on page 233 Grou...

Page 160: ...Chapter 10 Wireless Security Screen NWA 3500 NWA 3550 User s Guide 160...

Page 161: ...and the server is the RADIUS server Figure 100 RADIUS Server Setup In the figure above wireless clients A and B are trying to access the Internet via the NWA The NWA in turn queries the RADIUS server...

Page 162: ...package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server You should know the IP addresses ports and share secrets of the external RADIUS serv...

Page 163: ...sociated with the Index number above Primary Configure the fields below to set up user authentication and accounting Backup If the NWA cannot communicate with the Primary accounting server you can hav...

Page 164: ...is not available when you select Internal Share Secret Enter a password up to 128 alphanumeric characters as the key to be shared between the external authentication server and the NWA The key must b...

Page 165: ...a network In the following figure layer 2 isolation is enabled on the NWA Z to allow a guest wireless client A to access the main network router B The router provides access to the Internet C and the...

Page 166: ...Isolation Screen Use the Wireless Layer 2 Isolation screen see Section 12 4 on page 167 to configure the MAC addresses of the wireless client AP computer or router that you want to allow the associat...

Page 167: ...1 Configuring Layer 2 Isolation Use this screen to specify the configuration for your layer 2 isolation profile Select a layer 2 isolation profile in Wireless Layer 2 Isolation and click Edit to displ...

Page 168: ...es with these MAC addresses These are the MAC address of a wireless client AP computer or router A wireless client associated with the NWA can communicate with another wireless client AP computer or r...

Page 169: ...solation configurations on your NWA A Figure 105 Layer 2 Isolation Example Configuration Example 1 Restricting Access to Server In the following example wireless clients 1 and 2 can communicate with f...

Page 170: ...tion Example 1 Example 2 Restricting Access to Client In the following example wireless clients 1 and 2 can communicate with access point B and file server C but not wireless client 3 Enter the server...

Page 171: ...tion Figure 108 MAC Filtering In the figure above wireless client U is able to connect to the Internet because its MAC address is in the allowed association list specified in the NWA The MAC address o...

Page 172: ...cimal characters for example 00 A0 C5 00 00 02 You need to know the MAC address of each device to configure MAC filtering on the NWA 13 4 The MAC Filter Screen The MAC filter profile is a user configu...

Page 173: ...e Profile Name This field displays the name given to a MAC filter profile in the MAC Filter Configuration screen Edit Select an entry from the list and click Edit to configure settings for that profil...

Page 174: ...it screen and click Apply Index This is the index number of the MAC address MAC Address Enter the MAC addresses in XX XX XX XX XX XX format of the wireless station to be allowed or denied access to th...

Page 175: ...address to communicate across the network These networking devices are also known as hosts Figure 111 IP Setup The figure above illustrates one possible setup of your NWA The gateway IP address is 19...

Page 176: ...ng table describes the labels in this screen Table 52 IP Setup LABEL DESCRIPTION IP Address Assignment Get automatically from DHCP Select this option if your NWA is using a dynamically assigned IP add...

Page 177: ...cal networks On the other hand if you are part of a much larger organization you should consult your network administrator for the appropriate IP addresses Regardless of your particular situation do n...

Page 178: ...Chapter 14 IP Screen NWA 3500 NWA 3550 User s Guide 178...

Page 179: ...access to the network or set up their own rogue APs in order to capture information from wireless clients If a scan reveals a rogue AP you can use commercially available software to physically locate...

Page 180: ...can configure the NWA to detect rogue IEEE 802 11a 5 GHz and IEEE 802 11b g 2 4 GHz APs You can also set the NWA to e mail you immediately when a rogue AP is detected see Chapter 19 on page 229 for in...

Page 181: ...attacker tries to capture usernames passwords and other sensitive information from unsuspecting clients A and B who attempt to connect This is known as a honeypot attack Figure 114 Honeypot Attack If...

Page 182: ...ue AP Period Detection field Expiration Time minutes Specify how long between 30 and 180 minutes an AP s entry can remain in the Rogue AP List before the NWA removes it from the list if the AP is no l...

Page 183: ...lowed Add Click this button to include the AP in the list Friendly AP List This is the list of safe wireless access points you have already configured Index This is the index number of the AP s entry...

Page 184: ...button to have the NWA scan for rogue APs Index This is the index number of the AP s entry in the list Select Use this check box to select the APs you want to move to the friendly AP list see Section...

Page 185: ...nderscores _ and dashes are allowed Add to Friendly AP List If you know that the AP described in an entry is not a threat select the Active check box enter a short description in the Description field...

Page 186: ...Chapter 15 Rogue AP Detection NWA 3500 NWA 3550 User s Guide 186...

Page 187: ...of the NWA s interfaces Remote Management allows a user to administrate the device over the network You can manage your NWA from a remote location via the following interfaces WLAN LAN Both WLAN and L...

Page 188: ...the SNMP screen see Section 16 7 on page 194 to configure through which interface s and from which IP address es a network systems manager can access the ZyXEL Device 16 3 What You Need To Know Telne...

Page 189: ...ment functions It executes applications that control and monitor managed devices SNMP allows a manager and agents to communicate for the purpose of accessing information such as packets received node...

Page 190: ...YSTEM screen 16 4 The Telnet Screen Use this screen to configure your NWA for remote Telnet access You can use Telnet to access the NWA s Command Line Interface CLS Click REMOTE MGNT TELNET The follow...

Page 191: ...responding private key is to be used to identify the NWA for SSH connections You must have certificates already configured in the Certificates My Certificates screen Server Port You can change the ser...

Page 192: ...You may change the server port number for a service if needed however you must use the same port number in order to use that service for remote management Server Access Select the interface s through...

Page 193: ...cates optional to require the SSL client to authenticate itself with the NWA by sending the NWA a certificate To do that the SSL client must have a CA signed certificate from a CA that has been import...

Page 194: ...Enter the Set community which is the password for incoming Set requests from the management station The default is public and allows all requests Community Type the trap community which is the passwor...

Page 195: ...count s security settings or select Admin to have the NWA use the Admin account s security settings Use the Configure SNNMPv3 User Profile link to set up each account s security settings Configure SNM...

Page 196: ...an agent Trap Used by the agent to inform the manager of some events 16 8 2 Supported MIBs The NWA supports MIB II that is defined in RFC 1213 and RFC 1215 as well as the proprietary ZyXEL private MI...

Page 197: ...MIB whyReboot 1 3 6 1 4 1 890 1 5 1 3 0 1 This trap is sent with the reason for restarting before the system reboots warm start System reboot by user is added for an intentional reboot for example dow...

Page 198: ...Chapter 16 Remote Management Screens NWA 3500 NWA 3550 User s Guide 198...

Page 199: ...ing its internal RADIUS server to control access to a wired network A wireless notebook A requests access by sending its credentials The NWA consults its internal RADIUS server s list of user names an...

Page 200: ...and passwords 17 3 What You Need To Know The NWA has a built in RADIUS server that can authenticate wireless clients or other trusted APs Certificates are used by wireless clients to authenticate the...

Page 201: ...me This field displays the name used to identify this certificate It is recommended that you give each certificate a unique name auto_generated_self_signed_cert is the factory default certificate comm...

Page 202: ...ommon name organizational unit or department organization or company and country With self signed certificates this is the same information as in the Subject field Valid From This field displays the d...

Page 203: ...pe the IP address of the trusted AP in dotted decimal notation Shared Secret Enter a password up to 31 alphanumeric characters no spaces as the key for encrypting communications between the AP and the...

Page 204: ...nd password activated on their wireless utilities User Name Enter the user name for this user account This name can be up to 31 alphanumeric characters long including spaces The wireless client s util...

Page 205: ...he following steps to set up trusted APs and trusted users 1 Configure an IP address and shared secret in the Trusted AP database to specify an AP as trusted 2 Configure wireless client user names and...

Page 206: ...DOMAIN user When you configure your Windows XP SP2 Wireless Zero Configuration PEAP MS CHAPv2 settings deselect the Use Windows logon name and password check box When authentication begins a pop up di...

Page 207: ...ertificates Example In the figure above the NWA Z checks the identity of the notebook A using a certificate before granting it access to the network 18 2 What You Can Do in the Certificates Screen Use...

Page 208: ...and you never need to transmit private keys The certification authority certificate that you want to import has to be in one of these file formats Binary X 509 This is an ITU T recommendation that de...

Page 209: ...unique name Type This field displays what kind of certificate this is REQ represents a certification request and is not yet a valid certificate Send a certification request to a certification authorit...

Page 210: ...e a certificate that shows SELF in the Type field 1 Make sure that no other features such as HTTPS VPN SSH are configured to use the SELF certificate 2 Click the details icon next to another self sign...

Page 211: ...ibes the labels in this screen 18 4 2 My Certificates Create Screen Use this screen if you do not have an existing or issued certificate and want to have the NWA create a self signed certificate enrol...

Page 212: ...mmon Name is mandatory The certification authority may add fields such as a serial number to the subject information when it issues a certificate It is recommended that each certificate have unique su...

Page 213: ...send to the certification authority Copy the certification request from the My Certificate Details screen Section 18 4 3 on page 214 and then send it to the certification authority Create a certificat...

Page 214: ...case of a self signed certificate you can set it to be the one that the NWA uses to sign the trusted remote host certificates that you import to the NWA CA Certificate Select the certification author...

Page 215: ...NWA 3550 User s Guide 215 Click Certificates My Certificates to open the My Certificates screen Figure 130 on page 209 Click the details button to open the My Certificate Details screen Figure 133 Cer...

Page 216: ...s the only one in the list The NWA does not trust the certificate and displays Not trusted in this field if any certificate on the path has expired or been revoked Refresh Click Refresh to display the...

Page 217: ...icate s path MD5 Fingerprint This is the certificate s message digest that the NWA calculated using the MD5 algorithm SHA1 Fingerprint This is the certificate s message digest that the NWA calculated...

Page 218: ...cates Trusted CA Certificates This field displays the certificate index number The certificates are listed in alphabetical order Name This field displays the name used to identify this certificate Sub...

Page 219: ...to have the NWA check the CRL before trusting any certificates issued by the certification authority Otherwise the field displays No Details Click Details to view in depth information about the certi...

Page 220: ...ou want the NWA to check a certification authority s list of revoked certificates before trusting a certificate issued by the certification authority Table 71 Certificates Trusted CA Import LABEL DESC...

Page 221: ...ays the identifying name of this certificate If you want to change the name type up to 31 characters to identify this key certificate You may use any character not including spaces Property Check inco...

Page 222: ...ication authority Subject This field displays information that identifies the owner of the certificate such as Common Name CN Organizational Unit OU Organization O and Country C Issuer This field disp...

Page 223: ...verify a remote host s certificate before you import it into the NWA SHA1 Fingerprint This is the certificate s message digest that the NWA calculated using the SHA1 algorithm You cannot use this valu...

Page 224: ...key pair one public key and one private key 2 Tim keeps the private key and makes the public key openly available This means that anyone who receives a message seeming to come from Tim can read it an...

Page 225: ...how to check a certificate s fingerprint to verify that you have the actual certificate 1 Browse to where you have the certificate saved on your computer 2 Make sure that the certificate has a cer or...

Page 226: ...se a secure method to verify that the certificate owner has the same information in the Thumbprint Algorithm and Thumbprint fields The secure method may vary according to your situation Possible examp...

Page 227: ...ministrators to effectively monitor events errors progress etc so that when network problems or system failures occur the cause or origin can be traced Logs are also essential for auditing and keeping...

Page 228: ...them by their color in the View Log screen Alerts are displayed in red and logs are displayed in black Receiving Logs via Email If you want to receive logs in your email account you need to have the n...

Page 229: ...gs select All Logs The number of categories shown in the drop down list box depends on the selection in the Log Settings page Time This field displays the time the log was recorded Message This field...

Page 230: ...ress Info Mail Server Enter the server name or the IP address of the mail server for the e mail addresses specified below If this field is left blank logs and alert messages will not be sent via e mai...

Page 231: ...configure the frequency of log messages being sent as E mail Daily Weekly Hourly When Log is Full None If the Weekly or the Daily option is selected specify a time of day when the E mail should be se...

Page 232: ...address to a client SMT Login Successfully Someone has logged on to the NWA s SMT interface SMT Login Fail Someone has failed to log on to the NWA s SMT interface WEB Login Successfully Someone has lo...

Page 233: ...work 1 Redirect datagrams for the Host 2 Redirect datagrams for the Type of Service and Network 3 Redirect datagrams for the Type of Service and Host 8 Echo 0 Echo message 11 Time Exceeded 0 Time to l...

Page 234: ...n an individual NWA log category Use the sys logs clear command to erase all of the NWA s logs 19 6 5 Log Command Example This example shows how to set the NWA to record the error logs and alerts and...

Page 235: ...bove the NWA allows station A to connect to the internet but not to the server It allows station B to connect to the server but not to the Internet 20 2 What You Can Do in the VLAN Screen Use the Wire...

Page 236: ...screen See Section 20 5 3 on page 243 for more information Note To use RADIUS VLAN you must first select Enable VIRTUAL LAN and configure the Management VLAN ID in the VLAN Wireless VLAN screen The M...

Page 237: ...NWA 3500 NWA 3550 User s Guide 237 20 4 Wireless VLAN Screen Use this screen to enable and configure your Wireless Virtual LAN setup Click VLAN Wireless VLAN The following screen appears Figure 143 VL...

Page 238: ...use to connect to the NWA Index This is the index number of the SSID profile Name This is the name of the SSID profile SSID This is the SSID the profile uses VLAN ID Enter a VLAN ID number from 1 to...

Page 239: ...attributes sent from the RADIUS server do not match a configured Name field When you select this check box only users with names configured in this screen can access the network through the NWA VLAN...

Page 240: ...LAN VLAN ID 1 The following procedure shows you how to configure a tagged VLAN Note Use the out of band management port or console port to configure the switch if you misconfigure the management VLAN...

Page 241: ...the following steps in the switch web configurator 1 Click VLAN under Advanced Application 2 Click Static VLAN 3 Select the ACTIVE check box 4 Type a Name for the VLAN ID 5 Type a VLAN Group ID This s...

Page 242: ...ions in the Quick Start Guide to set up your NWA for configuration The NWA should be connected to the VLAN aware switch In the above example the switch is using port 1 to connect to your computer and...

Page 243: ...aware device you will lock yourself out of the NWA If this happens you must reset the NWA to access it again 20 5 3 Configuring Microsoft s IAS Server Example Dynamic VLAN assignment can be used with...

Page 244: ...ot matched the NWA uses the VLAN ID configured in the WIRELESS VLAN screen and the wireless station This VLAN ID is independent and hence different to the ID in the VLAN screen 20 5 3 1 Configuring VL...

Page 245: ...ong to which VLAN groups Click the Add button and configure the VLAN group details 3 Repeat the previous step to add each VLAN group required Figure 151 Add Group Members 20 5 3 2 Configuring Remote A...

Page 246: ...tion policy is still present it should be moved to the bottom or deleted to allow the VLAN Group policies to take precedence 1a 1 Right click Remote Access Policy and select New Remote Access Policy 1...

Page 247: ...e group value Figure 154 Adding VLAN Group 6 When the Permissions options screen displays select Grant remote access permission 6a Click Next to grant access based on group membership 6b Click the Edi...

Page 248: ...8 Click the Encryption tab Select the Strongest encryption option This step is not required for EAP MD5 but is performed as a safeguard Figure 157 Encryption Tab Settings 9 Click the IP tab and selec...

Page 249: ...IUS VLAN attributes required for 802 1X Dynamic VLAN Assignment Figure 158 Connection Attributes Screen 11 The RADIUS Attribute screen displays From the list three RADIUS attributes will be added Tunn...

Page 250: ...igure 160 802 Attribute Setting for Tunnel Medium Type 13 Return to the RADIUS Attribute Screen shown as Figure 159 on page 250 13a Select Tunnel Pvt Group ID 13b Click Add 14 The Attribute Informatio...

Page 251: ...Group ID 15 Return to the RADIUS Attribute Screen shown as Figure 159 on page 250 15a Select Tunnel Type 15b Click Add 16 The Enumerable Attribute Information screen displays 16a Select Virtual LANs...

Page 252: ...esemble the following screen Figure 163 Completed Advanced Tab Note Repeat the Configuring Remote Access Policies procedure for each VLAN Group defined in the Active Directory Remember to place the mo...

Page 253: ...with a VLAN ID incoming VLAN ID These incoming VLAN packets are forwarded to the NWA The NWA compares the VLAN ID in the packet header with each SSID s configured VLAN ID and second Rx VLAN ID setting...

Page 254: ...o restore the default configuration file 4 Select the SSID profile you want to configure SSID03 in this example and enter the VLAN ID number between 1 and 4094 5 Enter a Second Rx VLAN ID The followin...

Page 255: ...let connect choose this option For example if your company s graphic design team has their own NWA and they have 10 computers you can load balance for 10 Later if someone from the sales department vi...

Page 256: ...it for their turn or get shunted to the nearest identical AP The following figure depicts an NWA with a hard bandwidth limit of 6 Megabits per second Mbps Bandwidth up to 6 Mbps is considered balanced...

Page 257: ...een appears Figure 167 Load Balancing The following table describes the labels in this screen Table 82 Load Balancnig FIELD DESCRIPTION Enable Load Balancing Select this option to turn on wireless loa...

Page 258: ...oaded If you leave this unchecked then the AP simply delays the connection until it can afford the bandwidth it requires or it shunts the connection to another AP within its broadcast radius The kick...

Page 259: ...ck the connections that are pushing it over its balanced bandwidth allotment Figure 169 Kicking a Connection Connections are kicked based in either idle timeout or signal strength The NWA first looks...

Page 260: ...Chapter 21 Load Balancing NWA 3160 Series User s Guide 260...

Page 261: ...umerous APs broadcast within a given area they introduce the possibility of heightened radio interference especially if some or all of them are broadcasting on the same radio channel This can make acc...

Page 262: ...unused then set your device to use one of them But with Dynamic Channel Selection the NWA does this automatically 22 2 The DCS Screen Use this screen to configure your Dynamic Channel Selection option...

Page 263: ...switches channels are dropped DCS Allow Channel List 2 4G only Select the range of non overlapping channel numbers for which you want the NWA to scan and subsequently use if available DCS DFS Channel...

Page 264: ...Chapter 22 Dynamic Channel Selection NWA 3160 Series User s Guide 264...

Page 265: ...nformation such as port status packet specific statistics and bridge link status Also provided are system up time and poll interval s Use the Association List screen Section 23 5 on page 268 to view t...

Page 266: ...ntenance System Status The following table describes the labels in this screen 23 4 1 System Statistics Screen Use this screen to view diagnostic information about the NWA Click Maintenance Show Stati...

Page 267: ...rt connections can be in half duplex or full duplex mode Full duplex refers to a device s ability to send and receive simultaneously while half duplex indicates that traffic can flow in only one direc...

Page 268: ...the bridge connection is activated or not Remote Bridge MAC This is the MAC address of the peer device in bridge mode Status This shows the current status of the bridge connection which can be Up or...

Page 269: ...h the wireless station is associated Signal This field displays the RSSI Received Signal Strength Indicator of the wireless connection WDS Link This section displays only when bridge mode is activated...

Page 270: ...IBSS as one that doesn t See the chapter on wireless configuration for more information on basic service sets BSS and extended service sets ESS MAC Address This field displays the MAC address of the A...

Page 271: ...t In some operating systems you may see the following icon on your desktop Figure 178 Network Temporarily Disconnected After two minutes log in again and check your new firmware version in the System...

Page 272: ...Screen Use this screen backup or upload your NWA s configuration file You can also reset the configuration of your device in this screen Click Maintenance Configuration The following figure displays...

Page 273: ...upload is in progress After you see a restore configuration successful screen you must then wait one minute before logging into the NWA again Figure 181 Configuration Upload Successful The NWA automa...

Page 274: ...ar Click Return to go back to the Configuration screen Figure 183 Configuration Upload Error 23 8 3 Back to Factory Defaults Pressing the Reset button in this section clears all user entered configura...

Page 275: ...Maintenance NWA 3500 NWA 3550 User s Guide 275 Click Maintenance Restart The following screen displays Click Restart to have the NWA reboot This does not affect the NWA s configuration Figure 185 Rest...

Page 276: ...Chapter 23 Maintenance NWA 3500 NWA 3550 User s Guide 276...

Page 277: ...277 PART III Troubleshooting and Specifications Troubleshooting 279 Product Specifications 285...

Page 278: ...278...

Page 279: ...shooting 24 1 Power and Hardware Connections The NWA does not turn on 1 Make sure you are using the PoE power injector included with the NWA 2 Make sure the PoE power injector is connected to the NWA...

Page 280: ...address Section 14 4 on page 176 use the new IP address If you changed the IP address and have forgotten it see the troubleshooting suggestions for I forgot the IP address for the NWA 2 Check the hard...

Page 281: ...t to access the NWA Log out of the NWA in the other session or ask the person who is logged in to log out 3 Disconnect and re connect the power adaptor or cord to the NWA 4 If this does not work you h...

Page 282: ...ur ISP I cannot access the Internet anymore I had access to the Internet with the NWA but my Internet connection is not available anymore 1 Check the hardware connections See the Quick Start Guide 2 R...

Page 283: ...s LAN is enabled on the NWA 2 Make sure the wireless adapter on the wireless client is working properly 3 Make sure the wireless adapter installed on your computer is IEEE 802 11 compatible and suppor...

Page 284: ...Chapter 24 Troubleshooting NWA 3500 NWA 3550 User s Guide 284...

Page 285: ...cables Power over Ethernet PoE IEEE 802 3af compliant Antenna Specifications Two external antenna connectors N Type Output Power IEEE 802 11b g 17 dBm IEEE 802 11a 14 dBm Operating Environment Tempera...

Page 286: ...s associated with your NWA from communicating with other wireless clients APs computers or routers in a network Multiple BSSID MBSSID MBSSID mode allows the NWA to operate up to 8 different wireless n...

Page 287: ...ded FTP and TFTP Servers The embedded FTP and TFTP servers enable fast firmware upgrades as well as configuration file backups and restoration Auto Configuration Administrators can use text configurat...

Page 288: ...try Canada RSS 210 Australia AS NZS 4268 EMC EMI USA FCC Part 15 Subpart B EU EN 301 489 17 V1 2 1 08 2002 EN 55022 2006 Canada ICES 003 Australia AS NZS CISPR22 EMC EMS EU EN 301 489 1 V1 5 1 11 2004...

Page 289: ...in dBi 8 9 14 18 6 8 8 18 Max VSWR 2 0 1 1 5 1 1 5 1 1 5 1 2 0 1 2 0 1 2 0 1 2 0 1 HPBW Horizontal 360 65 30 15 65 50 360 18 HPBW Vertical 15 60 30 5 75 50 20 18 Impedance Ohm 50 50 50 50 50 50 50 Con...

Page 290: ...N PLUG to N PLUG for 6M 91 005 075002G N PLUG to N PLUG for 9M 91 005 075003G N PLUG to N PLUG for 12M 91 005 075004G N PLUG to N PLUG for 1M LMR 200 91 005 074001G N PLUG to RP SMA PLUG for 3M 91 005...

Page 291: ...ing Up Your Computer s IP Address 293 Wireless LANs 319 Pop up Windows JavaScripts and Java Permissions 335 Importing Certificates 343 IP Addresses and Subnetting 369 Text File Based Auto Configuratio...

Page 292: ...292...

Page 293: ...P 2000 Mac OS 9 OS X and all versions of UNIX LINUX include the software components you need to use TCP IP on your computer If you manually assign IP information instead of using a dynamic IP make sur...

Page 294: ...Up Your Computer s IP Address NWA 3500 NWA 3550 User s Guide 294 1 Click Start Control Panel Figure 186 Windows XP Start Menu 2 In the Control Panel click the Network Connections icon Figure 187 Windo...

Page 295: ...Guide 295 3 Right click Local Area Connection and then select Properties Figure 188 Windows XP Control Panel Network Connections Properties 4 On the General tab select Internet Protocol TCP IP and the...

Page 296: ...P address that was assigned to you by your network administrator or ISP You may also have to enter a Preferred DNS server and an Alternate DNS server if that information was provided 7 Click OK to clo...

Page 297: ...ection shows screens from Windows Vista Professional 1 Click Start Control Panel Figure 191 Windows Vista Start Menu 2 In the Control Panel click the Network and Internet icon Figure 192 Windows Vista...

Page 298: ...connections Figure 194 Windows Vista Network and Sharing Center 5 Right click Local Area Connection and then select Properties Figure 195 Windows Vista Network and Sharing Center Note During this pro...

Page 299: ...x A Setting Up Your Computer s IP Address NWA 3500 NWA 3550 User s Guide 299 6 Select Internet Protocol Version 4 TCP IPv4 and then select Properties Figure 196 Windows Vista Local Area Connection Pro...

Page 300: ...atic IP address that was assigned to you by your network administrator or ISP You may also have to enter a Preferred DNS server and an Alternate DNS server if that information was provided Click Advan...

Page 301: ...e 301 Mac OS X 10 3 and 10 4 The screens in this section are from Mac OS X 10 4 but can also apply to 10 3 1 Click Apple System Preferences Figure 198 Mac OS X 10 4 Apple Menu 2 In the System Preferen...

Page 302: ...rences pane opens select Built in Ethernet from the network connection type list and then click Configure Figure 200 Mac OS X 10 4 Network Preferences 4 For dynamically assigned settings select Using...

Page 303: ...tatically assigned settings do the following From the Configure IPv4 list select Manually In the IP Address field type your IP address In the Subnet Mask field type your subnet mask In the Router fiel...

Page 304: ...tings Check your TCP IP properties by clicking Applications Utilities Network Utilities and then selecting the appropriate Network Interface from the Info tab Figure 203 Mac OS X 10 4 Network Utility...

Page 305: ...Appendix A Setting Up Your Computer s IP Address NWA 3500 NWA 3550 User s Guide 305 2 In System Preferences click the Network icon Figure 205 Mac OS X 10 5 Systems Preferences...

Page 306: ...ist of available connection types Figure 206 Mac OS X 10 5 Network Preferences Ethernet 4 From the Configure list select Using DHCP for dynamically assigned settings 5 For statically assigned settings...

Page 307: ...tting Up Your Computer s IP Address NWA 3500 NWA 3550 User s Guide 307 In the Router field enter the IP address of your NWA Figure 207 Mac OS X 10 5 Network Preferences Ethernet 6 Click Apply and clos...

Page 308: ...Linux Ubuntu 8 GNOME This section shows you how to configure your computer s TCP IP settings in the GNU Object Model Environment GNOME using the Ubuntu 8 Linux distribution The procedure screens and f...

Page 309: ...ure 209 Ubuntu 8 System Administration Menu 2 When the Network Settings window opens click Unlock to open the Authenticate window By default the Unlock button is greyed out until clicked You cannot ma...

Page 310: ...icate window enter your admin account name and password then click the Authenticate button Figure 211 Ubuntu 8 Administrator Account Authentication 4 In the Network Settings window select the connecti...

Page 311: ...operties In the Configuration list select Automatic Configuration DHCP if you have a dynamic IP address In the Configuration list select Static IP address if you have a static IP address Fill in the I...

Page 312: ...in the Network Settings window and then enter the DNS server information in the fields provided Figure 214 Ubuntu 8 Network Settings DNS 8 Click the Close button to apply the changes Verifying Setting...

Page 313: ...w to configure your computer s TCP IP settings in the K Desktop Environment KDE using the openSUSE 10 3 Linux distribution The procedure screens and file locations may vary depending on your specific...

Page 314: ...500 NWA 3550 User s Guide 314 1 Click K Menu Computer Administrator Settings YaST Figure 216 openSUSE 10 3 K Menu Computer Menu 2 When the Run as Root KDE su dialog opens enter the admin password and...

Page 315: ...window opens select Network Devices and then click the Network Card icon Figure 218 openSUSE 10 3 YaST Control Center 4 When the Network Settings window opens click the Overview tab select the approp...

Page 316: ...click the Address tab Figure 220 openSUSE 10 3 Network Card Setup 6 Select Dynamic Address DHCP if you have a dynamic IP address Select Statically assigned IP Address if you have a static IP address F...

Page 317: ...r s Guide 317 8 If you know your DNS server IP address es click the Hostname DNS tab in Network Settings and then enter the DNS server information in the fields provided Figure 221 openSUSE 10 3 Netwo...

Page 318: ...on the Task bar to check your TCP IP properties From the Options sub menu select Show Connection Information Figure 222 openSUSE 10 3 KNetwork Manager When the Connection Status KNetwork Manager wind...

Page 319: ...endent network which is commonly referred to as an ad hoc network or Independent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an...

Page 320: ...xtended Service Set ESS consists of a series of overlapping BSSs each containing an access point with each access point connected together by a wired network This wired connection between APs is calle...

Page 321: ...t AP access point to reduce interference Interference occurs when radio signals from different access points overlap causing interference and degrading performance Adjacent channels partially overlap...

Page 322: ...must first send an RTS Request To Send message to the AP for permission to send it The AP then responds with a CTS Clear to Send message to all other stations within its range to notify them to defer...

Page 323: ...ngth of the synchronization field in a packet Short preamble increases performance as less time sending preamble means more time for sending data All IEEE 802 11b g compliant wireless adapters support...

Page 324: ...igure shows the relative effectiveness of these wireless security methods available on your NWA Note You must enable the same wireless security settings on the NWA and on all wireless clients that you...

Page 325: ...the wireless clients RADIUS RADIUS is based on a client server model that supports authentication authorization and accounting The access point is the client and the server is the RADIUS server The R...

Page 326: ...and LEAP Your wireless LAN device may not support all authentication types EAP Extensible Authentication Protocol is an authentication protocol that runs on top of the IEEE 802 1x transport mechanism...

Page 327: ...ssive attacks A digital certificate is an electronic ID card that authenticates the sender s identity However to implement EAP TLS you need a Certificate Authority CA to handle certificates which impo...

Page 328: ...2 Wi Fi Protected Access WPA is a subset of the IEEE 802 11i standard WPA2 IEEE 802 11i is a wireless security standard that defines stronger encryption authentication and key management than WPA Key...

Page 329: ...Pairwise Master Key PMK key to the AP that then sets up a key hierarchy and management system using the PMK to dynamically generate unique data encryption keys to encrypt every data packet that is wi...

Page 330: ...tication enables fast roaming by allowing the wireless client already connecting to an AP to perform IEEE 802 1x authentication with another AP before connecting to it Wireless Client WPA Supplicants...

Page 331: ...wireless clients Figure 228 WPA 2 with RADIUS Application Example WPA 2 PSK Application Example A WPA 2 PSK application looks as follows 1 First enter identical passwords into the AP and all wireless...

Page 332: ...l type MAC address filters are not dependent on how you configure these security features Table 101 Wireless Security Relational Matrix AUTHENTICATION METHOD KEY MANAGEMENT PROTOCOL ENCRYPTIO N METHOD...

Page 333: ...overage area Antenna Gain Antenna gain measured in dB decibel is the increase in coverage within the RF beam width Higher antenna gain improves the range of the signal for better communications For an...

Page 334: ...grees very directional to 120 degrees less directional Directional antennas are ideal for hallways and outdoor point to point applications Positioning Antennas In general antennas should be mounted as...

Page 335: ...rnet Explorer versions may vary Internet Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Ser...

Page 336: ...x in the Pop up Blocker section of the screen This disables any web pop up blockers you may have enabled Figure 231 Internet Options Privacy 3 Click Apply to save this setting Enable pop up Blockers w...

Page 337: ...00 NWA 3550 User s Guide 337 2 Select Settings to open the Pop up Blocker Settings screen Figure 232 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to...

Page 338: ...ck Add to move the IP address to the list of Allowed sites Figure 233 Pop up Blocker Settings 5 Click Close to return to the Privacy screen 6 Click Apply to save this setting JavaScripts If pages of t...

Page 339: ...xplorer click Tools Internet Options and then the Security tab Figure 234 Internet Options Security 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that E...

Page 340: ...lick OK to close the window Figure 235 Security Settings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button...

Page 341: ...s NWA 3500 NWA 3550 User s Guide 341 5 Click OK to close the window Figure 236 Security Settings Java JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make su...

Page 342: ...Appendix C Pop up Windows JavaScripts and Java Permissions NWA 3500 NWA 3550 User s Guide 342 3 Click OK to close the window Figure 237 Java Sun...

Page 343: ...cates These can be used by web browsers on a LAN or WAN to verify that they are in fact connecting to the legitimate device and not one masquerading as it However because the certificates were not iss...

Page 344: ...the first time you browse to it you are presented with a certification error Figure 238 Internet Explorer 7 Certification Error 2 Click Continue to this website not recommended Figure 239 Internet Ex...

Page 345: ...A 3500 NWA 3550 User s Guide 345 4 In the Certificate dialog box click Install Certificate Figure 241 Internet Explorer 7 Certificate 5 In the Certificate Import Wizard click Next Figure 242 Internet...

Page 346: ...matically select certificate store based on the type of certificate click Next again and then go to step 9 Figure 243 Internet Explorer 7 Certificate Import Wizard 7 Otherwise select Place all certifi...

Page 347: ...t Certificate Store dialog box choose a location in which to save the certificate and then click OK Figure 245 Internet Explorer 7 Select Certificate Store 9 In the Completing the Certificate Import W...

Page 348: ...lly click OK when presented with the successful certificate installation message Figure 248 Internet Explorer 7 Certificate Import Wizard 12 The next time you start Internet Explorer and go to a ZyXEL...

Page 349: ...one has been issued to you 1 Double click the public key certificate file Figure 250 Internet Explorer 7 Public Key Certificate File 2 In the security warning dialog box click Open Figure 251 Interne...

Page 350: ...00 NWA 3550 User s Guide 350 1 Open Internet Explorer and click Tools Internet Options Figure 252 Internet Explorer 7 Tools Menu 2 In the Internet Options dialog box click Content Certificates Figure...

Page 351: ...icates Authorities tab select the certificate that you want to delete and then click Remove Figure 254 Internet Explorer 7 Certificates 4 In the Certificates confirmation click Yes Figure 255 Internet...

Page 352: ...following example uses Mozilla Firefox 2 on Windows XP Professional however the screens can also apply to Firefox 2 on all platforms 1 If your device s web configurator is set to use SSL certificatio...

Page 353: ...to open the Page Info Security window to view the web page s security information Figure 258 Firefox 2 Page Info Installing a Stand Alone Certificate File in Firefox Rather than browsing to a ZyXEL w...

Page 354: ...3500 NWA 3550 User s Guide 354 2 In the Options dialog box click Advanced Encryption View Certificates Figure 260 Firefox 2 Options 3 In the Certificate Manager dialog box click Web Sites Import Figu...

Page 355: ...Firefox 2 Select File 5 The next time you visit the web site click the padlock in the address bar to open the Page Info Security window to see the web page s security information Removing a Certificat...

Page 356: ...n the Options dialog box click Advanced Encryption View Certificates Figure 264 Firefox 2 Options 3 In the Certificate Manager dialog box select the Web Sites tab select the certificate that you want...

Page 357: ...blic key certificate you just removed a certification error appears Opera The following example uses Opera 9 on Windows XP Professional however the screens can apply to Opera 9 on all platforms 1 If y...

Page 358: ...w to view the web page s security details Figure 268 Opera 9 Security information Installing a Stand Alone Certificate File in Opera Rather than browsing to a ZyXEL web configurator and installing a p...

Page 359: ...Appendix D Importing Certificates NWA 3500 NWA 3550 User s Guide 359 2 In Preferences click Advanced Security Manage certificates Figure 270 Opera 9 Preferences...

Page 360: ...NWA 3550 User s Guide 360 3 In the Certificates Manager click Authorities Import Figure 271 Opera 9 Certificate manager 4 Use the Import certificate dialog box to locate the certificate and then click...

Page 361: ...stall authority certificate 6 Next click OK Figure 274 Opera 9 Install authority certificate 7 The next time you visit the web site click the padlock in the address bar to open the Security informatio...

Page 362: ...porting Certificates NWA 3500 NWA 3550 User s Guide 362 1 Open Opera and click Tools Preferences Figure 275 Opera 9 Tools Menu 2 In Preferences Advanced Security Manage certificates Figure 276 Opera 9...

Page 363: ...ificate you just removed a certification error appears Note There is no confirmation when you delete a certificate authority so be absolutely certain that you want to go through with it before clickin...

Page 364: ...queror 3 5 Server Authentication 3 Click Forever when prompted to accept the certificate Figure 279 Konqueror 3 5 Server Authentication 4 Click the padlock in the address bar to open the KDE SSL Infor...

Page 365: ...en prompted you can install a stand alone certificate file if one has been issued to you 1 Double click the public key certificate file Figure 281 Konqueror 3 5 Public Key Certificate File 2 In the Ce...

Page 366: ...security details Removing a Certificate in Konqueror This section shows you how to remove a public key certificate in Konqueror 3 5 1 Open Konqueror and click Settings Configure Konqueror Figure 284...

Page 367: ...e next time you go to the web site that issued the public key certificate you just removed a certification error appears Note There is no confirmation when you remove a certificate authority so be abs...

Page 368: ...Appendix D Importing Certificates NWA 3500 NWA 3550 User s Guide 368...

Page 369: ...mber and the other part is the host ID In the same way that houses on a street share a common street name the hosts on a network share a common network number Similarly as each house has its own house...

Page 370: ...and which bits are part of the host ID using a logical AND operation The term subnet is short for sub network A subnet mask has 32 bits If a bit in the subnet mask is a 1 then the corresponding bit in...

Page 371: ...k number determines the maximum number of possible hosts you can have on your network The larger the number of network number bits the smaller the number of remaining host ID bits An IP address with h...

Page 372: ...ess For example 192 1 1 0 25 is equivalent to saying 192 1 1 0 with subnet mask 255 255 255 128 The following table shows some possible subnet masks using both notations Table 104 Maximum Host Numbers...

Page 373: ...s is 192 168 1 0 The first three octets of the address 192 168 1 are the network number and the remaining octet is the host ID allowing a maximum of 28 2 or 254 possible hosts The following figure sho...

Page 374: ...55 255 128 is subnet A itself and 192 168 1 127 with mask 255 255 255 128 is its broadcast address Therefore the lowest IP address that can be assigned to an actual host for subnet A is 192 168 1 1 an...

Page 375: ...UMBER LAST OCTET BIT VALUE IP Address 192 168 1 64 IP Address Binary 11000000 10101000 00000001 01000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 64 Lowest Host...

Page 376: ...192 168 1 255 Highest Host ID 192 168 1 254 Table 109 Subnet 4 continued IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE Table 110 Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BR...

Page 377: ...vate use please do not use any other number unless you are told otherwise You must also enable Network Address Translation NAT on the NWA Once you have decided on the network number pick an IP address...

Page 378: ...works 10 0 0 0 10 255 255 255 172 16 0 0 172 31 255 255 192 168 0 0 192 168 255 255 You can obtain your IP address from the IANA from an ISP or it can be assigned from a private network If you belong...

Page 379: ...ew You can use plain text configuration files to configure the wireless LAN settings on multiple APs The AP can automatically get a configuration file from a TFTP server at startup or after renewing D...

Page 380: ...ad the file from the specified TFTP server The AP then uses the file to configure wireless LAN settings Note Not all DHCP servers allow you to specify options 66 and 67 Manual Configuration Use the fo...

Page 381: ...e must use the following format Figure 290 Configuration File Format The first line must be ZYXEL PROWLAN Table 115 Configuration via SNMP STEPS MIB VARIABLE VALUE Step 1 pwTftpServer Set the IP addre...

Page 382: ...age with the line number and reason for the first error subsequent errors during the processing of an individual configuration file are not recorded You can use SNMP management software to display the...

Page 383: ...index 1 wcfg security save wcfg ssid 1 name ssid wep wcfg ssid 1 security Test wep wcfg ssid 1 l2iolation disable wcfg ssid 1 macfilter disable wcfg ssid save ZYXEL PROWLAN VERSION 12 wcfg security 2...

Page 384: ...Test wpapsk wcfg security 3 mode wpapsk wcfg security 3 passphrase qwertyuiop wcfg security 3 reauthtime 1800 wcfg security 3 idletime 3600 wcfg security 3 groupkeytime 1800 wcfg security save wcfg ss...

Page 385: ...Test 8021x wcfg ssid 2 radius radius rd wcfg ssid 3 name ssid wpapsk wcfg ssid 3 security Test wpapsk wcfg ssid 4 name ssid wpa2psk wcfg ssid 4 security Test wpa2psk wcfg ssid save line starting with...

Page 386: ...Appendix F Text File Based Auto Configuration NWA 3500 NWA 3550 User s Guide 386...

Page 387: ...arising out of the application or use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the...

Page 388: ...evision reception which can be determined by turning the device off and on the user is encouraged to try to correct the interference by one or more of the following measures 1 Reorient or relocate the...

Page 389: ...yXEL Limited Warranty ZyXEL warrants to the original end user purchaser that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase...

Page 390: ...e or purpose ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser To obtain the services of this warranty contact your vendor You may also refer to...

Page 391: ...8 authentication server 23 auto configuration 379 auto configuration status 382 B backup 272 Basic Service Set 120 see BSS bridge 24 25 Bridge Protocol Data Units BPDUs 132 Bridge Repeater 23 24 BSS 2...

Page 392: ...al setup 112 guest SSID 27 H hidden node 321 honeypot attack 181 host 114 host ID 110 humidity 285 286 I IANA 110 378 IBSS 319 IEEE 802 11g 323 IEEE 802 1x 23 in band management 240 Independent Basic...

Page 393: ...329 331 password 113 286 path cost 132 PoE 290 power specification 285 power specifications 285 290 preamble mode 323 pre configured profiles 27 priorities 138 prioritization 23 private IP address 11...

Page 394: ...to configuration 287 379 TFTP restrictions 189 time setting 116 time sensitive 23 trademarks 387 traffic security 23 U use 23 V Virtual Local Area Network 235 VLAN 235 255 261 VoIP 23 27 145 VoIP SSID...

Page 395: ...Guide 395 WPA2 23 328 user authentication 330 vs WPA2 PSK 329 wireless client supplicant 330 with RADIUS application example 330 WPA2 Pre Shared Key 328 WPA2 PSK 328 329 application example 331 WPA P...

Page 396: ...Index NWA 3500 NWA 3550 User s Guide 396...

Search results

Summary of Contents for 802.11a/g Wireless CardBus Card ZyXEL AG-120

Reviews:

Related manuals for 802.11a/g Wireless CardBus Card ZyXEL AG-120

Brands by name

Popular brands

ZyXEL Communications 802.11a/g Wireless CardBus Card ZyXEL AG-120, User Manual

Search results

Summary of Contents for 802.11a/g Wireless CardBus Card ZyXEL AG-120

Reviews:

Related manuals for 802.11a/g Wireless CardBus Card ZyXEL AG-120

Brands by name

Popular brands