manualshive.com logo in svg

ZyXEL Communications NWA 1121-NI -, User Manual

Share
Download
ZyXEL Communications NWA 1121-NI - User Manual Download Page 16

Chapter 1 Introducing the NWA1121-NI

NWA1121-NI User’s Guide

16

1.4  Configuring Your NWA1121-NI’s Security Features

Your NWA1121-NI comes with a variety of security features. This section summarizes these 
features and provides links to sections in the User’s Guide to configure security settings on your 
NWA1121-NI. Follow the suggestions below to improve security on your NWA1121-NI and network. 

1.4.1  Control Access to Your Device

Ensure only people with permission can access your NWA1121-NI.

• Control physical access by locating devices in secure areas, such as locked rooms. Most 

NWA1121-NIs have a reset button. If an unauthorized person has access to the reset button, 
they can then reset the device’s password to its default password, log in and reconfigure its 
settings.

• Change any default passwords on the NWA1121-NI, such as the password used for accessing the 

NWA1121-NI’s web configurator (if it has a web configurator). Use a password with a 
combination of letters and numbers and change your password regularly. Write down the 
password and put it in a safe place.

• See 

Section 11.5 on page 121

 for instructions on changing your password.

• Configure remote management to control who can manage your NWA1121-NI. See 

Chapter 9 on 

page 101

 for more information. If you enable remote management, ensure you have enabled 

remote management only on the IP addresses, services or interfaces you intended and that other 
remote management settings are disabled.

1.4.2  Wireless Security 

Wireless devices are especially vulnerable to attack. Take the following measures to improve 
wireless security.

• Enable wireless security on your NWA1121-NI. Choose the most secure encryption method that 

all devices on your network support. See 

Section 6.6 on page 74

 for directions on configuring 

encryption. If you have a RADIUS server, enable IEEE 802.1x or WPA(2) user identification on 
your network so users must log in. This method is more common in business environments.   

• Hide your wireless network name (SSID). The SSID can be regularly broadcast and unauthorized 

users may use this information to access your network. See 

Section 6.5 on page 72

 for directions 

on using the web configurator to hide the SSID. 

• Enable the MAC filter to allow only trusted users to access your wireless network or deny 

unwanted users access based on their MAC address. See 

Section 6.8 on page 89

 for directions on 

configuring the MAC filter. 

1.5  Good Habits for Managing the NWA1121-NI

Do the following things regularly to make the NWA1121-NI more secure and to manage it more 
effectively.

• Change the password. Use a password that’s not easy to guess and that consists of different 

types of characters, such as numbers and letters.

• Write down the password and put it in a safe place.

Summary of Contents for NWA 1121-NI -

Page 1: ...n PoE Access Point IMPORTANT READ CAREFULLY BEFORE USE KEEP THIS GUIDE FOR FUTURE REFERENCE Copyright 2012 ZyXEL Communications Corporation Version 1 00 Edition 1 03 2012 Default Login Details IP Address http 192 168 1 2 User Name admin Password 1234 ...

Page 2: ...rom the product due to differences in operating systems operating system versions or if you installed updated firmware software for your device Every effort has been made to ensure that the information in this manual is accurate Related Documentation Quick Start Guide The Quick Start Guid is designed to help you get up and running right away ...

Page 3: ...tents Overview User s Guide 9 Introducing the NWA1121 NI 11 Introducing the Web Configurator 19 Dashboard 25 Tutorial 29 Technical Reference 47 Monitor 49 Wireless LAN 55 LAN 94 VLAN 98 System 101 Log Settings 115 Maintenance 119 Troubleshooting 127 ...

Page 4: ...Contents Overview NWA1121 NI User s Guide 4 ...

Page 5: ...nfiguring Your NWA1121 NI s Security Features 16 1 4 1 Control Access to Your Device 16 1 4 2 Wireless Security 16 1 5 Good Habits for Managing the NWA1121 NI 16 1 6 Hardware Connections 17 1 7 LED 17 Chapter 2 Introducing the Web Configurator 19 2 1 Accessing the Web Configurator 19 2 2 Resetting the NWA1121 NI 20 2 2 1 Methods of Restoring Factory Defaults 21 2 3 Navigating the Web Configurator ...

Page 6: ...WA1121 NI in MBSSID or Root AP Mode 39 4 3 3 Configuring the NWA1121 NI in Wireless Client Mode 42 4 3 4 MAC Filter Setup 44 4 3 5 Testing the Connection and Troubleshooting 45 Part II Technical Reference 47 Chapter 5 Monitor 49 5 1 Overview 49 5 2 What You Can Do 49 5 3 View Logs 49 5 4 Statistics 50 5 5 Association List 51 5 6 Channel Usage 52 Chapter 6 Wireless LAN 55 6 1 Overview 55 6 2 What Y...

Page 7: ...7 3 What You Need to Know 94 7 4 LAN IP Screen 96 Chapter 8 VLAN 98 8 1 Overview 98 8 1 1 What You Can Do in This Chapter 98 8 2 What You Need to Know 98 8 3 VLAN Screen 99 Chapter 9 System 101 9 1 Overview 101 9 2 What You Can Do in this Chapter 101 9 3 What You Need To Know 102 9 4 WWW Screen 104 9 5 Certificates Screen 105 9 6 Telnet Screen 106 9 7 SNMP Screen 107 9 8 FTP Screen 110 9 9 Technic...

Page 8: ... Firmware Upgrade Screen 123 11 8 Configuration File Screen 124 11 8 1 Backup Configuration 124 11 8 2 Restore Configuration 124 11 8 3 Back to Factory Defaults 125 11 9 Restart Screen 125 Chapter 12 Troubleshooting 127 12 1 Power Hardware Connections and LEDs 127 12 2 NWA1121 NI Access and Login 128 12 3 Internet Access 129 Appendix A Setting Up Your Computer s IP Address 131 Appendix B Pop up Wi...

Page 9: ...9 PART I User s Guide ...

Page 10: ...10 ...

Page 11: ...WEP data encryption Its Quality of Service QoS features allow you to prioritize time sensitive or highly important applications such as VoIP Your NWA1121 NI is easy to install configure and use The embedded Web based configurator enables simple straightforward management and maintenance See the Quick Start Guide for instructions on how to make hardware connections 1 2 Wireless Modes The NWA1121 NI...

Page 12: ... the network each SSID appears to be a different access point As in any wireless network clients can associate only with the SSIDs for which they have the correct security settings For example you might want to set up a wireless network in your office where Internet telephony VoIP users have priority You also want a regular wireless network for standard users as well as a guest wireless network fo...

Page 13: ... Wireless Client The NWA1121 NI can be used as a wireless client to communicate with an existing network In the figure below the printer can receive requests from the wired computer clients A and B via the NWA1121 NI in Client mode Z Figure 2 Wireless Client Application ...

Page 14: ... independent of the security between the wireless clients and the AP or repeater If you do not enable universal repeater security traffic between APs is not encrypted When universal repeater security is enabled both APs and repeaters must use the same pre shared key See Section 6 6 on page 74 for more details Unless specified the term security settings refers to the traffic between the wireless cl...

Page 15: ...ncrypted When universal repeater security is enabled both APs and repeaters must use the same pre shared key See Section 6 6 on page 74 for more details Once the security settings of peer sides match one another the connection between devices is made At the time of writing universal repeater security is compatible with the NWA1121 NI only 1 3 Ways to Manage the NWA1121 NI Use any of the following ...

Page 16: ...u enable remote management ensure you have enabled remote management only on the IP addresses services or interfaces you intended and that other remote management settings are disabled 1 4 2 Wireless Security Wireless devices are especially vulnerable to attack Take the following measures to improve wireless security Enable wireless security on your NWA1121 NI Choose the most secure encryption met...

Page 17: ... have to totally re configure the NWA1121 NI You could simply restore your last configuration 1 6 Hardware Connections See your Quick Start Guide for information on making hardware connections 1 7 LED Figure 5 LED Table 1 LED COLOR STATUS DESCRIPTION Amber On There is system error and the NWA1121 NI cannot boot up or the NWA1121 NI doesn t have an Ethernet connection with the LAN Flashing The NWA1...

Page 18: ...Chapter 1 Introducing the NWA1121 NI NWA1121 NI User s Guide 18 ...

Page 19: ...e your computer or computer network to connect to the NWA1121 NI refer to the Quick Start Guide 2 Launch your web browser 3 Type 192 168 1 2 as the URL default The login screen appears Figure 6 The Login Screen 4 Type admin as the default username and 1234 as the default password Click Login 5 You should see a screen asking you to change your password highly recommended as shown next Type a new pa...

Page 20: ... Figure 7 Change Password Screen You should now see the Dashboard screen See Chapter 2 on page 19 for details about the Dashboard screen 2 2 Resetting the NWA1121 NI If you forget your password or cannot access the web configurator you will need to use the RESET button at the rear panel of the NWA1121 NI This replaces the current configuration file with the ...

Page 21: ... Button 2 2 1 Methods of Restoring Factory Defaults You can erase the current configuration and restore factory defaults in two ways Use the RESET button to upload the default configuration file Hold this button in for about 3 seconds the light will begin to blink Use this method for cases when the password or IP address of the NWA1121 NI is not known Use the web configurator to restore defaults r...

Page 22: ...om the Dashboard screen Figure 9 Status Screen of the Web Configurator As illustrated above the Web Configurator screen is divided into these parts A title bar B navigation panel C main window 2 3 1 Title Bar Click Logout at any time to exit the Web Configurator Click ZAbout to open the about window which provides information of the boot module and driver versions A B C ...

Page 23: ... for your NWA1121 NI Security Use this screen to configure wireless security profiles on the NWA1121 NI RADIUS Use this screen to configure up to four RADIUS profiles MAC Filter Use this screen to configure MAC filtering profiles LAN Use this screen to configure the NWA1121 NI s LAN IP address VLAN Use this screen to configure the NWA1121 NI s VLAN settings System WWW Use this screen to configure ...

Page 24: ...d configuration fields It is discussed in the rest of this document Configuration File Use this screen to backup and restore your device s configuration settings or reset the factory default settings Restart Use this screen to reboot the NWA1121 NI without turning the power off Table 2 Navigation Panel Summary LINK TAB FUNCTION ...

Page 25: ...he current status of the device system resources and interfaces The Dashboard screens also provide detailed information about system statistics associated wireless clients and logs 3 1 The Dashboard Screen Use this screen to get a quick view of system Ethernet WLAN and other information regarding your NWA1121 NI Click Dashboard The following screen displays Figure 10 The Dashboard Screen ...

Page 26: ... of possible hosts on a network You can also use subnet masks to divide one network into multiple sub networks Gateway IP Address This is the IP address of the gateway The gateway is a router or switch on the same network segment as the device s LAN port The gateway helps forward packets to their destinations IPv6 Address This field displays the current IPv6 address es of the NWA1121 NI on the net...

Page 27: ...I is using the interface For each interface this field displays Up when the NWA1121 NI is using the interface and Down when the NWA1121 NI is not using the interface Channel This shows the channel number which the NWA1121 NI is currently using over the wireless LAN Rate For the LAN port this displays the port speed and duplex setting For the WLAN interface it displays the downstream and upstream t...

Page 28: ...Chapter 3 Dashboard NWA1121 NI User s Guide 28 ...

Page 29: ... NI to access a wireless network See Section 1 2 2 on page 13 for details Use Root AP operating mode if you want to allow wireless clients to access your wired network through the NWA1121 NI and also have repeaters communicate with the NWA1121 NI to expand wireleass coverage See Section 1 2 3 on page 14 for details Use Repeater operating mode if you want to use the NWA1121 NI to communicate with t...

Page 30: ...profiles 2 Change the operating mode from Root AP to MBSSID and reactivate the standard network 3 Configure different security modes for the networks 4 Configure a wireless network for standard office use 5 Configure a wireless network for VoIP users 6 Configure a wireless network for guests to your office The following figure shows the multiple networks you want to set up Your NWA1121 NI is marke...

Page 31: ...xample 4 2 1 Configure the SSID Profiles 1 Log in to the NWA1121 NI see Section 2 1 on page 19 Click Wireless LAN SSID The SSID screen appears 2 Click the Edit icon next to the Profile1 3 Rename the Profile Name and SSID as SSID01 Click Apply 4 Repeat Step 2 and 3 to change Profile2 and Profile3 to VoIP_SSID and Guest_SSID Table 4 Tutorial Example Information Network router A MAC address 00 AA 00 ...

Page 32: ... the Operation Mode drop down list box 2 SSID01 is the standard network so select SSID01 as the first profile It is always active 3 Select VoIP_SSID as the second profile and Guest_SSID as the third profile Select the corresponding Active check boxes 4 Click Apply to save your settings Now the three SSIDs are activated ...

Page 33: ... as SSID01 s security profile Select the Hidden SSID checkbox as you want only authorized company employees to use this network so there is no need to broadcast the SSID to wireless clients scanning the area Also the clients on SSID01 might need to access other clients on the same wireless network Do not select the Intra BSS Traffic blocking check box Click Apply ...

Page 34: ...re secure security mode Select WPA2 PSK MIX as the Security Mode and enter the Pre Shared Key In this example use ThisisSSID01PreSharedKey Click Apply 5 You have finished configuring the standard network SSID01 4 2 3 Configure the VoIP Network 1 Go to Wireless LAN SSID Click the Edit icon next to VoIP_SSID 2 Select SecProfile2 as the Security Profile for the VoIP network Select the Hidden SSID che...

Page 35: ...torial NWA1121 NI User s Guide 35 3 Select WMM_VOICE in the QoS field to give VoIP the highest priority in the wireless network Click Apply 4 Next click Wireless LAN Security Click the Edit icon next to SecProfile2 ...

Page 36: ... your primary concern is to keep your network secure while allowing access to certain resources such as a network printer or the Internet For this reason the pre configured Guest_SSID profile has intra BSS traffic blocking enabled by default Intra BSS traffic blocking means that the client cannot access other clients on the same wireless network 1 Click Wireless LAN SSID Click the Edit icon next t...

Page 37: ...ect WPA PSK in the Security Mode field WPA PSK provides strong security that is supported by most wireless clients Even though your Guest_SSID clients do not have access to sensitive information on the network you should not leave the network without security An attacker could still cause damage to the network or intercept unsecured communications or use your Internet access for illegal activities...

Page 38: ... using the correct security settings and then using incorrect security settings such as the WPA PSK for another active network If the behavior is different from expected for example if you can access the SSID01 or VoIP_SSID wireless network using the security settings for the Guest_SSID wireless network check that the SSID profile is set to use the correct security profile and that the settings of...

Page 39: ...X must not be able to connect to the FTP server Figure 11 FTP Server Connected to a Wireless Client 4 3 2 Configuring the NWA1121 NI in MBSSID or Root AP Mode Before setting up the NWA1121 NI as a wireless client B you need to make sure there is an access point to connect to Use the Ethernet port on NWA1121 NI A to configure it via a wired connection ...

Page 40: ...ator on NWA1121 NI A and go to the Wireless LAN Wireless Settings screen 1 Set the Operation Mode to Root AP 2 Select the Wireless Mode In this example select 802 11b g n 3 Select Profile1 as the SSID Profile 4 Choose the Channel you want NWA1121 NI A to use 5 Click Apply ...

Page 41: ... LAN SSID Click the Edit icon next to Profile1 7 Change the SSID to AP A 8 Select SecProfile1 in the Security field 9 Select the check box for Intra BSS Traffic blocking Enabled so the client cannot access other clients on the same wireless network 10 Click Apply ...

Page 42: ...red Key field 13 Click Apply to finish configuration for NWA1121 NI A 4 3 3 Configuring the NWA1121 NI in Wireless Client Mode The NWA1121 NI B should have a wired connection before it can be set to wireless client operating mode Connect your NWA1121 NI to the FTP server Login to NWA1121 NI B s Web Configurator and go to the Wireless LAN Wireless Settings screen Follow these steps to configure sta...

Page 43: ...uide 43 1 Select Client as Operation Mode Click Apply 2 Click on the Site Survey button A window should pop up which contains a list of all available wireless devices within your NWA1121 NI s range 3 Find and select NWA1121 NI A s SSID AP A ...

Page 44: ...y specified wireless clients can access the FTP server is by enabling MAC filtering on NWA1121 NI B See Section 6 8 on page 89 for more information on MAC Filter 1 Go to Wireless LAN MAC Filter Click the Edit icon next to MacProfile1 2 Select Allow in the Access Control Mode field Enter the MAC addresses of the wireless clients W Y and Z you want to associate with the NWA1121 NI Click Apply Now on...

Page 45: ... a file If you cannot establish a connection with the FTP server do the following steps 1 Make sure W Y and Z use the same wireless security settings as A and can access A 2 Make sure B uses the same wireless and wireless security settings as A and can access A 3 Make sure intra BSS traffic is enabled on A Try accessing the FTP server from X If you are able to access the FTP server do the followin...

Page 46: ...Chapter 4 Tutorial NWA1121 NI User s Guide 46 ...

Page 47: ...47 PART II Technical Reference The appendices provide general information Some details may not apply to your NWA1121 NI ...

Page 48: ...48 ...

Page 49: ...es are all used the log will wrap around and the old logs will be deleted use the Statistics screen to view 802 11 mode channel number wireless packet specific statistics and so on see Section 5 4 on page 50 Use the Association List screen to view the wireless devices that are currently associated to the NWA1121 NI see Section 5 5 on page 51 Use the Channel Usage screen to view whether a channel i...

Page 50: ...gs from all of the log categories that you selected in the Configuration Log Settings screen E Mail Log Now Click E Mail Log Now to send the log screen to the e mail address specified in the Log Settings page make sure that you have first filled in the E mail Log Settings fields in Configuration Log Settings Refresh Click Refresh to renew the log screen Clear Log Click Clear Log to delete all the ...

Page 51: ...ics LABEL DESCRIPTION Description This is the wireless interface on the NWA1121 NI 802 11 Mode This field shows which 802 11 mode the NWA1121 NI is using Channel ID This shows the channel number which the NWA1121 NI is currently using over the wireless LAN RX Pkts This is the number of received packets on this port TX Pkts This is the number of transmitted packets on this port Retry Count This is ...

Page 52: ...avoid overlap Click Monitor Channel Usage to display the screen shown next Table 7 Association List LABEL DESCRIPTION This is the index number of an associated wireless device MAC Address This field displays the MAC address of an associated wireless device SSID This field displays the SSID to which the wireless device is associated Association Time This field displays the time a wireless device fi...

Page 53: ...s BSS and extended service sets ESS Channel This is the index number of the channel currently used by the associated AP in an Infrastructure wireless network or wireless station in an Ad Hoc wireless network MAC Address This field displays the MAC address of the AP in an Infrastructure wireless network It is randomly generated so ignore it in an Ad Hoc wireless network Wireless Mode This is the IE...

Page 54: ...Chapter 5 Monitor NWA1121 NI User s Guide 54 ...

Page 55: ... match those specified in your NWA1121 NI 6 2 What You Can Do in this Chapter Use the Wireless Settings screen to configure the NWA1121 NI s operation mode see Section 6 4 on page 60 Uee the SSID screen to configure up to eight SSID profiles for your NWA1121 NI see Section 6 5 on page 72 Use the Security screen to choose the wireless security mode for your NWA1121 NI see Section 6 6 on page 74 Use...

Page 56: ...to use one access point to provide several BSSs simultaneously Refer to Chapter 1 on page 11 for illustrations of these wireless applications SSID The SSID Service Set IDentifier is the name that identifies the Service Set with which a wireless station is associated Wireless stations associating to the access point AP must have the same SSID In other words it is the name of the wireless network th...

Page 57: ...e same AP The following are some notes on multiple BSS A maximum of four BSSs are allowed on one AP simultaneously You must use different WEP keys for different BSSs If two stations have different BSSIDs they are in different BSSs but have the same WEP keys they may hear each other s communications but not communicate with each other MBSSID should not replace but rather be used in conjunction with...

Page 58: ... wireless stations and the access points to keep network communications private 802 1x Only This is a standard that extends the features of IEEE 802 11 to support extended authentication It provides additional accounting and control features This option does not support data encryption 802 1x Static WEP This provides 802 1x Only authentication with a static 64bit or 128bit WEP key and an authentic...

Page 59: ...ey making the information readable only to him The NWA1121 NI when used as a wireless client employs Temporal Key Integrity Protocol TKIP data encryption EAP Extensible Authentication Protocol EAP is a protocol used by a wireless client an access point and an authentication server to negotiate a connection The EAP methods employed by the NWA1121 NI when in Wireless Client operating mode are Transp...

Page 60: ...available to authenticated users once they are connected to the network Accounting which keeps track of the client s network activity RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server You should know the IP addresses ports and share secrets of the external RADIUS server and or the external RADIUS accounting server...

Page 61: ...AN NWA1121 NI User s Guide 61 6 4 1 Root AP Mode Use this screen to use your NWA1121 NI as an access point Select Root AP as the Operation Mode The following screen displays Figure 20 Wireless LAN Wireless Settings Root AP ...

Page 62: ...nnel bandwidth depending on network conditions Select 20MHz if you want to lessen radio interference with other wireless devices in your neighborhood or the wireless clients do not support channel bonding Select SSID Profile The SSID Service Set IDentifier identifies the Service Set with which a wireless station is associated Wireless stations associating to the access point AP must have the same ...

Page 63: ... for directed messages It is the maximum data fragment size that can be sent Extension Channel Protection Mode You can use CTS to self or RTS CTS protection mechanism to reduce conflicts with other wireless networks or hidden wireless clients The throughput of RTS CTS is much lower than CTS to self Using this mode may decrease your wireless performance A MPDU Aggregation This field is available on...

Page 64: ...e which also must be in Repeater or Root AP mode Figure 21 Wireless LAN Wireless Settings Repeater The following table describes the bridge labels in this screen Table 11 Wireless LAN Wireless Settings Repeater LABEL DESCRIPTION Basic Settings Wireless LAN Interface Select the check box to turn on the wireless LAN on the NWA1121 NI Operation Mode Select Repeater from the drop down list ...

Page 65: ...de Note Universal repeater security is independent of the security settings between the NWA1121 NI and any wireless clients Local MAC Address Local MAC Address is the MAC address of your NWA1121 NI Universal Repeater SSID Profile Select the SSID profile you want to use for universal repeater connections with an AP or repeater or regular wireless connections with wireless clients Note You can only ...

Page 66: ...sage Protocol Data Unit MPDU aggregation collects Ethernet frames along with their 802 11n headers and wraps them in a 802 11n MAC header This method is useful for increasing bandwidth throughput in environments that are prone to high error rates Short GI This field is available only when 802 11 b g n is selected as the Wireless Mode Select Enabled to use Short GI Guard Interval The guard interval...

Page 67: ...ess LAN labels in this screen Table 12 Wireless LAN Wireless Settings Wireless Client LABEL DESCRIPTION Basic Settings Wireless LAN Interface Select the check box to turn on the wireless LAN on the NWA1121 NI Operation Mode Select Client in this field Site Survey Click this to view a list of available wireless access points within the range Select the AP you want to use Note After selecting Client...

Page 68: ...the NWA1121 NI in this field If there is a high density of APs in an area decrease the output power of the NWA1121 NI to reduce interference with other APs Select one of the following Full Full Power 50 25 or 12 5 See the product specifications for more information on your NWA1121 NI s output power Preamble Type Select Dynamic to have the NWA1121 NI automatically use short preamble when the wirele...

Page 69: ...se Short GI Guard Interval The guard interval is the gap introduced between data transmission from users in order to reduce interference Reducing the GI increases data transfer rates but also increases interference Increasing the GI reduces data transfer rates but also reduces interference Apply Click Apply to save your changes Cancel Click Cancel to begin configuring this screen afresh Table 12 W...

Page 70: ...entifies the Service Set with which a wireless station is associated Wireless stations associating to the access point AP must have the same SSID You can have up to eight SSIDs active at the same time Note If you are configuring the NWA1121 NI from a computer connected to the wireless LAN and you change the NWA1121 NI s SSID or security settings you will lose your wireless connection when you pres...

Page 71: ...th their 802 11n headers and wraps them in a 802 11n MAC header This method is useful for increasing bandwidth throughput in environments that are prone to high error rates Short GI This field is available only when 802 11 b g n is selected as the Wireless Mode Select Enabled to use Short GI Guard Interval The guard interval is the gap introduced between data transmission from users in order to re...

Page 72: ...s client can connect When a wireless client scans for an AP to associate with this is the name that is broadcast and seen in the wireless client utility Security This field indicates which security profile is currently associated with each SSID profile See Section 6 6 on page 74 for more information RADIUS This field displays which RADIUS profile is currently associated with each SSID profile if y...

Page 73: ...t a RADIUS profile from the drop down list box if you have a RADIUS server configured If you do not need to use RADIUS authentication ignore this field See Section 6 7 on page 87 for more information MAC Filtering Select a MAC filter profile from the drop down list box If you do not want to use MAC filtering on this profile select Disabled QoS Select the Quality of Service priority for this BSS s ...

Page 74: ...ld to set a maximum number of wireless stations that may connect to the device Hidden SSID If you do not select the checkbox the NWA1121 NI broadcasts this SSID a wireless client scanning for an AP will find this SSID Alternatively if you select the checkbox the NWA1121 NI hides this SSID a wireless client scanning for an AP will not find this SSID Intra BSS Traffic Blocking Select the check box t...

Page 75: ...rity mode you select Figure 27 Security None Note that some screens display differently depending on the operating mode selected in the Wireless LAN Wireless Settings screen Note You must enable the same wireless security settings on the NWA1121 NI and on all wireless clients that you want to associate with it ...

Page 76: ...is screen Table 16 Security WEP LABEL DESCRIPTION Profile Name This is the name that identifying this profile Security Mode Choose WEP in this field Authentication Type Select Open or Shared from the drop down list box Data Encryption Select 64 bit WEP or 128 bit WEP to enable data encryption Passphrase Enter the passphrase or string of text used for automatic WEP key generation on wireless client...

Page 77: ...th the NWA1121 NI and the wireless stations must use the same WEP key for data transmission If you chose 64 bit WEP then enter any 5 ASCII characters or 10 hexadecimal characters 0 9 A F If you chose 128 bit WEP then enter 13 ASCII characters or 26 hexadecimal characters 0 9 A F You can configure up to four keys but only one key can be activated at any one time Back Click Back to return to the pre...

Page 78: ...ss station authentication is done using a RADIUS server the reauthentication timer on the RADIUS server has priority Enable Group Key Update Select this option to have the NWA1121 NI automatically disconnect a wireless station from the wired network after a period of inactivity The wireless station needs to enter the user name and password again before access to the wired network is allowed Enter ...

Page 79: ...ight refer to authentication protocols You can choose between PAP CHAP MSCHAP MSCHAPv2 and or GTC User Information Username Login Name Supply the user name of the account created in the RADIUS server Password Supply the password of the account created in the RADIUS server Certificate User Certificate If you select TLS enter the name of the certificate used to to verify the identity of clients Back...

Page 80: ...cess Point The following table describes the labels in this screen Table 19 Security 802 1X Static WEP for Access Point LABEL DESCRIPTION Security Settings Profile Name This is the name that identifying this profile Security Mode Choose 802 1X Static WEP in this field Data Encryption Select 64 bit WEP or 128 bit WEP to enable data encryption Passphrase Enter the passphrase or string of text used f...

Page 81: ...connected Enter a time interval between 100 and 3600 seconds Alternatively enter 0 to turn reauthentication off Note If wireless station authentication is done using a RADIUS server the reauthentication timer on the RADIUS server has priority Enable Group Key Update Select this option to have the NWA1121 NI automatically disconnect a wireless station from the wired network after a period of inacti...

Page 82: ... 1X Static WEP in the Security Mode field to display the following screen Figure 32 Security 802 1X Static WEP for Wireless Client The following table describes the labels in this screen Table 20 Security 802 1X Static WEP for Wireless Client LABEL DESCRIPTION Security Settings Profile Name This is the name that identifying this profile Security Mode Choose the same security mode used by the AP ...

Page 83: ...exadecimal characters 0 9 A F You can configure up to four keys but only one key can be activated at any one time IEEE802 1x Authentication Eap Type The options on the left refer to EAP methods You can choose either TLS LEAP PEAP or TTLS If you select TTLS or PEAP the options on the right refer to authentication protocols You can choose between PAP CHAP MSCHAP MSCHAPv2 and or GTC User Information ...

Page 84: ... Time Specify how often wireless stations have to resend user names and passwords in order to stay connected Enter a time interval between 100 and 3600 seconds Alternatively enter 0 to turn reauthentication off Note If wireless station authentication is done using a RADIUS server the reauthentication timer on the RADIUS server has priority Enable Group Key Update Select this option to have the NWA...

Page 85: ...s profile Security Mode Choose the same security mode used by the AP Data Encryption This shows the encryption method used by the NWA1121 NI IEEE802 1x Authentication Eap Type The options on the left refer to EAP methods You can choose either TLS LEAP PEAP or TTLS If you select TTLS or PEAP the options on the right refer to authentication protocols You can choose between PAP CHAP MSCHAP MSCHAPv2 a...

Page 86: ...ring this screen afresh Table 22 Security WPA WPA2 for Wireless Client continued LABEL DESCRIPTION Table 23 Security WPA PSK WPA2 PSK or WPA2 PSK MIX LABEL DESCRIPTION Profile Name This is the name that identifying this profile Security Mode Choose WPA PSK WPA2 PSK or WPA2 PSK MIX in this field Pre Shared Key The encryption mechanisms used for WPA and WPA PSK are the same The only difference betwe...

Page 87: ...6 7 RADIUS Screen Use this screen to set up your NWA1121 NI s RADIUS server settings Click Wireless LAN RADIUS The screen appears as shown Figure 36 Wireless LAN RADIUS Select a profile you want to configure and click Edit Figure 37 Wireless LAN RADIUS ...

Page 88: ... the RADIUS server to be used for authentication Backup Share Secret Enter a password up to 64 alphanumeric characters as the key to be shared between the external authentication server and the NWA1121 NI The key must be the same on the external authentication server and your NWA1121 NI The key is not sent over the network Primary Accounting Server Select the check box to enable user accounting th...

Page 89: ... to grant access to the NWA1121 NI from other wireless devices Allow Association or exclude devices from accessing the NWA1121 NI Deny Association Figure 38 MAC Filtering In the figure above wireless client U is able to connect to the Internet because its MAC address is in the allowed association list specified in the NWA1121 NI The MAC address of client A is either denied association or is not in...

Page 90: ... filtering in your NWA1121 NI You can specify MAC addresses to either allow or deny association with your NWA1121 NI Click Wireless LAN MAC Filter The screen displays as shown Figure 39 Wireless LAN MAC Filter Select a profile you want to configure and click Edit Figure 40 MAC Filter Edit ...

Page 91: ...g this screen afresh TERM DESCRIPTION Intra BSS Traffic This describes direct communication not through the NWA1121 NI between two wireless devices within a wireless network You might disable this kind of communication to enhance security within your wireless network RTS CTS Threshold In a wireless network which covers a large area wireless devices are sometimes not aware of each other s presence ...

Page 92: ...1121 NIs or other wireless access points on your wireless network you can enable this option so that wireless devices can change locations without having to log in again This is useful for devices such as notebooks that move around a lot Antenna An antenna couples Radio Frequency RF signals onto air A transmitter within a wireless device sends an RF signal to the antenna which propagates the signa...

Page 93: ... security if you have WPA 2 aware wireless clients and a RADIUS server WPA has user authentication and improved data encryption over WEP Use WPA 2 PSK if you have WPA 2 aware wireless clients but no RADIUS server If you don t have WPA 2 aware wireless clients then use WEP key encrypting A higher bit key offers better security You can manually enter 64 bit or 128 bit WEP keys More information on Wi...

Page 94: ...up The figure above illustrates one possible setup of your NWA1121 NI The gateway IPv4 address is 192 168 1 1 and the IPv4 address of the NWA1121 NI is 192 168 1 2 default The gateway and the device must belong in the same subnet mask to be able to communicate with each other 7 2 What You Can Do in this Chapter Use the LAN IP screen to configure the IP address of your NWA1121 NI see Section 7 4 on...

Page 95: ... 0015 2001 db8 1a2f 0 0 15 or 2001 db8 0 0 1a2f 15 Prefix and Prefix Length Similar to an IPv4 subnet mask IPv6 uses an address prefix to represent the network address An IPv6 prefix length specifies how many most significant bits start from the left in the address compose the network address The prefix length is written as x where x is a number For example 2001 db8 1a2b 15 1a2f 0 32 means that th...

Page 96: ...r to access the NWA1121 NI again Use Fixed IP Address Select this option if your NWA1121 NI is using a static IPv4 address When you select this option fill in the fields below IP Address Enter the IP address of your NWA1121 NI in dotted decimal notation Note If you change the NWA1121 NI s IP address you must use the new IP address if you want to access the web configurator again Subnet Mask Type t...

Page 97: ...network IPv6 Address Prefix Length Enter your IPv6 address and prefix manually System DNS Servers Primary DNS Server Enter the IPv4 address of the first DNS Domain Name Service server if provided Secondary DNS Server Enter the IPv4 address of the second DNS Domain Name Service server address if provided Apply Click Apply to save your changes Cancel Click Cancel to begin configuring this screen afr...

Page 98: ...o Know Introduction to VLANs A Virtual Local Area Network VLAN allows a physical network to be partitioned into multiple logical networks Devices on a logical network belong to one group A device can belong to more than one group With VLAN a device cannot directly talk to or hear from devices that are not in the same group s the traffic must first go through a router In Multi Tenant Unit MTU appli...

Page 99: ...mation that devices need to process the frame across the network 8 3 VLAN Screen Use this screen to set up the VLAN for managing the NWA1121 NI Click Network VLAN to display the screen as shown Figure 44 Network VLAN The following table describes the labels in this screen Figure 45 Network VLAN LABEL DESCRIPTION 802 1Q VLAN Select this to enable VLAN tagging on the NWA1121 NI Management VLAN Selec...

Page 100: ...Chapter 8 VLAN NWA1121 NI User s Guide 100 ...

Page 101: ...e following interfaces WLAN LAN Both WLAN and LAN Neither Disable Figure 46 Remote Management Example In the figure above the NWA1121 NI A is being managed by a desktop computer B connected via LAN Land Area Network It is also being accessed by a notebook C connected via WLAN Wireless LAN 9 2 What You Can Do in this Chapter Use the WWW screen to configure through which interface s and from which I...

Page 102: ...9 3 What You Need To Know WWW The World Wide Web allows you to access files hosted in a remote server For example you can view text files usually referred to as pages using your web browser via HyperText Transfer Protocol HTTP Telnet Telnet is short for Telecommunications Network which is a client side protocol that enables you to access a device over the network FTP File Transfer Protocol FTP all...

Page 103: ...mmunicate for the purpose of accessing information such as packets received node port status etc SNMP v3 and Security SNMP v3 enhances security for SNMP management SNMP managers can be required to authenticate with agents before conducting SNMP management sessions Security can be further enhanced by encrypting the SNMP messages sent from the managers Encryption protects the contents of the SNMP me...

Page 104: ... the notebook A using a certificate before granting access to the network The certification authority certificate that you can import to your NWA1121 NI should be in PFX PKCS 12 file format This format referred to as the Personal Information Exchange Syntax Standard is comprised of a private key public certificate pair that is further encrypted with a password Before you import a certificate into ...

Page 105: ...443 as the URL Server Access Select the interface s through which a computer may access the NWA1121 NI using WWW and to which the IP and MAC filtering rules you specified below are applied Otherwise select Disable to allow any computer to access the NWA1121 NI through any interface using WWW Secured Client IP Address A secured client is a trusted computer that is allowed to communicate with the NW...

Page 106: ... Telnet Table 31 System Certificates LABEL DESCRIPTION Import Certificate Import Certificate Enter the location of a previously saved certificate to upload to the NWA1121 NI Alternatively click the Browse button to locate a list Browse Click this button to locate a previously saved certificate to upload to the NWA1121 NI Import Click this button to upload the previously saved certificate displayed...

Page 107: ... filtering rules you specified below are applied Otherwise select Disable to allow any computer to access the NWA1121 NI through any interface using Telnet Secured Client IP Address A secured client is a trusted computer that is allowed to communicate with the NWA1121 NI using this service Select All to allow any computer to access the NWA1121 NI using this service Choose Selected to just allow th...

Page 108: ...P The following screen displays Figure 52 System SNMP The following table describes the labels in this screen Table 33 System SNMP LABEL DESCRIPTION SNMP Port You can change the server port number for a service if needed however you must use the same port number in order to use that service for remote management ...

Page 109: ...rap Community Type the trap community which is the password sent with each trap to the SNMP manager Trap Destination Type the IP address of the station to send your SNMP traps to SNMPv3 Admin Settings SNMPv3 Admin Select the check box to enable the SNMP administrator account for authentication with SNMP managers using SNMP v3 User Name Specify the user name of the SNMP administrator account Passwo...

Page 110: ...he NWA1121 NI Read Write The SNMP user has read and write rights meaning that the user can create and edit the MIBs on the NWA1121 NI Authentication Protocol Select an authentication algorithm used for SNMP communication with the SNMP user MD5 Message Digest 5 and SHA Secure Hash Algorithm are hash algorithms used to authenticate SNMP data SHA authentication is generally considered stronger than M...

Page 111: ...set values for object variables within an agent Trap Used by the agent to inform the manager of some events Table 34 System FTP LABEL DESCRIPTION FTP Port You may change the server port number for a service if needed however you must use the same port number in order to use that service for remote management Server Access Select the interface s through which a computer may access the NWA1121 NI us...

Page 112: ...e private key and makes the public key openly available This means that anyone who receives a message seeming to come from Tim can read it and verify whether it is really from him or not 3 Tim uses his private key to sign the message and sends it to Jenny 4 Jenny receives the message and uses Tim s public key to verify it Jenny knows that the message is from Tim and that although other people may ...

Page 113: ...e Certificate window Click the Details tab and scroll down to the Thumbprint Algorithm and Thumbprint fields Figure 55 Certificate Details 4 Use a secure method to verify that the certificate owner has the same information in the Thumbprint Algorithm and Thumbprint fields The secure method may vary according to your situation Possible examples would be over the telephone or through an HTTPS connec...

Page 114: ...Chapter 9 System NWA1121 NI User s Guide 114 ...

Page 115: ...in can be traced Logs are also essential for auditing and keeping track of changes made by users Figure 56 Accessing Logs in the Network The figure above illustrates three ways to access logs The user U can access logs directly from the NWA1121 NI A via the Web configurator Logs can also be located in an external log server B An email server C can also send harvested logs to the user s email accou...

Page 116: ...isplayed in black Receiving Logs via E mail If you want to receive logs in your e mail account you need to have the necessary details ready such as the Server Name or Simple Mail Transfer Protocol SMTP Address of your e mail account Ensure that you have a valid e mail address Enabling Syslog Logging To enable Syslog Logging obtain your Syslog server s IP address or server name 10 4 Log Settings Sc...

Page 117: ...PTION E mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e mail addresses specified below If this field is left blank logs and alert messages will not be sent via e mail Mail Subject Type a title that you want to be in the subject line of the log e mail message that the NWA1121 NI sends Send Log to Logs are sent to the e mail address specified in thi...

Page 118: ...the Weekly or the Daily option is selected specify a time of day when the E mail should be sent If the Weekly option is selected then also specify which day of the week the E mail should be sent If the When Log is Full option is selected an alert is sent when the log fills up If you select None no log messages are sent Day for Sending Log This field is only available when you select Weekly in the ...

Page 119: ...vice 11 2 What You Can Do in this Chapter Use the General screen to specify the system name see Section 11 4 on page 120 Use the Password screen to manage the password for your NWA1121 NI see Section 11 5 on page 121 Use the Time screen to change your NWA1121 NI s time and date This screen allows you to configure the NWA1121 NI s time based on your local time zone see Section 11 6 on page 122 Use ...

Page 120: ...l Screen Use the General screen to identify your NWA1121 NI over the network Click Maintenance General The following screen displays Figure 59 Maintenance General The following table describes the labels in this screen Table 36 Maintenance General LABEL DESCRIPTION System Settings System Name Type a descriptive name to identify the NWA1121 NI in the Ethernet network This name can be up to 15 alpha...

Page 121: ...g table describes the labels in this screen Table 37 Maintenance Password LABEL DESCRIPTIONS Current Password Type in your existing system password New Password Type your new system password Note that as you type a password the screen displays a dot for each character you type Retype to Confirm Retype your new system password for confirmation Apply Click Apply to save your changes Cancel Click Can...

Page 122: ...ast updated date from the time server When you disable NTP Client Update you can manually enter the new date in this field and then click Apply Time and Date Setup NTP Client Update Select this to have the NWA1121 NI get the time and date from the time server you specified below NTP server Select this option to use the predefined list of Network Time Protocol NTP servers Select an NTP server from ...

Page 123: ...cally restarts in this time causing a temporary network disconnect In some operating systems you may see the following icon on your desktop Figure 64 Network Temporarily Disconnected After the upload was finished log in again and check your new firmware version in the Dashboard screen Table 39 Maintenance Firmware Upgrade LABEL DESCRIPTION File Path Type in the location of the file you want to upl...

Page 124: ...ration file will be useful in case you need to return to your previous settings Click Backup to save the NWA1121 NI s current configuration to your computer 11 8 2 Restore Configuration Restore configuration allows you to upload a new or previously saved configuration file from your computer to your NWA1121 NI Do not turn off the NWA1121 NI while configuration file upload is in progress You must t...

Page 125: ...dix A on page 131 for details on how to set up your computer s IP address 11 8 3 Back to Factory Defaults Pressing the Reset button in this section clears all user entered configuration information and returns the NWA1121 NI to its factory defaults as shown on the screen The following screen will appear Figure 67 Reset Message You can also press the RESET button to reset your NWA1121 NI to its fac...

Page 126: ...Chapter 11 Maintenance NWA1121 NI User s Guide 126 Click Restart to have the NWA1121 NI reboot This does not affect the NWA1121 NI s configuration ...

Page 127: ...I 2 Make sure the power adaptor or cord is connected to the NWA1121 NI and plugged in to an appropriate power source Make sure the power source is turned on 3 Disconnect and re connect the power adaptor or cord to the NWA1121 NI 4 If the problem continues contact the vendor One of the LEDs does not behave as expected 1 Make sure you understand the normal behavior of the LED See Section 1 7 on page...

Page 128: ... page 20 I cannot see or access the Login screen in the web configurator 1 Make sure you are using the correct IP address The default IP address is 192 168 1 2 If you changed the IP address Section 7 4 on page 96 use the new IP address If you changed the IP address and have forgotten it see the troubleshooting suggestions for I forgot the IP address for the NWA1121 NI 2 Check the hardware connecti...

Page 129: ...A1121 NI Log out of the NWA1121 NI in the other session or ask the person who is logged in to log out 3 Disconnect and re connect the power adaptor or cord to the NWA1121 NI 4 If this does not work you have to reset the device to its factory defaults See Section 2 2 on page 20 I cannot use FTP to upload new firmware See the troubleshooting suggestions for I cannot see or access the Login screen in...

Page 130: ...ot of traffic on the network Look at the LEDs and check Section 1 7 on page 17 If the NWA1121 NI is sending or receiving a lot of information try closing some programs that use the Internet especially peer to peer applications 2 Check the signal strength If the signal is weak try moving the NWA1121 NI in wireless client mode closer to the AP if possible and look around to see if there are any devi...

Page 131: ...X and all versions of UNIX LINUX include the software components you need to use TCP IP on your computer If you manually assign IP information instead of using a dynamic IP make sure that your network s computers have IP addresses that place them in the same subnet In this appendix you can set up an IP address for Windows XP NT 2000 on page 131 Windows Vista on page 135 Windows 7 on page 139 Mac O...

Page 132: ...etting Up Your Computer s IP Address NWA1121 NI User s Guide 132 1 Click Start Control Panel 2 In the Control Panel click the Network Connections icon 3 Right click Local Area Connection and then select Properties ...

Page 133: ...Appendix A Setting Up Your Computer s IP Address NWA1121 NI User s Guide 133 4 On the General tab select Internet Protocol TCP IP and then click Properties ...

Page 134: ...ou by your network administrator or ISP You may also have to enter a Preferred DNS server and an Alternate DNS server if that information was provided 7 Click OK to close the Internet Protocol TCP IP Properties window 8 Click OK to close the Local Area Connection Properties window Verifying Settings 1 Click Start All Programs Accessories Command Prompt 2 In the Command Prompt window type ipconfig ...

Page 135: ...P Address NWA1121 NI User s Guide 135 Windows Vista This section shows screens from Windows Vista Professional 1 Click Start Control Panel 2 In the Control Panel click the Network and Internet icon 3 Click the Network and Sharing Center icon ...

Page 136: ...NWA1121 NI User s Guide 136 4 Click Manage network connections 5 Right click Local Area Connection and then select Properties Note During this procedure click Continue whenever Windows displays a screen saying that it needs your permission to continue ...

Page 137: ...Appendix A Setting Up Your Computer s IP Address NWA1121 NI User s Guide 137 6 Select Internet Protocol Version 4 TCP IPv4 and then select Properties ...

Page 138: ... by your network administrator or ISP You may also have to enter a Preferred DNS server and an Alternate DNS server if that information was provided Click Advanced 9 Click OK to close the Internet Protocol TCP IP Properties window 10 Click OK to close the Local Area Connection Properties window Verifying Settings 1 Click Start All Programs Accessories Command Prompt 2 In the Command Prompt window ...

Page 139: ... NWA1121 NI User s Guide 139 Windows 7 This section shows screens from Windows 7 Enterprise 1 Click Start Control Panel 2 In the Control Panel click View network status and tasks under the Network and Internet category 3 Click Change adapter settings ...

Page 140: ...ter s IP Address NWA1121 NI User s Guide 140 4 Double click Local Area Connection and then select Properties Note During this procedure click Continue whenever Windows displays a screen saying that it needs your permission to continue ...

Page 141: ...Appendix A Setting Up Your Computer s IP Address NWA1121 NI User s Guide 141 5 Select Internet Protocol Version 4 TCP IPv4 and then select Properties ...

Page 142: ...ields if you have a static IP address that was assigned to you by your network administrator or ISP You may also have to enter a Preferred DNS server and an Alternate DNS server if that information was provided Click Advanced if you want to configure advanced settings for IP DNS and WINS 8 Click OK to close the Internet Protocol TCP IP Properties window 9 Click OK to close the Local Area Connectio...

Page 143: ... Computer s IP Address NWA1121 NI User s Guide 143 3 The IP settings are displayed as follows Mac OS X 10 3 and 10 4 The screens in this section are from Mac OS X 10 4 but can also apply to 10 3 1 Click Apple System Preferences ...

Page 144: ...uter s IP Address NWA1121 NI User s Guide 144 2 In the System Preferences window click the Network icon 3 When the Network preferences pane opens select Built in Ethernet from the network connection type list and then click Configure ...

Page 145: ...P from the Configure IPv4 list in the TCP IP tab 5 For statically assigned settings do the following From the Configure IPv4 list select Manually In the IP Address field type your IP address In the Subnet Mask field type your subnet mask In the Router field type the IP address of your device 6 Click Apply Now and close the window ...

Page 146: ... IP properties by clicking Applications Utilities Network Utilities and then selecting the appropriate Network Interface from the Info tab Figure 69 Mac OS X 10 4 Network Utility Mac OS X 10 5 and 10 6 The screens in this section are from Mac OS X 10 5 but can also apply to 10 6 1 Click Apple System Preferences ...

Page 147: ...2 In System Preferences click the Network icon 3 When the Network preferences pane opens select Ethernet from the list of available connection types 4 From the Configure list select Using DHCP for dynamically assigned settings 5 For statically assigned settings do the following ...

Page 148: ...1121 NI User s Guide 148 From the Configure list select Manually In the IP Address field enter your IP address In the Subnet Mask field enter your subnet mask In the Router field enter the IP address of your NWA1121 NI 6 Click Apply and close the window ...

Page 149: ...his section shows you how to configure your computer s TCP IP settings in the GNU Object Model Environment GNOME using the Ubuntu 8 Linux distribution The procedure screens and file locations may vary depending on your specific distribution release version and individual configuration The following screens use the default Ubuntu 8 installation Note Make sure you are logged in as the root administr...

Page 150: ...ndow opens click Unlock to open the Authenticate window By default the Unlock button is greyed out until clicked You cannot make changes to your configuration unless you first enter your admin password 3 In the Authenticate window enter your admin account name and password then click the Authenticate button ...

Page 151: ...5 The Properties dialog box opens In the Configuration list select Automatic Configuration DHCP if you have a dynamic IP address In the Configuration list select Static IP address if you have a static IP address Fill in the IP address Subnet mask and Gateway address fields 6 Click OK to save the changes and close the Properties dialog box and return to the Network Settings screen ...

Page 152: ...P Address NWA1121 NI User s Guide 152 7 If you know your DNS server IP address es click the DNS tab in the Network Settings window and then enter the DNS server information in the fields provided 8 Click the Close button to apply the changes ...

Page 153: ...re 71 Ubuntu 8 Network Tools Linux openSUSE 10 3 KDE This section shows you how to configure your computer s TCP IP settings in the K Desktop Environment KDE using the openSUSE 10 3 Linux distribution The procedure screens and file locations may vary depending on your specific distribution release version and individual configuration The following screens use the default openSUSE 10 3 installation...

Page 154: ...ndix A Setting Up Your Computer s IP Address NWA1121 NI User s Guide 154 1 Click K Menu Computer Administrator Settings YaST 2 When the Run as Root KDE su dialog opens enter the admin password and click OK ...

Page 155: ... Guide 155 3 When the YaST Control Center window opens select Network Devices and then click the Network Card icon 4 When the Network Settings window opens click the Overview tab select the appropriate connection Name from the list and then click the Configure button ...

Page 156: ...ick the Address tab Figure 72 openSUSE 10 3 Network Card Setup 6 Select Dynamic Address DHCP if you have a dynamic IP address Select Statically assigned IP Address if you have a static IP address Fill in the IP address Subnet mask and Hostname fields 7 Click Next to save the changes and close the Network Card Setup window ...

Page 157: ...ab in Network Settings and then enter the DNS server information in the fields provided 9 Click Finish to save your settings and close the window Verifying Settings Click the KNetwork Manager icon on the Task bar to check your TCP IP properties From the Options sub menu select Show Connection Information Figure 73 openSUSE 10 3 KNetwork Manager ...

Page 158: ...omputer s IP Address NWA1121 NI User s Guide 158 When the Connection Status KNetwork Manager window opens click the Statistics tab to see if your connection is working properly Figure 74 openSUSE Connection Status KNetwork Manager ...

Page 159: ...ns may vary Internet Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blocking and create an exception for your device s IP address Disable Pop up Blockers 1 In Internet Explorer select Tools Pop up Blocker and then select Turn Off Pop up Blocker Figure 75 Pop u...

Page 160: ...f the screen This disables any web pop up blockers you may have enabled Figure 76 Internet Options Privacy 3 Click Apply to save this setting Enable Pop up Blockers with Exceptions Alternatively if you only want to allow pop up windows from your device see the following steps 1 In Internet Explorer select Tools Internet Options and then the Privacy tab ...

Page 161: ...WA1121 NI User s Guide 161 2 Select Settings to open the Pop up Blocker Settings screen Figure 77 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 167 1 ...

Page 162: ... Add to move the IP address to the list of Allowed sites Figure 78 Pop up Blocker Settings 5 Click Close to return to the Privacy screen 6 Click Apply to save this setting JavaScript If pages of the web configurator do not display properly in Internet Explorer check that JavaScript are allowed ...

Page 163: ...orer click Tools Internet Options and then the Security tab Figure 79 Internet Options Security 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enable is selected the default 5 Under Scripting of Java applets make sure that Enable is selected the default ...

Page 164: ...k OK to close the window Figure 80 Security Settings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java permissions make sure that a safety level is selected ...

Page 165: ...ssions NWA1121 NI User s Guide 165 5 Click OK to close the window Figure 81 Security Settings Java JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun is selected ...

Page 166: ...e 82 Java Sun Mozilla Firefox Mozilla Firefox 2 0 screens are used here Screens for other versions may vary slightly The steps below apply to Mozilla Firefox 3 0 as well You can enable Java Javascript and pop ups in one screen Click Tools then click Options in the screen that appears Figure 83 Mozilla Firefox TOOLS Options ...

Page 167: ...sions NWA1121 NI User s Guide 167 Click Content to show the screen below Select the check boxes as shown in the following screen Figure 84 Mozilla Firefox Content Security Opera Opera 10 screens are used here Screens for other versions may vary slightly ...

Page 168: ...eferences In the General tab go to Choose how you prefer to handle pop ups and select Open all pop ups Figure 85 Opera Allowing Pop Ups Enabling Java From Opera click Tools then Preferences In the Advanced tab select Content from the left side menu Select the check boxes as shown in the following screen Figure 86 Opera Enabling Java ...

Page 169: ...JavaScript and Java Permissions NWA1121 NI User s Guide 169 To customize JavaScript behavior in the Opera browser click JavaScript Options Figure 87 Opera JavaScript Options Select the items you want Opera s JavaScript to apply ...

Page 170: ...Appendix B Pop up Windows JavaScript and Java Permissions NWA1121 NI User s Guide 170 ...

Page 171: ...r and the other part is the host ID In the same way that houses on a street share a common street name the hosts on a network share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the host ID Routers use the network number to send packets to the correct network while the host ID determines to which host on the ...

Page 172: ...32 bits If a bit in the subnet mask is a 1 then the corresponding bit in the IP address is part of the network number If a bit in the subnet mask is 0 then the corresponding bit in the IP address is part of the host ID The following example shows a subnet mask identifying the network number in bold text and host ID of an IP address 192 168 1 2 in decimal By convention subnet masks always consist o...

Page 173: ...e As these two IP addresses cannot be used for individual hosts calculate the maximum number of possible hosts in a network as follows Notation Since the mask is always a continuous number of ones beginning from the left followed by a continuous number of zeros for the remainder of the 32 bit mask you can simply specify the number of ones instead of writing the value of each octet This is usually ...

Page 174: ... a maximum of 28 2 or 254 possible hosts The following figure shows the company network before subnetting Figure 89 Subnetting Example Before Subnetting You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The subnet mask is now 25 bits 255 255 255 128 or 25 The borrowed host ID bit can have a value of either 0 or 1 allowing two subnets 192 168 1 ...

Page 175: ... 168 1 1 and the highest is 192 168 1 126 Similarly the host ID range for subnet B is 192 168 1 129 to 192 168 1 254 Example Four Subnets The previous example illustrated using a 25 bit subnet mask to divide a 24 bit address into two subnets Similarly to divide a 24 bit address into four subnets you need to borrow two host ID bits to give four possible combinations 00 01 10 and 11 The subnet mask ...

Page 176: ...192 168 1 127 Highest Host ID 192 168 1 126 Table 47 Subnet 3 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 128 Lowest Host ID 192 168 1 129 Broadcast Address 192 168 1 191 Highest Host ID 192 168 1 190 Table 48 Subnet 4 IP SUBNET MASK ...

Page 177: ...25 254 255 Table 50 24 bit Network Number Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 255 128 25 2 126 2 255 255 255 192 26 4 62 3 255 255 255 224 27 8 30 4 255 255 255 240 28 16 14 5 255 255 255 248 29 32 6 6 255 255 255 252 30 64 2 7 255 255 255 254 31 128 1 Table 51 16 bit Network Number Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS ...

Page 178: ... t need to change the subnet mask computed by the NWA1121 NI unless you are instructed to do otherwise Private IP Addresses Every machine on the Internet must have a unique address If your networks are isolated from the Internet running only between two branch offices for example you can assign any IP addresses to the hosts without problems However the Internet Assigned Numbers Authority IANA has ...

Page 179: ...h is commonly referred to as an ad hoc network or Independent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an ad hoc wireless LAN Figure 91 Peer to Peer Communication in an Ad hoc Network BSS A Basic Service Set BSS exists when all communications between wireless clients or between a wireless client and a wired network client g...

Page 180: ...ESS consists of a series of overlapping BSSs each containing an access point with each access point connected together by a wired network This wired connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the imme...

Page 181: ...ce interference Interference occurs when radio signals from different access points overlap causing interference and degrading performance Adjacent channels partially overlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 channels and an adjacent AP is using channe...

Page 182: ...es and confirms with the requesting station the time frame for the requested transmission Stations can send frames smaller than the specified RTS CTS directly to the AP without the RTS Request To Send CTS Clear to Send handshake You should only configure RTS CTS if the possibility of hidden nodes exists on your network and the cost of resending large frames is more than the extra network overhead ...

Page 183: ... use short preamble when all wireless devices on the network support it otherwise the NWA1121 NI uses long preamble Note The wireless devices MUST use the same preamble mode in order to communicate IEEE 802 11g Wireless LAN IEEE 802 11g is fully compatible with the IEEE 802 11b standard This means an IEEE 802 11b adapter can interface directly with an IEEE 802 11g access point and vice versa at 11...

Page 184: ...ser profile and accounting management on a network RADIUS server Support for EAP Extensible Authentication Protocol RFC 2486 that allows additional authentication methods to be deployed with no changes to the access point or the wireless clients RADIUS RADIUS is based on a client server model that supports authentication authorization and accounting The access point is the client and the server is...

Page 185: ...etwork security the access point and the RADIUS server use a shared secret key which is a password they both know The key is not sent over the network In addition to the shared key password information exchanged is also encrypted to protect the network from unauthorized access Types of EAP Authentication This section discusses some popular authentication types EAP MD5 EAP TLS EAP TTLS PEAP and LEA...

Page 186: ...makes user identity vulnerable to passive attacks A digital certificate is an electronic ID card that authenticates the sender s identity However to implement EAP TLS you need a Certificate Authority CA to handle certificates which imposes a management overhead EAP TTLS Tunneled Transport Layer Service EAP TTLS is an extension of the EAP TLS authentication that uses certificates for only the serve...

Page 187: ...ires a single identical password entered into each access point wireless gateway and wireless client As long as the passwords match a wireless client will be granted access to a WLAN If the AP or the wireless clients do not support WPA2 just use WPA or WPA PSK depending on whether you have an external RADIUS server or not Select WEP only when the AP and or wireless clients do not support WPA or WP...

Page 188: ...ommon password approach makes WPA 2 PSK susceptible to brute force password guessing attacks but it s still an improvement over WEP as it employs a consistent single alphanumeric password to derive a PMK which is used to generate unique temporal encryption keys This prevent all wireless devices sharing the same encryption keys a weakness of WEP User Authentication WPA and WPA2 apply IEEE 802 1x an...

Page 189: ...ADIUS server distributes the PMK to the AP The AP then sets up a key hierarchy and management system using the PMK to dynamically generate unique data encryption keys The keys are used to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients Figure 95 WPA 2 with RADIUS Application Example WPA 2 PSK Application Example A WPA 2 PSK application looks as fol...

Page 190: ...security features Antenna Overview An antenna couples RF signals onto air A transmitter within a wireless device sends an RF signal to the antenna which propagates the signal through the air The antenna also operates in reverse by capturing RF signals from the air Table 55 Wireless Security Relational Matrix AUTHENTICATION METHOD KEY MANAGEMENT PROTOCOL ENCRYPTIO N METHOD ENTER MANUAL KEY IEEE 802...

Page 191: ...ue gain that the antenna provides Types of Antennas for WLAN There are two types of antennas used for wireless LAN applications Omni directional antennas send the RF signal out in all directions on a horizontal plane The coverage area is torus shaped like a donut which makes these antennas ideal for a room environment With a wide coverage area it is possible to make circular overlapping coverage a...

Page 192: ...Appendix D Wireless LANs NWA1121 NI User s Guide 192 For directional antennas point the antenna in the direction of the desired coverage area ...

Page 193: ...ce Your use of the NWA1121 NI is subject to the terms and conditions of any related service providers Trademarks Trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners Certifications Federal Communications Commission FCC Interference Statement The device complies with Part 15 of FCC rules Operation is subject to the follo...

Page 194: ...EEE 802 11b 802 11g or 802 11n 20MHz operation of this product in the U S A is firmware limited to channels 1 through 11 IEEE 802 11n 40MHz operation of this product in the U S A is firmware limited to channels 3 through 9 To comply with FCC RF exposure compliance requirements a separation distance of at least 20 cm must be maintained between the antenna of this device and all persons Industry Can...

Page 195: ...e l ARCEP la puissance d émission ne devra pas dépasser 10 mW 10 dB dans le cadre d une installation WiFi en extérieur pour les fréquences comprises entre 2454 MHz et 2483 5 MHz This Class B digital apparatus complies with Canadian ICES 003 Cet appareil numérique de la classe B est conforme à la norme NMB 003 du Canada CLASS 1 LASER PRODUCT APPAREIL A LASER DE CLASS 1 PRODUCT COMPLIES WITH 21 CFR ...

Page 196: ... php Registration Register your product online to receive e mail notices of firmware upgrades and information at www zyxel com Open Source Licenses This product contains in part some free software distributed under GPL license terms and or GPL like licenses Open source licenses are provided with the firmware package You can download the latest firmware at www zyxel com To obtain the source code co...

Page 197: ...e relevante bepalingen van richtlijn 1999 5 EC Maltese Hawnhekk ZyXEL jiddikjara li dan tagħmir jikkonforma mal ħtiġijiet essenzjali u ma provvedimenti oħrajn relevanti li hemm fid Dirrettiva 1999 5 EC Hungarian Alulírott ZyXEL nyilatkozom hogy a berendezés megfelel a vonatkozó alapvetõ követelményeknek és az 1999 5 EK irányelv egyéb elõírásainak Polish Niniejszym ZyXEL oświadcza że sprzęt jest zg...

Page 198: ...uirements in addition to those given in the table labeled Overview of Regulatory Requirements for Wireless LANs Belgium The Belgian Institute for Postal Services and Telecommunications BIPT must be notified of any outdoor wireless link having a range exceeding 300 meters Please check http www bipt be for more details Draadloze verbindingen voor buitengebruik en met een reikwijdte van meer dan 300 ...

Page 199: ...4 GHz frekvenèu joslas izmantoðanai ârpus telpâm nepiecieðama atïauja no Elektronisko sakaru direkcijas Vairâk informâcijas http www esd lv Notes 1 Although Norway Switzerland and Liechtenstein are not EU member states the EU Directive 1999 5 EC has also been implemented in those countries 2 The regulatory limits for maximum output power are specified in EIRP The EIRP level in dBm of a device can ...

Page 200: ...r to order a new one Do not use the device outside and make sure all the connections are indoors There is a remote risk of electric shock from lightning Do NOT obstruct the device ventilation slots as insufficient airflow may harm your device Antenna Warning This device meets ETSI and FCC certification requirements when using the included antenna s Only use the included antenna s If you wall mount...

Page 201: ...C WMM 73 B Basic Service Set 56 see BSS Basic Service Set See BSS 179 beacon 56 Beacon Interval 63 65 70 BSS 11 12 56 179 C CA 186 Certificate authentication 104 file format 104 Certificate Authority See CA Certificates Fingerprint 112 MD5 112 public key 104 SHA1 112 Certification Authority 112 certifications 193 notices 195 viewing 195 Channel 56 channel 181 interference 181 Controlling network a...

Page 202: ... IANA 178 IBSS 179 IEEE 802 11g 183 IEEE 802 1x 57 Import Certificate 106 Independent Basic Service Set See IBSS 179 initialization vector IV 188 Internet Assigned Numbers Authority See IANA Internet Protocol version 6 see IPv6 Internet telephony 12 IP Address 94 Gateway IP address 94 IP Screen 94 DHCP 96 IPv6 95 addressing 95 global address 95 link local address 95 Neighbor Discovery Protocol 95 ...

Page 203: ... Master Key PMK 188 189 Passphrase 59 Password 128 PEAP 59 Personal Information Exchange Syntax Standard 104 PFX PKCS 12 104 Preamble 91 preamble mode 183 Preamble Type 63 66 68 71 Pre Shared Key 59 priorities 92 product registration 196 Protected Extensible Authentication Protocol 59 PSK 59 188 Q QoS 73 Quick Start Guide 2 R Radio Frequency 92 RADIUS 59 184 Accounting 60 Authentication 60 Authori...

Page 204: ... Error Count 50 Firmware Version 26 Interface Status 27 Poll Interval 50 Retry Count 50 Statistics 51 system statistics 25 WLAN 25 Subnet 171 Subnet Mask 94 172 subnetting 174 Syslog Logging 116 System Screens General 120 Password 121 Time Time and Date Setup 122 Time Zone 122 T telnet 106 Temporal Key Integrity Protocol 59 Temporal Key Integrity Protocol TKIP 187 TFTP restrictions 103 Thumbprint ...

Page 205: ...86 Wireless Settings Screen 55 Access Point Mode 61 Antenna 92 AP Bridge Mode 67 Bridge Mode 64 BSS 56 Channel 56 ESS 56 Fragmentation Threshold 91 Intra BSS Traffic 91 Operating Mode 56 Preamble 91 Roaming 92 RTS CTS Threshold 91 SSID 56 Wireless Client Mode 67 Wireless Mode 57 WMM QoS 91 WLAN interference 181 security parameters 190 WMM 73 WMM QoS 91 WPA 58 187 key caching 188 pre authentication...

Page 206: ...Index NWA1121 NI User s Guide 206 ...

Reviews:

No comments

Brands by name

Popular brands

Load more brands