ZyXEL Communications NWA-3550 User Manual Download Page 339 | Manualshive

Page: 339 / 408

background image

Appendix B Wireless LANs

NWA-3500/NWA-3550 User’s Guide

339

However, MD5 authentication has some weaknesses. Since the authentication
server needs to get the plaintext passwords, the passwords must be stored. Thus
someone other than the authentication server may access the password file. In
addition, it is possible to impersonate an authentication server as MD5
authentication method does not perform mutual authentication. Finally, MD5
authentication method does not support data encryption with dynamic session
key. You must configure WEP encryption keys for data encryption.

EAP-TLS (Transport Layer Security)

With EAP-TLS, digital certifications are needed by both the server and the wireless
clients for mutual authentication. The server presents a certificate to the client.
After validating the identity of the server, the client sends a different certificate to
the server. The exchange of certificates is done in the open before a secured
tunnel is created. This makes user identity vulnerable to passive attacks. A digital
certificate is an electronic ID card that authenticates the sender’s identity.
However, to implement EAP-TLS, you need a Certificate Authority (CA) to handle
certificates, which imposes a management overhead.

EAP-TTLS (Tunneled Transport Layer Service)

EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for
only the server-side authentications to establish a secure connection. Client
authentication is then done by sending username and password through the
secure connection, thus client identity is protected. For client authentication, EAP-
TTLS supports EAP methods and legacy authentication methods such as PAP,
CHAP, MS-CHAP and MS-CHAP v2.

PEAP (Protected EAP)

Like EAP-TTLS, server-side certificate authentication is used to establish a secure
connection, then use simple username and password methods through the
secured connection to authenticate the clients, thus hiding client identity.
However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2
and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is
implemented only by Cisco.

LEAP

LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of
IEEE 802.1x.

«
...
337
338
339
340
341
...
»

Summary of Contents for NWA-3550

Page 1: ...550 802 11a g Dual Radio Wireless Business AP 802 11a g Dual Radio Outdoor WLAN Business AP Copyright 2009 ZyXEL Communications Corporation Firmware Version 3 7 Edition 2 8 2009 Default Login Details...

Page 2: ......

Page 3: ...g up your network and configuring for Internet access Note It is recommended you use the web configurator to configure the NWA Support Disc Refer to the included CD for support documents ZyXEL Web Sit...

Page 4: ...contact your vendor then contact a ZyXEL office for the region in which you bought the device See http www zyxel com web contact_us php for contact information Please have the following information re...

Page 5: ...font A key stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press th...

Page 6: ...ed in Figures Figures in this User s Guide may use the following generic icons The NWA icon is not an exact representation of your NWA Table 1 Common Icons NWA Computer Notebook Server Printer Telepho...

Page 7: ...as it might cause electrocution If the power adaptor or cord is damaged remove it from the device and the power source Do NOT attempt to repair the power adaptor or cord Contact your local vendor to o...

Page 8: ...Safety Warnings NWA 3500 NWA 3550 User s Guide 8...

Page 9: ...eless Configuration 119 SSID Screen 145 Wireless Security Screen 155 RADIUS Screen 169 Layer 2 Isolation Screen 173 MAC Filter Screen 179 IP Screen 183 Rogue AP Detection 187 Remote Management Screens...

Page 10: ...Contents Overview NWA 3500 NWA 3550 User s Guide 10...

Page 11: ...25 1 2 2 1 Bridge Repeater Mode Example 26 1 2 3 AP Bridge 28 1 2 4 MBSSID 28 1 2 5 Pre Configured SSID Profiles 30 1 2 6 Configuring Dual WLAN Adaptors 30 1 3 CAPWAP 31 1 4 Ways to Manage the NWA 32...

Page 12: ...52 3 3 3 2 Set up Layer 2 Isolation 53 3 3 3 3 Activate the Guest Profile 54 3 3 4 Testing the Wireless Networks 54 3 4 How to Set Up and Use Rogue AP Detection 55 3 4 1 Set Up and Save a Friendly AP...

Page 13: ...WAP 87 5 2 1 CAPWAP Discovery and Management 88 5 2 2 CAPWAP and DHCP 88 5 2 3 CAPWAP and IP Subnets 88 5 2 4 Notes on CAPWAP 89 5 3 The Management Mode Screen 90 Chapter 6 AP Controller Mode 93 6 1 O...

Page 14: ...ess Screen 120 8 3 The Wireless Screen 123 8 3 1 Access Point Mode 123 8 3 2 Bridge Repeater Mode 126 8 3 3 AP Bridge Mode 131 8 3 4 MBSSID Mode 136 8 4 Technical Reference 139 8 4 1 Spanning Tree Pro...

Page 15: ...curity WPA2 or WPA2 MIX 164 10 2 6 Security WPA PSK WPA2 PSK WPA2 PSK MIX 166 10 3 Technical Reference 167 Chapter 11 RADIUS Screen 169 11 1 Overview 169 11 1 1 What You Can Do in the RADIUS Screen 17...

Page 16: ...gue AP Screen 192 Chapter 16 Remote Management Screens 195 16 1 Overview 195 16 1 1 What You Can Do in the Remote Management Screens 196 16 1 2 What You Need To Know About Remote Management 196 16 2 T...

Page 17: ...int of a Certificate 234 Chapter 19 Log Screens 235 19 1 Overview 235 19 1 1 What You Can Do in the Log Screens 235 19 1 2 What You Need To Know About Logs 236 19 2 The View Log Screen 236 19 3 The Lo...

Page 18: ...r 23 Maintenance 275 23 1 Overview 275 23 2 What You Can Do in the Maintenance Screens 275 23 3 What You Need To Know 275 23 4 System Status Screen 276 23 4 1 Show Statistics Screen 276 23 5 Associati...

Page 19: ...ppendices and Index 303 Appendix A Setting Up Your Computer s IP Address 305 Appendix B Wireless LANs 331 Appendix C Pop up Windows JavaScripts and Java Permissions 347 Appendix D Importing Certificat...

Page 20: ...Table of Contents NWA 3500 NWA 3550 User s Guide 20...

Page 21: ...21 PART I Introduction Introducing the NWA 23 The Web Configurator 37 Status Screens 83 Management Mode 87 Tutorial 41...

Page 22: ...22...

Page 23: ...less modules and supporting up to eight Basic Service Set Identifiers BSSID simultaneously The Quality of Service QoS features allow you to prioritize time sensitive or highly important applications s...

Page 24: ...ch operating mode are shown below Note A different channel should be configured for each WLAN interface to reduce the effects of radio interference 1 2 1 Access Point The NWA is an ideal access soluti...

Page 25: ...STP to prevent bridge loops When the NWA is in Bridge Repeater mode security between APs the Wireless Distribution System or WDS is independent of the security between the wireless stations and the AP...

Page 26: ...ess Distribution System allowing the computers in LAN 1 to connect to the computers in LAN 2 Figure 4 Bridging Example Be careful to avoid bridge loops when you enable bridging in the NWA Bridge loops...

Page 27: ...in bridge mode is connected to a wired LAN while communicating with another wireless bridge that is also connected to the same wired LAN Figure 6 Bridge Loop Bridge Connected to Wired LAN To prevent b...

Page 28: ...tween the wireless stations and the AP If you do not enable WDS security traffic between APs is not encrypted When WDS security is enabled both APs must use the same pre shared key Unless specified th...

Page 29: ...SID appears to be a different access point As in any wireless network clients can associate only with the SSIDs for which they have the correct security settings For example you might want to set up a...

Page 30: ...t not have access to the rest of the network Layer 2 isolation is enabled see Section on page 178 and QoS is set to NONE Intra BSS traffic blocking is also enabled see Section 8 1 2 on page 120 These...

Page 31: ...t other access points The managed APs receive all their configuration information from the controller AP The CAPWAP dataflow is protected by Datagram Transport Layer Security DTLS The following ZyXEL...

Page 32: ...uess and that consists of different types of characters such as numbers and letters Write down the password and put it in a safe place Back up the configuration and make sure you know how to restore i...

Page 33: ...ntrol who can manage your NWA See Chapter 16 on page 195 for more information If you enable remote management ensure you have enabled remote management only on the IP addresses services or interfaces...

Page 34: ...ions 1 7 1 Antennas Your NWA has two wireless LAN adaptors WLAN1 and WLAN2 WLAN1 uses the RF1 antenna or the antenna on the right when facing the device WLAN2 uses the RF2 antenna or the antenna on th...

Page 35: ...D mode and is functioning normally The NWA is in AP Bridge or Bridge Repeater mode and has not established a Wireless Distribution System WDS connection or The NWA is not receiving power 3 WL2 Green O...

Page 36: ...connection Blinking The NWA has a 10 Mbps Ethernet connection and is sending or receiving data Yellow On The NWA has a 100 Mbps Ethernet connection Blinking The NWA has a 100 Mbps Ethernet connection...

Page 37: ...t to the NWA refer to the Quick Start Guide 2 Launch your web browser 3 Type http 192 168 1 2 as the URL default 4 Type 1234 default as the password and click Login In some versions the default passwo...

Page 38: ...ess the web configurator you will need to use the RESET button This replaces the current configuration file with the factory default configuration file This means that you will lose all the settings y...

Page 39: ...ures such as MGNT MODE Controller AP Standalone AP or Managed AP SYSTEM General Password and Time Setting WIRELESS Wireless SSID Security RADIUS Layer 2 Isolation MAC Filter IP ROGUE AP Configuration...

Page 40: ...Chapter 2 The Web Configurator NWA 3500 NWA 3550 User s Guide 40...

Page 41: ...sing the same security and Quality of Service QoS settings See Section 1 2 1 on page 24 for details Use Bridge Repeater operating mode if you want to use the NWA to communicate with other access point...

Page 42: ...y Profile Configure RADIUS authentication optional Configure internal AUTH SERVER optional Configure Layer 2 Isolation optional Configure MAC Filter optional Select 802 11 Mode and Channel ID Configur...

Page 43: ...ple Wireless Networks In this example you have been using your NWA as an access point for your office network See your Quick Start Guide for information on how to set up your NWA in Access Point mode...

Page 44: ...ork VoIP_SSID has access to all resources and a high QoS setting The guest network Guest_SSID has access to the Internet and the network printer only and a low QoS setting To configure these settings...

Page 45: ...g Mode Log in to the NWA see Section 2 2 on page 37 Click Wireless Wireless The Wireless screen appears 3 3 1 1 Access Point Set the NWA s WLAN Interface WLAN1 is set to Access Point operating mode an...

Page 46: ...ble allows you to activate or deactivate SSID profiles Your wireless network was previously using the SSID03 profile so select SSID04 in one of the Profile list boxes number 3 in this example Select t...

Page 47: ...You cannot change this security profile without changing the standard network s parameters so when you set up security for the VoIP_SSID and Guest_SSID profiles you will need to set different security...

Page 48: ...he SSID to wireless clients scanning the area 3 The standard network SSID04 is currently using the security01 profile so use a different profile for the VoIP network If you used the security01 profile...

Page 49: ...you do not have a RADIUS server for authentication so select WPA2 PSK in the Security Mode field WPA2 PSK provides strong security that anyone with a compatible wireless client can use once they know...

Page 50: ...onfigure the Guest Network When you are setting up the wireless network for guests to your office your primary concern is to keep your network secure while allowing access to certain resources such as...

Page 51: ...D changes the SSID profile name Guest_SSID remains the same as before 2 Select Disable from the Hide Name SSID list box This makes it easier for guests to configure their own computers wireless client...

Page 52: ...y 2 Select WPA PSK in the Security Mode field WPA PSK provides strong security that is supported by most wireless clients Even though your Guest_SSID clients do not have access to sensitive informatio...

Page 53: ...reen appears Figure 26 Tutorial Layer 2 Isolation The Guest_SSID network uses the l2isolation01 profile by default so select its entry and click Edit The following screen displays Figure 27 Tutorial L...

Page 54: ...led Try to access each network using the correct security settings and then using incorrect security settings such as the WPA PSK for another active network If the behavior is different from expected...

Page 55: ...ecurity considerations In this example you want to ensure that your company s data is not accessible to an attacker gaining entry to your wireless network through a rogue AP Your wireless network oper...

Page 56: ...network When configuring the rogue AP feature on your NWAs in this example you will need to use the information in the following table You need the IP addresses of your APs to access their Web configu...

Page 57: ...P Detection 3 Set up e mail alerts 4 Configure your other access points 5 Test the setup 3 4 1 Set Up and Save a Friendly AP list Take the following steps to set up and save a list of access points yo...

Page 58: ...The Friendly AP screen now appears as follows Figure 31 Tutorial Friendly AP After Data Entry 3 Next you will save the list of friendly APs in order to provide a backup and upload it to your other acc...

Page 59: ...ing appears click Save Figure 33 Tutorial Warning 5 Save the friendly AP list somewhere it can be accessed by all the other access points on the network In this example save it on the network file ser...

Page 60: ...Period Detection field Figure 35 Tutorial Periodic Rogue AP Detection 2 In the Period field enter how often you want the NWA to scan for rogue APs You can have the NWA scan anywhere from once every te...

Page 61: ...LOGS Log Settings The following screen appears Figure 36 Tutorial Log Settings 2 In this example your mail server s IP address is 192 168 1 25 Enter this IP address in the Mail Server field 3 Enter a...

Page 62: ...ss points on your network to do the same things For each access point take the following steps 1 From a computer on the wired network enter the access point s IP address and login to its Web configura...

Page 63: ...nfigurator and click ROGUE AP Rogue AP Refresh to have the NWA perform a scan immediately Check the ROGUE AP Rogue AP screen You should see an entry in the list with the same MAC address as your rogue...

Page 64: ...You want to set up a second wireless network to allow only Bob to access Server 2 and the Internet 3 5 3 Setup In this example you have already set up the NWA in MBSSID mode see Chapter 12 on page 173...

Page 65: ...To configure MAC filtering you need to know the MAC addresses of the devices Alice and Bob use to connect to the network which are as follows 3 5 4 Configure the SERVER_1 Network First you will set u...

Page 66: ...s Guide 66 Take the following steps to configure the SERVER_1 network 1 Log into the NWA s Web Configurator and click Wireless SSID The following screen displays showing the SSID profiles you already...

Page 67: ...and click Edit The following screen displays Figure 40 Tutorial Layer 2 Isolation Edit 4 Enter the network switch s MAC Address and add a Description NET_SWITCH in this case in Index 1 s entry 5 Ente...

Page 68: ...u entered The SERVER_1 network is now configured 3 5 5 Configure the SERVER_2 Network Next you will configure the SERVER_2 network that allows Bob to access secure server 2 and the Internet To do this...

Page 69: ...ck that the NWA is using the correct SSIDs MAC filters and layer 2 isolation profiles 1 Click Wireless Wireless Check that the Operating Mode is MBSSID and that the correct SSID profiles are selected...

Page 70: ...ecurity settings do the following Attempt to access Server 1 You should be able to do so Attempt to access the Internet You should be able to do so Attempt to access Server 2 You should be unable to d...

Page 71: ...the individual Security layer 2 isolation and MAC filter profiles for the relevant network If this does not help see the Troubleshooting chapter in this User s Guide 3 6 How to Configure Management M...

Page 72: ...Setup In this example each of your NWA standalone AP mirror each other They all have the same SSID profiles stored First you need to download the configuration file from one of your NWAs for backup pu...

Page 73: ...oller APs 3 Add the newly converted managed APs B C and D from step 4 to the Managed Access Points List of the NWA primary controller AP 4 Check your settings and test the configuration This example u...

Page 74: ...as soon as the secondary controller AP fails to detect the primary AP controller s presence This happens when the primary controller AP is disconnected from the network rebooting or turned off Note W...

Page 75: ...ncy Then select Primary AP Controller and enter the IP address of the secondary controller AP required Click Apply Note Only NWAs in managed AP mode are visible to the controller AP 3 6 5 Setting Your...

Page 76: ...be managed to controller APs that are within range even if the controller AP belongs to another network 3 You are logged out of the Web Configurator and the screen shows a message that the device is r...

Page 77: ...AP Lists Figure 50 Tutorial AP List Un Managed 2 Select the NWA managed APs from the Un Managed Access Points List as shown in the screen above You can also identify these managed APs by filling in th...

Page 78: ...anaged 4 In the screen that opens choose the radio profile for each WLAN radio and click Apply Figure 52 Tutorial Managed AP WLAN Radio Profile In this example the 1st floor NWA managed AP uses radio0...

Page 79: ...hecking your Setup MGNT Mode Settings Open the wireless client s screen that list the available networks within range In the image above we can see Mktg Grp 6 which is the SSID in the WLAN1 radio prof...

Page 80: ...Chapter 3 Tutorial NWA 3500 NWA 3550 User s Guide 80...

Page 81: ...n 119 SSID Screen 145 Wireless Security Screen 155 RADIUS Screen 169 Layer 2 Isolation Screen 173 MAC Filter Screen 179 IP Screen 183 Rogue AP Detection 187 Remote Management Screens 195 Internal RADI...

Page 82: ...82...

Page 83: ...look at the current status of the device system resources and interfaces The Status screen also provides detailed information about system statistics associated wireless clients and logs 4 2 The Stat...

Page 84: ...less screen WLAN2 Operating Mode This field displays the current operating mode of the second wireless module AP Bridge Repeater AP Bridge or MBSSID You can change the operating mode in the Wireless W...

Page 85: ...is not in use SSID Status Interface This column displays each of the NWA s wireless interfaces SSID This field displays each of the SSIDs currently in use BSSID This field displays the MAC address of...

Page 86: ...x or full duplex mode Full duplex refers to a device s ability to send and receive simultaneously while half duplex indicates that traffic can flow in only one direction at a time The Ethernet port mu...

Page 87: ...eless Access Points CAPWAP network 5 2 About CAPWAP The NWA supports CAPWAP This is ZyXEL s implementation of the IETF s CAPWAP protocol RFC 4118 The CAPWAP dataflow is protected by Datagram Transport...

Page 88: ...to its Managed Access Points list and provides the managed AP with default configuration information as well as securely transmitting the DTLS pre shared key The managed AP is ready for association wi...

Page 89: ...implementation of the CAPWAP protocol When the AP controller uses its internal Remote Authentication Dial In User Service RADIUS server managed APs also use the AP controller s authentication server...

Page 90: ...ou do this the NWA can be configured ONLY by the management AP If you do not have an AP controller on your network and want to return the NWA to standalone mode you must use its physical RESET button...

Page 91: ...NWA restarts Wait a short while before you attempt to log in again If you changed the mode to Managed AP you cannot log in as the web configurator is disabled you must manage the NWA through the manag...

Page 92: ...Chapter 5 Management Mode NWA 3500 NWA 3550 User s Guide 92...

Page 93: ...view information about your managed wireless network Use the AP Lists screen Section 6 4 on page 97 to manage connected APs Use the Configuration screen Section 6 5 on page 101 to control the way in w...

Page 94: ...the wireless clients of the managed APs 6 1 3 Before You Begin The Controller AP options are only available when the NWA is set to function in this mode Therefore ensure that you have switched modes...

Page 95: ...all the Managed APs B Note A managed AP may potentially be turned off if it is within range of its controller AP while the controller AP updates its settings The managed AP retains the last settings a...

Page 96: ...its a management request over the network Management Mode When the NWA is in AP controller mode this displays Controller AP Status On line This field displays the number of access points managed by th...

Page 97: ...ast synchronization with the secondary AP controller succeeded SUCCESS or failed DISABLED Last Synchronization Time This field displays the last date and time when the NWA synchronized settings with t...

Page 98: ...d AP Select Click the topmost box either to select or deselect all NWAs in the list Click an NWA s checkbox to select it and apply a corresponding action You can also click several items at the same t...

Page 99: ...re in managed AP mode but which are not currently controlled by the NWA Index This is the index number of an unmanaged AP that is requesting to be managed by the NWA Select Click the topmost box eithe...

Page 100: ...board characters Enable Breathing LED Select this box to disable the WLAN LED light Clear this box to enable the WLAN LED WLAN1 Radio Profile Select the radio profile you want to use for this AP Confi...

Page 101: ...ations between the NWA and its managed APs This key is used to encrypt DTLS Datagram Transport Layer Security transmissions Enter 8 32 English keyboard characters The proprietary AutoPSK protocol tran...

Page 102: ...Profile Edit screens which are available only in AP controller mode The following Profile Edit screens are identical to those in standalone mode Table 15 Redundancy Screen LABEL DESCRIPTION Redundancy...

Page 103: ...e Screen Use this screen to configure radio profiles Radio profiles contain information about an AP s wireless settings and can be applied to APs managed by the NWA In AP Controller mode click Profile...

Page 104: ...rofile Edit Radio screen select a profile and click Edit The following screen displays Figure 68 Radio Edit Screen Channel ID This field displays the wireless channel the radio profile uses Edit Click...

Page 105: ...n the 802 11 Radio Mode field Select this if you do not want to use DFS Dynamic Frequency Selection DFS dynamic frequency selection allows an AP to detect other devices in the same channel If there is...

Page 106: ...dication Message DTIM is the time period after which broadcast and multicast packets are transmitted to mobile clients in the Active Power Management mode A high DTIM value can cause clients to lose c...

Page 107: ...pter 6 AP Controller Mode NWA 3500 NWA 3550 User s Guide 107 Apply Click Apply to save your changes Reset Click Reset to begin configuring this screen afresh Table 17 Radio Edit Screen LABEL DESCRIPTI...

Page 108: ...Chapter 6 AP Controller Mode NWA 3500 NWA 3550 User s Guide 108...

Page 109: ...e on the device 7 1 1 What You Can Do in the System Screens Use the General screen see Section 7 2 on page 111 to specify the System name Domain name and Web Configurator timeout limit You can also co...

Page 110: ...rmation on address assignment please refer to RFC 1597 Address Allocation for Private Internets and RFC 1466 Guidelines for Management of IP Address Space IP Address and Subnet Mask Similar to the way...

Page 111: ...structed to do otherwise 7 2 General Screen Use the General screen to identify your NWA over the network Click System General The following screen displays Figure 70 System General The following table...

Page 112: ...dress The field to the right displays the read only DNS server IP address that the DHCP assigns Select User Defined if you have the IP address of a DNS server Enter the DNS server s IP address in the...

Page 113: ...ect this to have the NWA use the local management password already configured on the device 1234 is the default Use new setting Select this if you want to change the local management password Old Pass...

Page 114: ...ing PEAP authentication in your RADIUS server this password field is limited to 14 ASCII characters in length RADIUS Select the RADIUS server profile of the RADIUS server that is to authenticate manag...

Page 115: ...d this page the NWA synchronizes the time with the time server if configured Current Date This field displays the last updated date from the time server Time and Date Setup Manual Select this radio bu...

Page 116: ...Daylight saving is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening Start Date Configure th...

Page 117: ...then attempts to synchronize with one of the following pre defined list of NTP time servers End Date Configure the day and time when Daylight Saving Time ends if you selected Enable Daylight Saving Th...

Page 118: ...rs it randomly selects one server and tries to synchronize with it If the synchronization fails then the NWA goes through the rest of the list in order from the first one tried until either it is succ...

Page 119: ...above the NWA ZyXEL Device allows access to another bridge device A and a notebook computer B upon verifying their settings and credentials It denies access to other devices C and D with configuratio...

Page 120: ...is traffic between wireless stations in the BSS When Intra BSS traffic blocking is disabled wireless stations A and B can access the wired network and communicate with each other When Intra BSS traffi...

Page 121: ...ws wireless communication to other devices in the network Bridge Repeater The NWA acts as a wireless network bridge and establishes wireless links with other APs You need to know the MAC address of th...

Page 122: ...a different channel than an adjacent AP access point to reduce interference Wireless Mode The IEEE 802 1x standard was designed to extend the features of IEEE 802 11 to support extended authenticatio...

Page 123: ...s screen to choose the operating mode for your NWA Click Wireless Wireless The screen varies depending upon the operating mode you select Note Some fields in this screen may not apply to your NWA mode...

Page 124: ...11a to allow only IEEE 802 11a compliant WLAN devices to associate with the NWA If you are configuring both WLAN interfaces it is recommended that you set the WLAN interfaces into different 802 11 mod...

Page 125: ...ssages It is the maximum data fragment size that can be sent Enter an even number between 256 and 2346 Beacon Interval When a wirelessly networked device sends a beacon it includes with it a beacon in...

Page 126: ...ps only Clients can always connect to the access point at this speed Optional Clients can connect to the access point at this speed when permitted to do so by the AP Disabled Clients cannot connect to...

Page 127: ...peater The following table describes the bridge labels in this screen Table 24 Wireless Bridge Repeater LABEL DESCRIPTIONS WLAN Interface Select which WLAN adapter you want to configure It is recommen...

Page 128: ...list box Click MAINTENANCE and then the Channel Usage tab to open the Channel Usage screen to make sure the channel is not already used by another AP or independent peer to peer wireless network To ha...

Page 129: ...ic between APs is not encrypted Note WDS security is independent of the security settings between the NWA and any wireless clients When you enable WDS security also do the following Select the type of...

Page 130: ...iversity Antenna diversity uses multiple antennas to reduce signal interference Enable Breathing LED Select this box to disable the WLAN LED light Clear this box to enable the WLAN LED Enable Spanning...

Page 131: ...n NWA 3500 NWA 3550 User s Guide 131 8 3 3 AP Bridge Mode Use this screen to have the NWA function as a bridge and access point simultaneously Select AP Bridge as the Operating Mode The following scre...

Page 132: ...enabling fast frame and packet bursting Disable channel switching for DFS This field displays only when you select 802 11a in the 802 11 Radio Mode field Select this if you do not want to use DFS Dyna...

Page 133: ...elps save current consumption of the access point DTIM Delivery Traffic Indication Message DTIM is the time period after which broadcast and multicast packets are transmitted to mobile clients in the...

Page 134: ...re shared key Configure WDS security and the relevant PSK in each of your other access point s Note Other APs must use the same encryption method to enable WDS security TKIP Select this to enable Temp...

Page 135: ...a bridge to interact with other R STP compliant bridges in your network to ensure that only one path exists between any two stations on the network Select the check box to activate STP on the NWA Ena...

Page 136: ...diplays Figure 79 Wireless MBSSID The following table describes the labels in this screen Table 26 Wireless MBSSID LABEL DESCRIPTION WLAN Interface Select which WLAN adapter you want to configure It i...

Page 137: ...hannel ID Set the operating frequency channel depending on your particular region To manually set the NWA to use a channel select a channel from the drop down list box Click MAINTENANCE and then the C...

Page 138: ...00 Full Power 50 25 12 5 or Minimum See the product specifications for more information on your NWA s output power Note Reducing the output power also reduces the NWA s effective broadcast radius Rate...

Page 139: ...e pre configured VoIP_SSID profile and another of which is always the pre configured Guest_SSID profile Configure SSID profiles in the SSID screen Enable Antenna Diversity Select this to use antenna d...

Page 140: ...mines the lowest cost spanning tree with STP it enables the root port and the ports that are the designated ports for connected LANs and disables all other ports that participate in STP Network packet...

Page 141: ...ther channel then resumes communications on the new channel 8 4 3 Roaming A wireless station is a device with an IEEE 802 11a b g compliant wireless interface An access point AP acts as a bridge betwe...

Page 142: ...less station moves between coverage areas Wireless stations can still associate with other APs even if you disable roaming Enabling roaming ensures correct traffic forwarding bridge tables are updated...

Page 143: ...on the access point the new access point must have the user profile for the wireless station The adjacent access points should use different radio channels when their coverage areas overlap All acces...

Page 144: ...Chapter 8 Wireless Configuration NWA 3500 NWA 3550 User s Guide 144...

Page 145: ...figure above the NWA has three SSID profiles configured a standard profile SSID04 a profile with high QoS settings for Voice over IP VoIP users VoIP_SSID and a guest profile that allows visitors acces...

Page 146: ...ings of your SSID profile you need to know the Media Access Control MAC addresses of the devices you want to allow access to it Each SSID profile references the settings configured in the following sc...

Page 147: ...D profile on the NWA SSID This field displays the name of the wireless profile on the network When a wireless client scans for an AP to associate with this is the name that is broadcast and seen in th...

Page 148: ...onfigure and click Edit to go to the SSID configuration screen Table 29 SSID LABEL DESCRIPTION Table 30 Configuring SSID LABEL DESCRIPTION Profile Name Displays the name identifying this profile SSID...

Page 149: ...value assigned to it it is assigned the default priority If you select ATC from the QoS list the NWA automatically assigns priority based on packet size If you select ATC WMM from the QoS list the NW...

Page 150: ...lications include both those that require a low level of latency and a low level of jitter such as Voice over IP or Internet gaming and those for which jitter alone is a problem such as Internet radio...

Page 151: ...M function prioritizes all packets transmitted onto the wireless network using WMM QoS and prioritizes all packets transmitted onto the wired network using ATC See Section 9 2 1 on page 148 for detail...

Page 152: ...size The following table shows how priorities are assigned for packets coming from the WLAN to the LAN when using ATC WMM 9 3 4 Type Of Service ToS Network traffic can be classified by setting the To...

Page 153: ...n the ToS octet so that non DiffServ compliant ToS enabled network device will not conflict with the DSCP mapping The DSCP value determines the forwarding behavior the PHB Per Hop Behavior that each p...

Page 154: ...uses for specific DSCP values Table 36 ToS and IEEE 802 1d to WMM QoS Priority Level Mapping DSCP VALUE WMM QOS PRIORITY LEVEL 224 192 voice 160 128 video 96 0 A A The NWA also uses best effort for a...

Page 155: ...re 86 Securing the Wireless Network In the figure above the NWA ZyXEL Device checks the identity of devices A and B before giving them access to the network In this scenario A is denied access to the...

Page 156: ...use the wireless network Furthermore there are ways for unauthorized wireless users to get a valid user name and password Then they can use that user name and password to use the wireless network You...

Page 157: ...which security mode the wireless client uses Passphrase A passphrase functions like a password In WEP security mode it is further converted by the NWA into a complicated string that is referred to as...

Page 158: ...able describes the labels in this screen Table 38 Wireless Security LABEL DESCRIPTION Index This is the index number of the security profile Profile Name This field displays a name given to a security...

Page 159: ...is screen to set the selected profile to Wired Equivalent Privacy WEP security mode Select WEP in the Security Mode field to display the following screen Figure 89 Security WEP The following table des...

Page 160: ...uto to have the NWA allow association with wireless clients that use Open System mode Data transfer is encrypted as long as the wireless client has the correct WEP key for encryption The NWA authentic...

Page 161: ...thenticatio n Timer Specify how often wireless stations have to resend user names and passwords in order to stay connected The default value is 0 which means the reauthentication off Note If wireless...

Page 162: ...this field ASCII Select this option to enter ASCII characters as the WEP keys Hex Select this option to enter hexadecimal characters as the WEP keys The preceding 0x is entered automatically Key 1 to...

Page 163: ...wireless station authentication is done using a RADIUS server the reauthentication timer on the RADIUS server has priority Idle Timeout The NWA automatically disconnects a wireless station from the wi...

Page 164: ...s priority Idle Timeout The NWA automatically disconnects a wireless station from the wired network after a period of inactivity The wireless station needs to enter the user name and password again be...

Page 165: ...the AP sends a new group key out to all clients The re keying process is the WPA equivalent of automatically changing the group key for an AP and all stations in a WLAN on a periodic basis Setting of...

Page 166: ...nisms used for WPA and WPA PSK are the same The only difference between the two is that WPA PSK uses a simple common password instead of user specific credentials Type a pre shared key from 8 to 63 ca...

Page 167: ...s clients then use WEP key encrypting A higher bit key offers better security You can manually enter 64 bit 128 bit or 152 bit WEP keys More information on Wireless Security can be found in Appendix A...

Page 168: ...Chapter 10 Wireless Security Screen NWA 3500 NWA 3550 User s Guide 168...

Page 169: ...that supports authentication authorization and accounting The access point is the client and the server is the RADIUS server Figure 95 RADIUS Server Setup In the figure above wireless clients A and U...

Page 170: ...onnected to the network Accounting which keeps track of the client s network activity RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the n...

Page 171: ...with the Index number above Primary Configure the fields below to set up user authentication and accounting Backup If the NWA cannot communicate with the Primary accounting server you can have the NWA...

Page 172: ...ield is not available when you select Internal Share Secret Enter a password up to 128 alphanumeric characters as the key to be shared between the external authentication server and the NWA The key mu...

Page 173: ...access the main network router B The router provides access to the Internet and the network printer D while preventing the client from accessing other computers and servers on the network The client c...

Page 174: ...page 175 to configure the MAC addresses of the wireless client AP computer or router to which you want to allow the associated wireless clients to have access 12 1 2 What You Need To Know About Layer...

Page 175: ...en appears as shown next Figure 98 Layer 2 Isolation The following table describes the labels in this screen Table 46 Layer 2 Isolation LABEL DESCRIPTION Index This is the index number of the profile...

Page 176: ...ofile in the Wireless SSID Edit screen of the relevant SSID profile Figure 99 Layer 2 Isolation Configuration Screen The following table describes the labels in this screen Table 47 Layer 2 Isolation...

Page 177: ...x number of the MAC address MAC Address Type the MAC addresses of the wireless client AP computer or router that you want to allow the associated wireless clients to have access to in these address fi...

Page 178: ...C Address field and enter File Server C in the Description field Figure 101 Layer 2 Isolation Example 1 Example 2 Restricting Access to Client In the following example wireless clients 1 and 2 can com...

Page 179: ...t because its MAC address is in the allowed association list specified in the NWA ZyXEL Device The MAC address of client A is either denied association or is not in the list of allowed wireless client...

Page 180: ...nce one MAC filter profile The NWA provides 16 MAC Filter profiles each of which can hold up to 128 MAC addresses Click Wireless MAC Filter The screen displays as shown 13 2 1 Configuring the MAC Filt...

Page 181: ...the filter action for the list of MAC addresses in the MAC address filter table Select Deny Association to block access to the router MAC addresses not listed will be allowed to access the router Sele...

Page 182: ...Chapter 13 MAC Filter Screen NWA 3500 NWA 3550 User s Guide 182...

Page 183: ...bove illustrates one possible setup of your NWA The gateway IP address is 192 168 1 1 and the IP address of the NWA is 192 168 1 2 default The gateway and the device must belong in the same subnet mas...

Page 184: ...access the NWA again Use fixed IP address Select this option if your NWA is using a static IP address When you select this option fill in the fields below IP Address Enter the IP address of your NWA i...

Page 185: ...ain your IP address from the IANA from an ISP or have it assigned by a private network If you belong to a small organization and your Internet access is through an ISP the ISP can provide you with the...

Page 186: ...Chapter 14 IP Screen NWA 3500 NWA 3550 User s Guide 186...

Page 187: ...antage of a rogue AP s weaker or non existent security to gain access to the network or set up their own rogue APs in order to capture information from wireless clients If a scan reveals a rogue AP yo...

Page 188: ...details of all IEEE 802 11a b g n wireless access points within the NWA s coverage area except for the NWA itself and the access points included in the friendly AP list 15 1 2 What You Need To Know Ab...

Page 189: ...gitimate network to pose a severe security threat In the following example an attacker X is stationed in a vehicle outside a company building using a rogue access point equipped with a powerful antenn...

Page 190: ...ust also enter a time value in the Period field Select No to turn rogue AP detection off Period minutes Enter the period you want the NWA to wait between scanning for rogue APs between 10 and 60 minut...

Page 191: ...a wireless access point to the list You must know the device s MAC address MAC Address Enter the MAC address of the AP you wish to add to the list Description Enter a short explanatory description ide...

Page 192: ...This field displays the last time the NWA scanned for the AP Description This is the description you entered when adding the AP to the list Delete Click this button to remove an AP s entry from the l...

Page 193: ...t time the NWA scanned for the AP Description If you want to move the AP s entry to the friendly AP list enter a short explanatory description identifying the AP before you click Add to Friendly AP Li...

Page 194: ...Chapter 15 Rogue AP Detection NWA 3500 NWA 3550 User s Guide 194...

Page 195: ...f the NWA s interfaces Remote Management allows a user to administrate the device over the network You can manage your NWA from a remote location via the following interfaces WLAN LAN Both WLAN and LA...

Page 196: ...s es a network systems manager can access the NWA 16 1 2 What You Need To Know About Remote Management The following terms and concepts may help as you read through this chapter Telnet Telnet is short...

Page 197: ...monitor managed devices SNMP allows a manager and agents to communicate for the purpose of accessing information such as packets received node port status etc Remote Management Limitations Remote man...

Page 198: ...reen Use this screen to configure your NWA for remote Telnet access You can use Telnet to access the NWA s Command Line Interface CLI Click REMOTE MGNT TELNET The following screen displays Figure 113...

Page 199: ...You must have certificates already configured in the Certificates My Certificates screen Server Port This is set to port 22 by default You can change the server port number for a service if needed how...

Page 200: ...t to port 21 by default You may change the server port number for a service if needed however you must use the same port number in order to use that service for remote management Server Access Select...

Page 201: ...ed computer that is allowed to communicate with the NWA using this service Select All to allow any computer to access the NWA using this service Choose Selected to just allow the computer with the IP...

Page 202: ...an allow only secure web configurator access by setting the HTTP Server Access field to Disable and setting the HTTPS Server Access field to an interface s Secured Client IP Address A secure client is...

Page 203: ...ION SNMP Configuration Get Community Enter the Get Community which is the password for the incoming Get and GetNext requests from the management station The default is public and allows all requests S...

Page 204: ...ve the NWA use the User account s security settings or select Admin to have the NWA use the Admin account s security settings Use the Configure SNMPv3 User Profile link to set up each account s securi...

Page 205: ...ble SNMPv3Admin Click this to activate the security settings for this Admin account User Name Enter the name you want to use for authentication with managers using SNMP v3 Password Enter the password...

Page 206: ...for authentication with managers using SNMP v3 Password Enter the password for the user name Confirm Password Retype the password for verification Access Type The default value for this is Get This a...

Page 207: ...an agent Trap Used by the agent to inform the manager of some events 16 6 2 Supported MIBs The NWA supports MIB II that is defined in RFC 1213 and RFC 1215 as well as the proprietary ZyXEL private MI...

Page 208: ...MIB whyReboot 1 3 6 1 4 1 890 1 5 1 3 0 1 This trap is sent with the reason for restarting before the system reboots warm start System reboot by user is added for an intentional reboot for example dow...

Page 209: ...NWA Z using its internal RADIUS server to control access to a wired network A wireless notebook A requests access by sending its credentials The NWA consults its internal RADIUS server s list of user...

Page 210: ...r The NWA has a built in RADIUS server that can authenticate wireless clients or other trusted APs Certificates are used by wireless clients to authenticate the RADIUS server These are digital signatu...

Page 211: ...valid certificate Send a certification request to a certification authority which then issues a certificate Use the My Certificate Import screen to import the certificate and replace the request SELF...

Page 212: ...ct this check box to have the NWA use the IP Address and Shared Secret to authenticate a trusted AP IP Address Type the IP address of the trusted AP in dotted decimal notation Shared Secret Enter a pa...

Page 213: ...es Reset Click Reset to begin configuring this screen afresh Table 62 Trusted AP Screen LABEL DESCRIPTION Table 63 Trusted Users LABEL DESCRIPTION This field displays the trusted user index number Act...

Page 214: ...ireless clients make access requests to trusted APs which relay the requests to the NWA Figure 122 Trusted APs Overview Password Type a password up to 31 ASCII characters for this user profile Note th...

Page 215: ...Protected EAP and MD5 authentication is implemented on the internal RADIUS server using simple username and password methods over a secure TLS connection See Appendix A on page 303 for more informati...

Page 216: ...Chapter 17 Internal RADIUS Server NWA 3500 NWA 3550 User s Guide 216...

Page 217: ...provide a way to exchange public keys for use in authentication Figure 123 Certificates Example 18 1 1 What You Can Do in the Certificates Screen Use the My Certificate screens see Chapter 18 on page...

Page 218: ...is Privacy Enhanced Mail format uses 64 ASCII characters to convert a binary X 509 certificate into a printable form Binary PKCS 7 This is a standard that defines the general syntax for data including...

Page 219: ...he request SELF represents a self signed certificate SELF represents the default self signed certificate which the NWA uses to sign imported trusted remote host certificates CERT represents a certific...

Page 220: ...lowing to delete a certificate that shows SELF in the Type field 1 Make sure that no other features such as HTTPS VPN SSH are configured to use the SELF certificate 2 Click the details icon next to an...

Page 221: ...Table 65 Certificates My Certificate Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it Browse Click Browse to find the cer...

Page 222: ...icate Create The following table describes the labels in this screen Table 66 Certificates My Certificate Create LABEL DESCRIPTION Certificate Name Type up to 31 ASCII characters not including spaces...

Page 223: ...te a self signed certificate Select Create a self signed certificate to have the NWA generate the certificate and act as the Certification Authority CA itself This way you do not need to apply to a ce...

Page 224: ...Certificate Management Protocol CMP is a TCP based enrollment protocol that was developed by the Public Key Infrastructure X 509 working group of the Internet Engineering Task Force IETF and is speci...

Page 225: ...ate s name In the case of a self signed certificate you can set it to be the one that the NWA uses to sign the trusted remote host certificates that you import to the NWA Click Certificates My Certifi...

Page 226: ...s the only one in the list The NWA does not trust the certificate and displays Not trusted in this field if any certificate on the path has expired or been revoked Refresh Click Refresh to display the...

Page 227: ...icate s path MD5 Fingerprint This is the certificate s message digest that the NWA calculated using the MD5 algorithm SHA1 Fingerprint This is the certificate s message digest that the NWA calculated...

Page 228: ...field displays the certificate index number The certificates are listed in alphabetical order Name This field displays the name used to identify this certificate Subject This field displays identifyi...

Page 229: ...to have the NWA check the CRL before trusting any certificates issued by the certification authority Otherwise the field displays No Details Click Details to view in depth information about the certi...

Page 230: ...fore trusting a certificate issued by the certification authority Click Certificates Trusted CAs to open the Trusted CAs screen Click the details icon to open the Trusted CAs Details screen Figure 130...

Page 231: ...tion path Certificate Information These read only fields display detailed information about the certificate Type This field displays general information about the certificate CA signed means that a Ce...

Page 232: ...st s actual certificate because the NWA has signed the certificate thus causing this value to be different from that of the remote host s actual certificate See Section 18 1 2 on page 218 for how to v...

Page 233: ...n altered by anyone else along the way Tim generates a public key pair one public key and one private key 2 Tim keeps the private key and makes the public key openly available This means that anyone w...

Page 234: ...our computer 2 Make sure that the certificate has a cer or crt file name extension Figure 131 Certificates on Your Computer 3 Double click the certificate s icon to open the Certificate window Click t...

Page 235: ...e or origin can be traced Logs are also essential for auditing and keeping track of changes made by users Figure 133 Accessing Logs in the Network The figure above illustrates three ways to access log...

Page 236: ...black Receiving Logs via Email If you want to receive logs in your email account you need to have the necessary details ready such as the Server Name or SMPT Address of your email account Ensure that...

Page 237: ...in the Log Settings page Index This field displays the log entry index number Time This field displays the time the log was recorded Message This field states the reason for the log Source This field...

Page 238: ...r s Guide 238 19 3 The Log Settings Screen Use this screen to configure where and when the NWA will send the logs and which logs and or immediate alerts to send Click Logs Log Settings The following s...

Page 239: ...ng Syslog logging sends a log to an external syslog server used to store logs Active Click Active to enable syslog logging Syslog IP Address Enter the server name or IP address of the syslog server th...

Page 240: ...SAGE DESCRIPTION Time calibration is successful The NWA has adjusted its time based on information from the time server Time calibration failed The NWA failed to get information from the time server D...

Page 241: ...datagrams for the Network 1 Redirect datagrams for the Host 2 Redirect datagrams for the Type of Service and Network 3 Redirect datagrams for the Type of Service and Host 8 Echo 0 Echo message 11 Time...

Page 242: ...the settings in the NWA you must do this in order to record logs 19 4 4 Displaying Logs Use the sys logs display command to show all of the logs in the NWA s log Use the sys logs category display comm...

Page 243: ...mple shows how to set the NWA to record the error logs and alerts and then view the results ras sys logs load ras sys logs category error 3 ras sys logs save ras sys logs display access time source de...

Page 244: ...Chapter 19 Log Screens NWA 3500 NWA 3550 User s Guide 244...

Page 245: ...ove the NWA allows station A to connect to the internet but not to the server It allows station B to connect to the server but not to the Internet 20 1 1 What You Can Do in the VLAN Screen Use the Wir...

Page 246: ...ed on the settings in the Wireless VLAN screen See Section 20 3 3 on page 253 for more information Note To use RADIUS VLAN you must first select Enable VIRTUAL LAN and configure the Management VLAN ID...

Page 247: ...n this screen Table 77 VLAN Wireless VLAN FIELD DESCRIPTION VIRTUAL LAN Setup Enable VIRTUAL LAN Select this box to enable VLAN tagging Wireless VIRTUAL LAN Setup Management VLAN ID Enter a number fro...

Page 248: ...ID they use to connect to the NWA Index This is the index number of the SSID profile Name This is the name of the SSID profile SSID This is the SSID the profile uses VLAN ID Enter a VLAN ID number fro...

Page 249: ...ame field When you select this check box only users with names configured in this screen can access the network through the NWA VLAN Mapping Table Use this table to map names to VLAN IDs so that the R...

Page 250: ...LAN VLAN ID 1 The following procedure shows you how to configure a tagged VLAN Note Use the out of band management port or console port to configure the switch if you misconfigure the management VLAN...

Page 251: ...lowing steps in the switch web configurator 1 Click VLAN under Advanced Application 2 Click Static VLAN 3 Select the ACTIVE check box 4 Type a Name for the VLAN ID 5 Type a VLAN Group ID This should b...

Page 252: ...ions in the Quick Start Guide to set up your NWA for configuration The NWA should be connected to the VLAN aware switch In the above example the switch is using port 1 to connect to your computer and...

Page 253: ...aware device you will lock yourself out of the NWA If this happens you must reset the NWA to access it again 20 3 3 Configuring Microsoft s IAS Server Example Dynamic VLAN assignment can be used with...

Page 254: ...nd 4094 4c If a or b are not matched the NWA uses the VLAN ID configured in the WIRELESS VLAN screen and the wireless station This VLAN ID is independent and hence different to the ID in the VLAN scre...

Page 255: ...rmine which user accounts belong to which VLAN groups Click the Add button and configure the VLAN group details 3 Repeat the previous step to add each VLAN group required Figure 145 Add Group Members...

Page 256: ...general at the bottom For example if the Day And Time Restriction policy is still present it should be moved to the bottom or deleted to allow the VLAN Group policies to take precedence 1a Right click...

Page 257: ...splays Select a remote access policy and click the Add button The policy is added to the field below Only one VLAN Group should be associated with each policy 5 Click OK and Next in the next few scree...

Page 258: ...dit Dial in Profile screen displays Click the Authentication tab and select the Extensible Authentication Protocol check box 7a Select an EAP type depending on your authentication needs from the drop...

Page 259: ...51 Encryption Tab Settings 9 Click the IP tab and select the Client may request an IP address check box for DHCP support 10 Click the Advanced tab The current default parameters returned to the NWA sh...

Page 260: ...el Medium Type Tunnel Pvt Group ID Tunnel Type 11a Click the Add button 11b Select Tunnel Medium Type 11c Click the Add button Figure 153 RADIUS Attribute Screen 12 The Enumerable Attribute Informatio...

Page 261: ...for this policy This Name should match a name in the VLAN mapping table on the NWA Wireless stations belonging to the VLAN Group specified in this policy will be given a VLAN ID specified in the NWA...

Page 262: ...17a Click the Close button 17b The completed Advanced tab configuration should resemble the following screen Figure 157 Completed Advanced Tab Note Repeat the Configuring Remote Access Policies proce...

Page 263: ...ith a VLAN ID incoming VLAN ID These incoming VLAN packets are forwarded to the NWA The NWA compares the VLAN ID in the packet header with each SSID s configured VLAN ID and second Rx VLAN ID settings...

Page 264: ...o restore the default configuration file 4 Select the SSID profile you want to configure SSID03 in this example and enter the VLAN ID number between 1 and 4094 5 Enter a Second Rx VLAN ID The followin...

Page 265: ...connect choose this option For example if your company s graphic design team has their own NWA and they have 10 computers you can load balance for 10 Later if someone from the sales department visits...

Page 266: ...for their turn or get shunted to the nearest identical AP The following figure depicts an NWA with a hard bandwidth limit of 6 Megabits per second Mbps Bandwidth up to 6 Mbps is considered balanced Mo...

Page 267: ...en appears Figure 161 Load Balancing The following table describes the labels in this screen Table 80 Load Balancing FIELD DESCRIPTION Enable Load Balancing Select this option to turn on wireless load...

Page 268: ...en it becomes overloaded If you set this option to Disable then the AP simply delays the connection until it can afford the bandwidth it requires or it shunts the connection to another AP within its b...

Page 269: ...ck the connections that are pushing it over its balanced bandwidth allotment Figure 163 Kicking a Connection Connections are kicked based on either idle timeout or signal strength The NWA first looks...

Page 270: ...Chapter 21 Load Balancing NWA 3160 Series User s Guide 270...

Page 271: ...given area they introduce the possibility of heightened radio interference especially if some or all of them are broadcasting on the same radio channel This can make accessing the network potentially...

Page 272: ...h channels are currently unused then set your device to use one of them But with Dynamic Channel Selection the NWA does this automatically 22 2 The DCS Screen Use this screen to configure your Dynamic...

Page 273: ...he sensitivity level the more frequently the NWA switches channels As a consequence anyone connected to the NWA will experience more frequent disconnects and reconnects DCS Client Aware Select Enable...

Page 274: ...Chapter 22 Dynamic Channel Selection NWA 3160 Series User s Guide 274...

Page 275: ...t screen Section 23 5 on page 278 to view the wireless stations that are currently associated with the NWA Use the Channel Usage screen Section 23 6 on page 279 to view whether a channel is used by an...

Page 276: ...following table describes the labels in this screen 23 4 1 Show Statistics Screen Use this screen to view diagnostic information about the NWA Click Maintenance Show Statistics The following screen po...

Page 277: ...ode Full duplex refers to a device s ability to send and receive simultaneously while half duplex indicates that traffic can flow in only one direction at a time The Ethernet port must use the same sp...

Page 278: ...status of the bridge connection which can be Up or Down TxPkts This is the number of transmitted packets on the wireless bridge RxPkts This is the number of received packets on the wireless bridge Po...

Page 279: ...ignal This field displays the RSSI Received Signal Strength Indicator of the wireless connection WDS Link This section displays only when bridge mode is activated on one of the NWA s WLAN adaptors Lin...

Page 280: ...e Set IBSS as one that doesn t See the chapter on wireless configuration for more information on basic service sets BSS and extended service sets ESS MAC Address This field displays the MAC address of...

Page 281: ...t In some operating systems you may see the following icon on your desktop Figure 172 Network Temporarily Disconnected After two minutes log in again and check your new firmware version in the System...

Page 282: ...backup or upload your NWA s configuration file You can also reset the configuration of your device in this screen Click Maintenance Configuration The following figure displays Figure 174 Maintenance C...

Page 283: ...minute before logging into the NWA again Figure 175 Configuration Upload Successful The NWA automatically restarts in this time causing a temporary network disconnect In some operating systems you may...

Page 284: ...Upload Error 23 8 3 Back to Factory Defaults Pressing the Reset button in this section clears all user entered configuration information and returns the NWA to its factory defaults as shown on the sc...

Page 285: ...Maintenance NWA 3500 NWA 3550 User s Guide 285 Click Maintenance Restart The following screen displays Click Restart to have the NWA reboot This does not affect the NWA s configuration Figure 179 Rest...

Page 286: ...Chapter 23 Maintenance NWA 3500 NWA 3550 User s Guide 286...

Page 287: ...287 PART III Troubleshooting and Specifications Troubleshooting 289 Product Specifications 297...

Page 288: ...288...

Page 289: ...ons and LEDs The NWA does not turn on None of the LEDs turn on Make sure you are using the power adaptor or cord included with the NWA Make sure the power adaptor or cord is connected to the NWA and p...

Page 290: ...ur NWA s System Name enter it in your browser s URL bar The default System Name is NWA Series See Section 7 2 on page 111 for information on locating and changing the NWA s System Name Note If you cha...

Page 291: ...NWA skip this step If there is no DHCP server on your network make sure your computer s IP address is in the same subnet as the NWA Reset the device to its factory defaults and try to access the NWA...

Page 292: ...ow set to none I cannot use FTP to upload download the configuration file I cannot use FTP to upload new firmware See the troubleshooting suggestions for I cannot see or access the Login screen in the...

Page 293: ...secondary controller AP cannot configure any of the managed APs However it still has to be turned on to synchronize with the primary controller AP s latest settings Be sure you update the primary cont...

Page 294: ...with the NWA but my Internet connection is not available anymore Check the hardware connections and make sure the LEDs are behaving as expected See the Quick Start Guide and Section 1 7 on page 34 Re...

Page 295: ...and your wireless station are using the same wireless and wireless security settings Make sure traffic between the WLAN and the LAN is not blocked by the firewall on the NWA Make sure you allow the N...

Page 296: ...Chapter 24 Troubleshooting NWA 3500 NWA 3550 User s Guide 296...

Page 297: ...cables Power over Ethernet PoE IEEE 802 3af compliant Antenna Specifications Two external antenna connectors N Type Output Power IEEE 802 11b g 17 dBm IEEE 802 11a 14 dBm Operating Environment Tempera...

Page 298: ...s associated with your NWA from communicating with other wireless clients APs computers or routers in a network Multiple BSSID MBSSID MBSSID mode allows the NWA to operate up to 8 different wireless n...

Page 299: ...ded FTP and TFTP Servers The embedded FTP and TFTP servers enable fast firmware upgrades as well as configuration file backups and restoration Auto Configuration Administrators can use text configurat...

Page 300: ...try Canada RSS 210 Australia AS NZS 4268 EMC EMI USA FCC Part 15 Subpart B EU EN 301 489 17 V1 2 1 08 2002 EN 55022 2006 Canada ICES 003 Australia AS NZS CISPR22 EMC EMS EU EN 301 489 1 V1 5 1 11 2004...

Page 301: ...in dBi 8 9 14 18 6 8 8 18 Max VSWR 2 0 1 1 5 1 1 5 1 1 5 1 2 0 1 2 0 1 2 0 1 2 0 1 HPBW Horizontal 360 65 30 15 65 50 360 18 HPBW Vertical 15 60 30 5 75 50 20 18 Impedance Ohm 50 50 50 50 50 50 50 Con...

Page 302: ...N PLUG to N PLUG for 6M 91 005 075002G N PLUG to N PLUG for 9M 91 005 075003G N PLUG to N PLUG for 12M 91 005 075004G N PLUG to N PLUG for 1M LMR 200 91 005 074001G N PLUG to RP SMA PLUG for 3M 91 005...

Page 303: ...ing Up Your Computer s IP Address 305 Wireless LANs 331 Pop up Windows JavaScripts and Java Permissions 347 Importing Certificates 355 IP Addresses and Subnetting 381 Text File Based Auto Configuratio...

Page 304: ...304...

Page 305: ...P 2000 Mac OS 9 OS X and all versions of UNIX LINUX include the software components you need to use TCP IP on your computer If you manually assign IP information instead of using a dynamic IP make sur...

Page 306: ...Up Your Computer s IP Address NWA 3500 NWA 3550 User s Guide 306 1 Click Start Control Panel Figure 180 Windows XP Start Menu 2 In the Control Panel click the Network Connections icon Figure 181 Windo...

Page 307: ...Guide 307 3 Right click Local Area Connection and then select Properties Figure 182 Windows XP Control Panel Network Connections Properties 4 On the General tab select Internet Protocol TCP IP and the...

Page 308: ...P address that was assigned to you by your network administrator or ISP You may also have to enter a Preferred DNS server and an Alternate DNS server if that information was provided 7 Click OK to clo...

Page 309: ...ection shows screens from Windows Vista Professional 1 Click Start Control Panel Figure 185 Windows Vista Start Menu 2 In the Control Panel click the Network and Internet icon Figure 186 Windows Vista...

Page 310: ...connections Figure 188 Windows Vista Network and Sharing Center 5 Right click Local Area Connection and then select Properties Figure 189 Windows Vista Network and Sharing Center Note During this pro...

Page 311: ...x A Setting Up Your Computer s IP Address NWA 3500 NWA 3550 User s Guide 311 6 Select Internet Protocol Version 4 TCP IPv4 and then select Properties Figure 190 Windows Vista Local Area Connection Pro...

Page 312: ...atic IP address that was assigned to you by your network administrator or ISP You may also have to enter a Preferred DNS server and an Alternate DNS server if that information was provided Click Advan...

Page 313: ...e 313 Mac OS X 10 3 and 10 4 The screens in this section are from Mac OS X 10 4 but can also apply to 10 3 1 Click Apple System Preferences Figure 192 Mac OS X 10 4 Apple Menu 2 In the System Preferen...

Page 314: ...rences pane opens select Built in Ethernet from the network connection type list and then click Configure Figure 194 Mac OS X 10 4 Network Preferences 4 For dynamically assigned settings select Using...

Page 315: ...tatically assigned settings do the following From the Configure IPv4 list select Manually In the IP Address field type your IP address In the Subnet Mask field type your subnet mask In the Router fiel...

Page 316: ...tings Check your TCP IP properties by clicking Applications Utilities Network Utilities and then selecting the appropriate Network Interface from the Info tab Figure 197 Mac OS X 10 4 Network Utility...

Page 317: ...Appendix A Setting Up Your Computer s IP Address NWA 3500 NWA 3550 User s Guide 317 2 In System Preferences click the Network icon Figure 199 Mac OS X 10 5 Systems Preferences...

Page 318: ...ist of available connection types Figure 200 Mac OS X 10 5 Network Preferences Ethernet 4 From the Configure list select Using DHCP for dynamically assigned settings 5 For statically assigned settings...

Page 319: ...tting Up Your Computer s IP Address NWA 3500 NWA 3550 User s Guide 319 In the Router field enter the IP address of your NWA Figure 201 Mac OS X 10 5 Network Preferences Ethernet 6 Click Apply and clos...

Page 320: ...Linux Ubuntu 8 GNOME This section shows you how to configure your computer s TCP IP settings in the GNU Object Model Environment GNOME using the Ubuntu 8 Linux distribution The procedure screens and f...

Page 321: ...ure 203 Ubuntu 8 System Administration Menu 2 When the Network Settings window opens click Unlock to open the Authenticate window By default the Unlock button is greyed out until clicked You cannot ma...

Page 322: ...icate window enter your admin account name and password then click the Authenticate button Figure 205 Ubuntu 8 Administrator Account Authentication 4 In the Network Settings window select the connecti...

Page 323: ...operties In the Configuration list select Automatic Configuration DHCP if you have a dynamic IP address In the Configuration list select Static IP address if you have a static IP address Fill in the I...

Page 324: ...in the Network Settings window and then enter the DNS server information in the fields provided Figure 208 Ubuntu 8 Network Settings DNS 8 Click the Close button to apply the changes Verifying Setting...

Page 325: ...w to configure your computer s TCP IP settings in the K Desktop Environment KDE using the openSUSE 10 3 Linux distribution The procedure screens and file locations may vary depending on your specific...

Page 326: ...500 NWA 3550 User s Guide 326 1 Click K Menu Computer Administrator Settings YaST Figure 210 openSUSE 10 3 K Menu Computer Menu 2 When the Run as Root KDE su dialog opens enter the admin password and...

Page 327: ...window opens select Network Devices and then click the Network Card icon Figure 212 openSUSE 10 3 YaST Control Center 4 When the Network Settings window opens click the Overview tab select the approp...

Page 328: ...click the Address tab Figure 214 openSUSE 10 3 Network Card Setup 6 Select Dynamic Address DHCP if you have a dynamic IP address Select Statically assigned IP Address if you have a static IP address F...

Page 329: ...r s Guide 329 8 If you know your DNS server IP address es click the Hostname DNS tab in Network Settings and then enter the DNS server information in the fields provided Figure 215 openSUSE 10 3 Netwo...

Page 330: ...on the Task bar to check your TCP IP properties From the Options sub menu select Show Connection Information Figure 216 openSUSE 10 3 KNetwork Manager When the Connection Status KNetwork Manager wind...

Page 331: ...endent network which is commonly referred to as an ad hoc network or Independent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an...

Page 332: ...xtended Service Set ESS consists of a series of overlapping BSSs each containing an access point with each access point connected together by a wired network This wired connection between APs is calle...

Page 333: ...t AP access point to reduce interference Interference occurs when radio signals from different access points overlap causing interference and degrading performance Adjacent channels partially overlap...

Page 334: ...must first send an RTS Request To Send message to the AP for permission to send it The AP then responds with a CTS Clear to Send message to all other stations within its range to notify them to defer...

Page 335: ...ngth of the synchronization field in a packet Short preamble increases performance as less time sending preamble means more time for sending data All IEEE 802 11b g compliant wireless adapters support...

Page 336: ...igure shows the relative effectiveness of these wireless security methods available on your NWA Note You must enable the same wireless security settings on the NWA and on all wireless clients that you...

Page 337: ...the wireless clients RADIUS RADIUS is based on a client server model that supports authentication authorization and accounting The access point is the client and the server is the RADIUS server The R...

Page 338: ...and LEAP Your wireless LAN device may not support all authentication types EAP Extensible Authentication Protocol is an authentication protocol that runs on top of the IEEE 802 1x transport mechanism...

Page 339: ...ssive attacks A digital certificate is an electronic ID card that authenticates the sender s identity However to implement EAP TLS you need a Certificate Authority CA to handle certificates which impo...

Page 340: ...A2 Wi Fi Protected Access WPA is a subset of the IEEE 802 11i standard WPA2 IEEE 802 11i is a wireless security standard that defines stronger encryption authentication and key management than WPA Key...

Page 341: ...Pairwise Master Key PMK key to the AP that then sets up a key hierarchy and management system using the PMK to dynamically generate unique data encryption keys to encrypt every data packet that is wi...

Page 342: ...tication enables fast roaming by allowing the wireless client already connecting to an AP to perform IEEE 802 1x authentication with another AP before connecting to it Wireless Client WPA Supplicants...

Page 343: ...wireless clients Figure 222 WPA 2 with RADIUS Application Example WPA 2 PSK Application Example A WPA 2 PSK application looks as follows 1 First enter identical passwords into the AP and all wireless...

Page 344: ...ol type MAC address filters are not dependent on how you configure these security features Table 99 Wireless Security Relational Matrix AUTHENTICATION METHOD KEY MANAGEMENT PROTOCOL ENCRYPTIO N METHOD...

Page 345: ...overage area Antenna Gain Antenna gain measured in dB decibel is the increase in coverage within the RF beam width Higher antenna gain improves the range of the signal for better communications For an...

Page 346: ...grees very directional to 120 degrees less directional Directional antennas are ideal for hallways and outdoor point to point applications Positioning Antennas In general antennas should be mounted as...

Page 347: ...rnet Explorer versions may vary Internet Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Ser...

Page 348: ...x in the Pop up Blocker section of the screen This disables any web pop up blockers you may have enabled Figure 225 Internet Options Privacy 3 Click Apply to save this setting Enable pop up Blockers w...

Page 349: ...00 NWA 3550 User s Guide 349 2 Select Settings to open the Pop up Blocker Settings screen Figure 226 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to...

Page 350: ...ck Add to move the IP address to the list of Allowed sites Figure 227 Pop up Blocker Settings 5 Click Close to return to the Privacy screen 6 Click Apply to save this setting JavaScripts If pages of t...

Page 351: ...xplorer click Tools Internet Options and then the Security tab Figure 228 Internet Options Security 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that E...

Page 352: ...lick OK to close the window Figure 229 Security Settings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button...

Page 353: ...s NWA 3500 NWA 3550 User s Guide 353 5 Click OK to close the window Figure 230 Security Settings Java JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make su...

Page 354: ...Appendix C Pop up Windows JavaScripts and Java Permissions NWA 3500 NWA 3550 User s Guide 354 3 Click OK to close the window Figure 231 Java Sun...

Page 355: ...cates These can be used by web browsers on a LAN or WAN to verify that they are in fact connecting to the legitimate device and not one masquerading as it However because the certificates were not iss...

Page 356: ...the first time you browse to it you are presented with a certification error Figure 232 Internet Explorer 7 Certification Error 2 Click Continue to this website not recommended Figure 233 Internet Ex...

Page 357: ...A 3500 NWA 3550 User s Guide 357 4 In the Certificate dialog box click Install Certificate Figure 235 Internet Explorer 7 Certificate 5 In the Certificate Import Wizard click Next Figure 236 Internet...

Page 358: ...matically select certificate store based on the type of certificate click Next again and then go to step 9 Figure 237 Internet Explorer 7 Certificate Import Wizard 7 Otherwise select Place all certifi...

Page 359: ...t Certificate Store dialog box choose a location in which to save the certificate and then click OK Figure 239 Internet Explorer 7 Select Certificate Store 9 In the Completing the Certificate Import W...

Page 360: ...lly click OK when presented with the successful certificate installation message Figure 242 Internet Explorer 7 Certificate Import Wizard 12 The next time you start Internet Explorer and go to a ZyXEL...

Page 361: ...one has been issued to you 1 Double click the public key certificate file Figure 244 Internet Explorer 7 Public Key Certificate File 2 In the security warning dialog box click Open Figure 245 Interne...

Page 362: ...00 NWA 3550 User s Guide 362 1 Open Internet Explorer and click Tools Internet Options Figure 246 Internet Explorer 7 Tools Menu 2 In the Internet Options dialog box click Content Certificates Figure...

Page 363: ...icates Authorities tab select the certificate that you want to delete and then click Remove Figure 248 Internet Explorer 7 Certificates 4 In the Certificates confirmation click Yes Figure 249 Internet...

Page 364: ...following example uses Mozilla Firefox 2 on Windows XP Professional however the screens can also apply to Firefox 2 on all platforms 1 If your device s web configurator is set to use SSL certificatio...

Page 365: ...the address bar which you can click to open the Page Info Security window to view the web page s security information Figure 252 Firefox 2 Page Info Installing a Stand Alone Certificate File in Firefo...

Page 366: ...Certificates NWA 3500 NWA 3550 User s Guide 366 1 Open Firefox and click Tools Options Figure 253 Firefox 2 Tools Menu 2 In the Options dialog box click Advanced Encryption View Certificates Figure 2...

Page 367: ...tes Import Figure 255 Firefox 2 Certificate Manager 4 Use the Select File dialog box to locate the certificate and then click Open Figure 256 Firefox 2 Select File 5 The next time you visit the web si...

Page 368: ...ng a Certificate in Firefox This section shows you how to remove a public key certificate in Firefox 2 1 Open Firefox and click Tools Options Figure 257 Firefox 2 Tools Menu 2 In the Options dialog bo...

Page 369: ...e Figure 259 Firefox 2 Certificate Manager 4 In the Delete Web Site Certificates dialog box click OK Figure 260 Firefox 2 Delete Web Site Certificates 5 The next time you go to the web site that issue...

Page 370: ...time you browse to it you are presented with a certification error 2 Click Install to accept the certificate Figure 261 Opera 9 Certificate signer not found 3 The next time you visit the web site clic...

Page 371: ...nd Alone Certificate File in Opera Rather than browsing to a ZyXEL web configurator and installing a public key certificate when prompted you can install a stand alone certificate file if one has been...

Page 372: ...Appendix D Importing Certificates NWA 3500 NWA 3550 User s Guide 372 2 In Preferences click Advanced Security Manage certificates Figure 264 Opera 9 Preferences...

Page 373: ...NWA 3550 User s Guide 373 3 In the Certificates Manager click Authorities Import Figure 265 Opera 9 Certificate manager 4 Use the Import certificate dialog box to locate the certificate and then click...

Page 374: ...stall authority certificate 6 Next click OK Figure 268 Opera 9 Install authority certificate 7 The next time you visit the web site click the padlock in the address bar to open the Security informatio...

Page 375: ...porting Certificates NWA 3500 NWA 3550 User s Guide 375 1 Open Opera and click Tools Preferences Figure 269 Opera 9 Tools Menu 2 In Preferences Advanced Security Manage certificates Figure 270 Opera 9...

Page 376: ...ificate you just removed a certification error appears Note There is no confirmation when you delete a certificate authority so be absolutely certain that you want to go through with it before clickin...

Page 377: ...queror 3 5 Server Authentication 3 Click Forever when prompted to accept the certificate Figure 273 Konqueror 3 5 Server Authentication 4 Click the padlock in the address bar to open the KDE SSL Infor...

Page 378: ...en prompted you can install a stand alone certificate file if one has been issued to you 1 Double click the public key certificate file Figure 275 Konqueror 3 5 Public Key Certificate File 2 In the Ce...

Page 379: ...security details Removing a Certificate in Konqueror This section shows you how to remove a public key certificate in Konqueror 3 5 1 Open Konqueror and click Settings Configure Konqueror Figure 278...

Page 380: ...e next time you go to the web site that issued the public key certificate you just removed a certification error appears Note There is no confirmation when you remove a certificate authority so be abs...

Page 381: ...mber and the other part is the host ID In the same way that houses on a street share a common street name the hosts on a network share a common network number Similarly as each house has its own house...

Page 382: ...and which bits are part of the host ID using a logical AND operation The term subnet is short for sub network A subnet mask has 32 bits If a bit in the subnet mask is a 1 then the corresponding bit in...

Page 383: ...k number determines the maximum number of possible hosts you can have on your network The larger the number of network number bits the smaller the number of remaining host ID bits An IP address with h...

Page 384: ...ess For example 192 1 1 0 25 is equivalent to saying 192 1 1 0 with subnet mask 255 255 255 128 The following table shows some possible subnet masks using both notations Table 102 Maximum Host Numbers...

Page 385: ...s is 192 168 1 0 The first three octets of the address 192 168 1 are the network number and the remaining octet is the host ID allowing a maximum of 28 2 or 254 possible hosts The following figure sho...

Page 386: ...55 255 128 is subnet A itself and 192 168 1 127 with mask 255 255 255 128 is its broadcast address Therefore the lowest IP address that can be assigned to an actual host for subnet A is 192 168 1 1 an...

Page 387: ...UMBER LAST OCTET BIT VALUE IP Address 192 168 1 64 IP Address Binary 11000000 10101000 00000001 01000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 64 Lowest Host...

Page 388: ...192 168 1 255 Highest Host ID 192 168 1 254 Table 107 Subnet 4 continued IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE Table 108 Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BR...

Page 389: ...vate use please do not use any other number unless you are told otherwise You must also enable Network Address Translation NAT on the NWA Once you have decided on the network number pick an IP address...

Page 390: ...works 10 0 0 0 10 255 255 255 172 16 0 0 172 31 255 255 192 168 0 0 192 168 255 255 You can obtain your IP address from the IANA from an ISP or it can be assigned from a private network If you belong...

Page 391: ...ew You can use plain text configuration files to configure the wireless LAN settings on multiple APs The AP can automatically get a configuration file from a TFTP server at startup or after renewing D...

Page 392: ...ad the file from the specified TFTP server The AP then uses the file to configure wireless LAN settings Note Not all DHCP servers allow you to specify options 66 and 67 Manual Configuration Use the fo...

Page 393: ...e must use the following format Figure 284 Configuration File Format The first line must be ZYXEL PROWLAN Table 113 Configuration via SNMP STEPS MIB VARIABLE VALUE Step 1 pwTftpServer Set the IP addre...

Page 394: ...age with the line number and reason for the first error subsequent errors during the processing of an individual configuration file are not recorded You can use SNMP management software to display the...

Page 395: ...index 1 wcfg security save wcfg ssid 1 name ssid wep wcfg ssid 1 security Test wep wcfg ssid 1 l2iolation disable wcfg ssid 1 macfilter disable wcfg ssid save ZYXEL PROWLAN VERSION 12 wcfg security 2...

Page 396: ...Test wpapsk wcfg security 3 mode wpapsk wcfg security 3 passphrase qwertyuiop wcfg security 3 reauthtime 1800 wcfg security 3 idletime 3600 wcfg security 3 groupkeytime 1800 wcfg security save wcfg ss...

Page 397: ...Test 8021x wcfg ssid 2 radius radius rd wcfg ssid 3 name ssid wpapsk wcfg ssid 3 security Test wpapsk wcfg ssid 4 name ssid wpa2psk wcfg ssid 4 security Test wpa2psk wcfg ssid save line starting with...

Page 398: ...Appendix F Text File Based Auto Configuration NWA 3500 NWA 3550 User s Guide 398...

Page 399: ...arising out of the application or use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the...

Page 400: ...evision reception which can be determined by turning the device off and on the user is encouraged to try to correct the interference by one or more of the following measures 1 Reorient or relocate the...

Page 401: ...yXEL Limited Warranty ZyXEL warrants to the original end user purchaser that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase...

Page 402: ...e or purpose ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser To obtain the services of this warranty contact your vendor You may also refer to...

Page 403: ...thentication server 23 auto configuration 391 auto configuration status 394 B backup 282 Basic Service Set 120 see BSS bridge 25 28 Bridge Protocol Data Units BPDUs 140 Bridge Repeater 24 25 BSS 28 29...

Page 404: ...FCC interference statement 399 file version 393 filtering 23 firmware file maintenance 276 fragmentation threshold 335 friendly AP list 189 191 FTP 32 197 restrictions 197 G general setup 111 guest S...

Page 405: ...ity Check MIC 341 mobile access 23 mode 24 N NAT 389 network 23 network access 23 network bridge 25 network number 110 network traffic 23 O operating mode 24 out of band management 250 P Pairwise Mast...

Page 406: ...ath costs 140 STP port states 141 STP terminology 140 subnet 381 subnet mask 110 298 382 subnetting 385 syntax conventions 5 system name 111 system timeout 198 T tagged VLAN example 250 telnet 198 tem...

Page 407: ...interface 24 WMM 149 WPA 23 340 key caching 342 pre authentication 342 user authentication 342 vs WPA PSK 341 wireless client supplicant 342 with RADIUS application example 342 WPA2 23 340 user authe...

Page 408: ...Index NWA 3500 NWA 3550 User s Guide 408...

Reviews:

No comments

Related manuals for NWA-3550

Express Ethernetwork DI-704P

Brand: D-Link Pages: 17

Brand: Javad Pages: 35

Nighthawk M6 Pro

Brand: AT&T Pages: 2

Brand: IEI Technology Pages: 86

Lite N42B1P Series

Brand: Dahua Technology Pages: 14

IMACS Network Device

Brand: Zhone Pages: 114

Brand: Tripp Lite Pages: 3

Brand: Edimax Pages: 15

Brand: Paradyne Pages: 108

Brand: DHD Power Cruiser Pages: 60

SteelCentral NetExpress 470

Brand: Riverbed Pages: 140

Brand: Garderos Pages: 21

Brand: Proxim Pages: 65

OFFICEBRIDGE ONLINE

Brand: Muratec Pages: 220

Brand: Eagle Eye Pages: 61

QuecOpen BG952A-GL

Brand: Quectel Pages: 80

Brand: SoftBank Pages: 2

Brand: Riverstone Networks Pages: 103

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands