Home
/
ZyXEL Communications
/
NWA1000 Series
/
User Manual

ZyXEL Communications NWA1000 Series, User Manual, Page: 212 / 263

Share

Page: 212 / 263

ZyXEL Communications NWA1000 Series User Manual Download Page 212

NWA1000 Series User’s Guide

212

A

PPENDIX

A

Importing Certificates

This appendix shows you how to import public key certificates into your web browser.

Public key certificates are used by web browsers to ensure that a secure web site is legitimate. When a
certificate authority such as VeriSign, Comodo, or Network Solutions, to name a few, receives a
certificate request from a website operator, they confirm that the web domain and contact information
in the request match those on public record with a domain name registrar. If they match, then the
certificate is issued to the website operator, who then places it on the site to be issued to all visiting web
browsers to let them know that the site is legitimate.

Many Zyxel products, such as the NWA1000 Series, issue their own public key certificates. These can be
used by web browsers on a LAN or WAN to verify that they are in fact connecting to the legitimate
device and not one masquerading as it. However, because the certificates were not issued by one of
the several organizations officially recognized by the most common web browsers, you will need to
import the Zyxel-created certificate into your web browser and flag that certificate as a trusted
authority.

Note: You can see if you are browsing on a secure website if the URL in your web browser’s

address bar begins with

https://

or there is a sealed padlock icon (

) somewhere

in the main browser window (not all browsers show the padlock in the same location).

Google Chrome

The following example uses Google Chrome on Windows 7. You first have to store the certificate in your
computer and then install it as a Trusted Root CA, as shown in the following tutorials.

«
...
210
211
212
213
214
...
»

Summary of Contents for NWA1000 Series

Page 1: ...User s Guide NWA1000 Series 802 11 a b g n ac Hybrid Access Points Copyright 2019 Zyxel Communications Corporation LAN IP Address http 192 168 1 2 OR DHCP assigned User Name admin Password 1234 Version 5 46 Edition 1 04 2019 ...

Page 2: ...A1000 Series and access the Web Configurator CLI Reference Guide The CLI Reference Guide explains how to use the Command Line Interface CLI and CLI commands to configure the NWA1000 Series Note It is recommended you use the Web Configurator to configure the NWA1000 Series Web Configurator Online Help Click the help icon in any screen for help in configuring that screen and supplementary informatio...

Page 3: ...erred to as the NWA1000 Series in this guide Product labels screen names field labels and field choices are all in bold font A right angle bracket within a screen name denotes a mouse click For example Configuration Network IP Setting means you first click Configuration in the navigation panel then the Network sub menu and finally the IP Setting tab to get to that screen Icons Used in Figures Figu...

Page 4: ... Configurator 34 Setup Wizard 46 Dashboard 52 Monitor 58 Network 72 Wireless 78 User 91 AP Profile 98 WDS Profile 117 Certificates 119 System 135 Log and Report 158 File Manager 170 Diagnostics 181 LEDs 183 Antenna Switch 186 Reboot 188 Shutdown 189 Local Management in Cloud Mode 190 Cloud Mode 191 The Web Configurator 193 Dashboard 197 Network 199 Troubleshooting 203 ...

Page 5: ...nagement Modes 16 2 1 Management Mode 16 2 1 1 Mode Changing 16 2 2 Standalone AP Roles 17 2 2 1 Root AP 17 2 2 2 Repeater 18 Chapter 3 Hardware 19 3 1 Standalone Mode LEDs 19 3 1 1 NWA1123 AC PRO 19 3 1 2 NWA1123 ACv2 21 3 1 3 NWA1123 AC HD 21 3 1 4 NWA1302 AC 23 3 2 Cloud Mode LEDs 24 3 2 1 NWA1123 AC PRO 24 3 2 2 NWA1123 ACv2 26 3 2 3 NWA1123 AC HD 26 3 2 4 NWA1302 AC 28 Part I Standalone Confi...

Page 6: ...4 Tables and Lists 43 Chapter 6 Setup Wizard 46 6 1 Accessing the Wizard 46 6 2 Using the Wizard 46 6 2 1 Step 1 Time Settings 46 6 2 2 Step 2 Password and Uplink Connection 47 6 2 3 Step 3 Radio 48 6 2 4 Step 4 SSID 49 6 2 5 Summary 51 Chapter 7 Dashboard 52 7 1 Overview 52 7 1 1 What You Can Do in this Chapter 52 7 2 Dashboard 52 7 2 1 CPU Usage 55 7 2 2 Memory Usage 56 Chapter 8 Monitor 58 8 1 ...

Page 7: ...79 10 3 Rogue AP 82 10 3 1 Add Edit Rogue Friendly List 84 10 4 Load Balancing 85 10 4 1 Disassociating and Delaying Connections 86 10 5 DCS 87 10 6 Technical Reference 88 Chapter 11 User 91 11 1 Overview 91 11 1 1 What You Can Do in this Chapter 91 11 1 2 What You Need To Know 91 11 2 User Summary 92 11 2 1 Add Edit User 92 11 3 Setting 94 11 3 1 Edit User Authentication Timeout Settings 96 Chapt...

Page 8: ...iew 119 14 1 1 What You Can Do in this Chapter 119 14 1 2 What You Need to Know 119 14 1 3 Verifying a Certificate 121 14 2 My Certificates 122 14 2 1 Add My Certificates 123 14 2 2 Edit My Certificates 125 14 2 3 Import Certificates 128 14 3 Trusted Certificates 129 14 3 1 Edit Trusted Certificates 130 14 3 2 Import Trusted Certificates 133 14 4 Technical Reference 134 Chapter 15 System 135 15 1 ...

Page 9: ... 156 Chapter 16 Log and Report 158 16 1 Overview 158 16 1 1 What You Can Do In this Chapter 158 16 2 Email Daily Report 158 16 3 Log Setting 160 16 3 1 Log Setting Screen 161 16 3 2 Edit System Log Settings 162 16 3 3 Edit Remote Server 166 16 3 4 Active Log Summary 167 Chapter 17 File Manager 170 17 1 Overview 170 17 1 1 What You Can Do in this Chapter 170 17 1 2 What you Need to Know 170 17 2 Co...

Page 10: ...verview 188 21 1 1 What You Need To Know 188 21 2 Reboot 188 Chapter 22 Shutdown 189 22 1 Overview 189 22 1 1 What You Need To Know 189 22 2 Shutdown 189 Part II Local Management in Cloud Mode 190 Chapter 23 Cloud Mode 191 23 1 Overview 191 23 2 Ways to Manage the NWA1000 Series 191 23 3 Good Habits for Managing the NWA1000 Series 192 Chapter 24 The Web Configurator 193 24 1 Overview 193 24 2 Acce...

Page 11: ...9 26 2 IP Setting 199 26 3 VLAN 201 Chapter 27 Troubleshooting 203 27 1 Overview 203 27 2 Power Hardware Connections and LED 203 27 3 NWA1000 Series Access and Login 204 27 4 Internet Access 206 27 5 Wireless Connections 207 27 6 Resetting the NWA1000 Series 210 27 7 Getting More Troubleshooting Help 211 Appendix A Importing Certificates 212 Appendix B IPv6 235 Appendix C Customer Support 243 Appe...

Page 12: ...23 AC PRO NWA1123 AC HD NWA1302 AC Supported Wireless Standards IEEE 802 11a IEEE 802 11b IEEE 802 11g IEEE 802 11n IEEE 802 11ac IEEE 802 11a IEEE 802 11b IEEE 802 11g IEEE 802 11n IEEE 802 11ac IEEE 802 11a IEEE 802 11b IEEE 802 11g IEEE 802 11n IEEE 802 11ac IEEE 802 11a IEEE 802 11b IEEE 802 11g IEEE 802 11n IEEE 802 11ac Supported Frequency Bands 2 4 GHz 5 GHz 2 4 GHz 5 GHz 2 4 GHz 5 GHz 2 4 ...

Page 13: ...twork environments 1 2 1 MBSSID A Basic Service Set BSS is the set of devices forming a single wireless network usually an access point and one or more wireless clients The Service Set IDentifier SSID is the name of a BSS In Multiple BSS MBSSID mode the NWA1000 Series provides multiple virtual APs each forming its own BSS and using its own individual SSID profile You can configure multiple SSID pr...

Page 14: ...s means you can configure two different wireless networks to operate simultaneously Note A different channel should be configured for each WLAN interface to reduce the effects of radio interference You could use the 2 4 GHz band for regular Internet surfing and downloading while using the 5 GHz band for time sensitive traffic like high definition video music and gaming ...

Page 15: ...Chapter 1 Introduction NWA1000 Series User s Guide 15 Figure 2 Dual Radio Application ...

Page 16: ...anging This section describes how to change the NWA1000 Series s management mode From Standalone to Cloud To manage your NWA1000 Series via the Zyxel NCC connect the NWA1000 Series to the Internet and register it to a site and organization in the NCC http nebula zyxel com first using its serial number and MAC address or its QR code The serial number MAC address and QR code can be found in the web ...

Page 17: ...s and one SSID for the connection with a repeater repeater SSID Wireless clients can use either SSID to associate with the NWA1000 Series in Root AP mode A repeater must use the repeater SSID to connect to the NWA1000 Series in Root AP mode When the NWA1000 Series is in Root AP mode repeater security between the NWA1000 Series and other repeater is independent of the security between the wireless ...

Page 18: ...e time Z and Y act as repeaters that forward traffic between associated wireless clients and the wired LAN Clients A and B access the AP and the wired network behind the AP through repeaters Z and Y Figure 4 Repeater Application When the NWA1000 Series is in Repeater mode repeater security between the NWA1000 Series and other repeater is independent of the security between the wireless clients and...

Page 19: ...1000 Series can be controlled by using the Suppression feature such that the LEDs stay lit ON or OFF after the device is ready Following are LED descriptions for the NWA1000 Series series models in standalone mode 3 1 1 NWA1123 AC PRO The LEDs will stay ON when the NWA1123 AC PRO is ready You can change this setting in the Maintenance LEDs Suppression screen Figure 5 NWA1123 AC PRO LEDs ...

Page 20: ...itch is set to Ceiling for the radio The 2 4 GHz WLAN is active Amber On The antenna switch is set to Wall for the radio The 2 4 GHz WLAN is active Off The 2 4 GHz WLAN is not active WLAN Green On The antenna switch is set to Ceiling for the radio The 5 GHz WLAN is active Amber On The antenna switch is set to Wall for the radio The 5 GHz WLAN is active Off The 5 GHz WLAN is not active UPLINK Amber...

Page 21: ...cond and green for 1 second alternatively The LED blinks orange and green alternatively when the NWA1000 Series is booting up Green Green Steady On The NWA1000 Series is ready for use and its wireless interface is activated Slow Blinking On for 1 sec Off for 1 sec The wireless module of the NWA1000 Series is disabled or failed Red Steady On The NWA1000 Series failed to boot up or is experience sys...

Page 22: ...nterface is activated and or wireless clients are connected to the NWA1000 Series when it receives power using 802 3af PoE limited power mode Bright Blue Steady On The NWA1000 Series s wireless interface is activated but there are no wireless clients connected when it receives power using IEEE 802 3at PoE plus full power mode White Steady On The NWA1000 Series s wireless interface is activated but...

Page 23: ...oting up Green On Green On The NWA1000 Series is ready for use Slow Blinking On for 1 sec Off for 1 sec The wireless module of the NWA1000 Series is disabled or failed Red On There is system error and the NWA1000 Series cannot boot up or the NWA1000 Series suffered a system failure Fast Blinking On for 50 ms Off for 50 ms The NWA1000 Series is doing firmware upgrade Slow Blinking Blink for 3 times...

Page 24: ...s setting through the NCC Nebula Control Center Figure 9 NWA1123 AC PRO LEDs WLAN Green On The 5 GHz WLAN is active Off The 5 GHz WLAN is not active LAN Amber Green On Amber The port is operating as a 10 100 Mbps connection Green The port is operating as a Gigabit connection 1000 Mbps Blinking The LAN port is sending receiving data through the port Off The LAN port is not connected Table 5 NWA1302...

Page 25: ...f for 1 sec The NWA1000 Series is searching for discovering the NCC WLAN Green On The antenna switch is set to Ceiling for the radio The 2 4 GHz WLAN is active Amber On The antenna switch is set to Wall for the radio The 2 4 GHz WLAN is active Off The 2 4 GHz WLAN is not active WLAN Green On The antenna switch is set to Ceiling for the radio The 5 GHz WLAN is active Amber On The antenna switch is ...

Page 26: ...orange and green alternatively when the NWA1000 Series is booting up Green Amber Blinks amber and green alternatively 3 times and then turns solid green for 3 seconds The NWA1000 Series is discovering the NCC Green Green On The NWA1000 Series is ready for use and its wireless interface is activated Slow Blinking On for 1 sec Off for 1 sec The wireless module of the NWA1000 Series is disabled or fa...

Page 27: ...r using IEEE 802 3at PoE plus full power mode Amber Steady On The NWA1000 Series is ready for use the NWA1000 Series s wireless interface is activated and or wireless clients are connected to the NWA1000 Series when it receives power using 802 3af PoE limited power mode Bright Blue Steady On The NWA1000 Series s wireless interface is activated but there are no wireless clients connected when it re...

Page 28: ...The wireless module of the NWA1000 Series is disabled or failed Red On There is a system error and the NWA1000 Series cannot boot up or the NWA1000 Series suffered a system failure Fast Blinking On for 50 ms Off for 50 ms The NWA1000 Series is doing firmware upgrade Slow Blinking Blink for 3 times Off for 3 sec The Uplink port is disconnected Management Green On The NWA1000 Series is managed by th...

Page 29: ...Hz WLAN is active Off The 5 GHz WLAN is not active LAN Amber Green On Amber The port is operating as a 10 100 Mbps connection Green The port is operating as a Gigabit connection 1000 Mbps Blinking The LAN port is sending receiving data through the port Off The LAN port is not connected Table 9 NWA1302 AC LEDs continued LED COLOR STATUS DESCRIPTION ...

Page 30: ...30 PART I Standalone Configuration ...

Page 31: ...s 4 2 Ways to Manage the NWA1000 Series You can use the following ways to manage the NWA1000 Series Web Configurator The Web Configurator allows easy NWA1000 Series setup and management using an Internet browser This User s Guide provides information about the Web Configurator Command Line Interface CLI The CLI allows you to use text based commands to configure the NWA1000 Series You can access it...

Page 32: ...r configuration file you won t have to totally re configure the NWA1000 Series you can simply restore your last configuration 4 4 Starting and Stopping the NWA1000 Series Here are some of the ways to start and stop the NWA1000 Series Always use Maintenance Shutdown or the shutdown command before you turn off the NWA1000 Series or remove the power Not doing so can cause the firmware to become corru...

Page 33: ...Maintenance Shutdown Shutdown or using the shutdown command writes all cached data to the local storage and stops the system processes Wait for the device to shut down and then manually turn off or remove the power It does not turn off the power Disconnecting the power Power off occurs when you turn off the power to the NWA1000 Series The NWA1000 Series simply turns off It does not stop the system...

Page 34: ...t enabled by default Enable Java permissions enabled by default Enable cookies The recommended screen resolution is 1024 x 768 pixels and higher 5 2 Accessing the Web Configurator 1 Make sure your NWA1000 Series is working in standalone mode see Section 1 2 1 on page 13 and hardware is properly connected See the Quick Start Guide 2 If the NWA1000 Series and your computer are not connected to a DHC...

Page 35: ...based network management system that allows you to remotely manage and monitor the NWA1000 Series in cloud mode see Section 1 2 1 on page 13 5 If you logged in using the default user name and password the Update Admin Info screen appears Otherwise the dashboard appears The Update Admin Info screen appears every time you log in using the default user name and default password If you change the pass...

Page 36: ...bula Mobile app to scan the QR code The NWA1000 Series will be registered and assigned to an existing site organization in the NCC automatically Click OK to close the screen 5 3 Navigating the Web Configurator The following summarizes how to navigate the web configurator from the Dashboard screen This guide uses the NWA1123 AC HD screens as an example The screens may vary slightly for different mo...

Page 37: ...re 14 Title Bar The icons provide the following functions A C B Table 11 Title Bar Web Configurator Icons LABEL DESCRIPTION Logout Click this to log out of the Web Configurator Wizard Click this to open the wizard See Chapter 6 on page 46 for more information Help Click this to open the help page for the current screen About Click this to display basic information about the NWA1000 Series Site Map...

Page 38: ...en a popup window that displays the CLI commands sent by the Web Configurator nebula Click this to open the NCC web site login page in a new tab or window Table 12 About LABEL DESCRIPTION Boot Module This shows the version number of the software that handles the booting process of the NWA1000 Series Current Version This shows the firmware version of the NWA1000 Series Released Date This shows the ...

Page 39: ...f object The following table describes labels that can appear in this screen Table 13 Object References LABEL DESCRIPTION Object Name This identifies the object for which the configuration settings that use it are displayed Click the object s name to display the object s configuration screen in the main window This field is a sequential value and it is not associated with any entry Service This is...

Page 40: ...ick the arrow in the middle of the right edge of the navigation panel to hide the navigation panel menus or drag it to resize them The following sections introduce the NWA1000 Series s navigation panel menus and their screens Priority If it is applicable this field lists the referencing configuration item s position in its list otherwise N A displays Name This field identifies the configuration it...

Page 41: ...tatus Network Status Display general LAN interface information and packet statistics Wireless AP Information Radio List Display information about the radios of the connected APs Station Info Station List Display information about the connected stations WDS Link Info WDS Link Info Display statistics about the NWA1000 Series s WDS Wireless Disctribution System connections Detected Device Detected De...

Page 42: ...icate My Certificates Create and manage th e NWA1000 Series s certificates Trusted Certificates Import and manage certificates from trusted sources System Host Name Host Name Configure the system and domain name for the NWA1000 Series Date Time Date Time Configure the current date time and time zone in the NWA1000 Series WWW Service Control Configure HTTP HTTPS and general authentication SSH SSH C...

Page 43: ...ext to a column heading for more options about how to display the entries The options available vary depending on the type of fields in the column Here are some examples of what you can do Sort in ascending alphabetical order Sort in descending reverse alphabetical order Select which columns to display Group entries by field LEDs Suppression Enable this feature to keep the LEDs off after the NWA10...

Page 44: ...cell s right border and drag to re size the column 4 Select a column heading and drag and drop it to change the column order A green check mark displays next to the column s title when you drag the column to a valid new location 5 Use the icons and fields at the bottom of the table to navigate to different pages of entries and control how many entries display at a time ...

Page 45: ... like the firewall for example you can select an entry and click Add to create a new entry after the selected entry Edit Double click an entry or select it and click Edit to open a screen where you can modify the entry s settings In some tables you can just click a table entry and edit it directly in the table For those types of tables small red triangles display for table entries with changes tha...

Page 46: ... screen to configure the NWA1000 Series s country code time zone and daylight saving time Country Code Select the country where the NWA1000 Series is located Note The country code field is not available and you cannot change the country code if the NWA1000 Series products comply with the U S laws policies and regulations and are to be sold to the U S market Time Zone Select the time zone of your l...

Page 47: ...in order to access the NWA1000 Series s web configurator again Otherwise select Static IP when the NWA1000 Series is NOT connected to a router or you want to assign it a fixed IP address You will need to manually enter the NWA1000 Series s IP address and subnet mask the IP address of the router that helps forward traffic a DNS server s IP address The Domain Name System DNS maps a domain name to an...

Page 48: ...ies automatically choose a radio channel that has least interference Otherwise select Manual and specify a channel the NWA1000 Series will use in the 2 4GHz or 5GHz wireless LAN The options vary depending on the frequency band and the country you are in Maximum Output Power Enter the maximum output power of the NWA1000 Series If there is a high density of APs in an area decrease the output power o...

Page 49: ...atus switch to turn it on or off To change an SSID profile s settings such as the SSID WiFi network name and WiFi password double click the SSID profile entry from the list See Section 6 2 4 1 on page 49 for more information Note You cannot add or remove an SSID profile after running the setup wizard Figure 24 Wizard SSID 6 2 4 1 Edit SSID Profile Use this screen to configure an SSID profile ...

Page 50: ...Not all NWA1000 Seriess support both 2 4 GHz and 5 GHz frequency bands Security Type Select WPA2 to add security on this wireless network Otherwise select OPEN to allow any wireless client to associate this network without authentication PSK Pre shared Key If you set Security Type to WPA2 and select PSK enter a pre shared key of between 8 and 63 case sensitive ASCII characters including spaces and...

Page 51: ...802 1x 6 2 5 Summary Use this screen to check whether what you have configured is correct Click Save to apply your settings and complete the wizard setup Otherwise click Prev to return to the previous screen or click Cancel to close the wizard without saving Figure 27 Wizard Summary ...

Page 52: ...ource usage and interface status You can also display other status screens for more information 7 2 Dashboard This screen is the first thing you see when you log into the NWA1000 Series It also appears every time you click the Dashboard icon in the navigation panel The Dashboard displays general device information system status system resource usage and interface status in widgets that you can re ...

Page 53: ...mware Upgrade This field displays the date and time when the last firmware update was made System Resources CPU Usage This field displays what percentage of the NWA1000 Series s processing capability is currently being used Hover your cursor over this field to display the Show CPU Usage icon that takes you to a chart of the NWA1000 Series s recent CPU usage Memory Usage This field displays what pe...

Page 54: ...nfiguration This occurs when the NWA1000 Series starts for the first time or you intentionally reset the NWA1000 Series to the system default settings Fallback to lastgood configuration The NWA1000 Series was unable to apply the startup config conf configuration file and fell back to the lastgood conf configuration file Fallback to system default configuration The NWA1000 Series was unable to appl...

Page 55: ...er WLAN Interface Status Summary This displays status information for the WLAN interface Status This displays whether or not the WLAN interface is activated MAC Address This displays the MAC address of the radio Radio This indicates the radio number on the NWA1000 Series Band This indicates the wireless frequency band currently being used by the radio This shows when the radio is in monitor mode O...

Page 56: ...ry RAM usage To access this screen click Memory Usage in the dashboard Figure 30 Dashboard Memory Usage Table 20 Dashboard CPU Usage LABEL DESCRIPTION The y axis represents the percentage of CPU usage time The x axis shows the time period over which the CPU usage occurred Refresh Interval Enter how often you want this window to be automatically updated Refresh Now Click this to update the informat...

Page 57: ...Dashboard Memory Usage LABEL DESCRIPTION The y axis represents the percentage of RAM usage time The x axis shows the time period over which the RAM usage occurred Refresh Interval Enter how often you want this window to be automatically updated Refresh Now Click this to update the information in the window right away ...

Page 58: ...Wireless Distribution System connections The Detected Device screen Section 8 7 on page 67 displays information about suspected rogue APs The View Log screen Section 8 8 on page 69 displays the NWA1000 Series s current log messages You can change the way the log is displayed you can e mail the log and you can also clear the log in this screen 8 2 What You Need to Know The following terms and conce...

Page 59: ...and packet statistics To access this screen click Monitor Network Status The screen varies depending on whether the NWA1000 Series has an extra Ethernet port except the uplink port Figure 31 Monitor Network Status for NWA1000 Series with one Ethernet port Figure 32 Monitor Network Status for NWA1000 Series with multiple Ethernet ports ...

Page 60: ...annot use one of these ways to get or to update its IP address this field displays n a Port Statistics Table Poll Interval Enter how often you want this window to be updated automatically and click Set Interval Set Interval Click this to set the Poll Interval the screen uses Stop Click this to stop the window from updating automatically You can start it again by setting the Poll Interval and click...

Page 61: ...e one second interval before the screen updated Up Time This field displays how long the physical port has been connected System Up Time This field displays how long the NWA1000 Series has been running since it last restarted or was turned on Table 22 Monitor Network Status continued LABEL DESCRIPTION Table 23 Monitor Network Status Switch to Graphic View LABEL DESCRIPTION Refresh Interval Enter h...

Page 62: ...epresents traffic transmitted from the NWA1000 Series on the physical port since it was last connected RX This line represents the traffic received by the NWA1000 Series on the physical port since it was last connected Last Update This field displays the date and time the information in the window was last updated Table 23 Monitor Network Status Switch to Graphic View continued LABEL DESCRIPTION T...

Page 63: ...Operating modes are AP MBSSID Root AP or Repeater AP WDS Profile This indicates the AP profile name and WDS profile name to which the radio belongs This field is available only on the NWA1000 Series that supports WDS Profile This indicates the AP profile name to which the radio belongs This field is available only on the NWA1000 Series that doesn t support WDS Frequency Band This indicates the wir...

Page 64: ...he labels in this screen Table 25 Monitor Wireless AP Information Radio List More Information LABEL DESCRIPTION SSID Detail This list shows information about all the wireless clients that have connected to the specified radio over the preceding 24 hours This is the items sequential number in the list It has no bearing on the actual data in this list ...

Page 65: ... per second Time This x axis represents the amount of time over which the data moved across this radio Station Count This graph displays the connected station information of the radio over the preceding 24 hours Stations The y axis represents the number of connected stations Time The x axis shows the time period over which a station was connected Last Update This field displays the date and time t...

Page 66: ...maximum reception rate of the station Association Time This displays the time the station first associated with the NWA1000 Series s wireless network Refresh Click this to refresh the items displayed on this page Table 26 Monitor Wireless Station Info continued LABEL DESCRIPTION Table 27 Monitor Wireless WDS Link Info LABEL DESCRIPTION WDS Uplink Info WDS Downlink Info Uplink refers to the WDS lin...

Page 67: ...ch the NWA1000 Series is connected using WDS Security Mode This indicates which secure encryption methods is being used by the NWA1000 Series to connect to the root AP or repeater using WDS Signal Strength This is the RSSI Received Signal Strength Indicator of the wireless connection in WDS Tx Rate This is the maximum transmission rate of the root AP or repeater to which the NWA1000 Series is conn...

Page 68: ...his shows how many devices are detected as rogue APs Suspected rogue AP This shows how many devices are detected as possible rogue APs by classification rule Friendly AP This shows how many devices are detected as friendly APs Un classified AP This shows how many devices are detected but have not been classified by the NWA1000 Series Detect Now Click this button for the NWA1000 Series to scan for ...

Page 69: ... managing rogue APs see the Configuration Wireless Rogue AP screen Section 10 3 on page 82 Mark as Friendly AP Click this button to mark the selected AP as a friendly AP For more on managing friendly APs see the Configuration Wireless Rogue AP screen Section 10 3 on page 82 This is the detected device s index number in this list Role This indicates the detected device s role such as friendly or ro...

Page 70: ...tion Interface Protocol Keyword and Search fields are available Display Select the category of log message s you want to view You can also view All Logs at one time or you can view the Debug Log Priority This displays when you show the filter Select the priority of log messages to display The log displays the log messages with this priority or higher Choices are any emerg alert crit error warn not...

Page 71: ...ation Log Report Log Settings screen Refresh Click this to update the list of logs Clear Log Click this button to clear the whole log regardless of what is currently displayed on the screen This field is a sequential value and it is not associated with a specific log message Time This field displays the time the log message was recorded Priority This field displays the priority of the log message ...

Page 72: ... IP address of the NWA1000 Series is 192 168 1 2 default but if the NWA1000 Series is assigned an IP address by a DHCP server the default 192 168 1 2 will not be used The gateway and the NWA1000 Series must belong in the same IP subnet to be able to communicate with each other 9 1 1 What You Can Do in this Chapter The IP Setting screen Section 9 2 on page 72 configures the NWA1000 Series s LAN IP ...

Page 73: ...erface Subnet Mask Enter the subnet mask of this interface in dot decimal notation The subnet mask indicates what part of the IP address is the same for all computers in the network Gateway Enter the IP address of the gateway The NWA1000 Series sends packets to the gateway when it does not know how to route the packet to its destination The gateway should be on the same network as the interface DN...

Page 74: ... the LAN interface The NWA1000 Series decides which gateway to use based on this priority The lower the number the higher the priority If two or more gateways have the same priority the NWA1000 Series uses the one that was configured first Enter zero to set the metric to 1024 for IPv6 DHCPv6 Client Select this option to set the NWA1000 Series to act as a DHCPv6 client DUID This field displays the ...

Page 75: ...go to each and every individual port With VLAN all broadcasts are confined to a specific broadcast domain IEEE 802 1Q Tag The IEEE 802 1Q standard defines an explicit VLAN tag in the MAC header to identify the VLAN membership of a frame across bridges A VLAN tag includes the 12 bit VLAN ID and 3 bit user priority The VLAN ID associates a frame with a specific VLAN and provides the information that...

Page 76: ...s field displays the name of the port PVID This field displays the port number of the VLAN ID VLAN Configuration Add Click this to create a new entry For features where the entry s position in the numbered list is important features where the NWA1000 Series applies the table s entries in order like the SSID for example you can select an entry and click Add to create a new entry after the selected ...

Page 77: ...n the NWA1000 Series The NWA1000 Series will try to discover the NCC and go into cloud mode when it is connected to the Internet and has been registered in the NCC If NCC discovery is disabled the NWA1000 Series will not discover the NCC and remain in standalone mode Use Proxy to Access NCC If the NWA1000 Series is behind a proxy server you need to select this option and configure the proxy server...

Page 78: ... use the access point AP to interact with other devices such as the printer or with the Internet Your NWA1000 Series is the AP 10 1 1 What You Can Do in this Chapter The AP Management screen Section 10 2 on page 79 manages the NWA1000 Series s general wireless settings The Rogue AP screen Section 10 3 on page 82 allows you to assign APs either to the rogue AP list or the friendly AP list The Load ...

Page 79: ...utomatically select the radio channel upon which it broadcasts by scanning the area around it and determining what channels are currently being used by other devices Load Balancing Wireless Wireless load balancing is the process where you limit the number of connections allowed on an wireless access point AP or you limit the amount of wireless traffic transmitted and received on it so the AP does ...

Page 80: ...e 48 Configuration Wireless AP Management Each field is described in the following table Table 33 Configuration Wireless AP Management LABEL DESCRIPTION Radio 1 Setting Radio 1 Activate Select the check box to enable the NWA1000 Series s first default radio ...

Page 81: ...between 0 to 30 dBm of the NWA1000 Series in this field If there is a high density of APs in an area decrease the output power of the NWA1000 Series to reduce interference with other APs Note Reducing the output power also reduces the NWA1000 Series s effective broadcast radius MBSSID Settings Edit Double click an entry or select it and click Edit to open a screen where you can modify the entry s ...

Page 82: ...o connect to a root AP or repeater Select Manual to have the NWA1000 Series connect to the root AP or repeater with tbe MAC address specified in the Radio 2 Uplink MAC Address field Max Output Power Enter the maximum output power between 0 to 30 dBm of the NWA1000 Series in this field If there is a high density of APs in an area decrease the output power of the NWA1000 Series to reduce interferenc...

Page 83: ... SSID SSID Keyword of the characteristics an AP should have for the NWA1000 Series to rule it as a Rogue AP Add Click this to add an SSID Keyword Edit Select an SSID Keyword and click this button to modify it Remove Select an existing SSID keyword and click this button to delete it This is the SSID Keyword s index number in this list SSID Keyword This field displays the SSID Keyword Rogue Friendly...

Page 84: ...ist you want to import or click the Browse button to locate it Once the File Path field has been populated click Importing to bring the list into the NWA1000 Series You need to wait a while for the importing process to finish Exporting Click this button to export the current list of either rogue APs or friendly APS Apply Click Apply to save your changes back to the NWA1000 Series Reset Click Reset...

Page 85: ...by the stations connected to the NWA1000 Series Select By Smart Classroom to balance network traffic based on the number of specified stations connected to the NWA1000 Series The NWA1000 Series ignores association request and authentication request packets from any new station when the maximum number of stations is reached If you select By Station Number or By Traffic Level once the threshold is c...

Page 86: ... Classroom Select this option to disassociate wireless clients connected to the AP when it becomes overloaded If you do not enable this option then the AP simply delays the connection until it can afford the bandwidth it requires or it transfers the connection to another AP within its broadcast radius The disassociation priority is determined automatically by the NWA1000 Series and is as follows I...

Page 87: ...arts kicking them in order of highest idle time If no connections are idle the next criteria the NWA1000 Series analyzes is signal strength Devices with the weakest signal strength are kicked first 10 5 DCS Use this screen to configure dynamic radio channel selection Click Configuration Wireless DCS to access this screen Figure 54 Configuration Wireless DCS Each field is described in the following...

Page 88: ...mic channel selection frees the network administrator from this task by letting the AP do it automatically The AP can scan the area around it looking for the channel with the least amount of interference In the 2 4 GHz spectrum each channel from 1 to 13 is broken up into discrete 22 MHz segments that are spaced 5 MHz apart Channel 1 is centered on 2 412 GHz while channel 13 is centered on 2 472 GH...

Page 89: ...dth to the point where each connecting device receives a meager trickle the load balanced AP instead limits the incoming connections as a means to maintain bandwidth integrity There are three kinds of wireless load balancing available on the NWA1000 Series Load balancing by station number limits the number of devices allowed to connect to your AP If you know exactly how many stations you want to l...

Page 90: ...connections are rejected or delayed provided that there are other APs in range Imagine a coffee shop in a crowded business district that offers free wireless connectivity to its customers The coffee shop owner can t possibly know how many connections his AP will have at any given moment As such he decides to put a limit on the bandwidth that is available to his customers but not on the actual numb...

Page 91: ...User Account A user account defines the privileges of a user logged into the NWA1000 Series User accounts are used in controlling access to configuration and services in the NWA1000 Series User Types These are the types of user accounts the NWA1000 Series uses Note The default admin account is always authenticated locally regardless of the authentication method setting Table 38 Types of User Accou...

Page 92: ... an entry or select it and click Edit to open a screen where you can modify the entry s settings Remove To remove an entry select it and click Remove The NWA1000 Series confirms you want to remove it before doing so Object Reference Select an entry and click Object Reference to open a screen that shows which settings use the entry This field is a sequential value and it is not associated with a sp...

Page 93: ... 40 Configuration User User Add Edit A User LABEL DESCRIPTION User Name Type the user name for this user account You may use 1 31 alphanumeric characters underscores _ or dashes but the first character cannot be a number This value is case sensitive User names have to be different than user group names and some words are reserved User Type Select what type of user this is Choices are admin this us...

Page 94: ...er has to renew the current session before the user is logged out You can specify 1 to 1440 minutes You can enter 0 to make the number of minutes unlimited Admin users renew the session every time the main screen refreshes in the Web Configurator Reauthentication Time This field is not available if the user type is user Type the number of minutes this user can be logged into the NWA1000 Series in ...

Page 95: ... specific entry User Type These are the kinds of user account the NWA1000 Series supports admin this user can look at and change the configuration of the NWA1000 Series limited admin this user can look at the configuration of the NWA1000 Series but not to change it user this is used for embedded RADIUS server and SNMPv3 user access Lease Time This is the default lease time in minutes for each type...

Page 96: ...ame or different IP addresses Maximum number per administration account This field is effective when Limit for administration account is checked Type the maximum number of simultaneous logins by each admin user User Lockout Settings Enable logon retry limit Select this check box to set a limit on the number of times each user can login unsuccessfully for example wrong password before the IP addres...

Page 97: ... the number of minutes unlimited Admin users renew the session every time the main screen refreshes in the Web Configurator Access users can renew the session by clicking the Renew button on their screen If you allow access users to renew time automatically the users can select this check box on their screen as well In this case the session is automatically renewed before the lease time expires Re...

Page 98: ... single AP can broadcast up to 8 SSIDs You can have a maximum of 32 SSID profiles on the NWA1000 Series Security This profile type defines the security settings used by a single SSID It controls the encryption method required for a wireless client to associate itself with the SSID You can have a maximum of 32 security profiles on the NWA1000 Series MAC Filtering This profile provides an additional...

Page 99: ...ty methods for both the authentication of wireless stations and encryption key management Authentication is done using an external RADIUS server 12 2 Radio This screen allows you to create radio profiles for the NWA1000 Series A radio profile is a list of settings that an NWA1000 Series can use to configure its radio transmitter s To access this screen click Configuration Object AP Profile Note Yo...

Page 100: ...file This field is a sequential value and it is not associated with a specific user Status This field shows whether or not the entry is activated A yellow bulb signifies that this rule is active A gray bulb signifies that this rule is not active Profile Name This field indicates the name assigned to the radio profile Frequency Band This field indicates the frequency band which this radio profile i...

Page 101: ... Profile The following table describes the labels in this screen Table 44 Configuration Object AP Profile Add Edit Profile LABEL DESCRIPTION Hide Show Advanced Settings Click this to hide or show the Advanced Settings in this window General Settings Activate Select this option to make this profile active ...

Page 102: ...terference This option is available only when you select 11ac in the 802 11 Band field Channel Selection This is the radio channel which the signal will use for broadcasting by this radio profile DCS Choose Dynamic Channel Selection to have the NWA1000 Series choose a radio channel that has least interference Manual Choose from the available radio channels in the list If your NWA1000 Series is out...

Page 103: ...annel is selected or any one of the previously selected channels is not supported Channel ID This field is available only when you set Channel Selection to DCS and set 5 GHz Channel Selection Method to manual Select the channels that you want the NWA1000 Series to use Time Interval Select this option to have the NWA1000 Series survey the other APs within its broadcast radius at the end of the spec...

Page 104: ...ain The interval tells receiving devices on the network how long they can wait in low power mode before waking up to handle the beacon A high value helps save current consumption of the access point DTIM Delivery Traffic Indication Message DTIM is the time period after which broadcast and multicast packets are transmitted to mobile clients in the Active Power Management mode A high DTIM value can ...

Page 105: ...ile after running the setup wizard Figure 64 Configuration Object AP Profile SSID SSID List Default Transmission Mode Specify how the NWA1000 Series handles wireless multicast traffic Select Multicast to Unicast to broadcast wireless multicast traffic to all of the wireless clients as unicast traffic Unicast traffic dynamically changes the data rate based on the application s bandwidth requirement...

Page 106: ...tton is not available after you configure the NWA1000 Series using the wizard Object Reference Click this to view which other objects are linked to the selected SSID profile for example radio profile This field is a sequential value and it is not associated with a specific user Profile Name This field indicates the name assigned to the SSID profile SSID This field indicates the SSID name as it app...

Page 107: ...he network to wireless clients Enter up to 32 characters spaces and underscores are allowed Security Profile Select a security profile from this list to associate with this SSID If none exist you can use the Create new Object menu to create one Note It is highly recommended that you create security profiles for all of your SSIDs to enhance your network security MAC Filtering Profile Select a MAC f...

Page 108: ...meaning all other access categories take precedence over this one If traffic from an SSID does not have strict throughput requirements then this access category is recommended For example an SSID that only has network printers connected to it Rate Limiting Downlink Define the maximum incoming transmission data rate either in mbps or kbps on a perstation basis Uplink Define the maximum outgoing tra...

Page 109: ... and set whether the SSID is enabled or disabled on each day of the week You also need to select the hour and minute in 24 hour format to specify the time period of each day during which the SSID is enabled enabled OK Click OK to save your changes back to the NWA1000 Series Cancel Click Cancel to exit this screen without saving your changes Table 46 Configuration Object AP Profile Add Edit SSID Pr...

Page 110: ...1000 Series User s Guide 110 Note This screen s options change based on the Security Mode selected Only the default screen is displayed here Figure 68 Configuration Object AP Profile SSID Security List Add Edit Security Profile ...

Page 111: ...inistrator instructs you to do so with additional information Accounting Share Secret Enter a password up to 128 alphanumeric characters as the key to be shared between the external accounting server and the NWA1000 Series The key must be the same on the external accounting server and your NWA1000 Series The key is not sent over the network Accounting Interim Update This field is available only wh...

Page 112: ...e recent development over TKIP and considerably more robust Not all wireless clients may support this Idle Timeout Enter the interval in seconds that a client can be idle before authentication is discontinued Group Key Update Timer Enter the interval in seconds at which the AP updates the group WPA2 encryption key Management Frame Protection This field is available only when you select wpa2 in the...

Page 113: ...s screen click the Add button or select a MAC filter profile from the list and click the Edit button Note Each MAC filtering profile can include a maximum of 512 MAC addresses Table 49 Configuration Object AP Profile SSID MAC Filter List LABEL DESCRIPTION Add Click this to add a new MAC filtering profile Edit Click this to edit the selected MAC filtering profile Remove Click this to remove the sel...

Page 114: ...r up to 31 alphanumeric characters for the profile name This name is only visible in the Web Configurator and is only for management purposes Spaces and underscores are allowed Filter Action Select allow to permit the wireless client with the MAC addresses in this profile to connect to the network through the associated SSID select deny to block the wireless clients with the specified MAC addresse...

Page 115: ...sers on your wireless networks to access To access this screen click Configuration Object AP Profile SSID Layer 2 Isolation List Figure 72 Configuration Object AP Profile SSID Layer 2 Isolation List The following table describes the labels in this screen Table 51 Configuration Object AP Profile SSID Layer 2 Isolation List LABEL DESCRIPTION Add Click this to add a new MAC filtering profile Edit Cli...

Page 116: ...EL DESCRIPTION Profile Name Enter up to 31 alphanumeric characters for the profile name This name is only visible in the Web Configurator and is only for management purposes Spaces and underscores are allowed Add Click this to add a MAC address to the profile s list Edit Click this to edit the selected MAC address in the profile s list Remove Click this to remove the selected MAC address from the ...

Page 117: ...and create WDS profiles that can be used by the APs To access this screen click Configuration Object WDS Profile Figure 74 Configuration Object WDS Profile The following table describes the labels in this screen Table 53 Configuration Object WDS Profile LABEL DESCRIPTION Add Click this to add a new profile Edit Click this to edit the selected profile Remove Click this to remove the selected profil...

Page 118: ...Configuration Object WDS Profile Add Edit WDS Profile LABEL DESCRIPTION Profile Name Enter up to 31 alphanumeric characters for the profile name WDS SSID Enter the SSID with which you want the NWA1000 Series to connect to a root AP or repeater to form a WDS Pre Shared Key Enter a pre shared key of between 8 and 63 case sensitive ASCII characters including spaces and symbols or 64 hexadecimal chara...

Page 119: ...n be made openly available The other key is private and must be kept secure These keys work like a handwritten signature in fact certificates are often referred to as digital signatures Only you can write your signature exactly as it should look When people know what your signature looks like they can verify whether something was signed by you or by someone else In the same way your private key wr...

Page 120: ...icates Certificates offer the following benefits The NWA1000 Series only has to store the certificates of the certification authorities that you decide to trust no matter how many devices you need to authenticate Key distribution is simple and very secure since you can freely distribute public keys and you never need to transmit private keys Self signed Certificates You can have the NWA1000 Series...

Page 121: ...0 Series you should verify that you have the correct certificate You can do this using the certificate s fingerprint A certificate s fingerprint is a message digest calculated using the MD5 or SHA1 algorithm The following procedure describes how to check a certificate s fingerprint to verify that you have the actual certificate 1 Browse to where you have the certificate saved on your computer 2 Ma...

Page 122: ...your certificates To remove an entry select it and click Remove The NWA1000 Series confirms you want to remove it before doing so Subsequent certificates move up by one when you take this action Object Reference You cannot delete certificates that any of the NWA1000 Series s features are configured to use Select an entry and click Object Reference to open a screen that shows which settings use the...

Page 123: ... issuing certification authority such as a common name organizational unit or department organization or company and country With self signed certificates this is the same information as in the Subject field Valid From This field displays the date that the certificate becomes applicable Valid To This field displays the date that the certificate expires The text displays in red and includes an Expi...

Page 124: ...rs You can use alphanumeric characters the hyphen and the underscore State Province Identify the state or province where the certificate owner is located You can use up to 31 characters You can use alphanumeric characters the hyphen and the underscore Country Identify the nation where the certificate owner is located You can use up to 31 characters You can use alphanumeric characters the hyphen an...

Page 125: ...rollment Protocol SCEP is a TCP based enrollment protocol that was developed by VeriSign and Cisco Certificate Management Protocol CMP is a TCP based enrollment protocol that was developed by the Public Key Infrastructure X 509 working group of the Internet Engineering Task Force IETF and is specified in RFC 2510 CA Server Address This field applies when you select Create a certification request a...

Page 126: ...Chapter 14 Certificates NWA1000 Series User s Guide 126 Figure 78 Configuration Object Certificate My Certificates Edit ...

Page 127: ...enerated by the NWA1000 Series Subject This field displays information that identifies the owner of the certificate such as Common Name CN Organizational Unit OU Organization O State ST and Country C Issuer This field displays identifying information about the certificate s issuing certification authority such as Common Name Organizational Unit Organization and Country With self signed certificate...

Page 128: ... request into a certification authority s web page an e mail that you send to the certification authority or a text editor and save the file on a management computer for later manual enrollment You can copy and paste a certificate into an e mail to send to friends or colleagues or you can copy and paste a certificate into a text editor and save the file on a management computer for later distribut...

Page 129: ...us you do not need to import any certificate that is signed by one of these certificates Table 58 Configuration Object Certificate My Certificates Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it You cannot import a certificate with the same name as a certificate that is already in the NWA1000 Series Browse Click Browse...

Page 130: ... doing so Subsequent certificates move up by one when you take this action Object Reference You cannot delete certificates that any of the NWA1000 Series s features are configured to use Select an entry and click Object Reference to open a screen that shows which settings use the entry This field displays the certificate index number The certificates are listed in alphabetical order Name This fiel...

Page 131: ... NWA1000 Series User s Guide 131 certification authority s list of revoked certificates before trusting a certificate issued by the certification authority Figure 81 Configuration Object Certificate Trusted Certificates Edit ...

Page 132: ...r TCP that specifies how clients access directories of certificates and lists of revoked certificates Address Type the IP address in dotted decimal notation of the directory server Port Use this field to specify the LDAP server port number You must use the same server port number that the directory server uses 389 is the default server port number for LDAP ID The NWA1000 Series may need to authent...

Page 133: ... the certificate For example Subject Type CA means that this is a certification authority s certificate and Path Length Constraint 1 means that there can only be one certification authority in the certificate s path MD5 Fingerprint This is the certificate s message digest that the NWA1000 Series calculated using the MD5 algorithm You can use this value to verify with the certification authority ov...

Page 134: ... The first is real time status information The second is a reduction in network traffic since the NWA1000 Series only gets information on the certificates that it needs to verify not a huge list When the NWA1000 Series requests certificate status information the OCSP server returns a expired current or unknown response Table 61 Configuration Object Certificate Trusted Certificates Import LABEL DES...

Page 135: ... securely accessing the NWA1000 Series s command line interface The Telnet screen Section 15 6 on page 152 configures Telnet for accessing the NWA1000 Series s command line interface The FTP screen Section 15 7 on page 153 specifies FTP server settings You can upload and download the NWA1000 Series s firmware and configuration files using FTP Please also see Chapter 17 on page 170 for more informa...

Page 136: ... System Host Name LABEL DESCRIPTION System Name Choose a descriptive name to identify your NWA1000 Series device This name can be up to 64 alphanumeric characters long Spaces are not allowed but dashes underscores _ and periods are accepted System Location Specify the name of the place where the NWA1000 Series is located You can enter up to 60 alphanumeric and characters Spaces and underscores are...

Page 137: ... new time and date time zone and daylight saving at the same time the time zone and daylight saving will affect the new time and date you entered When you enter the time settings manually the NWA1000 Series uses the new setting once you click Apply New Time hh mm ss This field displays the last updated time from the time server or the last time configured manually When you set Time and Date Setup ...

Page 138: ...March and type 2 in the at field Daylight Saving Time starts in the European Union on the last Sunday of March All of the time zones in the European Union start using Daylight Saving Time at the same moment 1 A M GMT or UTC So in the European Union you would select Last Sunday March The time you type in the at field depends on your time zone In Germany for instance you would type 2 because Germany...

Page 139: ...ned NTP time servers have been tried 15 3 2 Time Server Synchronization Click the Sync Now button to get the time and date from the time server you specified in the Time Server Address field When the Loading message appears you may have to wait up to one minute Figure 85 Loading The Current Time and Current Date fields will display the appropriate settings if the synchronization is successful If t...

Page 140: ...nd FTP management access are not secure Figure 86 Secure and Insecure Service Access From the WAN 15 4 1 Service Access Limitations A service cannot be used to access the NWA1000 Series when you have disabled that service in the corresponding screen 15 4 2 System Timeout There is a lease timeout for administrators The NWA1000 Series automatically logs you out if the management session remains idle...

Page 141: ...0 Series must always authenticate itself to the HTTPS client the computer which requests the HTTPS connection with the NWA1000 Series whereas the HTTPS client only should authenticate itself when the HTTPS server requires it to do so select Authenticate Client Certificates in the WWW screen Authenticate Client Certificates is optional and if selected means the HTTPS client must send the NWA1000 Se...

Page 142: ... 8443 as the URL Authenticate Client Certificates Select Authenticate Client Certificates optional to require the SSL client to authenticate itself to the NWA1000 Series by sending the NWA1000 Series a certificate To do that the SSL client must have a CA signed certificate from a CA that has been imported as a trusted CA on the NWA1000 Series Server Certificate Select a certificate the HTTPS serve...

Page 143: ... Alert Dialog Box Google Chrome Select Advanced Proceed to 192 168 1 2 unsafe to proceed to the Web Configurator login screen 15 4 5 2 Mozilla Firefox Warning Messages When you attempt to access the NWA1000 Series HTTPS server a Warning screen appears as shown in the following screen Click Learn More if you want to verify more information about the certificate from the NWA1000 Series Click Advance...

Page 144: ...elf signed certificate import the self signed certificate into your operating system as a trusted certificate To have the browser trust the certificates issued by a certificate authority import the certificate authority s certificate into your operating system as a trusted certificate Refer to Appendix A on page 212 for details 15 4 5 4 Enrolling and Importing SSL Client Certificates The SSL clien...

Page 145: ...certificate s and a password to install the personal certificate s 15 4 5 5 Installing a Personal Certificate You need a password in advance The CA may issue the password or you may have to specify it during the enrollment Double click the personal certificate given to you by the CA to produce a screen similar to the one shown next 1 Click Next to begin the wizard ...

Page 146: ...ser s Guide 146 2 The file name and path of the certificate you double clicked should automatically appear in the File name text box Click Browse if you wish to import a different certificate 3 Enter the password given to you by the CA ...

Page 147: ...ificate should be saved on your computer or select Place all certificates in the following store and choose a different location 5 Click Finish to complete the wizard and begin the import process 6 You should see the following screen when the certificate is correctly installed on your computer ...

Page 148: ... to send to the NWA1000 Series This screen displays even if you only have a single certificate as in the example 3 You next see the Web Configurator login screen 15 5 SSH You can use SSH Secure SHell to securely access the NWA1000 Series s command line interface SSH is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between...

Page 149: ...3 How SSH v1 Works Example 1 Host Identification The SSH client sends a connection request to the SSH server The server identifies itself with a host key The client encrypts a randomly generated session key with the host key and server key and sends the result back to the server The client automatically saves any new server public keys In subsequent connections the server public key is checked aga...

Page 150: ...g SSH You must install an SSH client program on a client computer Windows or Linux operating system that is used to connect to the NWA1000 Series over SSH 15 5 4 Configuring SSH Click Configuration System SSH to open the following screen Use this screen to configure your NWA1000 Series s Secure Shell settings Note It is recommended that you disable Telnet and FTP when you configure SSH for secure ...

Page 151: ...lient to accept connection using SSH version 2 3 A window displays prompting you to store the host key in you computer Click Yes to continue Figure 95 SSH Example 1 Store Host Key Enter the password to log in to the NWA1000 Series The CLI screen displays next 15 5 5 2 Example 2 Linux This section describes how to access the NWA1000 Series using the OpenSSH client program that comes with most Linux...

Page 152: ...WA1000 Series Type yes and press ENTER Then enter the password to log in to the NWA1000 Series Figure 97 SSH Example 2 Log in 3 The CLI screen displays next 15 6 Telnet You can use Telnet to access the NWA1000 Series s command line interface Click Configuration System TELNET to configure your NWA1000 Series for remote Telnet access Use this screen to enable or disable Telnet and set the server por...

Page 153: ...same port number in order to use that service for remote management Apply Click Apply to save your changes back to the NWA1000 Series Reset Click Reset to return the screen to its last saved settings Table 68 Configuration System FTP LABEL DESCRIPTION Enable Select the check box to allow or disallow the computer with the IP address that matches the IP address es in the Service Control table to acc...

Page 154: ...s perform network management functions It executes applications that control and monitor managed devices The managed devices contain object variables managed objects that define each piece of information to be collected about a device Examples of variables include such as number of packets received node port status etc A Management Information Base MIB is a collection of managed objects SNMP allow...

Page 155: ...u can download the NWA1000 Series s MIBs from www zyxel com 15 8 2 SNMP Traps The NWA1000 Series will send traps to the SNMP manager when any one of the following events occurs 15 8 3 Configuring SNMP To change your NWA1000 Series s SNMP settings click Configuration System SNMP tab The screen appears as shown Use this screen to configure your SNMP settings You can also configure user profiles that...

Page 156: ...etNext requests from the management station The default is public and allows all requests Set Community Enter the Set community which is the password for incoming Set requests from the management station The default is private and allows all requests SNMPv3 Select this to allow SNMP managers using SNMPv3 to access the NWA1000 Series Add Click this to create a new entry Select an entry and click Ad...

Page 157: ...e encrypted by MD5 for authentication Select SHA to require the SNMPv3 user s password be encrypted by SHA for authentication Privacy Select the type of encryption the SNMPv3 user must use to connect to the NWA1000 Series using this SNMPv3 user profile Select NONE to not encrypt the SNMPv3 communications Select DES to use DES to encrypt the SNMPv3 communications Select AES to use AES to encrypt th...

Page 158: ...g screens Section 16 3 on page 160 specify which logs are e mailed where they are e mailed and how often they are e mailed 16 2 Email Daily Report Use this screen to start or stop data collection and view various statistics about traffic passing through your NWA1000 Series Note Data collection may decrease the NWA1000 Series s traffic throughput rate Click Configuration Log Report Email Daily Repo...

Page 159: ...ort Email Daily Report The following table describes the labels in this screen Table 72 Configuration Log Report Email Daily Report LABEL DESCRIPTION Enable Email Daily Report Select this to send reports by e mail every day Mail Server Type the name or IP address of the outgoing SMTP server ...

Page 160: ...encrypt the communications Mail Server Port Enter the same port number here as is on the mail server for mail traffic Mail Subject Type the subject line for the outgoing e mail Select Append system name to add the NWA1000 Series s system name to the subject Select Append date time to add the NWA1000 Series s system date and time to the subject Mail From Type the e mail address from which the outgo...

Page 161: ...e following table describes the labels in this screen Table 73 Configuration Log Report Log Setting LABEL DESCRIPTION Edit Double click an entry or select it and click Edit to open a screen where you can modify the entry s settings Activate To turn on an entry select it and click Activate Inactivate To turn off an entry select it and click Inactivate This field is a sequential value and it is not ...

Page 162: ...the format of the log Internal system log you can view the log on the View Log tab VRPT Syslog Zyxel s Vantage Report syslog compatible format CEF Syslog Common Event Format syslog compatible format Summary This field is a summary of the settings for each log Active Log Summary Click this button to open the Active Log Summary screen Apply Click this button to save your changes activate and deactiv...

Page 163: ...Chapter 16 Log and Report NWA1000 Series User s Guide 163 Figure 105 Configuration Log Report Log Setting Edit System Log Setting ...

Page 164: ...ype the e mail address to which alerts are delivered Sending Log Select how often log information is e mailed Choices are When Full Hourly and When Full Daily and When Full and Weekly and When Full Day for Sending Log This field is available if the log is e mailed weekly Select the day of the week the log is e mailed Time for Sending Log This field is available if the log is e mailed weekly or dai...

Page 165: ...eck mark create log messages alerts and debugging information from this category the NWA1000 Series does not e mail debugging information however even if this setting is selected E mail Server 1 Select whether each category of events should be included in the log messages when it is e mailed green check mark and or in alerts red exclamation point for the e mail settings specified in E Mail Server ...

Page 166: ...de 166 16 3 3 Edit Remote Server This screen controls the settings for each log in the remote server syslog Select a remote server entry in the Log Setting screen and click the Edit icon Figure 106 Configuration Log Report Log Setting Edit Remote Server ...

Page 167: ...different files in the syslog server Please see the documentation for your syslog program for more information Active Log Selection Use the Selection drop down list to change the log settings for all of the log categories disable all logs red X do not send the remote server logs for any log category enable normal logs green check mark send the remote server log messages and alerts for all log cate...

Page 168: ...mmary System log Use the System Log drop down list to change the log settings for all of the log categories disable all logs red X do not log any information for any category for the system log or e mail any logs to e mail server 1 or 2 enable normal logs green check mark create log messages and alerts for all categories for the system log If e mail server 1 or 2 also has normal logs enabled the N...

Page 169: ...ges generated by open source software System log Select which events you want to log by Log Category There are three choices disable all logs red X do not log any information from this category enable normal logs green checkmark create log messages and alerts from this category enable normal logs and debug logs yellow check mark create log messages alerts and debugging information from this catego...

Page 170: ...6 checks your current firmware version and uploads firmware to the NWA1000 Series The Shell Script screen Section 17 4 on page 178 stores names downloads uploads and runs shell script files 17 1 2 What you Need to Know The following terms and concepts may help as you read this chapter Configuration Files and Shell Scripts When you apply a configuration file the NWA1000 Series uses the factory defa...

Page 171: ...ou apply a configuration file or run a shell script the NWA1000 Series processes the file line by line The NWA1000 Series checks the first line and applies the line if no errors are detected Then it continues with the next line If the NWA1000 Series finds an error it stops applying the configuration file or shell script and generates a log You can change the way a configuration file or shell scrip...

Page 172: ...config conf the NWA1000 Series checks it for errors and applies it If there are no errors the NWA1000 Series uses it and copies it to the lastgood conf configuration file as a back up file If there is an error the NWA1000 Series generates a log and copies the startup config conf configuration file to the startup config bad conf configuration file and tries the existing lastgood conf configuration ...

Page 173: ...licate of the configuration file Remove Click a configuration file s row to select it and click Remove to delete it from the NWA1000 Series You can only delete manually saved configuration files You cannot delete the system default conf startup config conf and lastgood conf files A pop up window asks you to confirm that you want to delete the configuration file Click OK to delete the configuration...

Page 174: ...n file s errors and starts the NWA1000 Series with a fully valid configuration file Click OK to have the NWA1000 Series start applying the configuration file or click Cancel to close the screen This column displays the number for each configuration file entry This field is a sequential value and it is not associated with a specific address The total number of configuration files that you can save ...

Page 175: ...WA1000 Series to your computer Type get followed by the name of the configuration file This examples uses get startup config conf Last Modified This column displays the date and time that the individual configuration files were last changed or saved Upload Configuration File The bottom part of the screen allows you to upload a new or previously saved configuration file from your computer to your N...

Page 176: ...es Do not turn off or reset the NWA1000 Series while the firmware update is in progress C ftp 192 168 1 2 Connected to 192 168 1 2 220 Welcome to Pure FTPd privsep TLS 220 You are user number 1 of 5 allowed 220 Local time is now 21 28 Server port 21 220 This is a private system No anonymous login 220 You will be disconnected after 600 minutes of inactivity User 192 168 1 2 none admin 331 User admi...

Page 177: ...quires the NWA1000 Series s firmware Download the firmware package from www zyxel com and unzip it The firmware file uses a bin extension for example 525ABEL0C0 bin Do the following after you have obtained the firmware file 1 Connect your computer to the NWA1000 Series Table 79 Maintenance File Manager Firmware Package LABEL DESCRIPTION Boot Module This is the version of the boot module that is cu...

Page 178: ... prompt 17 4 Shell Script Use shell script files to have the NWA1000 Series use commands that you specify Use a text editor to create the shell script files They must use a zysh filename extension Click Maintenance File Manager Shell Script to open this screen Use the Shell Script screen to store name download upload and run shell script files You can store multiple shell script files on the NWA10...

Page 179: ...oad to save the configuration to your computer Copy Use this button to save a duplicate of a shell script file on the NWA1000 Series Click a shell script file s row to select it and click Copy to open the Copy File screen Specify a name for the duplicate file Use up to 25 characters including a zA Z0 9 _ Click OK to save the duplicate or click Cancel to close the screen without saving a duplicate ...

Page 180: ...er s Guide 180 Browse Click Browse to find the zysh file you want to upload Upload Click Upload to begin the upload process This process may take up to several minutes Table 80 Maintenance File Manager Shell Script continued LABEL DESCRIPTION ...

Page 181: ...es s configuration and diagnostic information if you need to provide it to customer support during troubleshooting 18 2 Diagnostics This screen provides an easy way for you to generate a file containing the NWA1000 Series s configuration and diagnostic information You may need to generate this file and send it to customer support during troubleshooting Click Maintenance Diagnostics to open the Dia...

Page 182: ...ic Collect Category This field displays each category of settings Select which categories you want the NWA1000 Series to include in the diagnostic file Customized Select this option to obtain the diagnostic information for configuration which is not included in a pre defined category Script If you select the Customized option select a shell script file from the drop down list You can upload a new ...

Page 183: ... in the network 19 2 Suppression Screen The LED Suppression feature allows you to control how the LEDs of your NWA1000 Series behave after it s ready The default LED suppression setting of your AP is different depending on your NWA1000 Series model You can go to the Maintenance LEDs Suppression screen to see the default LED behavior and change the LED suppression setting After you make changes in ...

Page 184: ...inutes While the locator is running the Turn On button will gray out and return after it s finished If you make changes to the time default setting it will be stored as the default when the NWA1000 Series restarts Note The Locator feature is not affected by the Suppression setting To access this screen click Maintenance LEDs Locator Figure 115 Maintenance LEDs Locator Table 82 Maintenance LED Supp...

Page 185: ... The Locator function will show the actual location of the NWA1000 Series between several devices in the network Otherwise click Turn Off to disable the locator feature Automatically Extinguish After Enter a time interval between 1 and 60 minutes to stop the locator LED from blinking Default is 10 minutes Apply Click Apply to save changes in this screen Refresh Click Refresh to update the informat...

Page 186: ...urator the command line interface CLI or a physical switch Check Table 1 on page 12 to see if your NWA1000 Series has an antenna switch Figure 116 NWA1000 Series Physical Antenna Switch Note With the physical antenna switch you apply the same antenna orientation settings to both radios You can set the radios to have different settings while using the web configurator or the command line interface ...

Page 187: ...Control option to use the Web configurator to adjust coverage depending on each radio s antenna orientation for better coverage Select Wall if you mount the NWA1000 Series to a wall Select Ceiling if the NWA1000 Series is mounted on a ceiling You can switch from Wall to Ceiling if there are still wireless dead zones and vice versa ...

Page 188: ... you reboot Otherwise the changes are lost when you reboot Reboot is different to reset reset returns the device to its default configuration 21 2 Reboot This screen allows remote users can restart the device To access this screen click Maintenance Reboot Figure 118 Maintenance Reboot Click the Reboot button to restart the NWA1000 Series Wait a few minutes until the login screen appears If the log...

Page 189: ...ow Shutdown writes all cached data to the local storage and stops the system processes Shutdown is different to reset reset returns the device to its default configuration 22 2 Shutdown To access this screen click Maintenance Shutdown Figure 119 Maintenance Shutdown Click the Shutdown button to shut down the NWA1000 Series Wait for the device to shut down before you manually turn off or remove the...

Page 190: ...190 PART II Local Management in Cloud Mode ...

Page 191: ...the NCC s AP Monitor Access Point screen or the connected gateway for the NWA1000 Series s current LAN IP address Alternatively disconnect the gateway or disable its DHCP server function and use the NWA1000 Series s default static LAN IP address 192 168 1 2 23 2 Ways to Manage the NWA1000 Series You can use the following ways to manage the NWA1000 Series If you need to change the NWA1000 Series s ...

Page 192: ...u can remotely manage and monitor the NWA1000 Series through a cloud based network management system See the NCC User s Guide for more information 23 3 Good Habits for Managing the NWA1000 Series Do the following things regularly to make the NWA1000 Series more secure and to manage it more effectively Change the system password through the NCC often Use a password that s not easy to guess and that...

Page 193: ...puter s IP address is in the same subnet as the NWA1000 Series s IP address 3 Browse to http NWA1000 Series s IP address See Section 23 1 on page 191 for more information 4 The Login screen appears 5 Enter the user name default admin and password default 1234 If the NWA1000 Series is being managed or has been managed by the NCC check the NCC s Site Wide Configure General setting screen for the NWA...

Page 194: ...arts A Title Bar B Navigation Panel C Main Window 24 3 1 Title Bar The title bar provides some useful links that always appear over the screens below regardless of how deep into the Web Configurator you navigate Figure 121 Title Bar The icons provide the following functions A C B Table 84 Title Bar Web Configurator Icons LABEL DESCRIPTION Logout Click this to log out of the Web Configurator Help C...

Page 195: ...e of the right edge of the navigation panel to hide the navigation panel menus or drag it to resize them The following sections introduce the NWA1000 Series s navigation panel menus and their screens Figure 123 Navigation Panel Table 85 About LABEL DESCRIPTION Boot Module This shows the version number of the software that handles the booting process of the NWA1000 Series Current Version This shows...

Page 196: ...n page 197 Configuration Menu Use the configuration menu screens to configure the NWA1000 Series s features 24 3 3 Warning Messages Warning messages such as those resulting from misconfiguration display in a pop up window Figure 124 Warning Message Table 86 Configuration Menu Screens Summary FOLDER OR LINK TAB FUNCTION Network IP Setting Configure the IP address for the NWA1000 Series Ethernet int...

Page 197: ...is screen is the first thing you see when you log into the NWA1000 Series It also appears every time you click the Dashboard icon in the navigation panel The Dashboard displays general AP information and client information in widgets that you can re arrange to suit your needs You can also collapse refresh and close individual widgets Figure 125 Dashboard The following table describes the labels in...

Page 198: ...is shows Not activated if the wireless LAN is disabled Ethernet This field displays whether the NWA1000 Series s Ethernet port is connected and the IP address of the gateway to which the NWA1000 Series is connected Internet This field displays whether the NWA1000 Series is connecting to the Internet Nebula Connectivity Status This field displays whether the NWA1000 Series can connect to the Zyxel ...

Page 199: ... Series The gateway IP address is 192 168 1 1 and the managed IP address of the NWA1000 Series is 192 168 1 2 default but if the NWA1000 Series is assigned an IP address by a DHCP server the default 192 168 1 2 will not be used The gateway and the NWA1000 Series must belong in the same IP subnet to be able to communicate with each other 26 1 1 What You Can Do in this Chapter The IP Setting screen ...

Page 200: ...P address is the same for all computers in the network Gateway Enter the IP address of the gateway The NWA1000 Series sends packets to the gateway when it does not know how to route the packet to its destination The gateway should be on the same network as the interface DNS Server IP Address Enter the IP address of the DNS server Use Proxy to Access Internet If the NWA1000 Series is behind a proxy...

Page 201: ...rk performance by limiting broadcasts to a smaller and more manageable logical broadcast domain In traditional switched environments all broadcast packets go to each and every individual port With VLAN all broadcasts are confined to a specific broadcast domain IEEE 802 1Q Tag The IEEE 802 1Q standard defines an explicit VLAN tag in the MAC header to identify the VLAN membership of a frame across b...

Page 202: ...n Network VLAN LABEL DESCRIPTION VLAN Settings Management VLAN ID Enter a VLAN ID for the NWA1000 Series Untagged Tagged Set whether the NWA1000 Series adds the VLAN ID to outbound traffic transmitted through its Ethernet port Apply Click Apply to save your changes back to the NWA1000 Series Reset Click Reset to return the screen to its last saved settings ...

Page 203: ... the NWA1000 Series or a PoE power injector switch 2 Make sure the power adaptor or PoE power injector switch is connected to the NWA1000 Series and plugged in to an appropriate power source Make sure the power source is turned on 3 Disconnect and re connect the power adaptor or PoE power injector switch 4 Inspect your cables for damage Contact the vendor to replace any damaged cables 5 If none of...

Page 204: ...eries s current LAN IP address I cannot see or access the Login screen in the web configurator 1 Make sure you are using the correct IP address The default IP address in standalone mode is 192 168 1 2 If you changed the IP address use the new IP address If you changed the IP address and have forgotten it see the troubleshooting suggestions for I forgot the IP address for the NWA1000 Series If the ...

Page 205: ...but I cannot log in to the NWA1000 Series 1 Make sure you have entered the user name and password correctly The default password is 1234 This fields are case sensitive so make sure Caps Lock is not on 2 You cannot log in to the web configurator while someone is using Telnet to access the NWA1000 Series Log out of the NWA1000 Series in the other session or ask the person who is logged in to log out...

Page 206: ...nnection is not available anymore 1 Check the hardware connections and make sure the LED is behaving as expected See the Quick Start Guide and Section 3 1 on page 19 or Section 3 1 on page 19 2 Reboot the NWA1000 Series 3 If the problem continues contact your ISP The Internet connection is slow or intermittent 1 There might be a lot of traffic on the network Look at the LED and check Section 3 1 o...

Page 207: ... both the NWA1000 Series and your computer are using the same wireless and wireless security settings Hackers have accessed my WEP encrypted wireless LAN WEP is extremely insecure Its encryption can be broken by an attacker using widely available software It is strongly recommended that you use a more effective security mechanism Use the strongest security mechanism that all the wireless devices i...

Page 208: ...rds Exporting a PKCS 12 file creates this and you must provide it to decrypt the contents when you import the file into the NWA1000 Series Note Be careful not to convert a binary file to text during the transfer process It is easy for this to occur since many programs use text files by default I can only see newer logs Older logs are missing When a log reaches the maximum number of log messages ne...

Page 209: ...e as effective In the Monitor Wireless AP Information Radio List screen there is no load balancing indicator associated with any APs assigned to the load balancing task Check to be sure that the AP profile which contains the load balancing settings is correctly assigned to the APs in question The load balancing task may have been terminated because further load balancing on the APs in question is ...

Page 210: ...ies by any method or you forget the administrator password s you can reset the NWA1000 Series to its factory default settings Any configuration files or shell scripts that you saved on the NWA1000 Series should still be available afterwards Use the following procedure to reset the NWA1000 Series to its factory default settings This overwrites the settings in the startup config conf file with the s...

Page 211: ... blink This usually takes about ten seconds 3 Release the RESET button and wait for the NWA1000 Series to restart You should be able to access the NWA1000 Series using the default settings 27 7 Getting More Troubleshooting Help Search for support information for your model at www zyxel com for more troubleshooting suggestions ...

Page 212: ...such as the NWA1000 Series issue their own public key certificates These can be used by web browsers on a LAN or WAN to verify that they are in fact connecting to the legitimate device and not one masquerading as it However because the certificates were not issued by one of the several organizations officially recognized by the most common web browsers you will need to import the Zyxel created cer...

Page 213: ...ing Certificates NWA1000 Series User s Guide 213 Export a Certificate 1 If your device s Web Configurator is set to use SSL certification then the first time you browse to it you are presented with a certification error ...

Page 214: ...Appendix A Importing Certificates NWA1000 Series User s Guide 214 2 Click Advanced Proceed to x x x x unsafe 3 In the Address Bar click Not Secure Certificate Invalid ...

Page 215: ...Appendix A Importing Certificates NWA1000 Series User s Guide 215 4 In the Certificate dialog box click Details Copy to File 5 In the Certificate Export Wizard click Next ...

Page 216: ...dix A Importing Certificates NWA1000 Series User s Guide 216 6 Select the format and settings you want to use and then click Next 7 Type a filename and specify a folder to save the certificate in Click Next ...

Page 217: ...the Certificate Export Wizard screen click Finish 9 Finally click OK when presented with the successful certificate export message Import a Certificate After storing the certificate in your computer you need to import it in trusted root certification authorities using the following steps ...

Page 218: ...orting Certificates NWA1000 Series User s Guide 218 1 Open your browser click the menu icon and click Settings 2 Scroll down and click Advanced to expand the menu Under Privacy and security click Manage certificates ...

Page 219: ...ting Certificates NWA1000 Series User s Guide 219 3 In the Certificates pop up screen click Trusted Root Certification Authorities Click Import to start the Certificate Import Wizard 4 Click Next and then click Browse ...

Page 220: ...Appendix A Importing Certificates NWA1000 Series User s Guide 220 5 Select the certificate file you want to import and click Open 6 Click Next ...

Page 221: ...Appendix A Importing Certificates NWA1000 Series User s Guide 221 7 Confirm the settings displayed and click Finish 8 If presented with a security warning click Yes ...

Page 222: ...e notified of the successful import Install a Stand Alone Certificate File Rather than installing a public key certificate using browser settings you can install a stand alone certificate file if one has been issued to you 1 Double click the public key certificate file 2 Click Install Certificate ...

Page 223: ...Certificates NWA1000 Series User s Guide 223 3 Click Next on the first wizard screen click Place all certificates in the following store and click Browse 4 Select Trusted Root Certificate Authorities OK and then click Next ...

Page 224: ...Appendix A Importing Certificates NWA1000 Series User s Guide 224 5 Confirm the information shown on the final wizard screen and click Finish 6 If presented with a security warning click Yes ...

Page 225: ...de 225 7 Finally click OK when you are notified of the successful import Remove a Certificate in Google Chrome This section shows you how to remove a public key certificate in Google Chrome on Windows 7 1 Open your browser click the menu icon and click Settings ...

Page 226: ...ificates NWA1000 Series User s Guide 226 2 Scroll down and click Advanced to expand the menu Under Privacy and security click Manage certificates 3 In the Certificates pop up screen click Trusted Root Certification Authorities ...

Page 227: ...ove 5 Click Yes when you see the following warning message 6 Confirm the details displayed in the warning message and click Yes Firefox The following example uses Mozilla Firefox on Windows 7 You first have to store the certificate in your computer and then install it as a Trusted Root CA as shown in the following tutorials ...

Page 228: ...1000 Series User s Guide 228 Export a Certificate 1 If your device s Web Configurator is set to use SSL certification then the first time you browse to it you are presented with a certification error Click Advanced 2 Click View Certificate ...

Page 229: ...00 Series User s Guide 229 3 Click Details Export 4 Type a filename and click Save Import a Certificate After storing the certificate in your computer you need to import it in trusted root certification authorities using the following steps ...

Page 230: ...A Importing Certificates NWA1000 Series User s Guide 230 1 Open Firefox and click Tools Options 2 In the Options page click Privacy and Security scroll to the bottom of the page and then click View Certificates ...

Page 231: ...Appendix A Importing Certificates NWA1000 Series User s Guide 231 3 In the Certificate Manager click Authorities Import 4 Use the Select File dialog box to locate the certificate and then click Open ...

Page 232: ... NWA1000 Series User s Guide 232 5 Select Trust this CA to identify websites and click OK Removing a Certificate in Firefox This section shows you how to remove a public key certificate in Firefox 1 Open Firefox and click Tools Options ...

Page 233: ... User s Guide 233 2 In the Options page click Privacy and Security scroll to the bottom of the page and then click View Certificates 3 In the Certificate Manager click Authorities and select the certificate you want to remove Click Delete or Distrust ...

Page 234: ...orting Certificates NWA1000 Series User s Guide 234 4 In the following dialog box click OK 5 The next time you go to the web site that issued the public key certificate you just removed a certification error appears ...

Page 235: ...0 1a2f 0015 2001 db8 1a2f 0 0 15 or 2001 db8 0 0 1a2f 15 Prefix and Prefix Length Similar to an IPv4 subnet mask IPv6 uses an address prefix to represent the network address An IPv6 prefix length specifies how many most significant bits start from the left in the address compose the network address The prefix length is written as x where x is a number For example 2001 db8 1a2b 15 1a2f 0 32 means t...

Page 236: ...lowing table describes some of the predefined multicast addresses The following table describes the multicast addresses which are reserved and can not be assigned to a multicast group Table 91 Predefined Multicast Address MULTICAST ADDRESS DESCRIPTION FF01 0 0 0 0 0 0 1 All hosts on a local node FF01 0 0 0 0 0 0 2 All routers on a local node FF02 0 0 0 0 0 0 1 All hosts on a local connected link F...

Page 237: ...and automatically generated Unlike DHCPv6 Dynamic Host Configuration Protocol version six which is used in IPv6 stateful autoconfiguration the owner and status of addresses don t need to be maintained by a DHCP server Every IPv6 device is able to generate its own and unique IP address automatically when IPv6 is initiated on its interface It combines the prefix and the interface ID generated from i...

Page 238: ...rver S2 For an IA_TA the client may send a Renew or Rebind message at the client s discretion DHCP Relay Agent A DHCP relay agent is on the same network as the DHCP clients and helps forward messages between the DHCP server and clients When a client cannot use its link local address and a well known multicast address to locate a DHCP server on its network it then needs a DHCP relay agent to send a...

Page 239: ...on message to check if the address is unique If there is an address to be resolved or verified the NWA1000 Series also sends out a neighbor solicitation message When the NWA1000 Series receives a neighbor advertisement in response it stores the neighbor s link layer address in the neighbor cache When the NWA1000 Series uses a router solicitation message to query for a router and receives a router ...

Page 240: ...le Enabling IPv6 on Windows XP 2003 Vista By default Windows XP and Windows 2003 support IPv6 This example shows you how to use the ipv6 install command on Windows XP 2003 to enable IPv6 This also displays how to use the ipconfig command to see auto generated IP addresses IPv6 is installed and enabled by default in Windows Vista Use the ipconfig command to check your automatic configured IPv6 addr...

Page 241: ... DHCPv6 Client Install as service 3 Select Start Control Panel Administrative Tools Services 4 Double click Dibbler a DHCPv6 client 5 Click Start and then OK 6 Now your computer can obtain an IPv6 address from a DHCPv6 server Example Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer To enable IPv6 in Windows 7 ...

Page 242: ...ct Start All Programs Accessories Command Prompt 6 Use the ipconfig command to check your dynamic IPv6 address This example shows a global address 2001 b021 2d 1000 obtained from a DHCP server C ipconfig Windows IP Configuration Ethernet adapter Local Area Connection Connection specific DNS Suffix IPv6 Address 2001 b021 2d 1000 Link local IPv6 Address fe80 25d8 dcab c80a 5189 11 IPv4 Address 172 1...

Page 243: ...ion Please have the following information ready when you contact an office Required Information Product model and serial number Warranty Information Date that you received your device Brief description of the problem and the steps you took to solve it Corporate Headquarters Worldwide Taiwan Zyxel Communications Corporation https www zyxel com Asia China Zyxel Communications Shanghai Corp Zyxel Com...

Page 244: ...ilippines Zyxel Philippines http www zyxel com ph Singapore Zyxel Singapore Pte Ltd http www zyxel com sg Taiwan Zyxel Communications Corporation https www zyxel com tw zh Thailand Zyxel Thailand Co Ltd https www zyxel com th th Vietnam Zyxel Communications Corporation Vietnam Office https www zyxel com vn vi Europe Belarus Zyxel BY https www zyxel by Belgium Zyxel Communications B V https www zyx...

Page 245: ...enmark Zyxel Communications A S https www zyxel com dk da Estonia Zyxel Estonia https www zyxel com ee et Finland Zyxel Communications https www zyxel com fi fi France Zyxel France https www zyxel fr Germany Zyxel Deutschland GmbH https www zyxel com de de Hungary Zyxel Hungary SEE https www zyxel com hu hu Italy Zyxel Communications Italy https www zyxel com it it Latvia Zyxel Latvia https www zy...

Page 246: ...land Zyxel Communications Poland https www zyxel com pl pl Romania Zyxel Romania https www zyxel com ro ro Russia Zyxel Russia https www zyxel com ru ru Slovakia Zyxel Communications Czech s r o organizacna zlozka https www zyxel com sk sk Spain Zyxel Communications ES Ltd https www zyxel com es es Sweden Zyxel Communications https www zyxel com se sv Switzerland Studerus AG https www zyxel ch de ...

Page 247: ...merica Argentina Zyxel Communications Corporation https www zyxel com co es Brazil Zyxel Communications Brasil Ltda https www zyxel com br pt Colombia Zyxel Communications Corporation https www zyxel com co es Ecuador Zyxel Communications Corporation https www zyxel com co es South America Zyxel Communications Corporation https www zyxel com co es Middle East Israel Zyxel Communications Corporatio...

Page 248: ...munications Corporation https www zyxel com me en North America USA Zyxel Communications Inc North America Headquarters https www zyxel com us en Oceania Australia Zyxel Communications Corporation https www zyxel com au en Africa South Africa Nology Pty Ltd https www zyxel com za en ...

Page 249: ...user s authority to operate the device This product has been tested and complies with the specifications for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This device generates uses and can radiate radio frequency energy and if not installed and used according to th...

Page 250: ...y indicated If the product with 5G wireless function operating in 5250 5350 MHz and 5470 5725 MHz the following attention must be paid For devices with detachable antenna s the maximum antenna gain permitted for devices in the bands 5250 5350 MHz and 5470 5725 MHz shall be such that the equipment still complies with the e i r p limit Le présent appareil est conforme aux CNR d Industrie Canada appl...

Page 251: ...source de rayonnement et votre corps Cet équipement est conforme aux limites d exposition aux rayonnements IC établies pour un environnement non contrôlé Cet équipement doit être installé et utilisé avec un minimum de 22 cm NWA1123 AC HD de distance entre la source de rayonnement et votre corps Caution i the device for operation in the band 5150 5250 MHz is only for indoor use to reduce the potent...

Page 252: ... the radio equipment and your body The maximum RF power operating for each band as follows The band 2 400 to 2 483 5 MHz is 97 274 mW The bands 5 150 MHz to 5 350 MHz is 198 61 mW The 5 470 MHz to 5 725 MHz is 995 40 mW NWA1123 AC PRO This equipment should be installed and operated with a minimum distance of 20 cm between the radio equipment and your body The maximum RF power operating for each ba...

Page 253: ...non viene installato all interno del proprio fondo l utilizzo di prodotti Wireless LAN richiede una Autorizzazione Generale Consultare http www sviluppoeconomico gov it per maggiori dettagli Latviešu valoda Latvian Ar šo Zyxel deklarē ka iekārtas atbilst Direktīvas 2014 53 EU būtiskajām prasībām un citiem ar to saistītajiem noteikumiem National Restrictions The outdoor usage of the 2 4 GHz band re...

Page 254: ...ter or cord is prohibited Contact your local vendor to order a new one Do not use the device outside and make sure all the connections are indoors There is a remote risk of electric shock from lightning CAUTION Risk of explosion if battery is replaced by an incorrect type dispose of used batteries according to the instruction Dispose them at the applicable collection point for the recycling of ele...

Page 255: ...ise au rebut la collecte séparée de votre produit et ou de sa batterie aidera à économiser les ressources naturelles et protéger l environnement et la santé humaine Il simbolo sotto significa che secondo i regolamenti locali il vostro prodotto e o batteria deve essere smaltito separatamente dai rifiuti domestici Quando questo prodotto raggiunge la fine della vita di servizio portarlo a una stazion...

Page 256: ... its discretion repair or replace the defective products or components without charge for either parts or labor and to whatever extent it shall deem necessary to restore the product or components to proper operating condition Any replacement will consist of a new or re manufactured functionally equivalent product of equal or higher value and will be solely at the discretion of Zyxel This warranty ...

Page 257: ...nd or GPL like licenses Open source licenses are provided with the firmware package You can download the latest firmware at www zyxel com If you cannot find it there contact your vendor or Zyxel Technical Support at support zyxel com tw To obtain the source code covered under those Licenses please contact your vendor or Zyxel Technical Support at support zyxel com tw ...

Page 258: ... Revocation List CRL 120 vs OCSP 134 certificates 119 advantages of 120 and CA 120 and FTP 153 and HTTPS 141 and SSH 151 and WWW 142 certification path 120 127 132 expired 120 factory default 120 file formats 120 fingerprints 128 133 importing 123 not used for encryption 120 revoked 120 self signed 120 124 serial number 127 132 storage space 122 130 thumbprint algorithms 121 thumbprints 121 used f...

Page 259: ...r 249 domain name 136 dual radios 14 dual radio application 15 dynamic channel selection 79 E e mail daily statistics report 158 encryption 18 ESSID 207 Extended Service Set IDentification 98 F FCC interference statement 249 file extensions configuration files 170 shell scripts 170 file manager 170 Firefox 34 193 firmware and restart 176 boot module see boot module current version 53 177 getting u...

Page 260: ... address 236 J Java permissions 34 193 JavaScripts 34 193 K key pairs 119 L lastgood conf 172 174 layer 2 isolation 114 example 114 MAC 115 LED suppression 183 LEDs 19 24 Blinking 20 23 25 28 Flashing 20 21 23 25 28 load balancing 79 Locator LED 184 log messages categories 165 167 168 169 debugging 69 regular 69 types of 69 logout Web Configurator 37 194 logs e mail profiles 160 e mailing log mess...

Page 261: ...ct 256 remote management FTP see FTP Telnet 152 WWW see WWW reports daily 158 daily e mail 158 reset 210 vs reboot 188 vs shutdown 189 RESET button 32 210 restart 188 RF interference 14 RFC 2510 Certificate Management Protocol or CMP 125 Rivest Shamir and Adleman public key algorithm RSA 124 root AP 12 RSA 124 132 133 RSSI threshold 104 S SCEP Simple Certificate Enrollment Protocol 125 screen reso...

Page 262: ...tus bar 43 196 warning message popup 43 196 stopping the device 32 supported browsers 34 193 syslog 162 167 syslog servers see also logs system log see logs system name 53 136 system uptime 54 system default conf 174 T Telnet 152 with SSH 151 time 136 time servers default 139 trademarks 249 Transport Layer Security TLS 153 troubleshooting 181 Trusted Certificates see also certificates 129 U upgrad...

Page 263: ...s 34 193 requirements 34 193 supported browsers 34 193 web configurator 13 WEP Wired Equivalent Privacy 99 wireless channel 207 wireless client 79 Wireless Distribution System WDS 18 wireless LAN 207 Wireless network overview 78 wireless network example 78 wireless profile 98 layer 2 isolation 98 MAC filtering 98 radio 98 security 98 SSID 98 wireless repeater 12 wireless security 13 207 wireless s...

Reviews:

No comments