manualshive.com logo in svg

ZyXEL Communications NWA1123-ACv2, User Manual

Share
Download
ZyXEL Communications NWA1123-ACv2 User Manual Download Page 85

 Chapter 8 AP Profile

NWA1123-ACv2 User’s Guide

85

Key Length

Select the bit-length of the encryption key to be used in WEP connections.

If you select 

WEP-64

Enter 10 hexadecimal digits in the range of “A-F”, “a-f” and “0-9” (for example, 

0x11AA22BB33) for each 

Key

 used.

or 

Enter 5 ASCII characters (case sensitive) ranging from “a-z”, “A-Z” and “0-9” (for 

example, MyKey) for each 

Key

 used.

If you select 

WEP-128

:

Enter 26 hexadecimal digits in the range of “A-F”, “a-f” and “0-9” (for example, 

0x00112233445566778899AABBCC) for each 

Key

 used.

or

Enter 13 ASCII characters (case sensitive) ranging from “a-z”, “A-Z” and “0-9” (for 

example, MyKey12345678) for each 

Key

 used.

Key 1~4

Based on your 

Key Length

 selection, enter the appropriate length hexadecimal or 

ASCII key.

WPA2/WPA2-Mix Authentication Settings

PSK

This field is available when you select the 

wpa2

, or 

wpa2-mix 

security mode.

Select this option to use a Pre-Shared Key with WPA2 encryption.

Pre-Shared Key

Enter a pre-shared key of between 8 and 63 case-sensitive ASCII characters (including 
spaces and symbols) or 64 hexadecimal characters.

Cipher Type

Select an encryption cipher type from the list. 

auto

 - This automatically chooses the best available cipher based on the cipher in 

use by the wireless client that is attempting to make a connection.

aes

 - This is the Advanced Encryption Standard encryption method. It is a more 

recent development over TKIP and considerably more robust. Not all wireless clients 

may support this.

Idle Timeout

Enter the interval (in seconds) that a client can be idle before authentication is 
discontinued. 

Group Key Update 
Timer

Enter the interval (in seconds) at which the AP updates the group WPA2 encryption key.

Management Frame 
Protection

This field is available only when you select 

wpa2

 in the 

Security Mode

 field and set 

Cipher Type

 to 

aes

.

Data frames in 802.11 WLANs can be encrypted and authenticated with WEP, WPA or 
WPA2. But 802.11 management frames, such as beacon/probe response, association 
request, association response, de-authentication and disassociation are always 
unauthenticated and unencrypted. IEEE 802.11w Protected Management Frames allows 
APs to use the existing security mechanisms (encryption and authentication methods 
defined in IEEE 802.11i WPA/WPA2) to protect management frames. This helps prevent 
wireless DoS attacks.

Select the check box to enable management frame protection (MFP) to add security to 
802.11 management frames.

Select 

Optional

 if you do not require the wireless clients to support MFP. Management 

frames will be encrypted if the clients support MFP.

Select 

Required

 and wireless clients must support MFP in order to join the NWA’s 

wireless network.

OK

Click 

OK

 to

 

save your changes back to the NWA.

Cancel

Click 

Cancel

 to exit this screen without saving your changes.

Table 39   

SSID > Security Profile > Add/Edit Security Profile (continued)

LABEL

DESCRIPTION

Summary of Contents for NWA1123-ACv2

Page 1: ...2 802 11ac Dual Radio Ceiling Mount PoE Access Point Version 4 26 Edition 1 07 2016 Copyright 2016 ZyXEL Communications Corporation User s Guide Default Login Details LAN IP Address DHCP assigned IP o...

Page 2: ...e Related Documentation Quick Start Guide The Quick Start Guide shows how to connect the NWA and access the Web Configurator CLI Reference Guide The CLI Reference Guide explains how to use the Command...

Page 3: ...ction 11 The Web Configurator 18 Technical Reference 29 Dashboard 30 Monitor 36 Network 49 Wireless 53 User 65 AP Profile 72 MON Profile 91 WDS Profile 95 Certificates 97 System 114 Log and Report 139...

Page 4: ...e the NWA 15 1 3 Good Habits for Managing the NWA 15 1 4 Hardware Connections 15 1 5 LED 16 1 6 Starting and Stopping the NWA 17 Chapter 2 The Web Configurator 18 2 1 Overview 18 2 2 Access 18 2 3 Nav...

Page 5: ...Device 44 4 8 View Log 45 Chapter 5 Network 49 5 1 Overview 49 5 1 1 What You Can Do in this Chapter 49 5 2 IP Setting 49 5 3 VLAN 51 Chapter 6 Wireless 53 6 1 Overview 53 6 1 1 What You Can Do in thi...

Page 6: ...82 8 5 MAC Filter List 86 8 5 1 Add Edit MAC Filter Profile 86 8 6 Layer 2 Isolation List 87 8 6 1 Add Edit Layer 2 Isolation Profile 89 Chapter 9 MON Profile 91 9 1 Overview 91 9 1 1 What You Can Do...

Page 7: ...WW Overview 119 12 4 1 Service Access Limitations 119 12 4 2 System Timeout 119 12 4 3 HTTPS 120 12 4 4 Configuring WWW Service Control 120 12 4 5 HTTPS Example 122 12 5 SSH 129 12 5 1 How SSH Works 1...

Page 8: ...age 158 14 3 1 Example of Firmware Upload Using FTP 159 14 4 Shell Script 160 Chapter 15 Diagnostics 163 15 1 Overview 163 15 1 1 What You Can Do in this Chapter 163 15 2 Diagnostics 163 Chapter 16 LE...

Page 9: ...ogin 170 19 4 Internet Access 171 19 5 Wireless Connections 172 19 6 Resetting the NWA 175 19 7 Getting More Troubleshooting Help 175 Appendix A Importing Certificates 176 Appendix B IPv6 189 Appendix...

Page 10: ...10 PART I User s Guide...

Page 11: ...The embedded Web based configurator enables simple straightforward management and maintenance See the Quick Start Guide for how to make hardware connections 1 1 1 MBSSID A Basic Service Set BSS is the...

Page 12: ...l Radio The NWA is equipped with dual wireless radios This means you can configure two different wireless networks to operate simultaneously Note A different channel should be configured for each WLAN...

Page 13: ...peaters X and Y to extend the range of its wireless network at the same time In the figure below both clients A B and C can access the wired network through the root AP Figure 3 Root AP Application On...

Page 14: ...lso establish wireless connections with wireless clients Using Repeater mode your NWA can extend the range of the WLAN In the figure below the NWA in Repeater mode Z has a wireless connection to the N...

Page 15: ...col SNMP The NWA can be monitored by an SNMP manager See the SNMP chapter in this User s Guide 1 3 Good Habits for Managing the NWA Do the following things regularly to make the NWA more secure and to...

Page 16: ...ED descriptions for your NWA Table 1 NWA LED COLOR STATUS DESCRIPTION Amber Slow Blinking On for 1s Off for 1s The NWA is booting up Green Off Amber Off The NWA is ready for use Green Off Amber Off Th...

Page 17: ...e NWA powers up checks the hardware and starts the system processes Rebooting the NWA A warm start without powering down and powering up again occurs when you use the Reboot button in the Reboot scree...

Page 18: ...4 0 and later versions or Google Chrome 10 0 and later versions Allow pop up windows Enable JavaScript enabled by default Enable Java permissions enabled by default Enable cookies The recommended scr...

Page 19: ...the Update Admin Info screen appears Otherwise the dashboard appears The Update Admin Info screen appears every time you log in using the default user name and default password If you change the pass...

Page 20: ...ways appear over the screens below regardless of how deep into the Web Configurator you navigate Figure 7 Title Bar The icons provide the following functions A C B Table 3 Title Bar Web Configurator I...

Page 21: ...en a screen where you can check which configuration items reference an object CLI Click this to open a popup window that displays the CLI commands sent by the Web Configurator Table 4 About LABEL DESC...

Page 22: ...de 22 Figure 9 Site Map Object Reference Click Object Reference to open the Object Reference screen Select the type of object and the individual object and click Refresh to show which configuration se...

Page 23: ...introduce the NWA s navigation panel menus and their screens Table 5 Object References LABEL DESCRIPTION Object Name This identifies the object for which the configuration settings that use it are dis...

Page 24: ...mary FOLDER OR LINK TAB FUNCTION Network Status Network Status Display general LAN interface information and packet statistics Wireless AP Information Radio List Display information about the radios o...

Page 25: ...WDS profiles that can be used to connect to different APs in WDS Certificate My Certificates Create and manage the NWA s certificates Trusted Certificates Import and manage certificates from trusted s...

Page 26: ...eading to sort the table s entries according to that column s criteria 2 Click the down arrow next to a column heading for more options about how to display the entries The options available vary depe...

Page 27: ...order and drag to re size the column 4 Select a column heading and drag and drop it to change the column order A green check mark displays next to the column s title when you drag the column to a vali...

Page 28: ...ION Add Click this to create a new entry For features where the entry s position in the numbered list is important features where the NWA applies the table s entries in order like the firewall for exa...

Page 29: ...29 PART II Technical Reference...

Page 30: ...em resource usage and interface status You can also display other status screens for more information 3 2 Dashboard This screen is the first thing you see when you log into the NWA It also appears eve...

Page 31: ...to open the screen where you can change it System Location This field displays the location of the NWA Click the icon to open the screen where you can change it Model Name This field displays the mod...

Page 32: ...s of the discovered device Click the IP address to access and manage the discovered device using its web configurator MAC This field displays the MAC address of the discovered device WDS Wireless Dist...

Page 33: ...hput decreases and has just one transmitting radio chain It always shows Full if the NWA does not support power detection At the time of writing only the WAC6500 series APs support the power detection...

Page 34: ...radio number on the NWA Band This indicates the wireless frequency band currently being used by the radio This shows when the radio is in monitor mode OP Mode This indicates the radio s operating mod...

Page 35: ...axis represents the percentage of CPU usage time The x axis shows the time period over which the CPU usage occurred Refresh Interval Enter how often you want this window to be automatically updated R...

Page 36: ...the NWA s WDS Wireless Distribution System connections The Detected Device screen Section 4 7 on page 44 displays information about suspected rogue APs The View Log screen Section 4 8 on page 45 displ...

Page 37: ...e Ethernet interface is disabled Down The Ethernet interface is enabled but not connected Speed Duplex The Ethernet interface is enabled and connected This field displays the port speed and duplex set...

Page 38: ...d Speed Duplex The physical port is connected This field displays the port speed and duplex setting Full or Half TxPkts This field displays the number of packets transmitted from the NWA on the physic...

Page 39: ...window to be automatically updated Refresh Now Click this to update the information in the window right away Switch to Grid View Click this to display the port statistics as a table bps The y axis rep...

Page 40: ...load balancing is disabled or the radio is in monitor mode MAC Address This displays the MAC address of the radio Radio This indicates the radio number on the NWA to which it belongs OP Mode This indi...

Page 41: ...Chapter 4 Monitor NWA1123 ACv2 User s Guide 41 Figure 21 Monitor Wireless AP Information Radio List More Information...

Page 42: ...ht maximum BSSID This displays a BSSID associated with this radio The BSSID is tied to the SSID Security Mode This displays the security mode in which the SSID is operating VLAN This displays the VLAN...

Page 43: ...o This is the radio number on the NWA to which the station is connected SSID Name This indicates the name of the wireless network to which the station is connected A single AP can have multiple SSIDs...

Page 44: ...d When the NWA is in repeater mode and connected to a root AP and other repeater s both the uplink and downlink information would be displayed This is the index number of the root AP or repeater in th...

Page 45: ...ed AP as a friendly AP For more on managing friendly APs see the Configuration Wireless MON Mode screen Section 6 3 on page 57 This is the detected device s index number in this list Status This indic...

Page 46: ...ges new log messages automatically overwrite existing log messages starting with the oldest existing log message first Events that generate an alert as well as a log message display in red Regular log...

Page 47: ...lter Select a service protocol whose log messages you would like to see Keyword This displays when you show the filter Type a keyword to look for in the Message Source Destination and Note fields If a...

Page 48: ...later Destination Interface This field displays the destination interface of the packet that generated the log message Protocol This field displays the service protocol in the event that generated the...

Page 49: ...e possible setup of your NWA The gateway IP address is 192 168 1 1 and the managed IP address of the NWA is 192 168 1 2 default but if the NWA is assigned an IP address by a DHCP server the default 19...

Page 50: ...this interface in dot decimal notation The subnet mask indicates what part of the IP address is the same for all computers in the network Gateway Enter the IP address of the gateway The NWA sends pack...

Page 51: ...ion Metric Enter the priority of the gateway if any on the LAN interface The NWA decides which gateway to use based on this priority The lower the number the higher the priority If two or more gateway...

Page 52: ...of a frame across bridges A VLAN tag includes the 12 bit VLAN ID and 3 bit user priority The VLAN ID associates a frame with a specific VLAN and provides the information that devices need to process t...

Page 53: ...ess clients use the access point AP to interact with other devices such as the printer or with the Internet Your NWA is the AP 6 1 1 What You Can Do in this Chapter The AP Management screen Section 6...

Page 54: ...o automatically select the radio channel upon which it broadcasts by scanning the area around it and determining what channels are currently being used by other devices Load Balancing Wireless Wireles...

Page 55: ...Chapter 6 Wireless NWA1123 ACv2 User s Guide 55 Figure 31 Configuration Wireless AP Management...

Page 56: ...t be working Radio 1 WDS Profile This field is available only when the radio is in Root AP or Repeater mode Select the WDS profile the radio uses to connect to a root AP or repeater Uplink Selection M...

Page 57: ...apply a 5G AP radio profile to radio 2 Otherwise the second radio will not be working Radio 2 WDS Profile This field is available only when the radio is in Root AP or Repeater mode Select the WDS pro...

Page 58: ...click the Edit button MAC Address This field indicates the AP s radio MAC address Description This field displays the AP s description You can modify this by clicking the Edit button Importing Export...

Page 59: ...eless Load Balancing to access this screen Figure 34 Configuration Wireless Load Balancing Table 26 Configuration Wireless MON Mode Add Edit Rogue Friendly AP List LABEL DESCRIPTION MAC Enter the MAC...

Page 60: ...to automatically attempt to connect to another less burdened AP if one is available Max Station Number Enter the threshold number of stations at which the NWA begins load balancing its connections Tr...

Page 61: ...can afford the bandwidth or the laptop is picked up by a different AP with bandwidth to spare Figure 35 Delaying a Connection The second response your AP can take is to kick the connections that are...

Page 62: ...onfiguration options and manually change the channel to one that no other AP is using or at least a channel that has a lower level of interference in order to give the connected stations a minimum deg...

Page 63: ...nd the three so called safe channels 1 6 and 11 that interference becomes inevitable the severity of it is dependent upon other factors proximity to the affected AP signal strength activity and so on...

Page 64: ...when the AP is overloaded Load balancing by traffic level limits the number of connections to the AP based on maximum bandwidth available If you are uncertain as to the exact number of wireless conne...

Page 65: ...his chapter User Account A user account defines the privileges of a user logged into the NWA User accounts are used in controlling access to configuration and services in the NWA User Types These are...

Page 66: ...select it and click Edit to open a screen where you can modify the entry s settings Remove To remove an entry select it and click Remove The NWA confirms you want to remove it before doing so Object R...

Page 67: ...er a user bob but use BOB when connecting via CIFS or FTP it will use the account settings used for BOB not bob User names have to be different than user group names Here are the reserved user names T...

Page 68: ...ke sure you have entered it correctly Description Enter the description of each user if any You can use up to 60 printable ASCII characters Default descriptions are provided Authentication Timeout Set...

Page 69: ...t associated with a specific entry User Type These are the kinds of user account the NWA supports admin this user can look at and change the configuration of the NWA limited admin this user can look a...

Page 70: ...or different IP addresses Maximum number per administration account This field is effective when Limit for administration account is checked Type the maximum number of simultaneous logins by each adm...

Page 71: ...e number of minutes unlimited Admin users renew the session every time the main screen refreshes in the Web Configurator Access users can renew the session by clicking the Renew button on their screen...

Page 72: ...le AP can broadcast up to 8 SSIDs You can have a maximum of 32 SSID profiles on the NWA Security This profile type defines the security settings used by a single SSID It controls the encryption method...

Page 73: ...nhanced security methods for both the authentication of wireless stations and encryption key management Authentication is done using an external RADIUS server 8 2 Radio This screen allows you to creat...

Page 74: ...rofile This field is a sequential value and it is not associated with a specific user Status This field shows whether or not the entry is activated A yellow bulb signifies that this rule is active A g...

Page 75: ...n Table 35 Configuration Object AP Profile Add Edit Profile LABEL DESCRIPTION Hide Show Advanced Settings Click this to hide or show the Advanced Settings in this window General Settings Activate Sele...

Page 76: ...only when you select 11ac in the 802 11 Band field Channel Selection This is the radio channel which the signal will use for broadcasting by this radio profile DCS Choose Dynamic Channel Selection to...

Page 77: ...nterval reduces data transfer rates but also reduces interference Enable A MPDU Aggregation Select this to enable A MPDU aggregation This field is not available if you set 802 11 Band to 11a or 11b g...

Page 78: ...nd 76 is the weakest Disassociate Station Threshold Set a minimum kick off signal strength When a wireless client s signal strength is lower than the specified threshold the NWA disconnects the wirele...

Page 79: ...DESCRIPTION Add Click this to add a new SSID profile Edit Click this to edit the selected SSID profile Remove Click this to remove the selected SSID profile Object Reference Click this to view which o...

Page 80: ...use the Create new Object menu to create one Note It is highly recommended that you create security profiles for all of your SSIDs to enhance your network security MAC Filtering Profile Select a MAC...

Page 81: ...video conferencing WMM_BEST_EFFORT All wireless traffic to the SSID is tagged as best effort meaning the data travels the best route it can without displacing higher priority traffic This is good for...

Page 82: ...ty Mode selected Only the default screen is displayed here Table 38 Configuration Object AP Profile SSID Security List LABEL DESCRIPTION Add Click this to add a new security profile Edit Click this to...

Page 83: ...Chapter 8 AP Profile NWA1123 ACv2 User s Guide 83 Figure 50 SSID Security Profile Add Edit Security Profile...

Page 84: ...ng server in dotted decimal notation Accounting Server Port Enter the port number of the external accounting server The default port number is 1813 You need not change this value unless your network a...

Page 85: ...ion method It is a more recent development over TKIP and considerably more robust Not all wireless clients may support this Idle Timeout Enter the interval in seconds that a client can be idle before...

Page 86: ...lick the Add button or select a MAC filter profile from the list and click the Edit button Note Each MAC filtering profile can include a maximum of 512 MAC addresses Table 40 Configuration Object AP P...

Page 87: ...h the MAC addresses in this profile to connect to the network through the associated SSID select deny to block the wireless clients with the specified MAC addresses Add Click this to add a MAC address...

Page 88: ...unicating with the NWA s wireless clients except for broadcast packets Layer 2 isolation does not check the traffic between wireless clients that are associated with the same AP Intra BSS traffic allo...

Page 89: ...equential value and it is not associated with a specific user Profile Name This field indicates the name assigned to the layer 2 isolation profile Table 42 Configuration Object AP Profile SSID Layer 2...

Page 90: ...this profile You can click the description to make it editable Enter up to 60 characters spaces and underscores allowed OK Click OK to save your changes back to the NWA Cancel Click Cancel to exit th...

Page 91: ...screen Section 9 2 on page 91 creates preset monitor mode configurations that can be used by the NWA 9 2 MON Profile This screen allows you to create monitor mode configurations that can be used by t...

Page 92: ...te To turn on an entry select it and click Activate Inactivate To turn off an entry select it and click Inactivate Object Reference Click this to view which other objects are linked to the selected mo...

Page 93: ...profile Profile Name This field indicates the name assigned to the monitor mode profile Channel dwell time Enter the interval in milliseconds before the NWA switches to another channel for monitoring...

Page 94: ...er X running readily available encryption cracking software In this example the attacker now has access to the company network including sensitive data stored on the file server C Friendly APs If you...

Page 95: ...his Chapter The WDS Profile screen Section 10 2 on page 95 creates preset WDS configurations that can be used by the NWA 10 2 WDS Profile This screen allows you to manage and create WDS profiles that...

Page 96: ...rofile WDS SSID This field shows the SSID specified in this WDS profile Table 46 Configuration Object WDS Profile continued LABEL DESCRIPTION Table 47 Configuration Object WDS Profile Add Edit WDS Pro...

Page 97: ...e The other key is private and must be kept secure These keys work like a handwritten signature in fact certificates are often referred to as digital signatures Only you can write your signature exact...

Page 98: ...tificates Certificates offer the following benefits The NWA only has to store the certificates of the certification authorities that you decide to trust no matter how many devices you need to authenti...

Page 99: ...should verify that you have the correct certificate You can do this using the certificate s fingerprint A certificate s fingerprint is a message digest calculated using the MD5 or SHA1 algorithm The f...

Page 100: ...icates unless you specifically delete them Uploading a new firmware or default configuration file does not delete your certificates To remove an entry select it and click Remove The NWA confirms you w...

Page 101: ...subject information Issuer This field displays identifying information about the certificate s issuing certification authority such as a common name organizational unit or department organization or c...

Page 102: ...Chapter 11 Certificates NWA1123 ACv2 User s Guide 102 Figure 62 Configuration Object Certificate My Certificates Add...

Page 103: ...underscore Town City Identify the town or city where the certificate owner is located You can use up to 31 characters You can use alphanumeric characters the hyphen and the underscore State Province...

Page 104: ...is a TCP based enrollment protocol that was developed by the Public Key Infrastructure X 509 working group of the Internet Engineering Task Force IETF and is specified in RFC 2510 CA Server Address Th...

Page 105: ...Click Configuration Object Certificate My Certificates and then the Edit icon to open the My Certificate Edit screen You can use this screen to view in depth certificate information and change the ce...

Page 106: ...tification number given by the certification authority or generated by the NWA Subject This field displays information that identifies the owner of the certificate such as Common Name CN Organizationa...

Page 107: ...EM uses lowercase letters uppercase letters and numerals to convert a binary certificate into a printable form You can copy and paste a certification request into a certification authority s web page...

Page 108: ...you do not need to import any certificate that is signed by one of these certificates Table 51 Configuration Object Certificate My Certificates Import LABEL DESCRIPTION File Path Type in the location...

Page 109: ...e Select an entry and click Object Reference to open a screen that shows which settings use the entry This field displays the certificate index number The certificates are listed in alphabetical order...

Page 110: ...o open the Trusted Certificates Edit screen Use this screen to view in depth information about the certificate change the certificate s name and set whether or not you want the NWA to check a certific...

Page 111: ...sually a certification authority LDAP Server Select this check box if the directory server uses LDAP Lightweight Directory Access Protocol LDAP is a protocol over TCP that specifies how clients access...

Page 112: ...s that the key can be used to sign certificates and KeyEncipherment means that the key can be used to encrypt text Basic Constraint This field displays general information about the certificate For ex...

Page 113: ...ages over a CRL The first is real time status information The second is a reduction in network traffic since the NWA only gets information on the certificates that it needs to verify not a huge list W...

Page 114: ...y accessing the NWA s command line interface The Telnet screen Section 12 6 on page 133 configures Telnet for accessing the NWA s command line interface The FTP screen Section 12 7 on page 133 specifi...

Page 115: ...Name LABEL DESCRIPTION System Name Choose a descriptive name to identify your NWA device This name can be up to 64 alphanumeric characters long Spaces are not allowed but dashes underscores _ and peri...

Page 116: ...me and date time zone and daylight saving at the same time the time zone and daylight saving will affect the new time and date you entered When you enter the time settings manually the NWA uses the ne...

Page 117: ...the at field Daylight Saving Time starts in the European Union on the last Sunday of March All of the time zones in the European Union start using Daylight Saving Time at the same moment 1 A M GMT or...

Page 118: ...time servers have been tried 12 3 2 Time Server Synchronization Click the Sync Now button to get the time and date from the time server you specified in the Time Server Address field When the Loading...

Page 119: ...et and FTP management access are not secure Figure 71 Secure and Insecure Service Access From the WAN 12 4 1 Service Access Limitations A service cannot be used to access the NWA when you have disable...

Page 120: ...S server the NWA must always authenticate itself to the HTTPS client the computer which requests the HTTPS connection with the NWA whereas the HTTPS client only should authenticate itself when the HTT...

Page 121: ...to authenticate itself to the NWA by sending the NWA a certificate To do that the SSL client must have a CA signed certificate from a CA that has been imported as a trusted CA on the NWA Server Certi...

Page 122: ...lowing screen Figure 74 Security Alert Dialog Box Internet Explorer Select Continue to this website to proceed to the Web Configurator login screen Otherwise select Click here to close this webpage to...

Page 123: ...your browser displays warnings about the NWA s HTTPS server certificate and what you can do to avoid seeing the warnings The issuing certificate authority of the NWA s HTTPS server certificate is not...

Page 124: ...ng and Importing SSL Client Certificates The SSL client needs a certificate if Authenticate Client Certificates is selected on the NWA You must have imported at least one trusted CA to the NWA in orde...

Page 125: ...one shown next 2 Click Install Certificate and follow the wizard as shown earlier in this appendix 12 4 5 6 Installing a Personal Certificate You need a password in advance The CA may issue the passw...

Page 126: ...v2 User s Guide 126 1 Click Next to begin the wizard 2 The file name and path of the certificate you double clicked should automatically appear in the File name text box Click Browse if you wish to im...

Page 127: ...User s Guide 127 3 Enter the password given to you by the CA 4 Have the wizard determine where the certificate should be saved on your computer or select Place all certificates in the following store...

Page 128: ...wizard and begin the import process 6 You should see the following screen when the certificate is correctly installed on your computer 12 4 5 7 Using a Certificate When Accessing the NWA To access the...

Page 129: ...SSH Secure SHell to securely access the NWA s command line interface SSH is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication b...

Page 130: ...the client computer 2 Encryption Method Once the identification is verified both the client and server must agree on the type of encryption method to use 3 Authentication and Data Transmission After...

Page 131: ...nt program user s guide 12 5 5 1 Example 1 Microsoft Windows This section describes how to access the NWA using the Secure Shell Client program Table 59 Configuration System SSH LABEL DESCRIPTION Enab...

Page 132: ...on the NWA using the default IP address of 192 168 1 2 A message displays indicating the SSH protocol version supported by the NWA Figure 82 SSH Example 2 Test 2 Enter ssh 1 192 168 1 2 This command f...

Page 133: ...See Chapter 14 on page 152 for more information about firmware and configuration files To change your NWA s FTP settings click Configuration System FTP tab The screen appears as shown Use this screen...

Page 134: ...or disallow the computer with the IP address that matches the IP address es in the Service Control table to access the NWA using this service TLS required Select the check box to use FTP over TLS Tra...

Page 135: ...for the purpose of accessing these objects SNMP itself is a simple request response protocol based on the manager agent model The manager issues a request and the agent returns responses using the fol...

Page 136: ...87 Configuration System SNMP The following table describes the labels in this screen Table 62 SNMP Traps OBJECT LABEL OBJECT ID DESCRIPTION linkDown 1 3 6 1 6 3 1 1 5 3 This trap is sent when the Eth...

Page 137: ...3 Select this to allow SNMP managers using SNMPv3 to access the NWA Add Click this to create a new entry Select an entry and click Add to create a new entry after the selected entry Edit Double click...

Page 138: ...by MD5 for authentication Select SHA to require the SNMPv3 user s password be encrypted by SHA for authentication Privacy Select the type of encryption the SNMPv3 user must use to connect to the NWA...

Page 139: ...The Log Setting screens Section 13 3 on page 141 specify which logs are e mailed where they are e mailed and how often they are e mailed 13 2 Email Daily Report Use this screen to start or stop data...

Page 140: ...Chapter 13 Log and Report NWA1123 ACv2 User s Guide 140 Figure 89 Configuration Log Report Email Daily Report...

Page 141: ...r here as is on the mail server for mail traffic Mail Subject Type the subject line for the outgoing e mail Select Append system name to add the NWA s system name to the subject Select Append date tim...

Page 142: ...gories e mail addresses server names etc for any log Alternatively if you want to edit what events is included in each log you can also use the Active Log Summary screen to edit this information for a...

Page 143: ...s field displays the name of the log system log or one of the remote servers Log Format This field displays the format of the log Internal system log you can view the log on the View Log tab VRPT Sysl...

Page 144: ...og Report Log Setting Edit System Log Setting LABEL DESCRIPTION E Mail Server 1 2 Active Select this to send log messages and alerts according to the information in this section You specify what kinds...

Page 145: ...rd to the SMTP server User Name This box is effective when you select the SMTP Authentication check box Type the user name to provide to the SMTP server when the log is e mailed Password This box is e...

Page 146: ...ebugging information however even if this setting is selected E mail Server 1 Select whether each category of events should be included in the log messages when it is e mailed green check mark and or...

Page 147: ...Chapter 13 Log and Report NWA1123 ACv2 User s Guide 147 Figure 92 Configuration Log Report Log Setting Edit Remote Server...

Page 148: ...fferent files in the syslog server Please see the documentation for your syslog program for more information Active Log Selection Use the Selection drop down list to change the log settings for all of...

Page 149: ...uide 149 Figure 93 Active Log Summary This screen provides a different view and a different way of indicating which messages are included in each log and each alert The Default category includes debug...

Page 150: ...er 2 Use the E Mail Server 2 drop down list to change the settings for e mailing logs to e mail server 2 for all log categories Using the System Log drop down list to disable all logs overrides your e...

Page 151: ...n E Mail Server 2 The NWA does not e mail debugging information even if it is recorded in the System log Remote Server 1 4 Syslog For each remote server select what information you want to log from ea...

Page 152: ...r current firmware version and uploads firmware to the NWA The Shell Script screen Section 14 4 on page 160 stores names downloads uploads and runs shell script files 14 1 2 What you Need to Know The...

Page 153: ...or Shell Scripts When you apply a configuration file or run a shell script the NWA processes the file line by line The NWA checks the first line and applies the line if no errors are detected Then it...

Page 154: ...here is a startup config conf the NWA checks it for errors and applies it If there are no errors the NWA uses it and copies it to the lastgood conf configuration file as a back up file If there is an...

Page 155: ...cate of the configuration file Remove Click a configuration file s row to select it and click Remove to delete it from the NWA You can only delete manually saved configuration files You cannot delete...

Page 156: ...fully valid configuration file as quickly as possible Ignore errors and finish applying the configuration file this applies the valid parts of the configuration file and generates error logs for all o...

Page 157: ...es are applied to this configuration file The NWA applies configuration changes made in the Web Configurator to the configuration file when you click Apply or OK It applies configuration changes made...

Page 158: ...m in a file that usually uses a bin extension The firmware update can take up to five minutes Do not turn off or reset the NWA while the firmware update is in progress C ftp 192 168 1 2 Connected to 1...

Page 159: ...s procedure requires the NWA s firmware Download the firmware package from www zyxel com and unzip it The firmware file uses a bin extension for example 426ABEL0C0 bin Do the following after you have...

Page 160: ...C ftproot NWA_FW 426ABEL0C0 bin 9 Wait for the file transfer to complete 10 Enter quit to exit the ftp prompt 14 4 Shell Script Use shell script files to have the NWA use commands that you specify Use...

Page 161: ...cript file from the NWA A pop up window asks you to confirm that you want to delete the shell script file Click OK to delete the shell script file or click Cancel to close the screen without deleting...

Page 162: ...lows you to upload a new or previously saved shell script file from your computer to your NWA File Path Type in the location of the file you want to upload in this field or click Browse to find it Bro...

Page 163: ...ontaining the NWA s configuration and diagnostic information if you need to provide it to customer support during troubleshooting 15 2 Diagnostics This screen provides an easy way for you to generate...

Page 164: ...d diagnostic file Diagnostic Collect Category This field displays each category of settings Select which categories you want the NWA to include in the diagnostic file Customized Select this option to...

Page 165: ...rol how the LED of your NWA behave after it s ready You can go to the Maintenance LEDs Suppression screen to see the default LED behavior and change the LED suppression setting After you make changes...

Page 166: ...pression LABEL DESCRIPTION Suppression On If the Suppression On check box is checked the LED of your NWA will turn off after it s ready If the check box is unchecked the LED will stay lit after the NW...

Page 167: ...on before you reboot Otherwise the changes are lost when you reboot Reboot is different to reset reset returns the device to its default configuration 17 2 Reboot This screen allows remote users can r...

Page 168: ...o Know Shutdown writes all cached data to the local storage and stops the system processes Shutdown is different to reset reset returns the device to its default configuration 18 2 Shutdown To access...

Page 169: ...or PoE power injector switch is connected to the NWA and plugged in to an appropriate power source Make sure the power source is turned on 3 Disconnect and re connect the power adaptor or PoE power i...

Page 170: ...IP address is 192 168 1 2 If you changed the static IP address use the new IP address If you changed the static IP address and have forgotten it see the troubleshooting suggestions for I forgot the I...

Page 171: ...ds are case sensitive so make sure Caps Lock is not on 2 You cannot log in to the web configurator while someone is using Telnet to access the NWA Log out of the NWA in the other session or ask the pe...

Page 172: ...If the problem continues contact your ISP The Internet connection is slow or intermittent 1 There might be a lot of traffic on the network Look at the LED and check Section 1 5 on page 16 If the NWA...

Page 173: ...I specified If a RADIUS server authenticates wireless stations the re authentication timer on the RADIUS server has priority Change the RADIUS server s configuration if you need to use a different re...

Page 174: ...cript are not working properly In a configuration file or shell script use or as the first character of a command line to have the NWA treat the line as a comment Your configuration files or shell scr...

Page 175: ...the administrator password s you can reset the NWA to its factory default settings Any configuration files or shell scripts that you saved on the NWA should still be available afterwards Use the foll...

Page 176: ...Many ZyXEL products such as the NWA issue their own public key certificates These can be used by web browsers on a LAN or WAN to verify that they are in fact connecting to the legitimate device and n...

Page 177: ...1 If your device s Web Configurator is set to use SSL certification then the first time you browse to it you are presented with a certification error 2 Click Continue to this website not recommended...

Page 178: ...Appendix A Importing Certificates NWA1123 ACv2 User s Guide 178 4 In the Certificate dialog box click Install Certificate 5 In the Certificate Import Wizard click Next...

Page 179: ...tically select certificate store based on the type of certificate click Next again and then go to step 9 7 Otherwise select Place all certificates in the following store and then click Browse 8 In the...

Page 180: ...Cv2 User s Guide 180 9 In the Completing the Certificate Import Wizard screen click Finish 10 If you are presented with another Security Warning click Yes 11 Finally click OK when presented with the s...

Page 181: ...ion Installing a Stand Alone Certificate File in Internet Explorer Rather than browsing to a ZyXEL Web Configurator and installing a public key certificate when prompted you can install a stand alone...

Page 182: ...Removing a Certificate in Internet Explorer This section shows you how to remove a public key certificate in Internet Explorer 7 on Windows XP 1 Open Internet Explorer and click Tools Internet Options...

Page 183: ...Certificates Authorities tab select the certificate that you want to delete and then click Remove 4 In the Certificates confirmation click Yes 5 In the Root Certificate Store dialog box click Yes 6 Th...

Page 184: ...e s Web Configurator is set to use SSL certification then the first time you browse to it you are presented with a certification error 2 Select Accept this certificate permanently and click OK 3 The c...

Page 185: ...e in Firefox Rather than browsing to a ZyXEL Web Configurator and installing a public key certificate when prompted you can install a stand alone certificate file if one has been issued to you 1 Open...

Page 186: ...Select File dialog box to locate the certificate and then click Open 5 The next time you visit the web site click the padlock in the address bar to open the Page Info Security window to see the web p...

Page 187: ...Appendix A Importing Certificates NWA1123 ACv2 User s Guide 187 1 Open Firefox and click Tools Options 2 In the Options dialog box click Advanced Encryption View Certificates...

Page 188: ...er dialog box select the Web Sites tab select the certificate that you want to remove and then click Delete 4 In the Delete Web Site Certificates dialog box click OK 5 The next time you go to the web...

Page 189: ...0000 0000 0015 can be written as 2001 0db8 1a2f 0000 0000 0015 2001 0db8 0000 0000 1a2f 0015 2001 db8 1a2f 0 0 15 or 2001 db8 0 0 1a2f 15 Prefix and Prefix Length Similar to an IPv4 subnet mask IPv6...

Page 190: ...group Multicast scope allows you to determine the size of the multicast group A multicast address has a predefined prefix of ff00 8 The following table describes some of the predefined multicast addre...

Page 191: ...f the first byte of the MAC address See the following example Stateless Autoconfiguration With stateless autoconfiguration in IPv6 addresses can be uniquely and automatically generated Unlike DHCPv6 D...

Page 192: ...ch IA holds one type of address IA_NA means an identity association for non temporary addresses and IA_TA is an identity association for temporary addresses An IA_NA option contains the T1 and T2 fiel...

Page 193: ...ges types Neighbor solicitation A request from a host to determine a neighbor s link layer address MAC address and detect if the neighbor is still reachable A neighbor being reachable means it respond...

Page 194: ...ion 2 IGMPv2 MLD uses ICMPv6 message types rather than IGMP message types MLDv1 is equivalent to IGMPv2 and MLDv2 is equivalent to IGMPv3 MLD allows an IPv6 switch or router to discover the presence o...

Page 195: ...CPv6 for IP address assignment you have to additionally install a DHCPv6 client software on your Windows XP Note If you use static IP addresses or Router Advertisement for IPv6 address assignment in y...

Page 196: ...Example Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer To enable IPv6 in Windows 7 1 Select Control Panel Network and...

Page 197: ...dynamic IPv6 address This example shows a global address 2001 b021 2d 1000 obtained from a DHCP server C ipconfig Windows IP Configuration Ethernet adapter Local Area Connection Connection specific D...

Page 198: ...formation Please have the following information ready when you contact an office Required Information Product model and serial number Warranty Information Date that you received your device Brief desc...

Page 199: ...m pk Philippines ZyXEL Philippines http www zyxel com ph Singapore ZyXEL Singapore Pte Ltd http www zyxel com sg Taiwan ZyXEL Communications Corporation http www zyxel com tw zh Thailand ZyXEL Thailan...

Page 200: ...Republic ZyXEL Communications Czech s r o http www zyxel cz Denmark ZyXEL Communications A S http www zyxel dk Estonia ZyXEL Estonia http www zyxel com ee et Finland ZyXEL Communications http www zyxe...

Page 201: ...lux http www zyxel nl Norway ZyXEL Communications http www zyxel no Poland ZyXEL Communications Poland http www zyxel pl Romania ZyXEL Romania http www zyxel com ro ro Russia ZyXEL Russia http www zyx...

Page 202: ...aine http www ua zyxel com Latin America Argentina ZyXEL Communication Corporation http www zyxel com ec es Brazil ZyXEL Communications Brasil Ltda https www zyxel com br pt Ecuador ZyXEL Communicatio...

Page 203: ...ser s Guide 203 North America USA ZyXEL Communications Inc North America Headquarters http www zyxel com us en Oceania Australia ZyXEL Communications Corporation http www zyxel com au en Africa South...

Page 204: ...void the user s authority to operate the device This product has been tested and complies with the specifications for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are de...

Page 205: ...e du mat riel de cat gorieI a t approuv par Industrie Canada pour fonctionner avec les types d antenne num r s ci dessous et ayant un gain admissible maximal et l imp dance requise pour chaque type d...

Page 206: ...er relevant provisions of Directive 1999 5 EC Fran ais French Par la pr sente ZyXEL d clare que l appareil quipements est conforme aux exigences essentielles et aux autres dispositions pertinentes de...

Page 207: ...taux et des T l communications IBPT Visitez http www ibpt be pour de plus amples d tails Denmark In Denmark the band 5150 5350 MHz is also allowed for outdoor usage I Danmark m frekvensb ndet 5150 535...

Page 208: ...e applicable collection point for the recycling of electrical and electronic devices For detailed information about recycling of this product please contact your local city office your household waste...

Page 209: ...e selon les r glementations locales votre produit et ou sa batterie doivent tre limin s s par ment des ordures m nag res Lorsque ce produit atteint sa fin de vie amenez le un centre de recyclage Au mo...

Page 210: ...Appendix D Legal Information NWA1123 ACv2 User s Guide 210 Environmental Product Declaration...

Page 211: ...10V AC 230V AC About the Symbols Various symbols are used in this product to ensure correct usage to prevent danger to the user and others and to prevent property damage The meaning of these symbols a...

Page 212: ...is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpo...

Page 213: ...ertificates 97 advantages of 98 and CA 98 and FTP 134 and HTTPS 120 and SSH 131 and WWW 121 certification path 98 106 111 expired 98 factory default 98 file formats 98 fingerprints 107 112 importing 1...

Page 214: ...sclaimer 204 documentation related 2 domain name 115 DSA 103 dual radios 12 dual radio application 12 dynamic channel selection 54 E e mail daily statistics report 139 encryption 14 RSA 106 ESSID 173...

Page 215: ...prefix length 189 stateless autoconfiguration 191 unspecified address 190 J Java permissions 18 JavaScripts 18 K key pairs 97 L lastgood conf 154 157 layer 2 isolation 87 example 88 MAC 88 LED suppre...

Page 216: ...et 167 Reference Guide CLI 2 related documentation 2 remote management FTP see FTP Telnet 133 WWW see WWW reports daily 139 daily e mail 139 reset 175 vs reboot 167 vs shutdown 168 RESET button 17 175...

Page 217: ...atistics daily e mail report 139 status 30 status bar 26 warning message popup 26 stopping the device 17 supported browsers 18 syslog 143 148 syslog servers see also logs system log see logs system na...

Page 218: ...gurator 15 18 access 18 requirements 18 supported browsers 18 web configurator 11 WEP Wired Equivalent Privacy 73 wireless channel 173 wireless client 54 Wireless Distribution System WDS 14 wireless L...

Reviews:

No comments

Brands by name

Popular brands

Load more brands