Home
/
ZyXEL Communications
/
NWA5121-N
/
User Manual

ZyXEL Communications NWA5121-N, User Manual

Share

Page: 110 / 228

ZyXEL Communications NWA5121-N User Manual Download Page 110

Chapter 11 Certificates

NWA5000 / WAC6500 Series User’s Guide

110

• Binary PKCS#12: This is a format for transferring public key and private key certificates.The

private key in a PKCS #12 file is within a password-encrypted envelope. The file’s password is not
connected to your certificate’s public or private passwords. Exporting a PKCS #12 file creates this
and you must provide it to decrypt the contents when you import the file into the NWA/WAC.

Note: Be careful not to convert a binary file to text during the transfer process. It is easy

for this to occur since many programs use text files by default.

11.1.3 Verifying a Certificate

Before you import a trusted certificate into the NWA/WAC, you should verify that you have the
correct certificate. You can do this using the certificate’s fingerprint. A certificate’s fingerprint is a
message digest calculated using the MD5 or SHA1 algorithm. The following procedure describes
how to check a certificate’s fingerprint to verify that you have the actual certificate.

1

Browse to where you have the certificate saved on your computer.

2

Make sure that the certificate has a “.cer” or “.crt” file name extension.

3

Double-click the certificate’s icon to open the

Certificate

window. Click the

Details

tab and scroll

down to the

Thumbprint Algorithm

and

Thumbprint

fields.

4

Use a secure method to verify that the certificate owner has the same information in the

Thumbprint Algorithm

and

Thumbprint

fields. The secure method may very based on your

situation. Possible examples would be over the telephone or through an HTTPS connection.

«
...
108
109
110
111
112
...
»

Summary of Contents for NWA5121-N

Page 1: ...A5123 NI NWA5301 NJ WAC6502D E WAC6502D S WAC6503D S WAC6553D E 802 11 a b g n ac Unified Access Point Version 4 20 Edition 1 10 2014 Copyright 2014 ZyXEL Communications Corporation User s Guide Defau...

Page 2: ...em Every effort has been made to ensure that the information in this manual is accurate Related Documentation Quick Start Guide The Quick Start Guide shows how to connect the NWA WAC and access the We...

Page 3: ...roduction 11 The Web Configurator 27 Technical Reference 38 Dashboard 39 Monitor 44 Network 57 Wireless 65 User 77 AP Profile 84 MON Profile 102 WDS Profile 106 Certificates 108 System 125 Log and Rep...

Page 4: ...r Managing the NWA WAC 17 1 4 Hardware Connections 17 1 5 NWA5301 NJ Hardware 18 1 5 1 110 Punch Down Block 18 1 5 2 Phone Port 19 1 5 3 Console Port 19 1 6 LEDs 20 1 6 1 WAC6502D E WAC6502D S WAC6503...

Page 5: ...atus Graph 46 4 4 Radio List 47 4 4 1 AP Mode Radio Information 48 4 5 Station List 50 4 6 WDS Link Info 51 4 7 Detected Device 52 4 8 View Log 53 Chapter 5 Network 57 5 1 Overview 57 5 1 1 Management...

Page 6: ...What You Need To Know 84 8 2 Radio 85 8 2 1 Add Edit Radio Profile 86 8 3 SSID 89 8 3 1 SSID List 90 8 3 2 Add Edit SSID Profile 90 8 4 Security List 92 8 4 1 Add Edit Security Profile 93 8 5 MAC Filt...

Page 7: ...24 Chapter 12 System 125 12 1 Overview 125 12 1 1 What You Can Do in this Chapter 125 12 2 Host Name 125 12 3 Date and Time 126 12 3 1 Pre defined NTP Time Servers List 128 12 3 2 Time Server Synchron...

Page 8: ...erview 162 14 1 1 What You Can Do in this Chapter 162 14 1 2 What you Need to Know 162 14 2 Configuration File 163 14 2 1 Example of Configuration File Download Using FTP 167 14 3 Firmware Package 168...

Page 9: ...Overview 180 19 2 Power Hardware Connections and LED 180 19 3 NWA WAC Access and Login 181 19 4 Internet Access 182 19 5 Wireless Connections 184 19 6 Resetting the NWA WAC 187 19 7 Getting More Trou...

Page 10: ...10 PART I User s Guide...

Page 11: ...WPA2 MIX WPA2 PSK WPA2 PSK MIX None WEP WPA2 WPA2 MIX WPA2 PSK WPA2 PSK MIX Number of SSID Profiles 32 32 32 32 Number of Wireless Radios 1 1 2 1 Monitor Mode Rogue APs Detection Yes Yes Yes No Layer...

Page 12: ...and maintenance See the Quick Start Guide for how to make hardware connections 1 1 1 Management Mode The NWA WAC is a unified AP and can work either in standalone AP mode or in managed AP mode If the...

Page 13: ...ual SSID profile You can configure multiple SSID profiles and have all of them active at any one time You can assign different wireless and security settings to each SSID profile This allows you to co...

Page 14: ...s means you can configure two different wireless networks to operate simultaneously Note A different channel should be configured for each WLAN interface to reduce the effects of radio interference Yo...

Page 15: ...o allow repeaters X and Y to extend the range of its wireless network at the same time In the figure below both clients A B and C can access the wired network through the root AP Figure 3 Root AP Appl...

Page 16: ...range and also establish wireless connections with wireless clients Using Repeater mode your NWA WAC can extend the range of the WLAN In the figure below the NWA WAC in Repeater mode Z has a wireless...

Page 17: ...Protocol SNMP The NWA WAC can be monitored by an SNMP manager See the SNMP chapter in this User s Guide 1 3 Good Habits for Managing the NWA WAC Do the following things regularly to make the NWA WAC m...

Page 18: ...An 8 pin Ethernet cable has four pairs of color coded wires 1 Cut out one and a half inches of the jacket from the Ethernet cable to expose the wires 2 Untwist the wire pairs no more than one inch 3...

Page 19: ...he NWA to forward voice traffic to from the telephone switchboard that is connected to the RJ 45 PHONE port on the back of the NWA The NWA does not support VoIP Voice over Internet Protocol and the PH...

Page 20: ...and pin assignment for the console cable 1 6 LEDs The LEDs of your WAC6500 and NWA5301 can be controlled by using the Suppression feature such that the LEDs stay lit ON or OFF after the device is read...

Page 21: ...00 WAC6500 Series User s Guide 21 1 6 1 WAC6502D E WAC6502D S WAC6503D S and WAC6553D E The LEDs will stay ON when the WAC is ready You can change this setting in the Maintenance LEDs Suppression scre...

Page 22: ...Blinking blink for 2 times Off for 3s The wireless module of the WAC is disabled or failed Green Off Management Green On The WAC AP is managed by a controller Blinking The WAC AP is searching discove...

Page 23: ...5301 NJ Side Panel LAN Amber Green On Amber The port is operating as a 100 Mbps connection Green The port is operating as a Gigabit connection 1000 Mbps Blinking The LAN port is sending receiving data...

Page 24: ...Off Amber Fast Blinking On for 50ms times Off for 50ms The NWA is undergoing firmware upgrade Green Off Amber Slow Blinking blink for 3 times Off for 3s Uplink is disconnected Green Off Amber Slow Bli...

Page 25: ...he NWA s wireless interface is activated Green On Amber Off The NWA s receiving sending wireless traffic Green Blink Amber Slow Blinking blink for 3 times Off for 3s The NWA is discovering an AP contr...

Page 26: ...re and starts the system processes Rebooting the NWA WAC A warm start without powering down and powering up again occurs when you use the Reboot button in the Reboot screen or when you use the reboot...

Page 27: ...r versions or Google Chrome 10 0 and later versions Allow pop up windows Enable JavaScript enabled by default Enable Java permissions enabled by default Enable cookies The recommended screen resolutio...

Page 28: ...ars every time you log in using the default user name and default password If you change the password for the default user account this screen does not appear anymore 2 3 Navigating the Web Configurat...

Page 29: ...t Click About to display basic information about the NWA WAC Figure 10 About Table 10 Title Bar Web Configurator Icons LABEL DESCRIPTION Logout Click this to log out of the Web Configurator Help Click...

Page 30: ...bject Reference to open the Object Reference screen Select the type of object and the individual object and click Refresh to show which configuration settings reference the object Table 11 About LABEL...

Page 31: ...ect s name to display the object s configuration screen in the main window This field is a sequential value and it is not associated with any entry Service This is the type of setting that references...

Page 32: ...onfigure NWA WAC features Click the arrow in the middle of the right edge of the navigation panel to hide the navigation panel menus or drag it to resize them The following sections introduce the NWA...

Page 33: ...oller settings Wireless AP Management WLAN Setting Edit wireless AP information remove APs and reboot them MON Mode Rogue Friendly AP List Configure how the NWA WAC monitors for rogue APs Load Balanci...

Page 34: ...ces Log Report Email Daily Report Configure where and how to send daily reports and what reports to send Log Setting Configure the system log e mail logs and remote syslog servers Table 15 Maintenance...

Page 35: ...Click a column heading to sort the table s entries according to that column s criteria 2 Click the down arrow next to a column heading for more options about how to display the entries The options av...

Page 36: ...to the column s title when you drag the column to a valid new location 5 Use the icons and fields at the bottom of the table to navigate to different pages of entries and control how many entries dis...

Page 37: ...tures where the NWA WAC applies the table s entries in order like the firewall for example you can select an entry and click Add to create a new entry after the selected entry Edit Double click an ent...

Page 38: ...38 PART II Technical Reference...

Page 39: ...urce usage and interface status You can also display other status screens for more information 3 2 Dashboard This screen is the first thing you see when you log into the NWA WAC It also appears every...

Page 40: ...cent CPU usage Memory Usage This field displays what percentage of the NWA WAC s RAM is currently being used Hover your cursor over this field to display the Show Memory Usage icon that takes you to a...

Page 41: ...startup config conf configuration file and fell back to the lastgood conf configuration file Fallback to system default configuration The NWA WAC was unable to apply the lastgood conf configuration f...

Page 42: ...est to a DHCP server WLAN Interface Status Summary This displays status information for the WLAN interface Status This displays whether or not the WLAN interface is activated MAC Address This displays...

Page 43: ...Enter how often you want this window to be automatically updated Refresh Now Click this to update the information in the window right away Table 19 Dashboard CPU Usage continued LABEL DESCRIPTION Tabl...

Page 44: ...e NWA WAC s WDS Wireless Distribution System connections The Detected Device screen Section 4 7 on page 52 displays information about suspected rogue APs The View Log screen Section 4 8 on page 53 dis...

Page 45: ...Name This field displays the name of the interface Status This field displays the current status of the interface Inactive The Ethernet interface is disabled Down The Ethernet interface is enabled but...

Page 46: ...a line graph Status This field displays the current status of the physical port Down The physical port is not connected Speed Duplex The physical port is connected This field displays the port speed...

Page 47: ...is window to be automatically updated Refresh Now Click this to update the information in the window right away Switch to Grid View Click this to display the port statistics as a table bps The y axis...

Page 48: ...WAC Otherwise it shows when load balancing is disabled or the radio is in monitor mode MAC Address This displays the MAC address of the radio Radio This indicates the radio number on the NWA WAC to wh...

Page 49: ...Chapter 4 Monitor NWA5000 WAC6500 Series User s Guide 49 Figure 23 Monitor Wireless AP Information Radio List More Information...

Page 50: ...o eight maximum BSSID This displays a BSSID associated with this radio The BSSID is tied to the SSID Security Mode This displays the security mode in which the SSID is operating VLAN This displays the...

Page 51: ...number on the NWA WAC to which the station is connected SSID Name This indicates the name of the wireless network to which the station is connected A single AP can have multiple SSIDs or networks Secu...

Page 52: ...hen the NWA WAC is in repeater mode and connected to a root AP and other repeater s both the uplink and downlink information would be displayed This is the index number of the root AP or repeater in t...

Page 53: ...ected AP as a friendly AP For more on managing friendly APs see the Configuration Wireless MON Mode screen Section 6 3 on page 69 This is the detected device s index number in this list Status This in...

Page 54: ...messages new log messages automatically overwrite existing log messages starting with the oldest existing log message first Events that generate an alert as well as a log message display in red Regula...

Page 55: ...lter Select a service protocol whose log messages you would like to see Keyword This displays when you show the filter Type a keyword to look for in the Message Source Destination and Note fields If a...

Page 56: ...Chapter 4 Monitor NWA5000 WAC6500 Series User s Guide 56 The Web Configurator saves the filter settings if you leave the View Log screen and return to it later...

Page 57: ...2 default but if the NWA WAC is assigned an IP address by a DHCP server the default 192 168 1 2 will not be used The gateway and the NWA WAC must belong in the same IP subnet to be able to communicat...

Page 58: ...s Accept mode it automatically adds the AP to its Managed Access Points list and provides the managed AP with default configuration information as well as securely transmitting the DTLS pre shared key...

Page 59: ...following figure Figure 30 CAPWAP and DHCP Option 138 Notes on CAPWAP This section lists some additional features of ZyXEL s implementation of the CAPWAP protocol When the AP controller uses its inter...

Page 60: ...et the IP address subnet mask and gateway address from a DHCP server Use Fixed IP Address Select this if you want to specify the IP address subnet mask and gateway manually IP Address Enter the IP add...

Page 61: ...going gateway using colon hexadecimal notation Metric Enter the priority of the gateway if any on the LAN interface The NWA WAC decides which gateway to use based on this priority The lower the number...

Page 62: ...l broadcast packets go to each and every individual port With VLAN all broadcasts are confined to a specific broadcast domain IEEE 802 1Q Tag The IEEE 802 1Q standard defines an explicit VLAN tag in t...

Page 63: ...lick this to create a new entry For features where the entry s position in the numbered list is important features where the NWA WAC applies the table s entries in order like the SSID for example you...

Page 64: ...get the AP controller s IP address Manual Select this option and enter the IP address of the AP controller manually This is necessary when the AP Controller is not in the same subnet and you want it...

Page 65: ...less clients use the access point AP to interact with other devices such as the printer or with the Internet Your NWA WAC is the AP 6 1 1 What You Can Do in this Chapter The AP Management screen Secti...

Page 66: ...P to automatically select the radio channel upon which it broadcasts by scanning the area around it and determining what channels are currently being used by other devices Load Balancing Wireless Wire...

Page 67: ...Figure 36 Configuration Wireless AP Management Each field is described in the following table Table 32 Configuration Wireless AP Management LABEL DESCRIPTION Radio 1 Setting Radio 1 Activate Select t...

Page 68: ...io uses to connect to a root AP or repeater Uplink Selection Mode This field is available only when the radio is in Repeater mode Select AUTO to have the NWA WAC automatically use the settings in the...

Page 69: ...ofile to radio 2 Otherwise the second radio will not be working Radio 2 WDS Profile This field is available only when the radio is in Root AP or Repeater mode Select the WDS profile the radio uses to...

Page 70: ...ndly ap To change the AP s role click the Edit button MAC Address This field indicates the AP s radio MAC address Description This field displays the AP s description You can modify this by clicking t...

Page 71: ...Wireless Load Balancing to access this screen Figure 39 Configuration Wireless Load Balancing Table 34 Configuration Wireless MON Mode Add Edit Rogue Friendly AP List LABEL DESCRIPTION MAC Enter the M...

Page 72: ...association request and authentication request packets from any new station that attempts to make a connection This allows the station to automatically attempt to connect to another less burdened AP...

Page 73: ...dth to spare Figure 40 Delaying a Connection The second response your AP can take is to kick the connections that are pushing it over its balanced bandwidth allotment Figure 41 Kicking a Connection Co...

Page 74: ...configuration options and manually change the channel to one that no other AP is using or at least a channel that has a lower level of interference in order to give the connected stations a minimum de...

Page 75: ...her and the three so called safe channels 1 6 and 11 that interference becomes inevitable the severity of it is dependent upon other factors proximity to the affected AP signal strength activity and s...

Page 76: ...connections to the AP based on maximum bandwidth available If you are uncertain as to the exact number of wireless connections you will have then choose this option By setting a maximum bandwidth cap...

Page 77: ...is chapter User Account A user account defines the privileges of a user logged into the NWA WAC User accounts are used in controlling access to configuration and services in the NWA WAC User Types The...

Page 78: ...ect it and click Edit to open a screen where you can modify the entry s settings Remove To remove an entry select it and click Remove The NWA WAC confirms you want to remove it before doing so Object...

Page 79: ...u enter a user bob but use BOB when connecting via CIFS or FTP it will use the account settings used for BOB not bob User names have to be different than user group names Here are the reserved user na...

Page 80: ...d to make sure you have entered it correctly Description Enter the description of each user if any You can use up to 60 printable ASCII characters Default descriptions are provided Authentication Time...

Page 81: ...uble click an entry or select it and click Edit to open a screen where you can modify the entry s settings This field is a sequential value and it is not associated with a specific entry User Type The...

Page 82: ...t on the number of simultaneous logins by admin users If you do not select this admin users can login as many times as they want at the same time using the same or different IP addresses Maximum numbe...

Page 83: ...ke the number of minutes unlimited Admin users renew the session every time the main screen refreshes in the Web Configurator Access users can renew the session by clicking the Renew button on their s...

Page 84: ...single AP can broadcast up to 8 SSIDs You can have a maximum of 32 SSID profiles on the NWA WAC Security This profile type defines the security settings used by a single SSID It controls the encrypti...

Page 85: ...E 802 1x standard outlines enhanced security methods for both the authentication of wireless stations and encryption key management Authentication is done using an external RADIUS server 8 2 Radio Thi...

Page 86: ...ry select it and click Inactivate Object Reference Click this to view which other objects are linked to the selected radio profile This field is a sequential value and it is not associated with a spec...

Page 87: ...nt WLAN devices to associate with the NWA WAC The transmission rate of your NWA WAC might be reduced ac allows IEEE 802 11ac compliant WLAN devices to associate with the WAC Channel Width Select the c...

Page 88: ...channels the NWA WAC switches between for 5 GHz operation Select Auto to have the NWA WAC automatically select the best channel Advanced Settings Guard Interval Set the guard interval for this radio p...

Page 89: ...than the specified threshold 20 dBm is the strongest signal you can require and 76 is the weakest Disassociate Station Threshold Set a minimum kick off signal strength When a wireless client s signal...

Page 90: ...SSID profile from the list and click the Edit button Table 44 Configuration Object AP Profile SSID List LABEL DESCRIPTION Add Click this to add a new SSID profile Edit Click this to edit the selected...

Page 91: ...can use the Create new Object menu to create one Note It is highly recommended that you create security profiles for all of your SSIDs to enhance your network security MAC Filtering Profile Select a M...

Page 92: ...ties like video conferencing WMM_BEST_EFFORT All wireless traffic to the SSID is tagged as best effort meaning the data travels the best route it can without displacing higher priority traffic This is...

Page 93: ...ecurity Mode selected Only the default screen is displayed here Table 46 Configuration Object AP Profile SSID Security List LABEL DESCRIPTION Add Click this to add a new security profile Edit Click th...

Page 94: ...n this screen Table 47 SSID Security Profile Add Edit Security Profile LABEL DESCRIPTION Profile Name Enter up to 31 alphanumeric characters for the profile name This name is only visible in the Web C...

Page 95: ...the NWA WAC The key must be the same on the external accounting server and your NWA WAC The key is not sent over the network 802 1X Select this to enable 802 1x secure authentication ReAuthenticatio n...

Page 96: ...ter the interval in seconds that a client can be idle before authentication is discontinued Group Key Update Timer Enter the interval in seconds at which the AP updates the group WPA2 encryption key M...

Page 97: ...clude a maximum of 512 MAC addresses Table 48 Configuration Object AP Profile SSID MAC Filter List LABEL DESCRIPTION Add Click this to add a new MAC filtering profile Edit Click this to edit the selec...

Page 98: ...only for management purposes Spaces and underscores are allowed Filter Action Select allow to permit the wireless client with the MAC addresses in this profile to connect to the network through the a...

Page 99: ...sociated with the same AP Intra BSS traffic allows wireless clients associated with the same AP to communicate with each other This screen allows you to specify devices you want the users on your wire...

Page 100: ...ation profile Table 50 Configuration Object AP Profile SSID Layer 2 Isolation List continued LABEL DESCRIPTION Table 51 SSID MAC Filter List Add Edit Layer 2 Isolation Profile LABEL DESCRIPTION Profil...

Page 101: ...Series User s Guide 101 OK Click OK to save your changes back to the NWA WAC Cancel Click Cancel to exit this screen without saving your changes Table 51 SSID MAC Filter List Add Edit Layer 2 Isolatio...

Page 102: ...Profile screen Section 9 2 on page 102 creates preset monitor mode configurations that can be used by the NWA WAC 9 2 MON Profile This screen allows you to create monitor mode configurations that can...

Page 103: ...Activate To turn on an entry select it and click Activate Inactivate To turn off an entry select it and click Inactivate Object Reference Click this to view which other objects are linked to the selec...

Page 104: ...profile Channel dwell time Enter the interval in milliseconds before the NWA WAC switches to another channel for monitoring Scan Channel Mode Select auto to have the NWA WAC switch to the next sequent...

Page 105: ...attacker X running readily available encryption cracking software In this example the attacker now has access to the company network including sensitive data stored on the file server C Friendly APs I...

Page 106: ...create WDS profiles that can be used by the APs To access this screen click Configuration Object WDS Profile Figure 64 Configuration Object WDS Profile The following table describes the labels in this...

Page 107: ...Table 55 Configuration Object WDS Profile Add Edit WDS Profile LABEL DESCRIPTION Profile Name Enter up to 31 alphanumeric characters for the profile name WDS SSID Enter the SSID with which you want t...

Page 108: ...penly available The other key is private and must be kept secure These keys work like a handwritten signature in fact certificates are often referred to as digital signatures Only you can write your s...

Page 109: ...Certificates Certificates offer the following benefits The NWA WAC only has to store the certificates of the certification authorities that you decide to trust no matter how many devices you need to...

Page 110: ...WAC you should verify that you have the correct certificate You can do this using the certificate s fingerprint A certificate s fingerprint is a message digest calculated using the MD5 or SHA1 algori...

Page 111: ...ur certificates unless you specifically delete them Uploading a new firmware or default configuration file does not delete your certificates To remove an entry select it and click Remove The NWA WAC c...

Page 112: ...ique subject information Issuer This field displays identifying information about the certificate s issuing certification authority such as a common name organizational unit or department organization...

Page 113: ...Chapter 11 Certificates NWA5000 WAC6500 Series User s Guide 113 Figure 67 Configuration Object Certificate My Certificates Add...

Page 114: ...icate owner belongs You can use up to 31 characters You can use alphanumeric characters the hyphen and the underscore Town City Identify the town or city where the certificate owner is located You can...

Page 115: ...ocol CMP is a TCP based enrollment protocol that was developed by the Public Key Infrastructure X 509 working group of the Internet Engineering Task Force IETF and is specified in RFC 2510 CA Server A...

Page 116: ...cates Click Configuration Object Certificate My Certificates and then the Edit icon to open the My Certificate Edit screen You can use this screen to view in depth certificate information and change t...

Page 117: ...s information that identifies the owner of the certificate such as Common Name CN Organizational Unit OU Organization O State ST and Country C Issuer This field displays identifying information about...

Page 118: ...t into a certification authority s web page an e mail that you send to the certification authority or a text editor and save the file on a management computer for later manual enrollment You can copy...

Page 119: ...thus you do not need to import any certificate that is signed by one of these certificates Table 59 Configuration Object Certificate My Certificates Import LABEL DESCRIPTION File Path Type in the loc...

Page 120: ...gured to use Select an entry and click Object Reference to open a screen that shows which settings use the entry This field displays the certificate index number The certificates are listed in alphabe...

Page 121: ...n to open the Trusted Certificates Edit screen Use this screen to view in depth information about the certificate change the certificate s name and set whether or not you want the NWA WAC to check a c...

Page 122: ...server usually a certification authority LDAP Server Select this check box if the directory server uses LDAP Lightweight Directory Access Protocol LDAP is a protocol over TCP that specifies how clien...

Page 123: ...eans that the key can be used to sign certificates and KeyEncipherment means that the key can be used to encrypt text Basic Constraint This field displays general information about the certificate For...

Page 124: ...ges over a CRL The first is real time status information The second is a reduction in network traffic since the NWA WAC only gets information on the certificates that it needs to verify not a huge lis...

Page 125: ...securely accessing the NWA WAC s command line interface The Telnet screen Section 12 6 on page 144 configures Telnet for accessing the NWA WAC s command line interface The FTP screen Section 12 7 on p...

Page 126: ...he NWA WAC get the date and time from a time server Figure 74 Configuration System Date Time Table 63 Configuration System Host Name LABEL DESCRIPTION System Name Choose a descriptive name to identify...

Page 127: ...rvals after starting up Time Server Address Enter the IP address or URL of your time server Check with your ISP network administrator if you are unsure of this information Sync Now Click this button t...

Page 128: ...Time ends if you selected Enable Daylight Saving The at field uses the 24 hour format Here are a couple of examples Daylight Saving Time ends in the United States on the first Sunday of November Each...

Page 129: ...te in the New Date field 5 Under Time Zone Setup select your Time Zone from the list 6 As an option you can select the Enable Daylight Saving check box to adjust the NWA WAC clock for daylight savings...

Page 130: ...Secure Socket Layer or HTTP over SSL is a web protocol that encrypts and decrypts web pages Secure Socket Layer SSL is an application level protocol that enables secure transactions of data by ensuri...

Page 131: ...t 443 by default on the NWA WAC s web server 2 HTTP connection requests from a web browser go to port 80 by default on the NWA WAC s web server Figure 77 HTTP HTTPS Implementation Note If you disable...

Page 132: ...WAC Web Configurator to use https NWA WAC IP Address 8443 as the URL Authenticate Client Certificates Select Authenticate Client Certificates optional to require the SSL client to authenticate itself...

Page 133: ...ge to block the access 12 4 5 2 Mozilla Firefox Warning Messages When you attempt to access the NWA WAC HTTPS server a The Connection is Untrusted screen appears as shown in the following screen Click...

Page 134: ...ur browser displays warnings about the NWA WAC s HTTPS server certificate and what you can do to avoid seeing the warnings The issuing certificate authority of the NWA WAC s HTTPS server certificate i...

Page 135: ...and Importing SSL Client Certificates The SSL client needs a certificate if Authenticate Client Certificates is selected on the NWA WAC You must have imported at least one trusted CA to the NWA WAC in...

Page 136: ...o the one shown next 2 Click Install Certificate and follow the wizard as shown earlier in this appendix 12 4 5 6 Installing a Personal Certificate You need a password in advance The CA may issue the...

Page 137: ...Series User s Guide 137 1 Click Next to begin the wizard 2 The file name and path of the certificate you double clicked should automatically appear in the File name text box Click Browse if you wish...

Page 138: ...ries User s Guide 138 3 Enter the password given to you by the CA 4 Have the wizard determine where the certificate should be saved on your computer or select Place all certificates in the following s...

Page 139: ...izard and begin the import process 6 You should see the following screen when the certificate is correctly installed on your computer 12 4 5 7 Using a Certificate When Accessing the NWA WAC To access...

Page 140: ...use SSH Secure SHell to securely access the NWA WAC s command line interface SSH is a secure communication protocol that combines authentication and data encryption to provide secure encrypted commun...

Page 141: ...the client computer 2 Encryption Method Once the identification is verified both the client and server must agree on the type of encryption method to use 3 Authentication and Data Transmission After t...

Page 142: ...e similar for most SSH client programs Refer to your SSH client program user s guide Table 67 Configuration System SSH LABEL DESCRIPTION Enable Select the check box to allow or disallow the computer w...

Page 143: ...ing the OpenSSH client program that comes with most Linux distributions 1 Test whether the SSH service is available on the NWA WAC Enter telnet 192 168 1 2 22 at a terminal prompt and press ENTER The...

Page 144: ...tion System FTP tab The screen appears as shown Use this screen to specify FTP settings ssh 1 192 168 1 2 The authenticity of host 192 168 1 2 192 168 1 2 can t be established RSA1 key fingerprint is...

Page 145: ...allow or disallow the computer with the IP address that matches the IP address es in the Service Control table to access the NWA WAC using this service TLS required Select the check box to use FTP ove...

Page 146: ...managed objects SNMP allows a manager and agents to communicate for the purpose of accessing these objects SNMP itself is a simple request response protocol based on the manager agent model The manag...

Page 147: ...nts occurs 12 8 3 Configuring SNMP To change your NWA WAC s SNMP settings click Configuration System SNMP tab The screen appears as shown Use this screen to configure your SNMP settings You can also c...

Page 148: ...d allows all requests Set Community Enter the Set community which is the password for incoming Set requests from the management station The default is private and allows all requests SNMPv3 Select thi...

Page 149: ...quire the SNMPv3 user s password be encrypted by MD5 for authentication Select SHA to require the SNMPv3 user s password be encrypted by SHA for authentication Privacy Select the type of encryption th...

Page 150: ...The Log Setting screens Section 13 3 on page 152 specify which logs are e mailed where they are e mailed and how often they are e mailed 13 2 Email Daily Report Use this screen to start or stop data c...

Page 151: ...g Report Email Daily Report LABEL DESCRIPTION Enable Email Daily Report Select this to send reports by e mail every day Mail Server Type the name or IP address of the outgoing SMTP server Mail Subject...

Page 152: ...ctive Log Summary screen to edit this information for all logs at the same time 13 3 1 Log Setting To access this screen click Configuration Log Report Log Setting Mail From Type the e mail address fr...

Page 153: ...d is a sequential value and it is not associated with a specific log Status This field shows whether the log is active or not Name This field displays the name of the log system log or one of the remo...

Page 154: ...System Log Settings This screen controls the detailed settings for each log in the system log which includes the e mail profiles Select a system log entry in the Log Setting screen and click the Edit...

Page 155: ...on SMTP Authentication Select this check box if it is necessary to provide a user name and password to the SMTP server User Name This box is effective when you select the SMTP Authentication check box...

Page 156: ...l debugging information however even if this setting is selected E mail Server 1 Select whether each category of events should be included in the log messages when it is e mailed green check mark and...

Page 157: ...Chapter 13 Log and Report NWA5000 WAC6500 Series User s Guide 157 Figure 97 Configuration Log Report Log Setting Edit Remote Server...

Page 158: ...to different files in the syslog server Please see the documentation for your syslog program for more information Active Log Selection Use the Selection drop down list to change the log settings for a...

Page 159: ...r s Guide 159 Figure 98 Active Log Summary This screen provides a different view and a different way of indicating which messages are included in each log and each alert The Default category includes...

Page 160: ...mail Server 2 Use the E Mail Server 2 drop down list to change the settings for e mailing logs to e mail server 2 for all log categories Using the System Log drop down list to disable all logs overrid...

Page 161: ...ied in E Mail Server 2 The NWA WAC does not e mail debugging information even if it is recorded in the System log Remote Server 1 4 Syslog For each remote server select what information you want to lo...

Page 162: ...ection 14 3 on page 168 checks your current firmware version and uploads firmware to the NWA WAC The Shell Script screen Section 14 4 on page 170 stores names downloads uploads and runs shell script f...

Page 163: ...5 wlan ssid profile default ssid Joe AP qos wmm security default Errors in Configuration Files or Shell Scripts When you apply a configuration file or run a shell script the NWA WAC processes the file...

Page 164: ...f there is a startup config conf the NWA WAC checks it for errors and applies it If there are no errors the NWA WAC uses it and copies it to the lastgood conf configuration file as a back up file If t...

Page 165: ...duplicate of the configuration file Remove Click a configuration file s row to select it and click Remove to delete it from the NWA WAC You can only delete manually saved configuration files You canno...

Page 166: ...d with a fully valid configuration file as quickly as possible Ignore errors and finish applying the configuration file this applies the valid parts of the configuration file and generates error logs...

Page 167: ...nagement session the changes are applied to this configuration file The NWA WAC applies configuration changes made in the Web Configurator to the configuration file when you click Apply or OK It appli...

Page 168: ...yxel com in a file that usually uses a bin extension The firmware update can take up to five minutes Do not turn off or reset the NWA WAC while the firmware update is in progress C ftp 192 168 1 2 Con...

Page 169: ...nnected After five minutes log in again and check your new firmware version in the Dashboard screen Table 80 Maintenance File Manager Firmware Package LABEL DESCRIPTION Boot Module This is the version...

Page 170: ...bytes of data you upload so that you can watch the file transfer progress 7 Enter bin to set the transfer mode to binary 8 Transfer the firmware file from your computer to the NWA WAC Type put followe...

Page 171: ...0 9 _ Click OK to save the duplicate or click Cancel to close the screen without saving a duplicate of the configuration file Remove Click a shell script file s row to select it and click Delete to de...

Page 172: ...ividual shell script files were last changed or saved Upload Shell Script The bottom part of the screen allows you to upload a new or previously saved shell script file from your computer to your NWA...

Page 173: ...nerate a file containing the NWA WAC s configuration and diagnostic information You may need to generate this file and send it to customer support during troubleshooting Click Maintenance Diagnostics...

Page 174: ...WAC6500 Series User s Guide 174 Collect Now Click this to have the NWA WAC create a new diagnostic file Download Click this to save the most recent diagnostic file to a computer Table 82 Maintenance...

Page 175: ...after it s ready The deafult LED suppression setting of your AP is different depending on your NWA WAC model You can go to Maintenance LEDs Suppression screen to see the default of the LED behavior If...

Page 176: ...k Turn On button to have the WAC find its location The Locator LED will start to blink for the number of minutes set in the Locator screen The default setting is 10 minutes While the locator is runnin...

Page 177: ...button to activate the locator The Locator function will show the actual location of the WAC between several devices in the network Automatically extinguish after Enter a time interval between 1 and...

Page 178: ...ion before you reboot Otherwise the changes are lost when you reboot Reboot is different to reset reset returns the device to its default configuration 17 2 Reboot This screen allows remote users can...

Page 179: ...d To Know Shutdown writes all cached data to the local storage and stops the system processes Shutdown is different to reset reset returns the device to its default configuration 18 2 Shutdown To acce...

Page 180: ...r a PoE power injector 2 Make sure the power adaptor or PoE power injector is connected to the NWA WAC and plugged in to an appropriate power source Make sure the power source is turned on 3 Disconnec...

Page 181: ...default IP address in standalone AP mode is 192 168 1 2 If you changed the IP address use the new IP address If you changed the IP address and have forgotten it see the troubleshooting suggestions for...

Page 182: ...entered the user name and password correctly The default password is 1234 This fields are case sensitive so make sure Caps Lock is not on 2 You cannot log in to the web configurator while someone is...

Page 183: ...e sure the LED is behaving as expected See the Quick Start Guide and Section 1 6 on page 20 2 Reboot the NWA WAC 3 If the problem continues contact your ISP The Internet connection is slow or intermit...

Page 184: ...cryption can be broken by an attacker using widely available software It is strongly recommended that you use a more effective security mechanism Use the strongest security mechanism that all the wire...

Page 185: ...ort the file into the NWA WAC Note Be careful not to convert a binary file to text during the transfer process It is easy for this to occur since many programs use text files by default I can only see...

Page 186: ...less AP Information Radio List screen there is no load balancing indicator associated with any APs assigned to the load balancing task Check to be sure that the AP profile which contains the load bala...

Page 187: ...ble afterwards Use the following procedure to reset the NWA WAC to its factory default settings This overwrites the settings in the startup config conf file with the settings in the system default con...

Page 188: ...ate Many ZyXEL products such as the NWA WAC issue their own public key certificates These can be used by web browsers on a LAN or WAN to verify that they are in fact connecting to the legitimate devic...

Page 189: ...e 189 1 If your device s Web Configurator is set to use SSL certification then the first time you browse to it you are presented with a certification error 2 Click Continue to this website not recomme...

Page 190: ...Appendix A Importing Certificates NWA5000 WAC6500 Series User s Guide 190 4 In the Certificate dialog box click Install Certificate 5 In the Certificate Import Wizard click Next...

Page 191: ...utomatically select certificate store based on the type of certificate click Next again and then go to step 9 7 Otherwise select Place all certificates in the following store and then click Browse 8 I...

Page 192: ...0 Series User s Guide 192 9 In the Completing the Certificate Import Wizard screen click Finish 10 If you are presented with another Security Warning click Yes 11 Finally click OK when presented with...

Page 193: ...ormation Installing a Stand Alone Certificate File in Internet Explorer Rather than browsing to a ZyXEL Web Configurator and installing a public key certificate when prompted you can install a stand a...

Page 194: ...194 Removing a Certificate in Internet Explorer This section shows you how to remove a public key certificate in Internet Explorer 7 on Windows XP 1 Open Internet Explorer and click Tools Internet Op...

Page 195: ...Root Certificates Authorities tab select the certificate that you want to delete and then click Remove 4 In the Certificates confirmation click Yes 5 In the Root Certificate Store dialog box click Yes...

Page 196: ...device s Web Configurator is set to use SSL certification then the first time you browse to it you are presented with a certification error 2 Select Accept this certificate permanently and click OK 3...

Page 197: ...e File in Firefox Rather than browsing to a ZyXEL Web Configurator and installing a public key certificate when prompted you can install a stand alone certificate file if one has been issued to you 1...

Page 198: ...e the Select File dialog box to locate the certificate and then click Open 5 The next time you visit the web site click the padlock in the address bar to open the Page Info Security window to see the...

Page 199: ...Appendix A Importing Certificates NWA5000 WAC6500 Series User s Guide 199 1 Open Firefox and click Tools Options 2 In the Options dialog box click Advanced Encryption View Certificates...

Page 200: ...Manager dialog box select the Web Sites tab select the certificate that you want to remove and then click Delete 4 In the Delete Web Site Certificates dialog box click OK 5 The next time you go to the...

Page 201: ...1a2f 0000 0000 0015 can be written as 2001 0db8 1a2f 0000 0000 0015 2001 0db8 0000 0000 1a2f 0015 2001 db8 1a2f 0 0 15 or 2001 db8 0 0 1a2f 15 Prefix and Prefix Length Similar to an IPv4 subnet mask...

Page 202: ...cast group Multicast scope allows you to determine the size of the multicast group A multicast address has a predefined prefix of ff00 8 The following table describes some of the predefined multicast...

Page 203: ...enth bit of the first byte of the MAC address See the following example Stateless Autoconfiguration With stateless autoconfiguration in IPv6 addresses can be uniquely and automatically generated Unlik...

Page 204: ...in the IA Each IA holds one type of address IA_NA means an identity association for non temporary addresses and IA_TA is an identity association for temporary addresses An IA_NA option contains the T1...

Page 205: ...ypes Neighbor solicitation A request from a host to determine a neighbor s link layer address MAC address and detect if the neighbor is still reachable A neighbor being reachable means it responds to...

Page 206: ...Protocol version 2 IGMPv2 MLD uses ICMPv6 message types rather than IGMP message types MLDv1 is equivalent to IGMPv2 and MLDv2 is equivalent to IGMPv3 MLD allows an IPv6 switch or router to discover t...

Page 207: ...es DHCPv6 for IP address assignment you have to additionally install a DHCPv6 client software on your Windows XP Note If you use static IP addresses or Router Advertisement for IPv6 address assignment...

Page 208: ...rver Example Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer To enable IPv6 in Windows 7 1 Select Control Panel Networ...

Page 209: ...your dynamic IPv6 address This example shows a global address 2001 b021 2d 1000 obtained from a DHCP server C ipconfig Windows IP Configuration Ethernet adapter Local Area Connection Connection speci...

Page 210: ...Please have the following information ready when you contact an office Required Information Product model and serial number Warranty Information Date that you received your device Brief description of...

Page 211: ...zyxel com pk Philipines ZyXEL Philippines http www zyxel com ph Singapore ZyXEL Singapore Pte Ltd http www zyxel com sg Taiwan ZyXEL Communications Corporation http www zyxel com Thailand ZyXEL Thail...

Page 212: ...ommunications Czech s r o http www zyxel cz Denmark ZyXEL Communications A S http www zyxel dk Estonia ZyXEL Estonia http www zyxel com ee et Finland ZyXEL Communications http www zyxel fi France ZyXE...

Page 213: ...ay ZyXEL Communications http www zyxel no Poland ZyXEL Communications Poland http www zyxel pl Romania ZyXEL Romania http www zyxel com ro ro Russia ZyXEL Russia http www zyxel ru Slovakia ZyXEL Commu...

Page 214: ...com Latin America Argentina ZyXEL Communication Corporation http www zyxel com ec es Ecuador ZyXEL Communication Corporation http www zyxel com ec es Middle East Egypt ZyXEL Communication Corporation...

Page 215: ...Appendix C Customer Support NWA5000 WAC6500 Series User s Guide 215 Oceania Australia ZyXEL Communications Corporation http www zyxel com au en Africa South Africa Nology Pty Ltd http www zyxel co za...

Page 216: ...evice must accept any interference received including interference that may cause undesired operation Changes or modifications not expressly approved by the party responsible for compliance could void...

Page 217: ...ustrie Canada pour fonctionner avec les types d antenne num r s ci dessous et ayant un gain admissible maximal et l imp dance requise pour chaque type d antenne Les types d antenne non inclus dans cet...

Page 218: ...s a general authorization Please check http www sviluppoeconomico gov it for more details Questo prodotto conforme alla specifiche di Interfaccia Radio Nazionali e rispetta il Piano Nazionale di ripar...

Page 219: ...vice Connect it to the right supply voltage for example 110V AC in North America or 230V AC in Europe Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyo...

Page 220: ...equipment should be treated separately INFORMAZIONI AGLI UTENTI Ai sensi della Direttiva 2012 19 UE del Parlamento europeo e del Consiglio del 4 luglio 2012 sui rifiuti di apparecchiature elettriche e...

Page 221: ...Appendix D Legal Information NWA5000 WAC6500 Series User s Guide 221 Environmental Product Declaration...

Page 222: ...all not apply if the product has been modified misused tampered with damaged by an act of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is...

Page 223: ...evocation List CRL 109 vs OCSP 124 certificates 108 advantages of 109 and CA 109 and FTP 145 and HTTPS 130 and SSH 142 and WWW 132 certification path 109 117 122 expired 109 factory default 109 file f...

Page 224: ...t savings 127 DCS 66 DHCP 126 and domain name 126 diagnostics 173 Digital Signature Algorithm public key algorithm see DSA disclaimer 216 documentation related 2 domain name 126 DSA 114 DTLS 57 dual r...

Page 225: ...v6 201 addressing 201 EUI 64 203 global address 202 interface ID 203 link local address 201 Neighbor Discovery Protocol 201 ping 201 prefix 201 prefix length 201 stateless autoconfiguration 203 unspec...

Page 226: ...4 vs CRL 124 operating mode 12 other documentation 2 overview 11 P packet statistics 46 physical ports packet statistics 46 pop up windows 27 power off 26 power on 26 product registration 222 Public K...

Page 227: ...t requirements 142 encryption methods 141 for secure Telnet 142 how connection is established 140 versions 141 with Linux 143 with Microsoft Windows 143 SSID 13 SSID profile pre configured 13 SSID pro...

Page 228: ...e Report VRPT 153 158 Virtual Local Area Network 62 VLAN 62 introduction 62 VoIP 13 VRPT Vantage Report 153 158 W warm start 26 warning message popup 34 warranty 222 note 222 WDS 12 16 Web Configurato...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands