manualshive.com logo in svg

ZyXEL Communications VANTAGE RADIUS 50, User Manual

The ZyXEL Communications VANTAGE RADIUS 50 brochure is a comprehensive guide highlighting the features and benefits of this powerful networking solution. For detailed instructions on how to set up and operate the device, download the free user manual from our website and explore the limitless possibilities of the VANTAGE RADIUS 50.

Share
Download
background image

Vantage RADIUS User’s Guide 

RADIUS Configuration 

5-25

 

 

 

Figure 5-18 Example 2: Using WZC or Odyssey Client: Computer A 

If successfully authenticated, A can communicate with E. 

RADIUS2 and Computer B Configuration 

The local RADIUS server is in the same subnet as B. The RADIUS server 2 must be set as the local 
RADIUS server and the RADIUS server 1 must be set as a remote RADIUS server.  

1.

 

In the web configurator of Vantage RADIUS 2, go to the 

RADIUS SERVER

 screen and type the 

name of your local RADIUS server in the 

Local Realm Name

 field. 

 

RADIUS1 

ComputerA 

ComputerA@RADIUS1 

Summary of Contents for VANTAGE RADIUS 50

Page 1: ...Vantage RADIUS 50 User s Guide Version 1 0 8 2005 ...

Page 2: ...of ZyXEL Communications Corporation Published by ZyXEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the right to make changes in any products described he...

Page 3: ...uctions may cause harmful interference to radio communications If this equipment does cause harmful interference to radio television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and the r...

Page 4: ...ompliance with the above conditions may not prevent degradation of service in some situations Repairs to certified equipment should be made by an authorized Canadian maintenance facility designated by the supplier Any repairs or alterations made by the user to this equipment or equipment malfunctions may give the telecommunications company cause to request the user to disconnect the equipment For ...

Page 5: ...ions NOTE Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no event be held liable for indirect or consequential damages of any kind of character to the purchaser To obtain the s...

Page 6: ...l cz CZECH REPUBLIC info cz zyxel com 420 241 091 359 ZyXEL Communications Czech s r o Modranská 621 143 01 Praha 4 Modrany Ceská Republika support zyxel dk 45 39 55 07 00 www zyxel dk DENMARK sales zyxel dk 45 39 55 07 07 ZyXEL Communications A S Columbusvej 5 2860 Soeborg Denmark support zyxel fi 358 9 4780 8411 FINLAND sales zyxel fi 358 9 4780 8448 www zyxel fi ZyXEL Communications Oy Malminka...

Page 7: ... 195 420 www zyxel es SPAIN sales zyxel es 34 913 005 345 ZyXEL Communications Alejandro Villegas 33 1º 28043 Madrid Spain support zyxel se 46 31 744 7700 www zyxel se SWEDEN sales zyxel se 46 31 744 7701 ZyXEL Communications A S Sjöporten 4 41764 Göteborg Sweden support zyxel co uk 44 0 1344 303044 08707 555779 UK only www zyxel co uk UNITED KINGDOM sales zyxel co uk 44 0 1344 303034 ftp zyxel co...

Page 8: ...r 2 1 2 1 Web Configurator Overview 2 1 2 2 Resetting Vantage RADIUS 2 3 2 3 Navigating the Web Configurator 2 3 Chapter 3 Advanced Settings 3 1 3 1 Advanced Settings Overview 3 1 3 2 IP Address and Subnet Mask 3 1 3 3 DNS Server Address Assignment 3 2 3 4 MAC Address 3 2 3 5 DHCP Setup 3 2 3 6 IP Pool Setup 3 3 3 7 Domain Name 3 3 3 8 Basic Network Configuration 3 3 3 9 DHCP Server Setup 3 5 3 10...

Page 9: ...ting A Certificate 5 43 5 10 Setting Up Your Access Point AP 5 46 Maintenance and Management 6 1 Chapter 6 Maintenance 6 1 6 1 Overview 6 1 6 2 System Status 6 1 6 3 Firmware Upload 6 2 6 4 Configuration 6 4 Chapter 7 Management 7 1 7 1 Remote Management Overview 7 1 7 2 Introduction to HTTPS 7 2 7 3 SSH 7 3 7 4 Secure Telnet Using SSH Examples 7 4 7 5 Telnet 7 6 7 6 Remote Access 7 7 7 7 SNMP 7 1...

Page 10: ...Computer s IPAddress D 1 Appendix E Wireless LAN and IEEE 802 11 E 1 Appendix F Wireless LAN With IEEE 802 1x F 1 Appendix G Types of EAPAuthentication G 1 Appendix H IP Subnetting H 1 Appendix I Command Interpreter I 1 Appendix J Power Adaptor Specifications J 1 Appendix K Open Software Announcements K 1 Appendix L Index L 1 ...

Page 11: ... Trusted Root Certificate 5 4 Figure 5 3 Server Certificate 5 6 Figure 5 4 RADIUS Server Settings 5 8 Figure 5 5 RADIUS Server Add Remote RADIUS Server 5 12 Figure 5 6 RADIUS Server Add Allowed IP Address 5 13 Figure 5 7 RADIUS Server Add Allowed Network Address 5 14 Figure 5 8 Example 1 Vantage RADIUS Local and Remote Server Setup 5 16 Figure 5 9 Example 1 Vantage RADIUS Local Server Setup 5 17 F...

Page 12: ...ent Computer A 5 39 Figure 5 35 User Account 5 40 Figure 5 36 CSV File Example 5 42 Figure 5 37 User Account Add New User 5 42 Figure 5 38 ZyAIR RADIUS Settings Example 5 47 Figure 5 39 ZyAIR Wireless Settings Example 5 48 Figure 6 1 System Status 6 1 Figure 6 2 F W Upload 6 3 Figure 6 3 F W Upload 6 3 Figure 6 4 Network Temporarily Disconnected 6 4 Figure 6 5 Configuration Backup 6 5 Figure 6 6 N...

Page 13: ... Internet Options Privacy A 5 Figure A 3 Internet Options Privacy A 6 Figure A 4 Pop up Blocker Settings A 7 Figure A 5 Internet Options Security A 8 Figure A 6 Security Settings Java Scripting A 9 Figure A 7 Security Settings Java A 10 Figure A 8 Java Sun A 11 ...

Page 14: ...able 5 1 Trusted Root Certificate 5 5 Table 5 2 Server Certificate 5 6 Table 5 3 RADIUS Server Settings 5 9 Table 5 4 RADIUS Server Add Remote RADIUS Server 5 12 Table 5 5 RADIUS Server Add Allowed IP Address 5 13 Table 5 6 RADIUS Server Add Allowed Network Address 5 14 Table 5 7 Example 1 RADIUS Server User Accounts 5 16 Table 5 8 Example 2 RADIUS Server User Accounts 5 23 Table 5 9 Example 3 RAD...

Page 15: ...1 Chart C 1 Power over Ethernet Injector Specifications C 1 Chart C 2 Power over Ethernet Injector RJ 45 Port Pin Assignments C 1 Chart H 1 Classes of IP Addresses H 1 Chart H 2 Allowed IP Address Range By Class H 2 Chart H 3 Natural Masks H 2 Chart H 4 Alternative Subnet Mask Notation H 3 Chart H 5 Subnet 1 H 4 Chart H 6 Subnet 2 H 4 Chart H 7 Subnet 1 H 5 Chart H 8 Subnet 2 H 5 Chart H 9 Subnet ...

Page 16: ......

Page 17: ...Embedded web help for descriptions of individual screens and supplementary information Packing List Card The Packing List Card lists all items that should have come in the package Certifications Refer to the product page at www zyxel com for information on product certifications ZyXEL Glossary and Web Site Please refer to www zyxel com for an online glossary of networking terms and additional supp...

Page 18: ...ontrol Panel means first click the Start button then point your mouse pointer to Settings and then click Control Panel e g is a shorthand for for instance and i e means that is or in other words Graphics Icons Key Vantage RADIUS Computer Notebook Computer Server Wireless Access Point Wireless Signal Internet Internet Firewall Router Switch Modem ...

Page 19: ...Getting Started I Part I Getting Started This part helps you get to know your Vantage RADIUS introduces the web configurator and how to configure for first use ...

Page 20: ......

Page 21: ... single point of authentication that is particularly useful when applied to wireless networks where a mobile device could potentially access many servers Vantage RADIUS can be set up as a local or remote server Multiple Vantage RADIUS devices can be set up as remote servers with different user accounts for decentralization and network flexibility The device s web configurator allows easy managemen...

Page 22: ... A Authentication Authorization Accounting network management Authentication Clients that require access to the wireless network must first be authenticated before they can be authorized Vantage RADIUS identifies valid clients using certificates and shared keys Each new connection is monitored and information is sent to the wireless client such as what IP address to use session time limit informat...

Page 23: ...gainst wireless eavesdropping and other attacks with the supported IEEE 802 1x security standard including the WLAN security protocols EAP MD5 and PEAP SNMP Support SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices SNMP is a member of the TCP IP protocol suite Your Vantage RADIUS supports SNMP agent functionality which allows a...

Page 24: ...he records via a syslog or e mail server System and RADIUS Logs Vantage RADIUS provides real time system logs and RADIUS logs to perform real time transactions of the RADIUS server such as administrator login the RADIUS server authenticate request the RADIUS accounting request authenticate reply and accounting reply The last seven days log files are kept in Vantage RADIUS export them with TFTP or ...

Page 25: ...for authentication A replies with identity information including username and password C communicates with Vantage RADIUS which checks the user information against its list of valid accounts and determines whether or not to authenticate A A is authenticated and can communicate with B over the wireless network 1 3 2 Remote RADIUS Authentication Vantage RADIUS can forward authentication for user acc...

Page 26: ...igure 1 2 Remote RADIUS Authentication The following gives an overview of how remote RADIUS authentication operates in a network Wireless station A attempts to communicate with D over the wireless network via C C sends a request identity message to A for authentication A replies with identity information including username and password C communicates with Vantage RADIUS local RADIUS server 1 which...

Page 27: ...ge RADIUS forwards the authentication to a remote RADIUS server 2 The remote RADIUS server checks the password and username against its list of valid accounts and determines whether or not to authenticate A A is authenticated and can communicate with D over the wireless network Wireless client B is authenticated by either the local or remote RADIUS server depending on whether B has a user account ...

Page 28: ......

Page 29: ...The recommended screen resolution is 1024 by 768 pixels In order to use the web configurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScripts enabled by default Java permissions enabled by default See the Troubleshooting appendix if you want to make sure these functions are allowed in Internet Explor...

Page 30: ...k a link under MAINTENANCE to see system status user information upload firmware and back up or restore or upload a configuration file Click a link under MANAGEMENT to set up your Vantage RADIUS for remote access and monitoring connections Click LOGOUT in the navigation panel when you have finished managing your device The device automatically logs you out if it is left idle for five minutes If th...

Page 31: ... sure the PWR LED is on not blinking before you begin Press the RESET button for five seconds or until the SYS LED begins to blink and then release it When the SYS LED begins to blink the defaults have been restored and Vantage RADIUS restarts 2 3 Navigating the Web Configurator The following summarizes how to navigate the web configurator from the MAIN MENU screen Figure 2 2 Admin Account MAIN ME...

Page 32: ...stem related events and download log files RADIUS LOG Use these screens to monitor RADIUS related events and download log files LOG SETTINGS Use this screen to configure the syslog TFTP and Mail servers to specify when and where log files are generated and sent RADIUS ROOT CA Use this screen to configure and download a certificate used to authenticate wireless clients SERVER CERTIFICATE Use this s...

Page 33: ...figure which IP address es can access Vantage RADIUS SNMP AGENT Use this screen to configure which IP address es can access Vantage RADIUS using SNMP and the access level USER TRACE Use these screens to monitor client access and generate log files LOGOUT Click this label to exit the web configurator RESTART RESET You only need to use this button if you ve forgotten the device s password It returns...

Page 34: ......

Page 35: ... your particular situation If the ISP or your network administrator assigns you a block of registered IP addresses follow their instructions in selecting the IP addresses and the subnet mask The Internet Assigned Number Authority IANA reserves blocks of addresses specifically for private use please do not use any other numbers unless you are told otherwise Let s say you select 192 168 1 0 as the n...

Page 36: ...hen you sign up If you are using a ZyXEL gateway router you can use it s DNS proxy feature by entering the LAN IP address of the gateway router in the DNS field 3 4 MAC Address Every Ethernet device has a unique MAC Media Access Control address The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters for example 00 A0 C5 00 00 02 Table 3 1 Example of Network P...

Page 37: ...her server computers for instance servers for mail FTP TFTP web etc that you may have 3 7 Domain Name The Domain Name entry is what is propagated to the DHCP clients on the wireless network While you must enter the host name System Name on each individual computer the domain name can be assigned from Vantage RADIUS via DHCP This domain name is for administrators to identify which DHCP server assig...

Page 38: ...address of the gateway device used to connect your RADIUS to the Internet Primary DNS DNS Domain Name System is for mapping a domain name to its corresponding IP address and vice versa The DNS server is extremely important because without it you must know the IP address of a machine before you can access it The RADIUS uses a system DNS server in the order you specify here to resolve domain names T...

Page 39: ... RADIUS server on the network Apply Click Apply to save your changes back to the RADIUS 3 9 DHCP Server Setup Vantage RADIUS dynamically assigns IP addresses to clients Click ADVANCED and then DHCP SERVER in the main menu to configure your Vantage RADIUS as a DHCP server Figure 3 2 DHCP Server Setup The following table describes the labels in this screen ...

Page 40: ...1 100 DHCP Pool Size This field specifies the size or count of the IP address pool The default is 10 Lease Time Type a time between 1 and 65535 minutes Domain This field identifies your Vantage RADIUS DHCP server on the network and informs administrators which DHCP server you are using The following fields are taken from the IP screen and are not configurable See Figure 3 1 for details on how to c...

Page 41: ...owing table describes the labels in this screen Table 3 4 DHCP Server Client List LABEL DESCRIPTION DHCP Client List Refresh Click this button to update the DHCP Client List No This is the index number of the host computer IP Address This field displays the IP address relative to the No field listed above MAC Address This field shows the MAC address of the computer with the IP address in the IP Ad...

Page 42: ... following table describes the labels in this screen Table 3 5 Administrator Account LABEL DESCRIPTION Administrator Account Username Type up to 20 alphanumeric characters to associate a name with administrator access to the RADIUS Password Type the default password or the existing password you use to access the system in this field New Password Type the new password in this field Confirm Password...

Page 43: ...ronize time across the network and generates accurate log files Time can be obtained from the connecting computer or an NTP Network Time Protocol Server To change your time settings click ADVANCED in the main menu and then click TIME Figure 3 5 Time Settings The following table describes the labels in this screen ...

Page 44: ...C Click this button to have the RADIUS obtain the current time and date from your computer NTP Setup Use NTP Network Time Protocol Time Server Enable the network time server to have the RADIUS automatically synchronize the current rime and date with a time server Server IP Domain Name Type the address of your time server Check with your ISP network administrator if you are unsure of this informati...

Page 45: ...to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening From Date Enter the month and day that your daylight savings time starts on if you selected Daylight Saving Time End Date Enter the month and day that your daylight savings time ends on if you selected Daylight Saving Time Apply Click Apply to save your changes back t...

Page 46: ......

Page 47: ...e RADIUS generates three different types of logs System Logs record internal events see Section 4 4 RADIUS Logs records communication between the wireless AP and Vantage RADIUS see section 4 5 Refer to your wireless AP User s Guide for details of log messages User Trace records client interaction with Vantage RADIUS see section 4 6 The table below describes the maximum file size for each log befor...

Page 48: ...er to perform real time logging 4 3 Syslog server Syslog servers listen for incoming syslog messages and decodes them for logging purposes All log files are sent to a syslog server specified in the Send Every Real Time Event to Syslog Server fields in the Log Settings screen see section 4 13 Vantage RADIUS allows you to choose seven different locations to save your log files on the syslog server T...

Page 49: ...which Vantage RADIUS you should configure each Vantage RADIUS on the network to send its log files to different log stores inside the syslog server 4 4 System Log Messages There are nine cases when a system log message is generated The table below outlines the messages logged by Vantage RADIUS and the meaning of the log ...

Page 50: ...l OK Fail user admin source console Someone has logged to the command interface using the administrator account via the console NTP Time synchronize destination IP An NTP server address was entered into the NTP Server IP Domain field on the TIME settings screen see section 3 12 NTP Time synchronize OK Fail destination IP Vantage RADIUS has synchronized its time settings with the NTP server TFTP Sy...

Page 51: ...IUS Messages The following types of RADIUS messages are exchanged between the access point and Vantage RADIUS for user authentication Access Request Sent by an access point requesting authentication Access Reject Sent by Vantage RADIUS rejecting access Access Accept Sent by Vantage RADIUS allowing access ...

Page 52: ... accounting Accounting Request Sent by the access point requesting accounting Accounting Response Sent by Vantage RADIUS to indicate that it has started or stopped accounting 4 6 User Trace Records Every time a wireless client is authenticated the details of the connection are recorded in the User Trace Records table Vantage RADIUS tracks recent event logs including username MAC address client IP ...

Page 53: ...oting see section 4 4 for details of system log messages To view logs of system events click ADVANCED in the main menu then click SYSTEM LOG This field displays the account name of the wireless client connected to the network This field displays the name of the wireless AP used by the wireless client to connect to the network These fields refer to the total number of packets transmitted Output Pac...

Page 54: ...m Log List Clear Log Click this button to remove all log entries from the System Log List Refresh Click this button to update the System Log List with the most recent record able events Email Log Now Click Email Log Now to send logs to the e mail address specified in the Log Settings screen Make sure that you have first filled in the Send log file to mail server fields in Log Settings screen see s...

Page 55: ... was logged Message This field displays the logged packets details see section 4 4 for details of system log messages Source This field displays the IP address where the packet originated Destination This field displays the destination IP address for the incoming packet 4 8 System Log Files Recorded system events see section 4 4 are sent to the syslog server see section 4 3 and are available for d...

Page 56: ...load Click this link to download the txt log file from the TFTP server The file is in ASCII format and can be read by any text editor 4 9 Real Time RADIUS Logs Click ADVANCED in the main menu and then RADIUS LOG to view messages passed between your wireless AP and Vantage RADIUS For details of log messages please refer to your wireless AP s user guide Figure 4 6 RADIUS LOG Real Time RADIUS Logs Th...

Page 57: ...he Log Settings screen Make sure that you have first filled in the Send log file to TFTP server fields in the Log Settings screen see section 4 13 No This field displays the index number in the order of arrival Time This field displays the time and date the log was created Message This field displays the log entry details see section 4 4 for details of system log messages Source This field display...

Page 58: ...s in ASCII format and can be read by any text editor 4 11 User Trace Vantage RADIUS monitors and records network sessions initiated by wireless clients These screens display events triggered by a wireless client so you can see details about the network session including the time of connection and from which AP the connection came from For a detailed description of user trace records please refer t...

Page 59: ...ame of the account authenticated by Vantage RADIUS MAC Address This is the MAC address of the wireless AP used by the wireless client to connect to the network NAS ID Network Access Server NAS ID displays the ID of the wireless AP that the wireless client uses to access the network NAS IP Address This field displays the IP address of the wireless AP that the wireless client is uses to access the n...

Page 60: ...one log file per day If a new log file is generated it appends the old one and changes the time to reflect the time updated File Name View and Download Click this link to download the txt log file from the TFTP server The file is in ASCII format and can be read by any text editor 4 13 Log Settings Screen This screen allows you to specify where you want your log files sent see section 4 1 what type...

Page 61: ...S User s Guide System Logs 4 15 Figure 4 10 RADIUS Logs Log Files The following table describes the labels in this screen Table 4 9 RADIUS Logs Log Files LABEL DESCRIPTION Send every real time event to syslog server ...

Page 62: ...end log file to TFTP Server Enable this field to have Vantage RADIUS transmit log files location to the specified TFTP server Type the TFTP server IP address System Log Enable this field to record system events for logging to the TFTP server see section 4 4 Radius Log Enable this field to record messages passed between your Vantage RADIUS and the wireless AP s accessing it to the TFTP server see s...

Page 63: ...ail Address2 Type a second e mail address if you want your log files to be sent to a second destination Mail Address3 Type a third e mail address if you want your log files to be sent to a third destination System Log Enable this field to record system events for logging to the above e mail addresses see section 4 4 Radius Log Enable this field to record messages passed between your Vantage RADIUS...

Page 64: ......

Page 65: ...RADIUS Server II Part II RADIUS Server This part introduces the RADIUS Server screens ...

Page 66: ......

Page 67: ...based on a client sever model that supports authentication and accounting where access point is the client and the server is the RADIUS server The RADIUS server handles the following tasks among others Authentication Determines the identity of the users Accounting Keeps track of the client s network activity RADIUS is a simple package exchange in which your AP acts as a message relay between the w...

Page 68: ...ation By using EAP to interact with an EAP compatible RADIUS server the access point helps a wireless station and the RADIUS server perform authentication Vantage RADIUS supports PEAP and EAP MD5 Message Digest Algorithm 5 Refer to the Types of EAP Authentication appendix for descriptions on common types The following figure shows an overview of authentication when you specify a RADIUS server on y...

Page 69: ...horities In public key encryption and decryption each host has two keys One key is public and can be made openly available the other key is private and must be kept secure Public key encryption in general works as follows 1 Tim wants to send a private message to Jenny Tim generates a public key pair What is encrypted with one key can only be decrypted using the other 2 Tim keeps the private key an...

Page 70: ...ts use MD5 authentication protocol you do not need to configure any certificates Otherwise click RADIUS in the main menu and then click ROOT CA to set up a certificate for use with PEAP authentication Figure 5 2 Trusted Root Certificate Each time you change this screen a new certificate is required for successful wireless client authentication The following table describes the labels in this scree...

Page 71: ...your organizations name Department Type up to 50 ASCII characters to detail the department that is issuing the certificate Contact E mail Type a valid e mail to contact your Certificate Authority Valid Days Type a period in days that the certificate is valid for Download Root CA Certificate Click this hyperlink to create and download the Root CA certificate to your computer Apply Click this button...

Page 72: ...o identify your state district or region Locality Type up to 50 ASCII characters to identify the city or town where your organization s office is located Organization Type up to 50 ASCII characters to identify your organizations name Department Type up to 50 ASCII characters to detail the department that is issuing the certificate Contact E mail Type a valid e mail to contact your Certificate Auth...

Page 73: ...ple RADIUS servers can be used by forwarding authentication requests from wireless clients Forwarding authentication to different RADIUS servers allows wireless clients to be authenticated by a user account specific to each RADIUS server Click RADIUS and then RADIUS SERVER in the main menu to set up your Vantage RADIUS to manage connections with wireless APs ...

Page 74: ...d secret used to connect to your wireless AP The wireless APs use the same shared secret Select Active Directory Account to allow one administrator to manage Vantage RADIUS servers using the same administrator login as a remote RADIUS server computer The Local Account Remote account is set by default Type the name of your local RADIUS server Multiple remote RADIUS servers can be added ...

Page 75: ...uter Local Account Remote Account Select the Local Account Remote Account radio button to have the local RADIUS server or remote RADIUS server authenticate wireless clients via the AP s Local Realm Name Type a Local Realm Name to identify the local RADIUS server name Apply Click this button to save the changes back to Vantage RADIUS Remote RADIUS Click the Add button to create a remote RADIUS serv...

Page 76: ...ey to be shared The key must be the same on Vantage RADIUS and your AP The key is not sent over the network Allowed Specified IP Address Network Address Enable this field to allow specified IP addresses of AP s or network addresses in this list to access Vantage RADIUS Apply Click this button to save your configurations back to Vantage RADIUS Allowed IP Address max 20 Add Click this button to add ...

Page 77: ...ddress of a wireless AP to the Allowed IP Address list Description This field displays the description entered in the Allowed IP Address screen to identify your AP Action Click the button in this field to edit the information required to access your wireless AP Delete Select the check box next to the AP s description in this list that you want to delete then click Delete to remove this entry 5 6 1...

Page 78: ...ort Type the port number of a remote RADIUS authentication server The default port number is 1812 Make sure your AP uses the same port number Accounting Port Type the port number of a remote RADIUS accounting server The default port number is 1813 Make sure your AP uses the same port number Apply Click this button to save changes back to Vantage RADIUS and return to the RADIUS SERVER screen 5 6 2 ...

Page 79: ...rver Add Allowed IP Address Table 5 5 RADIUS Server Add Allowed IP Address LABEL DESCRIPTION Allowed IP Address IP Address Type the IP address in dotted decimal notation of an AP Shared Secret Type a password as the key to be used The shared secret is the WEP Key used to access an AP on the network The key must be the same on Vantage RADIUS and your AP The key is not sent over the network Descript...

Page 80: ... allowed IP addresses Click RADIUS and then RADIUS SERVER in the main menu Now click the Add button in the Allowed Network IP Address section or click Modify next to an entry you want to change The following screen displays Figure 5 7 RADIUS Server Add Allowed Network Address Table 5 6 RADIUS Server Add Allowed Network Address LABEL DESCRIPTION Allowed Network Address Network Address Type the firs...

Page 81: ...os for your Vantage RADIUS See Section 5 8 for information on wireless client computer account user names Unless otherwise specified a wireless client computer will be referred to as computer in these examples The RADIUS server domain name will be referred to as realm name 5 7 1 Example 1 Vantage RADIUS Local and Remote Server Setup In the following example A B and C request access to E The wirele...

Page 82: ...ser Accounts RADIUS1 RADIUS2 RADIUS3 ComputerA ComputerB ComputerC RADIUS1 and Computer A Configuration 1 In the RADIUS SERVER screen type the name of your local RADIUS server in the Local Realm Name field 2 Click the Apply button The local RADIUS server is connected to the AP If you have any Remote RADIUS servers they exist behind the local RADIUS server ...

Page 83: ...unt Password See the section on User Account for more information Type RADIUS1 in the Logon domain field You can leave the Logon domain field blank if you do not know the realm of your local RADIUS server You must enter this field for remote RADIUS servers If computer A uses Odyssey Client utility then type the Login name in computer realm format You can type the Login name as a user account name ...

Page 84: ...nfiguration 1 In the RADIUS SERVER screen click the Add button under Remote RADIUS 2 The Add Remote RADIUS Server screen displays 3 Type the name of a remote RADIUS server in the Realm Name field 4 Type the IP Address of the remote RADIUS server 5 Type a Shared Secret that matches the shared secret in D 6 The Authentication Port and Accounting Port must match those in D RADIUS1 ComputerA ComputerA...

Page 85: ...n 5 19 7 Click Apply to save the settings and return to the RADIUS SERVER screen Figure 5 11 Example 1 Add Remote RADIUS Server The Vantage RADIUS now has a remote RADIUS server named RADIUS2 Figure 5 12 Example 1 Vantage RADIUS Remote Server Setup ...

Page 86: ...ion on User Account for more information Type RADIUS2 in the Login domain field If computer B uses Odyssey Client utility then type the Login name in computer realm format If the remote server is a computer with Windows 2003 IAS the Odyssey Client Login name must by typed in realm computer format for example RADIUS2 ComputerB Figure 5 13 Example 1 Using WZC or Odyssey Client Computer B RADIUS2 Com...

Page 87: ...server named RADIUS2 Computer B is listed as a user account If successfully authenticated B can communicate with E RADIUS3 and Computer C Configuration 1 In the RADIUS SERVER screen click the Add button and create a remote RADIUS server named RADIUS3 in the same manner that you configured RADIUS2 Figure 5 14 Example 1 Vantage RADIUS Remote Servers Set up the wireless client computer as displayed i...

Page 88: ...US3 Computer C is listed as a user account If successfully authenticated C can communicate with E 5 7 2 Example 2 Vantage RADIUS Local and Remote Server Setup In the following example computers A and B request access to E Computer A is authenticated by C using RADIUS server 1 Computer B is authenticated by D using RADIUS server 1 The following table displays an example list of user accounts see th...

Page 89: ...Example 2 Vantage RADIUS Local and Remote Server Setup Table 5 8 Example 2 RADIUS Server User Accounts RADIUS1 ComputerA ComputerB RADIUS1 and Computer A Configuration In the RADIUS SERVER screen type the name of your local RADIUS server in the Local Realm Name field ...

Page 90: ...A uses Wireless Zero Configuration utility then type the User name ComputerA and the user account Password See the section on User Account for more information Type RADIUS1 in the Login domain field If computer A uses Odyssey Client utility then type the Login name in computer realm format Set up the wireless client computer as displayed in the following screen ...

Page 91: ...omputer B Configuration The local RADIUS server is in the same subnet as B The RADIUS server 2 must be set as the local RADIUS server and the RADIUS server 1 must be set as a remote RADIUS server 1 In the web configurator of Vantage RADIUS 2 go to the RADIUS SERVER screen and type the name of your local RADIUS server in the Local Realm Name field RADIUS1 ComputerA ComputerA RADIUS1 ...

Page 92: ...te RADIUS 3 The Add Remote RADIUS Server screen displays 4 Type the name of the remote RADIUS server in the Realm Name field 5 Type the IP Address of the remote RADIUS server 6 Type a Shared Secret that matches the shared secret in C 7 The Authentication Port and Accounting Port must match those in C 8 Click Apply to save the settings and return to the RADIUS SERVER screen ...

Page 93: ...ADIUS User s Guide RADIUS Configuration 5 27 Figure 5 20 Example 2 Add Remote RADIUS Server RADIUS server 2 now has a remote RADIUS server named RADIUS1 Figure 5 21 Example 2 Vantage RADIUS Remote Server 2 Setup ...

Page 94: ...n field If your wireless client computer B uses Odyssey Client utility then type the Login name in computer realm format Figure 5 22 Example 2 Using WZC or Odyssey Client Computer B AP D forwards an authentication request to Vantage RADIUS server 2 Computer B has a realm RADIUS1 The authentication request is then forwarded to the remote RADIUS server named RADIUS1 Computer B is listed as a user ac...

Page 95: ...emote Computer Server Setup In the following example the computer A requests access to B Computer A is authenticated by C via a remote RADIUS server computer 2 Figure 5 23 Example 3 Vantage RADIUS and Remote Computer Server Table 5 9 Example 3 RADIUS Server User Accounts COMSERVER2 ComputerA ...

Page 96: ...US Local Server Setup 1 In the RADIUS SERVER screen click the Add button and create a remote RADIUS server 2 The Add Remote RADIUS Server screen displays 3 Type the name of the remote RADIUS server in the Realm Name field 4 Type the IP Address of the remote RADIUS server 5 Type a Shared Secret that matches the shared secret in C 6 The Authentication Port and Accounting Port must match those in C 7...

Page 97: ...Vantage RADIUS User s Guide RADIUS Configuration 5 31 Figure 5 25 Example 3 Add Remote RADIUS Server Figure 5 26 Example 3 Vantage RADIUS Remote Server Setup Follow the steps to set up computer A ...

Page 98: ...n domain field If computer A uses Odyssey Client utility then type the Login name in computer realm format If the remote server is a computer with Windows 2003 IAS the Odyssey Client Login name must by typed in realm computer format for example ComServer2 ComputerA Figure 5 27 Example 3 Using WZC or Odyssey Client Computer A 1 In the remote RADIUS server computer open the Internet Authentication S...

Page 99: ...equests from a local RADIUS server such as a Vantage RADIUS device 3 To create a new server group 4 Right click the Remote RADIUS Server Group and create a New Remote RADIUS Server Group Figure 5 28 New Remote RADIUS Server Group 5 The New Remote RADIUS Server Group Wizard opens Type the IP address of the Vantage RADIUS server in the Primary server field ...

Page 100: ...he Server group shared secret section This should match the shared secret in the AP that you want to use to authenticate a wireless client 7 Click Next to continue Figure 5 29 New Remote RADIUS Server Group Wizard 8 The New Connection Request Policy Wizard opens Click Next to continue ...

Page 101: ...ser s Guide RADIUS Configuration 5 35 Figure 5 30 New Connection Request Policy Wizard 9 Enter the name of the Windows 2003 IAS computer RADIUS server in the Realm name field 10 Click Next to complete the wizard setup ...

Page 102: ...RADIUS server using the same administrator login and domain name as a remote RADIUS server computer The remote server computer must exist behind a local Vantage RADIUS server Authentication requests are sent to a local Vantage RADIUS server The Vantage RADIUS server searches for a server computer with the same Domain Administrator Username Domain Administrator Password and computer Domain Name 1 A...

Page 103: ...r server is found matching the same fields in the Vantage RADIUS the wireless client is authenticated by the AP Figure 5 32 Example 4 Vantage RADIUS and Windows Active Directory Table 5 10 Example 4 RADIUS Server User Accounts RADIUS1 ComputerA 1 In the RADIUS SERVER screen select the Active Directory Account radio button ...

Page 104: ... server computer This is usually displayed in the NetBIOS setup of the Windows server computer for example ComServer2 5 Click the Apply button Figure 5 33 Example 4 Vantage RADIUS Active Directory Account Setup Follow the steps to set up computer A If computer A uses Wireless Zero Configuration utility then type the User name ComputerA and the user account Password See the section on User Account ...

Page 105: ...server computer is found with an administrator username password and domain name that match the active directory fields configured in Vantage RADIUS and Computer A is listed as a user account with Vantage RADIUS then computer A is authenticated by C and can successfully communicate with B ComServer2 ComputerA ComServer2 ComputerA ...

Page 106: ...PTION Import Export User Account Import User Account You can import user names and passwords of up to 200 user accounts Type the name of a CSV file or click the browse button to search for a CSV file on your computer Click Import User Account to import the CSV file Export User Account You can save a list of user names and passwords to your computer in CSV file format When typing the name of the CS...

Page 107: ...s the account user name Action Change Password Click this button to modify user s password Select All Click this button to select all user accounts Delete Select a check box next to the user s you want to remove and click Delete 5 8 1 CSV File The CSV Comma Separated Value file format is often used to exchange data between disparate applications Microsoft Excel is an application that produces and ...

Page 108: ...e Example 5 8 2 Adding a New Client Click Add New User in the USER ACCOUNT screen to add a new client account to your Vantage RADIUS Figure 5 37 User Account Add New User The following table describes the labels in this screen Usernames Save the file in CSV format Passwords ...

Page 109: ... for confirmation Apply Click this button to save your change back to Vantage RADIUS and return to the USER ACCOUNT screen In order to authenticate your wireless client a username and password for your RADIUS account is required If your AP uses PEAP authentication you are required to have a CA Root Certificate as well see the Trusted Root CA section 5 9 Importing A Certificate If you download a ce...

Page 110: ...Vantage RADIUS User s Guide 5 44 RADIUS Configuration Step 2 Click Install Certificate to open the Certificate Import Wizard as shown below Then click Next ...

Page 111: ...atically select the certificate store based on the type of certificate or if you prefer specify the location for the certificate to be stored then click Next Step 4 Click Yes to add this certificate to your computer The Certificate Import Wizard dialog box appears as below ...

Page 112: ...le describes how to configure your AP s RADIUS server settings for use with Vantage RADIUS To set up your ZyAIR s RADIUS server settings click the WIRELESS link under ADVANCED and then the RADIUS tab The screen appears as shown 1 Make sure your RADIUS servers are activated 2 Type the IP address of your Vantage RADIUS in the Server IP Address field 3 Type the port numbers of the external authentica...

Page 113: ... to enable authentication through an external authentication server Vantage RADIUS If your wireless client uses MD5 authentication either choose static key exchange or disable dynamic key exchange 1 Enable these fields to activate authentication and accounting services 4 Type a shared secret password to secure communication between the AP and Vantage RADIUS 3 Type the port number of the RADIUS ser...

Page 114: ...es to authenticate a wireless station Figure 5 39 ZyAIR Wireless Settings Example 2 If your AP uses MD5 authentication then Dynamic WEP Key Exchange must be disabled as MD5 uses static keys PEAP can use both dynamic and static keys 1 Select Authentication Required so that all wireless stations have to enter usernames and passwords before access to the wired network is allowed 3 Select the order of...

Page 115: ...Maintenance and Management III Part III Maintenance and Management This part explains how to maintain and manage your Vantage RADIUS ...

Page 116: ......

Page 117: ...figuration 6 2 System Status This screen displays details about the Vantage RADIUS firmware time running since last startup and a list of wireless clients authenticated and currently connected to the network Click MAINTENANCE in the main menu of the web configurator and then click SYSTEM STATUS to display the following screen Note that these fields are READ ONLY and only used for diagnostic purpos...

Page 118: ...s username MAC Address This field displays the MAC address NAS ID This field displays the wireless client s IP address NAS IP Address This field displays the IP address of the wireless AP that the wireless client uses to access the network Login Time This field displays the length of time the wireless client is connected for 6 3 Firmware Upload Find the latest firmware at www ZyXEL com in a file t...

Page 119: ...e bin file you want to upload Remember that you must decompress compressed zip files before you can upload them Apply Click this button to begin the upload process This process may take up to two minutes Update firmware from TFTP server Use this feature to have Vantage RADIUS automatically update the firmware Remote TFTP Server Type the IP address of your TFTP server File Name Type the filename of...

Page 120: ... following messages display at the bottom of the screen Wait for about two minutes log in again and check your new firmware version in the SYSTEM STATUS screen 6 4 Configuration Click MAINTENANCE and then the Configuration tab Use this screen to backup or restore Vantage RADIUS configuration ...

Page 121: ...commended once your Vantage RADIUS is functioning properly Table 6 2 Configuration Backup LABEL DESCRIPTION Configuration Backup Backup the system configuration to a local file Apply Click this button to begin the backup process to your computer Backup the system configuration to TFTP server Remote TFTP Server Type the IP address of the TFTP server File Name Type the filename of the file to backup...

Page 122: ...the file you want to upload Remember that you must decompress compressed ZIP files before you can upload them Apply Click this button to begin the upload process Restore the system configuration from TFTP server Remote TFTP Server Type the IP address of the TFTP server TFTP File Path Type the path and filename of the file to restore Apply Click this button to begin the restore process Do not turn ...

Page 123: ...he default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default device IP address 192 168 1 3 See your Quick Start Guide or the Appendices for details on how to set up your computer s IP address ...

Page 124: ......

Page 125: ... management session of lower priority when another remote management session of higher priority starts The priorities for the different types of remote management sessions are as follows 1 Console port 2 SSH 3 Telnet 4 HTTPS and HTTP 7 1 1 Remote Management Limitations Remote management will not work when 1 You have disabled that service in the remote management screen 2 The client IP address does...

Page 126: ...encrypts and decrypts web pages Secure Socket Layer SSL is an application level protocol that enables secure transactions of data by ensuring confidentiality an unauthorized party cannot read the transferred data authentication one party can identify the other party and data integrity you know if data has been changed HTTPS on Vantage RADIUS is used so that you may securely access Vantage RADIUS u...

Page 127: ...hen Vantage RADIUS blocks all HTTP connection attempts 7 3 SSH Unlike Telnet which transmit data in clear text SSH Secure Shell is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network Figure 7 2 SSH Communication Example ...

Page 128: ... and server must agree on the type of encryption method to use Figure 7 3 How SSH Works 3 Authentication and Data Transmission After the identification is verified and data encryption activated a secure tunnel is established between the client and the server The client then sends its authentication information user name and password to the server to log in to the server 7 3 2 Requirements for Usin...

Page 129: ...puter Click Yes to continue Figure 7 4 SSH Example 1 Store Host Key 4 Enter the password to log in to Vantage RADIUS The command prompt Vantage displays next 7 4 2 Example 2 Linux This section describes how to access Vantage RADIUS using the OpenSSH client program that comes with most Linux distributions 1 Test whether the SSH service is available on Vantage RADIUS 2 Enter telnet 192 168 1 1 22 at...

Page 130: ...assword to log in to Vantage RADIUS Figure 7 6 SSH Example 2 Log in 7 5 Telnet You can configure your Vantage RADIUS for remote Telnet access as shown next ssh 1 192 168 1 3 The authenticity of host 192 168 1 3 192 168 1 3 can t be established RSA1 key fingerprint is 21 6c 07 25 7e f4 75 80 ec af bd d4 3d 80 53 d1 Are you sure you want to continue connecting yes no yes Warning Permanently added 19...

Page 131: ...US User s Guide Management 7 7 Figure 7 7 Telnet Configuration on a TCP IP Network 7 6 Remote Access To configure your Vantage RADIUS for remote access click MANAGEMENT in the main menu and then click REMOTE ACCESS ...

Page 132: ...icts access to the list of network addresses and IP addresses in the Allow IP Address and Allowed Network Address lists Idle Time Out The default timeout is five minutes for either the console port or telnet web FTP connections Type the length of time a connection can idle before Vantage RADIUS disconnects Telnet Enable this field to allow telnet access to the Vantage RADIUS You may change the ser...

Page 133: ... HTTPS proxy server listens on port 443 by default If you change the HTTPS proxy server port to a different number for example 8443 then you must notify people who need to access the web configurator to use https Vantage RADIUS IP Address 8443 as the URL Allowed IP Address This list displays IP addresses of clients that are allowed to use the enabled see above remote services to access Vantage RAD...

Page 134: ...check box es next to the IP address es you want removed and then click Delete Delete Click this button to delete the IP address es you selected in the Allowed IP Address list 7 6 1 Insert Modify Allowed IP Address In the REMOTE ACCESS screen click Add to insert a new entry in the Allowed IP Address list To edit an existing entry click the Modify button next to a Network IP address you want to chan...

Page 135: ... to a Network IP address you want to change Figure 7 10 Remote Access Add Modify Network IP Address The following table describes the fields in this screen Table 7 3 Remote Access Add Modify Network IP Address LABEL DESCRIPTION Allowed Network Address Network Address Type the first address in your network This is the start address from which Vantage RADIUS uses the Netmask to allow access from man...

Page 136: ... supports SNMP agent functionality which allows a manager station to manage and monitor Vantage RADIUS through the network Vantage RADIUS supports SNMP version one SNMPv1 The next figure illustrates an SNMP management operation SNMP is only available if TCP IP is configured SNMP is only available if TCP IP is configured Figure 7 11 SNMP Management Model An SNMP managed network consists of two main...

Page 137: ...t response protocol based on the manager agent model The manager issues a request and the agent returns responses using the following protocol operations Get Allows the manager to retrieve an object variable from the agent GetNext Allows the manager to retrieve the next object variable from a table or list within an agent In SNMPv1 when a manager wants to retrieve all elements of a table from an a...

Page 138: ...nagement 7 8 Configuring SNMP1 To configure your SNMP settings click MAINTENANCE in the main menu and then click SNMP AGENT Figure 7 12 SNMP Agent 1 At the time of writing SNMP only has write access to the IP screen in the ADVANCED menu ...

Page 139: ...S only responds to SNMP messages from the address displayed in this field Privileges This field displays whether or not this entry has read or write SNMP access Action Click the Modify button next to an entry in this list to edit that entry Delete Click this button to remove a trusted network IP address from the list Allowed Community Network IP Address Add Click this button to insert a new truste...

Page 140: ...with each request to the SNMP manager The default is public and allows all requests IP Address Type the IP address in dotted decimal notation of an allowed computer Privileges Select Write Read Trap Recipients or All from the drop down list box to allow reading and writing via SNMP Apply Click this button to save changes back to Vantage RADIUS and return to the SNMP AGENT screen 7 8 2 Insert Modif...

Page 141: ...irst address in your network This is the start address from which Vantage RADIUS uses the Netmask to allow access to many clients Netmask Type the subnet mask used to specify the network range limits for accepted IP addresses Privileges Select Write or Read from the drop down list box to allow reading and writing via SNMP Apply Click this button to save changes back to Vantage RADIUS and return to...

Page 142: ......

Page 143: ...d will be reset to 1234 8 2 Procedure To Use The Reset Button Make sure the SYS LED is on not blinking before you begin this procedure 1 Press the RESET button for ten seconds or until the SYS LED and PWR LED turns red and then release it If the SYS LED begins to blink the defaults have been restored and the Vantage RADIUS restarts Otherwise go to step 2 2 Turn the Vantage RADIUS off disconnect th...

Page 144: ...y Defaults The following screen allows you to reset Vantage RADIUS back to the default configuration file without turning the power off or using the RESET button 1 Click RESTART RESET in the main menu 2 Select the check box and then click Apply Figure 8 1 RESTART RESET ...

Page 145: ... I IV V APPENDICES This part provides troubleshooting and background information about setting up your computer s IP address wireless LAN 802 1x and IP subnetting It also provides information on the command interpreter interface ...

Page 146: ......

Page 147: ...this case you should contact your local vendor Vantage RADIUS reboots automatically sometimes The supplied power to Vantage RADIUS is too low Check that Vantage RADIUS is receiving enough power Make sure the power source is working properly Problems with the Ethernet Interface Chart A 2 Troubleshooting the Ethernet Interface PROBLEM CORRECTIVE ACTION Cannot access Vantage RADIUS from the LAN If th...

Page 148: ...addresses must be on the same subnet for LAN access If you changed the Vantage RADIUS s IP address then enter the new one as the URL See the following section to check that pop up windows JavaScripts and Java permissions are allowed You may also need to clear your Internet browser s cache In Internet Explorer click Tools and then Internet Options to open the Internet Options screen In the General ...

Page 149: ...t the computer IP address is allowed to access Vantage RADIUS For HTTPS check the port number has not changed in the REMOTE MANAGEMENT screen Problems with Telnet Chart A 4 Troubleshooting Telnet PROBLEM CORRECTIVE ACTION I cannot access Vantage RADIUS through Telnet Refer to the Problems with the Ethernet Interface section for instructions on checking your Ethernet connection Check that telnet is...

Page 150: ...s Step 1 In Internet Explorer select Tools Pop up Blocker and then select Turn Off Pop up Blocker Figure A 1 Pop up Blocker You can also check if pop up blocking is disabled in the Pop up Blocker section in the Privacy tab Step 1 In Internet Explorer select Tools Internet Options Privacy Step 2 Clear the Block pop ups check box in the Pop up Blocker section of the screen This disables any web pop ...

Page 151: ...to save this setting Enable pop up Blockers with Exceptions Alternatively if you only want to allow pop up windows from your device see the following steps Step 1 In Internet Explorer select Tools Internet Options and then the Privacy tab Step 2 Select Settings to open the Pop up Blocker Settings screen ...

Page 152: ...g Figure A 3 Internet Options Privacy Step 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 1 1 Step 4 Click Add to move the IP address to the list of Allowed sites ...

Page 153: ...ck Close to return to the Privacy screen Step 6 Click Apply to save this setting JavaScripts Step 1 If pages of the web configurator do not display properly in Internet Explorer check that JavaScripts are allowed Step 2 In Internet Explorer click Tools Internet Options and then the Security tab ...

Page 154: ...s Security Step 3 Click the Custom Level button Step 4 Scroll down to Scripting Step 5 Under Active scripting make sure that Enable is selected the default Step 6 Under Scripting of Java applets make sure that Enable is selected the default Step 7 Click OK to close the window ...

Page 155: ...pting Java Permissions Step 1 From Internet Explorer click Tools Internet Options and then the Security tab Step 2 Click the Custom Level button Step 3 Scroll down to Microsoft VM Step 4 Under Java permissions make sure that a safety level is selected Step 5 Click OK to close the window ...

Page 156: ...hooting Figure A 7 Security Settings Java JAVA Sun Step 1 From Internet Explorer click Tools Internet Options and then the Advanced tab Step 2 Make sure that Use Java 2 for applet under Java Sun is selected Step 3 Click OK to close the window ...

Page 157: ...Vantage RADIUS User s Guide Troubleshooting A 11 Figure A 8 Java Sun ...

Page 158: ......

Page 159: ...dity 10 to 90 Non condensing Storage Humidity 5 to 95 Non condensing Firmware CHART B 2 FIRMWARE SPECIFICATIONS Standards IEEE802 3u 100BASE TX IEEE 802 3 and 802 3u 10Base T and 100Base TX IEEE 802 1x security standard IEEE 802 3af draft Spanning Tree Protocol IEEE 802 1d Security IEEE 802 1x security MD5 and PEAP included WPA support Dynamic WEP key exchange Built in RADIUS server MD5 security a...

Page 160: ...FLASH memory DRAM Dual Ethernet port Syslog RADIUS log User Trace log Management Embedded Web Configurator management Command line interface Telnet support Password protected telnet access to internal configuration manager TFTP Web for firmware downloading configuration backup and restoration Telnet remote access support Built in Diagnostic Tool SNMP Management RADIUS client Secure connections usi...

Page 161: ... The injector must comply to IEEE 802 3af Chart C 1 Power over Ethernet Injector Specifications Power Output 15 4 Watts maximum Power Current 400 mA maximum Chart C 2 Power over Ethernet Injector RJ 45 Port Pin Assignments PIN NO RJ 45 SIGNAL ASSIGNMENT 1 Output Transmit Data 2 Output Transmit Data 3 Receive Data 4 Power 5 Power 6 Receive Data 7 Power 1 2 3 4 5 6 7 8 8 Power ...

Page 162: ......

Page 163: ...clude the software components you need to install and use TCP IP on your computer Windows 3 1 requires the purchase of a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components are installed configure the TCP IP settings in order to communicate with your networ...

Page 164: ...If you need TCP IP a In the Network window click Add b Select Protocol and then click Add c Select Microsoft from the list of manufacturers d Select TCP IP from the list of network protocols and then click OK If you need Client for Microsoft Networks a Click Add b Select Client and then click Add c Select Microsoft from the list of manufacturers d Select Client for Microsoft Networks from the list...

Page 165: ...tically If you have a static IP address select Specify an IP address and type your information into the IP Address and Subnet Mask fields 2 Click the DNS Configuration tab If you do not know your DNS information select Disable DNS If you know your DNS information select Enable DNS and type the information in the fields below you may not need to fill them all in ...

Page 166: ...K to save and close the TCP IP Properties window 5 Click OK to close the Network window Insert the Windows CD if prompted 6 Turn on your Vantage RADIUS and restart your computer when prompted Verifying Your Computer s IP Address 1 Click Start and then Run 2 In the Run window type winipcfg and then click OK to open the IP Configuration window 3 Select your network adapter You should see your comput...

Page 167: ...s D 5 1 For Windows XP click start Control Panel In Windows 2000 NT click Start Settings Control Panel 2 For Windows XP click Network Connections For Windows 2000 NT click Network and Dial up Connections 3 Right click Local Area Connection and then click Properties ...

Page 168: ...n XP and click Properties 5 The Internet Protocol TCP IP Properties window opens the General tab in Windows XP If you have a dynamic IP address click Obtain an IP address automatically If you have a static IP address click Use the following IP Address and fill in the IP address Subnet mask and Default gateway fields Click Advanced ...

Page 169: ...Default gateways In TCP IP Gateway Address type the IP address of the default gateway in Gateway To manually configure a default metric the number of transmission hops clear the Automatic metric check box and type a metric in Metric Click Add Repeat the previous three steps for each default gateway you want to add Click OK when finished 7 In the Internet Protocol TCP IP Properties window the Gener...

Page 170: ...S and restart your computer if prompted Verifying Your Computer s IP Address 1 Click Start All Programs Accessories and then Command Prompt 2 In the Command Prompt window type ipconfig and then press ENTER You can also open Network Connections right click a network connection click Status and then click the Support tab Macintosh OS 8 9 1 Click the Apple menu Control Panel and double click TCP IP t...

Page 171: ...e Configure box select Manually Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your Vantage RADIUS in the Router address box 5 Close the TCP IP Control Panel 6 Click Save if prompted to save changes to your configuration 7 Turn on your Vantage RADIUS and restart your computer if prompted Verifying Your Computer s IP Address Check your...

Page 172: ...mically assigned settings select Using DHCP from the Configure list 4 For statically assigned settings do the following From the Configure box select Manually Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your Vantage RADIUS in the Router address box 5 Click Apply Now and close the window 6 Turn on your Vantage RADIUS and restart you...

Page 173: ... to set up easy to use wireless networks that cover the entire campus transparently IEEE 802 11 The 1997 completion of the IEEE 802 11 standard for wireless LANs WLANs was a first important step in the evolutionary development of wireless networking technologies The standard was developed to maximize interoperability between differing brands of wireless LANs as well as to introduce a variety of pe...

Page 174: ...s network traffic in the immediate neighborhood Multiple access points can provide wireless coverage for an entire building or campus All communications between stations or between a station and a wired network client go through the access point The Extended Service Set ESS shown in the next figure consists of a series of overlapping BSSs each containing an Access Point connected together by means...

Page 175: ...Vantage RADIUS User s Guide Wireless LAN and IEEE 802 11 E 3 Diagram E 2 ESS Provides Campus Wide Coverage ...

Page 176: ......

Page 177: ...done through manual modification of the MAC address table on the access point Although WEP data encryption offers a form of data security you have to reset the WEP key on the clients each time you change your WEP key on the access point IEEE 802 1x In June 2001 the IEEE 802 1x standard was designed to extend the features of IEEE 802 11 to support extended authentication as well as providing additi...

Page 178: ...Vantage RADIUS User s Guide F 2 Wireless LAN With IEEE 802 1x Diagram F 1 Sequences for EAP MD5 Challenge Authentication Client computer access authorized Client computer access not authorized ...

Page 179: ...needed by both the server and the wireless stations for mutual authentication The server presents a certificate to the client After validating the identity of the server the client sends a different certificate to the server The exchange of certificates is done in the open before a secured tunnel is created This makes user identity vulnerable to passive attacks A digital certificate is an electron...

Page 180: ...ion Protocol is a Cisco implementation of IEEE802 1x For added security certificate based authentications EAP TLS EAP TTLS and PEAP use dynamic keys for data encryption They are often deployed in corporate environments but for public deployment a simple user name and password pair is more practical ...

Page 181: ...ss the first two octets make up the network number and the two remaining octets make up the host ID Class C addresses begin starting from the left with 1 1 0 In a class C address the first three octets make up the network number and the last octet is the host ID Class D addresses begin with 1 1 1 0 Class D addresses are used for multicasting There is also a class E address It is reserved for futur...

Page 182: ...t ID using a logical AND operation A subnet mask has 32 bits each bit of the mask corresponds to a bit of the IP address If a bit in the subnet mask is a 1 then the corresponding bit in the IP address is part of the network number If a bit in the subnet mask is 0 then the corresponding bit in the IP address is part of the host ID Subnet masks are expressed in dotted decimal notation just as IP add...

Page 183: ...1100 0000 255 255 255 224 27 1110 0000 255 255 255 240 28 1111 0000 255 255 255 248 29 1111 1000 255 255 255 252 30 1111 1100 The first mask shown is the class C natural mask Normally if no mask is specified it is understood that the natural mask is being used Example Two Subnets As an example you have a class C address 192 168 1 0 with subnet mask of 255 255 255 0 NETWORK NUMBER HOST ID IP Addres...

Page 184: ...28 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask 255 255 255 128 Subnet Mask Binary 11111111 11111111 11111111 10000000 Subnet Address 192 168 1 128 Lowest Host ID 192 168 1 129 Broadcast Address 192 168 1 255 Highest Host ID 192 168 1 254 The remaining 7 bits determine the number of hosts each subnet can have Host IDs of all zeros represent the subnet itself and host IDs of al...

Page 185: ...inary 11000000 10101000 00000001 00000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 0 Lowest Host ID 192 168 1 1 Broadcast Address 192 168 1 63 Highest Host ID 192 168 1 62 Chart H 8 Subnet 2 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 64 IP Address Binary 11000000 10101000 00000001 01000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 S...

Page 186: ...o create 8 subnets 001 010 011 100 101 110 The following table shows class C IP address last octet values for each subnet Chart H 11 Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS 1 0 1 30 31 2 32 33 62 63 3 64 65 94 95 4 96 97 126 127 5 128 129 158 159 6 160 161 190 191 7 192 193 222 223 8 224 223 254 255 The following table is a summary for class C subnet planni...

Page 187: ...A address has three host ID octets see Chart J 1 available for subnetting The following table is a summary for class B subnet planning Chart H 13 Class B Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 128 0 17 2 32766 2 255 255 192 0 18 4 16382 3 255 255 224 0 19 8 8190 4 255 255 240 0 20 16 4094 5 255 255 248 0 21 32 2046 6 255 255 252 0 22 64 1022 7 25...

Page 188: ......

Page 189: ... in a command are enclosed in angle brackets The optional fields in a command are enclosed in square brackets The symbol means or For example netconf type on off means that you must specify the type of netbios filter and whether to turn it on or off Command Usage A list of valid commands can be found by typing help or at the command prompt Always type the full command Type exit to close the sessio...

Page 190: ...168 1 3 to 192 168 1 40 because another device has the same IP address and also the gateway address has changed to 192 168 1 154 type the following netconf IP 192 168 1 40 gateway 192 168 1 154 IP Address 192 168 1 3 Netmask 255 255 255 0 Gateway 192 168 1 254 Primary DNS 168 95 1 1 Secondary DNS 168 95 192 1 MAC 00 00 84 40 50 05 Vantage help netconf netconf netconf ip IP address netmask netmask ...

Page 191: ...pe http enable to allow remote HTTP access to Vantage RADIUS Type http disable to have Vantage RADIUS block remote http access https Type https to show the current status of your HTTPS settings Vantage http REMOTE ACCESS HTTP yes Port 80 IP Address 192 168 1 40 Netmask 255 255 255 0 Gateway 192 168 1 154 Primary DNS 168 95 1 1 Secondary DNS 168 95 192 1 MAC 00 00 84 40 50 05 Vantage http REMOTE AC...

Page 192: ...Vantage RADIUS User s Guide I 4 Command Interpreter Type https enable to allow remote HTTPS access to Vantage RADIUS Type https disable to have Vantage RADIUS block remote HTTPS access ...

Page 193: ...UL C UL EUROPEAN PLUG STANDARDS AC Power Adaptor Model HPW 1005U Input Power AC220V 50HZ Output Power DC 5V Power Consumption 5 8W Safety Standards CB TUV UNITED KINGDOM PLUG STANDARDS AC Power Adaptor Model HPW 1005U Input Power AC240V 50HZ Output Power DC 5V Power Consumption 6 5W Safety Standards CB TUV JAPAN PLUG STANDARDS AC Power Adaptor Model HPW 1005U Input Power AC100V 50HZ Output Power D...

Page 194: ...DIUS User s Guide J 2 Power Adaptor Specifications AUSTRALIA AND NEW ZEALAND PLUG STANDARDS AC Power Adaptor Model HPW 1005U Input Power AC240V 50HZ Output Power DC 5V Power Consumption 6 5W Safety Standards DFT ...

Page 195: ...any damages arising from the use of this software Permission is granted to anyone to use this software for any purpose including commercial applications and to alter it and redistribute it freely subject to the following restrictions 1 The origin of this software must not be misrepresented you must not claim that you wrote the original software If you use this software in a product an acknowledgme...

Page 196: ...and must not be misrepresented as being the original software 3 This notice may not be removed or altered from any source distribution Jean loup Gailly Mark Adler jloup gzip org madler alumni caltech edu The data format used by the zlib library is described by RFCs Request for Comments 1950 to 1952 in the files ftp ds internic net rfc rfc1950 txt zlib format rfc1951 txt deflate format and rfc1952 ...

Page 197: ...ducts derived from this software may not be called OpenSSL nor may OpenSSL appear in their names without prior written permission of the OpenSSL Project 6 Redistributions of any form whatsoever must retain the following acknowledgment This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit http www openssl org THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ...

Page 198: ... the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 All advertising materials mentioning features or use of this software must display the following acknowledgement This product includes cryptographic software written by ...

Page 199: ...opyright c dates as appropriate to package The Regents of the University of California All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary ...

Page 200: ...copies of the Software and to permit persons to whom the Software is furnished to do so subject to the following conditions The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software THE SOFTWARE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY FITNESS ...

Page 201: ...e Software to deal in the Software without restriction including without limitation the rights to use copy modify merge publish distribute sublicense and or sell copies of the Software and to permit persons to whom the Software is furnished to do so subject to the following conditions The above copyright notice and this permission notice shall be included in all copies or substantial portions of t...

Page 202: ... you if you distribute copies of the software or if you modify it For example if you distribute copies of such a program whether gratis or for a fee you must give the recipients all the rights that you have You must make sure that they too receive or can get the source code And you must show them these terms so they know their rights We protect your rights with two steps 1 copyright the software a...

Page 203: ...y part thereof to be licensed as a whole at no charge to all third parties under the terms of this License c If the modified program normally reads commands interactively when run you must cause it when started running for such interactive use in the most ordinary way to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty or else saying...

Page 204: ...rogram except as expressly provided under this License Any attempt otherwise to copy modify sublicense or distribute the Program is void and will automatically terminate your rights under this License However parties who have received copies or rights from you under this License will not have their licenses terminated so long as such parties remain in full compliance 5 You are not required to acce...

Page 205: ...to address new problems or concerns Each version is given a distinguishing version number If the Program specifies a version number of this License which applies to it and any later version you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation If the Program does not specify a version number of this Licens...

Page 206: ...INDICATE YOUR ASSENT TO THEM IF YOU DO NOT AGREE TO THESE TERMS THEN ZyXEL INC IS UNWILLING TO LICENSE THE SOFTWARE TO YOU IN WHICH EVENT YOU SHOULD RETURN THE UNINSTALLED SOFTWARE AND PACKAGING TO THE PLACE FROM WHICH IT WAS ACQUIRED AND YOUR MONEY WILL BE REFUNDED 1 Grant of License for Personal Use ZyXEL Communications Corp ZyXEL grants you a non exclusive non sublicense non transferable licens...

Page 207: ...at the Software contains proprietary trade secrets of ZyXEL and you hereby agree to maintain the confidentiality of the Software using at least as great a degree of care as you use to maintain the confidentiality of your own most confidential information You agree to reasonably communicate the terms and conditions of this License Agreement to those persons employed by you who come into contact wit...

Page 208: ...O ANY APPLICABLE LAWS REGULATIONS ORDERS OR OTHER RESTRICTIONS ON THE EXPORT OF THE SOFTWARE OR INFORMATION ABOUT SUCH SOFTWARE WHICH MAY BE IMPOSED FROM TIME TO TIME YOU SHALL NOT EXPORT THE SOFTWARE DOCUMENTATION OR INFORMATION ABOUT THE SOFTWARE AND DOCUMENTATION WITHOUT COMPLYING WITH SUCH LAWS REGULATIONS ORDERS OR OTHER RESTRICTIONS YOU AGREE TO INDEMNIFY ZyXEL AGAINST ALL CLAIMS LOSSES DAMA...

Page 209: ...of or relating to this License Agreement shall be an appropriate court or Commercial Arbitration Association sitting in ROC Taiwan This License Agreement shall constitute the entire Agreement between the parties hereto This License Agreement the rights granted hereunder the Software and Documentation shall not be assigned by you without the prior written consent of ZyXEL Any waiver or modification...

Page 210: ......

Page 211: ...Set E 2 BSS See Basic Service Set C CA G 1 Canada iv Caution iv Certificate Authority See CA Certificates 1 5 5 3 Importing 5 43 Certifications iii Classes of IP Addresses H 1 Command Interpreter I 1 exit I 3 h or help I 1 http I 3 https I 3 netconf I 2 Command List I 1 Command Syntax I 1 Command Usage I 1 Computer s IP Address D 1 Configuration 3 2 Copyright ii Customer Support vi CyberTrust 5 3 ...

Page 212: ...EE 802 11 E 1 Deployment Issues F 1 Security Flaws F 1 IEEE 802 1x F 1 Advantages F 1 Independent Basic Service Set E 2 Industry Canada iv Infrastructure Configuration E 2 Internet Security Gateway xvii IP Address 3 1 3 7 IP Addressing H 1 IP Classes H 1 IP Configuration 3 3 3 4 IP Pool Setup 3 3 L Logs 1 6 4 1 RADIUS Events 4 4 RADIUS Log Files 4 11 RADIUS Logs 4 10 Real Time System 4 7 Settings ...

Page 213: ... 5 Server Certificate 5 5 Service v SNMP 7 12 Get 7 13 Manager 7 13 MIBs 7 13 Screens 7 14 Trap 7 13 Traps 7 13 SNMP Simple Network Management Protocol 1 5 SNMP Support 1 5 SSH 1 6 7 3 7 4 Subnet Mask 3 1 Subnet Masks H 2 Subnetting H 2 Support Disk xvii Syntax Conventions xvii Syslog 4 2 System Status 6 1 System Timeout 7 2 T TCP IP 7 7 Telnet 7 6 Telnet Configuration 7 7 TFTP 4 2 TFTP and FTP Ov...

Page 214: ... Web Configurator 2 3 Summary 2 4 Web Configurator Overview 2 1 Wireless Access Point Example 5 46 Wireless Accounts 1 6 Wireless Authentication Setup Example 5 47 Wireless LAN E 1 Benefits E 1 Wireless LAN and IEEE 802 11 E 1 Wireless Network Authentication 1 6 WLAN See Wireless LAN www zyxel com v Z ZyAIR G 3000 RADIUS Setup Example 5 46 ZyXEL Limited Warranty Note v ZyXEL website v ...

Reviews:

No comments

Related manuals for VANTAGE RADIUS 50

IBM eServer BladeCenter HS40 Type 8839 Installation And User Manual preview
eServer BladeCenter HS40 Type 8839
Brand: IBM Pages: 120
IBM Bull Escala E5-700 Manual preview
Bull Escala E5-700
Brand: IBM Pages: 116
Axis 27978R1 User Manual preview
27978R1
Brand: Axis Pages: 66
B&B Electronics VESR4x4 Quick Start Manual preview
VESR4x4
Brand: B&B Electronics Pages: 2
Sun Oracle SPARC T3-2 Service Manual preview
SPARC T3-2
Brand: Sun Oracle Pages: 222
IOGear GMFPSU01 User Manual preview
GMFPSU01
Brand: IOGear Pages: 44
IBM 419452u - Servers System X3250 M2 Xeon... Installation Manual preview
419452u - Servers System X3250 M2 Xeon...
Brand: IBM Pages: 84
IBM X 330 Series Installation Manual preview
X 330 Series
Brand: IBM Pages: 76
NEC 120Ra-1 Installation Manual preview
120Ra-1
Brand: NEC Pages: 12
NEC 120Rf-2 Product Manual preview
120Rf-2
Brand: NEC Pages: 20
NEC 120Le Installation Instructions Manual preview
120Le
Brand: NEC Pages: 16
NEC EXP320J User Manual preview
EXP320J
Brand: NEC Pages: 504
NEC 120Rg-2 Getting Started Manual preview
120Rg-2
Brand: NEC Pages: 2
Sony HES-V1000 - Home Entertainment Server Operating Instructions Manual preview
HES-V1000 - Home Entertainment Server
Brand: Sony Pages: 155
Sun Oracle Netra SPARC T3-1BA Safety And Compliance Manual preview
Netra SPARC T3-1BA
Brand: Sun Oracle Pages: 62
Sun Oracle X3-2 Installation Manual preview
X3-2
Brand: Sun Oracle Pages: 182
Sun Oracle Fire X4440 Service Manual preview
Fire X4440
Brand: Sun Oracle Pages: 222
Sun Microsystems Fire V210 Administration Manual preview
Fire V210
Brand: Sun Microsystems Pages: 114

Brands by name

Popular brands

Load more brands