manualshive.com logo in svg

ZyXEL Communications Zyair B-1000 v.2, User Manual

Get the most out of your ZyXEL Communications Zyair B-1000 v.2 with the user manual available for free download at manualshive.com. This comprehensive manual includes detailed instructions on setup, configuration, and troubleshooting to ensure you get the best performance from your device.

Share
Download
background image

ZyAIR Access Point Series User’s Guide 

6-10 

 

                        

 

 

 

 

             Wireless Security 

6.9  Introduction to WPA 

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft. Key differences 
between WPA and WEP are user authentication and improved data encryption.  

6.9.1 User Authentication  

WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients 
using an external RADIUS database. You can’t use the ZyAIR’s Local User Database for WPA 
authentication purposes since the Local User Database uses EAP-MD5 which cannot be used to generate 
keys.  See later in this chapter and the appendices for more information on IEEE 802.1x, RADIUS and EAP.  
Therefore, if you don’t have an external RADIUS server you should use WPA-PSK (WPA -Pre-Shared Key) 
that only requires a single (identical) password entered into each access point, wireless gateway and wireless 
client. As long as the passwords match, a client will be granted access to a WLAN.  

6.9.2 Encryption  

WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check 
(MIC) and IEEE 802.1x.

  

Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and distributed by 
the authentication server. It includes a per-packet key mixing function, a Message Integrity Check (MIC) 
named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. 
TKIP regularly changes and rotates the encryption keys so that the same encryption key is never used twice. 
The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy 
and management system, using the pair-wise key to dynamically generate unique data encryption keys to 
encrypt every data packet that is wirelessly communicated between the AP and the wireless clients. This all 
happens in the background automatically. 
The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering 
them and resending them. The MIC provides a strong mathematical function in which the receiver and the 
transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has 
been tampered with and the packet is dropped.  
By generating unique data encryption keys for every data packet and by creating an integrity checking 
mechanism (MIC), TKIP makes it much more difficult to decode data on a Wi-Fi network than WEP, making 
it difficult for an intruder to break into the network.  
The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference between the 
two is that WPA-PSK uses a simple common password, instead of user-specific credentials. The common-
password approach makes WPA-PSK susceptible to brute-force password-guessing attacks but it’s still an 
improvement over WEP as it employs an easier-to-use, consistent, single, alphanumeric password. 
 
 

Summary of Contents for Zyair B-1000 v.2

Page 1: ...ZyAIR Access Point Series User s Guide Version 3 50 March 2004...

Page 2: ...d by ZyXEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does...

Page 3: ...instructions may cause harmful interference to radio communications If this equipment does cause harmful interference to radio television reception which can be determined by turning the equipment of...

Page 4: ...f the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no event...

Page 5: ...sales zyxel com 1 714 632 0858 ftp us zyxel com ZyXEL Communications Inc 1130 N Miller St Anaheim CA 92806 2001 U S A support zyxel de 49 2405 6909 0 www zyxel de GERMANY sales zyxel de 49 2405 6909...

Page 6: ...AIL FAX1 FTP SITE REGULAR MAIL support zyxel se 46 31 744 7700 www zyxel se SWEDEN sales zyxel se 46 31 744 7701 ZyXEL Communications A S Sj porten 4 41764 G teborg Sweden support zyxel fi 358 9 4780...

Page 7: ...Web Configurator 2 1 2 1 Accessing the ZyAIR Web Configurator 2 1 2 2 Resetting the ZyAIR 2 2 2 2 1 Method of Restoring Factory Defaults 2 2 2 3 Navigating the ZyAIR Web Configurator 2 3 Chapter 3 Wiz...

Page 8: ...oaming 5 15 Chapter 6 Wireless Security 6 1 6 1 Wireless Security Overview 6 1 6 2 WEP Overview 6 1 6 2 1 Data Encryption 6 2 6 2 2 Authentication 6 2 6 3 Configuring WEP Encryption 6 3 6 4 MAC Filter...

Page 9: ...n 8 1 8 1 Factory Ethernet Defaults 8 1 8 2 TCP IP Parameters 8 1 8 2 1 IP Address and Subnet Mask 8 1 8 2 2 WAN IP Address Assignment 8 1 8 3 Configuring IP 8 2 LOGS III Chapter 9 Logs Screens 9 1 9...

Page 10: ...3000 only 13 12 Chapter 14 Dial in User Setup 14 1 14 1 Dial in User Setup 14 1 Chapter 15 VLAN Setup 15 1 15 1 VLAN Setup 15 1 Chapter 16 SNMP Configuration 16 1 16 1 About SNMP 16 1 16 2 Supported...

Page 11: ...Setting 20 2 20 2 1 Resetting the Time 20 3 APPENDICES VI Appendix A Troubleshooting A 1 Problems Starting Up the ZyAIR A 1 Problems with the Ethernet Interface A 1 Problems with the Password A 2 Prob...

Page 12: ...2 Basic Service set 5 2 Figure 5 3 Extended Service Set 5 3 Figure 5 4 RTS CTS 5 4 Figure 5 5 Wireless 5 7 Figure 5 6 Bridging Example 5 9 Figure 5 7 Bridge Loop Two Bridges Connected to Hub 5 10 Fig...

Page 13: ...igure 10 12 Network Temporarily Disconnected 10 12 Figure 10 13 Configuration Upload Error 10 12 Figure 10 14 Reset Warning Message 10 13 Figure 10 15 Restart Screen 10 13 Figure 11 1 Login Screen 11...

Page 14: ...rt Speed 18 3 Figure 18 4 Menu 24 2 1 System Information Information 18 3 Figure 18 5 Menu 24 2 2 System Maintenance Change Console Port Speed 18 4 Figure 18 6 Menu 24 3 System Maintenance Log and Tra...

Page 15: ...4 Wireless LAN 802 1x WPA 6 14 Table 6 5 Wireless LAN 802 1x WPA for 802 1x Protocol 6 15 Table 6 6 Wireless LAN 802 1x WPA for WPA Protocol 6 18 Table 6 7 Wireless LAN 802 1x WPA for WPA PSK Protoco...

Page 16: ...n User 14 2 Table 15 1 Menu 16 VLAN Setup 15 1 Table 16 1 Menu 22 SNMP Configuration 16 3 Table 16 2 SNMP Traps 16 4 Table 16 3 Ports and Interface Types 16 4 Table 17 1 Menu 23 2 System Security RADI...

Page 17: ...ntain background information on features configurable by the web configurator and the SMT The SMT parts of this guide contain background information solely on features not configurable by the web conf...

Page 18: ...ds throughout this manual The ZyAIR Access Point series may be referred to simply as the ZyAIR in the user s guide User Guide Feedback Help us help you E mail all User Guide related comments questions...

Page 19: ...Overview I P Pa ar rt t I I OVERVIEW This part introduces the main features and applications of ZyAIR and shows how to access the web configurator and use the Wizard to configure for Internet Access...

Page 20: ......

Page 21: ...rator and SNMP network management enables remote configuration and management of your ZyAIR 1 2 ZyAIR Features The following sections describe the features of the ZyAIR Access Point series Features va...

Page 22: ...lex or full duplex mode depending on your Ethernet network 10 100M Auto crossover Ethernet Fast Ethernet Interface The LAN interface automatically adjusts to either a crossover or straight through Eth...

Page 23: ...r authentication and improved data encryption Power over Ethernet PoE Power over Ethernet PoE is the ability to provide power to your ZyAIR via an 8 pin CAT 5 Ethernet cable eliminating the need for a...

Page 24: ...the same AP Only wireless stations with the same ESSID can communicate with each other This allows the AP to logically group wireless stations in a manner similar to VLAN Virtual LAN This feature is n...

Page 25: ...uivalent Privacy encrypts data frames before transmitting over the wireless network to help keep network communications private IEEE 802 1x Network Security The ZyAIR supports the IEEE 802 1x standard...

Page 26: ...inal emulator over a telnet connection Logging and Tracing Built in message logging and packet tracing Unix syslog facility support Embedded FTP and TFTP Servers The ZyAIR s embedded FTP and TFTP serv...

Page 27: ...ical Internet access application for your ZyAIR is shown as follows Stations A B and C can access the wired network through the ZyAIRs Figure 1 3 Access Point Application 1 3 2 Multiple ESS The ZyAIR...

Page 28: ...P Y if it moves to the Sales ESS coverage area You cannot configure WPA on your ZyAIR in Multiple ESS mode Figure 1 4 Multiple ESS Application 1 3 3 AP Bridge In AP Bridge mode the ZyAIR supports both...

Page 29: ...hout the Ethernet connection When the ZyAIR is in the bridge mode you need to enable STP to prevent bridge loops When the ZyAIR is in Bridge Repeater mode you don t have to enter four keys in the key...

Page 30: ...ZyAIR Access Point Series User s Guide 1 10 Getting to Know Your ZyAIR Figure 1 6 Bridge Mode Application Figure 1 7 Repeater Mode Application...

Page 31: ...Step 2 Prepare your computer computer network to connect to the ZyAIR refer to the appendix Step 3 Launch your web browser Step 4 Type 192 168 1 2 default as the URL Step 5 Type 1234 default as the pa...

Page 32: ...e factory default configuration file This means that you will lose all configurations that you had previously The password will be reset to 1234 also 2 2 1 Method of Restoring Factory Defaults You can...

Page 33: ...pear in the MAIN MENU screen Figure 2 2 The MAIN MENU Screen of the Web Configurator Click MAINTENANCE to view information about your ZyAIR or upgrade configuration firmware files Maintenance includes...

Page 34: ......

Page 35: ...be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 channels and an adjacent AP is using channel 1 then you need to select a chan...

Page 36: ...ick the Identification tab note the entry for the Computer Name field and enter it as the System Name In Windows 2000 click Start Settings Control Panel and then double click System Click the Network...

Page 37: ...is is not a required field Leave this field blank or enter the domain name here if you know it Next Click Next to proceed to the next screen 3 3 Wizard Setup Wireless LAN Use the second wizard screen...

Page 38: ...tion Select Disable allows all wireless computers to communicate with the access points without any data encryption Select 64 bit WEP or 128 bit WEP to allow data encryption ASCII Select this option i...

Page 39: ...Allocation for Private Internets and RFC 1466 Guidelines for Management of IP Address Space 3 4 2 IP Address and Subnet Mask Similar to the way houses on a street share a common street name so too do...

Page 40: ...3 Wizard 3 IP Address Assignment The following table describes the labels in this screen Table 3 4 Wizard 3 IP Address Assignment LABEL DESCRIPTION IP Address Assignment Get automatically from DHCP Se...

Page 41: ...On the LAN the gateway must be a router on the same segment as your ZyAIR over the WAN the gateway must be the IP address of one of the remote node Back Click Back to return to the previous screen Fi...

Page 42: ...ZyAIR Access Point Series User s Guide 3 8 Wizard Setup Well done You have successfully set up your ZyAIR to operate on your network and access the Internet...

Page 43: ...System Wireless VLAN and IP II Part II SYSTEM WIRELESS VLAN AND IP This part covers the information and web configurator screens of System Wireless VLAN and IP...

Page 44: ......

Page 45: ...vides information on the System screens 4 1 System Overview This section provides information on general system setup 4 2 Configuring General Setup Click the SYSTEM link under ADVANCED to open the Gen...

Page 46: ...rmation and the ZyAIR s Ethernet IP address The field to the right displays the read only DNS server IP address that the DHCP assigns Select User Defined if you have the IP address of a DNS server Ent...

Page 47: ...that as you type a password the screen displays an asterisk for each character you type Retype to Confirm Retype your new system password for confirmation Apply Click Apply to save your changes back t...

Page 48: ...AIR Not all time servers support all protocols so you may have to check with your ISP network administrator or use trial and error to find a protocol that works The main difference between them is the...

Page 49: ...server New Date yyyy mm dd This field displays the last updated date from the time server When you select None in the Time Protocol field enter the new date in this field and then click Apply Time Zon...

Page 50: ......

Page 51: ...defined as two or more computers with wireless adapters within range of each other that from an independent wireless network without the need of an access point AP Figure 5 1 IBSS Ad hoc Wireless LAN...

Page 52: ...of overlapping BSSs each containing an access point with each access point connected together by a wired network This wired connection between APs is called a Distribution System DS An ESSID ESS IDen...

Page 53: ...RTS CTS A hidden node occurs when two stations are within range of the same access point but are not within range of each other The following figure illustrates a hidden node Both stations STA are wi...

Page 54: ...for the requested transmission Stations can send frames smaller than the specified RTS CTS directly to the AP without the RTS Request To Send CTS Clear to Send handshake You should only configure RTS...

Page 55: ...compatible with STP only aware bridges Using RSTP topology change information does not have to propagate to the root bridge and unwanted learned addresses are flushed from the filtering database In R...

Page 56: ...le network topology has been established all bridges listen for Hello BPDUs Bridge Protocol Data Units transmitted from the root bridge If a bridge does not get a Hello BPDU after a predefined interva...

Page 57: ...User s Guide System Screens 5 7 5 4 1 Access Point Mode Select Access Point Operating Mode to display the screen as shown next Figure 5 5 Wireless The following table describes the general wireless L...

Page 58: ...tings Hide ESSID Select this check box to hide the ESSID in the outgoing beacon frame so a station cannot obtain the ESSID through passive scanning using a site survey tool Choose Channel ID Set the o...

Page 59: ...the MAC address of the peer device which also must be in bridge mode In the example below when both ZyAIRs are in Bridge Repeater mode they form a WDS Wireless Distribution System allowing the comput...

Page 60: ...s bridge that is also connected to the same wired LAN as shown next Figure 5 8 Bridge Loop Bridge Connected to Wired LAN To prevent bridge loops ensure that you enable STP in the Wireless screen or yo...

Page 61: ...ZyAIR Access Point Series User s Guide System Screens 5 11 Figure 5 9 Wireless Bridge Repeater The following table describes the bridge labels in this screen...

Page 62: ...to disable it Remote Bridge MAC Address Type the MAC address of the peer device in a valid MAC address format that is six hexadecimal character pairs for example 12 34 56 78 9a bc Enable Spanning Tre...

Page 63: ...ZyAIR Access Point Series User s Guide System Screens 5 13 Figure 5 10 Wireless AP Bridge...

Page 64: ...ss points to relay information about the wireless stations to each other When a wireless station moves from a coverage area to another it scans and uses the channel of a new access point which then in...

Page 65: ...access point AP 2 for reauthentication 5 5 1 Requirements for Roaming The following requirements must be met in order for wireless stations to roam between the coverage areas 1 All the access points...

Page 66: ...es from the drop down list box to enable roaming on the ZyAIR if you have two or more ZyAIRs on the same subnet All APs on the same subnet and the wireless stations must have the same ESSID to allow r...

Page 67: ...levels on your ZyAIR EAP Extensible Authentication Protocol is used for authentication and utilizes dynamic WEP key exchange It requires interaction with a RADIUS Remote Authentication Dial In User Se...

Page 68: ...network Open System Shared Key and Auto The following figure illustrates the steps involved Figure 6 2 WEP Authentication Steps Open system authentication involves an unencrypted two message procedur...

Page 69: ...accept open system authentication requests The same is true for shared key authentication However when it is set to auto authentication the ZyAIR will accept either type of authentication request and...

Page 70: ...ZyAIR Access Point Series User s Guide 6 4 Wireless Security Figure 6 3 Wireless The following table describes the wireless LAN security labels in this screen...

Page 71: ...characters 0 9 A F You must configure all four keys but only one key can be activated at any one time The default key is key 1 Enable Intra BSS Traffic Intra BSS traffic is traffic between wireless s...

Page 72: ...eny Association Every Ethernet device has a unique MAC Media Access Control address The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters for example 00 A0 C5...

Page 73: ...et Click Reset to begin configuring this screen afresh 6 5 802 1x Overview The IEEE 802 1x standard outlines enhanced security methods for both the authentication of wireless stations and encryption k...

Page 74: ...accounting Accounting Response Sent by the RADIUS server to indicate that it has started or stopped accounting In order to ensure network security the access point and the RADIUS server use a shared...

Page 75: ...ainst its user profile database and determines whether or not to authenticate the wireless station 6 8 Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server This k...

Page 76: ...initialization vector IV with sequencing rules and a re keying mechanism TKIP regularly changes and rotates the encryption keys so that the same encryption key is never used twice The RADIUS server di...

Page 77: ...to encrypt data exchanged between them Figure 6 6 WPA PSK Authentication 6 11 WPA with RADIUS Application Example You need the IP address of the RADIUS server its port number default is 1812 and the...

Page 78: ...6 12 Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method key management protocol type You enter manual keys by fi...

Page 79: ...ating system instructing the wireless client how to use WPA At the time of writing the most widely available supplicants are the WPA patch for Windows XP Funk Software s Odyssey client and Meetinghous...

Page 80: ...Allowed blocks all wireless stations access to the wired network No Authentication Required allows all wireless stations access to the wired network without entering usernames and passwords This is th...

Page 81: ...e drop down list box Choose from No Authentication Required Authentication Required and No Access Allowed No Authentication Required allows all wireless stations access to the wired network without en...

Page 82: ...iod of inactivity The wireless station needs to enter the username and password again before access to the wired network is allowed This field is activated only when you select Authentication Required...

Page 83: ...have the ZyAIR first check the user database on the ZyAIR for a wireless station s username and password If the user name is not found the ZyAIR then checks the user database on the specified RADIUS s...

Page 84: ...reless LAN 802 1x WPA for WPA Protocol LABEL DESCRIPTION Key Management Protocol Choose WPA in this field WPA Mixed Mode The ZyAIR can operate in WPA Mixed Mode which supports both clients running WPA...

Page 85: ...h the AP if using WPA PSK key management or RADIUS server if using WPA key management sends a new group key out to all clients The re keying process is the WPA equivalent of automatically changing the...

Page 86: ...s LAN 802 1x WPA for WPA PSK Protocol LABEL DESCRIPTION Key Management Protocol Choose WPA PSK in this field Pre Shared Key The encryption mechanisms used for WPA and WPA PSK are the same The only dif...

Page 87: ...K Key Management Protocol is selected WPA Group Key Update Timer The WPA Group Key Update Timer is the rate at which the AP if using WPA PSK key management or RADIUS server if using WPA key management...

Page 88: ...ZyAIR Access Point Series User s Guide 6 22 Wireless Security Figure 6 12 Local User Database The following table describes the labels in this screen...

Page 89: ...rs for this user profile Note that as you type a password the screen displays a for each character you type Apply Click Apply to save your changes back to the ZyAIR Reset Click Reset to begin configur...

Page 90: ...een the external authentication server and the ZyAIR The key must be the same on the external authentication server and your ZyAIR The key is not sent over the network Accounting Server Active Select...

Page 91: ...ual LAN 7 1 2 Notes on Multiple ESS 1 A maximum of eight ESSs are allowed on one AP 2 Each ESS has its own MAC filter set see the MAC filter set section for more information 3 When you enable Multi ES...

Page 92: ...ach ESS is assigned a unique VLAN ID 7 2 1 Management VLAN ID The Management VLAN ID identifies the management VLAN A device must be a member of this management VLAN in order to access and manage the...

Page 93: ...Guide Multiple ESS and VLAN 7 3 Figure 7 1 Multi ESS with VLAN Example 7 3 Configuring Multiple ESS Click the WIRELESS link under ADVANCED Select Multiple ESS in the Operating Mode drop down list box...

Page 94: ...ZyAIR Access Point Series User s Guide 7 4 Multiple ESS and VLAN Figure 7 2 Wireless Multiple ESS The following table describes the labels in this screen...

Page 95: ...a channel click Scan instead Refer to the Wizard Setup chapter for a little more information on channels Scan To have the ZyAIR automatically select a channel click Scan instead Extended Service Set E...

Page 96: ...ID Enter a descriptive name up to 32 alphanumeric characters for identification purposes This name is case sensitive Active Select this check box to activate this ESS VLAN ID Enter a number from 1 to...

Page 97: ...icast WEP key Key 3 or Key 4 Key 3 or key 4 is used to encrypt multicast broadcast transmissions If you chose 64 bit WEP then enter any 5 ASCII characters or 10 hexadecimal characters 0 9 A F If you c...

Page 98: ...f each ESS MAC Address Filter This field displays Disable if the MAC filter is inactive Association Allowed if the MAC filter is active and filter action is allowed or Association Denied if the MAC fi...

Page 99: ...SCRIPTION Enable VLAN Tagging Select this check box to turn on VLAN tagging Management VLAN ID Enter a number from 1 to 255 to define this VLAN group At least one device in your network must belong to...

Page 100: ......

Page 101: ...f your networks are isolated from the Internet for instance only between your two branch offices you can assign any IP addresses to the hosts without problems However the Internet Assigned Numbers Aut...

Page 102: ...DVANCED and then IP to display the screen shown next Figure 8 1 IP Setup The following table describes the labels in this screen Table 8 2 IP Setup LABEL DESCRIPTION IP Address Assignment Get automati...

Page 103: ...ator again IP Subnet Mask Type the subnet mask Gateway IP Address Type the IP address of the gateway The gateway is an immediate neighbor of your ZyAIR that will forward the packet to the destination...

Page 104: ......

Page 105: ...Logs III Part III LOGS This part provides information and configuration instructions for the logs...

Page 106: ......

Page 107: ...one location Click the LOGS links under ADVANCED to open the View Log screen Use the View Log screen to see the logs for the categories that you selected in the Log Settings screen see section 9 2 Op...

Page 108: ...otes This field displays additional information about the log entry Email Log Now Click Email Log Now to send the log screen to the e mail address specified in the Log Settings page Refresh Click Refr...

Page 109: ...ZyAIR Access Point Series User s Guide Logs Screens 9 3 Figure 9 2 Log Settings The following table describes the labels in this screen...

Page 110: ...r name or IP address of the syslog server that will log the selected categories of logs Log Facility Select a location from the drop down list box The log facility allows you to log the messages to di...

Page 111: ...gs after logs and alert messages are sent via e mail Log Select the categories of logs that you want to record Send Immediate Alert Select the categories of alerts for which you want the ZyAIR to imme...

Page 112: ......

Page 113: ...Maintenance IV Part IV MAINTENANCE This part describes the Maintenance web configurator screens...

Page 114: ......

Page 115: ...manage configuration and restart your ZyAIR 10 2 System Status Screen Click MAINTENANCE to open the System Status screen where you can use to monitor your ZyAIR Note that these labels are READ ONLY a...

Page 116: ...bnet mask DHCP This is the Ethernet port DHCP role Client or None Show Statistics Click Show Statistics to see router performance statistics such as number of packets sent and number of packets receiv...

Page 117: ...Bridge Link This is the index number of the bridge connection Active This shows whether the bridge connection is activated or not Remote Bridge MAC Address This is the MAC address of the peer device i...

Page 118: ...station first associated with the ZyAIR ESS This field displays the ESS identification name to which the wireless station is associated This field is not available on all models Refresh Click Refresh...

Page 119: ...ge ZyAIR B 1000 LABEL DESCRIPTION Channel This is the index number of the channel currently used by the associated AP in an Infrastructure wireless network or wireless station in an Ad Hoc wireless ne...

Page 120: ...ield displays the MAC address of the AP in an Infrastructure wireless network It is randomly generated so ignore it in an Ad Hoc wireless network Channel This is the index number of the channel curren...

Page 121: ...nstructions in this screen to upload firmware to your ZyAIR Figure 10 6 Firmware Upload The following table describes the labels in this screen Table 10 6 Firmware Upload LABEL DESCRIPTION File Path T...

Page 122: ...porary network disconnect In some operating systems you may see the following icon on your desktop Figure 10 8 Network Temporarily Disconnected After two minutes log in again and check your new firmwa...

Page 123: ...figuration Screen See the Firmware and Configuration File Maintenance chapter for transferring configuration files using FTP TFTP commands Click MAINTENANCE and then the Configuration tab Information...

Page 124: ...rrent configuration to a file on your computer Once your ZyAIR is configured and functioning properly it is highly recommended that you back up your configuration file before making configuration chan...

Page 125: ...k Browse to find the file you want to upload Remember that you must decompress compressed ZIP files before you can upload them Upload Click Upload to begin the upload process Do not turn off the ZyAIR...

Page 126: ...See your Quick Installation Guide for details on how to set up your computer s IP address If the upload was not successful the following screen will appear Click Return to go back to the Configuration...

Page 127: ...actory defaults of your ZyAIR Refer to the section on resetting the ZyAIR for more information on the RESET button 10 7 Restart Screen System restart allows you to reboot the ZyAIR without turning the...

Page 128: ......

Page 129: ...part contains SMT System Management Terminal configuration and background information for features only configurable by SMT See the web configurator parts of this guide for background information on...

Page 130: ......

Page 131: ...cter you type Figure 11 1 Login Screen Step 3 After entering the password you will see the main menu Please note that if there is no activity for longer than five minutes default timeout period after...

Page 132: ...press ENTER Note that as you type a password the screen displays an asterisk for each character you type 11 3 ZyAIR SMT Menu Overview Example We use the ZyAIR B 3000 SMT menus in this guide as an exa...

Page 133: ...intenance Status Menu 24 2 System Information and Console Port Speed Menu 24 3 System Maintenance Log and Trace Menu 24 5 Backup Configuration Menu 24 6 Restore Configuration Menu 24 2 2 System Mainte...

Page 134: ...to the next field You can also use the UP DOWN arrow keys to move to the previous and the next field respectively Entering information Type in or press SPACE BAR then press ENTER You need to fill in t...

Page 135: ...enu to set up your VLAN tagging 22 SNMP Configuration Use this menu to set up SNMP related parameters 23 System Security Use this menu to change your password and enable network user authentication 24...

Page 136: ......

Page 137: ...n the LAN While you must enter the host name System Name on each individual computer the domain name can be assigned from the ZyAIR via DHCP 12 1 1 Procedure To Configure Menu 1 Step 1 Enter 1 in the...

Page 138: ...not a required field Leave this field blank or enter the domain name here if you know it First Second Third System DNS Server Press SPACE BAR to select From DHCP User Defined or None and press ENTER...

Page 139: ...given in the next chapter 13 2 TCP IP Ethernet Setup Use menu 3 2 to configure your ZyAIR for TCP IP To edit menu 3 2 enter 3 from the main menu to display Menu 3 LAN Setup When menu 3 appears press...

Page 140: ...168 1 2 IP Subnet Mask Your ZyAIR will automatically calculate the subnet mask based on the IP address that you assign Unless you are implementing subnetting use the subnet mask computed by the ZyAIR...

Page 141: ...n the outgoing data frame so an intruder cannot obtain the ESSID through passive scanning No Channel ID Press SPACE BAR to select a channel This allows you to set the operating frequency channel depen...

Page 142: ...in the WEP Encryption field then enter 13 ASCII characters or 26 hexadecimal characters 0 9 A F Enter 0x before the key to denote a hexadecimal key Don t enter 0x before the key to denote an ASCII key...

Page 143: ...ER 17dBm When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go back to the previous screen 13 3 1...

Page 144: ...00 00 5 00 00 00 00 00 00 17 00 00 00 00 00 00 29 00 00 00 00 00 00 6 00 00 00 00 00 00 18 00 00 00 00 00 00 30 00 00 00 00 00 00 7 00 00 00 00 00 00 19 00 00 00 00 00 00 31 00 00 00 00 00 00 8 00 00...

Page 145: ...on with the ZyAIR MAC addresses not listed will be denied access to the router MAC Address Filter 1 32 Enter the MAC addresses in XX XX XX XX XX XX format of the client computers that are allowed or d...

Page 146: ...all access points The default is 16290 Make sure this port is not used by other services When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save yo...

Page 147: ...Edit Multiple ESS Configuration field Press SPACE BAR to select Yes and press ENTER Menu 3 5 3 Multiple ESS Configuration displays as shown next Menu 3 5 Wireless LAN Setup Operating Mode Multiple ESS...

Page 148: ...menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go back to the previous screen Configuring an Extended Service Set Move the...

Page 149: ...nsmissions Key 1 to Key 4 The WEP keys are used to encrypt data Both the ZyAIR and the wireless stations must use the same WEP key for data transmission If you chose 64 bit WEP in the WEP Encryption f...

Page 150: ...LAN Setup Figure 13 11 Menu 3 5 Wireless LAN Setup Step 3 In the Operating Mode field press SPACE BAR to select Bridge Repeater or AP Bridge and press ENTER Step 4 Move the cursor to the Edit Bridge...

Page 151: ...cter pairs for example 12 34 56 78 9a bc When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go ba...

Page 152: ......

Page 153: ...ep 2 Type a number and press ENTER to edit the user profile Figure 14 2 Menu 14 1 Edit Dial in User The following table describes the fields in this screen Menu 14 Dial in User Setup 1 ________ 9 ____...

Page 154: ...r this user profile This field is case sensitive Active Press SPACE BAR to select Yes and press ENTER to enable the user profile Password Enter a password up to 31 characters long for this user profil...

Page 155: ...lowing table describes the fields in this menu Table 15 1 Menu 16 VLAN Setup FIELD DESCRIPTION EXAMPLE VLAN Tagging To enable VLAN tagging press SPACE BAR to select Yes and press ENTER No Native VLAN...

Page 156: ......

Page 157: ...devices SNMP is a member of the TCP IP protocol suite Your ZyAIR supports SNMP agent functionality which allows a manager station to manage and monitor the ZyAIR through the network The ZyAIR supports...

Page 158: ...simple request response protocol based on the manager agent model The manager issues a request and the agent returns responses using the following protocol operations Get Allows the manager to retriev...

Page 159: ...his address A blank default field means your ZyAIR will respond to all SNMP messages it receives regardless of source 0 0 0 0 Trap Community Type the trap community which is the password sent with eac...

Page 160: ...when the port is up 4 authenticationFailure defined in RFC 1215 A trap is sent to the manager when receiving any SNMP get or set requirements with wrong community password 6 linkDown defined in RFC 1...

Page 161: ...e to restore the default configuration file Refer to the section on changing the system password in the Introducing the SMT chapter and the section on resetting the ZyAIR in the Introducing the Web Co...

Page 162: ...dministrator instructs you to do so with additional information 1812 Shared Secret Specify a password up to 31 alphanumeric characters as the key to be shared between the external authentication serve...

Page 163: ...This key must be the same on the external accounting server and ZyAIR When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or...

Page 164: ...wired network The following fields are not available when you select No Authentication Required or No Access Allowed ReAuthentica tion Timer in second Specify how often a client has to re enter usern...

Page 165: ...n you configure Dynamic WEP Key Exchange PSK Type a pre shared key from 8 to 63 case sensitive ASCII characters including spaces and symbols when you select WPA PSK in the Key Management Protocol fiel...

Page 166: ...heck the user database on the specified RADIUS server for a wireless station s username and password Select Local first then RADIUS to have the ZyAIR first check the user database on the ZyAIR for a w...

Page 167: ...s as shown next System Status is a tool that can be used to monitor your ZyAIR Specifically it gives you information on your Ethernet and Wireless LAN status number of packets sent and received To get...

Page 168: ...the receiving rate in bytes per second Up Time This is the time this channel has been connected to the current remote node Ethernet Address This shows the MAC address of the port IP Address This show...

Page 169: ...igure 18 3 Menu 24 2 System Information and Console Port Speed The ZyAIR has an internal console port for support personnel only Do not open the ZyAIR as it will void your warranty 18 2 1 System Infor...

Page 170: ...subnet mask of the ZyAIR DHCP This field shows the DHCP setting of the ZyAIR When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configurat...

Page 171: ...ror log you will have the option to clear it Samples of typical error and information messages are presented in the next figure Figure 18 7 Sample Error and Information Messages 18 4 Diagnostic The di...

Page 172: ...4 for your ZyAIR and the connections Table 18 3 Menu 24 4 System Maintenance Menu Diagnostic FIELD DESCRIPTION Ping Host Ping the host to see if the links and TCP IP protocol on both systems are worki...

Page 173: ...TP and TFTP clients the filenames are similar to those seen next ftp put firmware bin ras This is a sample FTP session showing the transfer of the computer file firmware bin to the ZyAIR ftp get rom 0...

Page 174: ...ough TFTP can also be used Please note that the terms download and upload are relative to the computer Download means to transfer from the ZyAIR to the computer while upload means from your computer t...

Page 175: ...it to exit the FTP prompt Figure 19 2 FTP Session Example The following table describes some of the commands that you may see in third party FTP clients Table 19 2 General Commands for Third Party FTP...

Page 176: ...s only from this address Step 2 Put the SMT in command interpreter CI mode by entering 8 in Menu 24 System Maintenance Step 3 Enter command sys stdio 0 to disable the SMT timeout so the TFTP transfer...

Page 177: ...Local File Enter the path and name of the firmware file bin extension or configuration file rom extension on your computer Remote File This is the filename on the ZyAIR The filename for the firmware i...

Page 178: ...ined within Menu 24 6 Restore Configuration To transfer the firmware and the configuration file follow the procedure below 1 Launch the FTP client on your workstation 2 Type open and the IP address of...

Page 179: ...24 7 1 System Maintenance Upload System Firmware To upload the system firmware follow the procedure below 1 Launch the FTP client on your workstation 2 Type open and the IP address of your system The...

Page 180: ...rom 0 Likewise get rom 0 config rom transfers the configuration file on the ZyAIR to your computer and renames it config rom See earlier in this chapter for more information on filename conventions S...

Page 181: ...the command sys stdio 0 to disable the SMT timeout so the TFTP transfer will not be interrupted Enter command sys stdio 5 to restore the five minute SMT timeout default when the file transfer is compl...

Page 182: ...s where i specifies binary image transfer mode use this mode when transferring binary files host is the ZyAIR s IP address put transfers the file source on the computer firmware bin name of the firmwa...

Page 183: ...r more detailed information on CI commands Enter 8 from Menu 24 System Maintenance A list of valid commands can be found by typing help or at the command prompt Type exit to return to the SMT main men...

Page 184: ...menu to open Menu 24 System Maintenance Step 2 Then enter 10 to go to Menu 24 10 System Maintenance Time and Date Setting to update the time and date settings of your ZyAIR as shown in the following s...

Page 185: ...are unsure of this information Current Time This field displays an updated time only when you reenter this menu New Time Enter the new time in hour minute and second format Current Date This field dis...

Page 186: ......

Page 187: ...This part provides troubleshooting and background information about setting up your computer s IP address wireless LAN 802 1x and IP subnetting It also provides information on the antenna PoE command...

Page 188: ......

Page 189: ...dware problem In this case you should contact your local vendor The ZyAIR reboots automatically sometimes The supplied power to the ZyAIR is too low Check that the ZyAIR is receiving enough power Make...

Page 190: ...and the LAN computers are on the same subnet Problems with the Password Chart A 3 Troubleshooting the Password PROBLEM CORRECTIVE ACTION I cannot access the ZyAIR The Password and Username fields are...

Page 191: ...adapter on the wireless station is working properly Check that both the ZyAIR and your wireless station are using the same ESSID channel and WEP keys if WEP encryption is activated I cannot ping any...

Page 192: ......

Page 193: ...D DESCRIPTION sys pwderrtm This command displays the brute force guessing password protection settings sys pwderrtm 0 This command turns off the password s protection from brute force guessing sys pwd...

Page 194: ......

Page 195: ...ould already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components are installed configure the TCP IP settings in order...

Page 196: ...then click Add c Select Microsoft from the list of manufacturers d Select TCP IP from the list of network protocols and then click OK If you need Client for Microsoft Networks a Click Add b Select Cl...

Page 197: ...tomatically If you have a static IP address select Specify an IP address and type your information into the IP Address and Subnet Mask fields 2 Click the DNS Configuration tab If you do not know your...

Page 198: ...4 Click OK to save and close the TCP IP Properties window 5 Click OK to close the Network window Insert the Windows CD if prompted 6 Turn on your ZyAIR and restart your computer when prompted Verifyin...

Page 199: ...ddress C 5 1 For Windows XP click start Control Panel In Windows 2000 NT click Start Settings Control Panel 2 For Windows XP click Network Connections For Windows 2000 NT click Network and Dial up Con...

Page 200: ...in Win XP and click Properties 5 The Internet Protocol TCP IP Properties window opens the General tab in Windows XP If you have a dynamic IP address click Obtain an IP address automatically If you hav...

Page 201: ...IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default gateways in the IP Settings ta...

Page 202: ...NS server fields If you have previously configured DNS servers click Advanced and then the DNS tab to order them 8 Click OK to close the Internet Protocol TCP IP Properties window 9 Click OK to close...

Page 203: ...omputer s IP Address C 9 1 Click the Apple menu Control Panel and double click TCP IP to open the TCP IP Control Panel 2 Select Ethernet built in from the Connect via list 3 For dynamically assigned s...

Page 204: ...the Subnet mask box Type the IP address of your ZyAIR in the Router address box 5 Close the TCP IP Control Panel 6 Click Save if prompted to save changes to your configuration 7 Turn on your ZyAIR and...

Page 205: ...Using DHCP from the Configure list 4 For statically assigned settings do the following From the Configure box select Manually Type your IP address in the IP Address box Type your subnet mask in the S...

Page 206: ......

Page 207: ...flexible workgroups a lower total cost of ownership for workspaces that are frequently reconfigured 4 It allows conference room users access to the network as they move from meeting to meeting getting...

Page 208: ...thin range of each other they can set up an independent network which is commonly referred to as an Ad hoc network or Independent Basic Service Set IBSS See the following diagram of an example of an A...

Page 209: ...a series of overlapping BSSs each containing an Access Point connected together by means of a Distribution System DS Although the DS could be any type of network it is almost invariably an Ethernet LA...

Page 210: ......

Page 211: ...11b standard does not provide any central user account management User access control is done through manual modification of the MAC address table on the access point Although WEP data encryption off...

Page 212: ...Authentication Sequence The following figure depicts a typical wireless network with a remote RADIUS server for user authentication using EAPOL EAP Over LAN Diagram E 1 Sequences for EAP MD5 Challenge...

Page 213: ...ion keys for data encryption EAP TLS Transport Layer Security With EAP TLS digital certifications are needed by both the server and the wireless stations for mutual authentication The server presents...

Page 214: ...s but for public deployment simple user name and password pair is more practical The following table is a comparison of the features of four authentication types Comparison of EAP Authentication Types...

Page 215: ...evice The injector must comply to IEEE 802 3af Chart G 1 Power over Ethernet Injector Specifications Power Output 15 4 Watts maximum Power Current 400 mA maximum Chart G 2 Power over Ethernet Injector...

Page 216: ......

Page 217: ...easured in dB decibel is the increase in coverage within the RF beam width Higher antenna gain improves the range of the signal for better communications For an indoor site each 1 dB increase in anten...

Page 218: ...nas should be mounted as high as practically possible and free of obstructions In point to point application position both transmitting and receiving antenna at the same height and in a direct line of...

Page 219: ...0 in the next left most bit In a class B address the first two octets make up the network number and the two remaining octets make up the host ID Class C addresses begin starting from the left with 1...

Page 220: ...ks A subnet mask is used to determine which bits are part of the network number and which bits are part of the host ID using a logical AND operation A subnet mask has 32 bits each bit of the mask corr...

Page 221: ...ass C address using both notations Chart I 4 Alternative Subnet Mask Notation SUBNET MASK IP ADDRESS SUBNET MASK 1 BITS LAST OCTET BIT VALUE 255 255 255 0 24 0000 0000 255 255 255 128 25 1000 0000 255...

Page 222: ...net Mask Binary 11111111 11111111 11111111 10000000 Subnet Address 192 168 1 0 Lowest Host ID 192 168 1 1 Broadcast Address 192 168 1 127 Highest Host ID 192 168 1 126 Chart I 6 Subnet 2 NETWORK NUMBE...

Page 223: ...hosts for each subnet all 0 s is the subnet itself all 1 s is the broadcast address on the subnet Chart I 7 Subnet 1 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 0 IP Address Binary 110000...

Page 224: ...10101000 00000001 11000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 192 Lowest Host ID 192 168 1 193 Broadcast Address 192 168 1 255 Highest Host ID 192 168 1 25...

Page 225: ...and class B addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID A class B address has two host ID octets available for subnetting and...

Page 226: ...Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 9 255 255 255 128 25 512 126 10 255 255 255 192 26 1024 62 11 255 255 255 224 27 2048 30 12 255 255 255 240 28 4096 14 13 255...

Page 227: ...it and possibly render it unusable Command Syntax The command keywords are in courier new font Enter the command keywords exactly as shown do not abbreviate The required fields in a command are enclos...

Page 228: ......

Page 229: ...CP server assigns s The DHCP server assigned an IP address to a client SMT Login Successfully Someone has logged on to the router s SMT interface SMT Login Fail Someone has failed to log on to the rou...

Page 230: ...4 Source Quench 0 A gateway may discard internet datagrams if it does not have the buffer space needed to queue the datagrams for output to the next network on the route to the destination network 5...

Page 231: ...cIP srcPort dst dstIP dstPort msg msg note note This message is sent by the RAS when this syslog is generated The messages and notes are defined in this appendix s other charts Log Commands Go to the...

Page 232: ...Logs Use the sys logs display command to show all of the logs in the ZyAIR s log Use the sys logs category display command to show the log settings for all of the log categories Use the sys logs displ...

Page 233: ...RDS AC Power Adaptor Model DV 121A2 5720 Input Power AC120Volts 60Hz 27VA Output Power DC12Volts 1 2A Power Consumption 10 W Safety Standards UL CUL UL 1310 CSA C22 2 No 223 M91 EUROPEAN PLUG STANDARD...

Page 234: ...nput Power AC100Volts 50 60Hz 27VA Output Power DC12Volts 1 2A Power Consumption 10 W Safety Standards T Mark Japan Dentori AUSTRALIA AND NEW ZEALAND PLUG STANDARDS AC Power Adaptor Model AD 1201200DS...

Page 235: ...Customer Support v D Data encryption 3 1 Default 10 12 DHCP 18 4 Diagnostic 18 6 Diagnostic Tools 18 1 Direct Sequence Spread Spectrum D 2 Distribution System D 3 DS See Distribution System DSSS See...

Page 236: ...ng 13 5 Main Menu 11 4 Management Information Base MIB 16 2 Max Age 5 6 MD5 F 1 Message Digest Algorithm 5 See MD5 Multicast 7 1 N Network Management 1 6 Network Topology With RADIUS Server ExampleE 2...

Page 237: ...19 4 19 5 19 6 19 9 20 1 20 2 20 3 System Management Terminal 11 4 System Name 4 2 System Status 18 2 T TCP IP 18 6 TFTP File Transfer 19 9 Time and Date Setting 20 2 Time Zone 20 3 TLS F 1 Trace Reco...

Reviews:

No comments

Related manuals for Zyair B-1000 v.2

Shakespeare Electronic Galaxy Style 5390 Installation Instructions preview
Galaxy Style 5390
Brand: Shakespeare Electronic Pages: 1
M2 Antenna Systems 902-5 YAGI Manual preview
902-5 YAGI
Brand: M2 Antenna Systems Pages: 4
Panorama Antennas WMM2G-6-60 Installation Instructions Manual preview
WMM2G-6-60
Brand: Panorama Antennas Pages: 8
NARDA PMM RA-01 User Manual preview
PMM RA-01
Brand: NARDA Pages: 26
Hughes Network Systems DIRECWAY Assembly Instructions Manual preview
DIRECWAY
Brand: Hughes Network Systems Pages: 27
Philips SDV5100/12 User Manual preview
SDV5100/12
Brand: Philips Pages: 2
Philips SDV4400 Specifications preview
SDV4400
Brand: Philips Pages: 2
Philips SDV6122 User Manual preview
SDV6122
Brand: Philips Pages: 10
Philips SDV4400 Specification Sheet preview
SDV4400
Brand: Philips Pages: 2
Philips SDV4230/05 Instructions For Use preview
SDV4230/05
Brand: Philips Pages: 2
Philips SDV4240/10 Instructions For Use preview
SDV4240/10
Brand: Philips Pages: 2
Philips SDV6123 User Manual preview
SDV6123
Brand: Philips Pages: 12
Philips SDV6121/12 User Manual preview
SDV6121/12
Brand: Philips Pages: 12
Philips SDV3220/05 Instructions For Use preview
SDV3220/05
Brand: Philips Pages: 2
Philips SDV5225/12 User Manual preview
SDV5225/12
Brand: Philips Pages: 11
Philips SDV2950 Specifications preview
SDV2950
Brand: Philips Pages: 2
Philips SDV2270/17 User Manual preview
SDV2270/17
Brand: Philips Pages: 1
Philips SDV5222T/27 User Manual preview
SDV5222T/27
Brand: Philips Pages: 11

Brands by name

Popular brands

Load more brands