ZyXEL Communications ZyAIR G-3000 User Manual Download Page 213 | Manualshive

Page: 213 / 222

background image

ZyAIR G-3000 User’s Guide

Appendix L Types of EAP Authentication

214

Appendix L

Types of EAP Authentication

This appendix discusses the five popular EAP authentication types:

EAP-MD5

,

EAP-TLS

,

EAP-TTLS

,

PEAP

and

LEAP

.

The type of authentication you use depends on the RADIUS server or the AP. Consult your
network administrator for more information.

EAP-MD5 (Message-Digest Algorithm 5)

MD5 authentication is the simplest one-way authentication method. The authentication server
sends a challenge to the wireless station. The wireless station ‘proves’ that it knows the
password by encrypting the password with the challenge and sends back the information.
Password is not sent in plain text.

However, MD5 authentication has some weaknesses. Since the authentication server needs to
get the plaintext passwords, the passwords must be stored. Thus someone other than the
authentication server may access the password file. In addition, it is possible to impersonate an
authentication server as MD5 authentication method does not perform mutual authentication.
Finally, MD5 authentication method does not support data encryption with dynamic session
key. You must configure WEP encryption keys for data encryption.

EAP-TLS (Transport Layer Security)

With EAP-TLS, digital certifications are needed by both the server and the wireless stations
for mutual authentication. The server presents a certificate to the client. After validating the
identity of the server, the client sends a different certificate to the server. The exchange of
certificates is done in the open before a secured tunnel is created. This makes user identity
vulnerable to passive attacks. A digital certificate is an electronic ID card that authenticates the
sender’s identity. However, to implement EAP-TLS, you need a Certificate Authority (CA) to
handle certificates, which imposes a management overhead.

EAP-TTLS (Tunneled Transport Layer Service)

EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the
server-side authentications to establish a secure connection. Client authentication is then done
by sending username and password through the secure connection, thus client identity is
protected. For client authentication, EAP-TTLS supports EAP methods and legacy
authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2.

«
...
211
212
213
214
215
...
»

Summary of Contents for ZyAIR G-3000

Page 1: ...ZyAIR G 3000 802 11g Business Access Point Bridge Repeater User s Guide Version 3 50 September 2004...

Page 2: ...XEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it con...

Page 3: ...n accordance with the instructions may cause harmful interference to radio communications If this equipment does cause harmful interference to radio television reception which can be determined by tur...

Page 4: ...ress or implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no event be held liable for indirect or consequential damages of any kind of...

Page 5: ...ler St Anaheim CA 92806 2001 U S A sales zyxel com 1 714 632 0858 ftp us zyxel com GERMANY support zyxel de 49 2405 6909 0 www zyxel de ZyXEL Deutschland GmbH Adenauerstr 20 A2 D 52146 Wuerselen Germa...

Page 6: ...er Support 6 FINLAND support zyxel fi 358 9 4780 8411 www zyxel fi ZyXEL Communications Oy Malminkaari 10 00700 Helsinki Finland sales zyxel fi 358 9 4780 8448 a is the prefix number you enter to make...

Page 7: ...tton 28 1 2 1 4 ZyAIR LED 29 1 2 1 5 Bridge Repeater LED 29 1 2 1 6 Power over Ethernet PoE 29 1 2 2 Firmware Features 29 1 2 2 1 Dual WLAN Interface 29 1 2 2 2 Wi Fi Protected Access 30 1 2 2 3 VLAN...

Page 8: ...ethod of Restoring Factory Defaults 39 2 3 Navigating the ZyAIR Web Configurator 40 Chapter 3 Wizard Setup 42 3 1 Wizard Setup Overview 42 3 1 1 Channel 42 3 1 2 ESS ID 42 3 1 3 WEP Encryption 42 3 2...

Page 9: ...ryption 75 6 2 2 Authentication 75 6 3 Configuring WEP Encryption 76 6 4 MAC Filter 78 6 5 802 1x Overview 80 6 6 Introduction to Local User Database 80 6 7 Introduction to RADIUS 80 6 7 1 Types of RA...

Page 10: ...ter 10 Maintenance 106 10 1 Maintenance Overview 106 10 2 System Status Screen 106 10 2 1 System Statistics 107 10 3 Association List 108 10 4 Channel Usage 109 10 5 F W Upload Screen 111 10 6 Configu...

Page 11: ...Setup 134 14 1 Dial in User Setup 134 Chapter 15 SNMP Configuration 136 15 1 About SNMP 136 15 2 Supported MIBs 137 15 3 SNMP Configuration 137 15 4 SNMP Traps 138 Chapter 16 System Security 140 16 1...

Page 12: ...Prompt Example 160 18 4 4 TFTP File Upload 160 18 4 5 Example TFTP Command 161 18 4 6 Uploading Via Console Port 161 18 4 7 Uploading Firmware File Via Console Port 161 18 4 8 Example Xmodem Firmware...

Page 13: ...s 178 Appendix F IP Address Assignment Conflicts 190 Appendix G IP Subnetting 194 Appendix H Command Interpreter 202 Appendix I Log Descriptions 204 Appendix J Wireless LAN and IEEE 802 11 208 Appendi...

Page 14: ...ZyAIR G 3000 User s Guide 15 Table of Contents...

Page 15: ...ystem General Setup 50 Figure 15 Password 52 Figure 16 Time Setting 53 Figure 17 IBSS Ad hoc Wireless LAN 56 Figure 18 Basic Service set 57 Figure 19 Extended Service Set 58 Figure 20 RTS CTS 59 Figur...

Page 16: ...nnected 115 Figure 57 Configuration Upload Error 116 Figure 58 Reset Warning Message 116 Figure 59 Restart Screen 117 Figure 60 Login Screen 118 Figure 61 Menu 23 1 System Security Change Password 119...

Page 17: ...stem Maintenance Upload System Configuration File 159 Figure 99 FTP Session Example 160 Figure 100 Menu 24 7 1 as seen using the Console Port 162 Figure 101 Example Xmodem Upload 162 Figure 102 Menu 2...

Page 18: ...ts Case B 191 Figure 124 IP Address Conflicts Case C 191 Figure 125 IP Address Conflicts Case D 192 Figure 126 Peer to Peer Communication in an Ad hoc Network 209 Figure 127 ESS Provides Campus Wide C...

Page 19: ...AC Address Filter 79 Table 17 Wireless Security Relational Matrix 86 Table 18 Wireless LAN 802 1x WPA 88 Table 19 Wireless LAN 802 1x WPA for 802 1x Protocol 89 Table 20 Wireless LAN 802 1x WPA for WP...

Page 20: ...s 156 Table 54 System Maintenance Time and Date Setting 166 Table 55 Remote Management Port Control 167 Table 56 Menu 24 11 Remote Management Control 168 Table 57 Troubleshooting the Start Up of Your...

Page 21: ...05 Table 84 Log Categories and Available Settings 206 Table 85 Comparison of EAP Authentication Types 215 Table 86 NORTH AMERICAN PLUG STANDARDS 218 Table 87 NORTH AMERICAN PLUG STANDARDS 218 Table 88...

Page 22: ...ZyAIR G 3000 User s Guide 23 List of Tables...

Page 23: ...e SMT parts of this guide contain background information solely on features not configurable by web configurator Related Documentation Supporting Disk Refer to the included CD for support documents Co...

Page 24: ...enu titles and labels are in Bold Times New Roman font Predefined field choices are in Bold Arial font Command and arrow keys are enclosed in square brackets ENTER means the Enter or carriage return k...

Page 25: ...ZyAIR G 3000 User s Guide Preface 26 Graphics Icons Key ZyAIR Computer Notebook computer Server DSLAM Firewall Modem Switch Router Wireless Signal...

Page 26: ...ZyAIR G 3000 User s Guide 27 Preface...

Page 27: ...figure The embedded web based configurator enables easy operation and configuration 1 2 ZyAIR Features The following sections describe the features of the ZyAIR 1 2 1 Physical Features 1 2 1 1 10 100M...

Page 28: ...minating the need for a nearby power source An injector or PoE device not included is also needed to supply the Ethernet cable with power This feature allows increased flexibility in the locating of y...

Page 29: ...g VLAN ID in the MAC header of a frame to identify VLAN membership The ZyAIR can identify VLAN tags for incoming Ethernet frames and add VLAN tags to outgoing Ethernet frames Configure VLAN virtual LA...

Page 30: ...links between switches bridges or routers It allows a bridge to interact with other R STP compliant bridges in your network to ensure that only one path exists between any two stations on the network...

Page 31: ...ransmitting over the wireless network to help keep network communications private 1 2 2 13 IEEE 802 1x Network Security The ZyAIR supports the IEEE 802 1x standard to enhance user authentication Use t...

Page 32: ...f the wireless stations that are currently using the ZyAIR to access your wired network 1 2 2 19 Wireless LAN Channel Usage The Wireless Channel Usage screen displays whether the radio channels are us...

Page 33: ...r Applications for each operating mode are shown below 1 3 2 Access Point The ZyAIR is an ideal access solution for wireless Internet connection A typical Internet access application for your ZyAIR is...

Page 34: ...de the ZyAIR supports both AP A and B can connect to the wired network through X and bridge X can communicate with Y connection at the same time When the ZyAIR is in AP Bridge mode the traffic between...

Page 35: ...connection at the same time A ZyAIR in repeater mode C has no Ethernet connection When the ZyAIR is in the bridge mode you should enable STP to prevent bridge loops When the ZyAIR is in Bridge Repeat...

Page 36: ...ZyAIR G 3000 User s Guide 37 Chapter 1 Getting to Know Your ZyAIR Figure 6 Bridge Application Figure 7 Repeater Application...

Page 37: ...erly connected refer to the Quick Installation Guide Prepare your computer computer network to connect to the ZyAIR refer to the appendix Launch your web browser Type 192 168 1 2 default as the URL Ty...

Page 38: ...Restoring Factory Defaults You can erase the current configuration and restore factory defaults in three ways Use the RESET button on the side panel of the ZyAIR to upload the default configuration f...

Page 39: ...setup Wireless LAN setup and IP address assignment Click the links under ADVANCED to configure advanced features such as SYSTEM General Setup Password and Time Zone WIRELESS Wireless MAC Filter Roamin...

Page 40: ...ZyAIR G 3000 User s Guide 41 Chapter 2 Introducing the Web Configurator...

Page 41: ...lly overlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 channe...

Page 42: ...n Windows 95 98 click Start Settings Control Panel Network Click the Identification tab note the entry for the Computer Name field and enter it as the System Name In Windows 2000 click Start Settings...

Page 43: ...ZyAIR to use a channel select a channel from the drop down list box Open the Channel Usage screen to make sure the channel is not already used by another AP or independent peer to peer wireless netwo...

Page 44: ...zation you should consult your network administrator for the appropriate IP addresses Key 1 to Key 4 The WEP keys are used to encrypt data Both the ZyAIR and the wireless stations must use the same WE...

Page 45: ...erved this block of addresses specifically for private use please do not use any other number unless you are told otherwise Let s say you select 192 168 1 0 as the network number which covers 254 indi...

Page 46: ...ct this option if your ZyAIR is using a static IP address When you select this option fill in the fields below IP Address Enter the IP address of your ZyAIR in dotted decimal notation Note If you chan...

Page 47: ...og in to the web configurator again using the new IP address if you change the default IP address 192 168 1 2 You have successfully set up the ZyAIR A screen displays prompting you to close the web br...

Page 48: ...ZyAIR G 3000 User s Guide 49 Chapter 3 Wizard Setup...

Page 49: ...re 14 System General Setup The following table describes the labels in this screen Table 7 System General Setup LABEL DESCRIPTION General Setup System Name Type a descriptive name to identify the ZyAI...

Page 50: ...ystem DNS Servers First DNS Server Second DNS Server Third DNS Server Select From DHCP if your DHCP server dynamically assigns DNS server information and the ZyAIR s Ethernet IP address The field to t...

Page 51: ...re the ZyAIR s time based on your local time zone Table 8 Password LABEL DESCRIPTIONS Old Password Type in your existing system password 1234 is the default password New Password Type your new system...

Page 52: ...to Time RFC 868 Select None to enter the time and date manually Time Server Address Enter the IP address or the URL of your time server Check with your ISP network administrator if you are unsure of t...

Page 53: ...when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening Start Date mm dd Enter the month and day that your daylight savings time starts o...

Page 54: ...ZyAIR G 3000 User s Guide 55 Chapter 4 System Screens...

Page 55: ...1 1 IBSS An Independent Basic Service Set IBSS also called an Ad hoc network is the simplest WLAN configuration An IBSS is defined as two or more computers with wireless adapters within range of each...

Page 56: ...ccess the wired network but cannot communicate with each other Figure 18 Basic Service set 5 1 3 ESS An Extended Service Set ESS consists of a series of overlapping BSSs each containing an access poin...

Page 57: ...s 5 2 1 RTS CTS A hidden node occurs when two stations are within range of the same access point but are not within range of each other The following figure illustrates a hidden node Both stations STA...

Page 58: ...ir transmission It also reserves and confirms with the requesting station the time frame for the requested transmission Stations can send frames smaller than the specified RTS CTS directly to the AP w...

Page 59: ...ing RSTP topology change information does not have to propagate to the root bridge and unwanted learned addresses are flushed from the filtering database In RSTP the port states are Discarding Learnin...

Page 60: ...e assumes that the link to the root bridge is down This bridge then initiates negotiations with other bridges to reconfigure the network to re establish a valid network topology 5 3 4 STP Port States...

Page 61: ...therwise the ZyAIR uses long preamble 5 5 Configuring Wireless Click the WIRELESS link under ADVANCED to display the Wireless screen The screen varies depending upon the operating mode you select The...

Page 62: ...ed in the ZyAIR Operating Mode Select the operating mode from the drop down list The options are Access Point Bridge Repeater and AP Bridge ESSID Extended Service Set IDentity The ESSID identifies the...

Page 63: ...elect Disable to allow wireless stations to communicate with the access points without any data encryption Select 64 bit WEP or 128 bit WEP to enable data encryption Authentication Method Select Auto...

Page 64: ...AN devices to associate with the ZyAIR Select Mixed to allow either IEEE802 11b or IEEE802 11g compliant WLAN devices to associate with the ZyAIR The transmission rate of your ZyAIR might be reduced M...

Page 65: ...ng in possible throughput degradation and disruption of communications The following examples show two network topologies that can lead to this problem If two or more ZyAIRs in bridge mode are connect...

Page 66: ...Wired LAN To prevent bridge loops ensure that you enable STP in the Wireless screen or your ZyAIR is not set to bridge mode while connected to both wired and wireless segments of the same LAN Click th...

Page 67: ...s only available when you have an external wireless card inserted in the ZyAIR Operating Mode Select Bridge Repeater in this field to display the screen as shown in Enable WDS Security Select the chec...

Page 68: ...P and bridge simultaneously See the section on ZyAIR applications for more information Remote Bridge MAC Address Type the MAC address of the peer device in a valid MAC address format that is six hexad...

Page 69: ...ng 70 Figure 26 Wireless AP Bridge See the tables describing the fields in the Access Point and Bridge Repeater operating modes for descriptions of the fields in this screen Note The following screens...

Page 70: ...the access points to relay information about the wireless stations to each other When a wireless station moves from a coverage area to another it scans and uses the channel of a new access point which...

Page 71: ...ccess point AP 2 for reauthentication 5 6 1 Requirements for Roaming The following requirements must be met in order for wireless stations to roam between the coverage areas 1 All the access points mu...

Page 72: ...m the drop down list box to enable roaming on the ZyAIR if you have two or more ZyAIRs on the same subnet Note All APs on the same subnet and the wireless stations must have the same ESSID to allow ro...

Page 73: ...evels on your ZyAIR EAP Extensible Authentication Protocol is used for authentication and utilizes dynamic WEP key exchange It requires interaction with a RADIUS Remote Authentication Dial In User Ser...

Page 74: ...Open system authentication involves an unencrypted two message procedure A wireless station sends an open system authentication request to the AP which will then automatically accept and connect the w...

Page 75: ...ntication request and the ZyAIR will fall back to use open authentication if the shared key does not match 6 3 Configuring WEP Encryption In order to configure and enable WEP encryption click the WIRE...

Page 76: ...he ZyAIR is on and data is being transmitted received Enable Spanning Tree Control STP R STP detects and breaks network loops and provides backup links between switches bridges or routers It allows a...

Page 77: ...ers for example 00 A0 C5 00 00 02 You need to know the MAC address of the devices to configure this screen The WLAN Adaptor drop down list box is only available when you have an external wireless card...

Page 78: ...y available when you have an external wireless card inserted in the ZyAIR Active Select Yes from the drop down list box to enable MAC address filtering Filter Action Define the filter action for the l...

Page 79: ...to RADIUS RADIUS is based on a client sever model that supports authentication and accounting where access point is the client and the server is the RADIUS server The RADIUS server handles the followi...

Page 80: ...now The key is not sent over the network In addition to the shared key password information exchanged is also encrypted to protect the wired network from unauthorized access 6 8 EAP Authentication Ove...

Page 81: ...r not to authenticate the wireless station 6 9 Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server This key expires when the wireless connection times out discon...

Page 82: ...ses 128 bit keys that are dynamically generated and distributed by the authentication server It includes a per packet key mixing function a Message Integrity Check MIC named Michael an extended initia...

Page 83: ...dentical passwords into the AP and all wireless clients The Pre Shared Key PSK must consist of between 8 and 63 ASCII characters including spaces and symbols 2 The AP checks each client s password and...

Page 84: ...ntification against its database and grants or denies network access accordingly 3 The RADIUS server distributes a Pairwise Master Key PMK key to the AP that then sets up a key hierarchy and managemen...

Page 85: ...al keys by first selecting 64 bit WEP or 128 bit WEP from the WEP Encryption field and then typing the keys in ASCII or hexadecimal format in the key text boxes MAC address filters are not dependent o...

Page 86: ...you must run Windows XP to use it 6 15 Configuring 802 1x and WPA To change your ZyAIR s authentication settings click the WIRELESS link under ADVANCED and then the 802 1x WPA tab The screen varies by...

Page 87: ...he drop down list box Choose from No Access Allowed No Authentication Required and Authentication Required No Access Allowed blocks all wireless stations access to the wired network No Authentication...

Page 88: ...rk The following fields are only available when you select Authentication Required ReAuthentication Timer In Seconds Specify how often wireless stations have to reenter usernames and passwords in orde...

Page 89: ...you have set up the corresponding database correctly first Select Local User Database Only to have the ZyAIR just check the built in user database on the ZyAIR for a wireless station s username and p...

Page 90: ...elect Enable to activate WPA mixed mode Otherwise select Disable WPA Group Key Update Timer The WPA Group Key Update Timer is the rate at which the AP if using WPA PSK key management or RADIUS server...

Page 91: ...key from 8 to 63 case sensitive ASCII characters including spaces and symbols WPA Mixed Mode The ZyAIR can operate in WPA Mixed Mode which supports both clients running WPA and clients running dynami...

Page 92: ...gure 40 Local User Database The following table describes the labels in this screen Table 22 Local User Database LABEL DESCRIPTION Active Select this check box to activate the user profile User Name E...

Page 93: ...is user profile Note that as you type a password the screen displays a for each character you type Apply Click Apply to save your changes back to the ZyAIR Reset Click Reset to beginning coguring this...

Page 94: ...box to enable user accounting through an external authentication server Server IP Address Enter the IP address of the external accounting server in dotted decimal notation Port Number Enter the port n...

Page 95: ...he MAC header of a frame to identify VLAN membership The ZyAIR can identify VLAN tags for incoming Ethernet frames and add VLAN tags to outgoing Ethernet frames 7 1 1 Management VLAN ID The Management...

Page 96: ...on VLAN tagging Management VLAN ID Enter a number from 1 to 255 to define this VLAN group At least one device in your network must belong to this VLAN group in order to manage the ZyAIR Note Mail and...

Page 97: ...Subnet Mask Refer to the IP Address and Subnet Mask section in the Wizard Setup chapter for this information 8 2 2 WAN IP Address Assignment Every computer on the Internet must have a unique IP addres...

Page 98: ...eate an arbitrary IP address always follow the guidelines above For more information on address assignment please refer to RFC 1597 Address Allocation for Private Internets and RFC 1466 Guidelines for...

Page 99: ...eighbor of your ZyAIR that will forward the packet to the destination On the LAN the gateway must be a router on the same segment as your ZyAIR over the WAN the gateway must be the IP address of one o...

Page 100: ...ZyAIR G 3000 User s Guide 101 Chapter 8 IP Screen...

Page 101: ...logs in one location Click the LOGS links under ADVANCED to open the View Log screen Use the View Log screen to see the logs for the categories that you selected in the Log Settings screen see Figure...

Page 102: ...list box to display logs within the selected category To view all logs select All Logs The number of categories shown in the drop down list box depends on the selection in the Log Settings page Time T...

Page 103: ...d below If this field is left blank logs and alert messages will not be sent via e mail Mail Subject Type a title that you want to be in the subject line of the log e mail message that the ZyAIR sends...

Page 104: ...is selected an alert is sent when the log fills up If you select None no log messages are sent Day for Sending Log This field is only available when you select Weekly in the Log Schedule field Use the...

Page 105: ...n where you can use to monitor your ZyAIR Note that these labels are READ ONLY and are meant to be used for diagnostic purposes Figure 46 System Status The following table describes the labels in this...

Page 106: ...how Statistics to see router performance statistics such as number of packets sent and number of packets received for each port Table 29 System Status LABEL DESCRIPTION Table 30 System Status Show Sta...

Page 107: ...is the index number of the bridge connection Active This shows whether the bridge connection is activated or not Remote Bridge MAC Address This is the MAC address of the peer device in bridge mode St...

Page 108: ...ap Click MAINTENANCE and then the Channel Usage tab to display the screen shown next Wait a moment while the ZyAIR compiles the information Table 31 Association List LABEL DESCRIPTION This is the inde...

Page 109: ...displays the MAC address of the AP in an Infrastructure wireless network It is randomly generated so ignore it in an Ad Hoc wireless network Channel This is the index number of the channel currently...

Page 110: ...tructions in this screen to upload firmware to your ZyAIR Figure 50 Firmware Upload The following table describes the labels in this screen After you see the Firmware Upload in Process screen wait two...

Page 111: ...orary network disconnect In some operating systems you may see the following icon on your desktop Figure 52 Network Temporarily Disconnecte After two minutes log in again and check your new firmware v...

Page 112: ...uration Screen See the Firmware and Configuration File Maintenance chapter for transferring configuration files using FTP TFTP commands Click MAINTENANCE and then the Configuration tab Information rel...

Page 113: ...l in case you need to return to your previous settings Click Backup to save the ZyAIR s current configuration to your computer 10 6 2 Restore Configuration Restore configuration allows you to upload a...

Page 114: ...he following icon on your desktop Figure 56 Network Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same sub...

Page 115: ...reen The following warning screen will appear Figure 58 Reset Warning Message You can also press the RESET button on the side panel to reset the factory defaults of your ZyAIR Refer to the section on...

Page 116: ...ZyAIR G 3000 User s Guide 117 Chapter 10 Maintenance Figure 59 Restart Screen...

Page 117: ...character you type Figure 60 Login Screen 3 After entering the password you will see the main menu Please note that if there is no activity for longer than five minutes default timeout period after yo...

Page 118: ...password in the Retype to confirm field for confirmation and press ENTER Note that as you type a password the screen displays an asterisk for each character you type 11 3 ZyAIR SMT Menu Overview Examp...

Page 119: ...tion are listed in the table below Table 35 Main Menu Commands OPERATION KEYSTROKE DESCRIPTION Move down to another menu ENTER To move forward to a submenu type in the number of the desired submenu an...

Page 120: ...save the new configuration N A fields N A Some of the fields in the SMT will show a N A This symbol refers to an option that is Not Applicable Save your configuration ENTER Save your configuration by...

Page 121: ...elated parameters 23 System Security Use this menu to change your password and enable network user authentication 24 System Maintenance This menu provides system status diagnostics software upload etc...

Page 122: ...ZyAIR G 3000 User s Guide 123 Chapter 11 Introducing the SMT...

Page 123: ...1 Procedure To Configure Menu 1 Enter 1 in the Main Menu to open Menu 1 General Setup as shown next Figure 64 Menu 1 General Setup Fill in the required fields Refer to the following table for more in...

Page 124: ...These fields are not available on all models IP Address Enter the IP addresses of the DNS servers This field is available when you select User Defined in the field above When you have completed this...

Page 125: ...nter 3 to display menu 3 Figure 65 Menu 3 LAN Setup Detailed explanation about the LAN Setup menu is given in the next chapter 13 2 TCP IP Ethernet Setup Use menu 3 2 to configure your ZyAIR for TCP I...

Page 126: ...ddress from a DHCP server You must know the IP address assigned to the ZyAIR by the DHCP server to access the ZyAIR again Select Static to give the ZyAIR a fixed unique IP address Enter a subnet mask...

Page 127: ...ice Set IDentity identifies the AP to which the wireless stations associate Wireless stations associating to the AP must have the same ESSID Enter a descriptive name of up to 32 printable 7 bit ASCII...

Page 128: ...default setting is Long See the section on preamble for more information 802 11 Mode Select 802 11b Only to allow only IEEE 802 11b compliant WLAN devices to associate with the ZyAIR Select 802 11g On...

Page 129: ...ed Default Key N A Max Frame Burst 650 Key1 N A VLAN ID 1 Key2 N A Breathing LED Yes Key3 N A Key4 N A Authen Method N A Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Menu 3 5 1 WL...

Page 130: ...ill be allowed to access the router The default action Allowed Association permits association with the ZyAIR MAC addresses not listed will be denied access to the router MAC Address Filter 1 32 Enter...

Page 131: ...ddress 00 00 00 00 00 00 Enable Link 4 No Peer MAC Address 00 00 00 00 00 00 Enable Link 5 No Peer MAC Address 00 00 00 00 00 00 Enable Link 6 No Peer MAC Address 00 00 00 00 00 00 Press ENTER to Conf...

Page 132: ...ZyAIR G 3000 User s Guide 133 Chapter 13 LAN Setup...

Page 133: ...main menu enter 14 to display Menu 14 Dial in User Setup Figure 72 Menu 14 Dial in User Setup Type a number and press ENTER to edit the user profile Menu 14 Dial in User Setup 1 ________ 9 ________ 1...

Page 134: ...42 Menu 14 1 Edit Dial in User FIELD DESCRIPTION User Name Enter a username up to 31 alphanumeric characters long for this user profile This field is case sensitive Active Press SPACE BAR to select Y...

Page 135: ...The ZyAIR supports SNMP version one SNMPv1 and version two c SNMPv2c The next figure illustrates an SNMP management operation SNMP is only available if TCP IP is configured Figure 74 SNMP Management...

Page 136: ...manager to retrieve an object variable from the agent GetNext Allows the manager to retrieve the next object variable from a table or list within an agent In SNMPv1 when a manager wants to retrieve al...

Page 137: ...ord for incoming Set requests from the management station Trusted Host If you enter a trusted host your ZyAIR will only respond to SNMP messages from this address A blank default field means your ZyAI...

Page 138: ...ure defined in RFC 1215 A trap is sent to the manager when receiving any SNMP get or set requirements with wrong community password 6 linkDown defined in RFC 1215 A trap is sent when the port is down...

Page 139: ...stem Security You should change the default password If you forget your password you have to restore the default configuration file Refer to the section on changing the system password in the Introduc...

Page 140: ...nfirm or ESC to Cancel Table 46 Menu 23 2 System Security RADIUS Server FIELD DESCRIPTION Authentication Server Active Press SPACE BAR to select Yes and press ENTER to enable user authentication throu...

Page 141: ...er in dotted decimal notation Port The default port of the RADIUS server for accounting is 1813 You need not change this value unless your network administrator instructs you to do so with additional...

Page 142: ...quired means wireless stations have to enter usernames and passwords before access to the wired network is allowed Select No Access Allowed to block all wireless stations access to the wired network T...

Page 143: ...ted in WPA PSK mode The ZyAIR default is 1800 seconds 30 minutes Authentication Databases The authentication database contains wireless station login information The local user database is the built i...

Page 144: ...ZyAIR G 3000 User s Guide 145 Chapter 16 System Security Once you enable user authentication you need to specify an external RADIUS server or create local user accounts on the ZyAIR for authentication...

Page 145: ...System Status is a tool that can be used to monitor your ZyAIR Specifically it gives you information on your Ethernet and Wireless LAN status number of packets sent and received To get to System Statu...

Page 146: ...pes are Ethernet and Wireless Status This shows the status of the remote node TxPkts This is the number of transmitted packets to this remote node RxPkts This is the number of received packets from th...

Page 147: ...election Note The ZyAIR also has an internal console port for support personnel only Do not open the ZyAIR as it will void your warranty Menu 24 2 1 System Maintenance Information Name G 3000 Routing...

Page 148: ...1 Viewing Error Log The first place you should look for clues when something goes wrong is the error log Follow the procedures to view the local error trace log 1 Type 24 in the main menu to display M...

Page 149: ...4 System Maintenance Diagnostic Follow the procedure next to get to display this menu 1 From the main menu type 24 to open Menu 24 System Maintenance Menu 24 3 System Maintenance Log and Trace 1 View...

Page 150: ...ZyAIR and the connections Table 50 Menu 24 4 System Maintenance Menu Diagnostic FIELD DESCRIPTION Ping Host Ping the host to see if the links and TCP IP protocol on both systems are working DHCP Rele...

Page 151: ...ngs they can be saved back to your computer under a filename of your choosing ZyNOS ZyXEL Network Operating System sometimes referred to as the ras file is the system firmware and has a bin filename e...

Page 152: ...to your computer Backup is highly recommended once your ZyAIR is functioning properly FTP is the preferred method although TFTP can also be used Please note that the terms download and upload are rela...

Page 153: ...he ZyAIR to your computer and renames it config rom See earlier in this chapter for more information on filename conventions 7 Enter quit to exit the FTP prompt Menu 24 5 Backup Configuration To trans...

Page 154: ...s only from this address 2 Put the SMT in command interpreter CI mode by entering 8 in Menu 24 System Maintenance 331 Enter PASS command Password 230 Logged in ftp bin 200 Type I OK ftp get rom 0 zyxe...

Page 155: ...where i specifies binary image transfer mode use this mode when transferring binary files host is the ZyAIR IP address get transfers the file source on the ZyAIR rom 0 name of the configuration file o...

Page 156: ...ore the configuration via FTP or TFTP to your ZyAIR The preferred method is FTP Note that this function erases the current configuration before restoring the previous backup configuration please do no...

Page 157: ...procedure below 1 Launch the FTP client on your workstation 2 Type open and the IP address of your router Then type root and SMT password as requested 3 Type put backupfilename rom 0 where backupfile...

Page 158: ...remote file name on the system 4 The system reboots automatically after a successful firmware upload For details on FTP commands please consult the documentation of your FTP client program For detail...

Page 159: ...om See earlier in this chapter for more information on filename conventions 7 Enter quit to exit the FTP prompt Figure 99 FTP Session Example More commands that you may find in third party FTP clients...

Page 160: ...et binary transfer mode 18 4 5 Example TFTP Command The following is an example TFTP command TFTP i host put firmware bin ras where i specifies binary image transfer mode use this mode when transferri...

Page 161: ...tically restart 18 4 9 Uploading Configuration File Via Console Port 1 Select 2 from Menu 24 7 System Maintenance Upload Firmware to display Menu 24 7 2 System Maintenance Upload System Configuration...

Page 162: ...Menu 24 7 2 System Maintenance Upload System Configuration File To upload system configuration file 1 Enter y at the prompt below to go into debug mode 2 Enter atlc after Enter Debug Mode message 3 Wa...

Page 163: ...main system firmware The CI provides much of the same functionality as the SMT while adding some low level setup and diagnostic functions Enter the CI from the SMT by selecting menu 24 8 See the inclu...

Page 164: ...n the ZyAIR error logs 1 Select menu 24 in the main menu to open Menu 24 System Maintenance 2 Then enter 10 to go to Menu 24 10 System Maintenance Time and Date Setting to update the time and date set...

Page 165: ...RFC 867 format is day month year time zone of the server Time RFC 868 format displays a 4 byte integer giving the total number of seconds since 1970 1 1 at 0 0 0 NTP RFC 1305 is similar to Time RFC 8...

Page 166: ...iguration files using FTP To use this feature your computer must have an FTP client 19 3 3 Web You can use the ZyAIR s embedded web configurator for configuration and file management See the online he...

Page 167: ...0 0 0 0 Press ENTER to Confirm or ESC to Cancel Table 56 Menu 24 11 Remote Management Control FIELD DESCRIPTION Telnet Server FTP Server Web Server SNMP Service DNS Service Each of these read only la...

Page 168: ...nt session of the same type running at one time 5 There is a web remote management session running with a Telnet session A Telnet session will be disconnected if you begin a web session it will not be...

Page 169: ...he power source is working properly Table 58 Troubleshooting the Ethernet Interface PROBLEM CORRECTIVE ACTION Cannot access the ZyAIR from the LAN If the ETHN LED on the front panel is off check the E...

Page 170: ...ot access the ZyAIR through Telnet Refer to the Problems with the Ethernet Interface section for instructions on checking your Ethernet connection Table 61 Troubleshooting the WLAN Interface PROBLEM C...

Page 171: ...on compliance for wireless LAN IEEE 802 1x security standard IEEE 802 3af standard Wi Fi certificate WDS 6 WDS links Bridge Repeater mode Spanning Tree Protocol IEEE 802 1d DHCP Relay Ability to act a...

Page 172: ...ual Ethernet port Wireless port Syslog Errorlog Trace log Packet Log Management Embedded Web Configurator management Command line interface Telnet support Password protected telnet access to internal...

Page 173: ...vice The injector must comply to IEEE 802 3af 7 Table 64 Power over Ethernet Injector Specifications Power Output 15 4 Watts maximum Power Current 400 mA maximum Table 65 Power over Ethernet Injector...

Page 174: ...ZyAIR G 3000 User s Guide 175 Appendix C Power over Ethernet Specifications...

Page 175: ...to block all access attempts for five minutes after the third time an incorrect password is entered Table 66 Brute Force Password Guessing Protection Commands COMMAND DESCRIPTION sys pwderrtm This com...

Page 176: ...ZyAIR G 3000 User s Guide 177 Appendix D Brute Force Password Guessing Protection...

Page 177: ...1 requires the purchase of a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appro...

Page 178: ...Microsoft Networks If you need the adapter 1 In the Network window click Add 2 Select Adapter and then click Add 3 Select the manufacturer and model of your network adapter and then click OK If you n...

Page 179: ...dapter s TCP IP entry and click Properties 2 Click the IP Address tab If your IP address is dynamic select Obtain an IP address automatically If you have a static IP address select Specify an IP addre...

Page 180: ...OK to save and close the TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your ZyAIR and restart your computer when prompted Verifying Settin...

Page 181: ...mputer s IP Address 182 Figure 112 Windows XP Start Menu 2 For Windows XP click Network Connections For Windows 2000 NT click Network and Dial up Connections Figure 113 Windows XP Control Panel 3 Righ...

Page 182: ...Connections Properties 4 Select Internet Protocol TCP IP under the General tab in Win XP and click Properties Figure 115 Windows XP Local Area Connection Properties 5 The Internet Protocol TCP IP Prop...

Page 183: ...tab in IP addresses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Con...

Page 184: ...them Figure 117 Windows XP Internet Protocol TCP IP Properties 8 Click OK to close the Internet Protocol TCP IP Properties window 9 Click OK to close the Local Area Connection Properties window 10Turn...

Page 185: ...up Your Computer s IP Address 186 Figure 118 Macintosh OS 8 9 Apple Menu 2 Select Ethernet built in from the Connect via list Figure 119 Macintosh OS 8 9 TCP IP 3 For dynamically assigned settings sel...

Page 186: ...ck Save if prompted to save changes to your configuration 7 Turn on your ZyAIR and restart your computer if prompted Verifying Settings Check your TCP IP properties in the TCP IP Control Panel window...

Page 187: ...wing From the Configure box select Manually Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your ZyAIR in the Router address box 5 Click...

Page 188: ...ZyAIR G 3000 User s Guide 189 Appendix E Setting up Your Computer s IP Address...

Page 189: ...he same as the IP address of a computer on the LAN Figure 122 IP Address Conflicts CaseA You must set the ZyAIR to use different LAN and WAN IP addresses on different subnets if you enable DHCP server...

Page 190: ...IP addresses on different subnets if you enable DHCP server on the ZyAIR For example you set the WAN IP address to 192 59 1 1 and the LAN IP address to 10 59 1 1 Otherwise It is recommended the ZyAIR...

Page 191: ...s Assignment Conflicts 192 In this case the subscribers are not able to access the Internet Figure 125 IP Address Conflicts Case D This problem can be solved by adding a VLAN enabled switch or set the...

Page 192: ...ZyAIR G 3000 User s Guide 193 Appendix F IP Address Assignment Conflicts...

Page 193: ...ess the first two octets make up the network number and the two remaining octets make up the host ID Class C addresses begin starting from the left with 1 1 0 In a class C address the first three octe...

Page 194: ...host ID Subnet masks are expressed in dotted decimal notation just as IP addresses are The natural masks for class A B and C IP addresses are as follows Subnetting With subnetting the class arrangeme...

Page 195: ...k Normally if no mask is specified it is understood that the natural mask is being used Example Two Subnets As an example you have a class C address 192 168 1 0 with subnet mask of 255 255 255 0 The f...

Page 196: ...68 1 1 and the highest is 192 168 1 126 Similarly the host ID range for the second subnet is 192 168 1 129 to 192 168 1 254 Note In the following charts shaded bolded last octet bit values indicate ho...

Page 197: ...0 IP Address Binary 11000000 10101000 00000001 00000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 0 Lowest Host ID 192 168 1 1 Broadcast Address 192 168 1 63 Hig...

Page 198: ...11111111 11111111 11000000 Subnet Address 192 168 1 192 Lowest Host ID 192 168 1 193 Broadcast Address 192 168 1 255 Highest Host ID 192 168 1 254 Table 78 Eight Subnets SUBNET SUBNET ADDRESS FIRST A...

Page 199: ...tting The following table is a summary for class B subnet planning Table 80 Class B Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 128 0 17 2 32766 2 255 25...

Page 200: ...ZyAIR G 3000 User s Guide 201 Appendix G IP Subnetting...

Page 201: ...command keywords exactly as shown do not abbreviate The required fields in a command are enclosed in angle brackets The optional fields in a command are enclosed in square brackets The symbol means o...

Page 202: ...ZyAIR G 3000 User s Guide 203 Appendix H Command Interpreter...

Page 203: ...ly Someone has logged on to the router s web configurator interface WEB Login Fail Someone has failed to log on to the router s web configurator interface TELNET Login Successfully Someone has logged...

Page 204: ...Type of Service and Host 8 Echo 0 Echo message 11 Time Exceeded 0 Time to live exceeded in transit 1 Fragment reassembly time exceeded 12 Parameter Problem 0 Pointer indicates the error 13 Timestamp 0...

Page 205: ...an individual ZyAIR log category Use the sys logs clear command to erase all of the ZyAIR s logs Log Command Example This example shows how to set the ZyAIR to record the error logs and alerts and th...

Page 206: ...ZyAIR G 3000 User s Guide 207 Appendix I Log Descriptions...

Page 207: ...nce room users access to the network as they move from meeting to meeting getting up to date access to information and the ability to communicate decisions while on the go It provides campus wide netw...

Page 208: ...ation in an Ad hoc Network Infrastructure Wireless LAN Configuration For Infrastructure WLANs multiple Access Points APs link the WLAN to the wired network and allow users to efficiently share network...

Page 209: ...ZyAIR G 3000 User s Guide Appendix J Wireless LAN and IEEE 802 11 210 Figure 127 ESS Provides Campus Wide Coverage...

Page 210: ...ZyAIR G 3000 User s Guide 211 Appendix J Wireless LAN and IEEE 802 11...

Page 211: ...11b standard does not provide any central user account management User access control is done through manual modification of the MAC address table on the access point Although WEP data encryption off...

Page 212: ...LAN With IEEE 802 1x RADIUS Server Authentication Sequence The following figure depicts a typical wireless network with a remote RADIUS server for user authentication using EAPOL EAP Over LAN Figure 1...

Page 213: ...D5 authentication method does not support data encryption with dynamic session key You must configure WEP encryption keys for data encryption EAP TLS Transport Layer Security With EAP TLS digital cert...

Page 214: ...ntation of IEEE802 1x For added security certificate based authentications EAP TLS EAP TTLS and PEAP use dynamic keys for data encryption They are often deployed in corporate environments but for publ...

Page 215: ...ows you to visualize the shape of the antenna s coverage area Antenna Gain Antenna gain measured in dB decibel is the increase in coverage within the RF beam width Higher antenna gain improves the ran...

Page 216: ...or hallways and outdoor point to point applications Positioning Antennas In general antennas should be mounted as high as practically possible and free of obstructions In point to point application po...

Page 217: ...1 2A Power Consumption 10 W Safety Standards UL CUL UL 1310 CSA C22 2 No 223 M91 Table 88 EUROPEAN PLUG STANDARDS AC Power Adaptor Model AD 1201200DV Input Power AC230Volts 50Hz 0 2A Output Power DC1...

Page 218: ...ower Adaptor Specifications Table 91 Australia and New Zealand plug standards AC Power Adaptor Model AD 1201200DS or AD 121200DS Input Power AC240Volts 50Hz 0 2A Output Power DC12Volts 1 2A Power Cons...

Page 219: ...C CA 214 Certificate Authority 214 Channel 42 Channel ID 64 128 Collision 147 Command Interpreter 164 Community 137 CPU Load 147 D Data Encryption 75 Data encryption 42 Default 116 DHCP 149 Diagnosti...

Page 220: ...P Address 45 46 98 99 127 149 151 IP Addressing 194 IP Classes 194 L LAN 108 Link type 147 Log and Trace 150 Log Descriptions 204 Logs 102 Long Preamble Mode 62 M MAC address 78 MAC Address Filter Act...

Page 221: ...Trap 137 Traps 138 Trusted Host 138 Spanning Tree Protocol 60 SSL Passthrough 32 STP 60 STP Spanning Tree Protocol 31 STP Path Costs 60 STP Port States 61 STP Terminology 60 Subnet Mask 46 98 127 149...

Page 222: ...74 WEP Encryption 32 64 77 128 Wi Fi Protected Access 30 Wired Equivalent Privacy 74 Wireless Client WPA Supplicants 87 Wireless Distribution System 30 Wireless LAN 127 208 Wireless LAN Setup 127 Wiz...

Reviews:

No comments

Related manuals for ZyAIR G-3000

BAS-2008 LTE MiMo Indoor

Brand: REMO Pages: 2

Brand: THOMSON Pages: 38

DISH Tailgater Pro VQ4900

Brand: KING Pages: 32

OmPlecs TOP 200 AMR

Brand: ANTONICS Pages: 2

Brand: AvaLAN Pages: 8

Brand: Maco Antennas Pages: 9

Brand: Maco Antennas Pages: 9

Brand: HyperLink Technologies Pages: 18

DGXDSDV111SMA-2KM

Brand: AEI Security & Communications Pages: 56

Brand: Somogyi Pages: 11

Brand: Wireless Beehive Pages: 7

Brand: Light Beam Antenna Pages: 26

Brand: Vision Plus Pages: 2

Brand: Plantec Pages: 3

Brand: Shively Labs Pages: 28

Brand: Hughes Pages: 47

Brand: Teltonika Pages: 96

Brand: Panorama Antennas Pages: 20

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands