manualshive.com logo in svg

ZyXEL Communications ZyAIR G-3000H, User Manual

Share
Download
ZyXEL Communications ZyAIR G-3000H User Manual Download Page 250

G-3000H User’s Guide

250

Appendix G Wireless LANs

EAP-TLS (Transport Layer Security)

With EAP-TLS, digital certifications are needed by both the server and the wireless stations 
for mutual authentication. The server presents a certificate to the client. After validating the 
identity of the server, the client sends a different certificate to the server. The exchange of 
certificates is done in the open before a secured tunnel is created. This makes user identity 
vulnerable to passive attacks. A digital certificate is an electronic ID card that authenticates the 
sender’s identity. However, to implement EAP-TLS, you need a Certificate Authority (CA) to 
handle certificates, which imposes a management overhead. 

EAP-TTLS (Tunneled Transport Layer Service)

EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the 
server-side authentications to establish a secure connection. Client authentication is then done 
by sending username and password through the secure connection, thus client identity is 
protected. For client authentication, EAP-TTLS supports EAP methods and legacy 
authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2. 

PEAP (Protected EAP)

Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, 
then use simple username and password methods through the secured connection to 
authenticate the clients, thus hiding client identity. However, PEAP only supports EAP 
methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), 
for client authentication. EAP-GTC is implemented only by Cisco.

LEAP

LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 
802.1x. 

Dynamic WEP Key Exchange

The AP maps a unique key that is generated with the RADIUS server. This key expires when 
the wireless connection times out, disconnects or reauthentication times out. A new WEP key 
is generated each time reauthentication is performed.

If this feature is enabled, it is not necessary to configure a default encryption key in the 
Wireless screen. You may still configure and store keys here, but they will not be used while 
Dynamic WEP is enabled.

Note: 

EAP-MD5 cannot be used with dynamic WEP key exchange.

For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use 
dynamic keys for data encryption. They are often deployed in corporate environments, but for 
public deployment, a simple user name and password pair is more practical. 

Summary of Contents for ZyAIR G-3000H

Page 1: ...G 3000H 802 11g Wireless Access Point User s Guide Version 3 50 1 2006 ...

Page 2: ...EL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the right to make changes in any products described herein without notice This publication is subject to c...

Page 3: ... not installed and used in accordance with the instructions may cause harmful interference to radio communications If this equipment does cause harmful interference to radio television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures Reorient or relocate the receiving antenna Inc...

Page 4: ...o www zyxel com 1 Select your product from the drop down list box on the ZyXEL home page to go to that product s page 2 Select the certification you wish to view from this page This product has been designed for the WLAN 2 4 GHz network throughout the EC region and Switzerland with restrictions in France ...

Page 5: ... the risk of fire use only No 26 AWG or larger telephone wire 2 Do not use this product near water for example in a wet basement or near a swimming pool 3 Avoid using this product during an electrical storm There may be a remote risk of electric shock from lightening ...

Page 6: ... under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no event be held liable for indirect or consequential damages of any kind of character to the purchaser To obtain the services of this warranty contact ZyXEL s Se...

Page 7: ...rk sales zyxel dk 45 39 55 07 07 FINLAND support zyxel fi 358 9 4780 8411 www zyxel fi ZyXEL Communications Oy Malminkaari 10 00700 Helsinki Finland sales zyxel fi 358 9 4780 8448 FRANCE info zyxel fr 33 4 72 52 97 97 www zyxel fr ZyXEL France 1 rue des Vergers Bat 1 C 69760 Limonest France 33 4 72 52 19 20 GERMANY support zyxel de 49 2405 6909 0 www zyxel de ZyXEL Deutschland GmbH Adenauerstr 20 ...

Page 8: ...t zyxel se 46 31 744 7700 www zyxel se ZyXEL Communications A S Sjöporten 4 41764 Göteborg Sweden sales zyxel se 46 31 744 7701 UKRAINE support ua zyxel com 380 44 247 69 78 www ua zyxel com ZyXEL Ukraine 13 Pimonenko Str Kiev 04050 Ukraine sales ua zyxel com 380 44 494 49 32 UNITED KINGDOM support zyxel co uk 44 1344 303044 08707 555779 UK only www zyxel co uk ZyXEL Communications UK Ltd 11 The C...

Page 9: ... 1 Introducing the ZyAIR 29 1 2 ZyAIR Features 29 1 2 1 Physical Features 29 1 2 2 Firmware Features 30 1 3 Applications for the ZyAIR 35 1 3 1 Access Point 35 1 3 2 Multiple ESS 35 1 3 3 AP Bridge 36 1 3 4 Bridge Repeater 37 Chapter 2 Introducing the Web Configurator 39 2 1 Accessing the ZyAIR Web Configurator 39 2 2 Resetting the ZyAIR 41 2 2 1 Methods of Restoring Factory Defaults 41 2 3 Naviga...

Page 10: ...onfiguration 53 5 1 Wireless LAN Overview 53 5 1 1 BSS 53 5 1 2 ESS 54 5 2 Wireless LAN Basics 54 5 3 WMM QoS 55 5 3 1 WMM QoS Priorities 55 5 3 2 Type Of Service ToS 55 5 3 2 1 DiffServ 56 5 3 2 2 DSCP and Per Hop Behavior 56 5 3 3 ToS Type of Service and WMM QoS 56 5 4 Spanning Tree Protocol STP 57 5 4 1 Rapid STP 57 5 4 2 STP Terminology 57 5 4 3 How STP Works 58 5 4 4 STP Port States 58 5 5 Wi...

Page 11: ...WPA Supplicants 73 6 11 Wireless Security Effectiveness 74 6 12 Configuring Security 74 6 12 1 Security No Access 75 6 12 2 Security WEP 76 6 12 3 Security 802 1x Only 802 1x Static 64 bit WEP 128 bit WEP 77 6 12 4 Security 802 1x Dynamic 64 bit WEP 128 bit WEP 78 6 12 5 Security WPA WPA MIX WPA2 WPA2 MIX 80 6 12 6 Security WPA PSK WPA2 PSK WPA2 PSK MIX 80 6 13 Introduction to RADIUS 82 6 14 Confi...

Page 12: ...1 9 2 1 Configuring Management VLAN Example 103 9 2 2 Configuring Microsoft s IAS Server Example 105 9 2 2 1 Configuring VLAN Groups 106 9 2 2 2 Configuring Remote Access Policies 107 Chapter 10 IP Screen 115 10 1 Factory Ethernet Defaults 115 10 2 TCP IP Parameters 115 10 2 1 IP Address and Subnet Mask 115 10 2 2 WAN IP Address Assignment 115 10 3 Configuring IP 116 Chapter 11 Certificates 117 11...

Page 13: ...6 2 SNMP Traps 142 12 7 SNMP Traps 143 12 7 1 Configuring SNMP 143 Chapter 13 Log Screens 145 13 1 Configuring View Log 145 13 2 Configuring Log Settings 146 Chapter 14 Maintenance 149 14 1 Maintenance Overview 149 14 2 System Status Screen 149 14 2 1 System Statistics 150 14 3 Association List 151 14 4 Channel Usage 152 14 5 F W Upload Screen 154 14 6 Configuration Screen 156 14 6 1 Backup Config...

Page 14: ...figuring Roaming 172 17 3 3 Configuring SSID Profiles 174 17 3 4 Configuring Bridge Link 175 17 3 5 Configuring Layer 2 Isolation 177 Chapter 18 Dial in User Setup 181 18 1 Dial in User Setup 181 Chapter 19 VLAN Setup 183 19 1 VLAN Setup 183 Chapter 20 SNMP Configuration 185 20 1 SNMP Configuration 185 Chapter 21 System Security 187 21 1 System Security 187 21 1 1 System Password 187 21 1 2 Config...

Page 15: ...the FTP command from the DOS Prompt Example 203 23 4 4 TFTP File Upload 203 23 4 5 Example TFTP Command 204 23 4 6 Uploading Via Console Port 204 23 4 7 Uploading Firmware File Via Console Port 204 23 4 8 Example Xmodem Firmware Upload Using HyperTerminal 205 23 4 9 Uploading Configuration File Via Console Port 205 23 4 10 Example Xmodem Configuration Upload Using HyperTerminal 206 Chapter 24 Syst...

Page 16: ...Appendix E Setting up Your Computer s IP Address 227 Appendix F IP Address Assignment Conflicts 239 Appendix G Wireless LANs 243 Appendix H IP Subnetting 255 Appendix I Command Interpreter 263 Appendix J Log Descriptions 265 Appendix K Indoor Installation Recommendations 269 Appendix L Power Adaptor Specifications 271 Appendix M Text File Based Auto Configuration 273 Appendix N Wireless LAN Manage...

Page 17: ...tting 51 Figure 18 Basic Service set 53 Figure 19 Extended Service Set 54 Figure 20 DiffServ Differentiated Service Field 56 Figure 21 Wireless Access Point 59 Figure 22 Bridging Example 62 Figure 23 Bridge Loop Two Bridges Connected to Hub 62 Figure 24 Bridge Loop Bridge Connected to Wired LAN 63 Figure 25 Wireless Bridge Repeater 64 Figure 26 Wireless AP Bridge 66 Figure 27 EAP Authentication 69...

Page 18: ...58 VLAN Aware Switch VLAN Status 104 Figure 59 VLAN Setup 105 Figure 60 New Global Security Group 106 Figure 61 Add Group Members 107 Figure 62 New Remote Access Policy for VLAN Group 108 Figure 63 Specifying Windows Group Condition 108 Figure 64 Adding VLAN Group 109 Figure 65 Granting Permissions and User Profile Screens 109 Figure 66 Authentication Tab Settings 110 Figure 67 Encryption Tab Sett...

Page 19: ...load Error 158 Figure 102 Reset Warning Message 158 Figure 103 Restart Screen 158 Figure 104 Login Screen 159 Figure 105 Menu 23 1 System Security Change Password 160 Figure 106 G 3000H SMT Main Menu 162 Figure 107 Menu 1 General Setup 165 Figure 108 Menu 3 LAN Setup 167 Figure 109 Menu 3 2 TCP IP Setup 168 Figure 110 Menu 3 5 Wireless LAN Setup 169 Figure 111 Menu 3 5 Wireless LAN Setup 171 Figur...

Page 20: ...igure 144 Menu 24 7 1 System Maintenance Upload System Firmware 202 Figure 145 Menu 24 7 2 System Maintenance Upload System Configuration File 202 Figure 146 FTP Session Example 203 Figure 147 Menu 24 7 1 as seen using the Console Port 205 Figure 148 Example Xmodem Upload 205 Figure 149 Menu 24 7 2 as seen using the Console Port 206 Figure 150 Example Xmodem Upload 206 Figure 151 Menu 24 System Ma...

Page 21: ...ion File Example 279 Figure 186 EMS Installation Wizard Welcome Screen 282 Figure 187 EMS Installation Wizard Choose Destination Screen 282 Figure 188 EMS Installation Wizard Complete Screen 283 Figure 189 Starting the SNMPc Network Manager 284 Figure 190 Accessing the SNMPc Startup Settings 284 Figure 191 SNMPc Task Setup Screen 285 Figure 192 Accessing the Compile Mibs Screen 285 Figure 193 Comp...

Page 22: ...G 3000H User s Guide 22 List of Figures ...

Page 23: ...curity Modes for ZyAIR and Windows XP Wireless Client 73 Table 18 ZyAIR Wireless Security Levels 74 Table 19 Security 75 Table 20 Security No Access or None 76 Table 21 Security WEP 76 Table 22 Security 802 1x Only 802 1x Static 64 bit WEP 128 bit WEP 77 Table 23 Security 802 1x Dynamic 64 bit WEP 128 bit WEP 79 Table 24 Security WPA WPA MIX WPA2 or WPA2 MIX 80 Table 25 Security WPA PSK WPA2 PSK o...

Page 24: ...Main Menu Commands 161 Table 61 Main Menu Summary 162 Table 62 Menu 1 General Setup 165 Table 63 Menu 3 2 TCP IP Setup 168 Table 64 Menu 3 5 Wireless LAN Setup 169 Table 65 Menu 3 5 1 WLAN MAC Address Filter 172 Table 66 Menu 3 5 2 Roaming Configuration 173 Table 67 Menu 3 5 6 SSID Profile Edit 175 Table 68 Menu 3 5 4 Bridge Link Configuration 177 Table 69 Menu 3 5 5 Layer 2 Isolation 179 Table 70...

Page 25: ...Class 256 Table 98 Natural Masks 256 Table 99 Alternative Subnet Mask Notation 257 Table 100 Two Subnets Example 257 Table 101 Subnet 1 258 Table 102 Subnet 2 258 Table 103 Subnet 1 259 Table 104 Subnet 2 259 Table 105 Subnet 3 259 Table 106 Subnet 4 260 Table 107 Eight Subnets 260 Table 108 Class C Subnet Planning 260 Table 109 Class B Subnet Planning 261 Table 110 System Maintenance Logs 265 Tab...

Page 26: ...G 3000H User s Guide 26 List of Tables ...

Page 27: ...ration of your ZyAIR using the web configurator or the SMT The web configurator parts of this guide contain background information on features configurable by web configurator The SMT parts of this guide contain background information solely on features not configurable by web configurator Note Use the web configurator System Management Terminal SMT or command interpreter interface to configure yo...

Page 28: ... in Bold Times New Roman font Predefined field choices are in Bold Arial font Command and arrow keys are enclosed in square brackets ENTER means the Enter or carriage return key ESC means the Escape key and SPACE BAR means the Space Bar Mouse action sequences are denoted using a comma For example click the Apple icon Control Panels and then Modem means first click the Apple icon then point your mo...

Page 29: ...n and configuration 1 2 ZyAIR Features The following sections describe the features of the ZyAIR 1 2 1 Physical Features 10 100M Auto negotiating Ethernet Fast Ethernet Interface This auto negotiating feature allows the ZyAIR to detect the speed of incoming transmissions and adjust appropriately without manual intervention It allows data transfer of either 10 Mbps or 100 Mbps in either half duplex...

Page 30: ...a nearby power source An injector or PoE device not included is also needed to supply the Ethernet cable with power This feature allows increased flexibility in the locating of your ZyAIR You only need to connect the external power adaptor if you are not using PoE If you simultaneously use both PoE and the external power adaptor the ZyAIR will draw power from the PoE connection only Refer to the a...

Page 31: ...r incoming Ethernet frames and add VLAN tags to outgoing Ethernet frames Configure VLAN virtual LAN to extend the wireless logical grouping to the wired network A ZyAIR that you configure with the built in wireless card uses the same Management VLAN ID as a ZyAIR configured with a removable wireless card WDS Functionality A Distribution System DS is a wired connection between two or more APs while...

Page 32: ...ireless LANs STP Spanning Tree Protocol RSTP Rapid STP R STP detects and breaks network loops and provides backup links between switches bridges or routers It allows a bridge to interact with other R STP compliant bridges in your network to ensure that only one path exists between any two stations on the network WMM QoS WMM Wi Fi MultiMedia QoS Quality of Service allows you to prioritize wireless ...

Page 33: ... interfaces You can specify a wait time that must expire before entering a fourth password after three incorrect passwords have been entered Please see the appendix for details about this feature Wireless LAN MAC Address Filtering Your ZyAIR checks the MAC address of the wireless station against a list of allowed or denied MAC addresses WEP Encryption WEP Wired Equivalent Privacy encrypts data fra...

Page 34: ...figuration Administrators can use text configuration files to configure the wireless LAN settings for multiple APs The AP can automatically get a configuration file from a TFTP server at start up or after renewing DHCP client information See Appendix M on page 273 for details SNMP SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devic...

Page 35: ...Internet access application for your ZyAIR is shown as follows Stations A B and C can access the wired network through the ZyAIRs Figure 3 Access Point Application 1 3 2 Multiple ESS The ZyAIR s Multiple ESS function allows multiple ESSs to be configured on just one access point the ZyAIR Wireless stations can use different ESSIDs to associate with the same AP Only wireless stations with the same ...

Page 36: ...Y if it moves to the Sales ESS coverage area You cannot configure WPA on your ZyAIR in Multiple ESS mode Figure 4 Multiple ESS Application 1 3 3 AP Bridge In AP Bridge mode the ZyAIR supports both AP A and B can connect to the wired network through X and bridge X can communicate with Y connection at the same time When the ZyAIR is in AP Bridge mode the traffic between ZyAIRs the WDS is not encrypt...

Page 37: ...onnection at the same time A ZyAIR in repeater mode C has no Ethernet connection When the ZyAIR is in the bridge mode you should enable STP to prevent bridge loops When the ZyAIR is in Bridge Repeater mode you don t have to enter a pre shared key but the traffic between devices won t be encrypted if you don t The peer bridge must use the same pre shared key and encryption method The ZyAIR in AP Br...

Page 38: ...G 3000H User s Guide 38 Chapter 1 Getting to Know Your ZyAIR Figure 6 Bridge Application Figure 7 Repeater Application ...

Page 39: ...d and prepare your computer computer network to connect to the ZyAIR refer to the Quick Start Guide 2 Launch your web browser 3 Type 192 168 1 2 as the URL 4 Type 1234 default as the password and click Login In some versions the default password appears automatically if this is the case click Login 5 You should see a screen asking you to change your password highly recommended as shown next Type a...

Page 40: ... certificate using your ZyAIR s MAC address that will be specific to this device Figure 9 Replace Certificate Screen You should now see the MAIN MENU screen Note The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires default five minutes Simply log back into the ZyAIR if this happens to you ...

Page 41: ...n file Hold this button in for about 10 seconds the lights will begin to blink Use this method for cases when the password or IP address of the ZyAIR is not known Use the web configurator to restore defaults refer to Chapter 14 on page 149 Transfer the configuration file to your ZyAIR using FTP See later in the part on SMT configuration for more information 2 3 Navigating the ZyAIR Web Configurato...

Page 42: ...sword and Time Zone WIRELESS Wireless SSID Security RADIUS Layer 2 Isolation MAC Filter Roaming Local User Database IP REMOTE MGNT Telnet FTP WWW and SNMP CERTIFICATES My Certificates Trusted CAs LOGS View reports and Log Settings and VLAN Click MAINTENANCE to view information about your ZyAIR or upgrade configuration firmware files Maintenance includes Status Statistics Association List Channel U...

Page 43: ...should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 channels and an adjacent AP is using channel 1 then you need to select a channel between 6 or 11 The ZyAIR s Scan function is especially designed to automatically scan for a channel with the least interference 3 1 2 ESS ID An Extended Service Set ESS is a group of access...

Page 44: ...y for the Computer Name field and enter it as the System Name In Windows 2000 click Start Settings Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer name field and enter it as the System Name In Windows XP click Start My Computer View system information and then click the Computer Name tab Note the entry i...

Page 45: ...ave the ZyAIR automatically scan for and select a channel with the least interference WEP Encryption Select Disable allows all wireless computers to communicate with the access points without any data encryption Select 64 bit WEP or 128 bit WEP to allow data encryption ASCII Select this option in order to enter ASCII characters as the WEP keys Hex Select this option to enter hexadecimal characters...

Page 46: ...ment please refer to RFC 1597 Address Allocation for Private Internets and RFC 1466 Guidelines for Management of IP Address Space 3 4 2 IP Address and Subnet Mask Similar to the way houses on a street share a common street name so too do computers on a LAN share one common network number Where you obtain your network number depends on your particular situation If the ISP or your network administra...

Page 47: ...DHCP Select this option if your ZyAIR is using a dynamically assigned IP address from a DHCP server each time Note You must know the IP address assigned to the ZyAIR by the DHCP server to access the ZyAIR again Use fixed IP address Select this option if your ZyAIR is using a static IP address When you select this option fill in the fields below IP Address Enter the IP address of your ZyAIR in dott...

Page 48: ...g in to the web configurator again using the new IP address if you change the default IP address 192 168 1 2 You have successfully set up the ZyAIR A screen displays prompting you to close the web browser Click Yes Otherwise click No and the congratulations screen shows next Figure 14 Wizard 4 Setup Complete Well done You have successfully set up your ZyAIR to operate on your network and access th...

Page 49: ...e 15 System General Setup The following table describes the labels in this screen Table 7 System General Setup LABEL DESCRIPTION General Setup System Name Type a descriptive name to identify the ZyAIR in the Ethernet network This name can be up to 30 alphanumeric characters long Spaces are not allowed but dashes and underscores _ are accepted Domain Name This is not a required field Leave this fie...

Page 50: ...mended System DNS Servers First DNS Server Second DNS Server Third DNS Server Select From DHCP if your DHCP server dynamically assigns DNS server information and the ZyAIR s Ethernet IP address The field to the right displays the read only DNS server IP address that the DHCP assigns Select User Defined if you have the IP address of a DNS server Enter the DNS server s IP address in the field to the...

Page 51: ...ed on your local time zone Figure 17 Time Setting Table 8 Password LABEL DESCRIPTIONS Old Password Type in your existing system password 1234 is the default password New Password Type your new system password up to 31 characters Note that as you type a password the screen displays an asterisk for each character you type Retype to Confirm Retype your new system password for confirmation Apply Click...

Page 52: ...ss This field displays the last updated time from the time server When you select None in the Time Protocol field enter the new time in this field and then click Apply Current Date yyyy mm dd This field displays the date of your ZyAIR Each time you reload this page the ZyAIR synchronizes the date with the time server New Date yyyy mm dd This field displays the last updated date from the time serve...

Page 53: ...Set BSS exists when all communications between wireless stations or between a wireless station and a wired network client go through one access point AP Intra BSS traffic is traffic between wireless stations in the BSS When Intra BSS is enabled wireless station A and B can access the wired network and communicate with each other When Intra BSS is disabled wireless station A and B can still access ...

Page 54: ...ification uniquely identifies each ESS All access points and their associated wireless stations within the same ESS must have the same ESSID in order to communicate Figure 19 Extended Service Set 5 2 Wireless LAN Basics Refer also to the Wizard Setup chapter for more background information on Wireless LAN features such as channels See the Wireless LANs Appendix for information on the following Wir...

Page 55: ...sitive to jitter variations in delay 5 3 1 WMM QoS Priorities The following table describes the WMM QoS priority levels that the ZyAIR uses 5 3 2 Type Of Service ToS Network traffic can be classified by setting the ToS Type Of Service values at the data source for example at the Prestige so a server can decide the best method of delivery that is the least cost fastest route and so on Table 10 WMM ...

Page 56: ... device will not conflict with the DSCP mapping Figure 20 DiffServ Differentiated Service Field The DSCP value determines the forwarding behavior the PHB Per Hop Behavior that each packet gets across the DiffServ network Based on the marking rule different kinds of traffic can be marked for different priorities of forwarding Resources can then be allocated according to the DSCP values and the conf...

Page 57: ...th cost is the cost of transmitting a frame onto a LAN through that port It is assigned according to the speed of the link to which a port is attached The slower the media the higher the cost see the following table On each bridge the root port is the port through which this bridge communicates with the root It is the port on this switch with the lowest path cost to the root the root path cost If ...

Page 58: ...e link to the root bridge is down This bridge then initiates negotiations with other bridges to reconfigure the network to re establish a valid network topology 5 4 4 STP Port States STP assigns five port states see next table to eliminate packet looping A bridge port is not allowed to go directly from blocking state to forwarding state so as to eliminate transient loops 5 5 Wireless Screen Overvi...

Page 59: ...C Filter screen to restrict access to your wireless network by MAC address 7 Use the Roaming screen to configure the ZyAIR so that in a network environment with multiple access points wireless stations are able to switch from one access point to another as they move between the coverage areas 8 Configure the built in authentication database in the Local User Database screen 5 6 Configuring Wireles...

Page 60: ...m data fragment size that can be sent Enter a value between 800 and 2432 SSID Profile The SSID Service Set IDentity identifies the Service Set with which a wireless station is associated Wireless stations associating to the access point AP must have the same SSID Select an SSID Profile from the drop down list box Configure SSID profiles in the SSID screen Note If you are configuring the ZyAIR from...

Page 61: ...Bm 11b 12 6mW 11g 5mW Preamble Select a preamble type from the drop down list menu Choices are Long Short and Dynamic See the section on preamble for more information 802 11 Mode Select 802 11b Only to allow only IEEE 802 11b compliant WLAN devices to associate with the ZyAIR Select 802 11g Only to allow only IEEE 802 11g compliant WLAN devices to associate with the ZyAIR Select Mixed to allow eit...

Page 62: ...ssible throughput degradation and disruption of communications The following examples show two network topologies that can lead to this problem If two or more ZyAIRs in bridge mode are connected to the same hub as shown next Figure 23 Bridge Loop Two Bridges Connected to Hub If your ZyAIR in bridge mode is connected to a wired LAN while communicating with another wireless bridge that is also conne...

Page 63: ...o prevent bridge loops ensure that you enable STP in the Wireless screen or your ZyAIR is not set to bridge mode while connected to both wired and wireless segments of the same LAN Click the WIRELESS link under ADVANCED Select Bridge Repeater as the Operating Mode to have the ZyAIR act as a wireless bridge only ...

Page 64: ...ss network To have the ZyAIR automatically select a channel click Scan instead Refer to the Wizard Setup chapter for more information on channels Scan Click this button to have the ZyAIR automatically scan for and select a channel with the least interference RTS CTS Threshold Request To Send The threshold number of bytes for enabling RTS CTS handshake Data with its frame size larger than this valu...

Page 65: ... a wireless connection between two or more APs When you select the check box you are prompted to type a Pre Shared Key PSK The ZyAIR uses TKIP to encrypt traffic on the WDS between AP s Note Other AP s must use the same encryption method to enable WDS This is the index number of the bridge connection Active Select the check box to enable the bridge connection Otherwise clear the check box to disab...

Page 66: ...escriptions of the fields in this screen 5 6 4 Multiple ESS Mode Select MESSID as the Operating Mode to display the screen Refer to the chapter on Multiple ESS and VLAN for configuration and detailed information See the chapter on wireless security for details on the security settings Note The following screens are configurable only in Access Point and AP Bridge operating modes only ...

Page 67: ...e wireless clients but no RADIUS server If you don t have WPA 2 aware wireless clients then use WEP key encrypting A higher bit key offers better security at a throughput trade off You can use manually enter 64 bit or 128 bit WEP keys 6 1 2 Authentication WPA has user authentication and you can also configure IEEE 802 1x to use the built in database Local User Database or a RADIUS server to authen...

Page 68: ...The WEP Encryption Authentication Method and the WEP key fields are not visible when you enable Dynamic WEP Key WPA or WPA PSK in the Security screen 6 3 802 1x Overview The IEEE 802 1x standard outlines enhanced security methods for both the authentication of wireless stations and encryption key management Authentication can be done using the local user database internal to the ZyAIR authenticate...

Page 69: ... user information against its user profile database and determines whether or not to authenticate the wireless station 6 5 Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server This key expires when the wireless connection times out disconnects or reauthentication times out A new WEP key is generated each time reauthentication is performed To use Dynamic WEP en...

Page 70: ...se Master Key PMK key to the AP that then sets up a key hierarchy and management system using the pair wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients This all happens in the background automatically The Message Integrity Check MIC is designed to prevent an attacker from capturing data...

Page 71: ...DIUS Application Example You need the IP address of the RADIUS server its port number default is 1812 and the RADIUS shared secret A WPA 2 application example with an external RADIUS server looks as follows A is the RADIUS server DS is the distribution system 1 The AP passes the wireless client s authentication request to the RADIUS server 2 The RADIUS server then checks the user s identification ...

Page 72: ... Dynamic128 Select this to use 802 1x authentication with a dynamic 128bit WEP key 802 1x Static64 Select this to use 802 1x authentication with a static 64bit WEP key and an authentication server 802 1x Static128 Select this to use 802 1x authentication with a static 128bit WEP key and an authentication server WPA PSK Select this to use WPA with a pre shared key WPA2 PSK Select this to use WPA2 w...

Page 73: ...to use WPA At the time of writing the most widely available supplicant is the WPA patch for Windows XP Funk Software s Odyssey client and Meetinghouse Data Communications AEGIS client The Windows XP patch is a free download that adds WPA capability to Windows XP s built in Zero Configuration wireless client However you must run Windows XP to use it WPA2 MIX Select this to use either WPA2 or WPA de...

Page 74: ...ireless stations If you do not enable any wireless security on your ZyAIR your network is accessible to any wireless networking device that is within range 6 12 Configuring Security Use the Security screen to create secure profiles A security profile is a group of configuration settings which can be assigned to an SSID profile in the SSID configuration screen You can configure up to 16 security pr...

Page 75: ...ay the following screen Figure 31 Security No Access or None Table 19 Security LABEL DESCRIPTION Index This is the index number of the security profile address Profile Name This field displays a name given to a security profile in the Security configuration screen Security Mode This field displays the security mode given to this security profile Edit Select an entry from the list and click Edit to...

Page 76: ...es back to the ZyAIR Reset Click Reset to begin configuring this screen afresh Table 21 Security WEP LABEL DESCRIPTION Name Type a name to identify this security profile Security Mode Choose WEP in this field WEP Encryption Select Disable to allow wireless stations to communicate with the access points without any data encryption Select 64 bit WEP or 128 bit WEP to enable data encryption Authentic...

Page 77: ...decimal characters 0 9 A F If you chose 128 bit WEP then enter 13 ASCII characters or 26 hexadecimal characters 0 9 A F You must configure all four keys but only one key can be activated at any one time The default key is key 1 Apply Click Apply to save your changes back to the ZyAIR Reset Click Reset to begin configuring this screen afresh Table 21 Security WEP LABEL DESCRIPTION Table 22 Security...

Page 78: ...ord again before access to the wired network is allowed The default time interval is 3600 seconds or 1 hour Authentication Databases The authentication database contains wireless station login information The local user database is the built in database on the ZyAIR The RADIUS is an external server Use this drop down list box to select which database the ZyAIR should use first to authenticate a wi...

Page 79: ... the built in database on the ZyAIR The RADIUS is an external server Use this drop down list box to select which database the ZyAIR should use first to authenticate a wireless station Before you specify the priority make sure you have set up the corresponding database correctly first Select Local User Database Only to have the ZyAIR just check the built in user database on the ZyAIR for a wireless...

Page 80: ...ult time interval is 1800 seconds 30 minutes Note If wireless station authentication is done using a RADIUS server the reauthentication timer on the RADIUS server has priority Idle Timeout The ZyAIR automatically disconnects a wireless station from the wired network after a period of inactivity The wireless station needs to enter the username and password again before access to the wired network i...

Page 81: ...ds The default time interval is 1800 seconds 30 minutes Note If wireless station authentication is done using a RADIUS server the reauthentication timer on the RADIUS server has priority Idle Timeout The ZyAIR automatically disconnects a wireless station from the wired network after a period of inactivity The wireless station needs to enter the username and password again before access to the wire...

Page 82: ...IUS user is a simple package exchange in which your ZyAIR acts as a message relay between the wireless station and the network RADIUS server 6 14 Configuring RADIUS Use RADIUS if you want to authenticate wireless users using an external server You can configure up to four RADIUS server profiles Each profile also has one backup authentication server and a backup accounting server These profiles can...

Page 83: ...n server Clear the check box to enable user authentication using the local user profile on the ZyAIR RADIUS Server IP Address Enter the IP address of the external authentication server in dotted decimal notation RADIUS Server Port Enter the port number of the external authentication server The default port number is 1812 You need not change this value unless your network administrator instructs yo...

Page 84: ...ION Active Select this check box to activate the user profile User Name Enter the username up to 31 characters for this user profile Password Type a password up to 31 characters for this user profile Note that as you type a password the screen displays a for each character you type Apply Click Apply to save your changes back to the ZyAIR Reset Click Reset to begin configuring this screen afresh ...

Page 85: ...LAN With Multi ESS the ZyAIR ignores the ToS in the header of data packets and uses a single QoS priority level for all of an ESS s traffic 7 1 2 Notes on Multiple ESS A maximum of eight ESSs are allowed on one AP Each ESS has its own MAC filter set see the MAC filter set section for more information When you enable Multi ESS on the ZyAIR you need to configure separate Unicast and Multicast Broadc...

Page 86: ...S2 and LAN 2 belong to VLAN 2 Wireless group ESS1is limited to accessing the resources on LAN 1 and similarly wireless group ESS2 may only access resources on LAN 2 The switch adds the PVID tag to incoming frames that don t already have tags on switch ports where PVID is enabled Figure 39 Multi ESS with VLAN Example 7 1 5 Configuring Multiple ESS Click the WIRELESS link under ADVANCED and the Wire...

Page 87: ...wireless network To have the ZyAIR automatically select a channel click Scan instead Refer to the Wizard Setup chapter for a little more information on channels Scan To have the ZyAIR automatically select a channel click Scan instead RTS CTS Threshold Request To Send The threshold number of bytes for enabling RTS CTS handshake Data with its frame size larger than this value will perform the RTS CT...

Page 88: ...d received Enable Spanning Tree Control STP R STP detects and breaks network loops and provides backup links between switches bridges or routers It allows a bridge to interact with other R STP compliant bridges in your network to ensure that only one path exists between any two stations on the network Select the check box to activate STP on the ZyAIR Output Power Set the output power of the ZyAIR ...

Page 89: ...re IEEE 802 11g and mixed IEEE 802 11b g networks Maximum Frame Burst sets the maximum time in microseconds that the ZyAIR transmits IEEE 802 11g wireless traffic only Type the maximum frame burst between 0 and 1800 650 1000 or 1800 recommended Enter 0 to disable this feature Apply Click Apply to save your changes back to the ZyAIR Reset Click Reset to begin configuring this screen afresh Table 28...

Page 90: ...this ID before it is sent to the LAN interface Different SSID profiles can use the same or different VLAN IDs This allows you to split wireless stations into groups using similar VLAN IDs Second Rx VLAN This field displays the identification number of incoming Ethernet frames that are forwarded to this ESS This number can be the same for many ESS groups depending on how many you want to be members...

Page 91: ...o the LAN interface Different SSID profiles can use the same or different VLAN IDs This allows you to split wireless stations into groups using similar VLAN IDs Second Rx VLAN Enter a number from 1 to 4094 but different to the VLAN ID entered Traffic received from the LAN interface is tagged with a Second Rx VLAN and forwarded to this SSID profile on the wireless LAN interface Security Select a se...

Page 92: ...ELESS under ADVANCED in your web configurator and the SSID tab 2 Click Edit in the SSID screen 3 You can enter a Second Rx VLAN ID in the following screen The following screen shows VLAN 1 tagged with VLAN ID 1 Incoming packets Second Rx VLAN ID with a VLAN ID 3 are matched to VLAN 1 Figure 44 Configuring SSID Second Rx VLAN ID Example 4 Click Apply to save these settings to the ZyAIR ...

Page 93: ...our ZyAIR B represents an AP C represents a server and 1 2 and 3 represent wireless clients If layer 2 isolation is enabled on the ZyAIR A then wireless clients 1 and 2 cannot communicate with B C or 3 Wireless clients 1 and 2 cannot communicate with each other unless you enable Intra BSS in the Wireless configuration screen Note In the Wireless configuration screen the Enable Intra BSS Traffic ch...

Page 94: ...ociated with the same AP Intra BSS Traffic allows wireless clients associated with the same AP to communicate with each other 8 2 Configuring Layer 2 Isolation If layer 2 isolation is enabled you need to know the MAC address of the wireless client AP computer or router that you want to allow to communicate with the ZyAIR s wireless clients To configure layer 2 isolation click the WIRELESS link und...

Page 95: ... but cannot communicate with other wireless clients or AP s If you want wireless clients associated with the ZyAIR to be able to communicate with each other you must select the Enable Intra BSS Traffic check box in the Wireless configuration screen Allow devices with these MAC addresses These are the MAC address of a wireless client AP computer or router A wireless client associated with the ZyAIR...

Page 96: ...MAC addresses in the Allow devices with these MAC addresses table 1 and 2 cannot communicate with each other unless you enable Intra BSS Figure 48 Layer 2 Isolation Example 1 8 2 3 Layer 2 Isolation Example 2 In the following example wireless clients 1 and 2 can communicate with C but not B or 3 Select the Enable Layer 2 Isolation check box Enter C s MAC address in the Allow devices with these MAC...

Page 97: ... Configuring MAC Filter The MAC filter screen allows you to configure the ZyAIR to give exclusive access to up to 32 devices Allow Association or exclude up to 32 devices from accessing the ZyAIR Deny Association Every Ethernet device has a unique MAC Media Access Control address The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters for example 00 A0 C5 00 ...

Page 98: ... able to switch from one access point to another as they move between the coverage areas This is roaming As the wireless station moves from place to place it is responsible for choosing the most appropriate access point depending on the signal strength network utilization or other factors Table 32 MAC Address Filter LABEL DESCRIPTION Filter Action Define the filter action for the list of MAC addre...

Page 99: ...a wireless station moves between coverage areas Wireless stations can still associate with other APs even if you disable roaming Enabling roaming ensures correct traffic forwarding bridge tables are updated and maximum AP efficiency The AP deletes records of wireless stations that associate with other APs Non ZyXEL APs may not be able to perform this 802 1x authentication information is not exchan...

Page 100: ...hernet and be able to get IP addresses from a DHCP server if using dynamic IP address assignment To enable roaming on your ZyAIR click the WIRELESS link under ADVANCED and then the Roaming tab The screen appears as shown Figure 53 Roaming The following table describes the labels in this screen Table 33 Roaming LABEL DESCRIPTION Active Select Yes from the drop down list box to enable roaming on the...

Page 101: ... A device must be a member of this management VLAN in order to access and manage the ZyAIR If a device is not a member of this VLAN then that device cannot manage the ZyAIR If no devices are in the management VLAN then no one will be able to access the ZyAIR and you will have to restore the default configuration file 9 1 2 VLAN Tagging The ZyAIR supports IEEE 802 1q VLAN tagging Tagged VLAN uses a...

Page 102: ... the ZyAIR See Configuring Management VLAN Example on page 103 for more information VLAN Mapping Table Use this table to map names to VLAN IDs so that the RADIUS server can assign each user or user group a mapped VLAN ID See the your RADIUS server documentation for more information on configuring VLAN ID attributes See Configuring Microsoft s IAS Server Example on page 105 for more information Ind...

Page 103: ...figuration Example Perform the following steps in the switch web configurator 1 Click VLAN under Advanced Application 2 Click Static VLAN 3 Select the ACTIVE check box 4 Type a Name for the VLAN ID Name Type a name to have the ZyAIR check for specific VLAN attributes on incoming messages from the RADIUS server Access accept packets sent by the RADIUS server contain VLAN related attributes The conf...

Page 104: ...g screen displays Figure 57 VLAN Aware Switch 9 Click VLAN Status to display the following screen Figure 58 VLAN Aware Switch VLAN Status Follow the instructions in the Quick Start Guide to set up your ZyAIR for configuration The ZyAIR should be connected to the VLAN aware switch In the above example the switch is using port 1 to connect to your computer and port 2 to connect to the ZyAIR see Figu...

Page 105: ...lows network administrators to assign a specific VLAN configured on the ZyAIR to an individual s Windows User Account When a wireless station is successfully authenticated to the network it is automatically placed into it s respective VLAN ZyXEL uses the following standard RADIUS attributes returned from Microsoft s IAS RADIUS service to place the wireless station into the correct VLAN The followi...

Page 106: ...hed the ZyAIR uses the VLAN ID configured in the SSID screen and the wireless station This VLAN ID is independent and hence different to the ID in the VLAN screen 9 2 2 1 Configuring VLAN Groups To configure a VLAN group you must first define the VLAN Groups on the Active Directory server and assign the user accounts to each VLAN Group 1 Using the Active Directory Users and Computers administrativ...

Page 107: ...ng the Remote Access Policy option on the Internet Authentication Service management interface create a new VLAN Policy for each VLAN Group defined in the previous section The order of the remote access policies is important The most specific policies should be placed at the top of the policy list and the most general at the bottom For example if the Day And Time Restriction policy is still presen...

Page 108: ...on 3 In the Select Attribute screen click Windows Groups and the Add button Figure 63 Specifying Windows Group Condition 4 The Select Groups window displays Select a remote access policy and click the Add button The policy is added to the field below Only one VLAN Group should be associated with each policy 5 Click OK and Next in the next few screens to accept the group value ...

Page 109: ...rship Click the Edit Profile button Figure 65 Granting Permissions and User Profile Screens 7 The Edit Dial in Profile screen displays Click the Authentication tab and select the Extensible Authentication Protocol check box Select an EAP type depending on your authentication needs from the drop down list box Clear the check boxes for all other authentication types listed below the drop down list b...

Page 110: ... performed as a safeguard Figure 67 Encryption Tab Settings 9 Click the IP tab and select the Client may request an IP address check box for DHCP support 10Click the Advanced tab The current default parameters returned to the ZyAIR should be Service Type and Framed Protocol Click the Add button to add an additional three RADIUS VLAN attributes required for 802 1X Dynamic VLAN Assignment ...

Page 111: ... Attributes Screen 11The RADIUS Attribute screen displays From the list three RADIUS attributes will be added Tunnel Medium Type Tunnel Pvt Group ID Tunnel Type Click the Add button Select Tunnel Medium Type Click the Add button Figure 69 RADIUS Attribute Screen ...

Page 112: ... 14The Attribute Information screen displays In the Enter the attribute value in field select String and type a number in the range 1 to 4094 or a Name for this policy This Name should match a name in the VLAN mapping table on the ZyAIR Wireless stations belonging to the VLAN Group specified in this policy will be given a VLAN ID specified in the ZyAIR VLAN table Click OK Figure 71 VLAN ID Attribu...

Page 113: ... the RADIUS Attribute Screen shown as Figure 69 on page 111 Click the Close button The completed Advanced tab configuration should resemble the following screen Figure 73 Completed Advanced Tab Note Repeat the Configuring Remote Access Policies procedure for each VLAN Group defined in the Active Directory Remember to place the most general Remote Access Policies at the bottom of the list and the m...

Page 114: ...G 3000H User s Guide 114 Chapter 9 VLAN ...

Page 115: ...ress If your networks are isolated from the Internet for instance only between your two branch offices you can assign any IP addresses to the hosts without problems However the Internet Assigned Numbers Authority IANA has reserved the following three blocks of IP addresses specifically for private networks You can obtain your IP address from the IANA from an ISP or have it assigned by a private ne...

Page 116: ...te You must know the IP address assigned to the ZyAIR by the DHCP server to access the ZyAIR again Use fixed IP address Select this option if your ZyAIR is using a static IP address When you select this option fill in the fields below IP Address Enter the IP address of your ZyAIR in dotted decimal notation Note If you change the ZyAIR s IP address you must use the new IP address if you want to acc...

Page 117: ...the public key openly available 3 Tim uses his private key to encrypt the message and sends it to Jenny 4 Jenny receives the message and uses Tim s public key to decrypt it 5 Additionally Jenny uses her own private key to encrypt a message and Tim uses Jenny s public key to decrypt the message The ZyAIR uses certificates based on public key cryptology to authenticate users attempting to establish ...

Page 118: ...comes more mature it may not be available in some areas You can have the ZyAIR act as a certification authority and sign its own certificates 11 3 Configuration Summary This section summarizes how to manage certificates on the ZyAIR Use the My Certificate screens to generate and export self signed certificates or certification requests and import the ZyAIRs CA signed certificates Use the Trusted C...

Page 119: ...is field displays the certificate index number The certificates are listed in alphabetical order Name This field displays the name used to identify this certificate It is recommended that you give each certificate a unique name Type This field displays what kind of certificate this is REQ represents a certification request and is not yet a valid certificate Send a certification request to a certif...

Page 120: ...n with an in depth list of information about the certificate Click the delete icon to remove the certificate A window displays asking you to confirm that you want to delete the certificate You cannot delete a certificate that one or more features is configured to use Do the following to delete a certificate that shows SELF in the Type field 1 Make sure that no other features such as HTTPS VPN SSH ...

Page 121: ...corresponding certification request that was generated by the ZyAIR Note The certificate you import replaces the corresponding request in the My Certificates screen Note You must remove any spaces from the certificate s filename before you can import it Figure 76 My Certificate Import The following table describes the labels in this screen Table 39 My Certificate Import LABEL DESCRIPTION File Path...

Page 122: ...y this certificate Subject Information Use these fields to record information that identifies the owner of the certificate You do not have to fill in every field although the Common Name is mandatory The certification authority may add fields such as a serial number to the subject information when it issues a certificate It is recommended that each certificate have unique subject information Commo...

Page 123: ... request and enroll for a certificate immediately online to have the ZyAIR generate a request for a certificate and apply to a certification authority for a certificate You must have the certification authority s certificate already imported in the Trusted CAs screen When you select this option you must select the certification authority s enrollment protocol and the certification authority s cert...

Page 124: ...rtificate Create screen Make sure that the certification authority information is correct and that your Internet connection is working properly if you want the ZyAIR to enroll a certificate online 11 8 My Certificate Details Click CERTIFICATES and then My Certificates to open the My Certificates screen see Figure 75 Click the details icon to open the My Certificate Details screen You can use this ...

Page 125: ... Default self signed certificate which signs the imported remote host certificates Select this check box to have the ZyAIR use this certificate to sign the trusted remote host certificates that you import to the ZyAIR This check box is only available with self signed certificates If this check box is already selected you cannot clear it in this screen you must select this check box in another self...

Page 126: ...uthority such as Common Name Organizational Unit Organization and Country With self signed certificates this is the same as the Subject Name field Signature Algorithm This field displays the type of algorithm that was used to sign the certificate The ZyAIR uses rsa pkcs1 sha1 RSA public private key encryption algorithm and the SHA1 hash algorithm Some certification authorities may use ras pkcs1 md...

Page 127: ...into a printable form You can copy and paste a certification request into a certification authority s web page an e mail that you send to the certification authority or a text editor and save the file on a management computer for later manual enrollment You can copy and paste a certificate into an e mail to send to friends or colleagues or you can copy and paste a certificate into a text editor an...

Page 128: ...any and country With self signed certificates this is the same information as in the Subject field Valid From This field displays the date that the certificate becomes applicable The text displays in red and includes a Not Yet Valid message if the certificate has not yet become applicable Valid To This field displays the date that the certificate expires The text displays in red and includes an Ex...

Page 129: ...s the labels in this screen Delete Click Delete to delete an existing certificate A window display asking you to confirm that you want to delete the certificate Note that subsequent certificates move up by one when you take this action Refresh Click this button to display the current validity status of the certificates Table 42 Trusted CAs continued LABEL DESCRIPTION Table 43 Trusted CA Import LAB...

Page 130: ... the details icon to open the Trusted CA Details screen Use this screen to view in depth information about the certification authority s certificate change the certificate s name and set whether or not you want the ZyAIR to check a certification authority s list of revoked certificates before trusting a certificate issued by the certification authority ...

Page 131: ...efault self signed certificate which signs the imported remote host certificates Select this check box to have the ZyAIR use this certificate to sign the trusted remote host certificates that you import to the ZyAIR This check box is only available with self signed certificates If this check box is already selected you cannot clear it in this screen you must select this check box in another self s...

Page 132: ... issuing certification authority such as Common Name Organizational Unit Organization and Country With self signed certificates this is the same information as in the Subject Name field Signature Algorithm This field displays the type of algorithm that was used to sign the certificate Some certification authorities use rsa pkcs1 sha1 RSA public private key encryption algorithm and the SHA1 hash al...

Page 133: ... in PEM Base 64 Encoded Format This read only text box displays the certificate or certification request in Privacy Enhanced Mail PEM format PEM uses 64 ASCII characters to convert the binary certificate into a printable form You can copy and paste the certificate into an e mail to send to friends or colleagues or you can copy and paste the certificate into a text editor and save the file on a man...

Page 134: ...G 3000H User s Guide 134 Chapter 11 Certificates ...

Page 135: ...er priority when another remote management session of higher priority starts The priorities for the different types of remote management sessions are as follows 1 Telnet 2 HTTP 12 1 1 Remote Management Limitations Remote management over LAN or WAN will not work when 1 A filter in SMT menu 3 1 LAN or in menu 11 5 WAN is applied to block a Telnet FTP or Web service 2 You have disabled that service i...

Page 136: ... Timeout There is a default system management idle timeout of five minutes three hundred seconds The ZyAIR automatically logs you out if the management session remains idle for longer than this timeout period The management session does not time out when a statistics screen is polling You can change the timeout period in the System screen 12 2 Configuring WWW To change your ZyAIR s World Wide Web ...

Page 137: ... HTTPS proxy server listens on port 443 by default If you change the HTTPS proxy server port to a different number on the ZyAIR for example 8443 then you must notify people who need to access the ZyAIR web configurator to use https ZyAIR IP Address 8443 as the URL Server Access Select a ZyAIR interface from Server Access on which incoming HTTPS access is allowed You can allow only secure web confi...

Page 138: ...ccess Select the interface s through which a computer may access the ZyAIR using this service Secured Client IP Address A secured client is a trusted computer that is allowed to communicate with the ZyAIR using this service Select All to allow any computer to access the ZyAIR using this service Choose Selected to just allow the computer with the IP address that you specify to access the ZyAIR usin...

Page 139: ...EL DESCRIPTION Server Port You may change the server port number for a service if needed however you must use the same port number in order to use that service for remote management Server Access Select the interface s through which a computer may access the ZyAIR using this service Secured Client IP Address A secured client is a trusted computer that is allowed to communicate with the ZyAIR using...

Page 140: ...red Note SNMP is only available if TCP IP is configured Table 47 Remote Management FTP LABEL DESCRIPTION Server Port You may change the server port number for a service if needed however you must use the same port number in order to use that service for remote management Server Access Select the interface s through which a computer may access the ZyAIR using this service Secured Client IP Address ...

Page 141: ...s of variables include such as number of packets received node port status etc A Management Information Base MIB is a collection of managed objects SNMP allows a manager and agents to communicate for the purpose of accessing these objects SNMP itself is a simple request response protocol based on the manager agent model The manager issues a request and the agent returns responses using the followi...

Page 142: ...3 6 1 6 3 1 1 5 5 The device sends this trap when it receives any SNMP get or set requirements with the wrong community password Note snmpEnableAuthenTraps OID 1 3 6 1 2 1 11 30 defined in RFC 1214 and RFC 1907 must be enabled on in order for the device to send authenticationFailure traps Use a MIB browser to enable or disable snmpEnableAuthenTraps Traps defined in the ZyXEL Private MIB whyReboot ...

Page 143: ...rs as shown pwWlanStaAuthFail 1 3 6 1 4 1 890 1 9 2 3 2 1 This trap is sent when a wireless client has failed to connect to the AP The MAC address of the wireless client the ESSID and the reason are listed pwTFTPStatus 1 3 6 1 4 1 890 1 9 2 3 3 1 This trap is sent to indicate the status and result of a TFTP client session that has ended Table 48 SNMP Traps TRAP NAME OBJECT IDENTIFIER OID DESCRIPTI...

Page 144: ...ger The default is public and allows all requests Destination Type the IP address of the station to send your SNMP traps to SNMP Service Port You may change the server port number for a service if needed however you must use the same port number in order to use that service for remote management Service Access Select the interface s through which a computer may access the ZyAIR using this service ...

Page 145: ...this page Once the log entries are all used the log will wrap around and the old logs will be deleted Click a column heading to sort the entries A triangle indicates the direction of the sort order Figure 88 View Log The following table describes the labels in this screen Table 51 View Log LABEL DESCRIPTION Display Select a log category from the drop down list box to display logs within the select...

Page 146: ...yAIR is to send An alert is a type of log that warrants more serious attention Some categories such as System Errors consist of both logs and alerts You may differentiate them by their color in the View Log screen Alerts are displayed in red and logs are displayed in black Notes This field displays additional information about the log entry Email Log Now Click Email Log Now to send the log screen ...

Page 147: ...address specified in this field If this field is left blank logs will not be sent via e mail Send Alerts to Enter the e mail address where the alert messages will be sent If this field is left blank alert messages will not be sent via e mail Syslog Logging Syslog logging sends a log to an external syslog server used to store logs Active Click Active to enable syslog logging Syslog Server IP Addres...

Page 148: ...g This field is only available when you select Weekly in the Log Schedule field Use the drop down list box to select which day of the week to send the logs Time for Sending Log Enter the time of the day in 24 hour format for example 23 00 equals 11 00 pm to send the logs Clear log after sending mail Select the check box to clear all logs after logs and alert messages are sent via e mail Log Select...

Page 149: ...or diagnostic purposes Figure 90 System Status The following table describes the labels in this screen Table 53 System Status LABEL DESCRIPTION System Name This is the System Name you enter in the first Internet Access Wizard screen It is for identification purposes ZyNOS Firmware Version This is the ZyNOS Firmware version and the date created ZyNOS is ZyXEL s proprietary Network Operating System ...

Page 150: ... the Ethernet port This shows the transmission speed only for wireless port TxPkts This is the number of transmitted packets on this port RxPkts This is the number of received packets on this port Collisions This is the number of collisions on this port Tx B s This shows the transmission speed in bytes per second on this port Rx B s This shows the reception speed in bytes per second on this port U...

Page 151: ...rval Click this button to apply the new poll interval you entered above Stop Click this button to stop refreshing statistics Table 54 System Status Show Statistics LABEL DESCRIPTION Table 55 Association List LABEL DESCRIPTION Stations This is the index number of an associated wireless station MAC Address This field displays the MAC address of an associated wireless station Association Time This fi...

Page 152: ...you should select a channel removed from it by five channels to completely avoid overlap Click MAINTENANCE and then the Channel Usage tab to display the screen shown next Wait a moment while the ZyAIR compiles the information Privacy This field displays whether traffic on the WDS is encrypted or not Refresh Click Refresh to reload the screen Table 55 Association List LABEL DESCRIPTION ...

Page 153: ...ce Set IBSS as one that doesn t See the Wireless Configuration and Roaming chapter for more information on basic service sets BSS and extended service sets ESS MAC Address This field displays the MAC address of the AP in an Infrastructure wireless network It is randomly generated so ignore it in an Ad Hoc wireless network Channel This is the index number of the channel currently used by the associ...

Page 154: ...urn off the ZyAIR while firmware upload is in progress Network Mode Network mode in this screen refers to your wireless LAN infrastructure refer to the Wireless LAN chapter and WEP setup Network modes are Infrastructure same as an extended service set ESS Infrastructure with WEP WEP encryption is enabled Ad Hoc same as an independent basic service set IBSS or Ad Hoc with WEP Refresh Click Refresh ...

Page 155: ... automatically restarts in this time causing a temporary network disconnect In some operating systems you may see the following icon on your desktop Figure 96 Network Temporarily Disconnected After two minutes log in again and check your new firmware version in the System Status screen If the upload was not successful the following screen will appear Click Return to go back to the F W Upload scree...

Page 156: ...actory defaults backup configuration and restoring configuration appears as shown next Figure 98 Configuration 14 6 1 Backup Configuration Backup configuration allows you to back up save the ZyAIR s current configuration to a file on your computer Once your ZyAIR is configured and functioning properly it is highly recommended that you back up your configuration file before making configuration cha...

Page 157: ...tems you may see the following icon on your desktop Figure 100 Network Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default ZyAIR IP address 192 168 1 2 See your Quick Installation Guide for details on how to set up your computer s IP address If the upload was not successful th...

Page 158: ...wing warning screen will appear Figure 102 Reset Warning Message You can also press the RESET button on the side panel to reset the factory defaults of your ZyAIR Refer to the section on resetting the ZyAIR for more information on the RESET button 14 7 Restart Screen System restart allows you to reboot the ZyAIR without turning the power off Click MAINTENANCE and then Restart Click Restart to have...

Page 159: ...aracter you type Figure 104 Login Screen 3 After entering the password you will see the main menu Please note that if there is no activity for longer than five minutes default timeout period after you log in your ZyAIR will automatically log you out You will then have to telnet into the ZyAIR again You can use the web configurator or the CI commands to change the inactivity time out period 15 2 Ch...

Page 160: ...e 15 3 ZyAIR SMT Menu Overview Example The following table gives you an overview of your ZyAIR s various SMT menus Menu 23 1 System Security Change Password Old Password New Password Retype to confirm Enter here to CONFIRM or ESC to CANCEL Table 59 SMT Menus Overview MENUS SUB MENUS 1 General Setup 1 1 Configure Dynamic DNS 3 LAN Setup 3 2 TCP IP Setup 3 5 Wireless LAN Setup 3 5 1 WLAN MAC Address...

Page 161: ...MT Menus Overview continued MENUS SUB MENUS Table 60 Main Menu Commands OPERATION KEYSTROKE DESCRIPTION Move down to another menu ENTER To move forward to a submenu type in the number of the desired submenu and press ENTER Move up to a previous menu ESC Press ESC to move back to the previous menu Move to a hidden menu Press SPACE BAR to change No to Yes then press ENTER Fields beginning with Edit ...

Page 162: ...ious menu Exit the SMT Type 99 then press ENTER Type 99 at the main menu prompt and press ENTER to exit the SMT interface Table 60 Main Menu Commands OPERATION KEYSTROKE DESCRIPTION Copyright c 1994 2005 ZyXEL Communications Corp ZyAIR G 3000H Main Menu Getting Started Advanced Management 1 General Setup 22 SNMP Configuration 3 LAN Setup 23 System Security 24 System Maintenance Advanced Applicatio...

Page 163: ...r 15 Introducing the SMT 163 24 System Maintenance This menu provides system status diagnostics software upload etc 99 Exit Use this to exit from SMT and return to a blank screen Table 61 Main Menu Summary MENU TITLE DESCRIPTION ...

Page 164: ...G 3000H User s Guide 164 Chapter 15 Introducing the SMT ...

Page 165: ...Procedure To Configure Menu 1 Enter 1 in the Main Menu to open Menu 1 General Setup as shown next Figure 107 Menu 1 General Setup Fill in the required fields Refer to the following table for more information about these fields Menu 1 General Setup System Name G 3000H Domain Name First System DNS Server From DHCP IP Address N A Second System DNS Server None IP Address N A Third System DNS Server No...

Page 166: ...These fields are not available on all models IP Address Enter the IP addresses of the DNS servers This field is available when you select User Defined in the field above When you have completed this menu press ENTER at the prompt Press ENTER to Confirm to save your configuration or press ESC at any time to cancel Table 62 Menu 1 General Setup FIELD DESCRIPTION ...

Page 167: ...er 3 to display menu 3 Figure 108 Menu 3 LAN Setup Detailed explanation about the LAN Setup menu is given in the next chapter 17 2 TCP IP Ethernet Setup Use menu 3 2 to configure your ZyAIR for TCP IP To edit menu 3 2 enter 3 from the main menu to display Menu 3 LAN Setup When menu 3 appears press 2 and press ENTER to display Menu 3 2 TCP IP Setup as shown next Menu 3 LAN Setup 2 TCP IP Setup 5 Wi...

Page 168: ...dress from a DHCP server You must know the IP address assigned to the ZyAIR by the DHCP server to access the ZyAIR again Select Static to give the ZyAIR a fixed unique IP address Enter a subnet mask appropriate to your network and the gateway IP address if applicable IP Address Enter the LAN IP address of your ZyAIR in dotted decimal notation IP Subnet Mask Your ZyAIR will automatically calculate ...

Page 169: ...sociating to the AP must have the same SSID Enter a descriptive name of up to 32 printable 7 bit ASCII characters This field is only available when you select Access Point or AP Bridge in the Operating Mode field Hide Name SSID Press SPACE BAR and select Yes to hide the SSID in the outgoing data frame so an intruder cannot obtain the SSID through scanning Channel ID Press SPACE BAR to select a cha...

Page 170: ...st Enable Maximum Frame Burst to help eliminate collisions in mixed mode networks networks with both IEEE 802 11g and IEEE 802 11b traffic and enhance the performance of both pure IEEE 802 11g and mixed IEEE 802 11b g networks Maximum Frame Burst sets the maximum time in microseconds that the ZyAIR transmits IEEE 802 11g wireless traffic only Type the maximum frame burst between 0 and 1800 650 100...

Page 171: ... Intra BSS Traffic No Output Power 11b 17dBm 11g 13dBm Edit Layer 2 Isolation No Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Menu 3 5 1 WLAN MAC Address Filter Active No Filter Action Allowed Association 1 00 00 00 00 00 00 13 00 00 00 00 00 00 25 00 00 00 00 00 00 2 00 00 00 00 00 00 14 00 00 00 00 00 00 26 00 00 00 00 00 00 3 00 00 00 00 00 00 15 00 00 00 00 00 00 27 00 00 ...

Page 172: ...Define the filter action for the list of MAC addresses in the MAC address filter table To deny access to the ZyAIR press SPACE BAR to select Deny Association and press ENTER MAC addresses not listed will be allowed to access the router The default action Allowed Association permits association with the ZyAIR MAC addresses not listed will be denied access to the router MAC Address Filter 1 32 Enter...

Page 173: ...eathing LED Yes Block Intra BSS Traffic No Output Power 11b 15dBm 11g 11dBm Edit Layer 2 Isolation No Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Menu 3 5 2 Roaming Configuration Active Yes Port 3517 Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Table 66 Menu 3 5 2 Roaming Configuration FIELD DESCRIPTION Active Press SPACE BAR and then ENTER to select Yes ...

Page 174: ...Profile field Press SPACE BAR to select Yes and press ENTER Menu 3 5 6 SSID Profile Edit displays as shown next Menu 3 5 Wireless LAN Setup Edit MAC Address Filter No Operating Mode MESSID Edit Roaming Configuration No Edit SSID Profile Yes Hide Name SSID No Select SSID Profile N A Channel ID CH06 2437MHz Edit Bridge Link Configuration No RTS Threshold 2432 Preamble Long Frag Threshold 2432 802 11...

Page 175: ...1 Active No Active No 4 SSID01 8 SSID01 Active No Active No Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Table 67 Menu 3 5 6 SSID Profile Edit FIELD DESCRIPTION SSID 1 8 Press SPACE BAR to select an SSID from 1 to 16 The SSID Service Set IDentity identifies the Service Set with which a wireless station is associated Wireless stations associating to the access point AP must hav...

Page 176: ...on displays as shown next Menu 3 5 Wireless LAN Setup Edit MAC Address Filter N A Operating Mode Bridge Repeater Edit Roaming Configuration N A Edit SSID Profile N A Hide Name SSID N A Select SSID Profile N A Channel ID CH06 2437MHz Edit Bridge Link Configuration Yes RTS Threshold 2432 Preamble Long Frag Threshold 2432 802 11 Mode Mixed Max Frame Burst 650 Breathing LED Yes Block Intra BSS Traffic...

Page 177: ... Table 68 Menu 3 5 4 Bridge Link Configuration FIELD DESCRIPTION Enable Link 1 5 Press SPACE BAR to select Yes or No and press ENTER Peer MAC Address Type the MAC address of peer device in valid MAC address format that is six hexadecimal character pairs for example 12 34 56 78 9a bc PSK Type a pre shared key from 8 to 63 case sensitive ASCII characters including spaces and symbols Enable WDS Secur...

Page 178: ...13dBm Edit Layer 2 Isolation Yes Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Menu 3 5 5 Layer 2 Isolation Allow devices with these MAC addresses 1 00 00 00 00 00 00 13 00 00 00 00 00 00 25 00 00 00 00 00 00 2 00 00 00 00 00 00 14 00 00 00 00 00 00 26 00 00 00 00 00 00 3 00 00 00 00 00 00 15 00 00 00 00 00 00 27 00 00 00 00 00 00 4 00 00 00 00 00 00 16 00 00 00 00 00 00 28 00 ...

Page 179: ...hose devices are listed in this table Type the MAC addresses of the wireless client AP computer or router that you want to allow the ZyAIR associated wireless clients to have access to in these address fields Type the MAC address in a valid MAC address format that is six hexadecimal character pairs for example 12 34 56 78 9a bc F Note The Block Intra BSS Traffic changes from No to Yes when you ena...

Page 180: ...G 3000H User s Guide 180 Chapter 17 LAN Setup ...

Page 181: ...ain menu enter 14 to display Menu 14 Dial in User Setup Figure 121 Menu 14 Dial in User Setup Type a number and press ENTER to edit the user profile Menu 14 Dial in User Setup 1 ________ 9 ________ 17 ________ 25 ________ 2 ________ 10 ________ 18 ________ 26 ________ 3 ________ 11 ________ 19 ________ 27 ________ 4 ________ 12 ________ 20 ________ 28 ________ 5 ________ 13 ________ 21 ________ 29...

Page 182: ...70 Menu 14 1 Edit Dial in User FIELD DESCRIPTION User Name Enter a username up to 31 alphanumeric characters long for this user profile This field is case sensitive Active Press SPACE BAR to select Yes and press ENTER to enable the user profile Password Enter a password up to 31 characters long for this user profile When you have completed this menu press ENTER at the prompt Press ENTER to confirm...

Page 183: ...A 4 Active No ID N A Name N A 5 Active No ID N A Name N A 6 Active No ID N A Name N A 7 Active No ID N A Name N A 8 Active No ID N A Name N A 9 Active No ID N A Name N A 10 Active No ID N A Name N A 11 Active No ID N A Name N A 12 Active No ID N A Name N A 13 Active No ID N A Name N A 14 Active No ID N A Name N A 15 Active No ID N A Name N A 16 Active No ID N A Name N A Press ENTER to Confirm or E...

Page 184: ...eck for specific VLAN attributes on incoming messages from the RADIUS server Access accept packets sent by the RADIUS server contain VLAN related attributes The configured Name field is checked against these attributes If the configured Name field matches these attributes the corresponding VLAN ID entry is used to access the specific VLAN group If the configured Name field does not match the VLAN ...

Page 185: ...nity public Set Community public Trusted Host 0 0 0 0 Trap Community public Destination 0 0 0 0 Press ENTER to Confirm or ESC to Cancel Table 72 Menu 22 SNMP Configuration FIELD DESCRIPTION SNMP Get Community Type the Get Community which is the password for the incoming Get and GetNext requests from the management station Set Community Type the Set Community which is the password for incoming Set ...

Page 186: ...ess of the station to send your SNMP traps to When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go back to the previous screen Table 72 Menu 22 SNMP Configuration FIELD DESCRIPTION ...

Page 187: ...3 System Security You should change the default password If you forget your password you have to restore the default configuration file Refer to the section on changing the system password in the Introducing the SMT chapter and the section on resetting the ZyAIR in the Introducing the Web Configurator chapter 21 1 2 Configuring Security Profiles Enter 23 in the main menu to display Menu 23 System ...

Page 188: ...ion on page 67 for a description of the fields displayed in this screen Menu 23 System Security 1 Change Password 5 Security Profile Edit Enter Menu Selection Number Menu 23 5 Security Profile Edit Index 1 Profile Name security01 Mode WEP Authentication Databases N A ReAuthentication Timer in second N A Idle Timeout in second N A Group Key Update Timer in second N A PSK N A WEP Encryption 64bit WE...

Page 189: ...ystem Status is a tool that can be used to monitor your ZyAIR Specifically it gives you information on your Ethernet and Wireless LAN status number of packets sent and received To get to System Status type 24 to go to Menu 24 System Maintenance From this menu type 1 System Status There are two commands in Menu 24 1 System Maintenance Status Entering 9 resets the counters pressing ESC takes you bac...

Page 190: ...he status of the remote node TxPkts This is the number of transmitted packets to this remote node RxPkts This is the number of received packets from this remote node Cols This is the number of collisions on this connection Tx B s This shows the transmission rate in bytes per second Rx B s This shows the receiving rate in bytes per second Up Time This is the time this channel has been connected to ...

Page 191: ... in menu 24 2 to display the screen shown next Figure 131 Menu 24 2 1 System Information Information The following table describes the fields in this menu Menu 24 2 System Information and Console Port Speed 1 System Information 2 Console Port Speed Please enter selection Menu 24 2 1 System Maintenance Information Name G 3000H Routing BRIDGE ZyNOS F W Version V3 50 AAC 0 b1 05 25 2005 Country Code ...

Page 192: ...w the procedures to view the local error trace log 1 Type 24 in the main menu to display Menu 24 System Maintenance 2 From menu 24 type 3 to display Menu 24 3 System Maintenance Log and Trace ZyNOS F W Version Refers to the ZyNOS ZyXEL Network Operating System system firmware version ZyNOS is a registered trademark of ZyXEL Communications Corporation Country Code Refers to the country code of the ...

Page 193: ...owing figure Figure 135 Menu 24 4 System Maintenance Diagnostic Follow the procedure next to get to display this menu Menu 24 3 System Maintenance Log and Trace 1 View Error Log Please enter selection 55 Sat Jan 1 00 00 00 2000 PP05 ERROR Wireless LAN init fail code 1 56 Sat Jan 1 00 00 01 2000 PP07 INFO LAN promiscuous mode 1 57 Sat Jan 1 00 00 01 2000 PINI INFO Last errorlog repeat 1 Times 58 Sa...

Page 194: ...available in menu 24 4 for your ZyAIR and the connections Table 75 Menu 24 4 System Maintenance Menu Diagnostic FIELD DESCRIPTION Ping Host Ping the host to see if the links and TCP IP protocol on both systems are working DHCP Release Release the IP address assigned by the DHCP server DHCP Renewal Get a new IP address from the DHCP server Reboot System Reboot the ZyAIR Host IP Address If you typed...

Page 195: ...s they can be saved back to your computer under a filename of your choosing ZyNOS ZyXEL Network Operating System sometimes referred to as the ras file is the system firmware and has a bin filename extension With many FTP and TFTP clients the filenames are similar to those seen next ftp put firmware bin ras This is a sample FTP session showing the transfer of the computer file firmware bin to the Z...

Page 196: ... your computer Backup is highly recommended once your ZyAIR is functioning properly FTP is the preferred method although TFTP can also be used Please note that the terms download and upload are relative to the computer Download means to transfer from the ZyAIR to the computer while upload means from your computer to the ZyAIR 23 2 1 Backup Configuration Using FTP Enter 5 in Menu 24 System Maintena...

Page 197: ...e ZyAIR to your computer and renames it config rom See earlier in this chapter for more information on filename conventions 7 Enter quit to exit the FTP prompt Menu 24 5 Backup Configuration To transfer the configuration file to your workstation follow the procedure below 1 Launch the FTP client on your workstation 2 Type open and the IP address of your router Then type root and SMT password as re...

Page 198: ... only from this address 2 Put the SMT in command interpreter CI mode by entering 8 in Menu 24 System Maintenance 331 Enter PASS command Password 230 Logged in ftp bin 200 Type I OK ftp get rom 0 zyxel rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp 327680 bytes sent in 1 10Seconds 297 89Kbytes sec ftp quit Table 77 General Commands for Third Party FTP Cl...

Page 199: ...ere i specifies binary image transfer mode use this mode when transferring binary files host is the ZyAIR IP address get transfers the file source on the ZyAIR rom 0 name of the configuration file on the ZyAIR to the file destination on the computer and renames it config rom The following table describes some of the fields that you may see in third party TFTP clients 23 2 5 Backup Via Console Port...

Page 200: ...tore the configuration via FTP or TFTP to your ZyAIR The preferred method is FTP Note that this function erases the current configuration before restoring the previous backup configuration please do not attempt to restore unless you have a backup configuration stored on disk To restore configuration using FTP or TFTP is the same as uploading the configuration file please refer to the following sec...

Page 201: ...ware that uploading the configuration file replaces everything contained within Menu 24 6 Restore Configuration To transfer the firmware and the configuration file follow the procedure below 1 Launch the FTP client on your workstation 2 Type open and the IP address of your router Then type root and SMT password as requested 3 Type put backupfilename rom 0 where backupfilename is the name of your b...

Page 202: ... remote file name on the system 4 The system reboots automatically after a successful firmware upload For details on FTP commands please consult the documentation of your FTP client program For details on uploading system firmware using TFTP note that you must remain on this menu to upload system firmware using TFTP please see your manual Press ENTER to Exit Menu 24 7 2 System Maintenance Upload S...

Page 203: ... See earlier in this chapter for more information on filename conventions 7 Enter quit to exit the FTP prompt Figure 146 FTP Session Example More commands that you may find in third party FTP clients are listed earlier in this chapter 23 4 4 TFTP File Upload The ZyAIR also supports the up downloading of the firmware and the configuration file using TFTP Trivial File Transfer Protocol over LAN Alth...

Page 204: ... binary transfer mode 23 4 5 Example TFTP Command The following is an example TFTP command TFTP i host put firmware bin ras where i specifies binary image transfer mode use this mode when transferring binary files host is the ZyAIR s IP address put transfers the file source on the computer firmware bin name of the firmware on the computer to the file destination on the remote host ras name of the ...

Page 205: ...cally restart 23 4 9 Uploading Configuration File Via Console Port 1 Select 2 from Menu 24 7 System Maintenance Upload Firmware to display Menu 24 7 2 System Maintenance Upload System Configuration File Follow the instructions as shown in the next screen Menu 24 7 1 System Maintenance Upload System Firmware To upload system firmware 1 Enter y at the prompt below to go into debug mode 2 Enter atur ...

Page 206: ...enu 24 7 2 System Maintenance Upload System Configuration File To upload system configuration file 1 Enter y at the prompt below to go into debug mode 2 Enter atlc after Enter Debug Mode message 3 Wait for Starting XMODEM upload message before activating Xmodem upload on your terminal 4 After successful firmware upload enter atgo to restart the system Warning 1 Proceeding with the upload will eras...

Page 207: ...in system firmware The CI provides much of the same functionality as the SMT while adding some low level setup and diagnostic functions Enter the CI from the SMT by selecting menu 24 8 See the included disk or the zyxel com web site for more detailed information on CI commands Enter 8 from Menu 24 System Maintenance A list of valid commands can be found by typing help or at the command prompt Type...

Page 208: ...you should not configure it without notifying the Vantage CNM administrator 24 1 2 Configuring Vantage CNM Vantage CNM is disabled on the device by default You can configure Vantage CNM on your ZyXEL device by using the following commands Menu 24 System Maintenance 1 System Status 2 System Information and Console Port Speed 3 Log and Trace 4 Diagnostic 5 Backup Configuration 6 Restore Configuratio...

Page 209: ...M is enabled on the ZyXEL device using a WAN connection active 1 is displayed If Vantage CNM is enabled on the ZyXEL device using a WAN or LAN connection active 2 is displayed Use this command to disable Vantage CNM on your ZyXEL device Use this command to enable Vantage CNM on your ZyXEL device using a WAN connection Use this command to enable Vantage CNM on your ZyXEL device using a WAN or LAN c...

Page 210: ...tage 2 Agent tester 3 Server 0 1 2 3 This command displays the output of Vantage CNM debug messages Type this command to not display Vantage CNM debug messages Type this command to display Vantage CNM debug messages on the console after the ZyXEL device registers with the Vantage CNM server Type this command to display Vantage CNM debug messages on the console after the ZyXEL device registers with...

Page 211: ...1 to have the ZyXEL device use DES encryption or type 2 to have the ZyXEL device use 3DES encryption The ZyXEL device must use the same encryption mode as the Vantage CNM server keepalive 0 seconds Keepalive messages are sent to the Vantage CNM server by the ZyXEL device They show the connection status between the ZyXEL device and the Vantage CNM server This command displays the time interval in s...

Page 212: ... cnm active 1 cnm active 1 G 3000H G 3000H cnm managerIp managerIp 0 0 0 0 G 3000H cnm managerIp 10 1 1 1 managerIp 10 1 1 1 G 3000H G 3000H cnm debug cnm debug 0 0 Disable 1 Vantage 2 Agent tester 3 Server G 3000H G 3000H cnm sgid sgId 0X0000000000000000 G 3000H cnm sgid 0a1b2c3d4e5f6a sgId 0X000a1b2c3d4e5f6a G 3000H G 3000H cnm encrymode cnm encrymode 0 0 NONE 1 DES 2 3DES G 3000H cnm encrymode ...

Page 213: ...rotocol Enter the time service protocol that your time server sends when you turn on the ZyAIR Not all time servers support all protocols so you may have to check with your ISP network administrator or use trial and error to find a protocol that works The main differences between them are the format Daytime RFC 867 format is day month year time zone of the server Time RFC 868 format displays a 4 b...

Page 214: ...nfigure your ZyAIR for remote Telnet access as shown next Figure 156 Telnet Configuration on a TCP IP Network 24 3 2 FTP You can upload and download ZyAIR firmware and configuration files using FTP To use this feature your computer must have an FTP client End Date If using daylight savings time enter the month and day that it ends on Once you have filled in this menu press ENTER at the message Pre...

Page 215: ...ess interface and the secured client IP address to enhance security and flexibility You may manage your ZyAIR from a remote location via the Internet WAN only the LAN only All LAN and WAN or Disable neither Note If you enable remote management of a service but have applied a filter to block the service then you will not be able to remotely manage the service Enter 11 from menu 24 to display Menu 2...

Page 216: ...the same port number to use that service for remote management Access Select the access interface if any by pressing the SPACE BAR Choices are LAN only WAN only All or Disable The default is LAN only Secured Client IP The default 0 0 0 0 allows any client to use this service to remotely manage the ZyAIR Enter an IP address to restrict access to a client with a matching IP address Certificate This ...

Page 217: ...unning You may only have one remote management session of the same type running at one time 5 There is a web remote management session running with a Telnet session A Telnet session will be disconnected if you begin a web session it will not begin if there already is a web session 24 4 Remote Management and NAT When NAT is enabled Use the ZyAIR s WAN IP address when configuring from the WAN Use th...

Page 218: ...G 3000H User s Guide 218 Chapter 24 System Maintenance and Information ...

Page 219: ...e power source is working properly Table 84 Troubleshooting the Ethernet Interface PROBLEM CORRECTIVE ACTION Cannot access the ZyAIR from the LAN If the ETHN LED on the front panel is off check the Ethernet cable connection between your ZyAIR and the Ethernet device connected to the ETHERNET port Check for faulty Ethernet cables Make sure your computer s Ethernet adapter is installed and working p...

Page 220: ... access the ZyAIR through Telnet Refer to the Problems with the Ethernet Interface section for instructions on checking your Ethernet connection Table 87 Troubleshooting the WLAN Interface PROBLEM CORRECTIVE ACTION Cannot access the ZyAIR from the WLAN Make sure the wireless card is properly inserted in the ZyAIR and the link LED is on Make sure the wireless adapter on the wireless station is work...

Page 221: ... compliance for wireless LAN IEEE 802 11g specification compliance for wireless LAN IEEE 802 1x security standard IEEE 802 3af standard Wi Fi certificate Spanning Tree Protocol IEEE 802 1d DHCP Relay Ability to act as a DHCP relay to pass the IP address from the DHCP server from either WAN port or NAT router Security MAC address filtering through WLAN supporting 32 accounts IEEE 802 1x security MD...

Page 222: ...y DRAM Wireless port Syslog Errorlog Trace log Packet Log Management Embedded Web Configurator management Command line interface Telnet support Password protected telnet access to internal configuration manager FTP TFTP Web for firmware downloading configuration backup and restoration Telnet remote access support Built in Diagnostic Tool SNMP Management RADIUS client Table 89 Firmware continued ...

Page 223: ...device The injector must comply to IEEE 802 3af 7 Table 90 Power over Ethernet Injector Specifications Power Output 15 4 Watts maximum Power Current 400 mA maximum Table 91 Power over Ethernet Injector RJ 45 Port Pin Assignments PIN NO RJ 45 SIGNAL ASSIGNMENT 1 Output Transmit Data 2 Output Transmit Data 3 Receive Data 4 Power 5 Power 6 Receive Data 7 Power 8 Power 1 2 3 4 5 6 7 8 ...

Page 224: ...G 3000H User s Guide 224 Appendix C Power over Ethernet PoE Specifications ...

Page 225: ... block all access attempts for five minutes after the third time an incorrect password is entered Table 92 Brute Force Password Guessing Protection Commands COMMAND DESCRIPTION sys pwderrtm This command displays the brute force guessing password protection settings sys pwderrtm 0 This command turns off the password s protection from brute force guessing The brute force password guessing protection...

Page 226: ...G 3000H User s Guide 226 Appendix D Brute Force Password Guessing Protection ...

Page 227: ... requires the purchase of a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components are installed configure the TCP IP settings in order to communicate with your network If you manually assign IP information instead of using dynamic assignment make sure that yo...

Page 228: ...icrosoft Networks If you need the adapter 1 In the Network window click Add 2 Select Adapter and then click Add 3 Select the manufacturer and model of your network adapter and then click OK If you need TCP IP 1 In the Network window click Add 2 Select Protocol and then click Add 3 Select Microsoft from the list of manufacturers 4 Select TCP IP from the list of network protocols and then click OK I...

Page 229: ...pter s TCP IP entry and click Properties 2 Click the IP Address tab If your IP address is dynamic select Obtain an IP address automatically If you have a static IP address select Specify an IP address and type your information into the IP Address and Subnet Mask fields Figure 159 Windows 95 98 Me TCP IP Properties IP Address 3 Click the DNS Configuration tab If you do not know your DNS information...

Page 230: ... to save and close the TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your ZyAIR and restart your computer when prompted Verifying Settings 1 Click Start and then Run 2 In the Run window type winipcfg and then click OK to open the IP Configuration window 3 Select your network adapter You should see your computer s IP address subnet mask ...

Page 231: ...uter s IP Address 231 Figure 161 Windows XP Start Menu 2 For Windows XP click Network Connections For Windows 2000 NT click Network and Dial up Connections Figure 162 Windows XP Control Panel 3 Right click Local Area Connection and then click Properties ...

Page 232: ...nnections Properties 4 Select Internet Protocol TCP IP under the General tab in Win XP and click Properties Figure 164 Windows XP Local Area Connection Properties 5 The Internet Protocol TCP IP Properties window opens the General tab in Windows XP If you have a dynamic IP address click Obtain an IP address automatically ...

Page 233: ...ab in IP addresses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default gateways in the IP Settings tab by clicking Add in Default gateways In TCP IP Gateway Address type the IP address of the default gateway in Gateway To manually configure a defa...

Page 234: ...em Figure 166 Windows XP Internet Protocol TCP IP Properties 8 Click OK to close the Internet Protocol TCP IP Properties window 9 Click OK to close the Local Area Connection Properties window 10Turn on your ZyAIR and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and then Command Prompt 2 In the Command Prompt window type ipconfig and then press ENTER Y...

Page 235: ... Your Computer s IP Address 235 Figure 167 Macintosh OS 8 9 Apple Menu 2 Select Ethernet built in from the Connect via list Figure 168 Macintosh OS 8 9 TCP IP 3 For dynamically assigned settings select Using DHCP Server from the Configure list ...

Page 236: ... Save if prompted to save changes to your configuration 7 Turn on your ZyAIR and restart your computer if prompted Verifying Settings Check your TCP IP properties in the TCP IP Control Panel window Macintosh OS X 1 Click the Apple menu and click System Preferences to open the System Preferences window Figure 169 Macintosh OS X Apple Menu 2 Click Network in the icon bar Select Automatic from the Lo...

Page 237: ...ing From the Configure box select Manually Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your ZyAIR in the Router address box 5 Click Apply Now and close the window 6 Turn on your ZyAIR and restart your computer if prompted Verifying Settings Check your TCP IP properties in the Network window ...

Page 238: ...G 3000H User s Guide 238 Appendix E Setting up Your Computer s IP Address ...

Page 239: ... same as the IP address of a computer on the LAN Figure 171 IP Address Conflicts Case A You must set the ZyAIR to use different LAN and WAN IP addresses on different subnets if you enable DHCP server on the ZyAIR For example you set the WAN IP address to 192 59 1 1 and the LAN IP address to 10 59 1 1 Otherwise It is recommended the ZyAIR use a public WAN IP address Case B The ZyAIR LAN IP address ...

Page 240: ...if you enable DHCP server on the ZyAIR For example you set the WAN IP address to 192 59 1 1 and the LAN IP address to 10 59 1 1 Otherwise It is recommended the ZyAIR use a public WAN IP address Case D Two or more subscribers have the same IP address By converting all private IP addresses to the WAN IP address the ZyAIR allows subscribers with different network configurations to access the Internet...

Page 241: ...er s Guide Appendix F IP Address Assignment Conflicts 241 Figure 174 IP Address Conflicts Case D This problem can be solved by adding a VLAN enabled switch or set the computers to obtain IP addresses dynamically ...

Page 242: ...G 3000H User s Guide 242 Appendix F IP Address Assignment Conflicts ...

Page 243: ... or Independent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an Ad hoc wireless LAN Figure 175 Peer to Peer Communication in an Ad hoc Network BSS A Basic Service Set BSS exists when all communications between wireless stations or between a wireless station and a wired network client go through one access point AP Intra BSS tra...

Page 244: ...ed connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood An ESSID ESS IDentification uniquely identifies each ESS All access points and their associated wireless stations within the sa...

Page 245: ...verlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 channels and an adjacent AP is using channel 1 then you need to select a channel between 6 or 11 RTS CTS A hidden node occurs when two stations are within range of the same access point but are not within range ...

Page 246: ...smission It also reserves and confirms with the requesting station the time frame for the requested transmission Stations can send frames smaller than the specified RTS CTS directly to the AP without the RTS Request To Send CTS Clear to Send handshake You should only configure RTS CTS if the possibility of hidden nodes exists on your network and the cost of resending large frames is more than the ...

Page 247: ...liant wireless adapters must support long preamble However not all wireless adapters support short preamble Use long preamble if you are unsure what preamble mode the wireless adapters support to ensure interpretability between the AP and the wireless stations and to provide more reliable communication in noisy networks Select Dynamic to have the AP automatically use short preamble when all wirele...

Page 248: ...wireless stations RADIUS RADIUS is based on a client server model that supports authentication authorization and accounting The access point is the client and the server is the RADIUS server The RADIUS server handles the following tasks Authentication Determines the identity of the users Authorization Determines the network services available to authenticated users once they are connected to the n...

Page 249: ...endix discusses some popular authentication types EAP MD5 EAP TLS EAP TTLS PEAP and LEAP The type of authentication you use depends on the RADIUS server or the AP Consult your network administrator for more information EAP MD5 Message Digest Algorithm 5 MD5 authentication is the simplest one way authentication method The authentication server sends a challenge to the wireless station The wireless ...

Page 250: ...such as PAP CHAP MS CHAP and MS CHAP v2 PEAP Protected EAP Like EAP TTLS server side certificate authentication is used to establish a secure connection then use simple username and password methods through the secured connection to authenticate the clients thus hiding client identity However PEAP only supports EAP methods such as EAP MD5 EAP MSCHAPv2 and EAP GTC EAP Generic Token Card for client ...

Page 251: ...unction a Message Integrity Check MIC named Michael an extended initialization vector IV with sequencing rules and a re keying mechanism TKIP regularly changes and rotates the encryption keys so that the same encryption key is never used twice The RADIUS server distributes a Pairwise Master Key PMK key to the AP that then sets up a key hierarchy and management system using the pair wise key to dyn...

Page 252: ...IEEE 802 1x and Extensible Authentication Protocol EAP to authenticate wireless clients using an external RADIUS database If both an AP and the wireless clients support WPA2 and you have an external RADIUS server use WPA2 for stronger data encryption If you don t have an external RADIUS server you should use WPA2 PSK WPA2 Pre Shared Key that only requires a single identical password entered into e...

Page 253: ...c WEP Key Yes Enable without Dynamic WEP Key Yes Disable WPA WEP No Yes WPA TKIP No Yes WPA PSK WEP Yes Yes WPA PSK TKIP Yes Yes Table 95 Wireless Security Relational Matrix continued AUTHENTICATION METHOD KEY MANAGEMENT PROTOCOL ENCRYPTION METHOD ENTER MANUAL KEY ENABLE IEEE 802 1X ...

Page 254: ...G 3000H User s Guide 254 Appendix G Wireless LANs ...

Page 255: ...ss the first two octets make up the network number and the two remaining octets make up the host ID Class C addresses begin starting from the left with 1 1 0 In a class C address the first three octets make up the network number and the last octet is the host ID Class D addresses begin with 1 1 1 0 Class D addresses are used for multicasting There is also a class E address It is reserved for futur...

Page 256: ...host ID Subnet masks are expressed in dotted decimal notation just as IP addresses are The natural masks for class A B and C IP addresses are as follows Subnetting With subnetting the class arrangement of an IP address is ignored For example a class C address no longer has to have 24 bits of network number and 8 bits of host ID With subnetting some of the host ID bits are converted into network nu...

Page 257: ...s 192 168 1 0 with subnet mask of 255 255 255 0 The first three octets of the address make up the network number class C You want to have two separate networks Divide the network 192 168 1 0 into two separate subnets by converting one of the host ID bits of the IP address to a network number bit The borrowed host ID bit can be either 0 or 1 thus giving two subnets 192 168 1 0 with mask 255 255 255...

Page 258: ...255 255 128 is the directed broadcast address for the first subnet Therefore the lowest IP address that can be assigned to an actual host for the first subnet is 192 168 1 1 and the highest is 192 168 1 126 Similarly the host ID range for the second subnet is 192 168 1 129 to 192 168 1 254 Table 101 Subnet 1 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 0 IP Address Binary 11000000 1010...

Page 259: ... IP Address Binary 11000000 10101000 00000001 00000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 0 Lowest Host ID 192 168 1 1 Broadcast Address 192 168 1 63 Highest Host ID 192 168 1 62 Table 104 Subnet 2 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 64 IP Address Binary 11000000 10101000 00000001 01000000 Subnet Mask Binary 11111111 11111111 111111...

Page 260: ...1111111 11111111 11000000 Subnet Address 192 168 1 192 Lowest Host ID 192 168 1 193 Broadcast Address 192 168 1 255 Highest Host ID 192 168 1 254 Table 107 Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS 1 0 1 30 31 2 32 33 62 63 3 64 65 94 95 4 96 97 126 127 5 128 129 158 159 6 160 161 190 191 7 192 193 222 223 8 224 225 254 255 Table 108 Class C Subnet Planning N...

Page 261: ...ing The following table is a summary for class B subnet planning Table 109 Class B Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 128 0 17 2 32766 2 255 255 192 0 18 4 16382 3 255 255 224 0 19 8 8190 4 255 255 240 0 20 16 4094 5 255 255 248 0 21 32 2046 6 255 255 252 0 22 64 1022 7 255 255 254 0 23 128 510 8 255 255 255 0 24 256 254 9 255 255 255 128 25 ...

Page 262: ...G 3000H User s Guide 262 Appendix H IP Subnetting ...

Page 263: ...it and possibly render it unusable Command Syntax The command keywords are in courier new font Enter the command keywords exactly as shown do not abbreviate The required fields in a command are enclosed in angle brackets The optional fields in a command are enclosed in square brackets The symbol means or For example sys filter netbios config type on off means that you must specify the type of netb...

Page 264: ...G 3000H User s Guide 264 Appendix I Command Interpreter ...

Page 265: ... Login Successfully Someone has logged on to the router s web configurator interface WEB Login Fail Someone has failed to log on to the router s web configurator interface TELNET Login Successfully Someone has logged on to the router via telnet TELNET Login Fail Someone has failed to log on to the router via telnet FTP Login Successfully Someone has logged on to the router via FTP FTP Login Fail S...

Page 266: ...tagrams for the Type of Service and Host 8 Echo 0 Echo message 11 Time Exceeded 0 Time to live exceeded in transit 1 Fragment reassembly time exceeded 12 Parameter Problem 0 Pointer indicates the error 13 Timestamp 0 Timestamp request message 14 Timestamp Reply 0 Timestamp reply message 15 Information Request 0 Information request message 16 Information Reply 0 Information reply message Table 112 ...

Page 267: ...n individual ZyAIR log category Use the sys logs clear command to erase all of the ZyAIR s logs Log Command Example This example shows how to set the ZyAIR to record the error logs and alerts and then view the results Table 113 Log Categories and Available Settings LOG CATEGORIES AVAILABLE PARAMETERS error 0 1 2 3 mten 0 1 Use 0 to not record logs for that category 1 to record only logs for that c...

Page 268: ...G 3000H User s Guide 268 Appendix J Log Descriptions ...

Page 269: ...ape of the antenna s coverage area Antenna Gain Antenna gain measured in dB decibel is the increase in coverage within the RF beam width Higher antenna gain improves the range of the signal for better communications For an indoor site each 1 dB increase in antenna gain results in a range increase of approximately 2 5 For an unobstructed outdoor site each 1dB increase in gain results in a range inc...

Page 270: ...m 20 degrees very directional to 120 degrees less directional Directional antennas are ideal for hallways and outdoor point to point applications Positioning Antennas In general antennas should be mounted as high as practically possible and free of obstructions In point to point application position both antennas at the same height and in a direct line of sight to each other to attain the best per...

Page 271: ...2 B 1215 Input Power 100 240 Volts AC 50 60 Hz 0 5 A Output Power 12 Volts DC 1 5 A 18 W Power Consumption 6 W Max Safety Standards TUV GS CE EN 60950 Table 116 United Kingdom Plug Standards AC Power Adaptor Model ADS6818 1812 D 1215 Input Power 100 240 Volts AC 50 60 Hz 0 5 A Output Power 12 Volts DC 1 5 A 18 W Power Consumption 6 W Max Safety Standards TUV GS BS EN 60950 Table 117 Australia and ...

Page 272: ...G 3000H User s Guide 272 Appendix L Power Adaptor Specifications ...

Page 273: ...ically get a configuration file from a TFTP server at startup or after renewing DHCP client information Figure 179 Text File Based Auto Configuration Use one of the following methods to give the AP the IP address of the TFTP server where you store the configuration files and the name of the configuration file that it should download You can have a different configuration file for each AP You can a...

Page 274: ...ver the AP starts up See Command Interpreter Mode on page 207 for how to access the Command Interpreter CI Configuration Via SNMP You can configure and trigger the auto configuration remotely via SNMP Use the following procedure to have the AP download the configuration file Table 118 Auto Configuration by DHCP COMMAND DESCRIPTION wcfg autocfg dhcp enable disable Turn configuration of TFTP server ...

Page 275: ...version The AP compares the file version with the version of the last configuration file that it downloaded If the version of the downloaded file is the same or smaller older the AP ignores the file If the version of the downloaded file is larger newer the AP uses the file Configuration File Rules You can only use the wlan and wcfg commands in the configuration file The AP ignores other ZyNOS comm...

Page 276: ...ration file You must use the store compression method and a zip file extension When zipping a configuration file you can also add password protection using the same password that you use to log into the AP wcfg Command Configuration File Examples These example configuration files use the wcfg command to configure security and SSID profiles Figure 181 WEP Configuration File Example Table 123 Displa...

Page 277: ...sid 2 name ssid 8021x wcfg ssid 2 vlan 102 wcfg ssid 2 security Test 8021x wcfg ssid 2 radius radius rd wcfg ssid 2 qos besteffort wcfg ssid 2 l2iolation disable wcfg ssid 2 macfilter disable wcfg ssid save ZYXEL PROWLAN VERSION 13 wcfg security 3 name Test wpapsk wcfg security 3 vlan untag wcfg security 3 security wpapsk wcfg security 3 wpa passphrase qwertyuiop wcfg security 3 wpa encryption tki...

Page 278: ... order So for example you would place the commands that create security and SSID profiles before the commands that tell the AP to use those profiles ZYXEL PROWLAN VERSION 14 wcfg security 4 name Test wpa wcfg security 4 mode wpa wcfg security 4 reauthtime 1800 wcfg security 4 idletime 3600 wcfg security 4 groupkeytime 1800 wcfg security save wcfg radius 4 name radius rd1 wcfg radius 4 primary 172 ...

Page 279: ...ame ssid wpapsk wcfg ssid 3 security Test wpapsk wcfg ssid 4 name ssid wpa2psk wcfg ssid 4 security Test wpa2psk wcfg ssid save line starting with is comment change to channel 8 wlan chid 8 change operating mode AP mode then select ssid wep as running WLAN profile wlan opmode 0 wlan ssidprofile ssid wep change operating mode MESSID mode then select ssid wpapsk ssid wpa2psk as running WLAN profiles...

Page 280: ...G 3000H User s Guide 280 Appendix M Text File Based Auto Configuration ...

Page 281: ...file You can download the current firmware from www zyxel com System Requirements These are the system requirements for operating the EMS software CPU Intel Pentium 4 1 6 GHz or above Memory RAM 1 GB or more Hard Disk free space 20 MB or more Screen Resolution 1024x768 pixels Ethernet Adaptor 10 100 Mbps Operating System Windows 2000 with service pack 1 Windows XP or Windows Server 2003 and all us...

Page 282: ...o to the WLM EMS folder and double click Setup exe 3 A Welcome screen displays Click Next to continue Figure 186 EMS Installation Wizard Welcome Screen 4 You must select the same directory where you installed SNMPc Click Browse if it s different from the destination folder shown Click Next to continue Figure 187 EMS Installation Wizard Choose Destination Screen 5 When the installation process is c...

Page 283: ...stallation Wizard Complete Screen SNMPc Network Manager Startup Use the following steps to set whether or not SNMPc starts automatically each time you turn on your computer 1 Click Start Programs SNMPc Network Manager Startup System to manually start the SNMPc network manager ...

Page 284: ...gure 189 Starting the SNMPc Network Manager 2 Click Config System Startup Figure 190 Accessing the SNMPc Startup Settings 3 Select Auto Startup check box if you want SNMPc to automatically start each time you turn on your computer otherwise clear it Click Close ...

Page 285: ...anagement Information Base MIB is designed for holding management information on systems such as the AP that the standard MIB does not include 1 From the SNMPc Network Manager main screen click Config Mib Database Figure 192 Accessing the Compile Mibs Screen 2 In the Compile Mibs screen that displays click Add ...

Page 286: ...igure 193 Compile Mibs Screen 3 The Add Mib files screen opens Select zyxel prowireless mib in the list box and click OK Figure 194 Add Mib files Screen 4 In the Compile Mibs screen click Compile Figure 195 Compile Mibs Screen 5 Click Yes when asked to confirm ...

Page 287: ... discovery can be slow and generates extra network traffic For a large network you may prefer to add devices manually Add Device s Manually Follow the steps below to add your device s manually ITEMS OBJECT ID OID DESCRIPTION pwCommon 1 3 6 1 4 1 890 1 9 1 AP status monitoring firmware configuration file upload download pwTraps 1 3 6 1 4 1 890 1 9 2 Sets the device to send or not send SNMP traps pw...

Page 288: ...gure 198 Selecting the Root Subnet 2 Click Insert MAP Object Device Figure 199 Accessing the MAP Object Properties Screen 3 In the MAP Object Properties screen enter a descriptive device name and IP address for the device Figure 200 MAP Object Properties General 4 Click the Access tab ...

Page 289: ...munities passwords to match the ones you use in your AP Then click OK Note For security purposes it is strongly recommended to change the Read Community and Read Write Community on your AP Write down this information and keep in a safe place so you will not forget it later 6 An icon displays for the device Figure 202 Device Icon ...

Page 290: ...re 203 Accessing the Discovery Polling Agents Screen 2 Select the Enable Discovery check box and click OK Figure 204 Discovery Polling Agents Screen 3 After the device has been found an icon and label appear in the network manager view window Right click the device icon and select Properties Note Auto discovery may take hours for a large and complex network ...

Page 291: ...Figure 206 MAP Object Properties Access 5 Change the read and write communities passwords to match the ones you use in your AP Then click OK Note For security purposes it is strongly recommended to change the Read Community and Read Write Community on your AP Write down this information and keep in a safe place so you will not forget it later ...

Page 292: ...ing services or applications which may affect the installation Remove any previous versions of SNMP software from your computer Re install SNMPc and EMS in that order 2 I cannot find my device in the SNMPc Management screen Check that you have added and compiled the MIBs correctly see Adding MIBs on page 285 Make sure you follow the instructions exactly Check that the map object properties are cor...

Page 293: ...r s Guide Appendix N Wireless LAN Manager 293 Make sure that the device you want to manage is connected to the network and operating properly If the problem still persists uninstall and re install the EMS software ...

Page 294: ...G 3000H User s Guide 294 Appendix N Wireless LAN Manager ...

Page 295: ...annel 43 245 Interference 245 Channel ID 169 Class of Service 56 Class of Service CoS 56 CLI Command Configure tagged VLAN example 103 Collision 190 Command Interpreter 207 Community 185 289 Configuration File Examples 276 Format 275 Configuration File Rules 275 Contact Information 7 Contacting Customer Support 7 CoS 56 CPU Load 190 CTS Clear to Send 246 Customer Support 7 D Data encryption 43 Def...

Page 296: ...y Contact Information 7 H Hidden Menus 161 Hidden node 245 Host 51 Host IDs 255 How STP Works 58 HyperTerminal program 199 I IBSS 243 IEEE 802 1x 33 248 In band Management 103 Independent Basic Service Set 153 243 Install SNMPc 281 Installing EMS 281 Internet access 167 Internet Security Gateway 29 IP Address 46 115 116 168 192 194 IP Addressing 255 IP Classes 255 IPSec VPN Capability 32 L LAN 150...

Page 297: ...uthentication Time 78 79 80 81 Registration 6 Regular Mail 7 Related Documentation 27 Remote Authentication Dial In User Service 33 Remote Management and NAT 136 Remote Management Limitations 135 217 Remote Management Setup 215 Remote Node 190 Required fields 162 Reset Button 29 Restore 157 Restore Configuration 200 Roaming 98 Requirements 100 Root bridge 57 RTS Request To Send 246 RTS Threshold 1...

Page 298: ... Time Zone 214 ToS 55 Trace Records 192 Troubleshooting Accessing ZyAIR 220 Ethernet Port 219 Start Up 219 Troubleshooting EMS 292 Type Of Service 55 U Upload Firmware 201 Use Authentication 252 User Authentication 70 User Profiles 181 V Valid CI Commands 208 Virtual Local Area Network 101 VLAN 31 101 W Warranty Information 7 wcfg Command 276 WDS 31 61 Web 136 Web Configurator 39 41 Web Site 7 WEP...

Page 299: ...G 3000H User s Guide Index 299 ZyNOS F W Version 196 zyxel prowireless mib 287 ...

Reviews:

No comments

Brands by name

Popular brands

Load more brands