ZyXEL Communications NWA1123-ACv2 Скачать руководство пользователя страница 97 | Manualshive

Страница: 97 / 218

ZyXEL Communications NWA1123-ACv2 Скачать руководство пользователя страница 97

NWA1123-ACv2 User’s Guide

97

C

H A P T E R

11

Certificates

11.1 Overview

The NWA can use certificates (also called digital IDs) to authenticate users. Certificates are based
on public-private key pairs. A certificate contains the certificate owner’s identity and public key.
Certificates provide a way to exchange public keys for use in authentication.

11.1.1 What You Can Do in this Chapter

• The

My Certificate

screens (

Section 11.2 on page 100

) generate and export self-signed

certificates or certification requests and import the NWA’s CA-signed certificates.

• The

Trusted Certificates

screens (

Section 11.3 on page 108

) save CA certificates and trusted

remote host certificates to the NWA. The NWA trusts any valid certificate that you have imported
as a trusted certificate. It also trusts any valid certificate signed by any of the certificates that
you have imported as a trusted certificate.

11.1.2 What You Need to Know

The following terms and concepts may help as you read this chapter.

When using public-key cryptology for authentication, each host has two keys. One key is public and
can be made openly available. The other key is private and must be kept secure.

These keys work like a handwritten signature (in fact, certificates are often referred to as “digital
signatures”). Only you can write your signature exactly as it should look. When people know what
your signature looks like, they can verify whether something was signed by you, or by someone
else. In the same way, your private key “writes” your digital signature and your public key allows
people to verify whether data was signed by you, or by someone else.

This process works as follows:

1

Tim wants to send a message to Jenny. He needs her to be sure that it comes from him, and that
the message content has not been altered by anyone else along the way. Tim generates a public
key pair (one public key and one private key).

2

Tim keeps the private key and makes the public key openly available. This means that anyone who
receives a message seeming to come from Tim can read it and verify whether it is really from him
or not.

3

Tim uses his private key to sign the message and sends it to Jenny.

4

Jenny receives the message and uses Tim’s public key to verify it. Jenny knows that the message is
from Tim, and that although other people may have been able to read the message, no-one can
have altered it (because they cannot re-sign the message with Tim’s private key).

«
...
95
96
97
98
99
...
»

Содержание NWA1123-ACv2

Страница 1: ...2 802 11ac Dual Radio Ceiling Mount PoE Access Point Version 4 26 Edition 1 07 2016 Copyright 2016 ZyXEL Communications Corporation User s Guide Default Login Details LAN IP Address DHCP assigned IP o...

Страница 2: ...e Related Documentation Quick Start Guide The Quick Start Guide shows how to connect the NWA and access the Web Configurator CLI Reference Guide The CLI Reference Guide explains how to use the Command...

Страница 3: ...ction 11 The Web Configurator 18 Technical Reference 29 Dashboard 30 Monitor 36 Network 49 Wireless 53 User 65 AP Profile 72 MON Profile 91 WDS Profile 95 Certificates 97 System 114 Log and Report 139...

Страница 4: ...e the NWA 15 1 3 Good Habits for Managing the NWA 15 1 4 Hardware Connections 15 1 5 LED 16 1 6 Starting and Stopping the NWA 17 Chapter 2 The Web Configurator 18 2 1 Overview 18 2 2 Access 18 2 3 Nav...

Страница 5: ...Device 44 4 8 View Log 45 Chapter 5 Network 49 5 1 Overview 49 5 1 1 What You Can Do in this Chapter 49 5 2 IP Setting 49 5 3 VLAN 51 Chapter 6 Wireless 53 6 1 Overview 53 6 1 1 What You Can Do in thi...

Страница 6: ...82 8 5 MAC Filter List 86 8 5 1 Add Edit MAC Filter Profile 86 8 6 Layer 2 Isolation List 87 8 6 1 Add Edit Layer 2 Isolation Profile 89 Chapter 9 MON Profile 91 9 1 Overview 91 9 1 1 What You Can Do...

Страница 7: ...WW Overview 119 12 4 1 Service Access Limitations 119 12 4 2 System Timeout 119 12 4 3 HTTPS 120 12 4 4 Configuring WWW Service Control 120 12 4 5 HTTPS Example 122 12 5 SSH 129 12 5 1 How SSH Works 1...

Страница 8: ...age 158 14 3 1 Example of Firmware Upload Using FTP 159 14 4 Shell Script 160 Chapter 15 Diagnostics 163 15 1 Overview 163 15 1 1 What You Can Do in this Chapter 163 15 2 Diagnostics 163 Chapter 16 LE...

Страница 9: ...ogin 170 19 4 Internet Access 171 19 5 Wireless Connections 172 19 6 Resetting the NWA 175 19 7 Getting More Troubleshooting Help 175 Appendix A Importing Certificates 176 Appendix B IPv6 189 Appendix...

Страница 10: ...10 PART I User s Guide...

Страница 11: ...The embedded Web based configurator enables simple straightforward management and maintenance See the Quick Start Guide for how to make hardware connections 1 1 1 MBSSID A Basic Service Set BSS is the...

Страница 12: ...l Radio The NWA is equipped with dual wireless radios This means you can configure two different wireless networks to operate simultaneously Note A different channel should be configured for each WLAN...

Страница 13: ...peaters X and Y to extend the range of its wireless network at the same time In the figure below both clients A B and C can access the wired network through the root AP Figure 3 Root AP Application On...

Страница 14: ...lso establish wireless connections with wireless clients Using Repeater mode your NWA can extend the range of the WLAN In the figure below the NWA in Repeater mode Z has a wireless connection to the N...

Страница 15: ...col SNMP The NWA can be monitored by an SNMP manager See the SNMP chapter in this User s Guide 1 3 Good Habits for Managing the NWA Do the following things regularly to make the NWA more secure and to...

Страница 16: ...ED descriptions for your NWA Table 1 NWA LED COLOR STATUS DESCRIPTION Amber Slow Blinking On for 1s Off for 1s The NWA is booting up Green Off Amber Off The NWA is ready for use Green Off Amber Off Th...

Страница 17: ...e NWA powers up checks the hardware and starts the system processes Rebooting the NWA A warm start without powering down and powering up again occurs when you use the Reboot button in the Reboot scree...

Страница 18: ...4 0 and later versions or Google Chrome 10 0 and later versions Allow pop up windows Enable JavaScript enabled by default Enable Java permissions enabled by default Enable cookies The recommended scr...

Страница 19: ...the Update Admin Info screen appears Otherwise the dashboard appears The Update Admin Info screen appears every time you log in using the default user name and default password If you change the pass...

Страница 20: ...ways appear over the screens below regardless of how deep into the Web Configurator you navigate Figure 7 Title Bar The icons provide the following functions A C B Table 3 Title Bar Web Configurator I...

Страница 21: ...en a screen where you can check which configuration items reference an object CLI Click this to open a popup window that displays the CLI commands sent by the Web Configurator Table 4 About LABEL DESC...

Страница 22: ...de 22 Figure 9 Site Map Object Reference Click Object Reference to open the Object Reference screen Select the type of object and the individual object and click Refresh to show which configuration se...

Страница 23: ...introduce the NWA s navigation panel menus and their screens Table 5 Object References LABEL DESCRIPTION Object Name This identifies the object for which the configuration settings that use it are dis...

Страница 24: ...mary FOLDER OR LINK TAB FUNCTION Network Status Network Status Display general LAN interface information and packet statistics Wireless AP Information Radio List Display information about the radios o...

Страница 25: ...WDS profiles that can be used to connect to different APs in WDS Certificate My Certificates Create and manage the NWA s certificates Trusted Certificates Import and manage certificates from trusted s...

Страница 26: ...eading to sort the table s entries according to that column s criteria 2 Click the down arrow next to a column heading for more options about how to display the entries The options available vary depe...

Страница 27: ...order and drag to re size the column 4 Select a column heading and drag and drop it to change the column order A green check mark displays next to the column s title when you drag the column to a vali...

Страница 28: ...ION Add Click this to create a new entry For features where the entry s position in the numbered list is important features where the NWA applies the table s entries in order like the firewall for exa...

Страница 29: ...29 PART II Technical Reference...

Страница 30: ...em resource usage and interface status You can also display other status screens for more information 3 2 Dashboard This screen is the first thing you see when you log into the NWA It also appears eve...

Страница 31: ...to open the screen where you can change it System Location This field displays the location of the NWA Click the icon to open the screen where you can change it Model Name This field displays the mod...

Страница 32: ...s of the discovered device Click the IP address to access and manage the discovered device using its web configurator MAC This field displays the MAC address of the discovered device WDS Wireless Dist...

Страница 33: ...hput decreases and has just one transmitting radio chain It always shows Full if the NWA does not support power detection At the time of writing only the WAC6500 series APs support the power detection...

Страница 34: ...radio number on the NWA Band This indicates the wireless frequency band currently being used by the radio This shows when the radio is in monitor mode OP Mode This indicates the radio s operating mod...

Страница 35: ...axis represents the percentage of CPU usage time The x axis shows the time period over which the CPU usage occurred Refresh Interval Enter how often you want this window to be automatically updated R...

Страница 36: ...the NWA s WDS Wireless Distribution System connections The Detected Device screen Section 4 7 on page 44 displays information about suspected rogue APs The View Log screen Section 4 8 on page 45 displ...

Страница 37: ...e Ethernet interface is disabled Down The Ethernet interface is enabled but not connected Speed Duplex The Ethernet interface is enabled and connected This field displays the port speed and duplex set...

Страница 38: ...d Speed Duplex The physical port is connected This field displays the port speed and duplex setting Full or Half TxPkts This field displays the number of packets transmitted from the NWA on the physic...

Страница 39: ...window to be automatically updated Refresh Now Click this to update the information in the window right away Switch to Grid View Click this to display the port statistics as a table bps The y axis rep...

Страница 40: ...load balancing is disabled or the radio is in monitor mode MAC Address This displays the MAC address of the radio Radio This indicates the radio number on the NWA to which it belongs OP Mode This indi...

Страница 41: ...Chapter 4 Monitor NWA1123 ACv2 User s Guide 41 Figure 21 Monitor Wireless AP Information Radio List More Information...

Страница 42: ...ht maximum BSSID This displays a BSSID associated with this radio The BSSID is tied to the SSID Security Mode This displays the security mode in which the SSID is operating VLAN This displays the VLAN...

Страница 43: ...o This is the radio number on the NWA to which the station is connected SSID Name This indicates the name of the wireless network to which the station is connected A single AP can have multiple SSIDs...

Страница 44: ...d When the NWA is in repeater mode and connected to a root AP and other repeater s both the uplink and downlink information would be displayed This is the index number of the root AP or repeater in th...

Страница 45: ...ed AP as a friendly AP For more on managing friendly APs see the Configuration Wireless MON Mode screen Section 6 3 on page 57 This is the detected device s index number in this list Status This indic...

Страница 46: ...ges new log messages automatically overwrite existing log messages starting with the oldest existing log message first Events that generate an alert as well as a log message display in red Regular log...

Страница 47: ...lter Select a service protocol whose log messages you would like to see Keyword This displays when you show the filter Type a keyword to look for in the Message Source Destination and Note fields If a...

Страница 48: ...later Destination Interface This field displays the destination interface of the packet that generated the log message Protocol This field displays the service protocol in the event that generated the...

Страница 49: ...e possible setup of your NWA The gateway IP address is 192 168 1 1 and the managed IP address of the NWA is 192 168 1 2 default but if the NWA is assigned an IP address by a DHCP server the default 19...

Страница 50: ...this interface in dot decimal notation The subnet mask indicates what part of the IP address is the same for all computers in the network Gateway Enter the IP address of the gateway The NWA sends pack...

Страница 51: ...ion Metric Enter the priority of the gateway if any on the LAN interface The NWA decides which gateway to use based on this priority The lower the number the higher the priority If two or more gateway...

Страница 52: ...of a frame across bridges A VLAN tag includes the 12 bit VLAN ID and 3 bit user priority The VLAN ID associates a frame with a specific VLAN and provides the information that devices need to process t...

Страница 53: ...ess clients use the access point AP to interact with other devices such as the printer or with the Internet Your NWA is the AP 6 1 1 What You Can Do in this Chapter The AP Management screen Section 6...

Страница 54: ...o automatically select the radio channel upon which it broadcasts by scanning the area around it and determining what channels are currently being used by other devices Load Balancing Wireless Wireles...

Страница 55: ...Chapter 6 Wireless NWA1123 ACv2 User s Guide 55 Figure 31 Configuration Wireless AP Management...

Страница 56: ...t be working Radio 1 WDS Profile This field is available only when the radio is in Root AP or Repeater mode Select the WDS profile the radio uses to connect to a root AP or repeater Uplink Selection M...

Страница 57: ...apply a 5G AP radio profile to radio 2 Otherwise the second radio will not be working Radio 2 WDS Profile This field is available only when the radio is in Root AP or Repeater mode Select the WDS pro...

Страница 58: ...click the Edit button MAC Address This field indicates the AP s radio MAC address Description This field displays the AP s description You can modify this by clicking the Edit button Importing Export...

Страница 59: ...eless Load Balancing to access this screen Figure 34 Configuration Wireless Load Balancing Table 26 Configuration Wireless MON Mode Add Edit Rogue Friendly AP List LABEL DESCRIPTION MAC Enter the MAC...

Страница 60: ...to automatically attempt to connect to another less burdened AP if one is available Max Station Number Enter the threshold number of stations at which the NWA begins load balancing its connections Tr...

Страница 61: ...can afford the bandwidth or the laptop is picked up by a different AP with bandwidth to spare Figure 35 Delaying a Connection The second response your AP can take is to kick the connections that are...

Страница 62: ...onfiguration options and manually change the channel to one that no other AP is using or at least a channel that has a lower level of interference in order to give the connected stations a minimum deg...

Страница 63: ...nd the three so called safe channels 1 6 and 11 that interference becomes inevitable the severity of it is dependent upon other factors proximity to the affected AP signal strength activity and so on...

Страница 64: ...when the AP is overloaded Load balancing by traffic level limits the number of connections to the AP based on maximum bandwidth available If you are uncertain as to the exact number of wireless conne...

Страница 65: ...his chapter User Account A user account defines the privileges of a user logged into the NWA User accounts are used in controlling access to configuration and services in the NWA User Types These are...

Страница 66: ...select it and click Edit to open a screen where you can modify the entry s settings Remove To remove an entry select it and click Remove The NWA confirms you want to remove it before doing so Object R...

Страница 67: ...er a user bob but use BOB when connecting via CIFS or FTP it will use the account settings used for BOB not bob User names have to be different than user group names Here are the reserved user names T...

Страница 68: ...ke sure you have entered it correctly Description Enter the description of each user if any You can use up to 60 printable ASCII characters Default descriptions are provided Authentication Timeout Set...

Страница 69: ...t associated with a specific entry User Type These are the kinds of user account the NWA supports admin this user can look at and change the configuration of the NWA limited admin this user can look a...

Страница 70: ...or different IP addresses Maximum number per administration account This field is effective when Limit for administration account is checked Type the maximum number of simultaneous logins by each adm...

Страница 71: ...e number of minutes unlimited Admin users renew the session every time the main screen refreshes in the Web Configurator Access users can renew the session by clicking the Renew button on their screen...

Страница 72: ...le AP can broadcast up to 8 SSIDs You can have a maximum of 32 SSID profiles on the NWA Security This profile type defines the security settings used by a single SSID It controls the encryption method...

Страница 73: ...nhanced security methods for both the authentication of wireless stations and encryption key management Authentication is done using an external RADIUS server 8 2 Radio This screen allows you to creat...

Страница 74: ...rofile This field is a sequential value and it is not associated with a specific user Status This field shows whether or not the entry is activated A yellow bulb signifies that this rule is active A g...

Страница 75: ...n Table 35 Configuration Object AP Profile Add Edit Profile LABEL DESCRIPTION Hide Show Advanced Settings Click this to hide or show the Advanced Settings in this window General Settings Activate Sele...

Страница 76: ...only when you select 11ac in the 802 11 Band field Channel Selection This is the radio channel which the signal will use for broadcasting by this radio profile DCS Choose Dynamic Channel Selection to...

Страница 77: ...nterval reduces data transfer rates but also reduces interference Enable A MPDU Aggregation Select this to enable A MPDU aggregation This field is not available if you set 802 11 Band to 11a or 11b g...

Страница 78: ...nd 76 is the weakest Disassociate Station Threshold Set a minimum kick off signal strength When a wireless client s signal strength is lower than the specified threshold the NWA disconnects the wirele...

Страница 79: ...DESCRIPTION Add Click this to add a new SSID profile Edit Click this to edit the selected SSID profile Remove Click this to remove the selected SSID profile Object Reference Click this to view which o...

Страница 80: ...use the Create new Object menu to create one Note It is highly recommended that you create security profiles for all of your SSIDs to enhance your network security MAC Filtering Profile Select a MAC...

Страница 81: ...video conferencing WMM_BEST_EFFORT All wireless traffic to the SSID is tagged as best effort meaning the data travels the best route it can without displacing higher priority traffic This is good for...

Страница 82: ...ty Mode selected Only the default screen is displayed here Table 38 Configuration Object AP Profile SSID Security List LABEL DESCRIPTION Add Click this to add a new security profile Edit Click this to...

Страница 83: ...Chapter 8 AP Profile NWA1123 ACv2 User s Guide 83 Figure 50 SSID Security Profile Add Edit Security Profile...

Страница 84: ...ng server in dotted decimal notation Accounting Server Port Enter the port number of the external accounting server The default port number is 1813 You need not change this value unless your network a...

Страница 85: ...ion method It is a more recent development over TKIP and considerably more robust Not all wireless clients may support this Idle Timeout Enter the interval in seconds that a client can be idle before...

Страница 86: ...lick the Add button or select a MAC filter profile from the list and click the Edit button Note Each MAC filtering profile can include a maximum of 512 MAC addresses Table 40 Configuration Object AP P...

Страница 87: ...h the MAC addresses in this profile to connect to the network through the associated SSID select deny to block the wireless clients with the specified MAC addresses Add Click this to add a MAC address...

Страница 88: ...unicating with the NWA s wireless clients except for broadcast packets Layer 2 isolation does not check the traffic between wireless clients that are associated with the same AP Intra BSS traffic allo...

Страница 89: ...equential value and it is not associated with a specific user Profile Name This field indicates the name assigned to the layer 2 isolation profile Table 42 Configuration Object AP Profile SSID Layer 2...

Страница 90: ...this profile You can click the description to make it editable Enter up to 60 characters spaces and underscores allowed OK Click OK to save your changes back to the NWA Cancel Click Cancel to exit th...

Страница 91: ...screen Section 9 2 on page 91 creates preset monitor mode configurations that can be used by the NWA 9 2 MON Profile This screen allows you to create monitor mode configurations that can be used by t...

Страница 92: ...te To turn on an entry select it and click Activate Inactivate To turn off an entry select it and click Inactivate Object Reference Click this to view which other objects are linked to the selected mo...

Страница 93: ...profile Profile Name This field indicates the name assigned to the monitor mode profile Channel dwell time Enter the interval in milliseconds before the NWA switches to another channel for monitoring...

Страница 94: ...er X running readily available encryption cracking software In this example the attacker now has access to the company network including sensitive data stored on the file server C Friendly APs If you...

Страница 95: ...his Chapter The WDS Profile screen Section 10 2 on page 95 creates preset WDS configurations that can be used by the NWA 10 2 WDS Profile This screen allows you to manage and create WDS profiles that...

Страница 96: ...rofile WDS SSID This field shows the SSID specified in this WDS profile Table 46 Configuration Object WDS Profile continued LABEL DESCRIPTION Table 47 Configuration Object WDS Profile Add Edit WDS Pro...

Страница 97: ...e The other key is private and must be kept secure These keys work like a handwritten signature in fact certificates are often referred to as digital signatures Only you can write your signature exact...

Страница 98: ...tificates Certificates offer the following benefits The NWA only has to store the certificates of the certification authorities that you decide to trust no matter how many devices you need to authenti...

Страница 99: ...should verify that you have the correct certificate You can do this using the certificate s fingerprint A certificate s fingerprint is a message digest calculated using the MD5 or SHA1 algorithm The f...

Страница 100: ...icates unless you specifically delete them Uploading a new firmware or default configuration file does not delete your certificates To remove an entry select it and click Remove The NWA confirms you w...

Страница 101: ...subject information Issuer This field displays identifying information about the certificate s issuing certification authority such as a common name organizational unit or department organization or c...

Страница 102: ...Chapter 11 Certificates NWA1123 ACv2 User s Guide 102 Figure 62 Configuration Object Certificate My Certificates Add...

Страница 103: ...underscore Town City Identify the town or city where the certificate owner is located You can use up to 31 characters You can use alphanumeric characters the hyphen and the underscore State Province...

Страница 104: ...is a TCP based enrollment protocol that was developed by the Public Key Infrastructure X 509 working group of the Internet Engineering Task Force IETF and is specified in RFC 2510 CA Server Address Th...

Страница 105: ...Click Configuration Object Certificate My Certificates and then the Edit icon to open the My Certificate Edit screen You can use this screen to view in depth certificate information and change the ce...

Страница 106: ...tification number given by the certification authority or generated by the NWA Subject This field displays information that identifies the owner of the certificate such as Common Name CN Organizationa...

Страница 107: ...EM uses lowercase letters uppercase letters and numerals to convert a binary certificate into a printable form You can copy and paste a certification request into a certification authority s web page...

Страница 108: ...you do not need to import any certificate that is signed by one of these certificates Table 51 Configuration Object Certificate My Certificates Import LABEL DESCRIPTION File Path Type in the location...

Страница 109: ...e Select an entry and click Object Reference to open a screen that shows which settings use the entry This field displays the certificate index number The certificates are listed in alphabetical order...

Страница 110: ...o open the Trusted Certificates Edit screen Use this screen to view in depth information about the certificate change the certificate s name and set whether or not you want the NWA to check a certific...

Страница 111: ...sually a certification authority LDAP Server Select this check box if the directory server uses LDAP Lightweight Directory Access Protocol LDAP is a protocol over TCP that specifies how clients access...

Страница 112: ...s that the key can be used to sign certificates and KeyEncipherment means that the key can be used to encrypt text Basic Constraint This field displays general information about the certificate For ex...

Страница 113: ...ages over a CRL The first is real time status information The second is a reduction in network traffic since the NWA only gets information on the certificates that it needs to verify not a huge list W...

Страница 114: ...y accessing the NWA s command line interface The Telnet screen Section 12 6 on page 133 configures Telnet for accessing the NWA s command line interface The FTP screen Section 12 7 on page 133 specifi...

Страница 115: ...Name LABEL DESCRIPTION System Name Choose a descriptive name to identify your NWA device This name can be up to 64 alphanumeric characters long Spaces are not allowed but dashes underscores _ and peri...

Страница 116: ...me and date time zone and daylight saving at the same time the time zone and daylight saving will affect the new time and date you entered When you enter the time settings manually the NWA uses the ne...

Страница 117: ...the at field Daylight Saving Time starts in the European Union on the last Sunday of March All of the time zones in the European Union start using Daylight Saving Time at the same moment 1 A M GMT or...

Страница 118: ...time servers have been tried 12 3 2 Time Server Synchronization Click the Sync Now button to get the time and date from the time server you specified in the Time Server Address field When the Loading...

Страница 119: ...et and FTP management access are not secure Figure 71 Secure and Insecure Service Access From the WAN 12 4 1 Service Access Limitations A service cannot be used to access the NWA when you have disable...

Страница 120: ...S server the NWA must always authenticate itself to the HTTPS client the computer which requests the HTTPS connection with the NWA whereas the HTTPS client only should authenticate itself when the HTT...

Страница 121: ...to authenticate itself to the NWA by sending the NWA a certificate To do that the SSL client must have a CA signed certificate from a CA that has been imported as a trusted CA on the NWA Server Certi...

Страница 122: ...lowing screen Figure 74 Security Alert Dialog Box Internet Explorer Select Continue to this website to proceed to the Web Configurator login screen Otherwise select Click here to close this webpage to...

Страница 123: ...your browser displays warnings about the NWA s HTTPS server certificate and what you can do to avoid seeing the warnings The issuing certificate authority of the NWA s HTTPS server certificate is not...

Страница 124: ...ng and Importing SSL Client Certificates The SSL client needs a certificate if Authenticate Client Certificates is selected on the NWA You must have imported at least one trusted CA to the NWA in orde...

Страница 125: ...one shown next 2 Click Install Certificate and follow the wizard as shown earlier in this appendix 12 4 5 6 Installing a Personal Certificate You need a password in advance The CA may issue the passw...

Страница 126: ...v2 User s Guide 126 1 Click Next to begin the wizard 2 The file name and path of the certificate you double clicked should automatically appear in the File name text box Click Browse if you wish to im...

Страница 127: ...User s Guide 127 3 Enter the password given to you by the CA 4 Have the wizard determine where the certificate should be saved on your computer or select Place all certificates in the following store...

Страница 128: ...wizard and begin the import process 6 You should see the following screen when the certificate is correctly installed on your computer 12 4 5 7 Using a Certificate When Accessing the NWA To access the...

Страница 129: ...SSH Secure SHell to securely access the NWA s command line interface SSH is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication b...

Страница 130: ...the client computer 2 Encryption Method Once the identification is verified both the client and server must agree on the type of encryption method to use 3 Authentication and Data Transmission After...

Страница 131: ...nt program user s guide 12 5 5 1 Example 1 Microsoft Windows This section describes how to access the NWA using the Secure Shell Client program Table 59 Configuration System SSH LABEL DESCRIPTION Enab...

Страница 132: ...on the NWA using the default IP address of 192 168 1 2 A message displays indicating the SSH protocol version supported by the NWA Figure 82 SSH Example 2 Test 2 Enter ssh 1 192 168 1 2 This command f...

Страница 133: ...See Chapter 14 on page 152 for more information about firmware and configuration files To change your NWA s FTP settings click Configuration System FTP tab The screen appears as shown Use this screen...

Страница 134: ...or disallow the computer with the IP address that matches the IP address es in the Service Control table to access the NWA using this service TLS required Select the check box to use FTP over TLS Tra...

Страница 135: ...for the purpose of accessing these objects SNMP itself is a simple request response protocol based on the manager agent model The manager issues a request and the agent returns responses using the fol...

Страница 136: ...87 Configuration System SNMP The following table describes the labels in this screen Table 62 SNMP Traps OBJECT LABEL OBJECT ID DESCRIPTION linkDown 1 3 6 1 6 3 1 1 5 3 This trap is sent when the Eth...

Страница 137: ...3 Select this to allow SNMP managers using SNMPv3 to access the NWA Add Click this to create a new entry Select an entry and click Add to create a new entry after the selected entry Edit Double click...

Страница 138: ...by MD5 for authentication Select SHA to require the SNMPv3 user s password be encrypted by SHA for authentication Privacy Select the type of encryption the SNMPv3 user must use to connect to the NWA...

Страница 139: ...The Log Setting screens Section 13 3 on page 141 specify which logs are e mailed where they are e mailed and how often they are e mailed 13 2 Email Daily Report Use this screen to start or stop data...

Страница 140: ...Chapter 13 Log and Report NWA1123 ACv2 User s Guide 140 Figure 89 Configuration Log Report Email Daily Report...

Страница 141: ...r here as is on the mail server for mail traffic Mail Subject Type the subject line for the outgoing e mail Select Append system name to add the NWA s system name to the subject Select Append date tim...

Страница 142: ...gories e mail addresses server names etc for any log Alternatively if you want to edit what events is included in each log you can also use the Active Log Summary screen to edit this information for a...

Страница 143: ...s field displays the name of the log system log or one of the remote servers Log Format This field displays the format of the log Internal system log you can view the log on the View Log tab VRPT Sysl...

Страница 144: ...og Report Log Setting Edit System Log Setting LABEL DESCRIPTION E Mail Server 1 2 Active Select this to send log messages and alerts according to the information in this section You specify what kinds...

Страница 145: ...rd to the SMTP server User Name This box is effective when you select the SMTP Authentication check box Type the user name to provide to the SMTP server when the log is e mailed Password This box is e...

Страница 146: ...ebugging information however even if this setting is selected E mail Server 1 Select whether each category of events should be included in the log messages when it is e mailed green check mark and or...

Страница 147: ...Chapter 13 Log and Report NWA1123 ACv2 User s Guide 147 Figure 92 Configuration Log Report Log Setting Edit Remote Server...

Страница 148: ...fferent files in the syslog server Please see the documentation for your syslog program for more information Active Log Selection Use the Selection drop down list to change the log settings for all of...

Страница 149: ...uide 149 Figure 93 Active Log Summary This screen provides a different view and a different way of indicating which messages are included in each log and each alert The Default category includes debug...

Страница 150: ...er 2 Use the E Mail Server 2 drop down list to change the settings for e mailing logs to e mail server 2 for all log categories Using the System Log drop down list to disable all logs overrides your e...

Страница 151: ...n E Mail Server 2 The NWA does not e mail debugging information even if it is recorded in the System log Remote Server 1 4 Syslog For each remote server select what information you want to log from ea...

Страница 152: ...r current firmware version and uploads firmware to the NWA The Shell Script screen Section 14 4 on page 160 stores names downloads uploads and runs shell script files 14 1 2 What you Need to Know The...

Страница 153: ...or Shell Scripts When you apply a configuration file or run a shell script the NWA processes the file line by line The NWA checks the first line and applies the line if no errors are detected Then it...

Страница 154: ...here is a startup config conf the NWA checks it for errors and applies it If there are no errors the NWA uses it and copies it to the lastgood conf configuration file as a back up file If there is an...

Страница 155: ...cate of the configuration file Remove Click a configuration file s row to select it and click Remove to delete it from the NWA You can only delete manually saved configuration files You cannot delete...

Страница 156: ...fully valid configuration file as quickly as possible Ignore errors and finish applying the configuration file this applies the valid parts of the configuration file and generates error logs for all o...

Страница 157: ...es are applied to this configuration file The NWA applies configuration changes made in the Web Configurator to the configuration file when you click Apply or OK It applies configuration changes made...

Страница 158: ...m in a file that usually uses a bin extension The firmware update can take up to five minutes Do not turn off or reset the NWA while the firmware update is in progress C ftp 192 168 1 2 Connected to 1...

Страница 159: ...s procedure requires the NWA s firmware Download the firmware package from www zyxel com and unzip it The firmware file uses a bin extension for example 426ABEL0C0 bin Do the following after you have...

Страница 160: ...C ftproot NWA_FW 426ABEL0C0 bin 9 Wait for the file transfer to complete 10 Enter quit to exit the ftp prompt 14 4 Shell Script Use shell script files to have the NWA use commands that you specify Use...

Страница 161: ...cript file from the NWA A pop up window asks you to confirm that you want to delete the shell script file Click OK to delete the shell script file or click Cancel to close the screen without deleting...

Страница 162: ...lows you to upload a new or previously saved shell script file from your computer to your NWA File Path Type in the location of the file you want to upload in this field or click Browse to find it Bro...

Страница 163: ...ontaining the NWA s configuration and diagnostic information if you need to provide it to customer support during troubleshooting 15 2 Diagnostics This screen provides an easy way for you to generate...

Страница 164: ...d diagnostic file Diagnostic Collect Category This field displays each category of settings Select which categories you want the NWA to include in the diagnostic file Customized Select this option to...

Страница 165: ...rol how the LED of your NWA behave after it s ready You can go to the Maintenance LEDs Suppression screen to see the default LED behavior and change the LED suppression setting After you make changes...

Страница 166: ...pression LABEL DESCRIPTION Suppression On If the Suppression On check box is checked the LED of your NWA will turn off after it s ready If the check box is unchecked the LED will stay lit after the NW...

Страница 167: ...on before you reboot Otherwise the changes are lost when you reboot Reboot is different to reset reset returns the device to its default configuration 17 2 Reboot This screen allows remote users can r...

Страница 168: ...o Know Shutdown writes all cached data to the local storage and stops the system processes Shutdown is different to reset reset returns the device to its default configuration 18 2 Shutdown To access...

Страница 169: ...or PoE power injector switch is connected to the NWA and plugged in to an appropriate power source Make sure the power source is turned on 3 Disconnect and re connect the power adaptor or PoE power i...

Страница 170: ...IP address is 192 168 1 2 If you changed the static IP address use the new IP address If you changed the static IP address and have forgotten it see the troubleshooting suggestions for I forgot the I...

Страница 171: ...ds are case sensitive so make sure Caps Lock is not on 2 You cannot log in to the web configurator while someone is using Telnet to access the NWA Log out of the NWA in the other session or ask the pe...

Страница 172: ...If the problem continues contact your ISP The Internet connection is slow or intermittent 1 There might be a lot of traffic on the network Look at the LED and check Section 1 5 on page 16 If the NWA...

Страница 173: ...I specified If a RADIUS server authenticates wireless stations the re authentication timer on the RADIUS server has priority Change the RADIUS server s configuration if you need to use a different re...

Страница 174: ...cript are not working properly In a configuration file or shell script use or as the first character of a command line to have the NWA treat the line as a comment Your configuration files or shell scr...

Страница 175: ...the administrator password s you can reset the NWA to its factory default settings Any configuration files or shell scripts that you saved on the NWA should still be available afterwards Use the foll...

Страница 176: ...Many ZyXEL products such as the NWA issue their own public key certificates These can be used by web browsers on a LAN or WAN to verify that they are in fact connecting to the legitimate device and n...

Страница 177: ...1 If your device s Web Configurator is set to use SSL certification then the first time you browse to it you are presented with a certification error 2 Click Continue to this website not recommended...

Страница 178: ...Appendix A Importing Certificates NWA1123 ACv2 User s Guide 178 4 In the Certificate dialog box click Install Certificate 5 In the Certificate Import Wizard click Next...

Страница 179: ...tically select certificate store based on the type of certificate click Next again and then go to step 9 7 Otherwise select Place all certificates in the following store and then click Browse 8 In the...

Страница 180: ...Cv2 User s Guide 180 9 In the Completing the Certificate Import Wizard screen click Finish 10 If you are presented with another Security Warning click Yes 11 Finally click OK when presented with the s...

Страница 181: ...ion Installing a Stand Alone Certificate File in Internet Explorer Rather than browsing to a ZyXEL Web Configurator and installing a public key certificate when prompted you can install a stand alone...

Страница 182: ...Removing a Certificate in Internet Explorer This section shows you how to remove a public key certificate in Internet Explorer 7 on Windows XP 1 Open Internet Explorer and click Tools Internet Options...

Страница 183: ...Certificates Authorities tab select the certificate that you want to delete and then click Remove 4 In the Certificates confirmation click Yes 5 In the Root Certificate Store dialog box click Yes 6 Th...

Страница 184: ...e s Web Configurator is set to use SSL certification then the first time you browse to it you are presented with a certification error 2 Select Accept this certificate permanently and click OK 3 The c...

Страница 185: ...e in Firefox Rather than browsing to a ZyXEL Web Configurator and installing a public key certificate when prompted you can install a stand alone certificate file if one has been issued to you 1 Open...

Страница 186: ...Select File dialog box to locate the certificate and then click Open 5 The next time you visit the web site click the padlock in the address bar to open the Page Info Security window to see the web p...

Страница 187: ...Appendix A Importing Certificates NWA1123 ACv2 User s Guide 187 1 Open Firefox and click Tools Options 2 In the Options dialog box click Advanced Encryption View Certificates...

Страница 188: ...er dialog box select the Web Sites tab select the certificate that you want to remove and then click Delete 4 In the Delete Web Site Certificates dialog box click OK 5 The next time you go to the web...

Страница 189: ...0000 0000 0015 can be written as 2001 0db8 1a2f 0000 0000 0015 2001 0db8 0000 0000 1a2f 0015 2001 db8 1a2f 0 0 15 or 2001 db8 0 0 1a2f 15 Prefix and Prefix Length Similar to an IPv4 subnet mask IPv6...

Страница 190: ...group Multicast scope allows you to determine the size of the multicast group A multicast address has a predefined prefix of ff00 8 The following table describes some of the predefined multicast addre...

Страница 191: ...f the first byte of the MAC address See the following example Stateless Autoconfiguration With stateless autoconfiguration in IPv6 addresses can be uniquely and automatically generated Unlike DHCPv6 D...

Страница 192: ...ch IA holds one type of address IA_NA means an identity association for non temporary addresses and IA_TA is an identity association for temporary addresses An IA_NA option contains the T1 and T2 fiel...

Страница 193: ...ges types Neighbor solicitation A request from a host to determine a neighbor s link layer address MAC address and detect if the neighbor is still reachable A neighbor being reachable means it respond...

Страница 194: ...ion 2 IGMPv2 MLD uses ICMPv6 message types rather than IGMP message types MLDv1 is equivalent to IGMPv2 and MLDv2 is equivalent to IGMPv3 MLD allows an IPv6 switch or router to discover the presence o...

Страница 195: ...CPv6 for IP address assignment you have to additionally install a DHCPv6 client software on your Windows XP Note If you use static IP addresses or Router Advertisement for IPv6 address assignment in y...

Страница 196: ...Example Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer To enable IPv6 in Windows 7 1 Select Control Panel Network and...

Страница 197: ...dynamic IPv6 address This example shows a global address 2001 b021 2d 1000 obtained from a DHCP server C ipconfig Windows IP Configuration Ethernet adapter Local Area Connection Connection specific D...

Страница 198: ...formation Please have the following information ready when you contact an office Required Information Product model and serial number Warranty Information Date that you received your device Brief desc...

Страница 199: ...m pk Philippines ZyXEL Philippines http www zyxel com ph Singapore ZyXEL Singapore Pte Ltd http www zyxel com sg Taiwan ZyXEL Communications Corporation http www zyxel com tw zh Thailand ZyXEL Thailan...

Страница 200: ...Republic ZyXEL Communications Czech s r o http www zyxel cz Denmark ZyXEL Communications A S http www zyxel dk Estonia ZyXEL Estonia http www zyxel com ee et Finland ZyXEL Communications http www zyxe...

Страница 201: ...lux http www zyxel nl Norway ZyXEL Communications http www zyxel no Poland ZyXEL Communications Poland http www zyxel pl Romania ZyXEL Romania http www zyxel com ro ro Russia ZyXEL Russia http www zyx...

Страница 202: ...aine http www ua zyxel com Latin America Argentina ZyXEL Communication Corporation http www zyxel com ec es Brazil ZyXEL Communications Brasil Ltda https www zyxel com br pt Ecuador ZyXEL Communicatio...

Страница 203: ...ser s Guide 203 North America USA ZyXEL Communications Inc North America Headquarters http www zyxel com us en Oceania Australia ZyXEL Communications Corporation http www zyxel com au en Africa South...

Страница 204: ...void the user s authority to operate the device This product has been tested and complies with the specifications for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are de...

Страница 205: ...e du mat riel de cat gorieI a t approuv par Industrie Canada pour fonctionner avec les types d antenne num r s ci dessous et ayant un gain admissible maximal et l imp dance requise pour chaque type d...

Страница 206: ...er relevant provisions of Directive 1999 5 EC Fran ais French Par la pr sente ZyXEL d clare que l appareil quipements est conforme aux exigences essentielles et aux autres dispositions pertinentes de...

Страница 207: ...taux et des T l communications IBPT Visitez http www ibpt be pour de plus amples d tails Denmark In Denmark the band 5150 5350 MHz is also allowed for outdoor usage I Danmark m frekvensb ndet 5150 535...

Страница 208: ...e applicable collection point for the recycling of electrical and electronic devices For detailed information about recycling of this product please contact your local city office your household waste...

Страница 209: ...e selon les r glementations locales votre produit et ou sa batterie doivent tre limin s s par ment des ordures m nag res Lorsque ce produit atteint sa fin de vie amenez le un centre de recyclage Au mo...

Страница 210: ...Appendix D Legal Information NWA1123 ACv2 User s Guide 210 Environmental Product Declaration...

Страница 211: ...10V AC 230V AC About the Symbols Various symbols are used in this product to ensure correct usage to prevent danger to the user and others and to prevent property damage The meaning of these symbols a...

Страница 212: ...is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpo...

Страница 213: ...ertificates 97 advantages of 98 and CA 98 and FTP 134 and HTTPS 120 and SSH 131 and WWW 121 certification path 98 106 111 expired 98 factory default 98 file formats 98 fingerprints 107 112 importing 1...

Страница 214: ...sclaimer 204 documentation related 2 domain name 115 DSA 103 dual radios 12 dual radio application 12 dynamic channel selection 54 E e mail daily statistics report 139 encryption 14 RSA 106 ESSID 173...

Страница 215: ...prefix length 189 stateless autoconfiguration 191 unspecified address 190 J Java permissions 18 JavaScripts 18 K key pairs 97 L lastgood conf 154 157 layer 2 isolation 87 example 88 MAC 88 LED suppre...

Страница 216: ...et 167 Reference Guide CLI 2 related documentation 2 remote management FTP see FTP Telnet 133 WWW see WWW reports daily 139 daily e mail 139 reset 175 vs reboot 167 vs shutdown 168 RESET button 17 175...

Страница 217: ...atistics daily e mail report 139 status 30 status bar 26 warning message popup 26 stopping the device 17 supported browsers 18 syslog 143 148 syslog servers see also logs system log see logs system na...

Страница 218: ...gurator 15 18 access 18 requirements 18 supported browsers 18 web configurator 11 WEP Wired Equivalent Privacy 73 wireless channel 173 wireless client 54 Wireless Distribution System WDS 14 wireless L...

Отзывы:

Нет отзывов

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды