ZyXEL Communications ZyAIR G-3000 Скачать руководство пользователя страница 213 | Manualshive

Страница: 213 / 222

background image

ZyAIR G-3000 User’s Guide

Appendix L Types of EAP Authentication

214

Appendix L

Types of EAP Authentication

This appendix discusses the five popular EAP authentication types:

EAP-MD5

,

EAP-TLS

,

EAP-TTLS

,

PEAP

and

LEAP

.

The type of authentication you use depends on the RADIUS server or the AP. Consult your
network administrator for more information.

EAP-MD5 (Message-Digest Algorithm 5)

MD5 authentication is the simplest one-way authentication method. The authentication server
sends a challenge to the wireless station. The wireless station ‘proves’ that it knows the
password by encrypting the password with the challenge and sends back the information.
Password is not sent in plain text.

However, MD5 authentication has some weaknesses. Since the authentication server needs to
get the plaintext passwords, the passwords must be stored. Thus someone other than the
authentication server may access the password file. In addition, it is possible to impersonate an
authentication server as MD5 authentication method does not perform mutual authentication.
Finally, MD5 authentication method does not support data encryption with dynamic session
key. You must configure WEP encryption keys for data encryption.

EAP-TLS (Transport Layer Security)

With EAP-TLS, digital certifications are needed by both the server and the wireless stations
for mutual authentication. The server presents a certificate to the client. After validating the
identity of the server, the client sends a different certificate to the server. The exchange of
certificates is done in the open before a secured tunnel is created. This makes user identity
vulnerable to passive attacks. A digital certificate is an electronic ID card that authenticates the
sender’s identity. However, to implement EAP-TLS, you need a Certificate Authority (CA) to
handle certificates, which imposes a management overhead.

EAP-TTLS (Tunneled Transport Layer Service)

EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the
server-side authentications to establish a secure connection. Client authentication is then done
by sending username and password through the secure connection, thus client identity is
protected. For client authentication, EAP-TTLS supports EAP methods and legacy
authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2.

«
...
211
212
213
214
215
...
»

Содержание ZyAIR G-3000

Страница 1: ...ZyAIR G 3000 802 11g Business Access Point Bridge Repeater User s Guide Version 3 50 September 2004...

Страница 2: ...XEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it con...

Страница 3: ...n accordance with the instructions may cause harmful interference to radio communications If this equipment does cause harmful interference to radio television reception which can be determined by tur...

Страница 4: ...ress or implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no event be held liable for indirect or consequential damages of any kind of...

Страница 5: ...ler St Anaheim CA 92806 2001 U S A sales zyxel com 1 714 632 0858 ftp us zyxel com GERMANY support zyxel de 49 2405 6909 0 www zyxel de ZyXEL Deutschland GmbH Adenauerstr 20 A2 D 52146 Wuerselen Germa...

Страница 6: ...er Support 6 FINLAND support zyxel fi 358 9 4780 8411 www zyxel fi ZyXEL Communications Oy Malminkaari 10 00700 Helsinki Finland sales zyxel fi 358 9 4780 8448 a is the prefix number you enter to make...

Страница 7: ...tton 28 1 2 1 4 ZyAIR LED 29 1 2 1 5 Bridge Repeater LED 29 1 2 1 6 Power over Ethernet PoE 29 1 2 2 Firmware Features 29 1 2 2 1 Dual WLAN Interface 29 1 2 2 2 Wi Fi Protected Access 30 1 2 2 3 VLAN...

Страница 8: ...ethod of Restoring Factory Defaults 39 2 3 Navigating the ZyAIR Web Configurator 40 Chapter 3 Wizard Setup 42 3 1 Wizard Setup Overview 42 3 1 1 Channel 42 3 1 2 ESS ID 42 3 1 3 WEP Encryption 42 3 2...

Страница 9: ...ryption 75 6 2 2 Authentication 75 6 3 Configuring WEP Encryption 76 6 4 MAC Filter 78 6 5 802 1x Overview 80 6 6 Introduction to Local User Database 80 6 7 Introduction to RADIUS 80 6 7 1 Types of RA...

Страница 10: ...ter 10 Maintenance 106 10 1 Maintenance Overview 106 10 2 System Status Screen 106 10 2 1 System Statistics 107 10 3 Association List 108 10 4 Channel Usage 109 10 5 F W Upload Screen 111 10 6 Configu...

Страница 11: ...Setup 134 14 1 Dial in User Setup 134 Chapter 15 SNMP Configuration 136 15 1 About SNMP 136 15 2 Supported MIBs 137 15 3 SNMP Configuration 137 15 4 SNMP Traps 138 Chapter 16 System Security 140 16 1...

Страница 12: ...Prompt Example 160 18 4 4 TFTP File Upload 160 18 4 5 Example TFTP Command 161 18 4 6 Uploading Via Console Port 161 18 4 7 Uploading Firmware File Via Console Port 161 18 4 8 Example Xmodem Firmware...

Страница 13: ...s 178 Appendix F IP Address Assignment Conflicts 190 Appendix G IP Subnetting 194 Appendix H Command Interpreter 202 Appendix I Log Descriptions 204 Appendix J Wireless LAN and IEEE 802 11 208 Appendi...

Страница 14: ...ZyAIR G 3000 User s Guide 15 Table of Contents...

Страница 15: ...ystem General Setup 50 Figure 15 Password 52 Figure 16 Time Setting 53 Figure 17 IBSS Ad hoc Wireless LAN 56 Figure 18 Basic Service set 57 Figure 19 Extended Service Set 58 Figure 20 RTS CTS 59 Figur...

Страница 16: ...nnected 115 Figure 57 Configuration Upload Error 116 Figure 58 Reset Warning Message 116 Figure 59 Restart Screen 117 Figure 60 Login Screen 118 Figure 61 Menu 23 1 System Security Change Password 119...

Страница 17: ...stem Maintenance Upload System Configuration File 159 Figure 99 FTP Session Example 160 Figure 100 Menu 24 7 1 as seen using the Console Port 162 Figure 101 Example Xmodem Upload 162 Figure 102 Menu 2...

Страница 18: ...ts Case B 191 Figure 124 IP Address Conflicts Case C 191 Figure 125 IP Address Conflicts Case D 192 Figure 126 Peer to Peer Communication in an Ad hoc Network 209 Figure 127 ESS Provides Campus Wide C...

Страница 19: ...AC Address Filter 79 Table 17 Wireless Security Relational Matrix 86 Table 18 Wireless LAN 802 1x WPA 88 Table 19 Wireless LAN 802 1x WPA for 802 1x Protocol 89 Table 20 Wireless LAN 802 1x WPA for WP...

Страница 20: ...s 156 Table 54 System Maintenance Time and Date Setting 166 Table 55 Remote Management Port Control 167 Table 56 Menu 24 11 Remote Management Control 168 Table 57 Troubleshooting the Start Up of Your...

Страница 21: ...05 Table 84 Log Categories and Available Settings 206 Table 85 Comparison of EAP Authentication Types 215 Table 86 NORTH AMERICAN PLUG STANDARDS 218 Table 87 NORTH AMERICAN PLUG STANDARDS 218 Table 88...

Страница 22: ...ZyAIR G 3000 User s Guide 23 List of Tables...

Страница 23: ...e SMT parts of this guide contain background information solely on features not configurable by web configurator Related Documentation Supporting Disk Refer to the included CD for support documents Co...

Страница 24: ...enu titles and labels are in Bold Times New Roman font Predefined field choices are in Bold Arial font Command and arrow keys are enclosed in square brackets ENTER means the Enter or carriage return k...

Страница 25: ...ZyAIR G 3000 User s Guide Preface 26 Graphics Icons Key ZyAIR Computer Notebook computer Server DSLAM Firewall Modem Switch Router Wireless Signal...

Страница 26: ...ZyAIR G 3000 User s Guide 27 Preface...

Страница 27: ...figure The embedded web based configurator enables easy operation and configuration 1 2 ZyAIR Features The following sections describe the features of the ZyAIR 1 2 1 Physical Features 1 2 1 1 10 100M...

Страница 28: ...minating the need for a nearby power source An injector or PoE device not included is also needed to supply the Ethernet cable with power This feature allows increased flexibility in the locating of y...

Страница 29: ...g VLAN ID in the MAC header of a frame to identify VLAN membership The ZyAIR can identify VLAN tags for incoming Ethernet frames and add VLAN tags to outgoing Ethernet frames Configure VLAN virtual LA...

Страница 30: ...links between switches bridges or routers It allows a bridge to interact with other R STP compliant bridges in your network to ensure that only one path exists between any two stations on the network...

Страница 31: ...ransmitting over the wireless network to help keep network communications private 1 2 2 13 IEEE 802 1x Network Security The ZyAIR supports the IEEE 802 1x standard to enhance user authentication Use t...

Страница 32: ...f the wireless stations that are currently using the ZyAIR to access your wired network 1 2 2 19 Wireless LAN Channel Usage The Wireless Channel Usage screen displays whether the radio channels are us...

Страница 33: ...r Applications for each operating mode are shown below 1 3 2 Access Point The ZyAIR is an ideal access solution for wireless Internet connection A typical Internet access application for your ZyAIR is...

Страница 34: ...de the ZyAIR supports both AP A and B can connect to the wired network through X and bridge X can communicate with Y connection at the same time When the ZyAIR is in AP Bridge mode the traffic between...

Страница 35: ...connection at the same time A ZyAIR in repeater mode C has no Ethernet connection When the ZyAIR is in the bridge mode you should enable STP to prevent bridge loops When the ZyAIR is in Bridge Repeat...

Страница 36: ...ZyAIR G 3000 User s Guide 37 Chapter 1 Getting to Know Your ZyAIR Figure 6 Bridge Application Figure 7 Repeater Application...

Страница 37: ...erly connected refer to the Quick Installation Guide Prepare your computer computer network to connect to the ZyAIR refer to the appendix Launch your web browser Type 192 168 1 2 default as the URL Ty...

Страница 38: ...Restoring Factory Defaults You can erase the current configuration and restore factory defaults in three ways Use the RESET button on the side panel of the ZyAIR to upload the default configuration f...

Страница 39: ...setup Wireless LAN setup and IP address assignment Click the links under ADVANCED to configure advanced features such as SYSTEM General Setup Password and Time Zone WIRELESS Wireless MAC Filter Roamin...

Страница 40: ...ZyAIR G 3000 User s Guide 41 Chapter 2 Introducing the Web Configurator...

Страница 41: ...lly overlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 channe...

Страница 42: ...n Windows 95 98 click Start Settings Control Panel Network Click the Identification tab note the entry for the Computer Name field and enter it as the System Name In Windows 2000 click Start Settings...

Страница 43: ...ZyAIR to use a channel select a channel from the drop down list box Open the Channel Usage screen to make sure the channel is not already used by another AP or independent peer to peer wireless netwo...

Страница 44: ...zation you should consult your network administrator for the appropriate IP addresses Key 1 to Key 4 The WEP keys are used to encrypt data Both the ZyAIR and the wireless stations must use the same WE...

Страница 45: ...erved this block of addresses specifically for private use please do not use any other number unless you are told otherwise Let s say you select 192 168 1 0 as the network number which covers 254 indi...

Страница 46: ...ct this option if your ZyAIR is using a static IP address When you select this option fill in the fields below IP Address Enter the IP address of your ZyAIR in dotted decimal notation Note If you chan...

Страница 47: ...og in to the web configurator again using the new IP address if you change the default IP address 192 168 1 2 You have successfully set up the ZyAIR A screen displays prompting you to close the web br...

Страница 48: ...ZyAIR G 3000 User s Guide 49 Chapter 3 Wizard Setup...

Страница 49: ...re 14 System General Setup The following table describes the labels in this screen Table 7 System General Setup LABEL DESCRIPTION General Setup System Name Type a descriptive name to identify the ZyAI...

Страница 50: ...ystem DNS Servers First DNS Server Second DNS Server Third DNS Server Select From DHCP if your DHCP server dynamically assigns DNS server information and the ZyAIR s Ethernet IP address The field to t...

Страница 51: ...re the ZyAIR s time based on your local time zone Table 8 Password LABEL DESCRIPTIONS Old Password Type in your existing system password 1234 is the default password New Password Type your new system...

Страница 52: ...to Time RFC 868 Select None to enter the time and date manually Time Server Address Enter the IP address or the URL of your time server Check with your ISP network administrator if you are unsure of t...

Страница 53: ...when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening Start Date mm dd Enter the month and day that your daylight savings time starts o...

Страница 54: ...ZyAIR G 3000 User s Guide 55 Chapter 4 System Screens...

Страница 55: ...1 1 IBSS An Independent Basic Service Set IBSS also called an Ad hoc network is the simplest WLAN configuration An IBSS is defined as two or more computers with wireless adapters within range of each...

Страница 56: ...ccess the wired network but cannot communicate with each other Figure 18 Basic Service set 5 1 3 ESS An Extended Service Set ESS consists of a series of overlapping BSSs each containing an access poin...

Страница 57: ...s 5 2 1 RTS CTS A hidden node occurs when two stations are within range of the same access point but are not within range of each other The following figure illustrates a hidden node Both stations STA...

Страница 58: ...ir transmission It also reserves and confirms with the requesting station the time frame for the requested transmission Stations can send frames smaller than the specified RTS CTS directly to the AP w...

Страница 59: ...ing RSTP topology change information does not have to propagate to the root bridge and unwanted learned addresses are flushed from the filtering database In RSTP the port states are Discarding Learnin...

Страница 60: ...e assumes that the link to the root bridge is down This bridge then initiates negotiations with other bridges to reconfigure the network to re establish a valid network topology 5 3 4 STP Port States...

Страница 61: ...therwise the ZyAIR uses long preamble 5 5 Configuring Wireless Click the WIRELESS link under ADVANCED to display the Wireless screen The screen varies depending upon the operating mode you select The...

Страница 62: ...ed in the ZyAIR Operating Mode Select the operating mode from the drop down list The options are Access Point Bridge Repeater and AP Bridge ESSID Extended Service Set IDentity The ESSID identifies the...

Страница 63: ...elect Disable to allow wireless stations to communicate with the access points without any data encryption Select 64 bit WEP or 128 bit WEP to enable data encryption Authentication Method Select Auto...

Страница 64: ...AN devices to associate with the ZyAIR Select Mixed to allow either IEEE802 11b or IEEE802 11g compliant WLAN devices to associate with the ZyAIR The transmission rate of your ZyAIR might be reduced M...

Страница 65: ...ng in possible throughput degradation and disruption of communications The following examples show two network topologies that can lead to this problem If two or more ZyAIRs in bridge mode are connect...

Страница 66: ...Wired LAN To prevent bridge loops ensure that you enable STP in the Wireless screen or your ZyAIR is not set to bridge mode while connected to both wired and wireless segments of the same LAN Click th...

Страница 67: ...s only available when you have an external wireless card inserted in the ZyAIR Operating Mode Select Bridge Repeater in this field to display the screen as shown in Enable WDS Security Select the chec...

Страница 68: ...P and bridge simultaneously See the section on ZyAIR applications for more information Remote Bridge MAC Address Type the MAC address of the peer device in a valid MAC address format that is six hexad...

Страница 69: ...ng 70 Figure 26 Wireless AP Bridge See the tables describing the fields in the Access Point and Bridge Repeater operating modes for descriptions of the fields in this screen Note The following screens...

Страница 70: ...the access points to relay information about the wireless stations to each other When a wireless station moves from a coverage area to another it scans and uses the channel of a new access point which...

Страница 71: ...ccess point AP 2 for reauthentication 5 6 1 Requirements for Roaming The following requirements must be met in order for wireless stations to roam between the coverage areas 1 All the access points mu...

Страница 72: ...m the drop down list box to enable roaming on the ZyAIR if you have two or more ZyAIRs on the same subnet Note All APs on the same subnet and the wireless stations must have the same ESSID to allow ro...

Страница 73: ...evels on your ZyAIR EAP Extensible Authentication Protocol is used for authentication and utilizes dynamic WEP key exchange It requires interaction with a RADIUS Remote Authentication Dial In User Ser...

Страница 74: ...Open system authentication involves an unencrypted two message procedure A wireless station sends an open system authentication request to the AP which will then automatically accept and connect the w...

Страница 75: ...ntication request and the ZyAIR will fall back to use open authentication if the shared key does not match 6 3 Configuring WEP Encryption In order to configure and enable WEP encryption click the WIRE...

Страница 76: ...he ZyAIR is on and data is being transmitted received Enable Spanning Tree Control STP R STP detects and breaks network loops and provides backup links between switches bridges or routers It allows a...

Страница 77: ...ers for example 00 A0 C5 00 00 02 You need to know the MAC address of the devices to configure this screen The WLAN Adaptor drop down list box is only available when you have an external wireless card...

Страница 78: ...y available when you have an external wireless card inserted in the ZyAIR Active Select Yes from the drop down list box to enable MAC address filtering Filter Action Define the filter action for the l...

Страница 79: ...to RADIUS RADIUS is based on a client sever model that supports authentication and accounting where access point is the client and the server is the RADIUS server The RADIUS server handles the followi...

Страница 80: ...now The key is not sent over the network In addition to the shared key password information exchanged is also encrypted to protect the wired network from unauthorized access 6 8 EAP Authentication Ove...

Страница 81: ...r not to authenticate the wireless station 6 9 Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server This key expires when the wireless connection times out discon...

Страница 82: ...ses 128 bit keys that are dynamically generated and distributed by the authentication server It includes a per packet key mixing function a Message Integrity Check MIC named Michael an extended initia...

Страница 83: ...dentical passwords into the AP and all wireless clients The Pre Shared Key PSK must consist of between 8 and 63 ASCII characters including spaces and symbols 2 The AP checks each client s password and...

Страница 84: ...ntification against its database and grants or denies network access accordingly 3 The RADIUS server distributes a Pairwise Master Key PMK key to the AP that then sets up a key hierarchy and managemen...

Страница 85: ...al keys by first selecting 64 bit WEP or 128 bit WEP from the WEP Encryption field and then typing the keys in ASCII or hexadecimal format in the key text boxes MAC address filters are not dependent o...

Страница 86: ...you must run Windows XP to use it 6 15 Configuring 802 1x and WPA To change your ZyAIR s authentication settings click the WIRELESS link under ADVANCED and then the 802 1x WPA tab The screen varies by...

Страница 87: ...he drop down list box Choose from No Access Allowed No Authentication Required and Authentication Required No Access Allowed blocks all wireless stations access to the wired network No Authentication...

Страница 88: ...rk The following fields are only available when you select Authentication Required ReAuthentication Timer In Seconds Specify how often wireless stations have to reenter usernames and passwords in orde...

Страница 89: ...you have set up the corresponding database correctly first Select Local User Database Only to have the ZyAIR just check the built in user database on the ZyAIR for a wireless station s username and p...

Страница 90: ...elect Enable to activate WPA mixed mode Otherwise select Disable WPA Group Key Update Timer The WPA Group Key Update Timer is the rate at which the AP if using WPA PSK key management or RADIUS server...

Страница 91: ...key from 8 to 63 case sensitive ASCII characters including spaces and symbols WPA Mixed Mode The ZyAIR can operate in WPA Mixed Mode which supports both clients running WPA and clients running dynami...

Страница 92: ...gure 40 Local User Database The following table describes the labels in this screen Table 22 Local User Database LABEL DESCRIPTION Active Select this check box to activate the user profile User Name E...

Страница 93: ...is user profile Note that as you type a password the screen displays a for each character you type Apply Click Apply to save your changes back to the ZyAIR Reset Click Reset to beginning coguring this...

Страница 94: ...box to enable user accounting through an external authentication server Server IP Address Enter the IP address of the external accounting server in dotted decimal notation Port Number Enter the port n...

Страница 95: ...he MAC header of a frame to identify VLAN membership The ZyAIR can identify VLAN tags for incoming Ethernet frames and add VLAN tags to outgoing Ethernet frames 7 1 1 Management VLAN ID The Management...

Страница 96: ...on VLAN tagging Management VLAN ID Enter a number from 1 to 255 to define this VLAN group At least one device in your network must belong to this VLAN group in order to manage the ZyAIR Note Mail and...

Страница 97: ...Subnet Mask Refer to the IP Address and Subnet Mask section in the Wizard Setup chapter for this information 8 2 2 WAN IP Address Assignment Every computer on the Internet must have a unique IP addres...

Страница 98: ...eate an arbitrary IP address always follow the guidelines above For more information on address assignment please refer to RFC 1597 Address Allocation for Private Internets and RFC 1466 Guidelines for...

Страница 99: ...eighbor of your ZyAIR that will forward the packet to the destination On the LAN the gateway must be a router on the same segment as your ZyAIR over the WAN the gateway must be the IP address of one o...

Страница 100: ...ZyAIR G 3000 User s Guide 101 Chapter 8 IP Screen...

Страница 101: ...logs in one location Click the LOGS links under ADVANCED to open the View Log screen Use the View Log screen to see the logs for the categories that you selected in the Log Settings screen see Figure...

Страница 102: ...list box to display logs within the selected category To view all logs select All Logs The number of categories shown in the drop down list box depends on the selection in the Log Settings page Time T...

Страница 103: ...d below If this field is left blank logs and alert messages will not be sent via e mail Mail Subject Type a title that you want to be in the subject line of the log e mail message that the ZyAIR sends...

Страница 104: ...is selected an alert is sent when the log fills up If you select None no log messages are sent Day for Sending Log This field is only available when you select Weekly in the Log Schedule field Use the...

Страница 105: ...n where you can use to monitor your ZyAIR Note that these labels are READ ONLY and are meant to be used for diagnostic purposes Figure 46 System Status The following table describes the labels in this...

Страница 106: ...how Statistics to see router performance statistics such as number of packets sent and number of packets received for each port Table 29 System Status LABEL DESCRIPTION Table 30 System Status Show Sta...

Страница 107: ...is the index number of the bridge connection Active This shows whether the bridge connection is activated or not Remote Bridge MAC Address This is the MAC address of the peer device in bridge mode St...

Страница 108: ...ap Click MAINTENANCE and then the Channel Usage tab to display the screen shown next Wait a moment while the ZyAIR compiles the information Table 31 Association List LABEL DESCRIPTION This is the inde...

Страница 109: ...displays the MAC address of the AP in an Infrastructure wireless network It is randomly generated so ignore it in an Ad Hoc wireless network Channel This is the index number of the channel currently...

Страница 110: ...tructions in this screen to upload firmware to your ZyAIR Figure 50 Firmware Upload The following table describes the labels in this screen After you see the Firmware Upload in Process screen wait two...

Страница 111: ...orary network disconnect In some operating systems you may see the following icon on your desktop Figure 52 Network Temporarily Disconnecte After two minutes log in again and check your new firmware v...

Страница 112: ...uration Screen See the Firmware and Configuration File Maintenance chapter for transferring configuration files using FTP TFTP commands Click MAINTENANCE and then the Configuration tab Information rel...

Страница 113: ...l in case you need to return to your previous settings Click Backup to save the ZyAIR s current configuration to your computer 10 6 2 Restore Configuration Restore configuration allows you to upload a...

Страница 114: ...he following icon on your desktop Figure 56 Network Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same sub...

Страница 115: ...reen The following warning screen will appear Figure 58 Reset Warning Message You can also press the RESET button on the side panel to reset the factory defaults of your ZyAIR Refer to the section on...

Страница 116: ...ZyAIR G 3000 User s Guide 117 Chapter 10 Maintenance Figure 59 Restart Screen...

Страница 117: ...character you type Figure 60 Login Screen 3 After entering the password you will see the main menu Please note that if there is no activity for longer than five minutes default timeout period after yo...

Страница 118: ...password in the Retype to confirm field for confirmation and press ENTER Note that as you type a password the screen displays an asterisk for each character you type 11 3 ZyAIR SMT Menu Overview Examp...

Страница 119: ...tion are listed in the table below Table 35 Main Menu Commands OPERATION KEYSTROKE DESCRIPTION Move down to another menu ENTER To move forward to a submenu type in the number of the desired submenu an...

Страница 120: ...save the new configuration N A fields N A Some of the fields in the SMT will show a N A This symbol refers to an option that is Not Applicable Save your configuration ENTER Save your configuration by...

Страница 121: ...elated parameters 23 System Security Use this menu to change your password and enable network user authentication 24 System Maintenance This menu provides system status diagnostics software upload etc...

Страница 122: ...ZyAIR G 3000 User s Guide 123 Chapter 11 Introducing the SMT...

Страница 123: ...1 Procedure To Configure Menu 1 Enter 1 in the Main Menu to open Menu 1 General Setup as shown next Figure 64 Menu 1 General Setup Fill in the required fields Refer to the following table for more in...

Страница 124: ...These fields are not available on all models IP Address Enter the IP addresses of the DNS servers This field is available when you select User Defined in the field above When you have completed this...

Страница 125: ...nter 3 to display menu 3 Figure 65 Menu 3 LAN Setup Detailed explanation about the LAN Setup menu is given in the next chapter 13 2 TCP IP Ethernet Setup Use menu 3 2 to configure your ZyAIR for TCP I...

Страница 126: ...ddress from a DHCP server You must know the IP address assigned to the ZyAIR by the DHCP server to access the ZyAIR again Select Static to give the ZyAIR a fixed unique IP address Enter a subnet mask...

Страница 127: ...ice Set IDentity identifies the AP to which the wireless stations associate Wireless stations associating to the AP must have the same ESSID Enter a descriptive name of up to 32 printable 7 bit ASCII...

Страница 128: ...default setting is Long See the section on preamble for more information 802 11 Mode Select 802 11b Only to allow only IEEE 802 11b compliant WLAN devices to associate with the ZyAIR Select 802 11g On...

Страница 129: ...ed Default Key N A Max Frame Burst 650 Key1 N A VLAN ID 1 Key2 N A Breathing LED Yes Key3 N A Key4 N A Authen Method N A Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Menu 3 5 1 WL...

Страница 130: ...ill be allowed to access the router The default action Allowed Association permits association with the ZyAIR MAC addresses not listed will be denied access to the router MAC Address Filter 1 32 Enter...

Страница 131: ...ddress 00 00 00 00 00 00 Enable Link 4 No Peer MAC Address 00 00 00 00 00 00 Enable Link 5 No Peer MAC Address 00 00 00 00 00 00 Enable Link 6 No Peer MAC Address 00 00 00 00 00 00 Press ENTER to Conf...

Страница 132: ...ZyAIR G 3000 User s Guide 133 Chapter 13 LAN Setup...

Страница 133: ...main menu enter 14 to display Menu 14 Dial in User Setup Figure 72 Menu 14 Dial in User Setup Type a number and press ENTER to edit the user profile Menu 14 Dial in User Setup 1 ________ 9 ________ 1...

Страница 134: ...42 Menu 14 1 Edit Dial in User FIELD DESCRIPTION User Name Enter a username up to 31 alphanumeric characters long for this user profile This field is case sensitive Active Press SPACE BAR to select Y...

Страница 135: ...The ZyAIR supports SNMP version one SNMPv1 and version two c SNMPv2c The next figure illustrates an SNMP management operation SNMP is only available if TCP IP is configured Figure 74 SNMP Management...

Страница 136: ...manager to retrieve an object variable from the agent GetNext Allows the manager to retrieve the next object variable from a table or list within an agent In SNMPv1 when a manager wants to retrieve al...

Страница 137: ...ord for incoming Set requests from the management station Trusted Host If you enter a trusted host your ZyAIR will only respond to SNMP messages from this address A blank default field means your ZyAI...

Страница 138: ...ure defined in RFC 1215 A trap is sent to the manager when receiving any SNMP get or set requirements with wrong community password 6 linkDown defined in RFC 1215 A trap is sent when the port is down...

Страница 139: ...stem Security You should change the default password If you forget your password you have to restore the default configuration file Refer to the section on changing the system password in the Introduc...

Страница 140: ...nfirm or ESC to Cancel Table 46 Menu 23 2 System Security RADIUS Server FIELD DESCRIPTION Authentication Server Active Press SPACE BAR to select Yes and press ENTER to enable user authentication throu...

Страница 141: ...er in dotted decimal notation Port The default port of the RADIUS server for accounting is 1813 You need not change this value unless your network administrator instructs you to do so with additional...

Страница 142: ...quired means wireless stations have to enter usernames and passwords before access to the wired network is allowed Select No Access Allowed to block all wireless stations access to the wired network T...

Страница 143: ...ted in WPA PSK mode The ZyAIR default is 1800 seconds 30 minutes Authentication Databases The authentication database contains wireless station login information The local user database is the built i...

Страница 144: ...ZyAIR G 3000 User s Guide 145 Chapter 16 System Security Once you enable user authentication you need to specify an external RADIUS server or create local user accounts on the ZyAIR for authentication...

Страница 145: ...System Status is a tool that can be used to monitor your ZyAIR Specifically it gives you information on your Ethernet and Wireless LAN status number of packets sent and received To get to System Statu...

Страница 146: ...pes are Ethernet and Wireless Status This shows the status of the remote node TxPkts This is the number of transmitted packets to this remote node RxPkts This is the number of received packets from th...

Страница 147: ...election Note The ZyAIR also has an internal console port for support personnel only Do not open the ZyAIR as it will void your warranty Menu 24 2 1 System Maintenance Information Name G 3000 Routing...

Страница 148: ...1 Viewing Error Log The first place you should look for clues when something goes wrong is the error log Follow the procedures to view the local error trace log 1 Type 24 in the main menu to display M...

Страница 149: ...4 System Maintenance Diagnostic Follow the procedure next to get to display this menu 1 From the main menu type 24 to open Menu 24 System Maintenance Menu 24 3 System Maintenance Log and Trace 1 View...

Страница 150: ...ZyAIR and the connections Table 50 Menu 24 4 System Maintenance Menu Diagnostic FIELD DESCRIPTION Ping Host Ping the host to see if the links and TCP IP protocol on both systems are working DHCP Rele...

Страница 151: ...ngs they can be saved back to your computer under a filename of your choosing ZyNOS ZyXEL Network Operating System sometimes referred to as the ras file is the system firmware and has a bin filename e...

Страница 152: ...to your computer Backup is highly recommended once your ZyAIR is functioning properly FTP is the preferred method although TFTP can also be used Please note that the terms download and upload are rela...

Страница 153: ...he ZyAIR to your computer and renames it config rom See earlier in this chapter for more information on filename conventions 7 Enter quit to exit the FTP prompt Menu 24 5 Backup Configuration To trans...

Страница 154: ...s only from this address 2 Put the SMT in command interpreter CI mode by entering 8 in Menu 24 System Maintenance 331 Enter PASS command Password 230 Logged in ftp bin 200 Type I OK ftp get rom 0 zyxe...

Страница 155: ...where i specifies binary image transfer mode use this mode when transferring binary files host is the ZyAIR IP address get transfers the file source on the ZyAIR rom 0 name of the configuration file o...

Страница 156: ...ore the configuration via FTP or TFTP to your ZyAIR The preferred method is FTP Note that this function erases the current configuration before restoring the previous backup configuration please do no...

Страница 157: ...procedure below 1 Launch the FTP client on your workstation 2 Type open and the IP address of your router Then type root and SMT password as requested 3 Type put backupfilename rom 0 where backupfile...

Страница 158: ...remote file name on the system 4 The system reboots automatically after a successful firmware upload For details on FTP commands please consult the documentation of your FTP client program For detail...

Страница 159: ...om See earlier in this chapter for more information on filename conventions 7 Enter quit to exit the FTP prompt Figure 99 FTP Session Example More commands that you may find in third party FTP clients...

Страница 160: ...et binary transfer mode 18 4 5 Example TFTP Command The following is an example TFTP command TFTP i host put firmware bin ras where i specifies binary image transfer mode use this mode when transferri...

Страница 161: ...tically restart 18 4 9 Uploading Configuration File Via Console Port 1 Select 2 from Menu 24 7 System Maintenance Upload Firmware to display Menu 24 7 2 System Maintenance Upload System Configuration...

Страница 162: ...Menu 24 7 2 System Maintenance Upload System Configuration File To upload system configuration file 1 Enter y at the prompt below to go into debug mode 2 Enter atlc after Enter Debug Mode message 3 Wa...

Страница 163: ...main system firmware The CI provides much of the same functionality as the SMT while adding some low level setup and diagnostic functions Enter the CI from the SMT by selecting menu 24 8 See the inclu...

Страница 164: ...n the ZyAIR error logs 1 Select menu 24 in the main menu to open Menu 24 System Maintenance 2 Then enter 10 to go to Menu 24 10 System Maintenance Time and Date Setting to update the time and date set...

Страница 165: ...RFC 867 format is day month year time zone of the server Time RFC 868 format displays a 4 byte integer giving the total number of seconds since 1970 1 1 at 0 0 0 NTP RFC 1305 is similar to Time RFC 8...

Страница 166: ...iguration files using FTP To use this feature your computer must have an FTP client 19 3 3 Web You can use the ZyAIR s embedded web configurator for configuration and file management See the online he...

Страница 167: ...0 0 0 0 Press ENTER to Confirm or ESC to Cancel Table 56 Menu 24 11 Remote Management Control FIELD DESCRIPTION Telnet Server FTP Server Web Server SNMP Service DNS Service Each of these read only la...

Страница 168: ...nt session of the same type running at one time 5 There is a web remote management session running with a Telnet session A Telnet session will be disconnected if you begin a web session it will not be...

Страница 169: ...he power source is working properly Table 58 Troubleshooting the Ethernet Interface PROBLEM CORRECTIVE ACTION Cannot access the ZyAIR from the LAN If the ETHN LED on the front panel is off check the E...

Страница 170: ...ot access the ZyAIR through Telnet Refer to the Problems with the Ethernet Interface section for instructions on checking your Ethernet connection Table 61 Troubleshooting the WLAN Interface PROBLEM C...

Страница 171: ...on compliance for wireless LAN IEEE 802 1x security standard IEEE 802 3af standard Wi Fi certificate WDS 6 WDS links Bridge Repeater mode Spanning Tree Protocol IEEE 802 1d DHCP Relay Ability to act a...

Страница 172: ...ual Ethernet port Wireless port Syslog Errorlog Trace log Packet Log Management Embedded Web Configurator management Command line interface Telnet support Password protected telnet access to internal...

Страница 173: ...vice The injector must comply to IEEE 802 3af 7 Table 64 Power over Ethernet Injector Specifications Power Output 15 4 Watts maximum Power Current 400 mA maximum Table 65 Power over Ethernet Injector...

Страница 174: ...ZyAIR G 3000 User s Guide 175 Appendix C Power over Ethernet Specifications...

Страница 175: ...to block all access attempts for five minutes after the third time an incorrect password is entered Table 66 Brute Force Password Guessing Protection Commands COMMAND DESCRIPTION sys pwderrtm This com...

Страница 176: ...ZyAIR G 3000 User s Guide 177 Appendix D Brute Force Password Guessing Protection...

Страница 177: ...1 requires the purchase of a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appro...

Страница 178: ...Microsoft Networks If you need the adapter 1 In the Network window click Add 2 Select Adapter and then click Add 3 Select the manufacturer and model of your network adapter and then click OK If you n...

Страница 179: ...dapter s TCP IP entry and click Properties 2 Click the IP Address tab If your IP address is dynamic select Obtain an IP address automatically If you have a static IP address select Specify an IP addre...

Страница 180: ...OK to save and close the TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your ZyAIR and restart your computer when prompted Verifying Settin...

Страница 181: ...mputer s IP Address 182 Figure 112 Windows XP Start Menu 2 For Windows XP click Network Connections For Windows 2000 NT click Network and Dial up Connections Figure 113 Windows XP Control Panel 3 Righ...

Страница 182: ...Connections Properties 4 Select Internet Protocol TCP IP under the General tab in Win XP and click Properties Figure 115 Windows XP Local Area Connection Properties 5 The Internet Protocol TCP IP Prop...

Страница 183: ...tab in IP addresses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Con...

Страница 184: ...them Figure 117 Windows XP Internet Protocol TCP IP Properties 8 Click OK to close the Internet Protocol TCP IP Properties window 9 Click OK to close the Local Area Connection Properties window 10Turn...

Страница 185: ...up Your Computer s IP Address 186 Figure 118 Macintosh OS 8 9 Apple Menu 2 Select Ethernet built in from the Connect via list Figure 119 Macintosh OS 8 9 TCP IP 3 For dynamically assigned settings sel...

Страница 186: ...ck Save if prompted to save changes to your configuration 7 Turn on your ZyAIR and restart your computer if prompted Verifying Settings Check your TCP IP properties in the TCP IP Control Panel window...

Страница 187: ...wing From the Configure box select Manually Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your ZyAIR in the Router address box 5 Click...

Страница 188: ...ZyAIR G 3000 User s Guide 189 Appendix E Setting up Your Computer s IP Address...

Страница 189: ...he same as the IP address of a computer on the LAN Figure 122 IP Address Conflicts CaseA You must set the ZyAIR to use different LAN and WAN IP addresses on different subnets if you enable DHCP server...

Страница 190: ...IP addresses on different subnets if you enable DHCP server on the ZyAIR For example you set the WAN IP address to 192 59 1 1 and the LAN IP address to 10 59 1 1 Otherwise It is recommended the ZyAIR...

Страница 191: ...s Assignment Conflicts 192 In this case the subscribers are not able to access the Internet Figure 125 IP Address Conflicts Case D This problem can be solved by adding a VLAN enabled switch or set the...

Страница 192: ...ZyAIR G 3000 User s Guide 193 Appendix F IP Address Assignment Conflicts...

Страница 193: ...ess the first two octets make up the network number and the two remaining octets make up the host ID Class C addresses begin starting from the left with 1 1 0 In a class C address the first three octe...

Страница 194: ...host ID Subnet masks are expressed in dotted decimal notation just as IP addresses are The natural masks for class A B and C IP addresses are as follows Subnetting With subnetting the class arrangeme...

Страница 195: ...k Normally if no mask is specified it is understood that the natural mask is being used Example Two Subnets As an example you have a class C address 192 168 1 0 with subnet mask of 255 255 255 0 The f...

Страница 196: ...68 1 1 and the highest is 192 168 1 126 Similarly the host ID range for the second subnet is 192 168 1 129 to 192 168 1 254 Note In the following charts shaded bolded last octet bit values indicate ho...

Страница 197: ...0 IP Address Binary 11000000 10101000 00000001 00000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 0 Lowest Host ID 192 168 1 1 Broadcast Address 192 168 1 63 Hig...

Страница 198: ...11111111 11111111 11000000 Subnet Address 192 168 1 192 Lowest Host ID 192 168 1 193 Broadcast Address 192 168 1 255 Highest Host ID 192 168 1 254 Table 78 Eight Subnets SUBNET SUBNET ADDRESS FIRST A...

Страница 199: ...tting The following table is a summary for class B subnet planning Table 80 Class B Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 128 0 17 2 32766 2 255 25...

Страница 200: ...ZyAIR G 3000 User s Guide 201 Appendix G IP Subnetting...

Страница 201: ...command keywords exactly as shown do not abbreviate The required fields in a command are enclosed in angle brackets The optional fields in a command are enclosed in square brackets The symbol means o...

Страница 202: ...ZyAIR G 3000 User s Guide 203 Appendix H Command Interpreter...

Страница 203: ...ly Someone has logged on to the router s web configurator interface WEB Login Fail Someone has failed to log on to the router s web configurator interface TELNET Login Successfully Someone has logged...

Страница 204: ...Type of Service and Host 8 Echo 0 Echo message 11 Time Exceeded 0 Time to live exceeded in transit 1 Fragment reassembly time exceeded 12 Parameter Problem 0 Pointer indicates the error 13 Timestamp 0...

Страница 205: ...an individual ZyAIR log category Use the sys logs clear command to erase all of the ZyAIR s logs Log Command Example This example shows how to set the ZyAIR to record the error logs and alerts and th...

Страница 206: ...ZyAIR G 3000 User s Guide 207 Appendix I Log Descriptions...

Страница 207: ...nce room users access to the network as they move from meeting to meeting getting up to date access to information and the ability to communicate decisions while on the go It provides campus wide netw...

Страница 208: ...ation in an Ad hoc Network Infrastructure Wireless LAN Configuration For Infrastructure WLANs multiple Access Points APs link the WLAN to the wired network and allow users to efficiently share network...

Страница 209: ...ZyAIR G 3000 User s Guide Appendix J Wireless LAN and IEEE 802 11 210 Figure 127 ESS Provides Campus Wide Coverage...

Страница 210: ...ZyAIR G 3000 User s Guide 211 Appendix J Wireless LAN and IEEE 802 11...

Страница 211: ...11b standard does not provide any central user account management User access control is done through manual modification of the MAC address table on the access point Although WEP data encryption off...

Страница 212: ...LAN With IEEE 802 1x RADIUS Server Authentication Sequence The following figure depicts a typical wireless network with a remote RADIUS server for user authentication using EAPOL EAP Over LAN Figure 1...

Страница 213: ...D5 authentication method does not support data encryption with dynamic session key You must configure WEP encryption keys for data encryption EAP TLS Transport Layer Security With EAP TLS digital cert...

Страница 214: ...ntation of IEEE802 1x For added security certificate based authentications EAP TLS EAP TTLS and PEAP use dynamic keys for data encryption They are often deployed in corporate environments but for publ...

Страница 215: ...ows you to visualize the shape of the antenna s coverage area Antenna Gain Antenna gain measured in dB decibel is the increase in coverage within the RF beam width Higher antenna gain improves the ran...

Страница 216: ...or hallways and outdoor point to point applications Positioning Antennas In general antennas should be mounted as high as practically possible and free of obstructions In point to point application po...

Страница 217: ...1 2A Power Consumption 10 W Safety Standards UL CUL UL 1310 CSA C22 2 No 223 M91 Table 88 EUROPEAN PLUG STANDARDS AC Power Adaptor Model AD 1201200DV Input Power AC230Volts 50Hz 0 2A Output Power DC1...

Страница 218: ...ower Adaptor Specifications Table 91 Australia and New Zealand plug standards AC Power Adaptor Model AD 1201200DS or AD 121200DS Input Power AC240Volts 50Hz 0 2A Output Power DC12Volts 1 2A Power Cons...

Страница 219: ...C CA 214 Certificate Authority 214 Channel 42 Channel ID 64 128 Collision 147 Command Interpreter 164 Community 137 CPU Load 147 D Data Encryption 75 Data encryption 42 Default 116 DHCP 149 Diagnosti...

Страница 220: ...P Address 45 46 98 99 127 149 151 IP Addressing 194 IP Classes 194 L LAN 108 Link type 147 Log and Trace 150 Log Descriptions 204 Logs 102 Long Preamble Mode 62 M MAC address 78 MAC Address Filter Act...

Страница 221: ...Trap 137 Traps 138 Trusted Host 138 Spanning Tree Protocol 60 SSL Passthrough 32 STP 60 STP Spanning Tree Protocol 31 STP Path Costs 60 STP Port States 61 STP Terminology 60 Subnet Mask 46 98 127 149...

Страница 222: ...74 WEP Encryption 32 64 77 128 Wi Fi Protected Access 30 Wired Equivalent Privacy 74 Wireless Client WPA Supplicants 87 Wireless Distribution System 30 Wireless LAN 127 208 Wireless LAN Setup 127 Wiz...

Отзывы:

Нет отзывов

Похожие инструкции для ZyAIR G-3000

LPA-7-42 Series

Бренд: Panorama Antennas Страницы: 2

Бренд: KJM Страницы: 5

Бренд: EARDATEK Страницы: 92

Mini-State HDMS9100

Бренд: HDView360 Страницы: 12

Бренд: Labgear Страницы: 2

Бренд: Antsig Страницы: 2

SPEED 8 field Antenna

Бренд: BENZING Страницы: 2

Бренд: Funke Страницы: 12

RocketDish airMAX RD-5G31-AC

Бренд: air MAX Страницы: 24

Бренд: Audio Technica Страницы: 4

Бренд: CUSHCRAFT Страницы: 8

Бренд: Winegard Страницы: 5

Бренд: Hills Страницы: 2

Бренд: SteppIR Страницы: 36

Бренд: SteppIR Страницы: 52

Бренд: Televes Страницы: 16

Бренд: Televes Страницы: 32

Бренд: Novus Страницы: 5

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды