ZyAIR B-500 Wireless Access Point User's Guide Version 3.
ZyAIR B-500 Wireless Access Point User’s Guide Copyright Copyright © 2004 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation.
ZyAIR B-500 Wireless Access Point User’s Guide Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.
ZyAIR B-500 Wireless Access Point User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase.
ZyAIR B-500 Wireless Access Point User’s Guide Customer Support Please have the following information ready when you contact customer support. • • • • Product model and serial number. Warranty Information. Date that you received your device. Brief description of the problem and the steps you took to solve it. METHOD SUPPORT E-MAIL SALES E-MAIL LOCATION WORLDWIDE support@zyxel.com.tw TELEPHONE1 FAX 1 +886-3-578-3942 WEB SITE FTP SITE www.zyxel.com www.europe.zyxel.com sales@zyxel.com.
ZyAIR B-500 Wireless Access Point User’s Guide METHOD LOCATION FINLAND vi SUPPORT E-MAIL SALES E-MAIL TELEPHONE1 FAX 1 support@zyxel.fi +358-9-4780-8411 sales@zyxel.fi +358-9-4780 8448 WEB SITE REGULAR MAIL FTP SITE www.zyxel.
ZyAIR B-500 Wireless Access Point User’s Guide Table of Contents Copyright .........................................................................................................................................................ii Federal Communications Commission (FCC) Interference Statement .....................................................iii ZyXEL Limited Warranty.............................................................................................................................
ZyAIR B-500 Wireless Access Point User’s Guide 5.1.2 BSS ....................................................................................................................................5-1 5.1.3 ESS ....................................................................................................................................5-2 5.2 Wireless LAN Basics.................................................................................................................5-3 5.2.1 RTS/CTS....................
ZyAIR B-500 Wireless Access Point User’s Guide 9.5 Configuration Screen .................................................................................................................9-8 9.5.1 Backup Configuration ........................................................................................................9-8 9.5.2 Restore Configuration ........................................................................................................9-9 9.5.3 Back to Factory Defaults......................
ZyAIR B-500 Wireless Access Point User’s Guide Chapter 17 Firmware and Configuration File Maintenance .................................................................17-1 17.1 Filename Conventions .............................................................................................................17-1 17.2 Backup Configuration..............................................................................................................17-2 17.2.1 Backup Configuration Using FTP.......................
ZyAIR B-500 Wireless Access Point User’s Guide List of Figures Figure 1-1 Internet Access Application.......................................................................................................... 1-4 Figure 1-2 Corporation Network Application ................................................................................................ 1-5 Figure 2-1 Change Password Screen..............................................................................................................
ZyAIR B-500 Wireless Access Point User’s Guide Figure 9-12 Network Temporarily Disconnected..........................................................................................9-10 Figure 9-13 Configuration Upload Error ......................................................................................................9-11 Figure 9-14 Back to Factory Default ............................................................................................................
ZyAIR B-500 Wireless Access Point User’s Guide Figure 18-2 Valid CI Commands ................................................................................................................. 18-1 Figure 18-3 Menu 24.10 System Maintenance : Time and Date Setting......................................................
ZyAIR B-500 Wireless Access Point User’s Guide List of Tables Table 3-1 Wizard 1 : General Setup ............................................................................................................... 3-2 Table 3-2 Wizard 2 : Wireless LAN Setup ..................................................................................................... 3-3 Table 3-3 Private IP Address Ranges .............................................................................................................
ZyAIR B-500 Wireless Access Point User’s Guide Table 17-1 Filename Conventions ................................................................................................................17-2 Table 17-2 General Commands for Third Party FTP Clients........................................................................17-3 Table 17-3 General Commands for Third Party TFTP Clients .....................................................................17-5 Table 18-1 Menu 24.
ZyAIR B-500 Wireless Access Point User’s Guide Preface Congratulations on your purchase from the ZyAIR B-500 Wireless Access Point. An access point (AP) acts as a bridge between the wireless and wired networks, extending your existing wired network without any additional wiring. This User’s Guide is designed to guide you through the configuration of your ZyAIR using the web configurator or the SMT.
ZyAIR B-500 Wireless Access Point User’s Guide • Mouse action sequences are denoted using a comma. For example, “click the Apple icon, Control Panels and then Modem” means first click the Apple icon, then point your mouse pointer to Control Panels and then click Modem. • For brevity’s sake, we will use “e.g.,” as a shorthand for “for instance”, and “i.e.,” for “that is” or “in other words” throughout this manual.
Overview Part I: OVERVIEW This part introduces the main features and applications of ZyAIR and shows how to access the web configurator and use the Wizard to setup the ZyAIR.
ZyAIR B-500 Wireless Access Point User’s Guide Chapter 1 Getting to Know Your ZyAIR This chapter introduces the main features and applications of the ZyAIR. 1.1 Introducing the ZyAIR Wireless Access Point The ZyAIR extends the range of your existing wired network without any additional wiring efforts. The ZyAIR provides easy network access to mobile users. The ZyAIR offers highly secured wireless connectivity to your wired network with IEEE 802.
ZyAIR B-500 Wireless Access Point User’s Guide 802.11b Wireless LAN Standard ZyAIR products containing the letter “B” in the model name, such as ZyAIR B-1000, ZyAIR B-500, comply with the 802.11b wireless standard. The 802.11b data rate and corresponding modulation techniques are as follows. The modulation technique defines how bits are encoded onto radio waves. 802.11b Data Rate (Mbps) Modulation 1 DBPSK (Differential Binary Phase Shift Keyed) 2 DQPSK (Differential Quadrature Phase Shift Keying) 5.
ZyAIR B-500 Wireless Access Point User’s Guide WEP Encryption WEP (Wired Equivalent Privacy) encrypts data frames before transmitting over the wireless network to help keep network communications private. Wi-Fi Protected Access Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft. Key differences between WPA and WEP are user authentication and improved data encryption. IEEE 802.1x Network Security The ZyAIR supports the IEEE 802.
ZyAIR B-500 Wireless Access Point User’s Guide Wireless LAN Channel Usage The Wireless Channel Usage screen displays whether the radio channels are used by other wireless devices within the transmission range of the ZyAIR. This allows you to select the channel with minimum interference for your ZyAIR. 1.3 Applications for the ZyAIR Here are some application examples of what you can do with your ZyAIR. 1.3.
ZyAIR B-500 Wireless Access Point User’s Guide Figure 1-2 Corporation Network Application Getting to Know Your ZyAIR 1-5
ZyAIR B-500 Wireless Access Point User’s Guide Chapter 2 Introducing the Web Configurator This chapter describes how to access the ZyAIR web configurator and provides an overview of its screens. The default IP address of the ZyAIR is 192.168.1.2. 2.1 Accessing the ZyAIR Web Configurator Step 1. Make sure your ZyAIR hardware is properly connected (refer to the Quick Installation Guide). Step 2. Prepare your computer/computer network to connect to the ZyAIR (refer to the appendix). Step 3.
ZyAIR B-500 Wireless Access Point User’s Guide The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the ZyAIR if this happens to you. 2.2 Resetting the ZyAIR If you forget your password or cannot access the ZyAIR, you will need to reload the factory-default configuration file or use the RESET button on the top panel of the ZyAIR.
ZyAIR B-500 Wireless Access Point User’s Guide 2.3 Navigating the ZyAIR Web Configurator The following summarizes how to navigate the web configurator. Follow the instructions below or click the icon (located in the top right corner of most screens) to view online help. Click WIZARD SETUP for initial configuration including general setup, Wireless LAN setup and IP address assignment.
ZyAIR B-500 Wireless Access Point User’s Guide Chapter 3 Wizard Setup This chapter provides information on the Wizard Setup screens in the web configurator. 3.1 Wizard Setup Overview The web configurator’s setup wizard helps you configure your ZyAIR for wireless stations to access your wired LAN. 3.1.1 Channel A channel is the radio frequency(ies) used by IEEE 802.11b wireless devices. Channels available depend on your geographical area.
ZyAIR B-500 Wireless Access Point User’s Guide 3.2 Wizard Setup: General Setup General Setup contains administrative and system-related information. Figure 3-1 Wizard 1 : General Setup The following table describes the labels in this screen. Table 3-1 Wizard 1 : General Setup LABEL System Name DESCRIPTION It is recommended you type your computer's "Computer name". In Windows 95/98 click Start, Settings, Control Panel, Network.
ZyAIR B-500 Wireless Access Point User’s Guide Table 3-1 Wizard 1 : General Setup LABEL DESCRIPTION Domain Name This is not a required field. Leave this field blank or enter the domain name here if you know it. Click Next to proceed to the next screen. Next 3.3 Wizard Setup: Wireless LAN Use the second wizard screen to set up the wireless LAN. Figure 3-2 Wizard 2 : Wireless LAN Setup The following table describes the labels in this screen.
ZyAIR B-500 Wireless Access Point User’s Guide Table 3-2 Wizard 2 : Wireless LAN Setup LABEL DESCRIPTION Choose Channel ID To manually set the ZyAIR to use a channel, select a channel from the drop-down list box. Open the Channel Usage screen to make sure the channel is not already used by another AP or independent peer-to-peer wireless network. To have the ZyAIR automatically select a channel, click Scan instead.
ZyAIR B-500 Wireless Access Point User’s Guide The following table describes the labels in this screen. Table 3-3 Wizard 2 : Wireless LAN Setup LABEL DESCRIPTION Wireless LAN Setup WEP Encryption Select 64-bit WEP or 128-bit WEP to allow data encryption. ASCII Select this option in order to enter ASCII characters as the WEP keys. Hex Select this option to enter hexadecimal characters as the WEP keys. The preceding 0x is entered automatically. Key 1 to Key 4 The WEP keys are used to encrypt data.
ZyAIR B-500 Wireless Access Point User’s Guide Extend Security If you choose Extend security in the Wireless LAN Setup screen, you can set up a Pre-Shared Key. The following table describes the labels in this screen. Table 3-4 Wizard 2 : Wireless LAN Setup LABEL DESCRIPTION Wireless LAN Setup Pre-Shared Key Type from 8 to 31 case-sensitive ASCII characters or from 16 to 62 hexadecimal ("09", "A-F") characters.
ZyAIR B-500 Wireless Access Point User’s Guide Table 3-5 Private IP Address Ranges 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 You can obtain your IP address from the IANA, from an ISP or have it assigned by a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks.
ZyAIR B-500 Wireless Access Point User’s Guide Figure 3-3 Wizard 3 : IP Address Assignment The following table describes the labels in this screen. Table 3-6 Wizard 3 : IP Address Assignment LABEL DESCRIPTION IP Address Assignment Get automatically From DHCP Select this option if your ZyAIR is using a dynamically assigned IP address from a DHCP server each time. You must know the IP address assigned to the ZyAIR (by the DHCP server) to access the ZyAIR again.
ZyAIR B-500 Wireless Access Point User’s Guide Table 3-6 Wizard 3 : IP Address Assignment LABEL Gateway IP Address DESCRIPTION Enter the IP address of a gateway. The gateway is an immediate neighbor of your ZyAIR that will forward the packet to the destination. On the LAN, the gateway must be a router on the same segment as your ZyAIR; over the WAN, the gateway must be the IP address of one of the remote node. Back Click Back to return to the previous screen.
ZyAIR B-500 Wireless Access Point User’s Guide Well done! You have successfully set up your ZyAIR to operate on your network and access the Internet.
System, Wireless and IP Part II: SYSTEM, WIRELESS AND IP This part covers the information and web configurator screens of System, Wireless and IP.
ZyAIR B-500 Wireless Access Point User’s Guide Chapter 4 System Screens This chapter provides information on the System screens. 4.1 System Overview This section provides information on general system setup. 4.2 Configuring General Setup Click SYSTEM to open the General screen. Figure 4-1 System General Setup The following table describes the labels in this screen.
ZyAIR B-500 Wireless Access Point User’s Guide Table 4-1 System General Setup LABEL DESCRIPTION System Name Type a descriptive name to identify the ZyAIR in the Ethernet network. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes "-" and underscores "_" are accepted. Domain Name This is not a required field. Leave this field blank or enter the domain name here if you know it.
ZyAIR B-500 Wireless Access Point User’s Guide Figure 4-2 Password The following table describes the labels in this screen. Table 4-2 Password LABEL DESCRIPTION Old Password Type in your existing system password (1234 is the default password). New Password Type your new system password (up to 31 characters). Note that as you type a password, the screen displays an asterisk (*) for each character you type. Retype to Confirm Retype your new system password for confirmation.
ZyAIR B-500 Wireless Access Point User’s Guide Figure 4-3 Time Setting The following table describes the labels in this screen. Table 4-3 Time Setting LABEL Time Protocol 4-4 DESCRIPTION Select the time service protocol that your time server sends when you turn on the ZyAIR. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works. The main difference between them is the format.
ZyAIR B-500 Wireless Access Point User’s Guide Table 4-3 Time Setting LABEL DESCRIPTION Time Server Address Enter the IP address or the URL of your time server. Check with your ISP/network administrator if you are unsure of this information. Current Time (hh:mm:ss) This field displays the time of your ZyAIR. Each time you reload this page, the ZyAIR synchronizes the time with the time server. New Time (hh:mm:ss) This field displays the last updated time from the time server.
ZyAIR B-500 Wireless Access Point User’s Guide Chapter 5 Wireless Configuration and Roaming This chapter discusses how to configure Wireless and Roaming screens on the ZyAIR. 5.1 Wireless LAN Overview This section introduces the wireless LAN (WLAN) and some basic scenarios. 5.1.1 IBSS An Independent Basic Service Set (IBSS), also called an Ad-hoc network, is the simplest WLAN configuration.
ZyAIR B-500 Wireless Access Point User’s Guide Figure 5-2 Basic Service set 5.1.3 ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). An ESSID (ESS IDentification) uniquely identifies each ESS.
ZyAIR B-500 Wireless Access Point User’s Guide Figure 5-3 Extended Service Set 5.2 Wireless LAN Basics Refer also to the chapter on wizard setup for more background information on Wireless LAN features, such as channels. 5.2.1 RTS/CTS A hidden node occurs when two stations are within range of the same access point, but are not within range of each other. The following figure illustrates a hidden node.
ZyAIR B-500 Wireless Access Point User’s Guide Figure 5-4 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations. RTS/CTS is designed to prevent collisions due to hidden nodes.
ZyAIR B-500 Wireless Access Point User’s Guide If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. 5.3 Preamble Type A preamble is used to synchronize the transmission timing in your wireless network. There are two preamble modes: long and short.
ZyAIR B-500 Wireless Access Point User’s Guide Figure 5-5 Wireless The following table describes the general wireless LAN labels in this screen. Table 5-1 Wireless LABEL ESSID DESCRIPTION (Extended Service Set IDentity) The ESSID identifies the Service Set with which a wireless station is associated. Wireless stations associating to the access point (AP) must have the same ESSID. Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN.
ZyAIR B-500 Wireless Access Point User’s Guide Table 5-1 Wireless LABEL DESCRIPTION Hide ESSID Select this check box to hide the ESSID in the outgoing beacon frame so a station cannot obtain the ESSID through passive scanning using a site survey tool. Choose Channel ID Set the operating frequency/channel depending on your particular region. To manually set the ZyAIR to use a channel, select a channel from the drop-down list box.
ZyAIR B-500 Wireless Access Point User’s Guide 5.5 Configuring Roaming A wireless station is a device with an IEEE 802.11b compliant wireless adapters. An access point (AP) acts as a bridge between the wireless and wired networks. An AP creates its own wireless coverage area. A wireless station can associate with a particular access point only if it is within the access point’s coverage area.
ZyAIR B-500 Wireless Access Point User’s Guide Figure 5-6 Roaming Example The steps below describe the roaming process. Step 1. As wireless station Y moves from the coverage area of access point AP 1 to that of access point AP 2, it scans and uses the signal of access point AP 2. Step 2. Access point AP 2 acknowledges the presence of wireless station Y and relays this information to access point AP 1 through the wired LAN. Step 3. Access point AP 1 updates the new position of wireless station. Step 4.
ZyAIR B-500 Wireless Access Point User’s Guide 5. The access points must be connected to the Ethernet and be able to get IP addresses from a DHCP server if using dynamic IP address assignment. To enable roaming on your ZyAIR, click the WIRELESS link under ADVANCED and then the Roaming tab. The screen appears as shown. Figure 5-7 Roaming The following table describes the labels in this screen.
ZyAIR B-500 Wireless Access Point User’s Guide Chapter 6 Wireless Security This chapter describes how to use the MAC Filter, 802.1x, Local User Database and RADIUS to configure wireless security on your ZyAIR. 6.1 Wireless Security Overview Wireless security is vital to your network to protect wireless communication between wireless stations, access points and the wired network. The figure below shows the possible wireless security levels on your ZyAIR.
ZyAIR B-500 Wireless Access Point User’s Guide Figure 6-2 Wireless The following table describes the wireless LAN security label in this screen. Table 6-1 Wireless LABEL Security 6-2 DESCRIPTION Choose from one of the security features listed in the drop-down box. • No Security • Static WEP • WPA-PSK • WPA • 802.1x + Dynamic WEP • 802.1x + Static WEP • 802.
ZyAIR B-500 Wireless Access Point User’s Guide 6.2 Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. You enter manual keys by first selecting 64-bit WEP or 128-bit WEP from the WEP Encryption field and then typing the keys (in ASCII or hexadecimal format) in the key text boxes. MAC address filters are not dependent on how you configure these security features.
ZyAIR B-500 Wireless Access Point User’s Guide 6.3.2 Authentication Three different methods can be used to authenticate wireless stations to the network: Open System, Shared Key, and Auto. The following figure illustrates the steps involved. Figure 6-3 WEP Authentication Steps Open system authentication involves an unencrypted two-message procedure.
ZyAIR B-500 Wireless Access Point User’s Guide When your ZyAIR's authentication method is set to open system, it will only accept open system authentication requests. The same is true for shared key authentication. However, when it is set to auto authentication, the ZyAIR will accept either type of authentication request and the ZyAIR will fall back to use open authentication if the shared key does not match. 6.
ZyAIR B-500 Wireless Access Point User’s Guide Figure 6-4 Wireless: Static WEP The following table describes the wireless LAN security labels in this screen.
ZyAIR B-500 Wireless Access Point User’s Guide Table 6-3 Wireless: Static WEP LABEL DESCRIPTION Security Select Static WEP from the drop-down list. WEP Encryption Select 64-bit WEP or 128-bit WEP to enable data encryption. Authentication Method Select Auto, Open System or Shared Key from the drop-down list box. If WEP encryption is activated, the default setting is Auto. ASCII Select this option to enter ASCII characters as the WEP keys.
ZyAIR B-500 Wireless Access Point User’s Guide 6.5.2 Encryption WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and distributed by the authentication server. It includes a per-packet key mixing function, a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism.
ZyAIR B-500 Wireless Access Point User’s Guide Figure 6-5 WPA - PSK Authentication 6.7 Configuring WPA-PSK Authentication In order to configure and enable WPA-PSK Authentication; click the WIRELESS link under ADVANCED to display the Wireless screen. Select WPA-PSK from the Security list.
ZyAIR B-500 Wireless Access Point User’s Guide Figure 6-6 Wireless: WPA-PSK The following table describes the wireless LAN security labels in this screen. Table 6-4 Wireless: WPA-PSK LABEL Security 6-10 DESCRIPTION Select WPA-PSK from the drop-down list.
ZyAIR B-500 Wireless Access Point User’s Guide Table 6-4 Wireless: WPA-PSK LABEL DESCRIPTION Pre-Shared Key The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference between the two is that WPA-PSK uses a simple common password, instead of user-specific credentials. Type a pre-shared key from 8 to 63 case-sensitive ASCII characters (including spaces and symbols).
ZyAIR B-500 Wireless Access Point User’s Guide 6.9 WPA with RADIUS Application Example You need the IP address of the RADIUS server, its port number (default is 1812), and the RADIUS shared secret. A WPA application example with an external RADIUS server looks as follows. “A” is the RADIUS server. “DS” is the distribution system. Step 1. The AP passes the wireless client’s authentication request to the RADIUS server. Step 2.
ZyAIR B-500 Wireless Access Point User’s Guide Figure 6-8 Wireless: WPA The following table describes the wireless LAN security labels in this screen. Table 6-5 Wireless: WPA LABEL Security Wireless Security DESCRIPTION Select WPA from the drop-down list.
ZyAIR B-500 Wireless Access Point User’s Guide Table 6-5 Wireless: WPA LABEL ReAuthentication Timer (in seconds) DESCRIPTION Specify how often wireless stations have to reenter usernames and passwords in order to stay connected. Enter a time interval between 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes). If wireless station authentication is done using a RADIUS server, the reauthentication timer on the RADIUS server has priority.
ZyAIR B-500 Wireless Access Point User’s Guide • EAP-TTLS • PEAP EAP-MD5 cannot be used with Dynamic WEP Key Exchange. 6.13 Configuring 802.1x and Dynamic WEP Key Exchange In order to configure and enable 802.1x and Dynamic WEP Key Exchange; click the WIRELESS link under ADVANCED to display the Wireless screen. Select 802.1x + Dynamic WEP from the Security list. Figure 6-9 Wireless: 802.1x and Dynamic WEP The following table describes the wireless LAN security labels in this screen.
ZyAIR B-500 Wireless Access Point User’s Guide Table 6-6 Wireless: 802.1x and Dynamic WEP LABEL DESCRIPTION Security Select 802.1x + Dynamic WEP from the drop-down list. ReAuthentication Timer (in seconds) Specify how often wireless stations have to reenter usernames and passwords in order to stay connected. Enter a time interval between 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes).
ZyAIR B-500 Wireless Access Point User’s Guide Figure 6-10 Wireless: 802.1x + Static WEP The following table describes the wireless LAN security labels in this screen.
ZyAIR B-500 Wireless Access Point User’s Guide Table 6-7 Wireless: 802.1x + Static WEP LABEL DESCRIPTION Security Select 802.1x + Static WEP from the drop-down list. WEP Encryption Select 64-bit WEP or 128-bit WEP to enable data encryption. Authentication Method Select Auto, Open System or Shared Key from the drop-down list box. If WEP encryption is activated, the default setting is Auto. ASCII Select this option to enter ASCII characters as the WEP keys.
ZyAIR B-500 Wireless Access Point User’s Guide Table 6-7 Wireless: 802.1x + Static WEP LABEL Authentication Databases DESCRIPTION The authentication database contains wireless station login information. The local user database is the built-in database on the ZyAIR. The RADIUS is an external server. Use this drop-down list box to select which database the ZyAIR should use (first) to authenticate a wireless station.
ZyAIR B-500 Wireless Access Point User’s Guide Figure 6-11 Wireless: 802.1x + No WEP The following table describes the wireless LAN security labels in this screen. Table 6-8 Wireless: 802.1x + No WEP LABEL Security 6-20 DESCRIPTION Select 802.1x from the drop-down list.
ZyAIR B-500 Wireless Access Point User’s Guide Table 6-8 Wireless: 802.1x + No WEP LABEL DESCRIPTION ReAuthentication Timer (in Seconds) Specify how often wireless stations have to reenter usernames and passwords in order to stay connected. This field is activated only when you select Authentication Required in the Wireless Port Control field. Enter a time interval between 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes).
ZyAIR B-500 Wireless Access Point User’s Guide Once you enable user authentication, you need to specify an external RADIUS server or create local user accounts on the ZyAIR for authentication. 6.16 MAC Filter The MAC filter screen allows you to configure the ZyAIR to give exclusive access to up to 32 devices (Allow Association) or exclude up to 32 devices from accessing the ZyAIR (Deny Association). Every Ethernet device has a unique MAC (Media Access Control) address.
ZyAIR B-500 Wireless Access Point User’s Guide Figure 6-12 MAC Address Filter The following table describes the labels in this screen.
ZyAIR B-500 Wireless Access Point User’s Guide Table 6-9 MAC Address Filter LABEL DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering. Filter Action Define the filter action for the list of MAC addresses in the MAC address filter table. Select Deny Association to block access to the ZyAIR, MAC addresses not listed will be allowed to access the ZyAIR. Select Allow Association to permit access to the ZyAIR, MAC addresses not listed will be denied access to the ZyAIR.
ZyAIR B-500 Wireless Access Point User’s Guide • Access-Accept Sent by a RADIUS server allowing access. • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access-Request message. The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting: • Accounting-Request Sent by the access point requesting accounting.
ZyAIR B-500 Wireless Access Point User’s Guide The details below provide a general description of how IEEE 802.1x EAP authentication works. For an example list of EAP-MD5 authentication steps, see the IEEE 802.1x appendix. • The wireless station sends a “start” message to the ZyAIR. • The ZyAIR sends a “request identity” message to the wireless station for identity information. • The wireless station replies with identity information, including username and password.
ZyAIR B-500 Wireless Access Point User’s Guide Figure 6-14 Local User Database Wireless Security 6-27
ZyAIR B-500 Wireless Access Point User’s Guide The following table describes the labels in this screen. Table 6-10 Local User Database LABEL DESCRIPTION Active Select this check box to activate the user profile. User Name Enter the username (up to 31 characters) for this user profile. Password Type a password (up to 31 characters) for this user profile. Note that as you type a password, the screen displays a (*) for each character you type. Apply Click Apply to save your changes back to the ZyAIR.
ZyAIR B-500 Wireless Access Point User’s Guide Figure 6-15 RADIUS The following table describes the labels in this screen. Table 6-11 RADIUS LABEL DESCRIPTION Authentication Server Active Server IP Address Wireless Security Select Yes from the drop-down list box to enable user authentication through an external authentication server. Select No to enable user authentication using the local user profile on the ZyAIR. Enter the IP address of the external authentication server in dotted decimal notation.
ZyAIR B-500 Wireless Access Point User’s Guide Table 6-11 RADIUS LABEL DESCRIPTION Port Number Shared Secret Enter the port number of the external authentication server. The default port number is 1812. You need not change this value unless your network administrator instructs you to do so with additional information. Enter a password (up to 31 alphanumeric characters) as the key to be shared between the external authentication server and the ZyAIR.
ZyAIR B-500 Wireless Access Point User’s Guide Chapter 7 IP Screen This chapter discusses how to configure IP on the ZyAIR 7.1 Factory Ethernet Defaults The Ethernet parameters of the ZyAIR are preset in the factory with the following values: • IP address of 192.168.1.2 • Subnet mask of 255.255.255.0 (24 bits) These parameters should work for the majority of installations. 7.2 TCP/IP Parameters 7.2.
ZyAIR B-500 Wireless Access Point User’s Guide The following table describes the labels in this screen. Table 7-1 IP Setup LABEL DESCRIPTION IP Address Assignment Get automatically from DHCP Select this option if your ZyAIR is using a dynamically assigned IP address from a DHCP server each time. You must know the IP address assigned to the ZyAIR (by the DHCP server) to access the ZyAIR again. Use fixed IP address IP Address Select this option if your ZyAIR is using a static IP address.
Logs Part III: LOGS This part provides information and configuration instructions for the logs.
ZyAIR B-500 Wireless Access Point User’s Guide Chapter 8 Logs Screens This chapter contains information about configuring general log settings and viewing the ZyAIR’s logs. Refer to the appendix for example log message explanations. 8.1 Configuring View Log The web configurator allows you to look at all of the ZyAIR’s logs in one location. Click LOGS to open the View Log screen. Use the View Log screen to see the logs for the categories that you selected in the Log Settings screen (see section 8.2).
ZyAIR B-500 Wireless Access Point User’s Guide The following table describes the labels in this screen. Table 8-1 View Log LABEL DESCRIPTION Display Select a log category from the drop down list box to display logs within the selected category. To view all logs, select All Logs. The number of categories shown in the drop down list box depends on the selection in the Log Settings page. Time This field displays the time the log was recorded. Message This field states the reason for the log.
ZyAIR B-500 Wireless Access Point User’s Guide Figure 8-2 Log Settings The following table describes the labels in this screen.
ZyAIR B-500 Wireless Access Point User’s Guide Table 8-2 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and alert messages will not be sent via e-mail. Mail Subject Type a title that you want to be in the subject line of the log e-mail message that the ZyAIR sends. Send log to Logs are sent to the e-mail address specified in this field.
ZyAIR B-500 Wireless Access Point User’s Guide Table 8-2 Log Settings LABEL DESCRIPTION Clear log after sanding mail Select the check box to clear all logs after logs and alert messages are sent via email. Log Select the categories of logs that you want to record. Send Immediate Alert Select the categories of alerts for which you want the ZyAIR to immediately send e-mail alerts. Apply Click Apply to save your customized settings and exit this screen.
Maintenance Part IV: MAINTENANCE This part describes the Maintenance web configurator screens.
ZyAIR B-500 Wireless Access Point User’s Guide Chapter 9 Maintenance This chapter describes the Maintenance screens that display system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 9.1 Maintenance Overview The maintenance screens can help you view system information, upload new firmware, manage configuration and restart your ZyAIR. 9.2 System Status Screen Click MAINTENANCE to display the screen, where you can use to monitor your ZyAIR.
ZyAIR B-500 Wireless Access Point User’s Guide Table 9-1 System Status LABEL DESCRIPTION ZyNOS Firmware Version IP Address IP Subnet Mask DHCP Show Statistics This is the ZyNOS Firmware version and the date created. ZyNOS is ZyXEL's proprietary Network Operating System design. This is the Ethernet port IP address. This is the Ethernet port subnet mask. This is the Ethernet port DHCP role - Client or None.
ZyAIR B-500 Wireless Access Point User’s Guide Table 9-2 System Status: Show Statistics LABEL DESCRIPTION Status This shows the port speed and duplex setting if you are using Ethernet encapsulation for the Ethernet port. This shows the transmission speed only for wireless port. TxPkts This is the number of transmitted packets on this port. RxPkts This is the number of received packets on this port. Collisions This is the number of collisions on this port.
ZyAIR B-500 Wireless Access Point User’s Guide Figure 9-3 Association List The following table describes the labels in this screen. Table 9-3 Association List LABEL DESCRIPTION # This is the index number of an associated wireless station. MAC Address This field displays the MAC address of an associated wireless station. Association Time This field displays the time a wireless station first associated with the ZyAIR. Refresh Click Refresh to reload the screen. 9.
ZyAIR B-500 Wireless Access Point User’s Guide Figure 9-4 Channel Usage The following table describes the labels in this screen. Table 9-4 Channel Usage LABEL DESCRIPTION SSID This is the Service Set IDentification name of the AP in an Infrastructure wireless network or wireless station in an Ad-Hoc wireless network. For our purposes, we define an Infrastructure network as a wireless network that uses an AP and an Ad-Hoc network (also known as Independent Basic Service Set (IBSS)) as one that doesn’t.
ZyAIR B-500 Wireless Access Point User’s Guide Table 9-4 Channel Usage LABEL DESCRIPTION Signal This field displays the strength of the AP’s signal. If you must choose a channel that’s currently in use, choose one with low signal strength for minimum interference. Network Mode “Network mode” in this screen refers to your wireless LAN infrastructure (refer to the Wireless LAN chapter) and WEP setup.
ZyAIR B-500 Wireless Access Point User’s Guide Table 9-5 Firmware Upload LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse... Click Browse... to find the .bin file you want to upload. Remember that you must decompress compressed (.zip) files before you can upload them. Upload Click Upload to begin the upload process. This process may take up to two minutes.
ZyAIR B-500 Wireless Access Point User’s Guide If the upload was not successful, the following screen will appear. Click Return to go back to the F/W Upload screen. Figure 9-8 Firmware Upload Error 9.6 Configuration Screen See the Firmware and Configuration File Maintenance chapter for transferring configuration files using FTP/TFTP commands. Click MAINTENANCE, and then the Configuration tab.
ZyAIR B-500 Wireless Access Point User’s Guide Figure 9-9 Configuration 9.6.1 Backup Configuration Backup configuration allows you to back up (save) the ZyAIR’s current configuration to a file on your computer.
ZyAIR B-500 Wireless Access Point User’s Guide up your configuration file before making configuration changes. The backup configuration file will be useful in case you need to return to your previous settings. Click Backup to save the ZyAIR’s current configuration to your computer. 9.6.2 Restore Configuration Restore configuration allows you to upload a new or previously saved configuration file from your computer to your ZyAIR.
ZyAIR B-500 Wireless Access Point User’s Guide Figure 9-11 Network Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default ZyAIR IP address (192.168.1.2). See your Quick Installation Guide for details on how to set up your computer’s IP address. If the upload was not successful, the following screen will appear. Click Return to go back to the Configuration screen.
ZyAIR B-500 Wireless Access Point User’s Guide Figure 9-13 Reset Warning Message You can also press the RESET button on the top panel to reset the factory defaults of your ZyAIR. Refer to the section on resetting the ZyAIR for more information on the RESET button. 9.7 Restart Screen System restart allows you to reboot the ZyAIR without turning the power off. Click MAINTENANCE, and then Restart. Click Restart to have the ZyAIR reboot. This does not affect the ZyAIR's configuration.
SMT Configuration Part V: SMT CONFIGURATION This part contains SMT (System Management Terminal) configuration and background information for features only configurable by SMT. See the web configurator parts of this guide for background information on features configurable by web configurator and SMT.
ZyAIR B-500 Wireless Access Point User’s Guide Chapter 10 Introducing the SMT This chapter describes how to access the SMT and provides an overview of its menus. 10.1 Connect to your ZyAIR Using Telnet The following procedure details how to telnet into your ZyAIR. Step 1. In Windows, click Start (usually in the bottom left corner), Run and then type “telnet 192.168.1.2” (the default IP address) and click OK. Step 2. For your first login, enter the default password “1234”.
ZyAIR B-500 Wireless Access Point User’s Guide Menu 23.1 – System Security – Change Password Old Password= **** New Password= ? Retype to confirm= ? Enter here to CONFIRM or ESC to CANCEL: Figure 10-2 Menu 23.1 System Security : Change Password Step 4. Type your new system password in the New Password field (up to 30 characters), and press [ENTER]. Step 5. Re-type your new system password in the Retype to confirm field for confirmation and press [ENTER].
ZyAIR B-500 Wireless Access Point User’s Guide ZyAIR B-500 Main Menu Menu 3.5.1 WLAN MAC Address Filter Menu 22 SNMP Configuration Menu 3 LAN Setup Menu 14 Dial-in User Setup Menu 3.2 TCP/IP Setup Menu14.1 Edit Dial-in User Menu 23.1 System SecurityChange Password Menu 3.5 Wireless LAN Setup Menu 3.5.2 Roaming Configuration Menu 23.2 System SecurityRADIUS Server Menu 1 General Setup Menu 23 System Security Menu 23.4 System SecurityIEEE802.1x Menu 24.5 Backup Configuration Menu 24.
ZyAIR B-500 Wireless Access Point User’s Guide 10.4 Navigating the SMT Interface The SMT (System Management Terminal) is the interface that you use to configure your ZyAIR. Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below. Table 10-1 Main Menu Commands OPERATION KEYSTROKE DESCRIPTION Move down to another menu [ENTER] To move forward to a submenu, type in the number of the desired submenu and press [ENTER].
ZyAIR B-500 Wireless Access Point User’s Guide Copyright (c) 1994 - 2004 ZyXEL Communications Corp. ZyAIR B-500 Main Menu Getting Started 1. General Setup 3. LAN Setup Advanced Management 22. SNMP Configuration 23. System Security 24. System Maintenance Advanced Applications 14. Dial-in User Setup 99. Exit Enter Menu Selection Number: Figure 10-4 ZyAIR B-500 SMT Main Menu 10.4.
ZyAIR B-500 Wireless Access Point User’s Guide Chapter 11 General Setup The chapter shows you the information on general setup. 11.1 General Setup Menu 1 – General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. It is recommended you type your computer's "Computer name". The Domain Name entry is what is propagated to the DHCP clients on the LAN. This is not a required field.
ZyAIR B-500 Wireless Access Point User’s Guide Table 11-1 Menu 1 General Setup FIELD DESCRIPTION EXAMPLE System Name Choose a descriptive name for identification purposes. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes “-” and underscores "_" are accepted. B-500 Domain Name This is not a required field. Leave this field blank or enter the domain name here if you know it.
ZyAIR B-500 Wireless Access Point User’s Guide Chapter 12 LAN Setup This chapter shows you how to configure the LAN on your ZyAIR.. 12.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 – LAN Setup. From the main menu, enter 3 to display menu 3. Menu 3 - LAN Setup 2. TCP/IP Setup 5. Wireless LAN Setup Enter Menu Selection Number: Figure 12-1 Menu 3 LAN Setup 12.2 TCP/IP Ethernet Setup Use menu 3.2 to configure your ZyAIR for TCP/IP. To edit menu 3.
ZyAIR B-500 Wireless Access Point User’s Guide Table 12-1 Menu 3.2 TCP/IP Setup FIELD IP Address Assignment DESCRIPTION EXAMPLE Press [SPACE BAR] and then [ENTER] to select Dynamic to have the ZyAIR obtain an IP address from a DHCP server. You must know the IP address assigned to the ZyAIR (by the DHCP server) to access the ZyAIR again. Select Static to give the ZyAIR a fixed, unique IP address. Enter a subnet mask appropriate to your network and the gateway IP address if applicable.
ZyAIR B-500 Wireless Access Point User’s Guide Menu 3.5 - Wireless LAN Setup ESSID= Wireless Hide ESSID= No Channel ID= CH06 2437MHz RTS Threshold= 2432 Frag. Threshold= 2432 WEP Encryption= 64-bit WEP Default Key= 1 Key1= ******** Key2= ******** Key3= ******** Key4= ******** Authen.
ZyAIR B-500 Wireless Access Point User’s Guide Table 12-2 Menu 3.5 Wireless LAN Setup FIELD Default Key DESCRIPTION EXMAPLE Enter the key number (1 to 4) in this field. Only one key can be enabled at any one time. This key must be the same on the ZyAIR and the wireless stations to communicate. 1 Key 1 to Key 4 The WEP keys are used to encrypt data. Both the ZyAIR and the wireless stations must use the same WEP key for data transmission.
ZyAIR B-500 Wireless Access Point User’s Guide Table 12-2 Menu 3.5 Wireless LAN Setup FIELD DESCRIPTION EXMAPLE When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen. 12.3.1 Configuring MAC Address Filter Your ZyAIR checks the MAC address of the wireless station device against a list of allowed or denied MAC addresses.
ZyAIR B-500 Wireless Access Point User’s Guide Menu 3.5.
ZyAIR B-500 Wireless Access Point User’s Guide 12.3.2 Configuring Roaming Enable the roaming feature if you have two or more ZyAIRs on the same subnet. Follow the steps below to allow roaming on your ZyAIR. Step 1. From the main menu, enter 3 to display Menu 3 – LAN Setup. Step 2. Enter 5 to display Menu 3.5 – Wireless LAN Setup. Menu 3.5 - Wireless LAN Setup ESSID= Wireless Hide ESSID= No Channel ID= CH06 2437MHz RTS Threshold= 2432 Frag.
ZyAIR B-500 Wireless Access Point User’s Guide Table 12-4 Menu 3.5.2 Roaming Configuration FIELD DESCRIPTION Active Press [SPACE BAR] and then [ENTER] to select Yes to enable roaming on the ZyAIR if you have two or more ZyAIRs on the same subnet. Port # Type the port number to communicate roaming information between access points. The port number must be the same on all access points. The default is 16290. Make sure this port is not used by other services.
ZyAIR B-500 Wireless Access Point User’s Guide Chapter 13 Dial-in User Setup This chapter shows you how to create user accounts on the ZyAIR. 13.1 Dial-in User Setup By storing user profiles locally, your ZyAIR is able to authenticate wireless users without interacting with a network RADIUS server. Follow the steps below to set up user profiles on your ZyAIR. Step 1. From the main menu, enter 14 to display Menu 14 - Dial-in User Setup. Menu 14 - Dial-in User Setup 1. 2. 3. 4. 5. 6. 7. 8.
ZyAIR B-500 Wireless Access Point User’s Guide Table 13-1 Menu 14.1- Edit Dial-in User FIELD User Name DESCRIPTION Enter a username up to 31 alphanumeric characters long for this user profile. This field is case sensitive. Active Press [SPACE BAR] to select Yes and press [ENTER] to enable the user profile. Password Enter a password up to 31 characters long for this user profile.
ZyAIR B-500 Wireless Access Point User’s Guide Chapter 14 SNMP Configuration This chapter explains SNMP Configuration menu 22. 14.1 About SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your ZyAIR supports SNMP agent functionality, which allows a manager station to manage and monitor the ZyAIR through the network. The ZyAIR supports SNMP version one (SNMPv1) and version two c (SNMPv2c).
ZyAIR B-500 Wireless Access Point User’s Guide An agent is a management software module that resides in a managed device (the ZyAIR). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions. It executes applications that control and monitor managed devices.
ZyAIR B-500 Wireless Access Point User’s Guide Menu 22 - SNMP Configuration SNMP: Get Community= public Set Community= public Trusted Host= 0.0.0.0 Trap: Community= public Destination= 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: Figure 14-2 Menu 22 SNMP Configuration The following table describes the SNMP configuration parameters.
ZyAIR B-500 Wireless Access Point User’s Guide Table 14-2 SNMP Traps TRAP # TRAP NAME DESCRIPTION 1 coldStart (defined in RFC-1215) A trap is sent after booting (power on). 2 warmStart (defined in RFC-1215) A trap is sent after booting (software reboot). 3 linkUp (defined in RFC-1215) A trap is sent when the port is up. 4 authenticationFailure (defined in RFC-1215) A trap is sent to the manager when receiving any SNMP get or set requirements with wrong community (password).
ZyAIR B-500 Wireless Access Point User’s Guide Chapter 15 System Security This chapter describes how to configure the system security on the ZyAIR. 15.1 System Security You can configure the system password, an external RADIUS server and 802.1x in this menu. 15.1.1 System Password Menu 23 - System Security 1. Change Password 2. RADIUS Server 4. IEEE802.1x Figure 15-1 Menu 23 System Security You should change the default password.
ZyAIR B-500 Wireless Access Point User’s Guide Menu 23.2 - System Security - RADIUS Server Authentication Server: Active= No Server Address= 10.11.12.13 Port #= 1812 Shared Secret= ? Accounting Server: Active= No Server Address= 10.11.12.13 Port #= 1813 Shared Secret= ? Press ENTER to Confirm or ESC to Cancel: Figure 15-3 Menu 23.2 System Security : RADIUS Server The following table describes the fields in this menu. Table 15-1 Menu 23.
ZyAIR B-500 Wireless Access Point User’s Guide Table 15-1 Menu 23.2 System Security : RADIUS Server FIELD DESCRIPTION Port The default port of the RADIUS server for accounting is 1813. EXAMPLE 1813 You need not change this value unless your network administrator instructs you to do so with additional information. Shared Secret Specify a password (up to 31 alphanumeric characters) as the key to be shared between the external accounting server and the access points. The key is not sent over the network.
ZyAIR B-500 Wireless Access Point User’s Guide Menu 23.4 - System Security - IEEE802.1x Wireless Port Control= Authentication Required ReAuthentication Timer (in second)= 1800 Idle Timeout (in second)= 3600 Key Management Protocol= 802.1x Dynamic WEP Key Exchange= Disable PSK = N/A Data Privacy for Broadcast/Multicast packets= N/A WPA Broadcast/Multicast Key Update Timer= N/A Authentication Databases= Local User Database Only Press ENTER to Confirm or ESC to Cancel: Figure 15-5 Menu 23.
ZyAIR B-500 Wireless Access Point User’s Guide Table 15-2 Menu 23.4 System Security : IEEE802.1x FIELD Idle Timeout DESCRIPTION The ZyAIR automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the username and password again before access to the wired network is allowed. This field is activated only when you select Authentication Required in the Wireless Port Control field. The default time interval is 3600 seconds (or 1 hour).
ZyAIR B-500 Wireless Access Point User’s Guide Table 15-2 Menu 23.4 System Security : IEEE802.1x FIELD Authentication Databases DESCRIPTION The authentication database contains wireless station login information. The local user database is the built-in database on the ZyAIR. The RADIUS is an external server. Use this field to decide which database the ZyAIR should use (first) to authenticate a wireless station.
ZyAIR B-500 Wireless Access Point User’s Guide Chapter 16 System Information and Diagnosis This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. 16.1 Overview These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software. This chapter describes how to use these tools in detail. Type 24 in the main menu and press [ENTER] to open Menu 24 – System Maintenance, as shown in the following figure.
ZyAIR B-500 Wireless Access Point User’s Guide The following table describes the fields present in Menu 24.1 – System Maintenance – Status which are read-only and meant for diagnostic purposes. Port ETH WLAN Port ETH WLAN Status 100M/Full 16.5M Menu 24.1 - System Maintenance - Status 00:15:56 Sat. Jan. 01, 2000 TxPkts 422 123 Rx B/s 128 0 Ethernet Address 00:A0:C5:00:00:04 00:A0:C5:00:00:04 System up Time: RxPkts 558 0 IP Address 192.168.1.2 Cols 0 0 Tx B/s 273 0 IP Mask 255.255.255.
ZyAIR B-500 Wireless Access Point User’s Guide Table 16-1 Menu 24.1 System Maintenance : Status FIELD System Up Time DESCRIPTION This is the time the ZyAIR is up and running from the last reboot. 16.3 System Information To get to the System Information: Step 1. Enter 24 to display Menu 24 – System Maintenance. Step 2. Enter 2 to display Menu 24.2 – System Information and Console Port Speed. Step 3. From this menu you have two choices as shown in the next figure: Menu 24.
ZyAIR B-500 Wireless Access Point User’s Guide The following table describes the fields in this menu. Table 16-2 Menu 24.2.1 System Maintenance : Information FIELD DESCRIPTION Name Displays the system name of your ZyAIR. This information can be changed in Menu 1 – General Setup. Routing Refers to the routing protocol used. ZyNOS F/W Version Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation.
ZyAIR B-500 Wireless Access Point User’s Guide 16.4 Log and Trace Your ZyAIR provides the error logs and trace records that are stored locally. 16.4.1 Viewing Error Log The first place you should look for clues when something goes wrong is the error log. Follow the procedures to view the local error/trace log: Step 1. Type 24 in the main menu to display Menu 24 – System Maintenance. Step 2. From menu 24, type 3 to display Menu 24.3 – System Maintenance – Log and Trace. Menu 24.
ZyAIR B-500 Wireless Access Point User’s Guide Menu 24.4 - System Maintenance – Diagnostic TCP/IP 1. Ping Host 2. DHCP Release 3. DHCP Renewal System 11. Reboot System Enter Menu Selection Number: Host IP Address= N/A Figure 16-8 Menu 24.4 System Maintenance : Diagnostic Follow the procedure next to get to display this menu: Step 1. From the main menu, type 24 to open Menu 24 – System Maintenance. Step 2. From this menu, type 4. Diagnostic to open Menu 24.4 – System Maintenance – Diagnostic.
ZyAIR B-500 Wireless Access Point User’s Guide Chapter 17 Firmware and Configuration File Maintenance This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files using the SMT screens. 17.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password and TCP/IP Setup, etc. It arrives from ZyXEL with a rom filename extension.
ZyAIR B-500 Wireless Access Point User’s Guide Table 17-1 Filename Conventions FILE TYPE INTERNAL NAME EXTERNAL NAME DESCRIPTION Configuration File Rom-0 *.rom This is the configuration filename on the ZyAIR. Uploading the rom-0 file replaces the entire ROM file system, including your ZyAIR configurations, system-related data (including the default password), the error log and the trace log. Firmware Ras *.bin This is the generic name for the ZyNOS firmware on the ZyAIR. 17.
ZyAIR B-500 Wireless Access Point User’s Guide 17.2.2 Using the FTP command from the DOS Prompt Step 1. Launch the FTP client on your computer. Step 2. Enter “open” and the IP address of your ZyAIR. Step 3. Press [ENTER] when prompted for a username. Step 4. Enter “root” and your SMT password as requested. The default is 1234. Step 5. Enter “bin” to set transfer mode to binary. Step 6. Use “get” to transfer files from the ZyAIR to the computer, for example, “get rom-0 config.
ZyAIR B-500 Wireless Access Point User’s Guide Table 17-2 General Commands for Third Party FTP Clients COMMAND DESCRIPTION Initial Remote Directory Specify the default remote directory (path). Initial Local Directory Specify the default local directory (path). 17.2.3 Backup Configuration Using TFTP The ZyAIR supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended.
ZyAIR B-500 Wireless Access Point User’s Guide where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the ZyAIR IP address, “get” transfers the file source on the ZyAIR (rom-0 name of the configuration file on the ZyAIR) to the file destination on the computer and renames it config.rom. The following table describes some of the fields that you may see in third party TFTP clients.
ZyAIR B-500 Wireless Access Point User’s Guide Menu 24.6 – Restore Configuration To transfer the firmware and the configuration file, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your router. Then type "root" and SMT password as requested. 3. Type “put backupfilename rom-0” where backupfilename is the name of your backup configuration file on your workstation and rom-spt is the Remote file name on the router.
ZyAIR B-500 Wireless Access Point User’s Guide 17.4.1 Firmware Upload FTP is the preferred method for uploading the firmware and configuration. To use this feature, your computer must have an FTP client. When you telnet into the ZyAIR, you will see the following screens for uploading firmware and the configuration file using FTP. Menu 24.7.1 - System Maintenance - Upload System Firmware To upload the system firmware, follow the procedure below: 1. Launch the FTP client on your workstation. 2.
ZyAIR B-500 Wireless Access Point User’s Guide Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload the system configuration file, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your system. Then type "root" and SMT password as requested. 3.
ZyAIR B-500 Wireless Access Point User’s Guide 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> put firmware.bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 327680 bytes sent in 1.10Seconds 297.89Kbytes/sec. ftp> quit Figure 17-7 FTP Session Example More commands that you may find in third party FTP clients, are listed earlier in this chapter. 17.4.
ZyAIR B-500 Wireless Access Point User’s Guide 17.4.5 Example: TFTP Command The following is an example TFTP command: TFTP [-i] host put firmware.bin ras where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the ZyAIR’s IP address, “put” transfers the file source on the computer (firmware.bin – name of the firmware on the computer) to the file destination on the remote host (ras - name of the firmware on the ZyAIR).
ZyAIR B-500 Wireless Access Point User’s Guide Chapter 18 System Maintenance and Information This chapter leads you through SMT menus 24.8 and 24.10. 18.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the main system firmware. The CI provides much of the same functionality as the SMT, while adding some low-level setup and diagnostic functions. Enter the CI from the SMT by selecting menu 24.8. See the included disk or the zyxel.com web site for more detailed information on CI commands.
ZyAIR B-500 Wireless Access Point User’s Guide 18.2 Time and Date Setting The ZyAIR keeps track of the time and date. There is also a software mechanism to set the time manually or get the current time and date from an external server when you turn on your ZyAIR. Menu 24.10 allows you to update the time and date settings of your ZyAIR. The real time is then displayed in the ZyAIR error logs and firewall logs. Step 1. Select menu 24 in the main menu to open Menu 24 – System Maintenance. Step 2.
ZyAIR B-500 Wireless Access Point User’s Guide Table 18-1 Menu 24.10 System Maintenance : Time and Date Setting FIELD Time Protocol DESCRIPTION Enter the time service protocol that your time server sends when you turn on the ZyAIR. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works. The main differences between them are the format. Daytime (RFC 867) format is day/month/year/time zone of the server.
ZyAIR B-500 Wireless Access Point User’s Guide i. On leaving menu 24.10 after making changes. ii. When the ZyAIR starts up, if there is a time server configured in menu 24.10. iii. 24-hour intervals after starting.
Appendices Part VI: APPENDICES This part provides troubleshooting and background information about setting up your computer’s IP address, wireless LAN, 802.1x and IP subnetting. It also provides information on the command interpreter interface and logs.
ZyAIR B-500 Wireless Access Point User’s Guide Appendix A Troubleshooting This appendix covers potential problems and possible remedies. After each problem description, some instructions are provided to help you to diagnose and to solve the problem. Problems Starting Up the ZyAIR Chart A-1 Troubleshooting the Start-Up of Your ZyAIR PROBLEM CORRECTIVE ACTION None of the LEDs turn on when I plug in the power adaptor.
ZyAIR B-500 Wireless Access Point User’s Guide Chart A-2 Troubleshooting the Ethernet Interface PROBLEM I cannot ping any computer on the LAN. CORRECTIVE ACTION If the ETHN LED on the front panel is off, check the Ethernet cable connections between your ZyAIR and the Ethernet device. Check the Ethernet cable connections between the Ethernet device and the LAN computers. Check for faulty Ethernet cables. Make sure the LAN computer’s Ethernet adapter is installed and working properly.
ZyAIR B-500 Wireless Access Point User’s Guide Problems with the WLAN Interface Chart A-5 Troubleshooting the WLAN Interface PROBLEM CORRECTIVE ACTION Cannot access the ZyAIR from the WLAN. Make sure the wireless adapter on the wireless station is working properly. I cannot ping any computer on the WLAN. Make sure the wireless adapter on the wireless station(s) is working properly.
ZyAIR B-500 Wireless Access Point User’s Guide Appendix B Brute-Force Password Guessing Protection The following describes the commands for enabling, disabling and configuring the brute-force password guessing protection mechanism for the password. See the Command Interpreter appendix for information on the command structure. Chart B-1 Brute-Force Password Guessing Protection Commands COMMAND DESCRIPTION sys pwderrtm This command displays the brute-force guessing password protection settings.
ZyAIR B-500 Wireless Access Point User’s Guide Appendix C Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer. Windows 3.1 requires the purchase of a third-party TCP/IP application package.
ZyAIR B-500 Wireless Access Point User’s Guide If you need the adapter: a. In the Network window, click Add. b. Select Adapter and then click Add. c. Select the manufacturer and model of your network adapter and then click OK. If you need TCP/IP: a. In the Network window, click Add. b. Select Protocol and then click Add. c. Select Microsoft from the list of manufacturers. d. Select TCP/IP from the list of network protocols and then click OK. If you need Client for Microsoft Networks: a.
ZyAIR B-500 Wireless Access Point User’s Guide 1. Click the IP Address tab. -If your IP address is dynamic, select Obtain an IP address automatically. -If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields. 2. Click the DNS Configuration tab. -If you do not know your DNS information, select Disable DNS.
ZyAIR B-500 Wireless Access Point User’s Guide 3. Click the Gateway tab. -If you do not know your gateway’s IP address, remove previously installed gateways. -If you have a gateway IP address, type it in the New gateway field and click Add. 4. Click OK to save and close the TCP/IP Properties window. 5. Click OK to close the Network window. Insert the Windows CD if prompted. 6. Turn on your ZyAIR and restart your computer when prompted. Verifying Your Computer’s IP Address 1.
ZyAIR B-500 Wireless Access Point User’s Guide 1. For Windows XP, click start, Control Panel. In Windows 2000/NT, click Start, Settings, Control Panel. 2. For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Setting Up Your Computer’s IP Address 3. Right-click Local Area Connection and then click Properties.
ZyAIR B-500 Wireless Access Point User’s Guide 4. Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. 5. The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). -If you have a dynamic IP address click Obtain an IP address automatically. -If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. Click Advanced.
ZyAIR B-500 Wireless Access Point User’s Guide 6. -If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: -In the IP Settings tab, in IP addresses, click Add. -In TCP/IP Address, type an IP address in IP address and a subnet mask in Subnet mask, and then click Add. -Repeat the above two steps for each IP address you want to add.
ZyAIR B-500 Wireless Access Point User’s Guide 7. In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): -Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). -If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. 8.
ZyAIR B-500 Wireless Access Point User’s Guide 1. Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. 2. Select Ethernet built-in from the Connect via list. 3. For dynamically assigned settings, select Using DHCP Server from the Configure: list.
ZyAIR B-500 Wireless Access Point User’s Guide 4. For statically assigned settings, do the following: -From the Configure box, select Manually. -Type your IP address in the IP Address box. -Type your subnet mask in the Subnet mask box. -Type the IP address of your ZyAIR in the Router address box. 5. Close the TCP/IP Control Panel. 6. Click Save if prompted, to save changes to your configuration. 7. Turn on your ZyAIR and restart your computer (if prompted).
ZyAIR B-500 Wireless Access Point User’s Guide 2. Click Network in the icon bar. - Select Automatic from the Location list. - Select Built-in Ethernet from the Show list. - Click the TCP/IP tab. 3. For dynamically assigned settings, select Using DHCP from the Configure list. 4. For statically assigned settings, do the following: -From the Configure box, select Manually. -Type your IP address in the IP Address box. -Type your subnet mask in the Subnet mask box.
ZyAIR B-500 Wireless Access Point User’s Guide Appendix D Wireless LAN and IEEE 802.11 A wireless LAN (WLAN) provides a flexible data communications system that you can use to access various services (navigating the Internet, email, printer services, etc.) without the use of a cabled connection. In effect a wireless LAN environment provides you the freedom to stay connected to the network while roaming around in the coverage area. WLAN is not available on all models.
ZyAIR B-500 Wireless Access Point User’s Guide unlicensed ISM (Industrial, Scientific and Medical) band. The third method is infrared technology, using very high frequencies, just below visible light in the electromagnetic spectrum to carry data. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless nodes or stations (STA), which is called a Basic Service Set (BSS).
ZyAIR B-500 Wireless Access Point User’s Guide The Extended Service Set (ESS) shown in the next figure consists of a series of overlapping BSSs (each containing an Access Point) connected together by means of a Distribution System (DS). Although the DS could be any type of network, it is almost invariably an Ethernet LAN. Mobile nodes can roam between access points and seamless campus-wide coverage is possible. Diagram D-2 ESS Provides Campus-Wide Coverage Wireless LAN and IEEE 802.
ZyAIR B-500 Wireless Access Point User’s Guide Appendix E Wireless LAN With IEEE 802.1x As wireless networks become popular for both portable computing and corporate networks, security is now a priority. Security Flaws with IEEE 802.11 Wireless networks based on the original IEEE 802.11 have a poor reputation for safety. The IEEE 802.11b wireless access standard, first published in 1999, was based on the MAC address.
ZyAIR B-500 Wireless Access Point User’s Guide RADIUS Server Authentication Sequence The following figure depicts a typical wireless network with a remote RADIUS server for user authentication using EAPOL (EAP Over LAN). Client computer access authorized. Client computer access not authorized. Diagram E-1 Sequences for EAP MD5–Challenge Authentication E-2 Wireless LAN with IEEE 802.
ZyAIR B-500 Wireless Access Point User’s Guide Appendix F Types of EAP Authentication This appendix discusses the five popular EAP authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and LEAP. The type of authentication you use depends on the RADIUS server. Consult your network administrator for more information. EAP-MD5 (Message-Digest Algorithm 5) MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless station.
ZyAIR B-500 Wireless Access Point User’s Guide and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco. LEAP LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE802.1x. For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, a simple user name and password pair is more practical.
ZyAIR B-500 Wireless Access Point User’s Guide Appendix G IP Subnetting IP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1. IP addresses are categorized into different classes. The class of an address depends on the value of its first octet.
ZyAIR B-500 Wireless Access Point User’s Guide A class “A” address (24 host bits) can have 224 –2 hosts (approximately 16 million hosts). Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127. Similarly the first octet of a class “B” must begin with “10”, therefore the first octet of a class “B” address has a valid range of 128 to 191.
ZyAIR B-500 Wireless Access Point User’s Guide sequence of ones beginning from the left most bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits. Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet.
ZyAIR B-500 Wireless Access Point User’s Guide Divide the network 192.168.1.0 into two separate subnets by converting one of the host ID bits of the IP address to a network number bit. The “borrowed” host ID bit can be either “0” or “1” thus giving two subnets; 192.168.1.0 with mask 255.255.255.128 and 192.168.1.128 with mask 255.255.255.128. In the following charts, shaded/bolded last octet bit values indicate host ID bits “borrowed” to form network ID bits.
ZyAIR B-500 Wireless Access Point User’s Guide to an actual host for the first subnet is 192.168.1.1 and the highest is 192.168.1.126. Similarly the host ID range for the second subnet is 192.168.1.129 to 192.168.1.254. Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow” two host ID bits to give four possible combinations of 00, 01, 10 and 11.
ZyAIR B-500 Wireless Access Point User’s Guide Chart G-9 Subnet 3 NETWORK NUMBER Subnet Mask (Binary) LAST OCTET BIT VALUE 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.128 Lowest Host ID: 192.168.1.129 Broadcast Address: 192.168.1.191 Highest Host ID: 192.168.1.190 Chart G-10 Subnet 4 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 192 IP Address (Binary) 11000000.10101000.00000001. 11000000 Subnet Mask (Binary) 11111111.11111111.11111111.
ZyAIR B-500 Wireless Access Point User’s Guide The following table is a summary for class “C” subnet planning. Chart G-12 Class C Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 1 255.255.255.128 (/25) 2 126 2 255.255.255.192 (/26) 4 62 3 255.255.255.224 (/27) 8 30 4 255.255.255.240 (/28) 16 14 5 255.255.255.248 (/29) 32 6 6 255.255.255.252 (/30) 64 2 7 255.255.255.254 (/31) 128 1 Subnetting With Class A and Class B Networks.
ZyAIR B-500 Wireless Access Point User’s Guide Chart G-13 Class B Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 9 255.255.255.128 (/25) 512 126 10 255.255.255.192 (/26) 1024 62 11 255.255.255.224 (/27) 2048 30 12 255.255.255.240 (/28) 4096 14 13 255.255.255.248 (/29) 8192 6 14 255.255.255.252 (/30) 16384 2 15 255.255.255.
ZyAIR B-500 Wireless Access Point User’s Guide Appendix H Command Interpreter The following describes how to use the command interpreter. Enter 24 in the main menu to bring up the system maintenance menu. Enter 8 to go to Menu 24.8 - Command Interpreter Mode. See the included disk or www.zyxel.com for more detailed information on these commands. Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable. Command Syntax The command keywords are in courier new font.
ZyAIR B-500 Wireless Access Point User’s Guide Appendix I Log Descriptions Chart I-1 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is successful The ZyAIR has adjusted its time based on information from the time server. Time calibration failed The ZyAIR failed to get information from the time server. DHCP client gets %s A DHCP client got a new IP address from the DHCP server. DHCP client IP expired A DHCP client's IP address has expired.
ZyAIR B-500 Wireless Access Point User’s Guide Chart I-2 ICMP Notes TYPE CODE 0 Echo Reply 0 3 Echo reply message Destination Unreachable 0 Net unreachable 1 Host unreachable 2 Protocol unreachable 3 Port unreachable 4 A packet that needed fragmentation was dropped because it was set to Don't Fragment (DF) 5 Source route failed 4 Source Quench 0 5 A gateway may discard internet datagrams if it does not have the buffer space needed to queue the datagrams for output to the next network o
ZyAIR B-500 Wireless Access Point User’s Guide Chart I-2 ICMP Notes TYPE CODE 13 DESCRIPTION Timestamp 0 14 Timestamp request message Timestamp Reply 0 15 Timestamp reply message Information Request 0 16 Information request message Information Reply 0 Information reply message Chart I-3 Sys log LOG MESSAGE Mon dd hr:mm:ss hostname src="" dst="" msg="" note="" DESCRIPTION This message is sent by the "RAS" when this syslog is generated.
ZyAIR B-500 Wireless Access Point User’s Guide Chart I-4 Log Categories and Available Settings LOG CATEGORIES AVAILABLE PARAMETERS 8021x 0, 1 access 0, 1, 2, 3 error 0, 1, 2, 3 icmp 0, 1 mten 0, 1 packetfilter 0, 1 remote 0, 1 tcpreset 0, 1 Use 0 to not record logs for that category, 1 to record only logs for that category, 2 to record only alerts for that category, and 3 to record both logs and alerts for that category.
ZyAIR B-500 Wireless Access Point User’s Guide # .time notes source destination message 0|11/11/2002 15:10:12 |172.22.3.80:137 |ACCESS BLOCK Log Description |172.22.255.
ZyAIR B-500 Wireless Access Point User’s Guide Appendix J Index 8 802.1x Overview ...................................................6-14 A Address Assignment................................................3-6 Ad-hoc Configuration............................................. D-2 Alternative Subnet Mask Notation ......................... G-3 Applications ............................................................1-4 Authentication .........................................................
ZyAIR B-500 Wireless Access Point User’s Guide G N General Setup ......................................... 3-2, 4-1, 11-1 Network Management............................................. 1-3 Network Topology With RADIUS Server ExampleE-2 H Hidden Menus........................................................10-4 Host .........................................................................4-3 Host IDs..................................................................G-1 I IBSS.......................
ZyAIR B-500 Wireless Access Point User’s Guide Community .......................................................14-3 Configuration ....................................................14-2 Get ....................................................................14-2 GetNext.............................................................14-2 Manager ............................................................14-2 MIBs .................................................................14-2 Set ......................
