G-3000H 802.11g Wireless Access Point User’s Guide Version 3.
G-3000H User’s Guide Copyright Copyright © 2005 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
G-3000H User’s Guide Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations. This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules.
G-3000H User’s Guide Certifications Go to www.zyxel.com 1 Select your product from the drop-down list box on the ZyXEL home page to go to that product's page.
G-3000H User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase.
G-3000H User’s Guide Customer Support Please have the following information ready when you contact customer support. • • • • Product model and serial number. Warranty Information. Date that you received your device. Brief description of the problem and the steps you took to solve it. METHOD SUPPORT E-MAIL TELEPHONEA WEB SITE FAX FTP SITE REGULAR MAIL LOCATION CORPORATE HEADQUARTERS (WORLDWIDE) CZECH REPUBLIC DENMARK FINLAND SALES E-MAIL support@zyxel.com.tw +886-3-578-3942 sales@zyxel.com.
G-3000H User’s Guide TELEPHONEA WEB SITE SALES E-MAIL FAX FTP SITE info@pl.zyxel.com +48-22-5286603 www.pl.zyxel.com ZyXEL Communications ul.Emilli Plater 53 00-113 Warszawa Poland www.zyxel.ru ZyXEL Russia Ostrovityanova 37a Str. Moscow, 117279 Russia www.zyxel.es ZyXEL Communications Alejandro Villegas 33 1º, 28043 Madrid Spain www.zyxel.se ZyXEL Communications A/S Sjöporten 4, 41764 Göteborg Sweden www.ua.zyxel.com ZyXEL Ukraine 13, Pimonenko Str.
G-3000H User’s Guide 8 Customer Support
G-3000H User’s Guide Table of Contents Copyright .................................................................................................................. 2 Federal Communications Commission (FCC) Interference Statement ............... 3 ZyXEL Limited Warranty.......................................................................................... 5 Customer Support.................................................................................................... 6 Table of Contents ............
G-3000H User’s Guide 3.1.3 WEP Encryption ........................................................................................45 3.2 Wizard Setup: General Setup ............................................................................46 3.3 Wizard Setup: Wireless LAN ..............................................................................46 3.4 Wizard Setup: IP Address ..................................................................................48 3.4.1 IP Address Assignment ..............
G-3000H User’s Guide 6.1.2 Authentication ...........................................................................................73 6.1.3 Restricted Access .....................................................................................73 6.1.4 Hide ZyAIR Identity ...................................................................................74 6.1.5 WEP Encryption ........................................................................................74 6.2 Configuring WEP Encryption .........
G-3000H User’s Guide 8.2 Configuring Layer-2 Isolation ...........................................................................104 8.2.1 Layer-2 Isolation Examples ....................................................................105 8.2.2 Layer-2 Isolation Example 1 ...................................................................106 8.2.3 Layer-2 Isolation Example 2 ...................................................................106 8.2.4 Layer-2 Isolation Example 3 .............................
G-3000H User’s Guide Chapter 12 Remote Management Screens ............................................................................ 147 12.1 Remote Management Overview .....................................................................147 12.1.1 Remote Management Limitations .........................................................147 12.1.2 Remote Management and NAT ............................................................148 12.1.3 System Timeout ..................................................
G-3000H User’s Guide Chapter 16 General Setup ....................................................................................................... 177 16.1 General Setup ................................................................................................177 16.1.1 Procedure To Configure Menu 1 ...........................................................177 Chapter 17 LAN Setup............................................................................................................. 179 17.
G-3000H User’s Guide Chapter 23 Firmware and Configuration File Maintenance ................................................. 207 23.1 Filename Conventions ...................................................................................207 23.2 Backup Configuration .....................................................................................208 23.2.1 Backup Configuration Using FTP .........................................................208 23.2.2 Using the FTP command from the DOS Prompt .....
G-3000H User’s Guide Appendix B Specifications...................................................................................................... 233 Appendix C Power over Ethernet (PoE) Specifications ........................................................ 235 Appendix D Brute-Force Password Guessing Protection..................................................... 237 Appendix E Setting up Your Computer’s IP Address............................................................
G-3000H User’s Guide List of Figures Figure 1 PoE Installation Example ...................................................................................... 32 Figure 2 WDS Functionality Example ................................................................................. 33 Figure 3 Access Point Application ....................................................................................... 37 Figure 4 Multiple ESS Application .......................................................................
G-3000H User’s Guide Figure 39 Multi-ESS with VLAN Example ........................................................................... 94 Figure 40 Wireless: Multiple ESS ........................................................................................ 95 Figure 41 SSID .................................................................................................................... 97 Figure 42 Configuring SSID .......................................................................................
G-3000H User’s Guide Figure 82 Remote Management: WWW ............................................................................. 149 Figure 83 Telnet Configuration on a TCP/IP Network ......................................................... 150 Figure 84 Remote Management: Telnet .............................................................................. 151 Figure 85 Remote Management: FTP .................................................................................
G-3000H User’s Guide Figure 125 Menu 23 System Security ................................................................................. 199 Figure 126 Menu 23 - System Security ............................................................................... 200 Figure 127 Menu 23.5 Security Profile Edit ......................................................................... 200 Figure 128 Menu 24 System Maintenance .........................................................................
G-3000H User’s Guide Figure 168 Macintosh OS 8/9: TCP/IP ................................................................................ 247 Figure 169 Macintosh OS X: Apple Menu ........................................................................... 248 Figure 170 Macintosh OS X: Network ................................................................................. 249 Figure 171 IP Address Conflicts: Case A ............................................................................
G-3000H User’s Guide 22 List of Figures
G-3000H User’s Guide List of Tables Table 1 IEEE 802.11b ......................................................................................................... 34 Table 2 IEEE 802.11g ......................................................................................................... 34 Table 3 Wizard 1: General Setup ....................................................................................... 46 Table 4 Wizard 2: Wireless LAN Setup .......................................................
G-3000H User’s Guide Table 39 My Certificate Import ........................................................................................... 133 Table 40 My Certificate Create ........................................................................................... 134 Table 41 My Certificate Details ........................................................................................... 137 Table 42 Trusted CAs ........................................................................................
G-3000H User’s Guide Table 82 Menu 24.11 Remote Management Control .......................................................... 228 Table 83 Troubleshooting the Start-Up of Your ZyAIR ....................................................... 231 Table 84 Troubleshooting the Ethernet Interface ............................................................... 231 Table 85 Troubleshooting the Password ............................................................................ 232 Table 86 Troubleshooting Telnet ...
G-3000H User’s Guide 26 List of Tables
G-3000H User’s Guide Preface Congratulations on your purchase of the G-3000H - 802.11g Wireless Access Point/Bridge/ Repeater. An AP acts as a bridge between the wireless and wired networks, extending your existing wired network without any additional wiring. The ZyAIR can function as a wireless network bridge/repeater and establish up to five wireless links with other APs. The ZyAIR also supports both AP and bridge connections at the same time. Your ZyAIR is easy to install and configure.
G-3000H User’s Guide User Guide Feedback Help us help you! E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you! Syntax Conventions • “Enter” means for you to type one or more characters. “Select” or “Choose” means for you to use one predefined choices.
G-3000H User’s Guide Graphics Icons Key ZyAIR Computer Notebook computer Server DSLAM Firewall Modem Switch Router Wireless Signal Preface 29
G-3000H User’s Guide 30 Preface
G-3000H User’s Guide CHAPTER 1 Getting to Know Your ZyAIR This chapter introduces the main features and applications of the ZyAIR. 1.1 Introducing the ZyAIR The G-3000H extends the range of your existing wired network without any additional wiring efforts, providing easy network access to mobile users. The ZyAIR offers highly secured wireless connectivity to your wired network with IEEE 802.1x, Wi-Fi Protected Access, WEP data encryption and MAC address filtering.
G-3000H User’s Guide ZyAIR LED The blue ZyAIR LED (also known as the Breathing LED) is on when the ZyAIR is on and blinks (or breaths) when data is being transmitted to/from its wireless stations. You may use the web configurator to turn this LED off even when the ZyAIR is on and data is being transmitted/received. Bridge/Repeater LED A Bridge/Repeater link LED turns steady on green when your ZyAIR acts as a bridge, establishing up to six wireless links with other APs.
G-3000H User’s Guide VLAN A VLAN (Virtual Local Area Network) allows a physical network to be partitioned into multiple logical networks. Only stations within the same group can talk to each other. Stations on a logical network can belong to one or more groups. The ZyAIR supports 802.1Q VLAN tagging. Tagged VLAN uses an explicit tag (VLAN ID) in the MAC header of a frame to identify VLAN membership. The ZyAIR can identify VLAN tags for incoming Ethernet frames and add VLAN tags to outgoing Ethernet frames.
G-3000H User’s Guide The 802.11b data rate and corresponding modulation techniques are shown in the table below. The modulation technique defines how bits are encoded onto radio waves. Table 1 IEEE 802.11b DATA RATE (MBPS) MODULATION 1 DBPSK (Differential Binary Phase Shifted Keying) 2 DQPSK (Differential Quadrature Phase Shifted Keying) 5.5 / 11 CCK (Complementary Code Keying) 802.11g Wireless LAN Standard The ZyAIR, complies with the 802.
G-3000H User’s Guide Limit the number of Client Connections You may set a maximum number of wireless stations that may connect to the ZyAIR. This may be necessary if for example, there is interference or difficulty with channel assignment due to a high density of APs within a coverage area. SSL Passthrough SSL (Secure Sockets Layer) uses a public key to encrypt data that's transmitted over an SSL connection.
G-3000H User’s Guide Full Network Management The embedded web configurator is an all-platform web-based utility that allows you to easily access the ZyAIR’s management settings. Most functions of the ZyAIR are also software configurable via the SMT (System Management Terminal) interface. The SMT is a menudriven interface that you can access from a terminal emulator over a telnet connection. Logging and Tracing • Built-in message logging and packet tracing. • Unix syslog facility support.
G-3000H User’s Guide 1.3.1 Access Point The ZyAIR is an ideal access solution for wireless Internet connection. A typical Internet access application for your ZyAIR is shown as follows. Stations A, B and C can access the wired network through the ZyAIRs. Figure 3 Access Point Application 1.3.2 Multiple ESS The ZyAIR’s Multiple ESS function allows multiple ESSs to be configured on just one access point (the ZyAIR). Wireless stations can use different ESSIDs to associate with the same AP.
G-3000H User’s Guide Figure 4 Multiple ESS Application 1.3.3 AP + Bridge In AP+Bridge mode, the ZyAIR supports both AP (A and B can connect to the wired network through X) and bridge (X can communicate with Y) connection at the same time. When the ZyAIR is in AP + Bridge mode, the traffic between ZyAIRs (the WDS) is not encrypted. The security settings on the ZyAIR refer to the traffic between the wireless station and the ZyAIR.
G-3000H User’s Guide Figure 5 AP+Bridge Application 1.3.4 Bridge / Repeater The ZyAIR can act as a wireless network bridge and establish wireless links with other APs. In bridge mode, the ZyAIR’s (A and B) are connected to independent wired networks and have a bridge (A can communicate with B) connection at the same time. A ZyAIR in repeater mode (C) has no Ethernet connection. When the ZyAIR is in the bridge mode, you should enable STP to prevent bridge loops.
G-3000H User’s Guide Figure 6 Bridge Application Figure 7 Repeater Application 40 Chapter 1 Getting to Know Your ZyAIR
G-3000H User’s Guide CHAPTER 2 Introducing the Web Configurator This chapter describes how to access the ZyAIR web configurator and provides an overview of its screens. The default IP address of the ZyAIR is 192.168.1.2. 2.1 Accessing the ZyAIR Web Configurator 1 Make sure your ZyAIR hardware is properly connected and prepare your computer/ computer network to connect to the ZyAIR (refer to the Quick Start Guide). 2 Launch your web browser. 3 Type "192.168.1.2" as the URL.
G-3000H User’s Guide Figure 8 Change Password Screen 6 Click Apply in the Replace Certificate screen to create a certificate using your ZyAIR’s MAC address that will be specific to this device. Figure 9 Replace Certificate Screen You should now see the MAIN MENU screen. Note: The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the ZyAIR if this happens to you.
G-3000H User’s Guide 2.2 Resetting the ZyAIR If you forget your password or cannot access the web configurator, you will need to reload the factory-default configuration file or use the RESET button on the side panel of the ZyAIR. Uploading this configuration file replaces the current configuration file with the factorydefault configuration file. This means that you will lose all configurations that you had previously. The password will be reset to 1234. 2.2.
G-3000H User’s Guide Note: Follow the instructions you see in the MAIN MENU screen or click the icon (located in the top right corner of most screens) to view online help. The icon does not appear in the MAIN MENU screen. Figure 10 The MAIN MENU Screen of the Web Configurator Click WIZARD SETUP for initial configuration including general setup, Wireless LAN setup and IP address assignment.
G-3000H User’s Guide CHAPTER 3 Wizard Setup This chapter provides information on the Wizard Setup screens in the web configurator. 3.1 Wizard Setup Overview The web configurator’s setup wizard helps you configure your ZyAIR for wireless stations to access your wired LAN. 3.1.1 Channel A channel is the radio frequency(ies) used by IEEE 802.11b and IEEE 802.11g wireless devices. Channels available depend on your geographical area.
G-3000H User’s Guide 3.2 Wizard Setup: General Setup General Setup contains administrative and system-related information. Figure 11 Wizard 1: General Setup The following table describes the labels in this screen. Table 3 Wizard 1: General Setup LABEL DESCRIPTION System Name It is recommended you type your computer's "Computer name". In Windows 95/98 click Start, Settings, Control Panel, Network. Click the Identification tab, note the entry for the Computer Name field and enter it as the System Name.
G-3000H User’s Guide Figure 12 Wizard 2: Wireless LAN Setup The following table describes the labels in this screen. Table 4 Wizard 2: Wireless LAN Setup LABEL DESCRIPTION Wireless LAN Setup Name (SSID) Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN. If you change this field on the ZyAIR, make sure all wireless stations use the same Name (SSID) in order to access the network.
G-3000H User’s Guide 3.4 Wizard Setup: IP Address The third wizard screen allows you to configure IP address assignment. 3.4.1 IP Address Assignment Every computer on the Internet must have a unique IP address. If your networks are isolated from the Internet, for instance, only between your two branch offices, you can assign any IP addresses to the hosts without problems.
G-3000H User’s Guide Once you have decided on the network number, pick an IP address that is easy to remember, for instance, 192.168.1.2, for your ZyAIR, but make sure that no other device on your network is using that IP address. The subnet mask specifies the network number portion of an IP address. Your ZyAIR will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the ZyAIR unless you are instructed to do otherwise.
G-3000H User’s Guide 3.5 Basic Setup Complete When you click Finish in the Wizard 3 IP Address Assignment screen, a warning window display as shown. Click OK to close the window and log in to the web configurator again using the new IP address if you change the default IP address (192.168.1.2). You have successfully set up the ZyAIR. A screen displays prompting you to close the web browser. Click Yes. Otherwise, click No and the congratulations screen shows next.
G-3000H User’s Guide CHAPTER 4 System Screens 4.1 System Overview This section provides information on general system setup. 4.2 Configuring General Setup Click the SYSTEM link under ADVANCED to open the General screen. Figure 15 System General Setup The following table describes the labels in this screen. Table 7 System General Setup LABEL DESCRIPTION General Setup System Name Type a descriptive name to identify the ZyAIR in the Ethernet network.
G-3000H User’s Guide Table 7 System General Setup LABEL DESCRIPTION Administrator Inactivity Timer Type how many minutes a management session (either via the web configurator or SMT) can be left idle before the session times out. The default is 5 minutes. After it times out you have to log in with your password again. Very long idle timeouts may have security risks. A value of "0" means a management session never times out, no matter how long it has been left idle (not recommended).
G-3000H User’s Guide Figure 16 Password. The following table describes the labels in this screen. Table 8 Password LABEL DESCRIPTIONS Old Password Type in your existing system password (1234 is the default password). New Password Type your new system password (up to 31 characters). Note that as you type a password, the screen displays an asterisk (*) for each character you type. Retype to Confirm Retype your new system password for confirmation.
G-3000H User’s Guide Figure 17 Time Setting The following table describes the labels in this screen. Table 9 Time Setting 54 LABEL DESCRIPTION Time Protocol Select the time service protocol that your time server sends when you turn on the ZyAIR. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works. The main difference between them is the format.
G-3000H User’s Guide Table 9 Time Setting LABEL DESCRIPTION Time Zone Choose the time zone of your location. This will set the time difference between your time zone and Greenwich Mean Time (GMT). Daylight Savings Select this option if you use daylight savings time. Daylight saving is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening.
G-3000H User’s Guide 56 Chapter 4 System Screens
G-3000H User’s Guide CHAPTER 5 Wireless Configuration This chapter discusses how to configure Wireless screens on the ZyAIR. 5.1 Wireless LAN Overview This section introduces the wireless LAN (WLAN) and some basic scenarios. 5.1.1 BSS A Basic Service Set (BSS) exists when all communications between wireless stations or between a wireless station and a wired network client go through one access point (AP). Intra-BSS traffic is traffic between wireless stations in the BSS.
G-3000H User’s Guide Figure 18 Basic Service set 5.1.2 ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless stations within the same ESS must have the same ESSID in order to communicate.
G-3000H User’s Guide Figure 19 Extended Service Set 5.2 Wireless LAN Basics Refer also to the Wizard Setup chapter for more background information on Wireless LAN features, such as channels. See the Wireless LANs Appendix for information on the following: • • • • • • • • • • Wireless LAN Topologies Channel RTS/CTS Fragmentation Threshold Preamble Type IEEE 802.
G-3000H User’s Guide 5.3 WMM QoS WMM (Wi-Fi MultiMedia) QoS (Quality of Service) ensures quality of service in wireless networks for multimedia applications. WMM QoS prioritizes wireless traffic according to the delivery requirements of the individual and applications. WMM QoS is a part of the IEEE 802.11e QoS enhancement to certified Wi-Fi wireless networks. On APs without WMM QoS, all traffic streams are given the same access throughput to the wireless network.
G-3000H User’s Guide 5.3.2.1 DiffServ DiffServ is a class of service (CoS) model that marks packets so that they receive specific perhop treatment at DiffServ-compliant network devices along the route based on the application types and traffic flow. Packets are marked with DiffServ Code Points (DSCPs) indicating the level of service desired.
G-3000H User’s Guide Table 11 ToS and IEEE 802.1d to WMM QoS Priority Level Mapping DSCP VALUE 96, 0 WMM QOS PRIORITY LEVEL a besteffort 64, 32 background a. The ZyAIR also uses best effort for any DSCP value for which another WMM QoS priority is not specified (255, 158 or 37 for example). 5.4 Spanning Tree Protocol (STP) STP detects and breaks network loops and provides backup links between switches, bridges or routers.
G-3000H User’s Guide On each bridge, the root port is the port through which this bridge communicates with the root. It is the port on this switch with the lowest path cost to the root (the root path cost). If there is no root port, then this bridge has been accepted as the root bridge of the spanning tree network. For each LAN segment, a designated bridge is selected. This bridge has the lowest cost to the root among the bridges connected to the LAN. 5.4.
G-3000H User’s Guide 1 Configure the ZyAIR as an AP, an AP+Bridge, a Bridge/Repeater or to use multiple ESS in the Wireless screen. You can also select an SSID Profile in the Wireless screen. 2 Use the SSID screens to view and create SSID profiles. 3 Use the Security screen to configure wireless profiles. For each profile you can configure a name and one of the wireless security modes. 4 Use the RADIUS screen to configure RADIUS authentication and accounting settings.
G-3000H User’s Guide Figure 21 Wireless: Access Point The following table describes the general wireless LAN labels in this screen. Table 14 Wireless: Access Point LABEL DESCRIPTION Operating Mode Select the operating mode from the drop-down list. The options are Access Point, Bridge/Repeater, AP+Bridge and MESSID. Choose Channel Set the operating frequency/channel depending on your particular region. ID To manually set the ZyAIR to use a channel, select a channel from the drop-down list box.
G-3000H User’s Guide Table 14 Wireless: Access Point LABEL DESCRIPTION Hide Name (SSID) Select this check box to hide the SSID in the outgoing beacon frame so a station cannot obtain the SSID through scanning using a site survey tool. Enable IntraBSS Traffic Intra-BSS traffic is traffic between wireless stations in the same BSS. Select this check box to enable Intra-BSS traffic. Enable Breathing LED Select this check box to enable the Breathing LED, also known as the ZyAIR LED.
G-3000H User’s Guide In the example below, when both ZyAIRs are in Bridge/Repeater mode, they form a WDS (Wireless Distribution System) allowing the computers in LAN 1 to connect to the computers in LAN 2. Figure 22 Bridging Example Be careful to avoid bridge loops when you enable bridging in the ZyAIR. Bridge loops cause broadcast traffic to circle the network endlessly, resulting in possible throughput degradation and disruption of communications.
G-3000H User’s Guide Figure 23 Bridge Loop: Two Bridges Connected to Hub If your ZyAIR (in bridge mode) is connected to a wired LAN while communicating with another wireless bridge that is also connected to the same wired LAN as shown next. Figure 24 Bridge Loop: Bridge Connected to Wired LAN To prevent bridge loops, ensure that you enable STP in the Wireless screen or your ZyAIR is not set to bridge mode while connected to both wired and wireless segments of the same LAN.
G-3000H User’s Guide Figure 25 Wireless: Bridge/Repeater The following table describes the bridge labels in this screen. Table 15 Wireless: Bridge/Repeater LABEL DESCRIPTIONS Operating Mode Select Bridge/Repeater in this field to display the screen as shown. Choose Channel ID Set the operating frequency/channel depending on your particular region. To manually set the ZyAIR to use a channel, select a channel from the dropdown list box.
G-3000H User’s Guide Table 15 Wireless: Bridge/Repeater LABEL DESCRIPTIONS Enable WDS Security Select the check box to enable WDS on your ZyAIR. A Wireless Distribution System (WDS) is a wireless connection between two or more APs. When you select the check box, you are prompted to type a Pre-Shared Key (PSK). The ZyAIR uses TKIP to encrypt traffic on the WDS between AP’s. Note: Other AP’s must use the same encryption method to enable WDS. # This is the index number of the bridge connection.
G-3000H User’s Guide Figure 26 Wireless: AP+Bridge See the tables describing the fields in the Access Point and Bridge/Repeater operating modes for descriptions of the fields in this screen. 5.6.4 Multiple ESS Mode Select MESSID as the Operating Mode to display the screen. Refer to the chapter on Multiple ESS and VLAN for configuration and detailed information. See the chapter on wireless security for details on the security settings.
G-3000H User’s Guide 72 Chapter 5 Wireless Configuration
G-3000H User’s Guide CHAPTER 6 Wireless Security Configuration This chapter describes how to use the Security, RADIUS and Local User Database screens to configure wireless security on your ZyAIR. 6.1 Wireless Security Overview Wireless security is vital to your network to protect wireless communication between wireless stations, access points and the wired network.
G-3000H User’s Guide 6.1.4 Hide ZyAIR Identity If you hide the ESSID, then the ZyAIR cannot be seen when a wireless client scans for local APs. The trade-off for the extra security of “hiding” the ZyAIR may be inconvenience for some valid WLAN clients. 6.1.5 WEP Encryption WEP encryption scrambles the data transmitted between the wireless stations and the access points to keep network communications private. It encrypts unicast and multicast communications in a network.
G-3000H User’s Guide The following figure shows an overview of authentication when you specify a RADIUS server on your access point. Figure 27 EAP Authentication The details below provide a general description of how IEEE 802.1x EAP authentication works. For an example list of EAP-MD5 authentication steps, see the IEEE 802.1x appendix. 1 The wireless station sends a “start” message to the ZyAIR. 2 The ZyAIR sends a “request identity” message to the wireless station for identity information.
G-3000H User’s Guide 6.6.1 User Authentication WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients using an external RADIUS database. See later in this chapter and the appendices for more information on IEEE 802.1x, RADIUS, EAP and PEAP. If you don’t have an external RADIUS server you should use WPA-PSK (WPA -Pre-Shared Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client.
G-3000H User’s Guide 1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters (including spaces and symbols). 2 The AP checks each wireless client's password and (only) allows it to join the network if the password matches. 3 The AP derives and distributes keys to the wireless clients. 4 The AP and wireless clients use the TKIP or AES encryption process to encrypt data exchanged between them.
G-3000H User’s Guide Figure 29 WPA(2) with RADIUS Application Example 6.8 Security Modes The following table describes the security modes you can configure. Table 16 Security Modes 78 SECURITY MODE DESCRIPTION None Select this to have no data encryption. WEP Select this to use WEP encryption. 802.1x-Only Select this to use 802.1x authentication with no data encryption. 802.1x-Dynamic64 Select this to use 802.1x authentication with a dynamic 64bit WEP key. 802.
G-3000H User’s Guide Table 16 Security Modes SECURITY MODE DESCRIPTION WPA2-MIX Select this to use either WPA2 or WPA depending on which security mode the wireless client uses. No-Access Select this to prevent wireless client access to the ZyAIR. 6.9 Security Modes and Wireless Client Compatibility Different security modes can be configured for each SSID. However, not all security modes are compatible with the security mode of the wireless client.
G-3000H User’s Guide The Funk Software's Odyssey client is bundled free (at the time of writing) with the client wireless adaptor(s). 6.11 Wireless Security Effectiveness The following figure shows the relative effectiveness of these wireless security methods available on your ZyAIR. EAP (Extensible Authentication Protocol) is used for authentication and utilizes dynamic WEP key exchange.
G-3000H User’s Guide Figure 30 Security The following table describes the labels in this screen. Table 19 Security LABEL DESCRIPTION Index This is the index number of the security profile address. Profile Name This field displays a name given to a security profile in the Security configuration screen. Security Mode This field displays the security mode given to this security profile.
G-3000H User’s Guide Figure 31 Security: No Access or None The following table describes the labels in this screen. Table 20 Security: No Access or None LABEL DESCRIPTION Name Type a name to identify this security profile. Security Mode Choose No Access or None in this field. Apply Click Apply to save your changes back to the ZyAIR. Reset Click Reset to begin configuring this screen afresh. 6.12.2 Security: WEP Select WEP in the Security Mode field to display the following screen.
G-3000H User’s Guide Table 21 Security: WEP LABEL DESCRIPTION WEP Encryption Select Disable to allow wireless stations to communicate with the access points without any data encryption. Select 64-bit WEP or 128-bit WEP to enable data encryption. Authentication Method Select Auto, Open System or Shared Key from the drop-down list box. The default setting is Auto. ASCII Select this option to enter ASCII characters as the WEP keys.
G-3000H User’s Guide Figure 33 Security: 802.1x Only, 802.1x Static 64-bit WEP, 128-bit WEP The following table describes the labels in this screen. Table 22 Security: 802.1x Only, 802.1x Static 64-bit WEP, 128-bit WEP LABEL DESCRIPTION Name Type a name to identify this security profile. Security Mode Choose 802.1x Only, 802.1x Static 64 or 802.1x Static 128 in this field. ASCII Select this option to enter ASCII characters as the WEP keys.
G-3000H User’s Guide Table 22 Security: 802.1x Only, 802.1x Static 64-bit WEP, 128-bit WEP LABEL DESCRIPTION Authentication Databases The authentication database contains wireless station login information. The local user database is the built-in database on the ZyAIR. The RADIUS is an external server. Use this drop-down list box to select which database the ZyAIR should use (first) to authenticate a wireless station.
G-3000H User’s Guide Table 23 Security: 802.1x Dynamic 64-bit WEP, 128-bit WEP LABEL DESCRIPTION ReAuthentication Timer Specify how often wireless stations have to resend usernames and passwords in order to stay connected. Enter a time interval between 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes). Note: If wireless station authentication is done using a RADIUS server, the reauthentication timer on the RADIUS server has priority.
G-3000H User’s Guide Figure 35 Security: WPA, WPA-MIX, WPA2 or WPA2-MIX The following table describes the labels not previously discussed Table 24 Security: WPA, WPA-MIX, WPA2 or WPA2-MIX LABEL DESCRIPTIONS Name Type a name to identify this security profile. Security Mode Choose WPA, WPA-MIX, WPA2 or WPA2-MIX in this field. ReAuthentication Timer Specify how often wireless stations have to resend usernames and passwords in order to stay connected. Enter a time interval between 10 and 9999 seconds.
G-3000H User’s Guide Figure 36 Security: WPA-PSK, WPA2-PSK or WPA2-PSK-MIX The following table describes the labels not previously discussed Table 25 Security: WPA-PSK, WPA2-PSK or WPA2-PSK-MIX LABEL DESCRIPTION Name Type a name to identify this security profile. Security Mode Choose WPA-PSK, WPA2-PSK or WPA2-PSK-MIX in this field. Pre-Shared Key The encryption mechanisms used for WPA and WPA-PSK are the same.
G-3000H User’s Guide 6.13 Introduction to RADIUS RADIUS is based on a client-sever model that supports authentication and accounting, where access point is the client and the server is the RADIUS server. The RADIUS server handles the following tasks among others: • Authentication Determines the identity of the users. • Accounting Keeps track of the client’s network activity.
G-3000H User’s Guide Figure 37 RADIUS The following table describes the labels in this screen. Table 26 RADIUS 90 LABEL DESCRIPTION Index Select the RADIUS profile you want to configure from the drop-down list box. Profile Name Type a name for the RADIUS profile associated with the Index number above. Primary Configure the fields below to have user authenticate and accounting through external servers.
G-3000H User’s Guide Table 26 RADIUS LABEL DESCRIPTION Accounting Server IP Address Enter the IP address of the external accounting server in dotted decimal notation. Accounting Server Port Enter the port number of the external accounting server. The default port number is 1813. You need not change this value unless your network administrator instructs you to do so with additional information.
G-3000H User’s Guide 92 Chapter 6 Wireless Security Configuration
G-3000H User’s Guide CHAPTER 7 Multiple ESS, SSID and VLAN This chapter describes how to use configure multiple ESS, SSID and VLAN on your ZyAIR. 7.1 Wireless LAN Infrastructures See the Wizard Setup and Wireless LAN chapters for some basic WLAN scenarios and terminology. 7.1.1 Multiple ESS Traditionally, you needed different APs to configure different ESSs. As well as the cost of buying extra APs, there was also the possibility of channel interference.
G-3000H User’s Guide 7.1.3 Multiple ESS Example Refer to the section on ZyAIR applications for more information. 7.1.4 Multi-ESS with VLAN Example In this example, VLAN 2 is the management VLAN and includes the computers in ESS1 and LAN 1. Computers in ESS2 and LAN 2 belong to VLAN 2. “Wireless group” ESS1is limited to accessing the resources on LAN 1 and similarly “wireless group” ESS2 may only access resources on LAN 2.
G-3000H User’s Guide Figure 40 Wireless: Multiple ESS The following table describes the labels in this screen. Table 28 Wireless: Multiple ESS LABEL DESCRIPTION Operating Mode Select MESSID in this field to display the screen as shown Choose Channel ID Set the operating frequency/channel depending on your particular region. To manually set the ZyAIR to use a channel, select a channel from the drop-down list box.
G-3000H User’s Guide Table 28 Wireless: Multiple ESS LABEL DESCRIPTION Select SSID Profile The SSID (Service Set IDentity) identifies the Service Set with which a wireless station is associated. Wireless stations associating to the access point (AP) must have the same SSID. Note: If you are configuring the ZyAIR from a computer connected to the wireless LAN and you change the ZyAIR’s SSID or security settings, you will lose your wireless connection when you press Apply to confirm.
G-3000H User’s Guide Table 28 Wireless: Multiple ESS LABEL DESCRIPTION Max. Frame Burst Enable Maximum Frame Burst to help eliminate collisions in mixed-mode networks (networks with both IEEE 802.11g and IEEE 802.11b traffic) and enhance the performance of both pure IEEE 802.11g and mixed IEEE 802.11b/g networks. Maximum Frame Burst sets the maximum time, in microseconds, that the ZyAIR transmits IEEE 802.11g wireless traffic only.
G-3000H User’s Guide Table 29 SSID LABEL DESCRIPTION SSID This field displays the name of the wireless profile on the network. When a wireless client scans for an AP to associate, this is the identity that is broadcast and viewed in the wireless client utility. VLAN This field displays the VLAN ID. Incoming traffic from the WAN is tagged with this ID before it is sent to the LAN interface. Different SSID profiles can use the same or different VLAN IDs.
G-3000H User’s Guide Figure 42 Configuring SSID The following table describes the labels in this screen. Table 30 Configuring SSID LABEL DESCRIPTION Name Type a name to identify this SSID profile on the ZyAIR. SSID Type a name to identify this wireless profile on the network. When a wireless client scans for an AP to associate, this is the identity that is broadcast and viewed in the wireless client utility. VLAN Enter a number from 1 to 4094.
G-3000H User’s Guide 7.2.2 Second Rx VLAN ID The ZyAIR tags Ethernet frames in VLAN 1 with VLAN ID 1 and tags Ethernet frames in VLAN 2 with VLAN ID 2. Both VLAN 1 and VLAN 2 have Internet access. VLAN 1 and VLAN 2 have access to a server. Ethernet frames forwarded from the server back to the switch are tagged. Ethernet frames are tagged with a second Rx VLAN ID (incoming VLAN ID). These incoming VLAN packets are forwarded to the ZyAIR. The ZyAIR matches the Second Rx VLAN ID with VLAN ID.
G-3000H User’s Guide Chapter 7 Multiple ESS, SSID and VLAN 101
G-3000H User’s Guide 102 Chapter 7 Multiple ESS, SSID and VLAN
G-3000H User’s Guide CHAPTER 8 Other Wireless Configurations This chapter describes how to configure the Layer-2 Isolation, MAC Filter and Roaming screens on your ZyAIR. 8.1 Layer-2 Isolation Introduction Layer-2 isolation is used to prevent wireless clients associated with your ZyAIR from communicating with other wireless clients, AP’s, computers or routers in a network. In the following figure, A represents your ZyAIR, B represents an AP, C represents a server and 1, 2 and 3 represent wireless clients.
G-3000H User’s Guide Figure 45 Layer-2 Isolation Application MAC addresses that are not listed in the Allow devices with these MAC addresses table are blocked from communicating with the ZyAIR’s wireless clients except for broadcast packets. Layer-2 isolation does not check the traffic between wireless clients that are associated with the same AP. Intra-BSS Traffic allows wireless clients associated with the same AP to communicate with each other. 8.
G-3000H User’s Guide Figure 46 Layer-2 Isolation Configuration Screen The following table describes the labels in this screen. Table 31 Layer-2 Isolation Configuration LABEL DESCRIPTION Enable Layer-2 Isolation Select the Enable Layer-2 Isolation check box to enable layer-2 isolation on the ZyAIR. When you select the Enable Layer-2 Isolation check box and save this configuration screen, the Enable Intra-BSS Traffic check box in the Wireless configuration screen is cleared.
G-3000H User’s Guide Figure 47 Layer-2 Isolation Example 00:0a:c5:00:00:66 00:0a:c5:00:00:cc 8.2.2 Layer-2 Isolation Example 1 In the following example wireless clients 1 and 2 cannot communicate with C, B or 3. • Select the Enable Layer-2 Isolation check box, but do not configure any MAC addresses in the Allow devices with these MAC addresses table (1 and 2 cannot communicate with each other unless you enable Intra-BSS). Figure 48 Layer-2 Isolation Example 1 8.2.
G-3000H User’s Guide • Select the Enable Layer-2 Isolation check box. • Enter C’s MAC address in the Allow devices with these MAC addresses field. Figure 49 Layer-2 Isolation Example 2 8.2.4 Layer-2 Isolation Example 3 In the following example wireless clients 1 and 2 can communicate with B and C but not 3. • Select the Enable Layer-2 Isolation check box. • Configure more than one MAC address. Enter the server and your ZyAIR MAC addresses in the Allow devices with these MAC addresses fields.
G-3000H User’s Guide Figure 50 Layer-2 Isolation Example 3 8.3 Configuring MAC Filter The MAC filter screen allows you to configure the ZyAIR to give exclusive access to up to 32 devices (Allow Association) or exclude up to 32 devices from accessing the ZyAIR (Deny Association). Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
G-3000H User’s Guide Figure 51 MAC Address Filter The following table describes the labels in this screen. Table 32 MAC Address Filter LABEL DESCRIPTION Filter Action Define the filter action for the list of MAC addresses in the MAC address filter table. Select Deny Association to block access to the router, MAC addresses not listed will be allowed to access the router. Select Allow Association to permit access to the router, MAC addresses not listed will be denied access to the router.
G-3000H User’s Guide The roaming feature on the access points allows the access points to relay information about the wireless stations to each other. When a wireless station moves from a coverage area to another, it scans and uses the channel of a new access point, which then informs the access points on the LAN about the change. The new information is then propagated to the other access points on the LAN. An example is shown in Figure 52.
G-3000H User’s Guide 8.4.1 Requirements for Roaming The following requirements must be met in order for wireless stations to roam between the coverage areas. 1 All the access points must be on the same subnet and configured with the same ESSID. 2 If IEEE 802.1x user authentication is enabled and to be done locally on the access point, the new access point must have the user profile for the wireless station. 3 The adjacent access points should use different radio channels when their coverage areas overlap.
G-3000H User’s Guide 112 Chapter 8 Other Wireless Configurations
G-3000H User’s Guide CHAPTER 9 VLAN This chapter discusses how to configure VLAN on the ZyAIR. 9.1 VLAN A VLAN (Virtual Local Area Network) allows a physical network to be partitioned into multiple logical networks. Stations on a logical network can belong to one or more groups. Only stations within the same group can talk to each other. The ZyAIR supports 802.1q VLAN tagging. Tagged VLAN uses an explicit tag (VLAN ID) in the MAC header of a frame to identify VLAN membership.
G-3000H User’s Guide Figure 54 VLAN The following table describes the labels in this screen. Table 34 VLAN LABEL DESCRIPTION Enable VLAN Tagging Select this check box to turn on VLAN tagging. Management VLAN ID Enter a number from 1 to 4094 to define this VLAN group. At least one device in your network must belong to this VLAN group in order to manage the ZyAIR. Note: Mail and FTP servers must have the same management VLAN ID to communicate with the ZyAIR.
G-3000H User’s Guide Table 34 VLAN LABEL DESCRIPTION Name Type a name to have the ZyAIR check for specific VLAN attributes on incoming messages from the RADIUS server. Access-accept packets sent by the RADIUS server contain VLAN related attributes. The configured Name field is checked against these attributes. If the configured Name field matches these attributes, the corresponding VLAN ID entry is used to access the specific VLAN group.
G-3000H User’s Guide 5 Type a VLAN Group ID. This should be the same as the management VLAN ID on the ZyAIR. 6 Enable Tx Tagging on the port which you want to connect to the ZyAIR. Disable Tx Tagging on the port you are using to connect to your computer. 7 Under Control, select Fixed to set the port as a member of the VLAN. Figure 56 VLAN-Aware Switch - Static VLAN 8 Click Apply. The following screen displays. Figure 57 VLAN-Aware Switch 9 Click VLAN Status to display the following screen.
G-3000H User’s Guide 3 Click Apply. Figure 59 VLAN Setup 4 The ZyAIR attempts to connect with a VLAN-aware device. You can now access and mange the ZyAIR though the Ethernet switch. Note: If you do not connect the ZyAIR to a correctly configured VLAN-aware device, you will lock yourself out of the ZyAIR. If this happens, you must reset the ZyAIR to access it again. 9.2.2 Configuring Microsoft’s IAS Server Example Dynamic VLAN assignment can be used with the ZyAIR.
G-3000H User’s Guide 1 When you configure your wireless credentials, the ZyAIR sends the information to the IAS server using RADIUS protocol. 2 Authentication by the RADIUS server is successful. 3 The RADIUS server sends three attributes related to this feature. 4 The ZyAIR compares these attributes with the VLAN screen mapping table. a If the Name, if for example VLAN 20 is found, the mapped VLAN ID is used.
G-3000H User’s Guide • The IAS uses group memberships to determine which user accounts belong to which VLAN groups. Click the Add button and configure the VLAN group details. 3 Repeat the previous step to add each VLAN group required. Figure 61 Add Group Members 9.2.2.2 Configuring Remote Access Policies Once the VLAN Groups have been created, the IAS Remote Access Policy needs to be defined.
G-3000H User’s Guide Figure 62 New Remote Access Policy for VLAN Group 2 The Conditions window displays. Select Add to add a condition for this policy to act on. 3 In the Select Attribute screen, click Windows-Groups and the Add button. Figure 63 Specifying Windows-Group Condition 4 The Select Groups window displays. Select a remote access policy and click the Add button. The policy is added to the field below. Only one VLAN Group should be associated with each policy.
G-3000H User’s Guide Figure 64 Adding VLAN Group 6 When the Permissions options screen displays, select Grant remote access permission. • Click Next to grant access based on group membership. • Click the Edit Profile button. Figure 65 Granting Permissions and User Profile Screens 7 The Edit Dial-in Profile screen displays. Click the Authentication tab and select the Extensible Authentication Protocol check box. • Select an EAP type depending on your authentication needs from the drop-down list box.
G-3000H User’s Guide Figure 66 Authentication Tab Settings 8 Click the Encryption tab. Select the Strongest encryption option. This step is not required for EAP-MD5, but is performed as a safeguard. Figure 67 Encryption Tab Settings 9 Click the IP tab and select the Client may request an IP address check box for DHCP support. 10Click the Advanced tab. The current default parameters returned to the ZyAIR should be Service-Type and Framed-Protocol.
G-3000H User’s Guide Figure 68 Connection Attributes Screen 11The RADIUS Attribute screen displays. From the list, three RADIUS attributes will be added: • Tunnel-Medium-Type • Tunnel-Pvt-Group-ID • Tunnel-Type • Click the Add button • Select Tunnel-Medium-Type • Click the Add button.
G-3000H User’s Guide Figure 69 RADIUS Attribute Screen 12 The Enumerable Attribute Information screen displays. Select the 802 value from the Attribute value drop-down list box. • Click OK. Figure 70 802 Attribute Setting for Tunnel-Medium-Type 13Return to the RADIUS Attribute Screen shown as Figure 69 on page 124. • Select Tunnel-Pvt-Group-ID. • Click Add. 14The Attribute Information screen displays.
G-3000H User’s Guide Figure 71 VLAN ID Attribute Setting for Tunnel-Pvt-Group-ID 15Return to the RADIUS Attribute Screen shown as Figure 69 on page 124. • Select Tunnel-Type. • Click Add. 16The Enumerable Attribute Information screen displays. • Select Virtual LANs (VLAN) from the attribute value drop-down list box. • Click OK. Figure 72 VLAN Attribute Setting for Tunnel-Type 17Return to the RADIUS Attribute Screen shown as Figure 69 on page 124. • Click the Close button.
G-3000H User’s Guide Figure 73 Completed Advanced Tab Note: Repeat the Configuring Remote Access Policies procedure for each VLAN Group defined in the Active Directory. Remember to place the most general Remote Access Policies at the bottom of the list and the most specific at the top of the list.
G-3000H User’s Guide CHAPTER 10 IP Screen This chapter discusses how to configure IP on the ZyAIR 10.1 Factory Ethernet Defaults The Ethernet parameters of the ZyAIR are preset in the factory with the following values: 1 IP address of 192.168.1.2 2 Subnet mask of 255.255.255.0 (24 bits) These parameters should work for the majority of installations. 10.2 TCP/IP Parameters 10.2.1 IP Address and Subnet Mask Refer to the IP Address and Subnet Mask section in the Wizard Setup chapter for this information.
G-3000H User’s Guide Note: Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space. 10.3 Configuring IP Click ADVANCED and then IP to display the screen shown next. Figure 74 IP Setup The following table describes the labels in this screen.
G-3000H User’s Guide C H A P T E R 11 Certificates This chapter gives background information about public-key certificates and explains how to use them. 11.1 Certificates Overview The ZyAIR can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication.
G-3000H User’s Guide 11.1.1 Advantages of Certificates Certificates offer the following benefits. • The ZyAIR only has to store the certificates of the certification authorities that you decide to trust, no matter how many devices you need to authenticate. • Key distribution is simple and very secure since you can freely distribute public keys and you never need to transmit private keys. 11.
G-3000H User’s Guide Figure 75 My Certificates The following table describes the labels in this screen. Table 38 My Certificates LABEL DESCRIPTION PKI Storage Space in Use This bar displays the percentage of the ZyAIR’s PKI storage space that is currently in use. When you are using 80% or less of the storage space, the bar is green. When the amount of space used is over 80%, the bar is red.
G-3000H User’s Guide Table 38 My Certificates (continued) LABEL DESCRIPTION Issuer This field displays identifying information about the certificate’s issuing certification authority, such as a common name, organizational unit or department, organization or company and country. With self-signed certificates, this is the same information as in the Subject field. Valid From This field displays the date that the certificate becomes applicable.
G-3000H User’s Guide • PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses 64 ASCII characters to convert a binary PKCS#7 certificate into a printable form. 11.6 Importing a Certificate Click CERTIFICATES, My Certificates and then Import to open the My Certificate Import screen. Follow the instructions in this screen to save an existing certificate to the ZyAIR, see the following figure.
G-3000H User’s Guide 11.7 Creating a Certificate Click CERTIFICATES, My Certificates and then Create to open the My Certificate Create screen. Use this screen to have the ZyAIR create a self-signed certificate, enroll a certificate with a certification authority or generate a certification request, see the following figure. Figure 77 My Certificate Create The following table describes the labels in this screen.
G-3000H User’s Guide Table 40 My Certificate Create (continued) LABEL DESCRIPTION Organizational Unit Type up to 127 characters to identify the organizational unit or department to which the certificate owner belongs. You may use any character, including spaces, but the ZyAIR drops trailing spaces. Organization Type up to 127 characters to identify the company or group to which the certificate owner belongs. You may use any character, including spaces, but the ZyAIR drops trailing spaces.
G-3000H User’s Guide Table 40 My Certificate Create (continued) LABEL DESCRIPTION Key Type the key that the certification authority gave you. Apply Click Apply to begin certificate or certification request generation. Cancel Click Cancel to quit and return to the My Certificates screen. After you click Apply in the My Certificate Create screen, you see a screen that tells you the ZyAIR is generating the self-signed certificate or certification request.
G-3000H User’s Guide Figure 78 My Certificate Details The following table describes the labels in this screen. Table 41 My Certificate Details LABEL DESCRIPTION Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this certificate. You may use any character (not including spaces). Property Default self-signed certificate which signs the imported remote host certificates.
G-3000H User’s Guide Table 41 My Certificate Details (continued) 138 LABEL DESCRIPTION Certificate Path Click the Refresh button to have this read-only text box display the hierarchy of certification authorities that validate the certificate (and the certificate itself). If the issuing certification authority is one that you have imported as a trusted certification authority, it may be the only certification authority in the list (along with the certificate itself).
G-3000H User’s Guide Table 41 My Certificate Details (continued) LABEL DESCRIPTION SHA1 Fingerprint This is the certificate’s message digest that the ZyAIR calculated using the SHA1 algorithm. Certificate in PEM (Base-64) Encoded Format This read-only text box displays the certificate or certification request in Privacy Enhanced Mail (PEM) format. PEM uses 64 ASCII characters to convert the binary certificate into a printable form.
G-3000H User’s Guide Figure 79 Trusted CAs The following table describes the labels in this screen. Table 42 Trusted CAs 140 LABEL DESCRIPTION PKI Storage Space in Use This bar displays the percentage of the ZyAIR’s PKI storage space that is currently in use. When you are using 80% or less of the storage space, the bar is green. When the amount of space used is over 80%, the bar is red.
G-3000H User’s Guide Table 42 Trusted CAs (continued) LABEL DESCRIPTION Delete Click Delete to delete an existing certificate. A window display asking you to confirm that you want to delete the certificate. Note that subsequent certificates move up by one when you take this action. Refresh Click this button to display the current validity status of the certificates. 11.
G-3000H User’s Guide 11.11 Trusted CA Certificate Details Click CERTIFICATES, Trusted CAs to open the Trusted CAs screen. Click the details icon to open the Trusted CA Details screen. Use this screen to view in-depth information about the certification authority’s certificate, change the certificate’s name and set whether or not you want the ZyAIR to check a certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority.
G-3000H User’s Guide Figure 81 Trusted CA Details The following table describes the labels in this screen. Table 44 Trusted CA Details LABEL DESCRIPTION Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this key certificate. You may use any character (not including spaces). Property Default self-signed certificate which signs the imported remote host certificates.
G-3000H User’s Guide Table 44 Trusted CA Details (continued) 144 LABEL DESCRIPTION Certificate Path Click the Refresh button to have this read-only text box display the end entity’s certificate and a list of certification authority certificates that shows the hierarchy of certification authorities that validate the end entity’s certificate.
G-3000H User’s Guide Table 44 Trusted CA Details (continued) LABEL DESCRIPTION CRL Distribution Points This field displays how many directory servers with Lists of revoked certificates the issuing certification authority of this certificate makes available. This field also displays the domain names or IP addresses of the servers. MD5 Fingerprint This is the certificate’s message digest that the ZyAIR calculated using the MD5 algorithm.
G-3000H User’s Guide 146 Chapter 11 Certificates
G-3000H User’s Guide CHAPTER 12 Remote Management Screens This chapter provides information on the Remote Management screens. 12.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which ZyAIR interface (if any) from which computers. You may manage your ZyAIR from a remote location via: • Internet (WAN only) • ALL (LAN and WAN) • LAN only • Neither (Disable).
G-3000H User’s Guide 12.1.2 Remote Management and NAT When NAT is enabled: • Use the ZyAIR’s WAN IP address when configuring from the WAN. • Use the ZyAIR’s LAN IP address when configuring from the LAN. 12.1.3 System Timeout There is a default system management idle timeout of five minutes (three hundred seconds). The ZyAIR automatically logs you out if the management session remains idle for longer than this timeout period. The management session does not time out when a statistics screen is polling.
G-3000H User’s Guide Figure 82 Remote Management: WWW The following table describes the labels in this screen. Table 45 Remote Management: WWW LABEL DESCRIPTION HTTPS Server Certificate Select the Server Certificate that the ZyAIR will use to identify itself. The ZyAIR is the SSL server and must always authenticate itself to the SSL client (the computer which requests the HTTPS connection with the ZyAIR).
G-3000H User’s Guide Table 45 Remote Management: WWW LABEL DESCRIPTION Server Access Select the interface(s) through which a computer may access the ZyAIR using this service. Secured Client IP Address A secured client is a “trusted” computer that is allowed to communicate with the ZyAIR using this service. Select All to allow any computer to access the ZyAIR using this service. Choose Selected to just allow the computer with the IP address that you specify to access the ZyAIR using this service.
G-3000H User’s Guide Figure 84 Remote Management: Telnet The following table describes the labels in this screen. Table 46 Remote Management: Telnet LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Server Access Select the interface(s) through which a computer may access the ZyAIR using this service.
G-3000H User’s Guide Figure 85 Remote Management: FTP The following table describes the labels in this screen. Table 47 Remote Management: FTP LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Server Access Select the interface(s) through which a computer may access the ZyAIR using this service.
G-3000H User’s Guide Figure 86 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the ZyAIR). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions. It executes applications that control and monitor managed devices.
G-3000H User’s Guide 12.6.1 Supported MIBs The ZyAIR supports MIB II that is defined in RFC-1213 and RFC-1215 as well as the proprietary ZyXEL private MIB. The purpose of the MIBs is to let administrators collect statistical data and monitor status and performance. 12.6.2 SNMP Traps The ZyAIR can send the following traps to the SNMP manager. Table 48 SNMP Traps TRAP NAME OBJECT IDENTIFIER # (OID) DESCRIPTION Generic Traps coldStart 1.3.6.1.6.3.1.1.5.1 This trap is sent after booting (power on).
G-3000H User’s Guide Table 48 SNMP Traps OBJECT IDENTIFIER # (OID) TRAP NAME DESCRIPTION pwWlanStaAuthFail 1.3.6.1.4.1.890.1.9.2.3.2.1 This trap is sent when a wireless client has failed to connect to the AP. The MAC address of the wireless client, the ESSID and the reason are listed. pwTFTPStatus 1.3.6.1.4.1.890.1.9.2.3.3.1 This trap is sent to indicate the status and result of a TFTP client session that has ended. 12.7 SNMP Traps Some traps include an SNMP interface index.
G-3000H User’s Guide Figure 87 Remote Management: SNMP The following table describes the labels in this screen. Table 50 Remote Management: SNMP LABEL DESCRIPTION SNMP Configuration Get Community Enter the Get Community, which is the password for the incoming Get and GetNext requests from the management station. The default is public and allows all requests. Set Community Enter the Set community, which is the password for incoming Set requests from the management station.
G-3000H User’s Guide CHAPTER 13 Log Screens This chapter contains information about configuring general log settings and viewing the ZyAIR’s logs. Refer to the appendix for example log message explanations. 13.1 Configuring View Log The web configurator allows you to look at all of the ZyAIR’s logs in one location. Click the LOGS links under ADVANCED to open the View Log screen. Use the View Log screen to see the logs for the categories that you selected in the Log Settings screen (see Figure 89).
G-3000H User’s Guide Table 51 View Log LABEL DESCRIPTION Notes This field displays additional information about the log entry. Email Log Now Click Email Log Now to send the log screen to the e-mail address specified in the Log Settings page. Refresh Click Refresh to renew the log screen. Clear Log Click Clear Log to clear all the logs. 13.2 Configuring Log Settings To change your ZyAIR’s log settings, click the LOGS links under ADVANCED and then the Log Settings tab. The screen appears as shown.
G-3000H User’s Guide Figure 89 Log Settings The following table describes the labels in this screen. Table 52 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and alert messages will not be sent via e-mail. Mail Subject Type a title that you want to be in the subject line of the log e-mail message that the ZyAIR sends.
G-3000H User’s Guide Table 52 Log Settings LABEL DESCRIPTION Log Schedule This drop-down menu is used to configure the frequency of log messages being sent as E-mail: • Daily • Weekly • Hourly • When Log is Full • None. If the Weekly or the Daily option is selected, specify a time of day when the Email should be sent. If the Weekly option is selected, then also specify which day of the week the E-mail should be sent. If the When Log is Full option is selected, an alert is sent when the log fills up.
G-3000H User’s Guide CHAPTER 14 Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 14.1 Maintenance Overview The maintenance screens can help you view system information, upload new firmware, manage configuration and restart your ZyAIR. 14.2 System Status Screen Click MAINTENANCE to open the System Status screen, where you can use to monitor your ZyAIR.
G-3000H User’s Guide 14.2.1 System Statistics Read-only information here includes port status, packet specific statistics and bridge link status. Also provided are "system up time" and "poll interval(s)". The Poll Interval field is configurable. Figure 91 System Status: Show Statistics The following table describes the labels in this screen. Table 54 System Status: Show Statistics 162 LABEL DESCRIPTION Port This is the Ethernet or wireless port.
G-3000H User’s Guide Table 54 System Status: Show Statistics LABEL DESCRIPTION TxPkts This is the number of transmitted packets on the wireless bridge. RxPkts This is the number of received packets on the wireless bridge. System Up Time This is the total time the ZyAIR has been on. Poll Interval(s) Enter the time interval for refreshing statistics. Set Interval Click this button to apply the new poll interval you entered above. Stop Click this button to stop refreshing statistics. 14.
G-3000H User’s Guide Table 55 Association List LABEL DESCRIPTION Privacy This field displays whether traffic on the WDS is encrypted or not. Refresh Click Refresh to reload the screen. 14.4 Channel Usage The Channel Usage screen shows whether a channel is used by another wireless network or not. If a channel is being used, you should select a channel removed from it by five channels to completely avoid overlap. Click MAINTENANCE and then the Channel Usage tab to display the screen shown next.
G-3000H User’s Guide Figure 93 Channel Usage The following table describes the labels in this screen. Table 56 Channel Usage LABEL DESCRIPTION SSID This is the Service Set IDentification name of the AP in an Infrastructure wireless network or wireless station in an Ad-Hoc wireless network. For our purposes, we define an Infrastructure network as a wireless network that uses an AP and an Ad-Hoc network (also known as Independent Basic Service Set (IBSS)) as one that doesn’t.
G-3000H User’s Guide Table 56 Channel Usage LABEL DESCRIPTION Network Mode “Network mode” in this screen refers to your wireless LAN infrastructure (refer to the Wireless LAN chapter) and WEP setup. Network modes are: Infrastructure (same as an extended service set ESS)), Infrastructure with WEP (WEP encryption is enabled), Ad-Hoc (same as an independent basic service set IBSS)), or Ad-Hoc with WEP. Refresh Click Refresh to reload the screen. 14.5 F/W Upload Screen Find firmware at www.zyxel.
G-3000H User’s Guide After you see the Firmware Upload in Process screen, wait two minutes before logging into the ZyAIR again. Figure 95 Firmware Upload In Process The ZyAIR automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 96 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the System Status screen.
G-3000H User’s Guide Figure 97 Firmware Upload Error 14.6 Configuration Screen See the Firmware and Configuration File Maintenance chapter for transferring configuration files using FTP/TFTP commands. Click MAINTENANCE, and then the Configuration tab. Information related to factory defaults, backup configuration, and restoring configuration appears as shown next. Figure 98 Configuration 14.6.
G-3000H User’s Guide Click Backup to save the ZyAIR’s current configuration to your computer. 14.6.2 Restore Configuration Restore configuration allows you to upload a new or previously saved configuration file from your computer to your ZyAIR. Table 58 Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse... Click Browse... to find the file you want to upload.
G-3000H User’s Guide Figure 101 Configuration Upload Error 14.6.3 Back to Factory Defaults Pressing the Reset button in this section clears all user-entered configuration information and returns the ZyAIR to its factory defaults as shown on the screen. The following warning screen will appear. Figure 102 Reset Warning Message You can also press the RESET button on the side panel to reset the factory defaults of your ZyAIR.
G-3000H User’s Guide CHAPTER 15 Introducing the SMT This chapter describes how to access the SMT and provides an overview of its menus. 15.1 Connect to your ZyAIR Using Telnet The following procedure details how to telnet into your ZyAIR. 1 In Windows, click Start (usually in the bottom left corner), Run and then type “telnet 192.168.1.2” (the default IP address) and click OK. 2 For your first login, enter the default password “1234”.
G-3000H User’s Guide Figure 105 Menu 23.1 System Security: Change Password Menu 23.1 – System Security – Change Password Old Password= **** New Password= ? Retype to confirm= ? Enter here to CONFIRM or ESC to CANCEL: 4 Type your new system password in the New Password field (up to 30 characters), and press [ENTER]. 5 Re-type your new system password in the Retype to confirm field for confirmation and press [ENTER].
G-3000H User’s Guide Table 59 SMT Menus Overview (continued) MENUS SUB MENUS 24 System Maintenance 24.1 System Status 24.2 System Information and Console Port Speed 24.2.1 System Information 24.3 Log and Trace 24.3.2 Syslog Logging 24.2.2 Console Port Speed 24.3.4 Call-Triggering Packet 24.4 Diagnostic 24.5 Backup Configuration 24.6 Restore Configuration 24.7 Upload Firmware 24.7.1 Upload System Firmware 24.7.2 Upload System Configuration File 24.8 Command Interpreter Mode 24.
G-3000H User’s Guide Table 60 Main Menu Commands OPERATION KEYSTROKE DESCRIPTION Required fields > or ChangeMe All fields with the symbol > must be filled in order to be able to save the new configuration. All fields with ChangeMe must not be left blank in order to be able to save the new configuration. N/A fields Some of the fields in the SMT will show a . This symbol refers to an option that is Not Applicable.
G-3000H User’s Guide Table 61 Main Menu Summary # MENU TITLE DESCRIPTION 24 System Maintenance This menu provides system status, diagnostics, software upload, etc. 99 Exit Use this to exit from SMT and return to a blank screen.
G-3000H User’s Guide 176 Chapter 15 Introducing the SMT
G-3000H User’s Guide CHAPTER 16 General Setup The chapter shows you the information on general setup. 16.1 General Setup Menu 1 – General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. It is recommended you type your computer's "Computer name". The Domain Name entry is what is propagated to the DHCP clients on the LAN.
G-3000H User’s Guide Table 62 Menu 1 General Setup FIELD DESCRIPTION First/Second/Third System DNS Server Press [SPACE BAR] to select From DHCP, User Defined or None and press [ENTER]. These fields are not available on all models. IP Address Enter the IP addresses of the DNS servers. This field is available when you select User-Defined in the field above.
G-3000H User’s Guide CHAPTER 17 LAN Setup This chapter shows you how to configure the LAN on your ZyAIR. 17.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 – LAN Setup. From the main menu, enter 3 to display menu 3. Figure 108 Menu 3 LAN Setup Menu 3 - LAN Setup 2. TCP/IP Setup 5. Wireless LAN Setup Enter Menu Selection Number: Detailed explanation about the LAN Setup menu is given in the next chapter. 17.2 TCP/IP Ethernet Setup Use menu 3.
G-3000H User’s Guide Figure 109 Menu 3.2 TCP/IP Setup Menu 3.2 - TCP/IP Setup IP Address Assignment= Static IP Address= 192.168.1.2 IP Subnet Mask= 255.255.255.0 Gateway IP Address= 0.0.0.0 Follow the instructions in the following table on how to configure the fields in this menu. Table 63 Menu 3.2 TCP/IP Setup FIELD DESCRIPTION IP Address Assignment Press [SPACE BAR] and then [ENTER] to select Dynamic to have the ZyAIR obtain an IP address from a DHCP server.
G-3000H User’s Guide Figure 110 Menu 3.5 Wireless LAN Setup Menu 3.5 - Wireless LAN Setup Operating Mode= Bridge / Repeater Hide Name (SSID)= N/A Channel ID= CH06 2437MHz RTS Threshold= 2432 Frag. Threshold= 2432 Edit MAC Address Filter= N/A Edit Roaming Configuration= N/A Edit SSID Profile= N/A Select SSID Profile= N/A Edit Bridge Link Configuration= No Preamble= Long 802.11 Mode= Mixed Max.
G-3000H User’s Guide Table 64 Menu 3.5 Wireless LAN Setup FIELD DESCRIPTION Edit SSID Profile Use [SPACE BAR] to choose Yes and press [ENTER] to go to Menu 3.5.6 - SSID Profile Edit. This field is only available when you select MESSID in the Operating Mode field. Select SSID Profile Use [SPACE BAR] to choose an SSID profile. This field is only available when you select Access Point in the Operating Mode field. Preamble Use [SPACE BAR] to choose a preamble type. Choices are Long, Short and Dynamic.
G-3000H User’s Guide Figure 111 Menu 3.5 Wireless LAN Setup Menu 3.5 - Wireless LAN Setup Operating Mode= Access Point Hide Name (SSID)= No Channel ID= CH06 2437MHz RTS Threshold= 2432 Frag. Threshold= 2432 Edit MAC Address Filter= Yes Edit Roaming Configuration= No Edit SSID Profile= N/A Select SSID Profile= SSID01 Edit Bridge Link Configuration= N/A Preamble= Long 802.11 Mode= Mixed Max.
G-3000H User’s Guide The following table describes the fields in this menu. Table 65 Menu 3.5.1 WLAN MAC Address Filter FIELD DESCRIPTION Active To enable MAC address filtering, press [SPACE BAR] to select Yes and press [ENTER]. Filter Action Define the filter action for the list of MAC addresses in the MAC address filter table. To deny access to the ZyAIR, press [SPACE BAR] to select Deny Association and press [ENTER]. MAC addresses not listed will be allowed to access the router.
G-3000H User’s Guide Figure 113 Menu 3.5 Wireless LAN Setup Menu 3.5 - Wireless LAN Setup Operating Mode= MESSID Hide Name (SSID)= No Channel ID= CH06 2437MHz RTS Threshold= 2432 Frag. Threshold= 2432 Edit MAC Address Filter= No Edit Roaming Configuration= Yes Edit SSID Profile= No Select SSID Profile= N/A Edit Bridge Link Configuration= No Preamble= Long 802.11 Mode= Mixed Max.
G-3000H User’s Guide 17.3.3 Configuring SSID Profiles Follow the steps below to configure SSID profiles on your ZyAIR. 1 From the main menu, enter 3 to open Menu 3 – LAN Setup. 2 Enter 5 to display Menu 3.5 – Wireless LAN Setup. Figure 115 Menu 3.5 Wireless LAN Setup Menu 3.5 - Wireless LAN Setup Operating Mode= MESSID Hide Name (SSID)= No Channel ID= CH06 2437MHz RTS Threshold= 2432 Frag.
G-3000H User’s Guide Figure 116 Menu 3.5.6 - SSID Profile Edit Menu 3.5.6 - SSID Profile Edit 1 SSID03 Active= Yes 5 SSID01 Active= No 2 SSID01 Active= No 6 SSID01 Active= No 3 SSID01 Active= No 7 SSID01 Active= No 4 SSID01 Active= No 8 SSID01 Active= No Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle. The following table describes the fields in this menu. Table 67 Menu 3.5.6 - SSID Profile Edit FIELD DESCRIPTION SSID 1~8 Press [SPACE BAR] to select an SSID from 1 to 16.
G-3000H User’s Guide Figure 117 Menu 3.5 Wireless LAN Setup Menu 3.5 - Wireless LAN Setup Operating Mode= Bridge / Repeater Hide Name (SSID)= N/A Channel ID= CH06 2437MHz RTS Threshold= 2432 Frag. Threshold= 2432 Edit MAC Address Filter= N/A Edit Roaming Configuration= N/A Edit SSID Profile= N/A Select SSID Profile= N/A Edit Bridge Link Configuration= Yes Preamble= Long 802.11 Mode= Mixed Max.
G-3000H User’s Guide Figure 118 Menu 3.5.4 Bridge Link Configuration Menu 3.5.
G-3000H User’s Guide Figure 119 Menu 3.5 Wireless LAN Setup Menu 3.5 - Wireless LAN Setup Operating Mode= MESSID Hide Name (SSID)= No Channel ID= CH06 2437MHz RTS Threshold= 2432 Frag. Threshold= 2432 Edit MAC Address Filter= No Edit Roaming Configuration= No Edit SSID Profile= No Select SSID Profile= N/A Edit Bridge Link Configuration= No Preamble= Long 802.11 Mode= Mixed Max.
G-3000H User’s Guide The following table describes the fields in this menu. Table 69 Menu 3.5.5 Layer-2 Isolation FIELD DESCRIPTION Allow devices with these MAC addresses These are the MAC address of a wireless client, AP, computer or router. A wireless client associated with the ZyAIR can communicate with another wireless client, AP, computer or router only if the MAC addresses of those devices are listed in this table.
G-3000H User’s Guide 192 Chapter 17 LAN Setup
G-3000H User’s Guide CHAPTER 18 Dial-in User Setup This chapter shows you how to create user accounts on the ZyAIR. 18.1 Dial-in User Setup By storing user profiles locally, your ZyAIR is able to authenticate wireless users without interacting with a network RADIUS server. Follow the steps below to set up user profiles on your ZyAIR. From the main menu, enter 14 to display Menu 14 - Dial-in User Setup. Figure 121 Menu 14- Dial-in User Setup Menu 14 - Dial-in User Setup 1. 2. 3. 4. 5. 6. 7. 8.
G-3000H User’s Guide Figure 122 Menu 14.1- Edit Dial-in User Menu 14.1 - Edit Dial-in User User Name= test Active= Yes Password= ******** Press ENTER to Confirm or ESC to Cancel: Leave name field blank to delete profile The following table describes the fields in this screen. Table 70 Menu 14.1- Edit Dial-in User FIELD DESCRIPTION User Name Enter a username up to 31 alphanumeric characters long for this user profile. This field is case sensitive.
G-3000H User’s Guide CHAPTER 19 VLAN Setup This chapter explains VLAN Setup menu 16. Refer to the Multiple-ESS and VLAN chapter for background information on VLAN. 19.1 VLAN Setup To setup VLAN, select option 16 from the main menu to open Menu 16 – VLAN Setup as shown next. Figure 123 Menu 16 VLAN Setup Menu 16 - VLAN Setup VLAN Tagging= Yes Native VLAN ID= 1 ----------------------------------------------------------1.Active= Yes ID= 1 Name= zyxel 2.Active= No ID= N/A Name= N/A 3.
G-3000H User’s Guide Table 71 Menu 16 VLAN Setup FIELD DESCRIPTION Active To enable a VLAN mapping profile, press [SPACE BAR] to select Yes and press [ENTER]. ID Press [SPACE BAR] to select a VLAN ID or enter one from 1 to 4094. Incoming traffic from the WLAN is authorized and assigned a VLAN ID by the RADIUS server before it is sent to the LAN interface of the wireless client. Different SSID profiles can use the same or different VLAN IDs.
G-3000H User’s Guide CHAPTER 20 SNMP Configuration This chapter explains SNMP Configuration menu 22. See the web configurator chapter on SNMP for background information. 20.1 SNMP Configuration To configure SNMP, select option 22 from the main menu to open Menu 22 – SNMP Configuration as shown next. The “community” for Get, Set and Trap fields is SNMP terminology for password.
G-3000H User’s Guide Table 72 Menu 22 SNMP Configuration FIELD DESCRIPTION Destination Type the IP address of the station to send your SNMP traps to. When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.
G-3000H User’s Guide CHAPTER 21 System Security This chapter describes how to configure the system security on the ZyAIR. 21.1 System Security You can configure the system password, an external RADIUS server and 802.1x in this menu. 21.1.1 System Password Figure 125 Menu 23 System Security Menu 23 - System Security 1. Change Password 5. Security Profile Edit Enter Menu Selection Number: You should change the default password.
G-3000H User’s Guide Figure 126 Menu 23 - System Security Menu 23 - System Security 1. Change Password 5. Security Profile Edit Enter Menu Selection Number: From Menu 23 - System Security, enter 5 to display Menu 23.5 – Security Profile Edit as shown next. Figure 127 Menu 23.5 Security Profile Edit Menu 23.
G-3000H User’s Guide CHAPTER 22 System Information and Diagnosis This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software. This chapter describes how to use these tools in detail. Type 24 in the main menu and press [ENTER] to open Menu 24 – System Maintenance, as shown in the following figure.
G-3000H User’s Guide Figure 129 Menu 24.1 System Maintenance: Status Port Status Ethernet 100M/Full Wireless 54M Menu 24.1 - System Maintenance - Status 01:55:5 Sat. Jan. 01, 200 TxPkts 5802 3811 Rx B/s 128 0 Port Ethernet Address Ethernet 00:13:49:2A:2A:F5 Wireless 00:13:49:2A:2A:F5 RxPkts 2001 74 Cols 0 0 Tx B/s 303 64 IP Address 192.168.1.2 IP Mask 255.255.255.0 Up Tim 1:54: 1:55: DHCP None System up Time: 1:55:57 ZyNOS F/W Version: V3.50(AAC.
G-3000H User’s Guide 22.2 System Information To get to the System Information: 1 Enter 24 to display Menu 24 – System Maintenance. 2 Enter 2 to display Menu 24.2 – System Information and Console Port Speed. 3 From this menu you have two choices as shown in the next figure: Figure 130 Menu 24.2 System Information and Console Port Speed Menu 24.2 - System Information and Console Port Speed 1. System Information 2.
G-3000H User’s Guide Table 74 Menu 24.2.1 System Maintenance: Information FIELD DESCRIPTION ZyNOS F/W Version Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. Country Code Refers to the country code of the firmware. LAN Ethernet Address Refers to the Ethernet MAC (Media Access Control) of your ZyAIR. IP Address This is the IP address of the ZyAIR in dotted decimal notation.
G-3000H User’s Guide Figure 133 Menu 24.3 System Maintenance: Log and Trace Menu 24.3 - System Maintenance - Log and Trace 1. View Error Log Please enter selection: 3 Enter 1 from Menu 24.3 – System Maintenance – Log and Trace and press [ENTER] twice to display the error log in the system. After the ZyAIR finishes displaying the error log, you will have the option to clear it. Samples of typical error and information messages are presented in the next figure.
G-3000H User’s Guide 1 From the main menu, type 24 to open Menu 24 – System Maintenance. 2 From this menu, type 4. Diagnostic to open Menu 24.4 – System Maintenance – Diagnostic. The following table describes the diagnostic tests available in menu 24.4 for your ZyAIR and the connections. Table 75 Menu 24.4 System Maintenance Menu: Diagnostic 206 FIELD DESCRIPTION Ping Host Ping the host to see if the links and TCP/IP protocol on both systems are working.
G-3000H User’s Guide CHAPTER 23 Firmware and Configuration File Maintenance This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files using the SMT screens. 23.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password and TCP/IP Setup, etc. It arrives from ZyXEL with a rom filename extension.
G-3000H User’s Guide The following table is a summary. Please note that the internal filename refers to the filename on the ZyAIR and the external filename refers to the filename not on the ZyAIR, that is, on your computer, local network or FTP site and so the name (but not the extension) will vary. After uploading new firmware see the ZyNOS F/W Version field in Menu 24.2.1 – System Maintenance – Information to confirm that you have uploaded the correct firmware version.
G-3000H User’s Guide Figure 136 Menu 24.5 Backup Configuration Menu 24.5 – Backup Configuration To transfer the configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your router. Then type "root" and SMT password as requested. 3. Locate the ‘rom-0’ file. 4. Type ‘get rom-0’ to back up the current router configuration to your workstation.
G-3000H User’s Guide Figure 137 FTP Session Example 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 327680 bytes sent in 1.10Seconds 297.89Kbytes/sec. ftp> quit The following table describes some of the commands that you may see in third party FTP clients.
G-3000H User’s Guide 3 Enter command “sys stdio 0” to disable the SMT timeout, so the TFTP transfer will not be interrupted. Enter command “sys stdio 5” to restore the five-minute SMT timeout (default) when the file transfer is complete. 4 Launch the TFTP client on your computer and connect to the ZyAIR. Set the transfer mode to binary before starting data transfer. 5 Use the TFTP client (see the example below) to transfer files between the ZyAIR and the computer.
G-3000H User’s Guide Figure 138 System Maintenance: Backup Configuration Ready to backup Configuration via Xmodem. Do you want to continue (y/n): 2 The following screen indicates that the Xmodem download has started. Figure 139 System Maintenance: Starting Xmodem Download Screen You can enter ctrl-x to terminate operation any time. Starting XMODEM download... 3 Run the HyperTerminal program by clicking Transfer, then Receive File as shown in the following screen.
G-3000H User’s Guide 23.3.1 Restore Using FTP For details about backup using (T)FTP please refer to earlier sections on FTP and TFTP file upload in this chapter. Figure 142 Menu 24.6 Restore Configuration Menu 24.6 – Restore Configuration To transfer the firmware and the configuration file, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your router. Then type "root" and SMT password as requested. 3.
G-3000H User’s Guide 23.4.1 Firmware Upload FTP is the preferred method for uploading the firmware and configuration. To use this feature, your computer must have an FTP client. When you telnet into the ZyAIR, you will see the following screens for uploading firmware and the configuration file using FTP. Figure 144 Menu 24.7.1 System Maintenance: Upload System Firmware Menu 24.7.1 - System Maintenance - Upload System Firmware To upload the system firmware, follow the procedure below: 1.
G-3000H User’s Guide To transfer the firmware and the configuration file, follow these examples: 23.4.3 Using the FTP command from the DOS Prompt Example 1 Launch the FTP client on your computer. 2 Enter “open” and the IP address of your ZyAIR. 3 Press [ENTER] when prompted for a username. 4 Enter “root” and your SMT password as requested. The default is 1234. 5 Enter “bin” to set transfer mode to binary. 6 Use “put” to transfer files from the computer to the ZyAIR, e.g., put firmware.
G-3000H User’s Guide 2 Put the SMT in command interpreter (CI) mode by entering 8 in Menu 24 – System Maintenance. 3 Enter the command “sys stdio 0” to disable the SMT timeout, so the TFTP transfer will not be interrupted. Enter command “sys stdio 5” to restore the five-minute SMT timeout (default) when the file transfer is complete. 4 Launch the TFTP client on your computer and connect to the ZyAIR. Set the transfer mode to binary before starting data transfer.
G-3000H User’s Guide Figure 147 Menu 24.7.1 as seen using the Console Port Menu 24.7.1 - System Maintenance - Upload System Firmware To upload system firmware: 1. Enter "y" at the prompt below to go into debug mode. 2. Enter "atur" after "Enter Debug Mode" message. 3. Wait for "Starting XMODEM upload" message before activating Xmodem upload on your terminal. 4. After successful firmware upload, enter "atgo" to restart the router. Warning: Proceeding with the upload will erase the current system firmware.
G-3000H User’s Guide Figure 149 Menu 24.7.2 as seen using the Console Port Menu 24.7.2 - System Maintenance - Upload System Configuration File To 1. 2. 3. upload system configuration file: Enter "y" at the prompt below to go into debug mode. Enter "atlc" after "Enter Debug Mode" message. Wait for "Starting XMODEM upload" message before activating Xmodem upload on your terminal. 4. After successful firmware upload, enter "atgo" to restart the system. Warning: 1.
G-3000H User’s Guide CHAPTER 24 System Maintenance and Information This chapter leads you through SMT menus 24.8 and 24.10. 24.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the main system firmware. The CI provides much of the same functionality as the SMT, while adding some low-level setup and diagnostic functions. Enter the CI from the SMT by selecting menu 24.8. See the included disk or the zyxel.com web site for more detailed information on CI commands.
G-3000H User’s Guide Figure 151 Menu 24 System Maintenance Menu 24 - System Maintenance 1. 2. 3. 4. 5. 6. 7. 8. System Status System Information and Console Port Speed Log and Trace Diagnostic Backup Configuration Restore Configuration Upload Firmware Command Interpreter Mode 10. Time and Date Setting 11. Remote Management Setup Enter Menu Selection Number: Figure 152 Valid CI Commands Copyright (c) 1994 - 2005 ZyXEL Communications Corp.
G-3000H User’s Guide Figure 153 CNM CL G-3000H>cnm active reset G-3000H> sgid simulate managerIp encrykey debug encrymode The following table describes the commands in this screen. All commands begin with “cnm” so for example, type “cnm active 1” to enable Vantage CNM on your device.
G-3000H User’s Guide Table 79 CNM Commands COMMAND SUB COMMAND managerIp [addr] debug <0:Disable 1:Vantage 2:Agent tester 3:Server> 0 1 2 3 This command displays the public IP address of the Vantage CNM server. If the Vantage server is on the same subnet as the ZyXEL device, enter the private or public IP address of the Vantage CNM server. If the Vantage CNM server is on a different subnet to the ZyXEL device, enter the public IP address of the Vantage CNM server.
G-3000H User’s Guide Table 79 CNM Commands COMMAND SUB COMMAND encrymode <0:NONE 1:DES 2:3DES> keepalive 0 [seconds] version DESCRIPTION This command is used to encrypt communications between the ZyXEL device and the Vantage CNM server. Use this command to set the encryption mode. Type 0 to have no encryption, type 1 to have the ZyXEL device use DES encryption or type 2 to have the ZyXEL device use 3DES encryption. The ZyXEL device must use the same encryption mode as the Vantage CNM server.
G-3000H User’s Guide Figure 154 CNM Configuration Example G-3000H> cnm active reset version G-3000H> sgid encrykey managerIp encrymode debug keepalive G-3000H> cnm active cnm active 0 <0:Disable 1:Enable CNM via WAN 2:Enable CNM via WAN or LAN> Last Register Time: 0-0-0 0:0:0 G-3000H> cnm active 1 cnm active 1 G-3000H> G-3000H> cnm managerIp managerIp 0.0.0.0 G-3000H> cnm managerIp 10.1.1.1 managerIp 10.1.1.
G-3000H User’s Guide time manually or get the current time and date from an external server when you turn on your ZyAIR. Menu 24.10 allows you to update the time and date settings of your ZyAIR. The real time is then displayed in the ZyAIR error logs. 1 Select menu 24 in the main menu to open Menu 24 – System Maintenance. 2 Then enter 10 to go to Menu 24.10 – System Maintenance – Time and Date Setting to update the time and date settings of your ZyAIR as shown in the following screen. Figure 155 Menu 24.
G-3000H User’s Guide Table 80 System Maintenance: Time and Date Setting FIELD DESCRIPTION End Date If using daylight savings time, enter the month and day that it ends on Once you have filled in this menu, press [ENTER] at the message “Press ENTER to Confirm or ESC to Cancel“ to save your configuration, or press [ESC] to cancel. 24.2.1 Resetting the Time The ZyAIR resets the time in three instances: 1 On leaving menu 24.10 after making changes.
G-3000H User’s Guide 24.3.3 Web You can use the ZyAIR’s embedded web configurator for configuration and file management. See the online help for details. 24.3.4 Remote Management Setup Remote management setup is for managing Telnet, FTP and Web services. You can customize the service port, access interface and the secured client IP address to enhance security and flexibility.
G-3000H User’s Guide Figure 157 Menu 24.11 Remote Management Control Menu 24.11 - Remote Management Control TELNET Server: FTP Server: HTTPS Server: HTTP Server: SNMP Service: Port = 23 Access = ALL Secure Client IP = 0.0.0.0 Port = 21 Access = ALL Secure Client IP = 0.0.0.0 Certificate = auto_generated_self_signed_cert Authenticate Client Certificates = No Port = 443 Access = ALL Secure Client IP = 0.0.0.0 Port = 80 Access = ALL Secure Client IP = 0.0.0.0 Port = 161 Access = ALL Secure Client IP = 0.0.0.
G-3000H User’s Guide 24.3.5 Remote Management Limitations Remote management over LAN or WAN will not work when: 1 A filter in menu 3.1 (LAN) or in menu 11.5 (WAN) is applied to block a Telnet, FTP or Web service. 2 You have disabled that service in menu 24.11. 3 The IP address in the Secured Client IP field (menu 24.11) does not match the client IP address. If it does not match, the ZyAIR will disconnect the session immediately.
G-3000H User’s Guide 230 Chapter 24 System Maintenance and Information
G-3000H User’s Guide Appendix A Troubleshooting This appendix covers potential problems and possible remedies. After each problem description, some instructions are provided to help you to diagnose and to solve the problem. Problems Starting Up the ZyAIR Table 83 Troubleshooting the Start-Up of Your ZyAIR PROBLEM CORRECTIVE ACTION None of the LEDs Make sure you are using the supplied power adaptor and that it is plugged in to an turn on when I plug in appropriate power source.
G-3000H User’s Guide Problems with the Password Table 85 Troubleshooting the Password PROBLEM CORRECTIVE ACTION I cannot access the ZyAIR. The Password and Username fields are case-sensitive. Make sure that you enter the correct password and username using the proper casing. Use the RESET button on the top panel of the ZyAIR to restore the factory default configuration file (hold this button in for about 10 seconds or until the link LED turns red).
G-3000H User’s Guide Appendix B Specifications Hardware Table 88 Hardware Power Specification DC 12V 1200mA Operation Temperature 5º C ~ 50º C Storage Temperature -20º C ~ 55º C Operation Humidity 10% to 90% (Non-condensing) Storage Humidity 5% to 95% (Non-condensing) Firmware Table 89 Firmware Standards IEEE 802.3 and 802.3u 10Base-T and 100Base-TX. IEEE 802.11b specification compliance for wireless LAN. IEEE 802.11g specification compliance for wireless LAN. IEEE 802.1x security standard.
G-3000H User’s Guide Table 89 Firmware (continued) 234 Diagnostics Capabilities The access point can perform self-diagnostic tests. These tests check the integrity of the following circuits: FLASH memory. DRAM. Wireless port. Syslog. Errorlog. Trace log. Packet Log. Management Embedded Web Configurator management. Command-line interface. Telnet support; Password-protected telnet access to internal configuration manager. FTP/TFTP/Web for firmware downloading, configuration backup and restoration.
G-3000H User’s Guide Appendix C Power over Ethernet (PoE) Specifications You can use a power over Ethernet injector to power this device. The injector must comply to IEEE 802.3af.-7 Table 90 Power over Ethernet Injector Specifications Power Output 15.
G-3000H User’s Guide 236 Appendix C Power over Ethernet (PoE) Specifications
G-3000H User’s Guide Appendix D Brute-Force Password Guessing Protection The following describes the commands for enabling, disabling and configuring the brute-force password guessing protection mechanism for the password. See Appendix I for information on the command structure. Table 92 Brute-Force Password Guessing Protection Commands COMMAND DESCRIPTION sys pwderrtm This command displays the brute-force guessing password protection settings.
G-3000H User’s Guide 238 Appendix D Brute-Force Password Guessing Protection
G-3000H User’s Guide Appendix E Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer. Windows 3.1 requires the purchase of a third-party TCP/IP application package.
G-3000H User’s Guide Figure 158 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add. 2 Select Adapter and then click Add. 3 Select the manufacturer and model of your network adapter and then click OK. If you need TCP/IP: 1 In the Network window, click Add.
G-3000H User’s Guide 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click OK. 5 Restart your computer so the changes you made take effect. Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • • If your IP address is dynamic, select Obtain an IP address automatically.
G-3000H User’s Guide Figure 160 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • • If you do not know your gateway’s IP address, remove previously installed gateways. If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window. 6 Click OK to close the Network window. Insert the Windows CD if prompted. 7 Turn on your ZyAIR and restart your computer when prompted.
G-3000H User’s Guide Figure 161 Windows XP: Start Menu 2 For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Figure 162 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties.
G-3000H User’s Guide Figure 163 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. Figure 164 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). • 244 If you have a dynamic IP address click Obtain an IP address automatically.
G-3000H User’s Guide • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. Click Advanced. Figure 165 Windows XP: Advanced TCP/IP Settings 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: • • • • • • • • In the IP Settings tab, in IP addresses, click Add.
G-3000H User’s Guide • • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them.
G-3000H User’s Guide Figure 167 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 168 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list.
G-3000H User’s Guide 4 For statically assigned settings, do the following: • • • • From the Configure box, select Manually. Type your IP address in the IP Address box. Type your subnet mask in the Subnet mask box. Type the IP address of your ZyAIR in the Router address box. 5 Close the TCP/IP Control Panel. 6 Click Save if prompted, to save changes to your configuration. 7 Turn on your ZyAIR and restart your computer (if prompted).
G-3000H User’s Guide Figure 170 Macintosh OS X: Network 4 For statically assigned settings, do the following: • • • • From the Configure box, select Manually. Type your IP address in the IP Address box. Type your subnet mask in the Subnet mask box. Type the IP address of your ZyAIR in the Router address box. 5 Click Apply Now and close the window. 6 Turn on your ZyAIR and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the Network window.
G-3000H User’s Guide 250 Appendix E Setting up Your Computer’s IP Address
G-3000H User’s Guide Appendix F IP Address Assignment Conflicts This appendix describes situations where IP address conflicts may occur. Subscribers with duplicate IP addresses will not be able to access the Internet. Case A: The ZyAIR is using the same LAN and WAN IP addresses The following figure shows an example where the ZyAIR is using a WAN IP address that is the same as the IP address of a computer on the LAN.
G-3000H User’s Guide Figure 172 IP Address Conflicts: Case B To solve this problem, make sure the ZyAIR LAN IP address is not in the DHCP IP address pool. Case C: The Subscriber IP address is the same as the IP address of a network device The following figure depicts an example where the subscriber IP address is the same as the IP address of a network device not attached to the ZyAIR.
G-3000H User’s Guide Figure 174 IP Address Conflicts: Case D This problem can be solved by adding a VLAN-enabled switch or set the computers to obtain IP addresses dynamically.
G-3000H User’s Guide 254 Appendix F IP Address Assignment Conflicts
G-3000H User’s Guide Appendix G Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C).
G-3000H User’s Guide Figure 176 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood.
G-3000H User’s Guide Figure 177 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference. Interference occurs when radio signals from different access points overlap causing interference and degrading performance. Adjacent channels partially overlap however.
G-3000H User’s Guide Figure 178 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations. RTS/CTS is designed to prevent collisions due to hidden nodes.
G-3000H User’s Guide A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.
G-3000H User’s Guide IEEE 802.1x In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional accounting and control features. It is supported by Windows XP and a number of network devices. Some advantages of IEEE 802.1x are: • User based identification that allows for roaming.
G-3000H User’s Guide • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another AccessRequest message. The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting: • Accounting-Request Sent by the access point requesting accounting. • Accounting-Response Sent by the RADIUS server to indicate that it has started or stopped accounting.
G-3000H User’s Guide EAP-TLS (Transport Layer Security) With EAP-TLS, digital certifications are needed by both the server and the wireless stations for mutual authentication. The server presents a certificate to the client. After validating the identity of the server, the client sends a different certificate to the server. The exchange of certificates is done in the open before a secured tunnel is created. This makes user identity vulnerable to passive attacks.
G-3000H User’s Guide The following table is a comparison of the features of authentication types.
G-3000H User’s Guide The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has been tampered with and the packet is dropped.
G-3000H User’s Guide Table 95 Wireless Security Relational Matrix (continued) AUTHENTICATION ENCRYPTION ENTER METHOD/ KEY METHOD MANUAL KEY MANAGEMENT PROTOCOL ENABLE IEEE 802.
G-3000H User’s Guide 266 Appendix G Wireless LANs
G-3000H User’s Guide Appendix H IP Subnetting IP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1. IP addresses are categorized into different classes. The class of an address depends on the value of its first octet. • Class “A” addresses have a 0 in the left most bit.
G-3000H User’s Guide Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127. Similarly the first octet of a class “B” must begin with “10”, therefore the first octet of a class “B” address has a valid range of 128 to 191. The first octet of a class “C” address begins with “110”, and therefore has a range of 192 to 223.
G-3000H User’s Guide Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/” followed by the number of bits in the mask after the address. For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with mask 255.255.255.128.
G-3000H User’s Guide Note: In the following charts, shaded/bolded last octet bit values indicate host ID bits “borrowed” to form network ID bits. The number of “borrowed” host ID bits determines the number of subnets you can have. The remaining number of host ID bits (after “borrowing”) determines the number of hosts you can have on each subnet. Table 101 Subnet 1 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 0 IP Address (Binary) 11000000.10101000.00000001. 00000000 Subnet Mask 255.
G-3000H User’s Guide Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow” two host ID bits to give four possible combinations of 00, 01, 10 and 11. The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192.
G-3000H User’s Guide Table 106 Subnet 4 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 192 IP Address (Binary) 11000000.10101000.00000001. 11000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.192 Lowest Host ID: 192.168.1.193 Broadcast Address: 192.168.1.255 Highest Host ID: 192.168.1.254 Example Eight Subnets Similarly use a 27-bit mask to create 8 subnets (001, 010, 011, 100, 101, 110).
G-3000H User’s Guide Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID. A class “B” address has two host ID octets available for subnetting and a class “A” address has three host ID octets (see Table 96) available for subnetting. The following table is a summary for class “B” subnet planning. Table 109 Class B Subnet Planning NO.
G-3000H User’s Guide 274 Appendix H IP Subnetting
G-3000H User’s Guide Appendix I Command Interpreter The following describes how to use the command interpreter. Enter 24 in the main menu to bring up the system maintenance menu. Enter 8 to go to Menu 24.8 - Command Interpreter Mode. See the included disk or zyxel.com for more detailed information on these commands. Note: Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable. Command Syntax • • • • • The command keywords are in courier new font.
G-3000H User’s Guide 276 Appendix I Command Interpreter
G-3000H User’s Guide Appendix J Log Descriptions This appendix provides descriptions of example log messages. Table 110 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is successful The router has adjusted its time based on information from the time server. Time calibration failed The router failed to get information from the time server. DHCP client gets %s A DHCP client got a new IP address from the DHCP server. DHCP client IP expired A DHCP client's IP address has expired.
G-3000H User’s Guide Table 111 ICMP Notes (continued) TYPE CODE DESCRIPTION 0 Redirect datagrams for the Network 1 Redirect datagrams for the Host 2 Redirect datagrams for the Type of Service and Network 3 Redirect datagrams for the Type of Service and Host Echo 8 0 Echo message Time Exceeded 11 0 Time to live exceeded in transit 1 Fragment reassembly time exceeded Parameter Problem 12 0 Pointer indicates the error Timestamp 13 0 Timestamp request message Timestamp Reply 14 0 Timestamp
G-3000H User’s Guide Use sys logs category followed by a log category and a parameter to decide what to record Table 113 Log Categories and Available Settings LOG CATEGORIES AVAILABLE PARAMETERS error 0, 1, 2, 3 mten 0, 1 Use 0 to not record logs for that category, 1 to record only logs for that category, 2 to record only alerts for that category, and 3 to record both logs and alerts for that category.
G-3000H User’s Guide 280 Appendix J Log Descriptions
G-3000H User’s Guide Appendix K Indoor Installation Recommendations An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air. Positioning the antennas properly increases the range and coverage area of a wireless LAN. Antenna Characteristics Frequency An antenna in the frequency of 2.4GHz (IEEE 802.11b) or 5GHz(IEEE 802.
G-3000H User’s Guide • Omni-directional antennas send the RF signal out in all directions on a horizontal plane. The coverage area is torus-shaped (like a donut) which makes these antennas ideal for a room environment. With a wide coverage area, it is possible to make circular overlapping coverage areas with multiple access points. • Directional antennas concentrate the RF signal in a beam, like a flashlight does with the light from its bulb.
G-3000H User’s Guide Appendix L Power Adaptor Specifications Table 114 North American Plug Standards AC Power Adaptor Model ADS6818-1812-W 1215 Input Power 100~240 Volts AC, 50~60 Hz, 0.5 A Output Power 12 Volts DC, 1.5A, 18W Power Consumption 6 W Max Safety Standards UL, CUL (UL60950 Third Edition, CSA C22.2 No. 60950) Table 115 European Plug Standards AC Power Adaptor Model ADS6818-1812-B 1215 Input Power 100~240 Volts AC, 50~60 Hz, 0.5 A Output Power 12 Volts DC, 1.
G-3000H User’s Guide 284 Appendix L Power Adaptor Specifications
G-3000H User’s Guide Index A Address Assignment 48, 127 Alternative Subnet Mask Notation 269 Antenna Directional 282 Omni-directional 282 Antenna gain 281 AP (access point) 257 Applications 36 Authentication databases 85, 86 Auto-crossover Ethernet/Fast Ethernet Interface 31 Auto-negotiating Ethernet/Fast Ethernet Interface 31 auto-negotiation 31 B Backup 168 backup 208 Basic Service Set 57 Bridge Protocol Data Units (BPDUs) 63 Bridge/Repeater 32 Brute-Force Password Guessing Protection 35 BSS 57, 255 C
G-3000H User’s Guide F L Filename Conventions 207 Finland, Contact Information 6 Firmware File Maintenance 166 Fragment Threshold 181 Fragmentation Threshold 258 Fragmentation threshold 258 France, Contact Information 6 FTP 147, 151, 229 Restrictions 229 FTP File Transfer 214 FTP Restrictions 147 LAN 162 LEAP 262 Link type 202 Log and Trace 205 Log Descriptions 277 Logs 157 G General Setup 46, 51, 177 General Specifications 235 Germany, Contact Information 6 H Hidden Menus 173 Hidden node 257 Host 53
G-3000H User’s Guide PHB (Per-Hop Behavior) 61 Ping 206 PoE 32, 235 Power over Ethernet 32 Power Specification 235 Preamble Mode 259 Priorities 60 Private IP Address 48, 127 Product Model 6 Product Serial Number 6 Q Quick Start Guide 41 R RADIUS 35, 260 Shared Secret Key 261 RADIUS Message Types 260 RADIUS Messages 260 Rapid STP 62 RAS 204 Rate Receiving 202 Transmission 202 ReAuthentication Time 84, 86, 87, 88 Regular Mail 6 Related Documentation 27 Remote Authentication Dial In User Service 35 Remote M
G-3000H User’s Guide TFTP File Transfer 215 TFTP Restrictions 147 Time and Date Setting 225 Time Setting 53 Time Zone 226 ToS 60 Trace Records 204 Troubleshooting Accessing ZyAIR 232 Ethernet Port 231 Start-Up 231 Type Of Service 60 U WLAN Interference 257 Security parameters 264 Worldwide Contact Information 6 WPA 32, 75 WPA with RADIUS Application 77 WPA, WPA2 263 Z ZyAIR LED 32 ZyNOS 208 ZyNOS F/W Version 208 Upload Firmware 213 Use Authentication 264 User Authentication 76 User Profiles 193 V Vali