NWA-3160 Series IEEE 802.11a/b/g Business WLAN Access Point IEEE 802.11b/g Business WLAN Access Point IEEE WirelessN Business WLAN Access Point User’s Guide Version 3.60 03/2008 Edition 3 DEFAULT LOGIN IP Address http://192.168.1.2 Password 1234 www.zyxel.
About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the ZyXEL Device using the web configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology. Related Documentation • Quick Start Guide The Quick Start Guide is designed to help you get up and running right away. It contains information on setting up your network and configuring for Internet access.
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. 1 " Warnings tell you about things that could harm you or your device. Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations. Syntax Conventions • The NWA-3160, NWA-3163 or NWA-3165 may be referred to as the “ZyXEL Device”, the “device” or the “system” in this User’s Guide.
Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device.
Safety Warnings Safety Warnings 1 For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. • Do NOT store things on the device. • Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning. • Connect ONLY suitable accessories to the device.
Safety Warnings ZyXEL NWA-3160 Series User’s Guide 7
Safety Warnings 8 ZyXEL NWA-3160 Series User’s Guide
Contents Overview Contents Overview Introduction ............................................................................................................................ 31 Introducing the ZyXEL Device ................................................................................................... 33 Introducing the Web Configurator .............................................................................................. 43 Tutorial ..............................................................
Contents Overview 10 ZyXEL NWA-3160 Series User’s Guide
Table of Contents Table of Contents About This User's Guide .......................................................................................................... 3 Document Conventions............................................................................................................ 4 Safety Warnings........................................................................................................................ 6 Contents Overview .......................................................
Table of Contents Chapter 3 Tutorial ..................................................................................................................................... 47 3.1 How to Configure the Wireless LAN .................................................................................... 47 3.1.1 Choosing the Wireless Mode ..................................................................................... 47 3.1.2 Wireless LAN Configuration Overview ...............................................
Table of Contents 5.2 The Management Mode Screen .......................................................................................... 81 Chapter 6 AP Controller Mode (NWA-3160 Only) .................................................................................. 83 6.1 Status Screen ...................................................................................................................... 83 6.1.1 The AP List Status Screen .................................................................
Table of Contents 8.3.3.2 ATC+WMM from WLAN to LAN ....................................................109 8.3.4 Type Of Service (ToS) .............................................................................................. 109 8.3.4.1 DiffServ ..........................................................................................109 8.3.4.2 DSCP and Per-Hop Behavior ........................................................109 8.3.5 ToS (Type of Service) and WMM QoS .................................
Table of Contents 9.10 Introduction to RADIUS ................................................................................................... 136 9.11 Configuring RADIUS ........................................................................................................ 136 Chapter 10 MBSSID and SSID ................................................................................................................. 139 10.1 Wireless LAN Infrastructures .................................................
Table of Contents 13.3.3 Rogue AP List ........................................................................................................ 163 Chapter 14 Remote Management Screens............................................................................................. 165 14.1 Remote Management Overview ...................................................................................... 165 14.1.1 Remote Management Limitations .....................................................................
Table of Contents Chapter 17 Log Screens .......................................................................................................................... 201 17.1 Configuring View Log ....................................................................................................... 201 17.2 Configuring Log Settings ................................................................................................. 202 17.3 Example Log Messages ...................................................
Table of Contents Chapter 20 Introducing the SMT ............................................................................................................. 237 20.1 Introduction to the SMT ................................................................................................... 237 20.2 Accessing the SMT via the Console Port ........................................................................ 237 20.2.1 Initial Screen ........................................................................
Table of Contents 26.2 Backup Configuration ...................................................................................................... 258 26.2.1 Using the FTP command from the DOS Prompt .................................................... 258 26.2.2 Backup Configuration Using TFTP ......................................................................... 259 26.2.3 Example: TFTP Command ..................................................................................... 260 26.
Table of Contents Appendix C Pop-up Windows, JavaScripts and Java Permissions ...................................... 313 Appendix D IP Addresses and Subnetting ........................................................................... 319 Appendix E Text File Based Auto Configuration................................................................... 327 Appendix F Legal Information ..............................................................................................
List of Figures List of Figures Figure 1 Access Point Application .......................................................................................................... 34 Figure 2 Bridge Application .................................................................................................................... 35 Figure 3 Repeater Application ................................................................................................................ 35 Figure 4 AP+Bridge Application ..........
List of Figures Figure 39 Tutorial: MAC Filter Edit (SERVER_1) ................................................................................... 71 Figure 40 Tutorial: SSID Profiles Activated ............................................................................................ 72 Figure 41 Tutorial: SSID Tab Correct Settings ........................................................................................ 72 Figure 42 The Status Screen ........................................................
List of Figures Figure 82 Wireless: Multiple BSS ......................................................................................................... 140 Figure 83 SSID ..................................................................................................................................... 143 Figure 84 Configuring SSID .................................................................................................................. 144 Figure 85 Layer-2 Isolation Application ..............
List of Figures Figure 125 Management VLAN Configuration Example ....................................................................... 214 Figure 126 VLAN-Aware Switch - Static VLAN ..................................................................................... 214 Figure 127 VLAN-Aware Switch ........................................................................................................... 214 Figure 128 VLAN-Aware Switch - VLAN Status ......................................................
List of Figures Figure 168 Menu 22 SNMP Configuration ............................................................................................ 247 Figure 169 Menu 23 System Password ................................................................................................ 249 Figure 170 Menu 24 System Maintenance ........................................................................................... 251 Figure 171 Menu 24.1 System Maintenance: Status ...........................................
List of Figures Figure 211 Security Settings - Java Scripting ....................................................................................... 317 Figure 212 Security Settings - Java ...................................................................................................... 317 Figure 213 Java (Sun) .......................................................................................................................... 318 Figure 214 Network Number and Host ID ............................
List of Tables List of Tables Table 1 Models Covered ........................................................................................................................ 33 Table 2 LEDs ......................................................................................................................................... 40 Table 3 Tutorial: Example Information ...................................................................................................
List of Tables Table 39 Wireless Security Levels ....................................................................................................... 128 Table 40 WIRELESS > Security .......................................................................................................... 129 Table 41 Security: WEP ....................................................................................................................... 130 Table 42 Security: 802.1x Only .....................................
List of Tables Table 82 Sys log .................................................................................................................................. 206 Table 83 Log Categories and Available Settings ................................................................................. 206 Table 84 WIRELESS VLAN ..................................................................................................................211 Table 85 RADIUS VLAN ..................................................
List of Tables Table 125 Subnet 2 .............................................................................................................................. 324 Table 126 Subnet 3 .............................................................................................................................. 324 Table 127 Subnet 4 .............................................................................................................................. 324 Table 128 Eight Subnets .......................
P ART I Introduction Introducing the ZyXEL Device (33) Introducing the Web Configurator (43) Tutorial (47) Status Screens (75) Management Mode (79) AP Controller Mode (NWA-3160 Only) (83) 31
CHAPTER 1 Introducing the ZyXEL Device This chapter introduces the main applications and features of the ZyXEL Device. It also introduces the ways you can manage the ZyXEL Device. 1.1 Introducing the ZyXEL Device Your ZyXEL Device extends the range of your existing wired network without additional wiring, providing easy network access to mobile users. It is highly versatile, supporting multiple BSSIDs simultaneously (eight in the NWA-3160 and NWA-3163, four in the NWA-3165).
Chapter 1 Introducing the ZyXEL Device " A different channel should be configured for each WLAN interface to reduce the effects of radio interference. 1.2.1 Access Point The ZyXEL Device is an ideal access solution for wireless Internet connection. A typical Internet access application for your ZyXEL Device is shown as follows. Stations A, B and C can access the wired network through the ZyXEL Devices. Figure 1 Access Point Application 1.2.
Chapter 1 Introducing the ZyXEL Device Figure 2 Bridge Application Figure 3 Repeater Application 1.2.3 AP + Bridge (NWA-3160 and NWA-3163 Only) In AP+Bridge mode, the ZyXEL Device supports both AP and bridge connection at the same time.
Chapter 1 Introducing the ZyXEL Device In the figure below, A and B use X as an AP to access the wired network, while X and Y communicate in bridge mode. When the ZyXEL Device is in AP + Bridge mode, security between APs (the Wireless Distribution System or WDS) is independent of the security between the wireless stations and the AP. If you do not enable WDS security, traffic between APs is not encrypted. When WDS security is enabled, both APs must use the same pre-shared key. See Section 8.7.
Chapter 1 Introducing the ZyXEL Device For example, you might want to set up a wireless network in your office where Internet telephony (Voice over IP, or VoIP) users have priority. You also want a regular wireless network for standard users, as well as a ‘guest’ wireless network for visitors. In the following figure, VoIP_SSID users have Quality of Service (QoS) priority, SSID03 is the wireless network for standard users, and Guest_SSID is the wireless network for guest users.
Chapter 1 Introducing the ZyXEL Device 1.3 CAPWAP (NWA-3160 and NWA-3163 Only) CAPWAP allows a single access point (the AP controller) to manage up to eight other access points (the managed APs). The managed APs receive all their configuration information from the AP controller. This includes radio configuration (such as the wireless channel to use, permitted data rates, and so on), security profile and SSID profile information.
Chapter 1 Introducing the ZyXEL Device 1.6 Hardware Connections See your Quick Start Guide for information on making hardware connections. 1.6.1 Antennas The ZyXEL Device has two antennas. When you are looking at the ZyXEL Device from the front, the main antenna is on the left. The main antenna can both transmit and receive. If you have only one antenna, attach it to the connector on the left of the ZyXEL Device. Figure 6 Main Antenna 1.
Chapter 1 Introducing the ZyXEL Device Figure 7 LEDs Table 2 LEDs LABEL COLOR STATUS DESCRIPTION Off Either • The ZyXEL Device is in Access Point or MBSSID mode and is functioning normally. or • The ZyXEL Device is in AP+Bridge or Bridge/ Repeater mode and has not established a Wireless Distribution System (WDS) connection. Green On (NWA-3160 and NWA-3163 only) The ZyXEL Device is in AP+Bridge or Bridge/Repeater mode, and has successfully established a Wireless Distribution System (WDS) connection.
Chapter 1 Introducing the ZyXEL Device Table 2 LEDs (continued) LABEL COLOR STATUS DESCRIPTION ETHERNET Green On The ZyXEL Device has a 10 Mbps Ethernet connection. Blinking The ZyXEL Device has a 10 Mbps Ethernet connection and is sending or receiving data. On The ZyXEL Device has a 100 Mbps Ethernet connection. Blinking The ZyXEL Device has a 100 Mbps Ethernet connection and is sending/receiving data. Off The ZyXEL Device does not have an Ethernet connection.
Chapter 1 Introducing the ZyXEL Device 42 ZyXEL NWA-3160 Series User’s Guide
CHAPTER 2 Introducing the Web Configurator This chapter describes how to access the ZyXEL Device’s web configurator and provides an overview of its screens. " When your ZyXEL Device is in (CAPWAP) Managed AP mode (NWA-3160 and NWA-3163 only) the Web Configurator is not available. The ZyXEL Device can be managed only through the controller AP’s web configurator. 2.
Chapter 2 Introducing the Web Configurator Figure 8 Change Password Screen 6 Click Apply in the Replace Certificate screen to create a certificate using your ZyXEL Device’s MAC address that will be specific to this device. Figure 9 Replace Certificate Screen You should now see the Status screen. See Chapter 2 on page 43 for details about the Status screen. " The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes).
Chapter 2 Introducing the Web Configurator 2.2.1 Methods of Restoring Factory-Defaults You can erase the current configuration and restore factory defaults in three ways: Use the RESET button to upload the default configuration file. Hold this button in for about 10 seconds (the lights will begin to blink). Use this method for cases when the password or IP address of the ZyXEL Device is not known. Use the web configurator to restore defaults (refer to Chapter 19 on page 227).
Chapter 2 Introducing the Web Configurator Click MAINTENANCE to view information about your ZyXEL Device or upgrade configuration and firmware files. Maintenance features include Status (Statistics), Association List, Channel Usage (NWA-3160 and NWA-3163 only), F/W (firmware) Upload, Configuration (Backup, Restore and Default) and Restart.
CHAPTER 3 Tutorial This chapter first provides an overview of how to configure the wireless LAN on your ZyXEL Device, and then gives step-by-step guidelines showing how to configure your ZyXEL Device for some example scenarios. 3.1 How to Configure the Wireless LAN This section shows how to choose which wireless operating mode you should use on the ZyXEL Device, and the steps you should take to set up the wireless LAN in each wireless mode. See Section 3.1.
Chapter 3 Tutorial 3.1.2 Wireless LAN Configuration Overview The following figure shows the steps you should take to configure the wireless settings according to the operating mode you select. Use the Web Configurator to set up your ZyXEL Device’s wireless network (see your Quick Start Guide for information on setting up your ZyXEL Device and accessing the Web Configurator).
Chapter 3 Tutorial Figure 11 Configuring Wireless LAN Select Operating Mode Access Point Mode. Select 802.11 Mode and Channel ID. Select SSID Profile. Configure SSID Profile. Bridge / Repeater Mode. (NWA-3160 and NWA-3163 only). Select 802.11 Mode and Channel ID. Configure WDS Security. AP + Bridge Mode. (NWA-3160 and NWA-3163 only). Select 802.11 Mode and Channel ID. MBSSID Mode. Select 802.11 Mode and Channel ID. Select SSID Profiles. Configure WDS Security. Configure each SSID Profile.
Chapter 3 Tutorial 3.1.3 Further Reading Use these links to find more information on the steps: • Choosing 802.11 Mode: see Section 8.7.1 on page 113. • Choosing a wireless Channel ID: see Section 8.7.1 on page 113. • Selecting and configuring SSID profile(s): see Section 8.7.1 on page 113 and Section 10.2.1 on page 142. • Configuring and activating WDS Security (NWA-3160 and NWA-3163 only): see Section 8.7.3 on page 116. • Editing Security Profile(s): see Section 9.9 on page 128.
Chapter 3 Tutorial Figure 12 Tutorial: Example MBSSID Setup The standard network (SSID04) has access to all resources. The VoIP network (VoIP_SSID) has access to all resources and a high Quality of Service (QoS) setting (see Chapter 8 on page 105 for information on QoS). The guest network (Guest_SSID) has access to the Internet and the network printer only, and a low QoS setting.
Chapter 3 Tutorial Figure 13 Tutorial: Wireless LAN: Before Select MBSSID from the Operating Mode drop-down list box. The screen displays as follows. Figure 14 Tutorial: Wireless LAN: Change Mode This Select SSID Profile table allows you to activate or deactivate SSID profiles. Your wireless network was previously using the SSID04 profile, so select SSID04 in one of the Profile list boxes (number 3 in this example).
Chapter 3 Tutorial Select the Index box for the entry and click Apply to activate the profile. Your standard wireless network (SSID04) is now accessible to your wireless clients as before. You do not need to configure anything else for your standard network. 3.2.2 Configure the VoIP Network Next, click WIRELESS > SSID. The following screen displays. Note that the SSID04 SSID profile (the standard network) is using the security01 security profile.
Chapter 3 Tutorial Figure 16 Tutorial: VoIP SSID Profile Edit • Choose a new SSID for the VoIP network. In this example, enter VOIP_SSID_Example. Note that although the SSID changes, the SSID profile name (VoIP_SSID) remains the same as before. • Select Enable from the Hide Name (SSID) list box. You want only authorized company employees to use this network, so there is no need to broadcast the SSID to wireless clients scanning the area.
Chapter 3 Tutorial Figure 17 Tutorial: VoIP Security You already chose to use the security02 profile for this network, so select the radio button for security02 and click Edit. The following screen appears. Figure 18 Tutorial: VoIP Security Profile Edit • Change the Name field to “VoIP_Security” to make it easier to remember and identify. • In this example, you do not have a RADIUS server for authentication, so select WPA2PSK in the Security Mode field.
Chapter 3 Tutorial • Click Apply. The WIRELESS > Security screen displays. Ensure that the Profile Name for entry 2 displays “VoIP_Security” and that the Security Mode is WPA2-PSK. Figure 19 Tutorial: VoIP Security: Updated 3.2.2.2 Activate the VoIP Profile You need to activate the VoIP_SSID profile before it can be used. Click the Wireless tab. In the Select SSID Profile table, select the VoIP_SSID profile and click Apply.
Chapter 3 Tutorial Figure 21 Tutorial: Guest Edit • Choose a new SSID for the guest network. In this example, enter Guest_SSID_Example. Note that although the SSID changes, the SSID profile name (Guest_SSID) remains the same as before. • Select Disable from the Hide Name (SSID) list box. This makes it easier for guests to configure their own computers’ wireless clients to your network’s settings.
Chapter 3 Tutorial • Select WPA-PSK in the Security Mode field. WPA-PSK provides strong security that is supported by most wireless clients. Even though your Guest_SSID clients do not have access to sensitive information on the network, you should not leave the network without security. An attacker could still cause damage to the network or intercept unsecured communications. • Enter the PSK you want to use in your network in the Pre Shared Key field.
Chapter 3 Tutorial Figure 25 Tutorial: Layer 2 Isolation Profile Enter the MAC addresses of the two network devices you want users on the guest network to be able to access: the main network router (00:AA:00:AA:00:AA) and the network printer (AA:00:AA:00:AA:00). Click Apply. 3.2.3.3 Activate the Guest Profile You need to activate the Guest_SSID profile before it can be used. Click the Wireless tab. In the Select SSID Profile table, select the check box for the Guest_SSID profile and click Apply.
Chapter 3 Tutorial • Try to access each network using the correct security settings, and then using incorrect security settings, such as the WPA-PSK for another active network. If the behavior is different from expected (for example, if you can access the VoIP wireless network using the security settings for the Guest_SSID wireless network) check that the SSID profile is set to use the correct security profile, and that the settings of the security profile are correct.
Chapter 3 Tutorial Figure 27 Tutorial: Wireless Network Example In the figure, the solid circle represents the range of your wireless network, and the dashed circle represents the extent of the coffee shop’s wireless network. Note that the two networks overlap. This means that one or more of your APs can detect the AP (1) in the other wireless network. When configuring the rogue AP feature on your ZyXEL Devices in this example, you will need to use the information in the following table.
Chapter 3 Tutorial " The ZyXEL Device can detect the MAC addresses of APs automatically. However, it is more secure to obtain the correct MAC addresses from another source and add them to the friendly AP list manually. For example, an attacker’s AP mimicking the correct SSID could be placed on the friendly AP list by accident, if selected from the list of auto-detected APs. In this example you have spoken to the coffee shop’s owner, who has told you the correct MAC address of his AP.
Chapter 3 Tutorial " You can add APs that are not part of your network to the friendly AP list, as long as you know that they do not pose a threat to your network’s security. The Friendly AP screen now appears as follows. Figure 29 Tutorial: Friendly AP (After Data Entry) 3 Next, you will save the list of friendly APs in order to provide a backup and upload it to your other access points. Click the Configuration tab.The following screen appears. Figure 30 Tutorial: Configuration 4 Click Export.
Chapter 3 Tutorial Figure 31 Tutorial: Warning 5 Save the friendly AP list somewhere it can be accessed by all the other access points on the network. In this example, save it on the network file server (E in Figure 27 on page 61). The default filename is “Flist”. Figure 32 Tutorial: Save Friendly AP list 3.3.2 Activate Periodic Rogue AP Detection Take the following steps to activate rogue AP detection on the first of your ZyXEL Devices.
Chapter 3 Tutorial 2 In the Period (min.) field, enter how often you want the ZyXEL Device to scan for rogue APs. You can have the ZyXEL Device scan anywhere from once every ten minutes to once every hour. In this example, enter “10”. 3 Click Apply. 3.3.3 Set Up E-mail Logs In this section, you will configure the first of your four APs to send a log message to your email inbox whenever a rogue AP is discovered in your wireless network’s coverage area. 1 Click LOGS > Log Settings.
Chapter 3 Tutorial • Enter the email address to which you want alerts to be sent (myname@myfirm.com, in this example). • In the Send Immediate Alert section, select the events you want to trigger immediate emails. Ensure that Rogue AP is selected. • Click Apply. 3.3.4 Configure Your Other Access Points Access point A is now configured to do the following. • Scan for access points in its coverage area every ten minutes. • Recognize friendly access points from a list.
Chapter 3 Tutorial • Check your e-mail. You should have received at least one e-mail alert (your other ZyXEL Devices may also have sent alerts, depending on their proximity and the output power of your “rogue” AP). 3.4 Using Multiple MAC Filters and L-2 Isolation Profiles This example shows you how to allow certain users to access only specific parts of your network. You can do this by using multiple MAC filters and layer-2 isolation profiles. 3.4.
Chapter 3 Tutorial 3.4.3 Setup In this example, you have already set up the ZyXEL Device in MBSSID mode (see Chapter 10 on page 139). It uses two SSID profiles simultaneously. You have configured each SSID profile as shown in the following table.
Chapter 3 Tutorial You will configure the MAC filter to restrict access to Alice alone, and then configure layer-2 isolation to allow her to access only the network router, the file server and the Internet security gateway. Take the following steps to configure the SERVER_1 network. 1 Log into the ZyXEL Device’s Web Configurator and click WIRELESS > SSID. The following screen displays, showing the SSID profiles you already configured.
Chapter 3 Tutorial Figure 37 Tutorial: SSID Edit Select l2Isolation03 in the L2 Isolation field, and select macfilter03 in the MAC Filtering field. Click Apply. 3 Click the Layer-2 Isolation tab. When the Layer-2 Isolation screen appears, select L2Isolation03’s entry and click Edit. The following screen displays. Figure 38 Tutorial: Layer-2 Isolation Edit Enter the network router’s MAC Address and add a Description (“NET_ROUTER” in this case) in Set 1’s entry.
Chapter 3 Tutorial Figure 39 Tutorial: MAC Filter Edit (SERVER_1) You have restricted access to the SERVER_1 network to only the networking device whose MAC address you entered. The SERVER_1 network is now configured. 3.4.5 Configure the SERVER_2 Network Next, you will configure the SERVER_2 network that allows Bob to access secure server 2 and the Internet. To do this, repeat the procedure in Section 3.4.4 on page 68, substituting the following information.
Chapter 3 Tutorial 3.4.6 Checking your Settings and Testing the Configuration Use the following sections to ensure that your wireless networks are set up correctly. 3.4.6.1 Checking Settings Take the following steps to check that the ZyXEL Device is using the correct SSIDs, MAC filters and layer-2 isolation profiles. 1 Click WIRELESS > Wireless. Check that the Operating Mode is MBSSID and that the correct SSID profiles are selected and activated, as shown in the following figure.
Chapter 3 Tutorial • Using Alice’s computer and wireless client, and the correct security settings, do the following. Attempt to access Server 1. You should be able to do so. Attempt to access the Internet. You should be able to do so. Attempt to access Server 2. You should be unable to do so. If you can do so, layer-2 isolation is misconfigured. • Using Alice’s computer and wireless client, and incorrect security settings, attempt to associate with the SERVER_1 network. You should be unable to do so.
Chapter 3 Tutorial 74 ZyXEL NWA-3160 Series User’s Guide
CHAPTER 4 Status Screens The Status screen displays when you log into the ZyXEL Device, or click STATUS in the navigation menu. Use the Status screens to look at the current status of the device, system resources, interfaces and SSID status. The Status screen also provides detailed information about associated wireless clients, channel usage, logs and detected rogue APs. " " Fields in this screen may differ depending on the ZyXEL Device model you are using.
Chapter 4 Status Screens Figure 42 The Status Screen The following table describes the labels in this screen. Table 10 The Status Screen LABEL DESCRIPTION Automatic Refresh Interval Enter how often you want the ZyXEL Device to update this screen. Refresh Click this to update this screen immediately. System Information 76 System Name This field displays the ZyXEL Device system name. It is used for identification. You can change this in the System > General screen’s System Name field.
Chapter 4 Status Screens Table 10 The Status Screen LABEL DESCRIPTION System Resources Flash This field displays the amount of the ZyXEL Device’s flash memory currently in use. The flash memory is used to store firmware and SSID profiles. Memory This field displays what percentage of the ZyXEL Device’s volatile memory is currently in use. The higher the memory usage, the more likely the ZyXEL Device is to slow down. Some memory is required just to start the ZyXEL Device and to run the web configurator.
Chapter 4 Status Screens 78 ZyXEL NWA-3160 Series User’s Guide
CHAPTER 5 Management Mode This chapter discusses the MGNT MODE (Management Mode) screen (NWA-3160 and NWA-3163 only). This screen determines whether the ZyXEL Device is used in its default, standalone mode, or as part of a CAPWAP (Control And Provisioning of Wireless Access Points) network. 5.1 About CAPWAP The NWA-3160 and NWA-3163 support CAPWAP (Control And Provisioning of Wireless Access Points).
Chapter 5 Management Mode 2 The AP sends out a management request, looking for an AP in CAPWAP AP controller mode. 3 If there is an AP controller on the network, it receives the management request. If the AP controller is in Manual mode (see Section 6.3.3 on page 91) it adds the details of the AP to its Unmanaged Access Points list (see Section 6.3.1 on page 88), and you decide which available APs to manage.
Chapter 5 Management Mode 5.1.4 Notes on CAPWAP This section lists some additional features of ZyXEL’s implementation of the CAPWAP protocol. • When the ZyXEL Device is in AP controller mode and uses its internal RADIUS server (see Chapter 15 on page 177), managed APs also use the ZyXEL Device’s authentication server to authenticate wireless clients. • Only one AP controller can exist in any single broadcast domain.
Chapter 5 Management Mode Table 11 The Management Mode Screen LABEL DESCRIPTION Managed AP Select this to have the ZyXEL Device managed by another ZyXEL Device on your network. When you do this, the ZyXEL Device can be configured ONLY by the management AP. If you do not have an AP controller on your network and want to return the ZyXEL Device to standalone mode, you must use its physical RESET button. All settings are returned to their default values.
CHAPTER 6 AP Controller Mode (NWA-3160 Only) When the ZyXEL Device is an AP controller, it can manage other access points. You configure settings for the AP controller and the managed access points in the AP controller, which then sends the configuration details to the managed APs. The ZyXEL Device can manage compatible access points only (see Section 1.3 on page 38 for a list of compatible access points). AP controller mode is part of the ZyXEL CAPWAP implementation.
Chapter 6 AP Controller Mode (NWA-3160 Only) The following table describes the new labels in this screen. Table 12 AP Controller: the Status Screen LABEL DESCRIPTION Registration Type This field displays how the managed APs are registered with the ZyXEL Device. • Manual displays if you add unmanaged APs to the ZyXEL Device’s list of managed APs manually. • Always Accept displays if the ZyXEL Device automatically manages any CAPWAP-enabled AP that transmits a management request over the network.
Chapter 6 AP Controller Mode (NWA-3160 Only) The following table describes the labels in this screen. Table 13 AP List Status LABEL DESCRIPTION AP Description This is the description of the managed AP (either generated automatically, or entered by you). Model This is the managed AP’s model number. Radio MAC This is the MAC (Media Access Control) address of the managed AP’s wireles adapter. 802.11 Mode This displays the IEEE 802.11 wireless mode the managed AP is currently using.
Chapter 6 AP Controller Mode (NWA-3160 Only) Table 14 AP Statistics LABEL DESCRIPTION Automatic Refresh Interval Select the frequency with which the ZyXEL Device updates this screen. Refresh Click this to update this screen immediately. 6.1.3 The AP Association List Screen Use this screen to see information about the wireless clients associated to the APs managed by the ZyXEL Device. When the ZyXEL Device is in AP controller mode, click Association List in the Status screen.
Chapter 6 AP Controller Mode (NWA-3160 Only) When the ZyXEL Device is in AP controller mode, click SSID Information in the Status screen. The following screen displays. Figure 50 SSID Information The following table describes the labels in this screen. Table 16 AP Association List LABEL DESCRIPTION SSID This displays the SSID (Service Set IDentifier) that identifies your wireless network. Each AP may use a different SSID (or different multiple SSIDs).
Chapter 6 AP Controller Mode (NWA-3160 Only) Table 17 Navigation Bar Labels LABEL DESCRIPTION CONTROLLER Click this to go to the Controller screens (see Section 6.3 on page 88). PROFILE EDIT Click this to go to the Profile Edit screens (see Section 6.4 on page 92). ROGUE AP Click this to go to the Rogue AP screens (see Section 13.3 on page 161). VLAN Click this to go to the VLAN screens (see Section 18.2 on page 210). SYSTEM Click this to go to the System screens (see Section 19.2 on page 227).
Chapter 6 AP Controller Mode (NWA-3160 Only) Figure 52 The Controller > AP Lists Screen The following table describes the labels in this screen. Table 18 The Controller > AP Lists Screen LABEL DESCRIPTION Managed Access Points List This section lists the access points currently controlled by the ZyXEL Device. This always includes the ZyXEL Device itself. Index This is the index number of the AP.
Chapter 6 AP Controller Mode (NWA-3160 Only) Table 18 The Controller > AP Lists Screen LABEL DESCRIPTION Unmanaged Access Points List This section lists the CAPWAP-enabled access points in the area that are in managed AP mode, but are not currently controlled by the ZyXEL Device. Index This is the index number of the unmanaged AP. Select Choose the unmanaged AP to have managed by the ZyXEL Device and click Add. IP This is the IP address of the unmanaged AP.
Chapter 6 AP Controller Mode (NWA-3160 Only) Table 19 The Controller > AP Lists > Edit Screen LABEL DESCRIPTION WLAN2 Radio Profile This field displays only if the managed AP has dual radios. Select the second radio profile you want to use for this AP. Configure radio profiles in the Profile Edit > Radio screen. Select Disable if you do not want to use a second radio profile. The AP’s radio is not active when you select Disable. Apply Click this to save the changes in this screen.
Chapter 6 AP Controller Mode (NWA-3160 Only) 6.4 The Profile Edit Screens This section describes the Profile Edit screens, which are available only in AP controller mode (NWA-3160 only). The following Profile Edit screens are identical to those available in standalone mode: • • • • • The Profile Edit > SSID screen (see Section 10.2.1 on page 142). The Profile Edit > Security screen (see Section 9.9 on page 128). The Profile Edit > RADIUS screen (see Section 9.11 on page 136).
Chapter 6 AP Controller Mode (NWA-3160 Only) Table 21 The Profile Edit > Radio Screen LABEL DESCRIPTION 802.11 Mode This field displays the IEEE 802.11 wireless mode the radio profile uses. Channel ID This field displays the wireless channel the radio profile uses. Edit Click the radio button next to the profile you want to configure and click Edit to go to the radio profile configuration screen. 6.5 The Radio Profile Edit Screen Use this screen to configure a specific radio profile.
Chapter 6 AP Controller Mode (NWA-3160 Only) The following table describes the labels in this screen. Table 22 The Profile Edit > Radio > Edit Screen 94 LABEL DESCRIPTION Profile Name Enter a name identifying this profile. 802.11 Mode Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to associate with the ZyXEL Device. Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to associate with the ZyXEL Device. Select 802.11b+g to allow both IEEE802.11b and IEEE802.
Chapter 6 AP Controller Mode (NWA-3160 Only) Table 22 The Profile Edit > Radio > Edit Screen LABEL DESCRIPTION Apply Click this to save your changes. Reset Click this to reload the previous configuration for this screen.
Chapter 6 AP Controller Mode (NWA-3160 Only) 96 ZyXEL NWA-3160 Series User’s Guide
P ART II The Web Configurator System Screens (99) Wireless Configuration (105) Wireless Security Configuration (123) MBSSID and SSID (139) Other Wireless Configuration (147) IP Screen (157) Rogue AP (159) Remote Management Screens (165) Internal RADIUS Server (177) Certificates (183) Log Screens (201) VLAN (209) Maintenance (227) 97
CHAPTER 7 System Screens 7.1 System Overview This section provides information on general system setup. 7.2 Configuring General Setup Click SYSTEM > General. Figure 57 System > General The following table describes the labels in this screen. Table 23 System > General LABEL DESCRIPTION General Setup System Name Type a descriptive name to identify the ZyXEL Device in the Ethernet network. This name can be up to 30 alphanumeric characters long.
Chapter 7 System Screens Table 23 System > General LABEL DESCRIPTION First DNS Server Second DNS Server Third DNS Server Select From DHCP if your DHCP server dynamically assigns DNS server information (and the ZyXEL Device's Ethernet IP address). The field to the right displays the (read-only) DNS server IP address that the DHCP assigns. Select User-Defined if you have the IP address of a DNS server. Enter the DNS server's IP address in the field to the right.
Chapter 7 System Screens Figure 58 SYSTEM > Password. The following table describes the labels in this screen. Table 24 Password LABEL DESCRIPTIONS Enable Admin at Local Select this check box to have the device authenticate management logins to the device. Use old setting Select this to have the ZyXEL Device use the local management password already configured on the device (“1234” is the default). Use new setting Select this if you want to change the local management password.
Chapter 7 System Screens Table 24 Password LABEL RADIUS DESCRIPTIONS Select the RADIUS server profile of the RADIUS server that is to authenticate management logins to the ZyXEL Device. The ZyXEL Device tests the user name and password against the RADIUS server when you apply your settings. • The user name and password must already be configured in the RADIUS server. • You must already have a RADIUS profile configured for the RADIUS server (see Section 9.11 on page 136).
Chapter 7 System Screens The following table describes the labels in this screen. Table 25 SYSTEM > Time Setting LABEL DESCRIPTION Current Time This field displays the time of your ZyXEL Device. Each time you reload this page, the ZyXEL Device synchronizes the time with the time server (if configured). Current Date This field displays the last updated date from the time server. Manual Select this radio button to enter the time and date manually.
Chapter 7 System Screens Table 25 SYSTEM > Time Setting LABEL DESCRIPTION Apply Click Apply to save your changes. Reset Click Reset to reload the previous configuration for this screen. 7.5 Pre-defined NTP Time Servers List When you turn on the ZyXEL Device for the first time, the date and time start at 2000-01-01 00:00:00. When you select Auto in the SYSTEM > Time Setting screen, the ZyXEL Device then attempts to synchronize with one of the following pre-defined list of NTP time servers.
CHAPTER 8 Wireless Configuration This chapter discusses how to configure the ZyXEL Device’s Wireless screens. 8.1 Wireless LAN Overview This section introduces the wireless LAN (WLAN) and some basic scenarios. 8.1.1 BSS A Basic Service Set (BSS) exists when all communications between wireless stations or between a wireless station and a wired network client go through one access point (AP). Intra-BSS traffic is traffic between wireless stations in the BSS.
Chapter 8 Wireless Configuration 8.1.2 ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless stations within the same ESS must have the same ESSID in order to communicate. Figure 61 Extended Service Set 8.
Chapter 8 Wireless Configuration 8.3 Quality of Service This section discusses the Quality of Service (QoS) features available on the ZyXEL Device. 8.3.1 WMM QoS WMM (Wi-Fi MultiMedia) QoS (Quality of Service) ensures quality of service in wireless networks. It controls WLAN transmission priority on packets to be transmitted over the wireless network. WMM QoS prioritizes wireless traffic according to the delivery requirements of the individual and applications. WMM QoS is a part of the IEEE 802.
Chapter 8 Wireless Configuration ATC assigns priority based on packet size, since time-sensitive applications such as Internet telephony (Voice over IP or VoIP) tend to have smaller packet sizes than non-time sensitive applications such as FTP (File Transfer Protocol). The following table shows some common applications, their time sensitivity, and their typical data packet sizes. Note that the figures given are merely examples - sizes may differ according to application and circumstances.
Chapter 8 Wireless Configuration The following table shows how priorities are assigned for packets coming from the LAN to the WLAN. Table 30 ATC + WMM Priority Assignment (LAN to WLAN) PACKET SIZE (BYTES) ATC VALUE WMM VALUE 1 ~ 250 ATC_High WMM_VIDEO 250 ~ 1100 ATC_Medium WMM_BEST_EFFORT 1100 + ATC_Low WMM_BACKGROUND 8.3.3.2 ATC+WMM from WLAN to LAN ATC+WMM from WLAN to LAN automatically prioritizes (assigns an ATC value to) all packets coming from the WLAN.
Chapter 8 Wireless Configuration DSCP is backward compatible with the three precedence bits in the ToS octet so that nonDiffServ compliant, ToS-enabled network device will not conflict with the DSCP mapping. The DSCP value determines the forwarding behavior, the PHB (Per-Hop Behavior), that each packet gets across the DiffServ network. Based on the marking rule, different kinds of traffic can be marked for different priorities of forwarding.
Chapter 8 Wireless Configuration 8.4.2 STP Terminology The root bridge is the base of the spanning tree; it is the bridge with the lowest identifier value (MAC address). Path cost is the cost of transmitting a frame onto a LAN through that port. It is assigned according to the speed of the link to which a port is attached. The slower the media, the higher the cost - see the following table.
Chapter 8 Wireless Configuration 8.4.4 STP Port States STP assigns five port states (see next table) to eliminate packet looping. A bridge port is not allowed to go directly from blocking state to forwarding state so as to eliminate transient loops. Table 34 STP Port States PORT STATES DESCRIPTIONS Disabled STP is disabled (default). Blocking Only configuration and management BPDUs are received and processed. Listening All BPDUs are received and processed.
Chapter 8 Wireless Configuration 8.7 Configuring Wireless Settings Click WIRELESS > Wireless. The screen varies depending upon the operating mode you select. 8.7.1 Access Point Mode: NWA-3160 and NWA-3163 This section describes the Access Point mode screen for the NWA-3160 and NWA-3163. For the NWA-3165, see Section 8.7.2 on page 114. Select Access Point as the Operating Mode to display the screen shown next.
Chapter 8 Wireless Configuration Table 35 Wireless: Access Point (NWA-3160 and NWA-3163) LABEL DESCRIPTION RTS/CTS Threshold (Request To Send) The threshold (number of bytes) for enabling RTS/CTS handshake. Data with its frame size larger than this value will perform the RTS/CTS handshake. Setting this attribute to be larger than the maximum MSDU (MAC service data unit) size turns off the RTS/CTS handshake. Setting this attribute to its smallest value (256) turns on the RTS/CTS handshake.
Chapter 8 Wireless Configuration Figure 64 Wireless: Access Point (NWA-3165) The following table describes the general wireless LAN labels in this screen. Table 36 Wireless: Access Point (NWA-3165) LABEL DESCRIPTION Operating Mode Select Access Point from the drop-down list. 802.11 Mode Select 802.11b/g to allow both IEEE802.11b and IEEE802.11g compliant WLAN devices to associate with the ZyXEL Device. The transmission rate of your ZyXEL Device might be reduced. Select 802.11n/g to allow both IEEE802.
Chapter 8 Wireless Configuration Table 36 Wireless: Access Point (NWA-3165) LABEL DESCRIPTION Fragmentation Threshold The threshold (number of bytes) for the fragmentation boundary for directed messages. It is the maximum data fragment size that can be sent. Enter an even number between 256 and 2346. Output Power Set the output power of the ZyXEL Device in this field. If there is a high density of APs in an area, decrease the output power of the ZyXEL Device to reduce interference with other APs.
Chapter 8 Wireless Configuration Figure 65 Bridging Example Be careful to avoid bridge loops when you enable bridging in the ZyXEL Device. Bridge loops cause broadcast traffic to circle the network endlessly, resulting in possible throughput degradation and disruption of communications. The following examples show two network topologies that can lead to this problem: • If two or more ZyXEL Devices (in bridge mode) are connected to the same hub.
Chapter 8 Wireless Configuration Figure 67 Bridge Loop: Bridge Connected to Wired LAN To prevent bridge loops, ensure that you enable STP in the Wireless screen or your ZyXEL Device is not set to bridge mode while connected to both wired and wireless segments of the same LAN. To have the ZyXEL Device act as a wireless bridge only, click WIRELESS > Wireless and select Bridge/Repeater as the Operating Mode.
Chapter 8 Wireless Configuration The following table describes the bridge labels in this screen. Table 37 Wireless: Bridge/Repeater (NWA-3160 and NWA-3163 Only) LABEL DESCRIPTIONS Operating Mode Select Bridge/Repeater in this field. 802.11 mode Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to associate with the ZyXEL Device. Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to associate with the ZyXEL Device. Select 802.11b+g to allow both IEEE802.
Chapter 8 Wireless Configuration Table 37 Wireless: Bridge/Repeater (NWA-3160 and NWA-3163 Only) LABEL DESCRIPTIONS TKIP (ZyAIR Series Compatible) Select this to enable Temporal Key Integrity Protocol (TKIP) security on your WDS. This option is compatible with other ZyXEL access points including that support WDS security. Use this if the other access points on your network support WDS security but do not have an AES option. Note: Check your other AP’s documentation to make sure it supports WDS security.
Chapter 8 Wireless Configuration Figure 69 Wireless: AP+Bridge See the tables describing the fields in the Access Point and Bridge/Repeater operating modes for descriptions of the fields in this screen. 8.7.5 MBSSID Mode Select MBSSID as the Operating Mode. Refer to Chapter 10 on page 139 for configuration instructions and detailed information. See Chapter 9 on page 123 for details on the security settings.
Chapter 8 Wireless Configuration 122 ZyXEL NWA-3160 Series User’s Guide
CHAPTER 9 Wireless Security Configuration This chapter describes how to use the Security and RADIUS screens to configure wireless security on your ZyXEL Device. 9.1 Wireless Security Overview Wireless security is vital to your network to protect wireless communication between wireless stations, access points and the wired network.
Chapter 9 Wireless Security Configuration Your ZyXEL Device allows you to configure up to four 64-bit, 128-bit or 152-bit WEP keys but only one key can be enabled at any one time. 9.2 802.1x Overview The IEEE 802.1x standard outlines enhanced security methods for both the authentication of wireless stations and encryption key management. Authentication can be done using a RADIUS server. 9.
Chapter 9 Wireless Security Configuration 9.4.1 User Authentication WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients using a RADIUS database. See later in this chapter and the appendices for more information on IEEE 802.1x, RADIUS, EAP and PEAP. If you don’t have a RADIUS server you should use WPA-PSK (WPA -Pre-Shared Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client.
Chapter 9 Wireless Security Configuration 3 The AP derives and distributes key information to the wireless clients. The key itself is not sent over the network, but is derived from the PSK and information exchanged between the AP and the client. 4 The AP and wireless clients use the TKIP or AES encryption process to encrypt data exchanged between them. Figure 71 WPA(2)-PSK Authentication 9.
Chapter 9 Wireless Security Configuration Figure 72 WPA(2) with RADIUS Application Example 9.6 Security Modes The following table describes the security modes you can configure. Table 38 Security Modes SECURITY MODE DESCRIPTION None Select this to have no data encryption. WEP Select this to use WEP encryption. 802.1x-Only Select this to use 802.1x authentication with no data encryption. 802.1x-Static64 Select this to use 802.
Chapter 9 Wireless Security Configuration 9.7 Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA. At the time of writing, the most widely available supplicant is the WPA patch for Windows XP, Funk Software's Odyssey client, and Meetinghouse Data Communications' AEGIS client. The Windows XP patch is a free download that adds WPA capability to Windows XP's builtin "Zero Configuration" wireless client.
Chapter 9 Wireless Security Configuration Figure 73 Wireless > Security The following table describes the labels in this screen. Table 40 WIRELESS > Security LABEL DESCRIPTION Index This is the index number of the security profile. Profile Name This field displays a name given to a security profile in the Security configuration screen. Security Mode This field displays the security mode this security profile uses.
Chapter 9 Wireless Security Configuration Figure 74 WIRELESS > Security: WEP The following table describes the labels in this screen. Table 41 Security: WEP LABEL DESCRIPTION Name Type a name to identify this security profile. Security Mode Choose WEP in this field. WEP Encryption Select Disable to allow wireless stations to communicate with the access points without any data encryption. Select 64-bit WEP, 128-bit WEP or 152-bit WEP to enable data encryption.
Chapter 9 Wireless Security Configuration Figure 75 Security: 802.1x Only The following table describes the labels in this screen. Table 42 Security: 802.1x Only LABEL DESCRIPTION Name Type a name to identify this security profile. Security Mode Choose 802.1x Only in this field. ReAuthentication Timer Specify how often wireless stations have to resend user names and passwords in order to stay connected. Enter a time interval between 10 and 9999 seconds.
Chapter 9 Wireless Security Configuration Figure 76 Security: 802.1x Static 64-bit, 802.1x Static 128-bit The following table describes the labels in this screen. Table 43 Security: 802.1x Static 64-bit, 802.1x Static 128-bit LABEL DESCRIPTION Name Type a name to identify this security profile. Security Mode Choose 802.1x Static 64 or 802.1x Static 128 in this field. ASCII Select this option to enter ASCII characters as the WEP keys.
Chapter 9 Wireless Security Configuration 9.9.4 Security: WPA Select WPA in the Security Mode field to display the following screen. Figure 77 Security: WPA The following table describes the labels in this screen. Table 44 Security: WPA LABEL DESCRIPTION Name Type a name to identify this security profile. Security Mode Choose WPA in this field. ReAuthentication Timer Specify how often wireless stations have to resend user names and passwords in order to stay connected.
Chapter 9 Wireless Security Configuration Figure 78 Security:WPA2 or WPA2-MIX The following table describes the labels not previously discussed Table 45 Security: WPA2 or WPA2-MIX LABEL DESCRIPTIONS Name Type a name to identify this security profile. Security Mode Choose WPA2 or WPA2-MIX in this field. ReAuthentication Timer Specify how often wireless stations have to resend usernames and passwords in order to stay connected. Enter a time interval between 10 and 9999 seconds.
Chapter 9 Wireless Security Configuration 9.9.6 Security: WPA-PSK, WPA2-PSK, WPA2-PSK-MIX Select WPA-PSK, WPA2-PSK or WPA2-PSK-MIX in the Security Mode field to display the following screen. Figure 79 Security: WPA-PSK, WPA2-PSK or WPA2-PSK-MIX The following table describes the labels not previously discussed Table 46 Security: WPA-PSK, WPA2-PSK or WPA2-PSK-MIX LABEL DESCRIPTION Name Type a name to identify this security profile. Security Mode Choose WPA-PSK, WPA2-PSK or WPA2-PSK-MIX in this field.
Chapter 9 Wireless Security Configuration 9.10 Introduction to RADIUS RADIUS is based on a client-sever model that supports authentication and accounting, where the access point is the client and the server is the RADIUS server. The RADIUS server handles the following tasks, among others: • Authentication Determines the identity of the users. • Accounting Keeps track of the client’s network activity. The ZyXEL Device is equipped with an internal RADIUS server. See Section 15.1 on page 177 for more details.
Chapter 9 Wireless Security Configuration Table 47 RADIUS LABEL DESCRIPTION Backup If the ZyXEL Device cannot communicate with the Primary accounting server, you can have the ZyXEL Device use a Backup RADIUS server. Make sure the Active check boxes are selected if you want to use backup servers. The ZyXEL Device will attempt to communicate three times before using the Backup servers. Requests can be issued from the client interface to use the backup server.
Chapter 9 Wireless Security Configuration 138 ZyXEL NWA-3160 Series User’s Guide
CHAPTER 10 MBSSID and SSID This chapter describes how to configure and use your ZyXEL Device’s MBSSID mode and configure SSID profiles. 10.1 Wireless LAN Infrastructures See the Wireless LAN chapter for some basic WLAN scenarios and terminology. 10.1.1 MBSSID Traditionally, you needed to use different APs to configure different Basic Service Sets (BSSs). As well as the cost of buying extra APs, there was also the possibility of channel interference.
Chapter 10 MBSSID and SSID The switch adds PVID (Port VLAN IDentity) tags to incoming frames that don’t already have tags (on switch ports where PVID is enabled). Figure 81 Multiple BSS with VLAN Example 10.1.5 Configuring Multiple BSSs Click WIRELESS > Wireless and select MBSSID in the Operating Mode drop-down list box to display the screen as shown.
Chapter 10 MBSSID and SSID The following table describes the labels in this screen. Table 48 Wireless: Multiple BSS LABEL DESCRIPTION Operating Mode Select MBSSID in this field to display the screen as shown 802.11 Mode Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to associate with the ZyXEL Device. Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to associate with the ZyXEL Device. Select 802.11b+g to allow both IEEE802.11b and IEEE802.
Chapter 10 MBSSID and SSID Table 48 Wireless: Multiple BSS LABEL DESCRIPTION Profile Select the profile(s) of the SSIDs you want to use in your wireless network. You can have up to eight BSSs running on the ZyXEL Device simultaneously, one of which is always the pre-configured VoIP_SSID profile and another of which is always the pre-configured Guest_SSID profile. Configure SSID profiles in the SSID screen.
Chapter 10 MBSSID and SSID Figure 83 SSID The following table describes the labels in this screen. Table 49 SSID LABEL DESCRIPTION Index This field displays the index number of each SSID profile. Profile Name This field displays the identification name of each SSID profile on the ZyXEL Device. SSID This field displays the name of the wireless profile on the network. When a wireless client scans for an AP to associate with, this is the name that is broadcast and seen in the wireless client utility.
Chapter 10 MBSSID and SSID • • • • WIRELESS > Security (one of the security profiles). WIRELESS > RADIUS (one of the RADIUS profiles). WIRELESS > MAC Filter (the MAC filter list, if activated in the SSID profile). WIRELESS > Layer 2 Isolation (the layer 2 isolation list, if activated in the SSID profile). • Also, use the VLAN screen to set up wireless VLANs based on SSID. Configure the fields in the above screens to use the settings in an SSID profile.
Chapter 10 MBSSID and SSID Table 50 Configuring SSID LABEL DESCRIPTION QoS Select the Quality of Service priority for this BSS’s traffic. • In the pre-configured VoIP_SSID profile, the QoS setting is VoIP. This is not user-configurable. The VoIP setting is available only on the VoIP_SSID profile, and provides the highest level of QoS. • If you select WMM from the QoS list, the priority of a data packet depends on the packet’s IEEE 802.1q or DSCP header. See Section 8.3.
Chapter 10 MBSSID and SSID 146 ZyXEL NWA-3160 Series User’s Guide
CHAPTER 11 Other Wireless Configuration This chapter describes how to configure the Layer-2 Isolation and MAC Filter screens on your ZyXEL Device. 11.1 Layer-2 Isolation Introduction Layer-2 isolation is used to prevent wireless clients associated with your ZyXEL Device from communicating with other wireless clients, APs, computers or routers in a network.
Chapter 11 Other Wireless Configuration Figure 85 Layer-2 Isolation Application MAC addresses that are not listed in the Allow devices with these MAC addresses table are blocked from communicating with the ZyXEL Device’s wireless clients except for broadcast packets. Layer-2 isolation does not check the traffic between wireless clients that are associated with the same AP. Intra-BSS Traffic allows wireless clients associated with the same AP to communicate with each other. 11.
Chapter 11 Other Wireless Configuration Figure 86 WIRELESS > Layer 2 Isolation The following table describes the labels in this screen. Table 51 WIRELESS > Layer-2 Isolation LABEL DESCRIPTION Index This is the index number of the profile. Profile Name This field displays the name given to a layer-2 isolation profile in the Layer-2 Isolation Configuration screen. Edit Select an entry from the list and click Edit to configure settings for that profile. 11.
Chapter 11 Other Wireless Configuration Figure 87 WIRELESS > Layer-2 Isolation Configuration Screen The following table describes the labels in this screen. Table 52 WIRELESS > Layer-2 Isolation Configuration LABEL DESCRIPTION Profile Name Type a name to identify this layer-2 isolation profile. Allow devices with these MAC addresses These are the MAC address of a wireless client, AP, computer or router.
Chapter 11 Other Wireless Configuration " When configuring, remember to select the correct layer-2 isolation profile in the WIRELESS > SSID > Edit screen of the relevant SSID profile. Figure 88 Layer-2 Isolation Example Configuration 00:00:c5:00:00:66 00:00:c5:00:00:cc 11.3.1.1 Layer-2 Isolation Example 1 In the following example wireless clients 1 and 2 can communicate with file server C, but not access point B or wireless client 3.
Chapter 11 Other Wireless Configuration Figure 90 Layer-2 Isolation Example 2 11.4 The MAC Filter Screen The MAC filter function allows you to configure the ZyXEL Device to give exclusive access to devices (Allow Association) or exclude devices from accessing the ZyXEL Device (Deny Association). Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
Chapter 11 Other Wireless Configuration The following table describes the labels in this screen. Table 53 WIRELESS > MAC Filter LABEL DESCRIPTION Index This is the index number of the profile. Profile Name This field displays the name given to a MAC filter profile in the MAC Filter Configuration screen. Edit Select an entry from the list and click Edit to configure settings for that profile. 11.4.
Chapter 11 Other Wireless Configuration The following table describes the labels in this screen. Table 54 MAC Address Filter " LABEL DESCRIPTION Profile Name Type a name to identify this profile. Filter Action Define the filter action for the list of MAC addresses in the MAC address filter table. Select Deny Association to block access to the router. MAC addresses not listed will be allowed to access the router. Select Allow Association to permit access to the router.
Chapter 11 Other Wireless Configuration Figure 93 Roaming Example The steps below describe the roaming process. 1 Wireless station Y moves from the coverage area of access point AP 1 to that of access point AP 2. 2 Wireless station Y scans and detects the signal of access point AP 2. 3 Wireless station Y sends an association request to access point AP 2. 4 Access point AP 2 acknowledges the presence of wireless station Y and relays this information to access point AP 1 through the wired LAN.
Chapter 11 Other Wireless Configuration Figure 94 Roaming Select the Roaming Active check box and click Apply.
CHAPTER 12 IP Screen This chapter discusses how to configure IP settings on the ZyXEL Device. 12.1 Factory Ethernet Defaults The Ethernet parameters of the ZyXEL Device are preset in the factory with the following values: 1 IP address of 192.168.1.2 2 Subnet mask of 255.255.255.0 (24 bits) These parameters should work for the majority of installations. 12.2 TCP/IP Parameters 12.2.1 WAN IP Address Assignment Every computer on the Internet must have a unique IP address.
Chapter 12 IP Screen " Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space. 12.3 Configuring IP Settings Click IP to display the screen shown next. Figure 95 IP Setup The following table describes the labels in this screen.
CHAPTER 13 Rogue AP This chapter discusses rogue wireless access points (APs) and how to configure the ZyXEL Device’s rogue AP detection feature. " Rogue AP detection features are available on the NWA-3160 and NWA-3163 only. 13.1 Rogue AP Introduction A rogue AP is a wireless access point operating in a network’s coverage area that is not a sanctioned part of that network. Rogue APs are not under the control of the network’s administrators, and can open up holes in a network’s security.
Chapter 13 Rogue AP Figure 96 Rogue AP: Example 13.2.1 “Honeypot” Attack Rogue APs need not be connected to the legitimate network to pose a severe security threat. In the following example, an attacker (X) is stationed in a vehicle outside a company building, using a rogue access point equipped with a powerful antenna.
Chapter 13 Rogue AP Figure 97 “Honeypot” Attack 13.3 Configuring Rogue AP Detection (NWA-3160 and NWA3163 Only) You can configure the ZyXEL Device to detect rogue IEEE 802.11a (5 GHz - NWA-3160 only) and IEEE 802.11b/g/n (2.4 GHz) APs. " Rogue AP detection is not available on the NWA-3165. If you have more than one AP in your wireless network, you must also configure the list of “friendly” APs.
Chapter 13 Rogue AP 13.3.1 Rogue AP: Configuration Click ROGUE AP > Configuration. The following screen appears. Figure 98 ROGUE AP > Configuration The following table describes the labels in this screen. Table 57 ROGUE AP > Configuration LABEL DESCRIPTION Enable Rogue AP Period Detection Select Yes to turn rogue AP detection on. You must also enter a time value in the Period field. Select No to turn rogue AP detection off.
Chapter 13 Rogue AP Figure 99 ROGUE AP > Friendly AP The following table describes the labels in this screen. Table 58 ROGUE AP > Friendly AP LABEL DESCRIPTION Add Friendly AP Use this section to manually add a wireless access point to the list. You must know the device’s MAC address. MAC Address Enter the MAC address of the AP you wish to add to the list. Description Enter a short, explanatory description identifying the AP with a maximum of 32 alphanumeric characters.
Chapter 13 Rogue AP Figure 100 ROGUE AP > Rogue AP The following table describes the labels in this screen. Table 59 ROGUE AP > Rogue AP 164 LABEL DESCRIPTION Rogue AP List This displays details of access points in the ZyXEL Device’s coverage area that are not listed in the friendly AP list (see Section 13.3.2 on page 162) Refresh Click this button to have the ZyXEL Device scan for rogue APs. # This is the index number of the AP’s entry in the list.
CHAPTER 14 Remote Management Screens This chapter provides information on the Remote Management screens. 14.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which of the ZyXEL Device’s interfaces (if any) from which computers. You may manage your ZyXEL Device from a remote location via: Table 60 Remote Management Overview • WLAN • ALL (LAN and WLAN) • LAN only • Neither (Disable).
Chapter 14 Remote Management Screens 14.2 Configuring Telnet You can configure your ZyXEL Device for remote Telnet access as shown next. The administrator uses Telnet from a computer on a remote network to access the ZyXEL Device. Figure 101 Telnet Configuration on a TCP/IP Network Click the REMOTE MGNT > TELNET. The following screen displays. Figure 102 Remote Management: Telnet The following table describes the labels in this screen.
Chapter 14 Remote Management Screens Table 61 Remote Management: Telnet LABEL DESCRIPTION SSH Server Certificate Select the certificate whose corresponding private key is to be used to identify the ZyXEL Device for SSH connections. You must have certificates already configured in the Certificates > My Certificates screen. Server Port You can change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
Chapter 14 Remote Management Screens Table 62 Remote Management: FTP LABEL DESCRIPTION Secured Client IP Address A secured client is a “trusted” computer that is allowed to communicate with the ZyXEL Device using this service. Select All to allow any computer to access the ZyXEL Device using this service. Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service. Apply Click Apply to save your customized settings and exit this screen.
Chapter 14 Remote Management Screens Table 63 Remote Management: WWW LABEL DESCRIPTION Server Certificate Select the Server Certificate that the ZyXEL Device will use to identify itself. The ZyXEL Device is the SSL server and must always authenticate itself to the SSL client (the computer which requests the HTTPS connection with the ZyXEL Device).
Chapter 14 Remote Management Screens Figure 105 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the ZyXEL Device). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions.
Chapter 14 Remote Management Screens 14.5.2 SNMP Traps The ZyXEL Device can send the following traps to the SNMP manager. Table 64 SNMP Traps OBJECT IDENTIFIER # (OID) TRAP NAME DESCRIPTION Generic Traps coldStart 1.3.6.1.6.3.1.1.5.1 This trap is sent after booting (power on). This trap is defined in RFC-1215. warmStart 1.3.6.1.6.3.1.1.5.2 This trap is sent after booting (software reboot). This trap is defined in RFC-1215. linkDown 1.3.6.1.6.3.1.1.5.
Chapter 14 Remote Management Screens Table 65 SNMP Interface Index to Physical and Virtual Port Mapping TYPE INTERFACE PORT Virtual enet3 ~ enet9 WLAN1 in MBSSID mode enet10 ~ enet16 WLAN2 in MBSSID mode enet17 ~ enet21 WLAN1 in WDS mode (NWA-3160 and NWA-3163 only) enet22 ~ enet26 WLAN2 in WDS mode (NWA-3160 and NWA-3163 only) 14.6.1 SNMP v3 and Security SNMP v3 enhances security for SNMP management.
Chapter 14 Remote Management Screens Figure 106 Remote Management: SNMP The following table describes the labels in this screen. Table 66 Remote Management: SNMP LABEL DESCRIPTION SNMP Configuration Get Community Enter the Get Community, which is the password for the incoming Get and GetNext requests from the management station. The default is public and allows all requests. Set Community Enter the Set Community, which is the password for incoming Set requests from the management station.
Chapter 14 Remote Management Screens Table 66 Remote Management: SNMP LABEL DESCRIPTION Configure SNMPv3 User Profile (NWA-3165 Only) Click this to go to the SNMPv3 User Profile screen, where you can configure administration and user login details. SNMP Service Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
Chapter 14 Remote Management Screens The following table describes the labels in this screen. Table 67 Remote Management: SNMP User Profile LABEL DESCRIPTION Enable SNMPv3Admin Select this box to activate the SNMPv3 administration account. The SNMPv3 administrator can issue Get and Set commands to the ZyXEL Device. User Name Enter a username for the SNMPv3 administrator. Only SNMP commands carrying this username are allowed to administer the ZyXEL Device.
Chapter 14 Remote Management Screens 176 ZyXEL NWA-3160 Series User’s Guide
CHAPTER 15 Internal RADIUS Server The ZyXEL Device can use its internal RADIUS server to authenticate wireless clients. It can also serve as a RADIUS server to authenticate other APs and their wireless clients. For more background information on RADIUS, see Section 9.10 on page 136. 15.1 Internal RADIUS Overview The ZyXEL Device has a built-in RADIUS server that can authenticate wireless clients or other trusted APs. The ZyXEL Device can function as an AP and as a RADIUS server at the same time.
Chapter 15 Internal RADIUS Server " The internal RADIUS server does not support domain accounts (DOMAIN/user). When you configure your Windows XP SP2 Wireless Zero Configuration PEAP/ MS-CHAPv2 settings, deselect the Use Windows logon name and password check box. When authentication begins, a pop-up dialog box requests you to type a Name, Password and Domain of the RADIUS server. Specify a name and password only, do not specify a domain. Click AUTH. SERVER > Setting. The screen appears as shown.
Chapter 15 Internal RADIUS Server Table 68 Internal RADIUS Server Setting Screen Setting (continued) LABEL DESCRIPTION Type This field displays what kind of certificate this is. REQ represents a certification request and is not yet a valid certificate. Send a certification request to a certification authority, which then issues a certificate. Use the My Certificate Import screen to import the certificate and replace the request. SELF represents a self-signed certificate.
Chapter 15 Internal RADIUS Server Figure 109 Trusted AP Overview ZyXEL RADIUS Server Trusted APs Wireless clients 1 Configure an IP address and shared secret in the Trusted AP database to authenticate an AP as a trusted AP. 2 Configure wireless client user names and passwords in the Trusted Users database to use a trusted AP as a relay between the ZyXEL Device’s internal RADIUS server and the wireless clients. The wireless clients can then be authenticated by the ZyXEL Device’s internal RADIUS server.
Chapter 15 Internal RADIUS Server Figure 110 Trusted AP Screen The following table describes the labels in this screen. Table 69 Trusted AP LABEL DESCRIPTION # This field displays the trusted AP index number. Active Select this check box to have the ZyXEL Device use the IP Address and Shared Secret to authenticate a trusted AP. IP Address Type the IP address of the trusted AP in dotted decimal notation.
Chapter 15 Internal RADIUS Server Figure 111 Trusted Users Screen The following table describes the labels in this screen. Table 70 Trusted Users LABEL DESCRIPTION # This field displays the trusted user index number. Active Select this check box to have the ZyAIR authenticate wireless clients with the same user name and password activated on their wireless utilities. User Name Enter the user name for this user account. This name can be up to 31 alphanumeric characters long, including spaces.
CHAPTER 16 Certificates This chapter gives background information about public-key certificates and explains how to use them. 16.1 Certificates Overview The ZyXEL Device can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication.
Chapter 16 Certificates Certification authorities maintain directory servers with databases of valid and revoked certificates. A directory of certificates that have been revoked before the scheduled expiration is called a CRL (Certificate Revocation List). The ZyXEL Device can check a peer’s certificate against a directory server’s list of revoked certificates. The framework of servers, software, procedures and policies that handles keys is called PKI (public-key infrastructure). 16.1.
Chapter 16 Certificates Figure 113 Certificate Details 4 Use a secure method to verify that the certificate owner has the same information in the Thumbprint Algorithm and Thumbprint fields. The secure method may vary according to your situation. Possible examples would be over the telephone or through an HTTPS connection. 16.4 Configuration Summary This section summarizes how to manage certificates.
Chapter 16 Certificates Figure 114 My Certificates The following table describes the labels in this screen. Table 71 My Certificates 186 LABEL DESCRIPTION PKI Storage Space in Use This bar displays the percentage of the ZyXEL Device’s PKI storage space that is currently in use. When you are using 80% or less of the storage space, the bar is green. When the amount of space used is over 80%, the bar is red.
Chapter 16 Certificates Table 71 My Certificates (continued) LABEL DESCRIPTION Valid From This field displays the date that the certificate becomes applicable. The text displays in red and includes a Not Yet Valid! message if the certificate has not yet become applicable. Valid To This field displays the date that the certificate expires. The text displays in red and includes an Expiring! or Expired! message if the certificate is about to expire or has already expired.
Chapter 16 Certificates 16.7 Importing a Certificate Click CERTIFICATES > My Certificates and then Import to open the My Certificate Import screen. Follow the instructions in this screen to save an existing certificate to the ZyXEL Device. " " " You can import only a certificate that matches a corresponding certification request that was generated by the ZyXEL Device. The certificate you import replaces the corresponding request in the My Certificates screen.
Chapter 16 Certificates Table 72 My Certificate Import LABEL DESCRIPTION Apply Click Apply to save the certificate on the ZyXEL Device. Cancel Click Cancel to quit and return to the My Certificates screen. 16.8 Creating a Certificate Click CERTIFICATES > My Certificates and then Create to open the My Certificate Create screen.
Chapter 16 Certificates Table 73 My Certificate Create (continued) 190 LABEL DESCRIPTION Common Name Select a radio button to identify the certificate’s owner by IP address, domain name or e-mail address. Type the IP address (in dotted decimal notation), domain name or e-mail address in the field provided. The domain name or email address can be up to 31 ASCII characters. The domain name or e-mail address is for identification purposes only and can be any string.
Chapter 16 Certificates Table 73 My Certificate Create (continued) LABEL DESCRIPTION Request Authentication When you select Create a certification request and enroll for a certificate immediately online, the certification authority may want you to include a reference number and key to identify you when you send a certification request. Fill in both the Reference Number and the Key fields if your certification authority uses CMP enrollment protocol.
Chapter 16 Certificates Figure 117 My Certificate Details The following table describes the labels in this screen. Table 74 My Certificate Details 192 LABEL DESCRIPTION Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this certificate. You may use any character (not including spaces). Property Default self-signed certificate which signs the imported remote host certificates.
Chapter 16 Certificates Table 74 My Certificate Details (continued) LABEL DESCRIPTION Certificate Path Click the Refresh button to have this read-only text box display the hierarchy of certification authorities that validate the certificate (and the certificate itself). If the issuing certification authority is one that you have imported as a trusted certification authority, it may be the only certification authority in the list (along with the certificate itself).
Chapter 16 Certificates Table 74 My Certificate Details (continued) LABEL DESCRIPTION SHA1 Fingerprint This is the certificate’s message digest that the ZyXEL Device calculated using the SHA1 algorithm. Certificate in PEM (Base-64) Encoded Format This read-only text box displays the certificate or certification request in Privacy Enhanced Mail (PEM) format. PEM uses 64 ASCII characters to convert the binary certificate into a printable form.
Chapter 16 Certificates The following table describes the labels in this screen. Table 75 Trusted CAs LABEL DESCRIPTION PKI Storage Space in Use This bar displays the percentage of the ZyXEL Device’s PKI storage space that is currently in use. When you are using 80% or less of the storage space, the bar is green. When the amount of space used is over 80%, the bar is red. When the bar is red, you should consider deleting expired or unnecessary certificates before adding more certificates.
Chapter 16 Certificates " You must remove any spaces from the certificate’s filename before you can import the certificate. Figure 119 Trusted CA Import The following table describes the labels in this screen. Table 76 Trusted CA Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it. Browse Click Browse to find the certificate file you want to upload. Apply Click Apply to save the certificate on the ZyXEL Device.
Chapter 16 Certificates Figure 120 Trusted CA Details The following table describes the labels in this screen. Table 77 Trusted CA Details LABEL DESCRIPTION Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this key certificate. You may use any character (not including spaces).
Chapter 16 Certificates Table 77 Trusted CA Details (continued) 198 LABEL DESCRIPTION Certificate Information These read-only fields display detailed information about the certificate. Type This field displays general information about the certificate. CA-signed means that a Certification Authority signed the certificate. Self-signed means that the certificate’s owner signed the certificate (not a certification authority). X.
Chapter 16 Certificates Table 77 Trusted CA Details (continued) LABEL DESCRIPTION SHA1 Fingerprint This is the certificate’s message digest that the ZyXEL Device calculated using the SHA1 algorithm. You cannot use this value to verify that this is the remote host’s actual certificate because the ZyXEL Device has signed the certificate; thus causing this value to be different from that of the remote host’s actual certificate. See Section 16.
Chapter 16 Certificates 200 ZyXEL NWA-3160 Series User’s Guide
CHAPTER 17 Log Screens This chapter contains information about configuring general log settings and viewing the ZyXEL Device’s logs. 17.1 Configuring View Log The web configurator allows you to look at all of the ZyXEL Device’s logs in one location. Click LOGS > View Log. Use the View Log screen to see the logs for the categories that you selected in the Log Settings screen (see Figure 122 on page 203). Options include logs about system maintenance, system errors and access control.
Chapter 17 Log Screens Table 78 View Log LABEL DESCRIPTION Notes This field displays additional information about the log entry. Email Log Now Click Email Log Now to send the log screen to the e-mail address specified in the Log Settings page. Refresh Click Refresh to renew the log screen. Clear Log Click Clear Log to clear all the logs. 17.2 Configuring Log Settings To change your ZyXEL Device’s log settings, click LOGS > Log Settings. The screen appears as shown.
Chapter 17 Log Screens Figure 122 Log Settings The following table describes the labels in this screen. Table 79 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and alert messages will not be sent via e-mail. Mail Subject Type a title that you want to be in the subject line of the log e-mail message that the ZyXEL Device sends.
Chapter 17 Log Screens Table 79 Log Settings LABEL Log Facility DESCRIPTION Select a location from the drop down list box. The log facility allows you to log the messages to different files in the syslog server. Refer to the documentation of your syslog program for more details. Send Log Log Schedule This drop-down menu is used to configure the frequency of log messages being sent as E-mail: • Daily • Weekly • Hourly • When Log is Full • None.
Chapter 17 Log Screens Table 80 System Maintenance Logs LOG MESSAGE DESCRIPTION TELNET Login Successfully Someone has logged on to the router via telnet. TELNET Login Fail Someone has failed to log on to the router via telnet. FTP Login Successfully Someone has logged on to the router via FTP. FTP Login Fail Someone has failed to log on to the router via FTP.
Chapter 17 Log Screens Table 81 ICMP Notes (continued) TYPE CODE DESCRIPTION Information Reply 16 0 Information reply message Table 82 Sys log LOG MESSAGE Mon dd hr:mm:ss hostname src="" dst="" msg="" note="" DESCRIPTION This message is sent by the "RAS" when this syslog is generated. The messages and notes are defined in this appendix’s other charts. 17.
Chapter 17 Log Screens 17.5 Log Command Example This example shows how to set the ZyXEL Device to record the error logs and alerts and then view the results. ras> ras> ras> ras> sys sys sys sys logs logs logs logs load category error 3 save display access #. time source 0 | 11/11/2002 15:10:12 | 172.22.3.80:137 ZyXEL NWA-3160 Series User’s Guide | destination 172.22.255.
Chapter 17 Log Screens 208 ZyXEL NWA-3160 Series User’s Guide
CHAPTER 18 VLAN This chapter discusses how to configure VLAN on the ZyXEL Device. 18.1 VLAN A VLAN (Virtual Local Area Network) allows a physical network to be partitioned into multiple logical networks. Stations on a logical network can belong to one or more groups. Only stations within the same group can talk to each other. 18.1.1 Management VLAN ID The Management VLAN ID identifies the “management VLAN”.
Chapter 18 VLAN 18.2 Configuring VLAN The ZyXEL Device allows you to configure VLAN based on SSID profile (wireless VLAN), and / or based on your RADIUS server (RADIUS VLAN). • When you use wireless VLAN, the ZyXEL Device tags all packets from an SSID with the VLAN ID you set in the Wireless VLAN screen. • When you use RADIUS VLAN, your RADIUS server assigns VLAN IDs to a user or user group’s traffic based on the configuration in the RADIUS VLAN screen.
Chapter 18 VLAN Figure 123 WIRELESS VLAN The following table describes the labels in this screen Table 84 WIRELESS VLAN FIELD DESCRIPTION Enable VIRTUAL LAN Select this box to enable VLAN tagging. Management VLAN ID Enter a number from 1 to 4094 to define this VLAN group. At least one device in your network must belong to this VLAN group in order to manage the ZyXEL Device. Note: Mail and FTP servers must have the same management VLAN ID to communicate with the ZyXEL Device. See Section 18.2.
Chapter 18 VLAN Table 84 WIRELESS VLAN FIELD DESCRIPTION VLAN ID Enter a VLAN ID number from 1 to 4094. Packets coming from the WLAN using this SSID profile are tagged with the VLAN ID number by the ZyXEL Device. Different SSID profiles can use the same or different VLAN IDs. This allows you to split wireless stations into groups using similar VLAN IDs. Second Rx VLAN ID Enter a number from 1 to 4094, but different from the VLAN ID.
Chapter 18 VLAN The following table describes the labels in this screen. Table 85 RADIUS VLAN LABEL DESCRIPTION Block station if RADIUS server assign VLAN name error Select this to have the ZyXEL Device forbid access to wireless clients when the VLAN attributes sent from the RADIUS server do not match a configured Name field. When you select this check box, only users with names configured in this screen can access the network through the ZyXEL Device.
Chapter 18 VLAN Figure 125 Management VLAN Configuration Example Perform the following steps in the switch web configurator: 1 2 3 4 5 Click VLAN under Advanced Application. Click Static VLAN. Select the ACTIVE check box. Type a Name for the VLAN ID. Type a VLAN Group ID. This should be the same as the management VLAN ID on the ZyXEL Device. 6 Enable Tx Tagging on the port which you want to connect to the ZyXEL Device. Disable Tx Tagging on the port you are using to connect to your computer.
Chapter 18 VLAN Figure 128 VLAN-Aware Switch - VLAN Status Follow the instructions in the Quick Start Guide to set up your ZyXEL Device for configuration. The ZyXEL Device should be connected to the VLAN-aware switch. In the above example, the switch is using port 1 to connect to your computer and port 2 to connect to the ZyXEL Device: Figure 125 on page 214. 1 In the ZyXEL Device web configurator click VLAN to open the VLAN setup screen.
Chapter 18 VLAN 18.2.4 Configuring Microsoft’s IAS Server Example Dynamic VLAN assignment can be used with the ZyXEL Device. Dynamic VLAN assignment allows network administrators to assign a specific VLAN (configured on the ZyXEL Device) to an individual’s Windows User Account. When a wireless station is successfully authenticated to the network, it is automatically placed into it’s respective VLAN.
Chapter 18 VLAN Figure 130 New Global Security Group 2 In VLAN Group ID Properties, click the Members tab. • The IAS uses group memberships to determine which user accounts belong to which VLAN groups. Click the Add button and configure the VLAN group details. 3 Repeat the previous step to add each VLAN group required. Figure 131 Add Group Members 18.2.4.2 Configuring Remote Access Policies Once the VLAN Groups have been created, the IAS Remote Access Policy needs to be defined.
Chapter 18 VLAN • Enter a Policy friendly name that describes the policy. Each Remote Access Policy will be matched to one VLAN Group. An example may be, Allow - VLAN 10 Policy. • Click Next. Figure 132 New Remote Access Policy for VLAN Group 2 The Conditions window displays. Select Add to add a condition for this policy to act on. 3 In the Select Attribute screen, click Windows-Groups and the Add button. Figure 133 Specifying Windows-Group Condition 4 The Select Groups window displays.
Chapter 18 VLAN Figure 134 Adding VLAN Group 6 When the Permissions options screen displays, select Grant remote access permission. • Click Next to grant access based on group membership. • Click the Edit Profile button. Figure 135 Granting Permissions and User Profile Screens 7 The Edit Dial-in Profile screen displays. Click the Authentication tab and select the Extensible Authentication Protocol check box. • Select an EAP type depending on your authentication needs from the drop-down list box.
Chapter 18 VLAN Figure 136 Authentication Tab Settings 8 Click the Encryption tab. Select the Strongest encryption option. This step is not required for EAP-MD5, but is performed as a safeguard. Figure 137 Encryption Tab Settings 9 Click the IP tab and select the Client may request an IP address check box for DHCP support. 10 Click the Advanced tab. The current default parameters returned to the ZyXEL Device should be Service-Type and Framed-Protocol.
Chapter 18 VLAN Figure 138 Connection Attributes Screen 11 The RADIUS Attribute screen displays. From the list, three RADIUS attributes will be added: • Tunnel-Medium-Type • Tunnel-Pvt-Group-ID • Tunnel-Type • Click the Add button • Select Tunnel-Medium-Type • Click the Add button. Figure 139 RADIUS Attribute Screen 12 The Enumerable Attribute Information screen displays. Select the 802 value from the Attribute value drop-down list box. • Click OK.
Chapter 18 VLAN Figure 140 802 Attribute Setting for Tunnel-Medium-Type 13 Return to the RADIUS Attribute Screen shown as Figure 139 on page 221. • Select Tunnel-Pvt-Group-ID. • Click Add. 14 The Attribute Information screen displays. • In the Enter the attribute value in: field select String and type a number in the range 1 to 4094 or a Name for this policy. This Name should match a name in the VLAN mapping table on the ZyXEL Device.
Chapter 18 VLAN Figure 142 VLAN Attribute Setting for Tunnel-Type 17 Return to the RADIUS Attribute Screen shown as Figure 139 on page 221. • Click the Close button. • The completed Advanced tab configuration should resemble the following screen. Figure 143 Completed Advanced Tab " Repeat the Configuring Remote Access Policies procedure for each VLAN Group defined in the Active Directory.
Chapter 18 VLAN 18.2.5 Second Rx VLAN ID Example In this example, the ZyXEL Device is configured to tag packets from SSID01 with VLAN ID 1 and tag packets from SSID02 with VLAN ID 2. VLAN 1 and VLAN 2 have access to a server, S, and the Internet, as shown in the following figure. Figure 144 Second Rx VLAN ID Example Packets sent from the server S back to the switch are tagged with a VLAN ID (incoming VLAN ID). These incoming VLAN packets are forwarded to the ZyXEL Device.
Chapter 18 VLAN 5 Enter a Second Rx VLAN ID. The following screen shows SSID03 tagged with a VLAN ID of 3 and a Second Rx VLAN ID of 4. Figure 145 Configuring SSID: Second Rx VLAN ID Example 6 Click Apply to save these settings. Outgoing packets from clients in SSID03 are tagged with a VLAN ID of 3, and incoming packets with a VLAN ID of 3 or 4 are forwarded to SSID03.
Chapter 18 VLAN 226 ZyXEL NWA-3160 Series User’s Guide
CHAPTER 19 Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 19.1 Maintenance Overview The maintenance screens can help you view system information, upload new firmware, manage configuration and restart your ZyXEL Device. 19.2 System Status Screen (NWA-3160 and NWA-3163 Only) Click MAINTENANCE to open the System Status screen, where you can see information about your ZyXEL Device.
Chapter 19 Maintenance 19.2.1 System Statistics Click Maintenance > Show Statistics. Read-only information here includes port status, packet specific statistics and bridge link status. Also provided are "system up time" and "poll interval(s)". The Poll Interval field is configurable. The fields in this screen vary according to the current wireless mode. Figure 147 System Status: Show Statistics The following table describes the labels in this screen.
Chapter 19 Maintenance Figure 148 Association List The following table describes the labels in this screen. Table 89 Association List LABEL DESCRIPTION Stations Index This is the index number of an associated wireless station. MAC Address This field displays the MAC address of an associated wireless station. Association Time This field displays the time a wireless station first associated with the ZyXEL Device. SSID This field displays the SSID to which the wireless station is associated.
Chapter 19 Maintenance The following table describes the labels in this screen. Table 90 Channel Usage LABEL DESCRIPTION SSID This is the Service Set IDentification name of the AP in an Infrastructure wireless network or wireless station in an Ad-Hoc wireless network. For our purposes, we define an Infrastructure network as a wireless network that uses an AP and an Ad-Hoc network (also known as Independent Basic Service Set (IBSS)) as one that doesn’t.
Chapter 19 Maintenance Table 91 Firmware Upload 1 LABEL DESCRIPTION Browse... Click Browse... to find the .bin file you want to upload. Remember that you must decompress compressed (.zip) files before you can upload them. Upload Click Upload to begin the upload process. This process may take up to two minutes. Do not turn off the ZyXEL Device while firmware upload is in progress! After you see the Firmware Upload in Process screen, wait two minutes before logging into the ZyXEL Device again.
Chapter 19 Maintenance Figure 153 Firmware Upload Error 19.6 Configuration Screen See Chapter 26 on page 257 for information on how to transfer configuration files using FTP/ TFTP commands. Click MAINTENANCE > Configuration. Information related to factory defaults, backup configuration, and restoring configuration appears as shown next. Figure 154 Configuration 19.6.1 Backup Configuration Backup configuration allows you to back up (save) the ZyXEL Device’s current configuration to a file on your computer.
Chapter 19 Maintenance 19.6.2 Restore Configuration Restore configuration allows you to upload a new or previously saved configuration file from your computer to your ZyXEL Device. Table 92 Restore Configuration 1 LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse... Click Browse... to find the file you want to upload. Remember that you must decompress compressed (.ZIP) files before you can upload them.
Chapter 19 Maintenance Figure 157 Configuration Upload Error 19.6.3 Back to Factory Defaults Pressing the Reset button in this section clears all user-entered configuration information and returns the ZyXEL Device to its factory defaults as shown on the screen. The following warning screen will appear. Figure 158 Reset Warning Message You can also press the RESET button to reset your ZyXEL Device to its factory default settings. Refer to Section 2.2 on page 44 for more information. 19.
P ART III SMT, Troubleshooting and Specifications Introducing the SMT (237) General Setup (243) LAN Setup (245) SNMP Configuration (247) System Password (249) System Information and Diagnosis (251) Firmware and Configuration File Maintenance (257) System Maintenance and Information (263) Troubleshooting (271) Product Specifications (277) 235
CHAPTER 20 Introducing the SMT This chapter describes how to access the SMT and provides an overview of its menus. " At the time of writing, only the NWA-3165 provides an SMT. 20.1 Introduction to the SMT The ZyXEL Device’s SMT (System Management Terminal) is a menu-driven interface that you can access from a terminal emulator through the console port or over a telnet connection.
Chapter 20 Introducing the SMT Figure 160 Initial Screen Bootbase Version: V1.05 | 03/23/2007 11:39:53 RAM:Size = 32 Mbytes DRAM POST: Testing: 32608K OK DRAM Test SUCCESS ! FLASH: AMD 32M ZyNOS Version: V3.60(AAL.0)b1 | 04/13/2007 19:40:56 Press any key to enter debug mode within 3 seconds. .......................................................... .. Copyright (c) 1994 - 2008 ZyXEL Communications Corp.
Chapter 20 Introducing the SMT " Whether or not you use administrator authentication on RADIUS, you still use the local system password to log in via the console port. Please note that if there is no activity for longer than five minutes after you log in, your ZyXEL Device will automatically log you out and display a blank screen. If you see a blank screen, press [ENTER] to bring up the login screen again. Figure 161 Password Screen Enter Password : XXXX 20.
Chapter 20 Introducing the SMT Figure 163 Menu 23 System Password Menu 23 – System Password Old Password= **** New Password= ? Retype to confirm= ? Enter here to CONFIRM or ESC to CANCEL: 3 Type your new system password in the New Password field (up to 30 characters), and press [ENTER]. 4 Re-type your new system password in the Retype to confirm field for confirmation and press [ENTER]. Note that as you type a password, the screen displays an asterisk “*” for each character you type. 20.
Chapter 20 Introducing the SMT Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below. Table 94 Main Menu Commands OPERATION KEYSTROKE DESCRIPTION Move down to another menu [ENTER] To move forward to a submenu, type in the number of the desired submenu and press [ENTER]. Move up to a previous menu [ESC] Press [ESC] to move back to the previous menu.
Chapter 20 Introducing the SMT Figure 164 SMT Main Menu Copyright (c) 1994 - 2008 ZyXEL Communications Corp. NWA-3160 Main Menu Getting Started 1. General Setup 3. LAN Setup Advanced Management 22. SNMP Configuration 23. System Security 24. System Maintenance 99. Exit Enter Menu Selection Number: 20.6.1 System Management Terminal Interface Summary Table 95 Main Menu Summary # MENU TITLE DESCRIPTION 1 General Setup Use this menu to set up your general information.
CHAPTER 21 General Setup The chapter shows you the information on general setup. 21.1 General Setup Menu 1 – General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. The Domain Name entry is what is propagated to the DHCP clients on the LAN. While you must enter the host name (System Name) on each individual computer, the domain name can be assigned from the ZyXEL Device via DHCP. 21.1.
Chapter 21 General Setup Table 96 Menu 1 General Setup FIELD DESCRIPTION IP Address Enter the IP addresses of the DNS servers. This field is available when you select User-Defined in the field above. When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ESC] at any time to cancel.
CHAPTER 22 LAN Setup This chapter shows you how to configure the LAN on your ZyXEL Device. 22.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 – LAN Setup. From the main menu, enter “3” to display menu 3. Figure 166 Menu 3 LAN Setup Menu 3 - LAN Setup 2. TCP/IP Setup Enter Menu Selection Number: Detailed explanation about the LAN Setup menu is given in the next chapter. 22.2 TCP/IP Ethernet Setup Use menu 3.2 to configure your ZyXEL Device for TCP/IP. To edit menu 3.
Chapter 22 LAN Setup Follow the instructions in the following table on how to configure the fields in this menu. Table 97 Menu 3.2 TCP/IP Setup FIELD DESCRIPTION IP Address Assignment Press [SPACE BAR] and then [ENTER] to select Dynamic to have the ZyXEL Device obtain an IP address from a DHCP server. You must know the IP address assigned to the ZyXEL Device (by the DHCP server) to access the ZyXEL Device again. Select Static to give the ZyXEL Device a fixed, unique IP address.
CHAPTER 23 SNMP Configuration This chapter explains SNMP Configuration menu 22. See the web configurator chapter on SNMP for background information. " This menu is available in the NWA-3160 and NWA-3163 only. 23.1 SNMP Configuration To configure SNMP, select option 22 from the main menu to open Menu 22 – SNMP Configuration as shown next. The “community” for Get, Set and Trap fields is SNMP terminology for password.
Chapter 23 SNMP Configuration Table 98 Menu 22 SNMP Configuration FIELD DESCRIPTION Trap: Community Type the trap community, which is the password sent with each trap to the SNMP manager. Destination Type the IP address of the station to send your SNMP traps to. When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.
CHAPTER 24 System Password This chapter describes how to configure the ZyXEL Device’s system password. 24.1 System Password You can configure the system password in this menu. Refer to Section 20.4 on page 239. Figure 169 Menu 23 System Password Menu 23 – System Password Old Password= ? New Password= ? Retype to confirm= ? Enter here to CONFIRM or ESC to CANCEL: You should change the default password. If you forget your password you have to restore the default configuration file. Refer to Section 2.
Chapter 24 System Password 250 ZyXEL NWA-3160 Series User’s Guide
CHAPTER 25 System Information and Diagnosis This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software. This chapter describes how to use these tools in detail. Type “24” in the main menu and press [ENTER] to open Menu 24 – System Maintenance, as shown in the following figure. Figure 170 Menu 24 System Maintenance Menu 24 - System Maintenance 1. 2. 3. 4.
Chapter 25 System Information and Diagnosis Figure 171 Menu 24.1 System Maintenance: Status Port Status Ethernet 100M/Full WLAN1 54M WLAN2 Down Menu 24.1 - System Maintenance - Status 00:15:06 Sat. Jan. 01, 2000 TxPkts 761 515 0 Rx B/s 192 0 0 Port Ethernet Address Ethernet 00:19:CB:1C:08:2A WLAN1 00:19:CB:1C:08:2A WLAN2 00:00:00:00:00:00 RxPkts 366 0 0 Cols 0 0 0 IP Address 192.168.1.2 Tx B/s 305 64 0 IP Mask 255.255.255.
Chapter 25 System Information and Diagnosis 25.2 System Information To get to the System Information: 1 Enter “24” to display Menu 24 – System Maintenance. 2 Enter “2” to display Menu 24.2 – System Information and Console Port Speed. 3 From this menu you have two choices as shown in the next figure: Figure 172 Menu 24.2 System Information and Console Port Speed Menu 24.2 - System Information and Console Port Speed 1. System Information 2.
Chapter 25 System Information and Diagnosis Table 100 Menu 24.2.1 System Maintenance: Information FIELD DESCRIPTION ZyNOS F/W Version Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. Country Code Refers to the country code of the firmware. LAN Ethernet Address Refers to the Ethernet MAC (Media Access Control) of your ZyXEL Device.
Chapter 25 System Information and Diagnosis Figure 175 Menu 24.3 System Maintenance: Log and Trace Menu 24.3 - System Maintenance - Log and Trace 1. View Error Log Please enter selection: 3 Enter 1 from Menu 24.3 – System Maintenance – Log and Trace and press [ENTER] twice to display the error log in the system. After the ZyXEL Device finishes displaying the error log, you will have the option to clear it. Samples of typical error and information messages are presented in the next figure.
Chapter 25 System Information and Diagnosis The following table describes the diagnostic tests available in menu 24.4 for your ZyXEL Device and the connections. Table 101 Menu 24.4 System Maintenance Menu: Diagnostic 256 FIELD DESCRIPTION Ping Host Ping the host to see if the links and TCP/IP protocol on both systems are working. DHCP Release Release the IP address assigned by the DHCP server. DHCP Renewal Get a new IP address from the DHCP server. Reboot System Reboot the ZyXEL Device.
CHAPTER 26 Firmware and Configuration File Maintenance This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files using the SMT screens. 26.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password and TCP/IP Setup, etc. It arrives from ZyXEL with a rom filename extension.
Chapter 26 Firmware and Configuration File Maintenance The following table is a summary. Please note that the internal filename refers to the filename on the ZyXEL Device and the external filename refers to the filename not on the ZyXEL Device, that is, on your computer, local network or FTP site and so the name (but not the extension) will vary. After uploading new firmware see the ZyNOS F/W Version field in Menu 24.2.
Chapter 26 Firmware and Configuration File Maintenance Figure 178 FTP Session Example 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 327680 bytes sent in 1.10Seconds 297.89Kbytes/sec. ftp> quit The following table describes some of the commands that you may see in third party FTP clients.
Chapter 26 Firmware and Configuration File Maintenance 5 Use the TFTP client (see the example below) to transfer files between the ZyXEL Device and the computer. The file name for the configuration file is rom-0 (rom-zero, not capital o). Note that the telnet connection must be active and the SMT in CI mode before and during the TFTP transfer. For details on TFTP commands (see following example), please consult the documentation of your TFTP client program.
Chapter 26 Firmware and Configuration File Maintenance 4 Enter “root” and your SMT password as requested. The default is 1234. 5 Enter “bin” to set transfer mode to binary. 6 Use “put” to transfer files from the computer to the ZyXEL Device for example “put firmware.bin ras” transfers the firmware on your computer (firmware.bin) to the ZyXEL Device and renames it “ras”. Similarly “put config.rom rom-0” transfers the configuration file on your computer (config.
Chapter 26 Firmware and Configuration File Maintenance Note that the telnet connection must be active and the SMT in CI mode before and during the TFTP transfer. For details on TFTP commands (see following example), please consult the documentation of your TFTP client program. For UNIX, use “get” to transfer from the ZyXEL Device to the computer, “put” the other way around, and “binary” to set binary transfer mode. 26.3.
CHAPTER 27 System Maintenance and Information This chapter leads you through SMT menus 24.8 and 24.10. 27.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the main system firmware. The CI provides much of the same functionality as the SMT, while adding some low-level setup and diagnostic functions. Enter the CI from the SMT by selecting menu 24.8. See the included disk or the zyxel.com web site for more detailed information on CI commands. Enter 8 from Menu 24 – System Maintenance.
Chapter 27 System Maintenance and Information " Not all commands are available in all models. Figure 181 Valid CI Commands Copyright (c) 1994 - 2008 ZyXEL Communications Corp. NWA-3160> help or ? Valid commands are: sys exit ether wlan ip bridge bm certificates radius 8021x radserv wcfg rogueAP NWA-3160> 27.1.1 Command Syntax • • • • • The command keywords are in courier new font. Enter the command keywords exactly as shown, do not abbreviate.
Chapter 27 System Maintenance and Information This command sets the password protection to block all access attempts for five minutes after the third time an incorrect password is entered. 27.2 Time and Date Setting The ZyXEL Device keeps track of the time and date. There is also a software mechanism to set the time manually or get the current time and date from an external server when you turn on your ZyXEL Device. Menu 24.10 allows you to update the time and date settings of your ZyXEL Device.
Chapter 27 System Maintenance and Information Table 106 System Maintenance: Time and Date Setting FIELD DESCRIPTION New Time Enter the new time in hour, minute and second format. Current Date This field displays an updated date only when you re-enter this menu. New Date Enter the new date in year, month and day format. Time Zone Press [SPACE BAR] and then [ENTER] to set the time difference between your time zone and Greenwich Mean Time (GMT).
Chapter 27 System Maintenance and Information Figure 183 Telnet Configuration on a TCP/IP Network 27.3.2 FTP You can upload and download ZyXEL Device firmware and configuration files using FTP. To use this feature, your computer must have an FTP client. 27.3.3 Web You can use the ZyXEL Device’s embedded web configurator for configuration and file management. See the online help for details. 27.3.4 Remote Management Setup Remote management setup is for managing Telnet, FTP and Web services.
Chapter 27 System Maintenance and Information Figure 184 Menu 24.11 Remote Management Control Menu 24.11 - Remote Management Control TELNET Server: FTP Server: SSH Server HTTPS Server: HTTP Server: SNMP Service: DNS Service: Port = 23 Access = ALL Secure Client IP = 0.0.0.0 Port = 21 Access = ALL Secure Client IP = 0.0.0.0 Certificate = auto_generated_self-signed-cert Port = 22 Access = ALL Secure Client IP = 0.0.0.
Chapter 27 System Maintenance and Information 27.3.5 Remote Management Limitations Remote management over LAN or WAN will not work when: 1 You have disabled that service in menu 24.11. 2 The IP address in the Secured Client IP field (menu 24.11) does not match the client IP address. If it does not match, the ZyXEL Device will disconnect the session immediately. 3 There is already another remote management session of the same type (Telnet, FTP or Web) running.
Chapter 27 System Maintenance and Information 270 ZyXEL NWA-3160 Series User’s Guide
CHAPTER 28 Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • • • • Power, Hardware Connections, and LEDs ZyXEL Device Access and Login Internet Access Wireless Router/AP Troubleshooting 28.1 Power, Hardware Connections, and LEDs V The ZyXEL Device does not turn on. None of the LEDs turn on. 1 Make sure you are using the power adaptor or cord included with the ZyXEL Device.
Chapter 28 Troubleshooting 28.2 ZyXEL Device Access and Login V I forgot the IP address for the ZyXEL Device. 1 The default IP address is 192.168.1.2. 2 If you changed the IP address and have forgotten it, you might get the IP address of the ZyXEL Device by looking up the IP address of the default gateway for your computer. To do this in most Windows computers, click Start > Run, enter “cmd”, and then enter “ipconfig”.
Chapter 28 Troubleshooting Advanced Suggestions • Try to access the ZyXEL Device using another service, such as Telnet. If you can access the ZyXEL Device, check the remote management settings to find out why the ZyXEL Device does not respond to HTTP. • If your computer is connected to the WAN port or is connected wirelessly, use a computer that is connected to a LAN/ETHERNET port. V I can see the Login screen, but I cannot log in to the ZyXEL Device.
Chapter 28 Troubleshooting 28.3 Internet Access V I cannot access the Internet. 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 28.1 on page 271. 2 Make sure you entered your ISP account information correctly. These fields are casesensitive, so make sure [Caps Lock] is not on. 3 If you are trying to access the Internet wirelessly, make sure the wireless settings on the wireless client are the same as the settings on the AP.
Chapter 28 Troubleshooting 28.4 Wireless Router/AP Troubleshooting V I cannot access the ZyXEL Device or ping any computer from the WLAN. 1 Make sure the wireless LAN is enabled on the ZyXEL Device 2 Make sure the wireless adapter on the wireless station is working properly. 3 Make sure the wireless adapter (installed on your computer) is IEEE 802.11 compatible and supports the same wireless standard as the ZyXEL Device.
Chapter 28 Troubleshooting 276 ZyXEL NWA-3160 Series User’s Guide
CHAPTER 29 Product Specifications The following tables summarize the ZyXEL Device’s hardware and firmware features. Table 108 Hardware Specifications SPECIFICATION DESCRIPTION Dimensions 190x 135 x 40 mm Weight NWA-3160: 420g NWA-3163: 420g NWA-3165: 392g Power 12V DC, 1.5 A max. (There is no tolerance for the DC input voltage.) Ethernet Ports Auto-negotiating: 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode. Auto-crossover: Use either crossover or straight-through Ethernet cables.
Chapter 29 Product Specifications Table 108 Hardware Specifications SPECIFICATION DESCRIPTION Output Power NWA-3160: IEEE 802.11b/g 54Mbps: 16dBm 24Mbps: 17dBm 6Mbps: 18dBm 11Mpbs: 18dBm IEEE 802.11a 54Mbps: 12dBm 24Mbps: 12dBm 6Mbps: 14dBm 11Mpbs: 14dBm NWA-3163: IEEE 802.11b/g 54Mbps: 20dBm 24Mbps: 21dBm 11Mpbs: 23dBm 6Mbps: 23dBm NWA-3165: IEEE 802.11b Using single antenna: 13dBm Using three antennas: 17dBm IEEE 802.
Chapter 29 Product Specifications Table 108 Hardware Specifications SPECIFICATION DESCRIPTION Approvals EMC: FCC Class B, CE-EMC Class B, C-Tick Class B, Safety: CSA International, CE EN60950-1 Plenum Rating The ZyXEL Device’s housing is treated with fire-retardant chemicals. In the event of fire, plenum-rated materials burn more slowly and produce less smoke than non-plenum-rated materials, decreasing the quantity of toxic or asphyxiating material produced.
Chapter 29 Product Specifications Table 109 Firmware Specifications Wireless Association List With the wireless association list, you can see the list of the wireless stations that are currently using the ZyXEL Device to access your wired network. Logging and Tracing Built-in message logging and packet tracing. Embedded FTP and TFTP Servers The embedded FTP and TFTP servers enable fast firmware upgrades as well as configuration file backups and restoration.
Chapter 29 Product Specifications Figure 185 Wall-mounting Example The following are dimensions of an M4 tap screw and masonry plug used for wall mounting. All measurements are in millimeters (mm). Figure 186 Masonry Plug and M4 Tap Screw Power Adaptor Specifications Table 110 North American Plug Standards AC Power Adaptor Model ADS6818-1812-W 1215 Input Power 100~240 Volts AC, 50~60 Hz, 0.5 A Output Power 12 Volts DC, 1.
Chapter 29 Product Specifications Table 110 North American Plug Standards Power Consumption 6 W Max Safety Standards UL, CUL (UL60950 Third Edition, CSA C22.2 No. 60950) Table 111 European Plug Standards AC Power Adaptor Model ADS6818-1812-B 1215 Input Power 100~240 Volts AC, 50~60 Hz, 0.5 A Output Power 12 Volts DC, 1.
Chapter 29 Product Specifications Table 115 Power over Ethernet Injector RJ-45 Port Pin Assignments 12345678 1 Output Transmit Data + 2 Output Transmit Data - 3 Receive Data + 4 Power + 5 Power + 6 Receive Data - 7 Power - 8 Power - ZyXEL NWA-3160 Series User’s Guide 283
Chapter 29 Product Specifications 284 ZyXEL NWA-3160 Series User’s Guide
P ART IV Appendices and Index Setting up Your Computer’s IP Address (263) Wireless LANs (299) Pop-up Windows, JavaScripts and Java Permissions (313) IP Addresses and Subnetting (319) Text File Based Auto Configuration (327) Legal Information (335) Customer Support (339) Index (345) 285
APPENDIX A Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer. Windows 3.1 requires the purchase of a third-party TCP/IP application package.
Appendix A Setting up Your Computer’s IP Address Figure 187 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add. 2 Select Adapter and then click Add. 3 Select the manufacturer and model of your network adapter and then click OK.
Appendix A Setting up Your Computer’s IP Address Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • If your IP address is dynamic, select Obtain an IP address automatically. • If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields. Figure 188 Windows 95/98/Me: TCP/IP Properties: IP Address 3 Click the DNS Configuration tab.
Appendix A Setting up Your Computer’s IP Address Figure 189 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window. 6 Click OK to close the Network window. Insert the Windows CD if prompted.
Appendix A Setting up Your Computer’s IP Address Figure 190 Windows XP: Start Menu 2 For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Figure 191 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties.
Appendix A Setting up Your Computer’s IP Address Figure 192 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. Figure 193 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). • If you have a dynamic IP address click Obtain an IP address automatically.
Appendix A Setting up Your Computer’s IP Address Figure 194 Windows XP: Advanced TCP/IP Settings 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: • In the IP Settings tab, in IP addresses, click Add. • In TCP/IP Address, type an IP address in IP address and a subnet mask in Subnet mask, and then click Add.
Appendix A Setting up Your Computer’s IP Address If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. Figure 195 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click OK to close the Local Area Connection Properties window. 10 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings 1 Click Start, All Programs, Accessories and then Command Prompt.
Appendix A Setting up Your Computer’s IP Address Figure 196 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 197 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: • From the Configure box, select Manually.
Appendix A Setting up Your Computer’s IP Address • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. 5 Close the TCP/IP Control Panel. 6 Click Save if prompted, to save changes to your configuration. 7 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the TCP/IP Control Panel window.
Appendix A Setting up Your Computer’s IP Address Figure 199 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. 5 Click Apply Now and close the window. 6 Turn on your ZyXEL Device and restart your computer (if prompted).
Appendix A Setting up Your Computer’s IP Address 298 ZyXEL NWA-3160 Series User’s Guide
APPENDIX B Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS).
Appendix B Wireless LANs Figure 201 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood.
Appendix B Wireless LANs Figure 202 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference. Interference occurs when radio signals from different access points overlap causing interference and degrading performance.
Appendix B Wireless LANs Figure 203 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations. RTS/CTS is designed to prevent collisions due to hidden nodes.
Appendix B Wireless LANs If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Preamble Type Preamble is used to signal that data is coming to the receiver. Short and Long refer to the length of the synchronization field in a packet.
Appendix B Wireless LANs Wireless security methods available on the ZyXEL Device are data encryption, wireless client authentication, restricting access by device MAC address and hiding the ZyXEL Device identity. The following figure shows the relative effectiveness of these wireless security methods available on your ZyXEL Device.
Appendix B Wireless LANs Determines the network services available to authenticated users once they are connected to the network. • Accounting Keeps track of the client’s network activity. RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server.
Appendix B Wireless LANs For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner. EAP-MD5 (Message-Digest Algorithm 5) MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless client.
Appendix B Wireless LANs Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed. If this feature is enabled, it is not necessary to configure a default encryption key in the Wireless screen. You may still configure and store keys here, but they will not be used while Dynamic WEP is enabled.
Appendix B Wireless LANs Encryption Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. WPA and WPA2 use Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption than TKIP. TKIP uses 128-bit keys that are dynamically generated and distributed by the authentication server.
Appendix B Wireless LANs Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA. At the time of writing, the most widely available supplicant is the WPA patch for Windows XP, Funk Software's Odyssey client. The Windows XP patch is a free download that adds WPA capability to Windows XP's builtin "Zero Configuration" wireless client. However, you must run Windows XP to use it.
Appendix B Wireless LANs 4 The AP and wireless clients use the TKIP or AES encryption process to encrypt data exchanged between them. Figure 205 WPA(2)-PSK Authentication Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. MAC address filters are not dependent on how you configure these security features.
Appendix B Wireless LANs Antenna Characteristics Frequency An antenna in the frequency of 2.4GHz (IEEE 802.11b) or 5GHz(IEEE 802.11a) is needed to communicate efficiently in a wireless LAN. Radiation Pattern A radiation pattern is a diagram that allows you to visualize the shape of the antenna’s coverage area. Antenna Gain Antenna gain, measured in dB (decibel), is the increase in coverage within the RF beam width. Higher antenna gain improves the range of the signal for better communications.
Appendix B Wireless LANs For omni-directional antennas mounted on a table, desk, and so on, point the antenna up. For omni-directional antennas mounted on a wall or ceiling, point the antenna down. For a single AP application, place omni-directional antennas as close to the center of the coverage area as possible. For directional antennas, point the antenna in the direction of the desired coverage area.
APPENDIX C Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). " Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary. Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device.
Appendix C Pop-up Windows, JavaScripts and Java Permissions 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 207 Internet Options: Privacy 3 Click Apply to save this setting. Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab.
Appendix C Pop-up Windows, JavaScripts and Java Permissions Figure 208 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites.
Appendix C Pop-up Windows, JavaScripts and Java Permissions 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. 1 In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 210 Internet Options: Security 2 3 4 5 6 316 Click the Custom Level... button. Scroll down to Scripting.
Appendix C Pop-up Windows, JavaScripts and Java Permissions Figure 211 Security Settings - Java Scripting Java Permissions 1 2 3 4 5 From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM. Under Java permissions make sure that a safety level is selected. Click OK to close the window.
Appendix C Pop-up Windows, JavaScripts and Java Permissions JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for
APPENDIX D IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts. Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks.
Appendix D IP Addresses and Subnetting Figure 214 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation). The term “subnet” is short for “subnetwork”. A subnet mask has 32 bits.
Appendix D IP Addresses and Subnetting Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Table 121 Subnet Masks BINARY DECIMAL 1ST OCTET 2ND OCTET 3RD OCTET 4TH OCTET 8-bit mask 11111111 00000000 00000000 00000000 255.0.0.0 16-bit mask 11111111 11111111 00000000 00000000 255.255.0.0 24-bit mask 11111111 11111111 11111111 00000000 255.255.255.
Appendix D IP Addresses and Subnetting Table 123 Alternative Subnet Mask Notation (continued) SUBNET MASK ALTERNATIVE NOTATION LAST OCTET (BINARY) LAST OCTET (DECIMAL) 255.255.255.192 /26 1100 0000 192 255.255.255.224 /27 1110 0000 224 255.255.255.240 /28 1111 0000 240 255.255.255.248 /29 1111 1000 248 255.255.255.252 /30 1111 1100 252 Subnetting You can use subnetting to divide one network into multiple sub-networks.
Appendix D IP Addresses and Subnetting Figure 216 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 27 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address). 192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127 with mask 255.255.255.128 is its broadcast address.
Appendix D IP Addresses and Subnetting Table 125 Subnet 2 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 64 IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.64 Lowest Host ID: 192.168.1.65 Broadcast Address: 192.168.1.127 Highest Host ID: 192.168.1.126 Table 126 Subnet 3 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1.
Appendix D IP Addresses and Subnetting Table 128 Eight Subnets (continued) SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS 5 128 129 158 159 6 160 161 190 191 7 192 193 222 223 8 224 225 254 255 Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 129 24-bit Network Number Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 1 255.255.255.
Appendix D IP Addresses and Subnetting Table 130 16-bit Network Number Subnet Planning (continued) NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 14 255.255.255.252 (/30) 16384 2 15 255.255.255.254 (/31) 32768 1 Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
APPENDIX E Text File Based Auto Configuration This chapter describes how administrators can use text configuration files to configure the wireless LAN settings for multiple APs. Text File Based Auto Configuration Overview You can use plain text configuration files to configure the wireless LAN settings on multiple APs. The AP can automatically get a configuration file from a TFTP server at startup or after renewing DHCP client information.
Appendix E Text File Based Auto Configuration " If adjacent APs use the same configuration file, you should leave out the channel setting since they could interfere with each other’s wireless traffic. Auto Configuration by DHCP A DHCP response can use options 66 and 67 to assign a TFTP server IP address and a filename. If the AP is configured as a DHCP client, these settings can be used to perform auto configuration.
Appendix E Text File Based Auto Configuration Table 133 Configuration via SNMP STEPS MIB VARIABLE VALUE Step 3 pwTftpFileType Set to 3 (text configuration file). Step 4 pwTftpOpCommand Set to 2 (download). Verifying Your Configuration File Upload Via SNMP You can use SNMP management software to display the configuration file version currently on the device by using the following MIB. Table 134 Displaying the File Version ITEM OBJECT ID DESCRIPTION pwCfgVersion 1.3.6.1.4.1.890.1.9.1.
Appendix E Text File Based Auto Configuration If there are any errors while processing the configuration file, the AP generates a message with the line number and reason for the first error (subsequent errors during the processing of an individual configuration file are not recorded). You can use SNMP management software to display the message by using the following MIB. Table 136 Displaying the Auto Configuration Status ITEM OBJECT ID DESCRIPTION pwAutoCfgMessage 1.3.6.1.4.1.890.1.9.1.
Appendix E Text File Based Auto Configuration Figure 220 802.1X Configuration File Example !#ZYXEL PROWLAN !#VERSION 12 wcfg security 2 name Test-8021x wcfg security 2 mode 8021x-static128 wcfg security 2 wep key1 abcdefghijklm wcfg security 2 wep key2 bcdefghijklmn wcfg security 2 wep keyindex 1 wcfg security 2 reauthtime 1800 wcfg security 2 idletime 3600 wcfg security save wcfg radius 2 name radius-rd wcfg radius 2 primary 172.23.3.4 1812 1234 enable wcfg radius 2 backup 172.23.3.
Appendix E Text File Based Auto Configuration Figure 222 WPA Configuration File Example !#ZYXEL PROWLAN !#VERSION 14 wcfg security 4 name Test-wpa wcfg security 4 mode wpa wcfg security 4 reauthtime 1800 wcfg security 4 idletime 3600 wcfg security 4 groupkeytime 1800 wcfg security save wcfg radius 4 name radius-rd1 wcfg radius 4 primary 172.0.20.38 1812 20 enable wcfg radius 4 backup 172.0.20.
Appendix E Text File Based Auto Configuration Figure 223 Wlan Configuration File Example !#ZYXEL PROWLAN !#VERSION 15 wcfg ssid 1 name ssid-wep wcfg ssid 1 security Test-wep wcfg ssid 2 name ssid-8021x wcfg ssid 2 security Test-8021x wcfg ssid 2 radius radius-rd wcfg ssid 3 name ssid-wpapsk wcfg ssid 3 security Test-wpapsk wcfg ssid 4 name ssid-wpa2psk wcfg ssid 4 security Test-wpa2psk wcfg ssid save !line starting with '!' is comment !change to channel 8 wlan chid 8 !change operating mode -> AP mode, !the
Appendix E Text File Based Auto Configuration 334 ZyXEL NWA-3160 Series User’s Guide
APPENDIX F Legal Information Copyright Copyright © 2008 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
Appendix F Legal Information If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures: 1 Reorient or relocate the receiving antenna. 2 Increase the separation between the equipment and the receiver. 3 Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
Appendix F Legal Information Viewing Certifications 1 Go to http://www.zyxel.com. 2 Select your product on the ZyXEL home page to go to that product's page. 3 Select the certification you wish to view from this page. ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase.
Appendix F Legal Information 338 ZyXEL NWA-3160 Series User’s Guide
APPENDIX G Customer Support In the event of problems that cannot be solved by using this manual, you should contact your vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in which you bought the device. Regional offices are listed below (see also http:// www.zyxel.com/web/contact_us.php). Please have the following information ready when you contact an office. Required Information • • • • Product model and serial number. Warranty Information.
Appendix G Customer Support • Address: 1005F, ShengGao International Tower, No.137 XianXia Rd., Shanghai • Web: http://www.zyxel.cn Costa Rica • • • • • • Support E-mail: soporte@zyxel.co.cr Sales E-mail: sales@zyxel.co.cr Telephone: +506-2017878 Fax: +506-2015098 Web: www.zyxel.co.cr Regular Mail: ZyXEL Costa Rica, Plaza Roble Escazú, Etapa El Patio, Tercer Piso, San José, Costa Rica Czech Republic • • • • • E-mail: info@cz.zyxel.com Telephone: +420-241-091-350 Fax: +420-241-091-359 Web: www.zyxel.
Appendix G Customer Support Germany • • • • • • Support E-mail: support@zyxel.de Sales E-mail: sales@zyxel.de Telephone: +49-2405-6909-69 Fax: +49-2405-6909-99 Web: www.zyxel.de Regular Mail: ZyXEL Deutschland GmbH., Adenauerstr. 20/A2 D-52146, Wuerselen, Germany Hungary • • • • • • Support E-mail: support@zyxel.hu Sales E-mail: info@zyxel.hu Telephone: +36-1-3361649 Fax: +36-1-3259100 Web: www.zyxel.hu Regular Mail: ZyXEL Hungary, 48, Zoldlomb Str.
Appendix G Customer Support Malaysia • • • • • • Support E-mail: support@zyxel.com.my Sales E-mail: sales@zyxel.com.my Telephone: +603-8076-9933 Fax: +603-8076-9833 Web: http://www.zyxel.com.my Regular Mail: ZyXEL Malaysia Sdn Bhd., 1-02 & 1-03, Jalan Kenari 17F, Bandar Puchong Jaya, 47100 Puchong, Selangor Darul Ehsan, Malaysia North America • • • • • • • Support E-mail: support@zyxel.com Support Telephone: +1-800-978-7222 Sales E-mail: sales@zyxel.
Appendix G Customer Support Singapore • • • • • • Support E-mail: support@zyxel.com.sg Sales E-mail: sales@zyxel.com.sg Telephone: +65-6899-6678 Fax: +65-6899-8887 Web: http://www.zyxel.com.sg Regular Mail: ZyXEL Singapore Pte Ltd., No. 2 International Business Park, The Strategy #03-28, Singapore 609930 Spain • • • • • • Support E-mail: support@zyxel.es Sales E-mail: sales@zyxel.es Telephone: +34-902-195-420 Fax: +34-913-005-345 Web: www.zyxel.
Appendix G Customer Support Turkey • • • • • Support E-mail: cso@zyxel.com.tr Telephone: +90 212 222 55 22 Fax: +90-212-220-2526 Web: http:www.zyxel.com.tr Address: Kaptanpasa Mahallesi Piyalepasa Bulvari Ortadogu Plaza N:14/13 K:6 Okmeydani/Sisli Istanbul/Turkey Ukraine • • • • • • Support E-mail: support@ua.zyxel.com Sales E-mail: sales@ua.zyxel.com Telephone: +380-44-247-69-78 Fax: +380-44-494-49-32 Web: www.ua.zyxel.com Regular Mail: ZyXEL Ukraine, 13, Pimonenko Str.
Index Index A C access 34 access point 34 access privileges 36 address assignment 157 address filtering 33 administrator authentication on RADIUS 100 Advanced Encryption Standard See AES.
Index DiffServ 109 DiffServ Code Point (DSCP) 109 DiffServ Code Points 109 DiffServ marking rule 110 disclaimer 335 Distribution System 106 DS field 109 DSCPs 109 Dynamic Frequency Selection 112 dynamic WEP key exchange 307 H E IANA 326 IBSS 299 IEEE 802.11g 303 IEEE 802.
Index MAC address filter action 154 MAC filter 37, 123, 152 MAC filtering 279 MAC service data unit 94, 114, 115, 119, 141 main menu 241 maintenance 33 management 33 management AP 83 Management Information Base (MIB) 170 management VLAN 213 managing the device good habits 38 using FTP. See FTP. using Telnet. See command interface. using the command interface. See command interface.
Index 348 threshold 301, 302 RTS/CTS handshake 94, 114, 115, 119, 141 system name 99 system timeout 165, 269 S T safety warnings 6 screws 280 security 34 security profiles 33 server 33 Service Set 114, 116, 141 Service Set Identifier see SSID SMT 240 SMT menu overview 240 SNMP 169, 280 community 247 configuration 247 manager 170 MIBs 170 traps 171 trusted host 247 version 3 and security 172 Spanning Tree Protocol 110 specifications 282 SSID 36 hide SSID 123 SSID profile 143 pre-configured 37 SSID prof
Index W warranty 337 note 337 wcfg command 330 WDS 34, 36, 116 web 168 web configurator 33, 43, 45 WEP 33 WEP encryption 123, 130 Wi-Fi Multimedia QoS 107 Wi-Fi Protected Access 33, 307 wired network 33, 34 wireless channel 275 wireless client WPA supplicants 128, 309 Wireless Distribution System (WDS) 36 wireless Internet connection 34 wireless LAN 275 wireless security 36, 123, 275, 303 WLAN interference 301 security parameters 310 WLAN interface 34 WMM 145 WPA 33, 124, 307 key caching 308 pre-authentica
Index 350 ZyXEL NWA-3160 Series User’s Guide
