NWA5000/WAC6000 Series NWA5121-N / NWA5121-NI / NWA5123-NI / NWA5301-NJ / WAC6502D-E / WAC6502D-S / WAC6503D-S / WAC6553D-E / WAC6103D-I 802.11 a/b/g/n/ac Unified Access Point 802.11ac 同步雙頻整合式無線網路基地台 Version 4.21 Edition 1, 07/2015 Quick Start Guide User’s Guide Default Login Details LAN IP Address http://192.168.1.2 User Name admin Password 1234 www.zyxel.
IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. This is a User’s Guide for a series of products. Not all products support all firmware features. Screenshots and graphics in this book may differ slightly from your product due to differences in your product firmware or your computer operating system. Every effort has been made to ensure that the information in this manual is accurate.
Contents Overview Contents Overview User’s Guide .......................................................................................................................................10 Introduction ............................................................................................................................................. 11 The Web Configurator .............................................................................................................................
Table of Contents Table of Contents Contents Overview ..............................................................................................................................3 Table of Contents .................................................................................................................................4 Part I: User’s Guide ......................................................................................... 10 Chapter 1 Introduction...........................................
Table of Contents Part II: Technical Reference............................................................................ 40 Chapter 3 Dashboard ...........................................................................................................................................41 3.1 Overview ...........................................................................................................................................41 3.1.1 What You Can Do in this Chapter ..............................
Table of Contents 6.6 Technical Reference ..........................................................................................................................77 Chapter 7 User......................................................................................................................................................80 7.1 Overview ...........................................................................................................................................80 7.1.
Table of Contents Chapter 11 Certificates ........................................................................................................................................ 112 11.1 Overview ....................................................................................................................................... 112 11.1.1 What You Can Do in this Chapter ........................................................................................ 112 11.1.2 What You Need to Know .............
Table of Contents Chapter 13 Log and Report .................................................................................................................................154 13.1 Overview .......................................................................................................................................154 13.1.1 What You Can Do In this Chapter ........................................................................................154 13.2 Email Daily Report ..........................
Table of Contents 18.1 Overview .......................................................................................................................................185 18.1.1 What You Need To Know .....................................................................................................185 18.2 Reboot ...........................................................................................................................................185 Chapter 19 Shutdown...............................
P ART I User’s Guide 10
C HAPT ER 1 Introduction 1.1 Overview This User’s Guide covers the following models: NWA5121-N, NWA5121-NI, NWA5123-NI and NWA5301-NJ, WAC6502D-E, WAC6502D-S, WAC6503D-S, WAC6553D-E and WAC6103D-I. Your NWA/WAC is a wireless AP (Access Point). It extends the range of your existing wired network without additional wiring, providing easy network access to mobile users. Table 1 NWA Series Comparison Table FEATURES NWA5121-N NWA5121-NI NWA5123-NI NWA5301-NJ IEEE 802.11b IEEE 802.11g IEEE 802.
Chapter 1 Introduction Table 2 WAC Series Comparison Table FEATURES WAC6502D-E WAC6502D-S WAC6503D-S WAC6553D-E WAC6103D-I Available Security Modes None WEP WPA2 WPA2-MIX WPA2-PSK WPA2-PSK-MIX None WEP WPA2 WPA2-MIX WPA2-PSK WPA2-PSK-MIX None WEP WPA2 WPA2-MIX WPA2-PSK WPA2-PSK-MIX None WEP WPA2 WPA2-MIX WPA2-PSK WPA2-PSK-MIX None WEP WPA2 WPA2-MIX WPA2-PSK WPA2-PSK-MIX Number of SSID Profiles 32 32 32 32 32 Number of Wireless Radios 2 2 2 2 2 Monitor Mode & Rogue APs Detection Yes
Chapter 1 Introduction To set the NWA/WAC to be managed by an AP controller in a different subnet or change between management modes, use the AC (AP Controller) Discovery screen (see Section 5.4 on page 66). Table 3 NWA/WAC Management Mode Comparison MANAGEMENT MODE Standalone AP Managed AP DEFAULT IP ADDRESS UPLOAD FIRMWARE VIA Dynamic or Static (192.168.1.
Chapter 1 Introduction Figure 1 Multiple BSSs 1.1.3 Dual-Radio Some of the NWA/WAC models are equipped with dual wireless radios. This means you can configure two different wireless networks to operate simultaneously. Note: A different channel should be configured for each WLAN interface to reduce the effects of radio interference. You could use the 2.
Chapter 1 Introduction Figure 2 Dual-Radio Application 1.1.4 Root AP In Root AP mode, the NWA/WAC (Z) can act as the root AP in a wireless network and also allow repeaters (X and Y) to extend the range of its wireless network at the same time. In the figure below, both clients A, B and C can access the wired network through the root AP.
Chapter 1 Introduction use either SSID to associate with the NWA/WAC in Root AP mode. A repeater must use the repeater SSID to connect to the NWA/WAC in Root AP mode. When the NWA/WAC is in Root AP mode, repeater security between the NWA/WAC and other repeater is independent of the security between the wireless clients and the AP or repeater. When repeater security is enabled, both APs and repeaters must use the same pre-shared key. See Section 6.2 on page 69 and Section 10.2 on page 110 for more details.
Chapter 1 Introduction At the time of writing, repeater security is compatible with the NWA/WAC only. 1.2 Ways to Manage the NWA/WAC You can use the following ways to manage the NWA/WAC. Web Configurator The Web Configurator allows easy NWA/WAC setup and management using an Internet browser. This User’s Guide provides information about the Web Configurator. Command-Line Interface (CLI) The CLI allows you to use text-based commands to configure the NWA/WAC.
Chapter 1 Introduction 1.5 NWA5301-NJ Hardware 1.5.1 110 Punch-Down Block This section shows you how to use a punch-down tool to seat an 8-wire Ethernet cable to the 110 punch-down block. You can connect a PoE switch to the 110 punch-down block to provide power and Internet access to the NWA through this connection. An 8-pin Ethernet cable has four pairs of color coded wires. 1 Cut out one and a half inches of the jacket from the Ethernet cable to expose the wires.
Chapter 1 Introduction 5 Trim any excess wires. Place the dust caps over the terminated wires. 1.5.2 Phone Port Connect a digital telephone to the RJ-45 PHONE port at the bottom of the NWA to forward voice traffic to/from the telephone switchboard that is connected to the RJ-45 PHONE port on the back of the NWA. The NWA does not support VoIP (Voice over Internet Protocol) and the PHONE port is NOT for making calls over the regular networking network (PSTN), either. 1.5.
Chapter 1 Introduction For local management, you can use a computer with terminal emulation software configured to the following parameters: • VT100 terminal emulation • 115200 bps • No parity, 8 data bits, 1 stop bit • No flow control The following table shows you the wire color codes and pin assignment for the console cable. Table 5 RJ45-to-DB-9 Console Cable Color Codes RJ45 PIN# WIRE COLOR DB-9 PIN# 1 Black 1 7 Brown 2 2 Blue 3 8 Purple 5 1.
Chapter 1 Introduction 1.6.1 WAC6502D-E, WAC6502D-S, WAC6503D-S and WAC6553D-E The LEDs will stay ON when the WAC6500 Series is ready. You can change this setting in the Maintenance > LEDs > Suppression screen. Figure 5 WAC6500 Series LEDs The following table describes the LEDs. Table 6 WAC6500 Series LEDs LED COLOR STATUS DESCRIPTION PWR/SYS Red Slow Blinking (On for 1s, Off for 1s) The WAC is booting up. Green On Red Off Green On Red On The WAC is ready for use.
Chapter 1 Introduction Table 6 WAC6500 Series LEDs (continued) LED COLOR Management Green WLAN WLAN UPLINK Green Green Amber/ Green STATUS DESCRIPTION On The WAC AP is managed by a controller. Slow Blinking (blink for 3 times, Off for 3s) The WAC AP is searching (discovery) for a controller. Off The WAC AP is in standalone mode. On The 2.4 GHz WLAN is active. Blinking The 2.4 GHz WLAN is transmitting or receiving data. Off The 2.4 GHz WLAN is not active.
Chapter 1 Introduction Figure 6 WAC6103D-I LEDs The following table describes the LEDs. Table 7 WAC6103D-I LEDs LED COLOR STATUS DESCRIPTION PWR/SYS Red Slow Blinking (On for 1s, Off for 1s) The WAC is booting up. Green On Red Off Green On Red On Green Off Red Fast Blinking (on for 50ms, Off for 50ms) Green Off Red Slow Blinking (blink for 3 times, Off for 3s) Green Off Red Slow Blinking (blink for 2 times, Off for 3s) Green Off Management Green The WAC is ready for use.
Chapter 1 Introduction Table 7 WAC6103D-I LEDs (continued) LED COLOR STATUS DESCRIPTION WLAN Green On The antenna switch is set to “Ceiling” for the radio. The 2.4 GHz WLAN is active. Blinking The antenna switch is set to “Ceiling” for the radio. The 2.4 GHz WLAN is transmitting or receiving data. Amber On The antenna switch is set to “Wall” for the radio. The 2.4 GHz WLAN is active. Blinking The antenna switch is set to “Wall” for the radio. The 2.
Chapter 1 Introduction Figure 7 NWA5301-NJ LEDs The following are the LED descriptions for your NWA5301-NJ. Table 8 NWA5301-NJ LEDs LABEL COLOR STATUS DESCRIPTION PWR/SYS Amber Slow Blinking (On for 1s, Off for 1s) The NWA is booting up. Green On Amber Off Green On Amber Slow Blinking (blink for 3 times, Off for 3s) Green On Amber On PoE WLAN UPLINK LAN1-3 The NWA is ready for use.
Chapter 1 Introduction 1.6.4 NWA5121-N, NWA5121-NI, and NWA5123-NI The following are the LED descriptions for your NWA5120 series. Figure 8 NWA5120 Series LED Table 9 NWA5120 Series LED COLOR STATUS DESCRIPTION Amber Slow Blinking (On for 1s, Off for 1s) The NWA is booting up. Green Off Amber Off Green Off Amber Off The NWA is ready for use. The NWA’s wireless interface is activated.
Chapter 1 Introduction Table 9 NWA5120 Series LED (continued) COLOR STATUS DESCRIPTION Amber Slow Blinking (blink for 3 times, Off for 3s) The Uplink port is disconnected. Green Off Amber Slow Blinking (blink for 2 times, Off for 3s) Green Off The wireless LAN is disabled or fails. 1.7 Starting and Stopping the NWA/WAC Here are some of the ways to start and stop the NWA/WAC. Always use Maintenance > Shutdown or the shutdown command before you turn off the NWA/WAC or remove the power.
C HAPT ER 2 The Web Configurator 2.1 Overview The NWA/WAC Web Configurator allows easy management using an Internet browser. In order to use the Web Configurator, you must: • Use Internet Explorer 7.0 and later versions, Mozilla Firefox 9.0 and later versions, Safari 4.0 and later versions, or Google Chrome 10.0 and later versions. • Allow pop-up windows. • Enable JavaScript (enabled by default). • Enable Java permissions (enabled by default). • Enable cookies.
Chapter 2 The Web Configurator 4 Enter the user name (default: “admin”) and password (default: “1234”). 5 Click Login. If you logged in using the default user name and password, the Update Admin Info screen appears. Otherwise, the dashboard appears. The Update Admin Info screen appears every time you log in using the default user name and default password. If you change the password for the default user account, this screen does not appear anymore. 2.
Chapter 2 The Web Configurator Figure 9 The Web Configurator’s Main Screen A C B The Web Configurator’s main screen is divided into these parts: • A - Title Bar • B - Navigation Panel • C - Main Window 2.3.1 Title Bar The title bar provides some useful links that always appear over the screens below, regardless of how deep into the Web Configurator you navigate. Figure 10 Title Bar The icons provide the following functions.
Chapter 2 The Web Configurator About Click About to display basic information about the NWA/WAC. Figure 11 About The following table describes labels that can appear in this screen. Table 12 About LABEL DESCRIPTION Boot Module This shows the version number of the software that handles the booting process of the NWA/WAC. Current Version This shows the firmware version of the NWA/WAC. Released Date This shows the date (yyyy-mm-dd) and time (hh:mm:ss) when the firmware is released.
Chapter 2 The Web Configurator Figure 12 Site Map Object Reference Click Object Reference to open the Object Reference screen. Select the type of object and the individual object and click Refresh to show which configuration settings reference the object.
Chapter 2 The Web Configurator The fields vary with the type of object. The following table describes labels that can appear in this screen. Table 13 Object References LABEL DESCRIPTION Object Name This identifies the object for which the configuration settings that use it are displayed. Click the object’s name to display the object’s configuration screen in the main window. # This field is a sequential value, and it is not associated with any entry.
Chapter 2 The Web Configurator Figure 15 Navigation Panel Dashboard The dashboard displays general device information, system status, system resource usage, and interface status in widgets that you can re-arrange to suit your needs. For details on the Dashboard’s features, see Chapter 3 on page 41. Monitor Menu The monitor menu screens display status and statistics information.
Chapter 2 The Web Configurator Table 15 Configuration Menu Screens Summary (continued) FOLDER OR LINK TAB FUNCTION AP Management WLAN Setting Manage the NWA/WAC’s general wireless settings. MON Mode Rogue/Friendly AP List Configure how the NWA/WAC monitors for rogue APs. Load Balancing Load Balancing Configure load balancing for traffic moving to and from wireless clients. DCS DCS Configure dynamic wireless channel selection. User Create and manage users.
Chapter 2 The Web Configurator Table 16 Maintenance Menu Screens Summary (continued) FOLDER OR LINK TAB FUNCTION LEDs Suppression Enable this feature to keep the LEDs off after the NWA/WAC starts. Locator Enable this feature to see the actual location of the NWA/WAC between several devices in the network. Antenna Antenna Switch Change antenna orientation for the radios. Reboot Reboot Restart the NWA/WAC. Shutdown Shutdown Turn off the NWA/WAC. 2.3.
Chapter 2 The Web Configurator • Select which columns to display • Group entries by field • Show entries in groups • Filter by mathematical operators (<, >, or =) or searching for text. 3 Select a column heading cell’s right border and drag to re-size the column. 4 Select a column heading and drag and drop it to change the column order. A green check mark displays next to the column’s title when you drag the column to a valid new location.
Chapter 2 The Web Configurator 5 Use the icons and fields at the bottom of the table to navigate to different pages of entries and control how many entries display at a time. 2.3.4.2 Working with Table Entries The tables have icons for working with table entries. A sample is shown next. You can often use the [Shift] or [Ctrl] key to select multiple entries to remove, activate, or deactivate. Table 17 Common Table Icons Here are descriptions for the most common table icons.
Chapter 2 The Web Configurator Figure 17 Working with Lists NWA5000 / WAC6000 Series User’s Guide 39
P ART II Technical Reference 40
C HAPT ER 3 Dashboard 3.1 Overview Use the Dashboard screens to check status information about the NWA/WAC. 3.1.1 What You Can Do in this Chapter • The main Dashboard screen (Section 3.2 on page 41) displays the NWA/WAC’s general device information, system status, system resource usage, and interface status. You can also display other status screens for more information. 3.2 Dashboard This screen is the first thing you see when you log into the NWA/WAC.
Chapter 3 Dashboard Figure 18 Dashboard A B C D The following table describes the labels in this screen. Table 19 Dashboard LABEL DESCRIPTION Widget Settings (A) Use this link to re-open closed widgets. Widgets that are already open appear grayed out. Refresh Time Setting (B) Set the interval for refreshing the information displayed in the widget. Refresh Now (C) Click this to update the widget’s information immediately. Close Widget (D) Click this to close the widget.
Chapter 3 Dashboard Table 19 Dashboard (continued) LABEL DESCRIPTION System Resources CPU Usage This field displays what percentage of the NWA/WAC’s processing capability is currently being used. Hover your cursor over this field to display the Show CPU Usage icon that takes you to a chart of the NWA/WAC’s recent CPU usage. Memory Usage This field displays what percentage of the NWA/WAC’s RAM is currently being used.
Chapter 3 Dashboard Table 19 Dashboard (continued) LABEL Boot Status DESCRIPTION This field displays details about the NWA/WAC’s startup state. OK - The NWA/WAC started up successfully. Firmware update OK - A firmware update was successful. Problematic configuration after firmware update - The application of the configuration failed after a firmware upgrade. System default configuration - The NWA/WAC successfully applied the system default configuration.
Chapter 3 Dashboard Table 19 Dashboard (continued) LABEL Action DESCRIPTION If the interface has a static IP address, this shows n/a. If the interface has a dynamic IP address, use this field to get or to update the IP address for the interface. Click Renew to send a new DHCP request to a DHCP server. WLAN Interface Status Summary This displays status information for the WLAN interface. Status This displays whether or not the WLAN interface is activated.
Chapter 3 Dashboard The following table describes the labels in this screen. Table 20 Dashboard > CPU Usage LABEL DESCRIPTION % The y-axis represents the percentage of CPU usage. time The x-axis shows the time period over which the CPU usage occurred Refresh Interval Enter how often you want this window to be automatically updated. Refresh Now Click this to update the information in the window right away. 3.2.
C HAPT ER 4 Monitor 4.1 Overview Use the Monitor screens to check status and statistics information. 4.1.1 What You Can Do in this Chapter • The Network Status screen (Section 4.3 on page 48) displays general LAN interface information and packet statistics. • The Radio List screen (Section 4.4 on page 49) displays statistics about the wireless radio transmitters in the NWA/WAC. • The Station Info screen (Section 4.5 on page 52) displays statistics pertaining to the associated stations.
Chapter 4 Monitor 4.3 Network Status Use this screen to look at general Ethernet interface information and packet statistics. To access this screen, click Monitor > Network Status. Figure 21 Monitor > Network Status The following table describes the labels in this screen. Table 22 Monitor > Network Status LABEL DESCRIPTION Interface Summary Use the Interface Summary section for IPv4 network settings.
Chapter 4 Monitor Table 22 Monitor > Network Status (continued) LABEL DESCRIPTION Status This field displays the current status of the physical port. Down - The physical port is not connected. Speed / Duplex - The physical port is connected. This field displays the port speed and duplex setting (Full or Half). TxPkts This field displays the number of packets transmitted from the NWA/WAC on the physical port since it was last connected.
Chapter 4 Monitor Table 23 Monitor > Wireless > AP Information > Radio List (continued) LABEL DESCRIPTION Loading This indicates the AP’s load balance status (UnderLoad or OverLoad) when load balancing is enabled on the NWA/WAC. Otherwise, it shows - when load balancing is disabled or the radio is in monitor mode. MAC Address This displays the MAC address of the radio. Radio This indicates the radio number on the NWA/WAC to which it belongs. OP Mode This indicates the radio’s operating mode.
Chapter 4 Monitor Figure 23 Monitor > Wireless > AP Information > Radio List > More Information NWA5000 / WAC6000 Series User’s Guide 51
Chapter 4 Monitor The following table describes the labels in this screen. Table 24 Monitor > Wireless > AP Information > Radio List > More Information LABEL DESCRIPTION SSID Detail This list shows information about all the wireless clients that have connected to the specified radio over the preceding 24 hours. # This is the items sequential number in the list. It has no bearing on the actual data in this list. SSID Name This displays an SSID associated with this radio.
Chapter 4 Monitor The following table describes the labels in this screen. Table 25 Monitor > Wireless > Station Info LABEL DESCRIPTION # This is the station’s index number in this list. MAC Address This is the station’s MAC address. Radio This is the radio number on the NWA/WAC to which the station is connected. SSID Name This indicates the name of the wireless network to which the station is connected. A single AP can have multiple SSIDs or networks.
Chapter 4 Monitor The following table describes the labels in this screen. Table 26 Monitor > Wireless > WDS Link Info LABEL DESCRIPTION WDS Uplink Info Uplink refers to the WDS link from the repeaters to the root AP. WDS Downlink Info Downlink refers to the WDS link from the root AP to the repeaters. When the NWA/WAC is in root AP mode and connected to a repeater, only the downlink information is displayed.
Chapter 4 Monitor Figure 26 Monitor > Wireless > Detected Device The following table describes the labels in this screen. Table 27 Monitor > Wireless > Detected Device LABEL DESCRIPTION Mark as Rogue AP Click this button to mark the selected AP as a rogue AP. A rogue AP can be contained in the Configuration > Wireless > MON Mode screen (Section 6.3 on page 72). Mark as Friendly AP Click this button to mark the selected AP as a friendly AP.
Chapter 4 Monitor To access this screen, click Monitor > Log. The log is displayed in the following screen. Note: When a log reaches the maximum number of log messages, new log messages automatically overwrite existing log messages, starting with the oldest existing log message first. Events that generate an alert (as well as a log message) display in red. Regular logs display in black. Click a column’s heading cell to sort the table entries by that column’s criteria.
Chapter 4 Monitor The following table describes the labels in this screen. Table 28 Monitor > Log > View Log LABEL DESCRIPTION Show Filter / Hide Filter Click this button to show or hide the filter settings. If the filter settings are hidden, the Display, Email Log Now, Refresh, and Clear Log fields are available. If the filter settings are shown, the Display, Priority, Source Address, Destination Address, Source Interface, Destination Interface, Protocol, Keyword, and Search fields are available.
Chapter 4 Monitor Table 28 Monitor > Log > View Log (continued) LABEL DESCRIPTION Destination Interface This field displays the destination interface of the packet that generated the log message. Protocol This field displays the service protocol in the event that generated the log message. Note This field displays any additional information about the log message. The Web Configurator saves the filter settings if you leave the View Log screen and return to it later.
C HAPT ER 5 Network 5.1 Overview This chapter describes how you can configure the management IP address and VLAN settings of your NWA/WAC. The Internet Protocol (IP) address identifies a device on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts. Figure 28 IP Setup The figure above illustrates one possible setup of your NWA/WAC. The gateway IP address is 192.
Chapter 5 Network Figure 29 CAPWAP Network Example Note: The NWA/WAC can be a standalone AP (default), or a CAPWAP managed AP. CAPWAP Discovery and Management The link between CAPWAP-enabled access points proceeds as follows: 1 An AP in managed AP mode joins a wired network (receives a dynamic IP address). 2 The AP sends out a discovery request, looking for a CAPWAP AP controller. 3 If there is an AP controller on the network, it receives the discovery request.
Chapter 5 Network CAPWAP and IP Subnets By default, CAPWAP works only between devices with IP addresses in the same subnet. However, you can configure CAPWAP to operate between devices with IP addresses in different subnets by doing the following. • Activate DHCP. Your network’s DHCP server must support option 138 defined in RFC 5415. • Configure DHCP option 138 with the IP address of the CAPWAP AP controller on your network.
Chapter 5 Network 5.2 IP Setting Use this screen to configure the IP address for your NWA/WAC. To access this screen, click Configuration > Network > IP Setting. Figure 31 Configuration > Network > IP Setting (Retake screenshot) Each field is described in the following table.
Chapter 5 Network Table 29 Configuration > Network > IP Setting (continued) LABEL DNS Server IP Address DESCRIPTION Enter the IP address of the DNS server. IPv6 Address Assignment Enable Stateless Address Autoconfiguration (SLAAC) Select this to enable IPv6 stateless auto-configuration on the NWA/WAC. The NWA/WAC will generate an IPv6 address itself from a prefix obtained from an IPv6 router in the network.
Chapter 5 Network Figure 32 Management VLAN Setup B A In the figure above, to access and manage the NWA/WAC from computer A, the NWA/WAC and switch B’s ports to which computer A and the NWA/WAC are connected should be in the same VLAN. A Virtual Local Area Network (VLAN) allows a physical network to be partitioned into multiple logical networks. Devices on a logical network belong to one group. A device can belong to more than one group.
Chapter 5 Network Figure 33 Configuration > Network > VLAN Each field is described in the following table. Table 30 Configuration > Network > VLAN LABEL DESCRIPTION VLAN Settings Management VLAN ID Enter a VLAN ID for the NWA/WAC. As Native VLAN Select this option to treat this VLAN ID as a VLAN created on the NWA/WAC and not one assigned to it from outside the network.
Chapter 5 Network Table 30 Configuration > Network > VLAN (continued) LABEL DESCRIPTION Edit Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings. In some tables you can just click a table entry and edit it directly in the table. For those types of tables small red triangles display for table entries with changes that you have not yet applied. Remove To remove an entry, select it and click Remove.
Chapter 5 Network Figure 34 Configuration > Network > AC Discovery Each field is described in the following table. Table 31 Configuration > Network > AC Discovery LABEL DESCRIPTION Discovery Setting Auto Select this option to use DHCP option 138/DNS SRV record/Broadcast to get the AP controller’s IP address. Manual Select this option and enter the IP address of the AP controller manually. This is necessary when the AP Controller is not in the same subnet and you want it to manage the NWA/WAC.
C HAPT ER 6 Wireless 6.1 Overview This chapter discusses how to configure the wireless network settings in your NWA/WAC. The following figure provides an example of a wireless network. Figure 35 Example of a Wireless Network The wireless network is the part in the blue circle. In this wireless network, devices A and B are called wireless clients. The wireless clients use the access point (AP) to interact with other devices (such as the printer) or with the Internet. Your NWA/WAC is the AP. 6.1.
Chapter 6 Wireless 6.1.2 What You Need to Know The following terms and concepts may help as you read this chapter. Station / Wireless Client A station or wireless client is any wireless-capable device that can connect to an AP using a wireless signal.
Chapter 6 Wireless Figure 36 Configuration > Wireless > AP Management Each field is described in the following table. Table 32 Configuration > Wireless > AP Management LABEL DESCRIPTION Radio 1 Setting Radio 1 Activate Select the check box to enable the NWA/WAC’s first (default) radio.
Chapter 6 Wireless Table 32 Configuration > Wireless > AP Management (continued) LABEL DESCRIPTION Radio 1 OP Mode Select the operating mode for radio 1. AP Mode means the radio can receive connections from wireless clients and pass their data traffic through to the NWA/WAC to be managed (or subsequently passed on to an upstream gateway for managing).
Chapter 6 Wireless Table 32 Configuration > Wireless > AP Management (continued) LABEL DESCRIPTION Radio 2 OP Mode This displays if the NWA/WAC has a second radio. Select the operating mode for radio 2. AP Mode means the radio can receive connections from wireless clients and pass their data traffic through to the NWA/WAC to be managed (or subsequently passed on to an upstream gateway for managing).
Chapter 6 Wireless Click Configuration > Wireless > MON Mode to access this screen. Figure 37 Configuration > Wireless > MON Mode Each field is described in the following table. Table 33 Configuration > Wireless > MON Mode LABEL DESCRIPTION Rogue/Friendly AP List Add Click this button to add an AP to the list and assign it either friendly or rogue status. Edit Select an AP in the list to edit and reassign its status. Remove Select an AP in the list to remove.
Chapter 6 Wireless 6.3.1 Add/Edit Rogue/Friendly List Click Add or select an AP and click the Edit button in the Configuration > Wireless > MON Mode table to display this screen. Figure 38 Configuration > Wireless > MON Mode > Add/Edit Rogue/Friendly AP List Each field is described in the following table. Table 34 Configuration > Wireless > MON Mode > Add/Edit Rogue/Friendly AP List LABEL DESCRIPTION MAC Enter the MAC address of the AP you want to add to the list.
Chapter 6 Wireless Each field is described in the following table. Table 35 Configuration > Wireless > Load Balancing LABEL DESCRIPTION Enable Load Balancing Select this to enable load balancing on the NWA/WAC. Mode Select a mode by which load balancing is carried out. Use this section to configure wireless network traffic load balancing between the managd APs in this group. Select By Station Number to balance network traffic based on the number of specified stations connected to the NWA/WAC.
Chapter 6 Wireless 6.4.1 Disassociating and Delaying Connections When your AP becomes overloaded, there are two basic responses it can take. The first one is to “delay” a client connection. This means that the AP withholds the connection until the data transfer throughput is lowered or the client connection is picked up by another AP. If the client is picked up by another AP then the original AP cannot resume the connection. For example, here the AP has a balanced bandwidth allotment of 6 Mbps.
Chapter 6 Wireless 6.5 DCS Use this screen to configure dynamic radio channel selection. Click Configuration > Wireless > DCS to access this screen. Figure 42 Configuration > Wireless > DCS Each field is described in the following table. Table 36 Configuration > Wireless > DCS LABEL DESCRIPTION Select Now Click this to have the NWA/WAC scan for and select an available channel immediately. Apply Click Apply to save your changes back to the NWA/WAC.
Chapter 6 Wireless Figure 43 An Example Three-Channel Deployment Three channels are situated in such a way as to create almost no interference with one another if used exclusively: 1, 6 and 11. When an AP broadcasts on any of these three channels, it should not interfere with neighboring APs as long as they are also limited to same trio.
Chapter 6 Wireless There are three kinds of wireless load balancing available on the NWA/WAC: Load balancing by station number limits the number of devices allowed to connect to your AP. If you know exactly how many stations you want to let connect, choose this option. For example, if your company’s graphic design team has their own AP and they have 10 computers, you can load balance for 10.
C HAPT ER 7 User 7.1 Overview This chapter describes how to set up user accounts and user settings for the NWA/WAC. 7.1.1 What You Can Do in this Chapter • The User screen (see Section 7.2 on page 81) provides a summary of all user accounts. • The Setting screen (see Section 7.3 on page 83) controls default settings, login settings, lockout settings, and other user settings for the NWA/WAC. 7.1.2 What You Need To Know The following terms and concepts may help as you read this chapter.
Chapter 7 User 7.2 User Summary The User screen provides a summary of all user accounts. To access this screen click Configuration > Object > User. Figure 46 Configuration > Object > User The following table describes the labels in this screen. Table 38 Configuration > Object > User LABEL DESCRIPTION Add Click this to create a new entry. Edit Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings.
Chapter 7 User • Alphanumeric A-z 0-9 (there is no unicode support) • _ [underscores] • - [dashes] The first character must be alphabetical (A-Z a-z), an underscore (_), or a dash (-). Other limitations on user names are: • User names are case-sensitive. If you enter a user 'bob' but use 'BOB' when connecting via CIFS or FTP, it will use the account settings used for 'BOB' not ‘bob’. • User names have to be different than user group names.
Chapter 7 User The following table describes the labels in this screen. Table 39 Configuration > User > User > Add/Edit A User LABEL DESCRIPTION User Name Type the user name for this user account. You may use 1-31 alphanumeric characters, underscores(_), or dashes (-), but the first character cannot be a number. This value is case-sensitive. User names have to be different than user group names, and some words are reserved. User Type Select what type of user this is.
Chapter 7 User Figure 48 Configuration > Object > User > Setting The following table describes the labels in this screen. Table 40 Configuration > Object > User > Setting LABEL DESCRIPTION User Default Setting Default Authentication Timeout Settings These authentication timeout settings are used by default when you create a new user account. They also control the settings for any existing user accounts that are set to use the default settings.
Chapter 7 User Table 40 Configuration > Object > User > Setting (continued) LABEL DESCRIPTION Reauthentication Time This is the default reauthentication time in minutes for each type of user account. It defines the number of minutes the user can be logged into the NWA/WAC in one session before having to log in again. Unlike Lease Time, the user has no opportunity to renew the session without logging out.
Chapter 7 User The following table describes the labels in this screen. Table 41 User > Setting > Edit User Authentication Timeout Settings LABEL DESCRIPTION User Type This read-only field identifies the type of user account for which you are configuring the default settings. • • Lease Time admin - this user can look at and change the configuration of the NWA/WAC. limited-admin - this user can look at the configuration of the NWA/WAC but not to change it.
C HAPT ER 8 AP Profile 8.1 Overview This chapter shows you how to configure preset profiles for the NWA/WAC. 8.1.1 What You Can Do in this Chapter • The Radio screen (Section 8.2 on page 88) creates radio configurations that can be used by the APs. • The SSID screen (Section 8.3 on page 93) configures three different types of profiles for your networked APs. 8.1.2 What You Need To Know The following terms and concepts may help as you read this chapter.
Chapter 8 AP Profile WEP WEP (Wired Equivalent Privacy) encryption scrambles all data packets transmitted between the AP and the wireless stations associated with it in order to keep network communications private. Both the wireless stations and the access points must use the same WEP key for data encryption and decryption. WPA2 WPA2 (IEEE 802.11i) is a wireless security standard that defines stronger encryption, authentication and key management than WPA.
Chapter 8 AP Profile Table 42 Configuration > Object > AP Profile > Radio (continued) LABEL DESCRIPTION Inactivate To turn off an entry, select it and click Inactivate. Object Reference Click this to view which other objects are linked to the selected radio profile. # This field is a sequential value, and it is not associated with a specific user. Status This field shows whether or not the entry is activated. A yellow bulb signifies that this rule is active.
Chapter 8 AP Profile Figure 51 Configuration > Object > AP Profile > Add/Edit Profile The following table describes the labels in this screen. Table 43 Configuration > Object > AP Profile > Add/Edit Profile LABEL DESCRIPTION Hide / Show Advanced Settings Click this to hide or show the Advanced Settings in this window. General Settings Activate Select this option to make this profile active. Profile Name Enter up to 31 alphanumeric characters to be used as this profile’s name.
Chapter 8 AP Profile Table 43 Configuration > Object > AP Profile > Add/Edit Profile (continued) LABEL 802.11 Band DESCRIPTION Select the wireless band which this radio profile should use. Not all NWA/WACs support both 2.4 GHz and 5 GHz frequency bands. 2.4 GHz is the frequency used by IEEE 802.11b/g/n wireless clients. 5 GHz is the frequency used by IEEE 802.11ac/a/n wireless clients. If you set 802.11 Band to 2.4G, you can select from the following: • • b/g: allows either IEEE 802.11b or IEEE 802.
Chapter 8 AP Profile Table 43 Configuration > Object > AP Profile > Add/Edit Profile (continued) LABEL 2.4 GHz Channel Deployment DESCRIPTION This is available when the 2.4 GHz Channel Selection Method is set to auto. Select Three-Channel Deployment to limit channel switching to channels 1,6, and 11, the three channels that are sufficiently attenuated to have almost no impact on one another.
Chapter 8 AP Profile Table 43 Configuration > Object > AP Profile > Add/Edit Profile (continued) LABEL DESCRIPTION DTIM Delivery Traffic Indication Message (DTIM) is the time period after which broadcast and multicast packets are transmitted to mobile clients in the Active Power Management mode. A high DTIM value can cause clients to lose connectivity with the network. This value can be set from 1 to 255.
Chapter 8 AP Profile client can connect. The SSID appears as readable text to any device capable of scanning for wireless frequencies (such as the WiFi adapter in a laptop), and is displayed as the wireless network name when a person makes a connection to it. To access this screen click Configuration > Object > AP Profile > SSID. Note: You can have a maximum of 32 SSID profiles on the NWA/WAC.
Chapter 8 AP Profile Figure 53 Configuration > Object > AP Profile > Add/Edit SSID Profile The following table describes the labels in this screen. Table 45 Configuration > Object > AP Profile > Add/Edit SSID Profile LABEL DESCRIPTION Create new Object Select an object type from the list to create a new one associated with this SSID profile. Profile Name Enter up to 31 alphanumeric characters for the profile name. This name is only visible in the Web Configurator and is only for management purposes.
Chapter 8 AP Profile Table 45 Configuration > Object > AP Profile > Add/Edit SSID Profile (continued) LABEL DESCRIPTION QoS Select a Quality of Service (QoS) access category to associate with this SSID. Access categories minimize the delay of data packets across a wireless network. Certain categories, such as video or voice, are given a higher priority due to the time sensitive nature of their data packets. QoS access categories are as follows: disable: Turns off QoS for this SSID.
Chapter 8 AP Profile Figure 54 Configuration > Object > AP Profile > SSID > Security List The following table describes the labels in this screen. Table 46 Configuration > Object > AP Profile > SSID > Security List LABEL DESCRIPTION Add Click this to add a new security profile. Edit Click this to edit the selected security profile. Remove Click this to remove the selected security profile.
Chapter 8 AP Profile Figure 55 SSID > Security Profile > Add/Edit Security Profile NWA5000 / WAC6000 Series User’s Guide 98
Chapter 8 AP Profile The following table describes the labels in this screen. Table 47 SSID > Security Profile > Add/Edit Security Profile LABEL DESCRIPTION Profile Name Enter up to 31 alphanumeric characters for the profile name. This name is only visible in the Web Configurator and is only for management purposes. Spaces and underscores are allowed. Security Mode Select a security mode from the list: none, wep, wpa2, or wpa2-mix.
Chapter 8 AP Profile Table 47 SSID > Security Profile > Add/Edit Security Profile (continued) LABEL DESCRIPTION Key Length Select the bit-length of the encryption key to be used in WEP connections. If you select WEP-64: • Enter 10 hexadecimal digits in the range of “A-F”, “a-f” and “0-9” (for example, 0x11AA22BB33) for each Key used. or • Enter 5 ASCII characters (case sensitive) ranging from “a-z”, “A-Z” and “0-9” (for example, MyKey) for each Key used.
Chapter 8 AP Profile 8.5 MAC Filter List This screen allows you to create and manage security configurations that can be used by your SSIDs. To access this screen click Configuration > Object > AP Profile > SSID > MAC Filter List. Note: You can have a maximum of 32 MAC filtering profiles on the NWA/WAC. Figure 56 Configuration > Object > AP Profile > SSID > MAC Filter List The following table describes the labels in this screen.
Chapter 8 AP Profile Figure 57 SSID > MAC Filter List > Add/Edit MAC Filter Profile The following table describes the labels in this screen. Table 49 SSID > MAC Filter List > Add/Edit MAC Filter Profile LABEL DESCRIPTION Profile Name Enter up to 31 alphanumeric characters for the profile name. This name is only visible in the Web Configurator and is only for management purposes. Spaces and underscores are allowed.
Chapter 8 AP Profile In the following example, layer-2 isolation is enabled on the NWA/WAC to allow a guest wireless client (A) to access the main network router (B). The router provides access to the Internet and the network printer (C) while preventing the client from accessing other computers and servers on the network. The client can communicate with other wireless clients only if Intra-BSS Traffic blocking is disabled. Note: Intra-BSS Traffic Blocking is activated when you enable layer-2 isolation.
Chapter 8 AP Profile Table 50 Configuration > Object > AP Profile > SSID > Layer-2 Isolation List (continued) LABEL DESCRIPTION Object Reference Click this to view which other objects are linked to the selected MAC filtering profile (for example, SSID profile). # This field is a sequential value, and it is not associated with a specific user. Profile Name This field indicates the name assigned to the layer-2 isolation profile. 8.6.
Chapter 8 AP Profile Table 51 SSID > MAC Filter List > Add/Edit Layer-2 Isolation Profile (continued) LABEL DESCRIPTION Description This field displays a description for the MAC address associated with this profile. You can click the description to make it editable. Enter up to 60 characters, spaces and underscores allowed. OK Click OK to save your changes back to the NWA/WAC. Cancel Click Cancel to exit this screen without saving your changes.
C HAPT ER 9 MON Profile 9.1 Overview This screen allows you to set up monitor mode configurations that allow your NWA/WAC to scan for other wireless devices in the vicinity. Once detected, you can use the Wireless > MON Mode screen (Section 6.3 on page 72) to classify them as either rogue or friendly. Not all NWA/WACs support monitor mode and rogue APs detection. 9.1.1 What You Can Do in this Chapter The MON Profile screen (Section 9.
Chapter 9 MON Profile Table 52 Configuration > Object > MON Profile (continued) LABEL DESCRIPTION Activate To turn on an entry, select it and click Activate. Inactivate To turn off an entry, select it and click Inactivate. Object Reference Click this to view which other objects are linked to the selected monitor mode profile (for example, an AP management profile). # This field is a sequential value, and it is not associated with a specific profile.
Chapter 9 MON Profile The following table describes the labels in this screen. Table 53 Configuration > Object > MON Profile > Add/Edit MON Profile LABEL DESCRIPTION Activate Select this to activate this monitor mode profile. Profile Name This field indicates the name assigned to the monitor mode profile. Channel dwell time Enter the interval (in milliseconds) before the NWA/WAC switches to another channel for monitoring.
Chapter 9 MON Profile Figure 63 Rogue AP Example X A RG C B In the example above, a corporate network’s security is compromised by a rogue AP (RG) set up by an employee at his workstation in order to allow him to connect his notebook computer wirelessly (A). The company’s legitimate wireless network (the dashed ellipse B) is well-secured, but the rogue AP uses inferior security that is easily broken by an attacker (X) running readily available encryption-cracking software.
C HAPTER 10 WDS Profile 10.1 Overview This chapter shows you how to configure WDS (Wireless Disbribution System) profiles for the NWA/ WAC to form a WDS with other APs. 10.1.1 What You Can Do in this Chapter The WDS Profile screen (Section 10.2 on page 110) creates preset WDS configurations that can be used by the NWA/WAC. 10.2 WDS Profile This screen allows you to manage and create WDS profiles that can be used by the APs. To access this screen, click Configuration > Object > WDS Profile.
Chapter 10 WDS Profile 10.2.1 Add/Edit WDS Profile This screen allows you to create a new WDS profile or edit an existing one. To access this screen, click the Add button or select and existing profile and click the Edit button. Figure 65 Configuration > Object > WDS Profile > Add/Edit WDS Profile The following table describes the labels in this screen.
C HAPTER 11 Certificates 11.1 Overview The NWA/WAC can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication. 11.1.1 What You Can Do in this Chapter • The My Certificate screens (Section 11.
Chapter 11 Certificates 5 Additionally, Jenny uses her own private key to sign a message and Tim uses Jenny’s public key to verify the message. The NWA/WAC uses certificates based on public-key cryptology to authenticate users attempting to establish a connection, not to encrypt the data that you send after establishing a connection. The method used to secure the data that you send through an established connection depends on the type of connection.
Chapter 11 Certificates • Binary PKCS#12: This is a format for transferring public key and private key certificates.The private key in a PKCS #12 file is within a password-encrypted envelope. The file’s password is not connected to your certificate’s public or private passwords. Exporting a PKCS #12 file creates this and you must provide it to decrypt the contents when you import the file into the NWA/WAC. Note: Be careful not to convert a binary file to text during the transfer process.
Chapter 11 Certificates 11.2 My Certificates Click Configuration > Object > Certificate > My Certificates to open this screen. This is the NWA/WAC’s summary list of certificates and certification requests. Figure 66 Configuration > Object > Certificate > My Certificates The following table describes the labels in this screen.
Chapter 11 Certificates Table 56 Configuration > Object > Certificate > My Certificates (continued) LABEL DESCRIPTION Subject This field displays identifying information about the certificate’s owner, such as CN (Common Name), OU (Organizational Unit or department), O (Organization or company) and C (Country). It is recommended that each certificate have unique subject information.
Chapter 11 Certificates Figure 67 Configuration > Object > Certificate > My Certificates > Add NWA5000 / WAC6000 Series User’s Guide 117
Chapter 11 Certificates The following table describes the labels in this screen. Table 57 Configuration > Object > Certificate > My Certificates > Add LABEL DESCRIPTION Name Type a name to identify this certificate. You can use up to 31 alphanumeric and ;‘~!@#$%^&()_+[]{}’,.=- characters. Subject Information Use these fields to record information that identifies the owner of the certificate.
Chapter 11 Certificates Table 57 Configuration > Object > Certificate > My Certificates > Add (continued) LABEL DESCRIPTION Create a certification request and enroll for a certificate immediately online Select this to have the NWA/WAC generate a request for a certificate and apply to a certification authority for a certificate. You must have the certification authority’s certificate already imported in the Trusted Certificates screen.
Chapter 11 Certificates 11.2.2 Edit My Certificates Click Configuration > Object > Certificate > My Certificates and then the Edit icon to open the My Certificate Edit screen. You can use this screen to view in-depth certificate information and change the certificate’s name.
Chapter 11 Certificates The following table describes the labels in this screen. Table 58 Configuration > Object > Certificate > My Certificates > Edit LABEL DESCRIPTION Name This field displays the identifying name of this certificate. You can use up to 31 alphanumeric and ;‘~!@#$%^&()_+[]{}’,.=- characters. Certification Path This field displays for a certificate, not a certification request.
Chapter 11 Certificates Table 58 Configuration > Object > Certificate > My Certificates > Edit LABEL DESCRIPTION Basic Constraint This field displays general information about the certificate. For example, Subject Type=CA means that this is a certification authority’s certificate and “Path Length Constraint=1” means that there can only be one certification authority in the certificate’s path. This field does not display for a certification request.
Chapter 11 Certificates Figure 69 Configuration > Object > Certificate > My Certificates > Import The following table describes the labels in this screen. Table 59 Configuration > Object > Certificate > My Certificates > Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it. You cannot import a certificate with the same name as a certificate that is already in the NWA/ WAC.
Chapter 11 Certificates Figure 70 Configuration > Object > Certificate > Trusted Certificates The following table describes the labels in this screen. Table 60 Configuration > Object > Certificate > Trusted Certificates LABEL DESCRIPTION PKI Storage Space in Use This bar displays the percentage of the NWA/WAC’s PKI storage space that is currently in use. When the storage space is almost full, you should consider deleting expired or unnecessary certificates before adding more certificates.
Chapter 11 Certificates 11.3.1 Edit Trusted Certificates Click Configuration > Object > Certificate > Trusted Certificates and then a certificate’s Edit icon to open the Trusted Certificates Edit screen. Use this screen to view in-depth information about the certificate, change the certificate’s name and set whether or not you want the NWA/WAC to check a certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority.
Chapter 11 Certificates The following table describes the labels in this screen. Table 61 Configuration > Object > Certificate > Trusted Certificates > Edit LABEL DESCRIPTION Name This field displays the identifying name of this certificate. You can change the name. You can use up to 31 alphanumeric and ;‘~!@#$%^&()_+[]{}’,.=- characters.
Chapter 11 Certificates Table 61 Configuration > Object > Certificate > Trusted Certificates > Edit (continued) LABEL DESCRIPTION Signature Algorithm This field displays the type of algorithm that was used to sign the certificate. Some certification authorities use rsa-pkcs1-sha1 (RSA public-private key encryption algorithm and the SHA1 hash algorithm). Other certification authorities may use rsapkcs1-md5 (RSA public-private key encryption algorithm and the MD5 hash algorithm).
Chapter 11 Certificates Figure 72 Configuration > Object > Certificate > Trusted Certificates > Import The following table describes the labels in this screen. Table 62 Configuration > Object > Certificate > Trusted Certificates > Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it. You cannot import a certificate with the same name as a certificate that is already in the NWA/ WAC.
C HAPTER 12 System 12.1 Overview Use the system screens to configure general NWA/WAC settings. 12.1.1 What You Can Do in this Chapter • The Host Name screen (Section 12.2 on page 129) configures a unique name for the NWA/WAC in your network. • The Date/Time screen (Section 12.3 on page 130) configures the date and time for the NWA/ WAC. • The WWW screens (Section 12.4 on page 133) configure settings for HTTP or HTTPS access to the NWA/WAC. • The SSH screen (Section 12.
Chapter 12 System The following table describes the labels in this screen. Table 63 Configuration > System > Host Name LABEL DESCRIPTION System Name Choose a descriptive name to identify your NWA/WAC device. This name can be up to 64 alphanumeric characters long. Spaces are not allowed, but dashes (-) underscores (_) and periods (.) are accepted. Domain Name Enter the domain name (if you know it) here. This name is propagated to DHCP clients connected to interfaces with the DHCP server enabled.
Chapter 12 System The following table describes the labels in this screen. Table 64 Configuration > System > Date/Time LABEL DESCRIPTION Current Time and Date Current Time This field displays the present time of your NWA/WAC. Current Date This field displays the present date of your NWA/WAC. Time and Date Setup Manual Select this radio button to enter the time and date manually.
Chapter 12 System Table 64 Configuration > System > Date/Time (continued) LABEL DESCRIPTION End Date Configure the day and time when Daylight Saving Time ends if you selected Enable Daylight Saving. The at field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the first Sunday of November. Each time zone in the United States stops using Daylight Saving Time at 2 A.M. local time.
Chapter 12 System The Current Time and Current Date fields will display the appropriate settings if the synchronization is successful. If the synchronization was not successful, a log displays in the View Log screen. Try re-configuring the Date/Time screen. To manually set the NWA/WAC date and time: 1 Click System > Date/Time. 2 Select Manual under Time and Date Setup. 3 Enter the NWA/WAC’s time in the New Time field. 4 Enter the NWA/WAC’s date in the New Date field.
Chapter 12 System Figure 76 Secure and Insecure Service Access From the WAN 12.4.1 Service Access Limitations A service cannot be used to access the NWA/WAC when you have disabled that service in the corresponding screen. 12.4.2 System Timeout There is a lease timeout for administrators. The NWA/WAC automatically logs you out if the management session remains idle for longer than this timeout period. The management session does not time out when a statistics screen is polling.
Chapter 12 System certificate. You must apply for a certificate for the browser from a CA that is a trusted CA on the NWA/WAC. Please refer to the following figure. 1 HTTPS connection requests from an SSL-aware web browser go to port 443 (by default) on the NWA/WAC’s web server. 2 HTTP connection requests from a web browser go to port 80 (by default) on the NWA/WAC’s web server.
Chapter 12 System The following table describes the labels in this screen. Table 66 Configuration > System > WWW > Service Control LABEL DESCRIPTION HTTPS Enable Select the check box to allow or disallow the computer with the IP address that matches the IP address(es) in the Service Control table to access the NWA/WAC Web Configurator using secure HTTPs connections. Server Port The HTTPS server listens on port 443 by default.
Chapter 12 System Figure 79 Security Alert Dialog Box (Internet Explorer) Select Continue to this website. to proceed to the Web Configurator login screen. Otherwise, select Click here to close this webpage. to block the access. 12.4.5.2 Mozilla Firefox Warning Messages When you attempt to access the NWA/WAC HTTPS server, a The Connection is Untrusted screen appears as shown in the following screen. Click Technical Details if you want to verify more information about the certificate from the NWA/WAC.
Chapter 12 System Figure 80 Security Certificate 1 (Firefox) Figure 81 Security Certificate 2 (Firefox) 12.4.5.3 Avoiding Browser Warning Messages Here are the main reasons your browser displays warnings about the NWA/WAC’s HTTPS server certificate and what you can do to avoid seeing the warnings: • The issuing certificate authority of the NWA/WAC’s HTTPS server certificate is not one of the browser’s trusted certificate authorities.
Chapter 12 System • For the browser to trust a self-signed certificate, import the self-signed certificate into your operating system as a trusted certificate. • To have the browser trust the certificates issued by a certificate authority, import the certificate authority’s certificate into your operating system as a trusted certificate. Refer to Appendix A on page 195 for details. 12.4.5.
Chapter 12 System 12.4.5.5 Installing the CA’s Certificate 1 Double click the CA’s trusted certificate to produce a screen similar to the one shown next. 2 Click Install Certificate and follow the wizard as shown earlier in this appendix. 12.4.5.6 Installing a Personal Certificate You need a password in advance. The CA may issue the password or you may have to specify it during the enrollment.
Chapter 12 System 1 Click Next to begin the wizard. 2 The file name and path of the certificate you double-clicked should automatically appear in the File name text box. Click Browse if you wish to import a different certificate.
Chapter 12 System 3 Enter the password given to you by the CA. 4 Have the wizard determine where the certificate should be saved on your computer or select Place all certificates in the following store and choose a different location.
Chapter 12 System 5 Click Finish to complete the wizard and begin the import process. 6 You should see the following screen when the certificate is correctly installed on your computer. 12.4.5.7 Using a Certificate When Accessing the NWA/WAC To access the NWA/WAC via HTTPS: 1 Enter ‘https://NWA/WAC IP Address/ in your browser’s web address field.
Chapter 12 System 2 When Authenticate Client Certificates is selected on the NWA/WAC, the following screen asks you to select a personal certificate to send to the NWA/WAC. This screen displays even if you only have a single certificate as in the example. 3 You next see the Web Configurator login screen. 12.5 SSH You can use SSH (Secure SHell) to securely access the NWA/WAC’s command line interface.
Chapter 12 System Figure 84 How SSH v1 Works Example 1 Host Identification The SSH client sends a connection request to the SSH server. The server identifies itself with a host key. The client encrypts a randomly generated session key with the host key and server key and sends the result back to the server. The client automatically saves any new server public keys. In subsequent connections, the server public key is checked against the saved version on the client computer.
Chapter 12 System 12.5.3 Requirements for Using SSH You must install an SSH client program on a client computer (Windows or Linux operating system) that is used to connect to the NWA/WAC over SSH. 12.5.4 Configuring SSH Click Configuration > System > SSH to open the following screen. Use this screen to configure your NWA/WAC’s Secure Shell settings. Note: It is recommended that you disable Telnet and FTP when you configure SSH for secure connections.
Chapter 12 System 12.5.5.1 Example 1: Microsoft Windows This section describes how to access the NWA/WAC using the Secure Shell Client program. 1 Launch the SSH client and specify the connection information (IP address, port number) for the NWA/WAC. 2 Configure the SSH client to accept connection using SSH version 1. 3 A window displays prompting you to store the host key in you computer. Click Yes to continue. Figure 86 SSH Example 1: Store Host Key Enter the password to log in to the NWA/WAC.
Chapter 12 System Figure 88 SSH Example 2: Log in $ ssh –1 192.168.1.2 The authenticity of host '192.168.1.2 (192.168.1.2)' can't be established. RSA1 key fingerprint is 21:6c:07:25:7e:f4:75:80:ec:af:bd:d4:3d:80:53:d1. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.2' (RSA1) to the list of known hosts. Administrator@192.168.1.2's password: 3 The CLI screen displays next. 12.6 Telnet You can use Telnet to access the NWA/WAC’s command line interface.
Chapter 12 System Figure 90 Configuration > System > FTP The following table describes the labels in this screen. Table 69 Configuration > System > FTP LABEL DESCRIPTION Enable Select the check box to allow or disallow the computer with the IP address that matches the IP address(es) in the Service Control table to access the NWA/WAC using this service. TLS required Select the check box to use FTP over TLS (Transport Layer Security) to encrypt communication.
Chapter 12 System Figure 91 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the NWA/WAC). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions. It executes applications that control and monitor managed devices.
Chapter 12 System ZYXEL-ES-WIRELESS.MIB) to collect information about CPU and memory usage and VPN total throughput. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance. You can download the NWA/WAC’s MIBs from www.zyxel.com. 12.8.2 SNMP Traps The NWA/WAC will send traps to the SNMP manager when any one of the following events occurs. Table 70 SNMP Traps OBJECT LABEL OBJECT ID DESCRIPTION linkDown 1.3.6.1.6.3.1.1.5.
Chapter 12 System The following table describes the labels in this screen. Table 71 Configuration > System > SNMP LABEL DESCRIPTION Enable Select the check box to allow or disallow users to access the NWA/WAC using SNMP. Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Trap Community Type the trap community, which is the password sent with each trap to the SNMP manager.
Chapter 12 System Figure 93 Configuration > System > SNMP > Add The following table describes the labels in this screen. Table 72 Configuration > System > SNMP LABEL DESCRIPTION User Name Select the user name of the user account for which this SNMPv3 user profile is configured. Authentication Select the type of authentication the SNMPv3 user must use to connect to the NWA/WAC using this SNMPv3 user profile. Select NONE to not authenticate the SNMPv3 user.
C HAPTER 13 Log and Report 13.1 Overview Use the system screens to configure daily reporting and log settings. 13.1.1 What You Can Do In this Chapter • The Email Daily Report screen (Section 13.2 on page 154) configures how and where to send daily reports and what reports to send. • The Log Setting screens (Section 13.3 on page 156) specify which logs are e-mailed, where they are e-mailed, and how often they are e-mailed. 13.
Chapter 13 Log and Report Figure 94 Configuration > Log & Report > Email Daily Report NWA5000 / WAC6000 Series User’s Guide 155
Chapter 13 Log and Report The following table describes the labels in this screen. Table 73 Configuration > Log & Report > Email Daily Report LABEL DESCRIPTION Enable Email Daily Report Select this to send reports by e-mail every day. Mail Server Type the name or IP address of the outgoing SMTP server. SSL/TLS Encryption Select SSL/TLS to use Secure Sockets Layer (SSL) or Transport Layer Security (TLS) if you want encrypted communications between the mail server and the NWA/WAC.
Chapter 13 Log and Report The Log Setting tab also controls what information is saved in each log. For the system log, you can also specify which log messages are e-mailed, where they are e-mailed, and how often they are e-mailed. For alerts, the Log Setting screen controls which events generate alerts and where alerts are emailed. The Log Setting screen provides a summary of all the settings.
Chapter 13 Log and Report Table 74 Configuration > Log & Report > Log Setting (continued) LABEL DESCRIPTION # This field is a sequential value, and it is not associated with a specific log. Status This field shows whether the log is active or not. Name This field displays the name of the log (system log or one of the remote servers). Log Format This field displays the format of the log. Internal - system log; you can view the log on the View Log tab.
Chapter 13 Log and Report Figure 96 Configuration > Log & Report > Log Setting > Edit System Log Setting The following table describes the labels in this screen. Table 75 Configuration > Log & Report > Log Setting > Edit System Log Setting LABEL DESCRIPTION E-Mail Server 1/2 Active Select this to send log messages and alerts according to the information in this section.
Chapter 13 Log and Report Table 75 Configuration > Log & Report > Log Setting > Edit System Log Setting (continued) LABEL SSL/TLS Encryption DESCRIPTION Select SSL/TLS to use Secure Sockets Layer (SSL) or Transport Layer Security (TLS) if you want encrypted communications between the mail server and the NWA/ WAC. Select STARTTLS to upgrade a plain text connection to a secure connection using SSL/TLS. Select No to not encrypt the communications.
Chapter 13 Log and Report Table 75 Configuration > Log & Report > Log Setting > Edit System Log Setting (continued) LABEL E-mail Server 2 DESCRIPTION Use the E-Mail Server 2 drop-down list to change the settings for e-mailing logs to e-mail server 2 for all log categories. Using the System Log drop-down list to disable all logs overrides your e-mail server 2 settings. enable normal logs (green check mark) - e-mail log messages for all categories to e-mail server 2.
Chapter 13 Log and Report Figure 97 Configuration > Log & Report > Log Setting > Edit Remote Server NWA5000 / WAC6000 Series User’s Guide 162
Chapter 13 Log and Report The following table describes the labels in this screen. Table 76 Configuration > Log & Report > Log Setting > Edit Remote Server LABEL DESCRIPTION Log Settings for Remote Server Active Select this check box to send log information according to the information in this section. You specify what kinds of messages are included in log information in the Active Log section. Log Format This field displays the format of the log information. It is read-only.
Chapter 13 Log and Report Figure 98 Active Log Summary This screen provides a different view and a different way of indicating which messages are included in each log and each alert. (The Default category includes debugging messages generated by open source software.
Chapter 13 Log and Report The following table describes the fields in this screen. Table 77 Configuration > Log & Report > Log Setting > Active Log Summary LABEL DESCRIPTION Active Log Summary If the NWA/WAC is set to controller mode, the AC section controls logs generated by the controller and the AP section controls logs generated by the managed APs. System log Use the System Log drop-down list to change the log settings for all of the log categories.
Chapter 13 Log and Report Table 77 Configuration > Log & Report > Log Setting > Active Log Summary (continued) LABEL DESCRIPTION E-mail Server 1 E-mail Select whether each category of events should be included in the log messages when it is e-mailed (green check mark) and/or in alerts (red exclamation point) for the e-mail settings specified in E-Mail Server 1. The NWA/WAC does not e-mail debugging information, even if it is recorded in the System log.
C HAPTER 14 File Manager 14.1 Overview Configuration files define the NWA/WAC’s settings. Shell scripts are files of commands that you can store on the NWA/WAC and run when you need them. You can apply a configuration file or run a shell script without the NWA/WAC restarting. You can store multiple configuration files and shell script files on the NWA/WAC. You can edit configuration files or shell scripts in a text editor and upload them to the NWA/WAC. Configuration files use a .
Chapter 14 File Manager While configuration files and shell scripts have the same syntax, the NWA/WAC applies configuration files differently than it runs shell scripts. This is explained below. Table 78 Configuration Files and Shell Scripts in the NWA/WAC Configuration Files (.conf) Shell Scripts (.zysh) • • • • • Resets to default configuration. Goes into CLI Configuration mode. Runs the commands in the configuration file. Goes into CLI Privilege mode. Runs the commands in the shell script.
Chapter 14 File Manager configuration files from the NWA/WAC to your computer and upload configuration files from your computer to the NWA/WAC. Once your NWA/WAC is configured and functioning properly, it is highly recommended that you back up your configuration file before making further configuration changes. The backup configuration file will be useful in case you need to return to your previous settings. Configuration File Flow at Restart • If there is not a startup-config.
Chapter 14 File Manager The following table describes the labels in this screen. Table 79 Maintenance > File Manager > Configuration File LABEL DESCRIPTION Rename Use this button to change the label of a configuration file on the NWA/WAC. You can only rename manually saved configuration files. You cannot rename the lastgood.conf, system-default.conf and startup-config.conf files. You cannot rename a configuration file to the name of another configuration file in the NWA/WAC.
Chapter 14 File Manager Table 79 Maintenance > File Manager > Configuration File (continued) LABEL DESCRIPTION Apply Use this button to have the NWA/WAC use a specific configuration file. Click a configuration file’s row to select it and click Apply to have the NWA/WAC use that configuration file. The NWA/WAC does not have to restart in order to use a different configuration file, although you will need to wait for a few minutes while the system reconfigures.
Chapter 14 File Manager Table 79 Maintenance > File Manager > Configuration File (continued) LABEL DESCRIPTION File Name This column displays the label that identifies a configuration file. You cannot delete the following configuration files or change their file names. The system-default.conf file contains the NWA/WAC’s default settings. Select this file and click Apply to reset all of the NWA/WAC settings to the factory defaults. This configuration file is included when you upload a firmware package.
Chapter 14 File Manager 8 Use "get” to download files. Transfer the configuration file on the NWA/WAC to your computer. Type get followed by the name of the configuration file. This examples uses get startup-config.conf. C:\>ftp 192.168.1.2 Connected to 192.168.1.2. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------220-You are user number 1 of 5 allowed. 220-Local time is now 21:28. Server port: 21.
Chapter 14 File Manager Figure 100 Maintenance > File Manager > Firmware Package The following table describes the labels in this screen. Table 80 Maintenance > File Manager > Firmware Package LABEL DESCRIPTION Boot Module This is the version of the boot module that is currently on the NWA/WAC. Current Version This is the firmware version and the date created. Released Date This is the date that the version of the firmware was created.
Chapter 14 File Manager 1 Connect your computer to the NWA/WAC. 2 The FTP server IP address of the NWA/WAC in standalone AP mode is 192.168.1.2, so set your computer to use a static IP address from 192.168.1.3 ~192.168.1.254. 3 Use an FTP client on your computer to connect to the NWA/WAC. For example, in the Windows command prompt, type ftp 192.168.1.2. Keep the console session connected in order to see when the firmware recovery finishes. 4 Enter your user name when prompted.
Chapter 14 File Manager Note: You should include write commands in your scripts. If you do not use the write command, the changes will be lost when the NWA/WAC restarts. You could use multiple write commands in a long script. Figure 102 Maintenance > File Manager > Shell Script Each field is described in the following table. Table 81 Maintenance > File Manager > Shell Script LABEL DESCRIPTION Rename Use this button to change the label of a shell script file on the NWA/WAC.
Chapter 14 File Manager Table 81 Maintenance > File Manager > Shell Script (continued) LABEL DESCRIPTION Last Modified This column displays the date and time that the individual shell script files were last changed or saved. Upload Shell Script The bottom part of the screen allows you to upload a new or previously saved shell script file from your computer to your NWA/WAC. File Path Type in the location of the file you want to upload in this field or click Browse... to find it. Browse...
C HAPTER 15 Diagnostics 15.1 Overview Use the diagnostics screen for troubleshooting. 15.1.1 What You Can Do in this Chapter • The Diagnostics screen (Section 15.2 on page 178) generates a file containing the NWA/WAC’s configuration and diagnostic information if you need to provide it to customer support during troubleshooting. 15.2 Diagnostics This screen provides an easy way for you to generate a file containing the NWA/WAC’s configuration and diagnostic information.
Chapter 15 Diagnostics Figure 103 Maintenance > Diagnostics The following table describes the labels in this screen. Table 82 Maintenance > Diagnostics LABEL DESCRIPTION Filename This is the name of the most recently created diagnostic file. Last modified This is the date and time that the last diagnostic file was created. The format is yyyymm-dd hh:mm:ss. Size This is the size of the most recently created diagnostic file. Diagnostic Collect Category This field displays each category of settings.
C HAPTER 16 LEDs 16.1 Overview The LEDs of your NWA/WAC can be controlled such that they stay lit (ON) or OFF after the NWA/ WAC is ready. There are two features that controls the LEDs of your NWA/WAC - Locator and Suppression. 16.1.1 What You Can Do in this Chapter • The Suppression screen (Section 16.2 on page 180)) allows you to set how you want the LEDs to behave after the device is ready. • The Locator screen (Section 16.
Chapter 16 LEDs Figure 104 Maintenance > LEDs > Suppression The following table describes fields in the above screen. Table 83 Maintenance > LED > Suppression LABEL DESCRIPTION Suppression On If the Suppression On check box is checked, the LEDs of your NWA/WAC will turn off after it’s ready. If the check box is unchecked, the LEDs will stay lit after the NWA/WAC is ready. Apply Click Apply to save your changes back to the NWA/WAC. Reset Click Reset to return the screen to its last-saved settings.
Chapter 16 LEDs Figure 105 Maintenance > LEDs > Locator The following table describes fields in the above screen. Table 84 Maintenance > LED > Locator LABEL DESCRIPTION Turn On Click Turn On button to activate the locator. The Locator function will show the actual location of the WAC between several devices in the network. Turn Off Otherwise, click Turn Off to disable the locator feature.
C HAPTER 17 Antenna Switch 17.1 Overview Use this screen to change antenna orientation for the radios. 17.1.1 What You Need To Know Positioning the antennas properly increases the range and coverage area of a wireless LAN. On the NWA/WAC that comes with internal antennas and also has an antenna switch, you can adjust antenna orientation for the NWA/WAC radios using the web configurator, the command line interface (CLI) or a physical switch.
Chapter 17 Antenna Switch Figure 107 Maintenance > Antenna > Antenna Switch Select the Enable Software Control option to use the Web configurator to adjust each radio’s antenna orientation for better coverage. Select Wall if you mount the NWA/WAC to a wall. Select Ceiling if the the NWA/WAC is mounted on a ceiling. You can switch from Wall to Ceiling if there are still wireless dead zones, and vice versa.
C HAPTER 18 Reboot 18.1 Overview Use this screen to restart the device. 18.1.1 What You Need To Know If you applied changes in the Web configurator, these were saved automatically and do not change when you reboot. If you made changes in the CLI, however, you have to use the write command to save the configuration before you reboot. Otherwise, the changes are lost when you reboot. Reboot is different to reset; reset returns the device to its default configuration. 18.
C HAPTER 19 Shutdown 19.1 Overview Use this screen to shutdown the device. Always use Maintenance > Shutdown > Shutdown or the shutdown command before you turn off the NWA/WAC or remove the power. Not doing so can cause the firmware to become corrupt. 19.1.1 What You Need To Know Shutdown writes all cached data to the local storage and stops the system processes. Shutdown is different to reset; reset returns the device to its default configuration. 19.
C HAPTER 20 Troubleshooting 20.1 Overview This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LED • NWA/WAC Access and Login • Internet Access • Wireless Connections • Resetting the NWA/WAC 20.2 Power, Hardware Connections, and LED The NWA/WAC does not turn on. The LED is not on.
Chapter 20 Troubleshooting 3 Inspect your cables for damage. Contact the vendor to replace any damaged cables. 4 Disconnect and re-connect the power adaptor or PoE power injector to the NWA/WAC. 5 If the problem continues, contact the vendor. 20.3 NWA/WAC Access and Login I forgot the IP address for the NWA/WAC. 1 The default IP address (in standalone AP mode) is 192.168.1.2. 2 If you changed the IP address and have forgotten it, you have to reset the device to its factory defaults.
Chapter 20 Troubleshooting 6 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions • Try to access the NWA/WAC using another service, such as Telnet. If you can access the NWA/ WAC, check the remote management settings to find out why the NWA/WAC does not respond to HTTP. • If your computer is connected wirelessly, use a computer that is connected to a LAN/ETHERNET port. I forgot the password. 1 The default password is 1234.
Chapter 20 Troubleshooting 1 Check the hardware connections, and make sure the LED is behaving as expected. See the Quick Start Guide and Section 20.2 on page 187. 2 Make sure the NWA/WAC is connected to a broadband modem or router with Internet access and your computer is set to obtain an dynamic IP address. 3 If you are trying to access the Internet wirelessly, make sure the wireless settings on the wireless client are the same as the settings on the NWA/WAC.
Chapter 20 Troubleshooting 20.5 Wireless Connections I cannot access the NWA/WAC or ping any computer from the WLAN. 1 Make sure the wireless LAN (wireless radio) is enabled on the NWA/WAC. 2 Make sure the radio or at least one of the NWA/WAC’s radios is operating in AP mode. 3 Make sure the wireless adapter (installed on your computer) is working properly. 4 Make sure the wireless adapter (installed on your computer) is IEEE 802.
Chapter 20 Troubleshooting • Binary X.509: This is an ITU-T recommendation that defines the formats for X.509 certificates. • PEM (Base-64) encoded X.509: This Privacy Enhanced Mail format uses lowercase letters, uppercase letters and numerals to convert a binary X.509 certificate into a printable form. • Binary PKCS#7: This is a standard that defines the general syntax for data (including digital signatures) that may be encrypted. A PKCS #7 file is used to transfer a public key certificate.
Chapter 20 Troubleshooting • Make sure that all the APs used by the wireless clients in question share the same SSID, security, and radio settings. • Make sure that all the APs are in the same broadcast domain. • Make sure that the wireless clients are in range of the other APs; if they are only in range of a single AP, then load balancing may not be as effective.
Chapter 20 Troubleshooting • Detach the WAC6500 series indoor AP from the mounting bracket. 20.6 Resetting the NWA/WAC If you cannot access the NWA/WAC by any method, try restarting it by turning the power off and then on again. If you still cannot access the NWA/WAC by any method or you forget the administrator password(s), you can reset the NWA/WAC to its factory-default settings. Any configuration files or shell scripts that you saved on the NWA/WAC should still be available afterwards.
A PPENDIX A Importing Certificates This appendix shows you how to import public key certificates into your web browser. Public key certificates are used by web browsers to ensure that a secure web site is legitimate. When a certificate authority such as VeriSign, Comodo, or Network Solutions, to name a few, receives a certificate request from a website operator, they confirm that the web domain and contact information in the request match those on public record with a domain name registrar.
Appendix A Importing Certificates 1 If your device’s Web Configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error. 2 Click Continue to this website (not recommended). 3 In the Address Bar, click Certificate Error > View certificates.
Appendix A Importing Certificates 4 In the Certificate dialog box, click Install Certificate. 5 In the Certificate Import Wizard, click Next.
Appendix A Importing Certificates 6 If you want Internet Explorer to Automatically select certificate store based on the type of certificate, click Next again and then go to step 9. 7 Otherwise, select Place all certificates in the following store and then click Browse. 8 In the Select Certificate Store dialog box, choose a location in which to save the certificate and then click OK.
Appendix A Importing Certificates 9 In the Completing the Certificate Import Wizard screen, click Finish. 10 If you are presented with another Security Warning, click Yes. 11 Finally, click OK when presented with the successful certificate installation message.
Appendix A Importing Certificates 12 The next time you start Internet Explorer and go to a ZyXEL Web Configurator page, a sealed padlock icon appears in the address bar. Click it to view the page’s Website Identification information. Installing a Stand-Alone Certificate File in Internet Explorer Rather than browsing to a ZyXEL Web Configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you.