G-1000 802.11g Wireless Access Point User’s Guide Version 3.
G-1000 User’s Guide Copyright Copyright © 2005 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
G-1000 User’s Guide Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations. This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules.
G-1000 User’s Guide Cet appareil numerique de la classe B est conforme a la norme NMB-003 du Canada. Certifications Go to www.zyxel.com 1 Select your product from the drop-down list box on the ZyXEL home page to go to that product's page. 2 Select the certification you wish to view from this page.
G-1000 User’s Guide Safety Warnings For your safety, be sure to read and follow all warning notices and instructions. • Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel can service the device. Please contact your vendor for further information. • Use ONLY the dedicated power supply for your device.
G-1000 User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase.
G-1000 User’s Guide Customer Support Please have the following information ready when you contact customer support. • • • • Product model and serial number. Warranty Information. Date that you received your device. Brief description of the problem and the steps you took to solve it. METHOD SUPPORT E-MAIL TELEPHONEA WEB SITE FAX FTP SITE REGULAR MAIL LOCATION CORPORATE HEADQUARTERS (WORLDWIDE) CZECH REPUBLIC DENMARK FINLAND SALES E-MAIL support@zyxel.com.tw +886-3-578-3942 sales@zyxel.com.
G-1000 User’s Guide TELEPHONEA WEB SITE SALES E-MAIL FAX FTP SITE info@pl.zyxel.com +48-22-5286603 www.pl.zyxel.com ZyXEL Communications ul.Emilli Plater 53 00-113 Warszawa Poland www.zyxel.ru ZyXEL Russia Ostrovityanova 37a Str. Moscow, 117279 Russia www.zyxel.es ZyXEL Communications Alejandro Villegas 33 1º, 28043 Madrid Spain www.zyxel.se ZyXEL Communications A/S Sjöporten 4, 41764 Göteborg Sweden www.ua.zyxel.com ZyXEL Ukraine 13, Pimonenko Str.
G-1000 User’s Guide Customer Support 9
G-1000 User’s Guide Table of Contents Copyright .................................................................................................................. 2 Federal Communications Commission (FCC) Interference Statement ............... 3 Safety Warnings ....................................................................................................... 5 ZyXEL Limited Warranty.......................................................................................... 6 Customer Support...........
G-1000 User’s Guide 1.3.1 Internet Access Application ......................................................................30 1.3.2 Corporation Network Application ..............................................................30 Chapter 2 Hardware Installation and Initial Setup ................................................................ 32 2.1 Front Panel of the G-1000 ..................................................................................32 2.2 Top Panel and Connections of the G-1000 ....
G-1000 User’s Guide Chapter 6 Wireless LAN ......................................................................................................... 50 6.1 Introduction ........................................................................................................50 6.2 Wireless Security Overview ...............................................................................50 6.2.1 Encryption .................................................................................................50 6.2.
G-1000 User’s Guide 8.6 SNMP .................................................................................................................76 8.6.1 Supported MIBs ........................................................................................78 8.6.2 SNMP Traps .............................................................................................78 8.6.3 SNMP Interface Index ...............................................................................79 8.6.4 Configuring SNMP ..........
G-1000 User’s Guide Chapter 14 Dial-in User Setup ................................................................................................ 108 Chapter 15 SNMP Configuration ............................................................................................ 110 Chapter 16 System Security ................................................................................................... 112 16.1 System Password .................................................................................
G-1000 User’s Guide Troubleshooting................................................................................................... 136 Appendix B Specifications....................................................................................................... 138 Appendix C Brute-Force Password Guessing Protection..................................................... 140 Appendix D Setting up Your Computer’s IP Address............................................................
G-1000 User’s Guide List of Figures Figure 1 Internet Access Application ................................................................................... 30 Figure 2 Corporation Network Application .......................................................................... 30 Figure 3 G-1000 Front Panel .............................................................................................. 32 Figure 4 G-1000 Top Panel ...............................................................................
G-1000 User’s Guide Figure 37 System Status: Show Statistics ........................................................................... 87 Figure 38 Association List ................................................................................................... 88 Figure 39 Firmware Upload ................................................................................................. 89 Figure 40 Firmware Upload In Process ..............................................................................
G-1000 User’s Guide Figure 80 Menu 24 System Maintenance ........................................................................... 131 Figure 81 Valid CI Commands ............................................................................................ 131 Figure 82 Menu 24.10 System Maintenance: Time and Date Setting ................................. 132 Figure 83 Telnet Configuration on a TCP/IP Network ......................................................... 133 Figure 84 Menu 24.
G-1000 User’s Guide 19
G-1000 User’s Guide List of Tables Table 1 IEEE 802.11b ......................................................................................................... 27 Table 2 IEEE 802.11g ......................................................................................................... 28 Table 3 Front Panel LED Description ................................................................................. 33 Table 4 G-1000 Wireless LAN Coverage .........................................................
G-1000 User’s Guide Table 37 Restore Configuration .......................................................................................... 91 Table 38 SMT Menus Overview ......................................................................................... 95 Table 39 Main Menu Commands ....................................................................................... 96 Table 40 Main Menu Summary ..........................................................................................
G-1000 User’s Guide Table 80 Subnet 4 .............................................................................................................. 175 Table 81 Eight Subnets ...................................................................................................... 175 Table 82 Class C Subnet Planning ..................................................................................... 175 Table 83 Class B Subnet Planning .........................................................................
G-1000 User’s Guide 23
G-1000 User’s Guide Preface Congratulations on your purchase of the ZyXEL G-1000 - 802.11g Wireless Access Point. An AP acts as a bridge between the wireless and wired networks, extending your existing wired network without any additional wiring. Your G-1000 is easy to install and configure. Note: Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products.
G-1000 User’s Guide User Guide Feedback Help us help you! E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you! Syntax Conventions • “Enter” means for you to type one or more characters. “Select” or “Choose” means for you to use one of the predefined choices.
G-1000 User’s Guide CHAPTER 1 Getting to Know Your G-1000 This chapter introduces the main features and applications of the G-1000. 1.1 Introducing the G-1000 The G-1000 Access Point extends the range of your existing wired network without any additional wiring efforts, providing easy network access to mobile users. The G-1000 incorporates the IEEE802.11g standard for high-speed wireless transmission. In line with the standard, your G-1000 is backward-compatible with IEEE802.1b-enabled devices.
G-1000 User’s Guide 1.2.1.4 G-1000 LED The blue G-1000 LED (also known as the Breathing LED) is on when the G-1000 is on and blinks (or breaths) when data is being transmitted to/from its wireless stations. You may use the web configurator to turn this LED off even when the G-1000 is on and data is being transmitted/received. 1.2.2 Firmware Features 1.2.2.1 Internal RADIUS Server The G-1000 has a built-in RADIUS server that can authenticate wireless clients or other AP’s in other wireless networks.
G-1000 User’s Guide 1.2.2.4 802.11g Wireless LAN Standard The G-1000 complies with the 802.11g wireless standard and is also fully compatible with the 802.11b standard. This means an 802.11b radio card can interface directly with an 802.11g device (and vice versa) at 11 Mbps or lower depending on range. 802.11g has several intermediate rate steps between the maximum and minimum data rates. The 802.11g data rate and modulation are as follows:. Table 2 IEEE 802.
G-1000 User’s Guide 1.2.2.10 IEEE 802.1x Network Security The G-1000 supports the IEEE 802.1x standard to enhance user authentication. Use the builtin user profile database to authenticate up to 32 users using MD5 encryption. Use an EAPcompatible RADIUS (RFC2138, 2139 - Remote Authentication Dial In User Service) server to authenticate a limitless number of users using EAP (Extensible Authentication Protocol). EAP is an authentication protocol that supports multiple types of authentication. 1.2.2.
G-1000 User’s Guide 1.3.1 Internet Access Application The G-1000 is an ideal access solution for wireless Internet connection. A typical Internet access application for your G-1000 is shown as follows. Stations A, B and C can access the wired network through the G-1000s. Figure 1 Internet Access Application 1.3.
G-1000 User’s Guide Chapter 1 Getting to Know Your G-1000 31
G-1000 User’s Guide CHAPTER 2 Hardware Installation and Initial Setup This chapter describes the physical features of the G-1000 and how to make cable connections. 2.1 Front Panel of the G-1000 The LEDs on the front panel indicate the operational status of your G-1000.
G-1000 User’s Guide Table 3 Front Panel LED Description LED COLOR STATUS DESCRIPTION BRI/RPT Green On The wireless card on the G-1000 is working properly. Off The wireless card on the G-1000 is not ready or has a malfunction. Red On The G-1000 is not ready or rebooting. G-1000(WLAN ACK) Blue Breathing The G-1000 is sending or receiving data. On (dim) The G-1000 is ready, but is not sending or receiving data. ETHN Green On The G-1000 has a successful 10Mb Ethernet connection.
G-1000 User’s Guide Figure 4 G-1000 Top Panel 2.2.1 One 10/100M Ethernet Port Ethernet 10Base-T/100Base-T networks use Shielded Twisted Pair (STP) cable with RJ-45 connectors that look like a bigger telephone plug with 8 pins. The ETHERNET port is autosensing, so you may use the crossover cable provided or a straight-through Ethernet cable to connect your G-1000 to a computer/external hub.
G-1000 User’s Guide 2.2.4 Antennas The G-1000 is equipped with two reverse SMA connectors and two detachable omnidirectional 2dBi antennas to provide clear radio signal between the wireless stations and the access points. Refer to the Antenna Selection and Positioning Recommendations appendix for more information. The following table shows the G-1000’s coverage (in meters) using the included antennas. The distance may differ depending on the network environment.
G-1000 User’s Guide CHAPTER 3 Introducing the Web Configurator This chapter describes how to access the G-1000 web configurator and provides an overview of its screens. The default IP address of the G-1000 is 192.168.1.2. 3.1 Accessing the G-1000 Web Configurator 1 Make sure your G-1000 hardware is properly connected and prepare your computer/ computer network to connect to the G-1000 (refer to the Quick Start Guide). 2 Launch your web browser. 3 Type "192.168.1.2" as the URL.
G-1000 User’s Guide Figure 5 Change Password Screen You should now see the MAIN MENU screen. Note: The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the G-1000 if this happens to you. 3.
G-1000 User’s Guide 5 Release the RESET button and wait for the G-1000 to finish restarting. 3.2.2 Method of Restoring Factory-Defaults You can erase the current configuration and restore factory defaults in three ways: Use the RESET button on the side panel of the G-1000 to upload the default configuration file (hold this button in for about 10 seconds or until the SYS LED, LINK LED or BDG/RPT LED turns red). Use this method for cases when the password or IP address of the G-1000 is not known.
G-1000 User’s Guide Click the links under ADVANCED to configure advanced features such as SYSTEM (General Setup, Password and Time Zone), WIRELESS (Wireless, MAC Filter, Roaming and 802.1x/WPA), IP, REMOTE MGNT (Telnet, FTP, WWW and SNMP), Internal RADIUS Server (Settings, Trusted AP and Trusted User databases), and LOGS (View reports and Log Settings). Click MAINTENANCE to view information about your G-1000 or upgrade configuration/ firmware files.
G-1000 User’s Guide CHAPTER 4 Wizard Setup This chapter provides information on the Wizard Setup screens in the web configurator. 4.1 Wizard Setup Overview The web configurator’s setup wizard helps you configure your G-1000 for wireless stations to access your wired LAN. 4.1.1 Channel A channel is the radio frequency(ies) used by IEEE 802.11b and IEEE 802.11g wireless devices. Channels available depend on your geographical area.
G-1000 User’s Guide 4.2 Wizard Setup: General Setup General Setup contains administrative and system-related information. The Domain Name entry is what is propagated to the DHCP clients on the LAN. If you leave this blank, the domain name obtained by DHCP from the ISP is used. While you must enter the host name (System Name) on each individual computer, the domain name can be assigned from the G-1000 via DHCP. Figure 7 Wizard 1: General Setup The following table describes the labels in this screen.
G-1000 User’s Guide Figure 8 Wizard 2: Wireless LAN Setup The following table describes the labels in this screen. Table 6 Wizard 2: Wireless LAN Setup LABEL DESCRIPTION Wireless LAN Setup WLAN Adaptor Select Built-in from the drop down list box to configure your G-1000 using the internal WLAN card. Select Removable from the drop down list box to configure your G-1000 using a WLAN card adaptor using the extension card slot.
G-1000 User’s Guide Table 6 Wizard 2: Wireless LAN Setup LABEL DESCRIPTION Back Click Back to return to the previous screen. Next Click Next to continue. 4.4 Wizard Setup: IP Address The third wizard screen allows you to configure IP address assignment. 4.4.1 IP Address Assignment Every computer on the Internet must have a unique IP address.
G-1000 User’s Guide If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise. Let's say you select 192.168.1.0 as the network number; which covers 254 individual addresses, from 192.168.1.1 to 192.
G-1000 User’s Guide Table 8 Wizard 3: IP Address Assignment LABEL DESCRIPTION Back Click Back to return to the previous screen. Finish Click Finish to proceed to complete the Wizard setup. 4.5 Basic Setup Complete When you click Finish in the Wizard 3 IP Address Assignment screen, a warning window display as shown. Click OK to close the window and log in to the web configurator again using the new IP address if you change the default IP address (192.168.1.2). You have successfully set up the G-1000.
G-1000 User’s Guide CHAPTER 5 System Screens 5.1 System Overview This section provides information on general system setup. 5.2 Configuring General Setup Click the SYSTEM link under ADVANCED to open the General screen. Figure 11 System General Setup The following table describes the labels in this screen. Table 9 System General Setup LABEL DESCRIPTION General Setup System Name Type a descriptive name to identify the G-1000 in the Ethernet network.
G-1000 User’s Guide Table 9 System General Setup LABEL DESCRIPTION First DNS Server Second DNS Server Third DNS Server Select From DHCP if your DHCP server dynamically assigns DNS server information (and the G-1000's Ethernet IP address). The field to the right displays the (read-only) DNS server IP address that the DHCP assigns. Select User-Defined if you have the IP address of a DNS server. Enter the DNS server's IP address in the field to the right.
G-1000 User’s Guide 5.4 Configuring Time Setting To change your G-1000’s time and date, click the SYSTEM link under ADVANCED and then the Time Setting tab. The screen appears as shown. Use this screen to configure the G1000’s time based on your local time zone. Figure 13 Time Setting The following table describes the labels in this screen. Table 11 Time Setting 48 LABEL DESCRIPTION Time Protocol Select the time service protocol that your time server sends when you turn on the G-1000.
G-1000 User’s Guide Table 11 Time Setting LABEL DESCRIPTION Current Date (yyyy/ mm/dd) This field displays the date of your G-1000. Each time you reload this page, the G-1000 synchronizes the date with the time server. New Date (yyyy/mm/ dd) This field displays the last updated date from the time server. When you select None in the Time Protocol field, enter the new date in this field and then click Apply. Time Zone Choose the time zone of your location.
G-1000 User’s Guide CHAPTER 6 Wireless LAN This chapter discusses how to configure Wireless LAN. 6.1 Introduction A wireless LAN (WLAN) can be as simple as two computers with WLAN adapters communicating in a peer-to-peer network or as complex as a number of computers with WLAN adapters communicating through access points which bridge network traffic to the wired LAN. Note: See the WLAN appendix for more detailed information on WLANs. 6.
G-1000 User’s Guide • Use the Local User Database if you have less than 32 wireless clients in your network. The G-1000 uses MD5 encryption when a client authenticates with the Local User Database 6.2.3 Restricted Access The MAC Filter screen allows you to configure the AP to give exclusive access to devices (Allow Association) or exclude them from accessing the AP (Deny Association). 6.2.
G-1000 User’s Guide The figure below shows the possible wireless security levels on your G-1000. EAP (Extensible Authentication Protocol) is used for authentication and utilizes dynamic WEP key exchange.
G-1000 User’s Guide Figure 14 Wireless The following table describes the general wireless LAN labels in this screen. Table 13 Wireless LABEL DESCRIPTION ESSID The ESSID (Extended Service Set IDentity) identifies the Service Set with which a wireless station is associated. Wireless stations associating to the access point (AP) must have the same ESSID. Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN.
G-1000 User’s Guide Table 13 Wireless LABEL DESCRIPTION Fragmentation Threshold The threshold (number of bytes) for the fragmentation boundary for directed messages. It is the maximum data fragment size that can be sent. Enter a value between 800 and 2432. WEP Encryption WEP (Wired Equivalent Privacy) provides data encryption to prevent unauthorized wireless stations from accessing data transmitted over the wireless network.
G-1000 User’s Guide 6.4 Configuring Roaming A wireless station is a device with an IEEE 802.11b or an IEEE 802.11g compliant wireless interface. An access point (AP) acts as a bridge between the wireless and wired networks. An AP creates its own wireless coverage area. A wireless station can associate with a particular access point only if it is within the access point’s coverage area.
G-1000 User’s Guide Figure 15 Roaming Example The steps below describe the roaming process. 1 As wireless station Y moves from the coverage area of access point AP 1 to that of access point 2 AP 2, it scans and uses the signal of access point AP 2. 3 Access point AP 2 acknowledges the presence of wireless station Y and relays this information to access point AP 1 through the wired LAN. 4 Access point AP 1 updates the new position of wireless station.
G-1000 User’s Guide To enable roaming on your G-1000, click the WIRELESS link under ADVANCED and then the Roaming tab. The screen appears as shown. Figure 16 Roaming The following table describes the labels in this screen. Table 14 Roaming LABEL DESCRIPTION Active Select Yes from the drop-down list box to enable roaming on the G-1000 if you have two or more G-1000s on the same subnet. Note: All APs on the same subnet and the wireless stations must have the same ESSID to allow roaming.
G-1000 User’s Guide Figure 17 MAC Address Filter The following table describes the labels in this screen. Table 15 MAC Address Filter 58 LABEL DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering. Filter Action Define the filter action for the list of MAC addresses in the MAC address filter table. Select Deny Association to block access to the router, MAC addresses not listed will be allowed to access the router.
G-1000 User’s Guide 6.6 Introduction to WPA Wi-Fi Protected Access (WPA and WPA2) applies IEEE 801.2x and Extensible Authentication Protocol (EAP) to authenticate wireless clients using and external RADIUS database. WPA has better user authentication and improved data encryption than WEP, and WPA2 provides even better data encryption and user authentication than WPA. See the appendix for more information on WPA(2) user authentication and WPA encryption.
G-1000 User’s Guide Figure 18 WPA(2) - PSK Authentication 6.6.2 WPA(2) with RADIUS Application Example You need the IP address, port number (default is 1812) and shared secret of a RADIUS server. A WPA(2) application example with an external RADIUS server looks as follows. "A" is the RADIUS server. "DS" is the distribution system (wired link to the LAN). 1 The AP passes the wireless client’s authentication request to the RADIUS server.
G-1000 User’s Guide Figure 19 WPA with RADIUS Application Example2 6.6.3 Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA. At the time of writing, the most widely available supplicants are the WPA patch for Windows XP, Funk Software's Odyssey client, and Meetinghouse Data Communications' AEGIS client.
G-1000 User’s Guide Figure 20 Wireless LAN: 802.1x/WPA The following table describes the labels in this screen. Table 16 Wireless LAN: 802.1x/WPA LABEL DESCRIPTION Wireless Port Control To control wireless stations access to the wired network, select a control method from the drop-down list box. Choose from No Access Allowed, No Authentication Required and Authentication Required. No Access Allowed blocks all wireless stations access to the wired network.
G-1000 User’s Guide Figure 21 Wireless LAN: 802.1x/WPA for 802.1x Protocol The following table describes the labels in this screen. Table 17 Wireless LAN: 802.1x/WPA for 802.1x Protocol LABEL DESCRIPTION Wireless Port Control To control wireless stations access to the wired network, select a control method from the drop-down list box. Choose from No Authentication Required, Authentication Required and No Access Allowed.
G-1000 User’s Guide Table 17 Wireless LAN: 802.1x/WPA for 802.1x Protocol LABEL DESCRIPTION Dynamic WEP Key Exchange This field is activated only when you select Authentication Required in the Wireless Port Control field. Also set the Key Management Protocol field to 802.1x. Select Disable to allow wireless stations to communicate with the access points without using dynamic WEP key exchange. Select 64-bit WEP or 128-bit WEP to enable data encryption.
G-1000 User’s Guide Figure 22 Wireless LAN: 802.1x/WPA for WPA Protocol The following table describes the labels not previously discussed Table 18 Wireless LAN: 802.1x/WPA for WPA Protocol LABEL DESCRIPTIONS Key Management Protocol Choose WPA in this field. WPA Group Key Update Timer The WPA Group Key Update Timer is the rate at which the AP (if using WPAPSK key management) or RADIUS server (if using WPA key management) sends a new group key out to all clients.
G-1000 User’s Guide Figure 23 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol The following table describes the labels not previously discussed Table 19 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol LABEL DESCRIPTION Key Management Protocol Choose WPA-PSK in this field. Pre-Shared Key The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference between the two is that WPA-PSK uses a simple common password, instead of user-specific credentials.
G-1000 User’s Guide Figure 24 Wireless LAN: 802.1x/WPA for WPA2 Protocol The following table describes the labels not previously discussed Table 20 Wireless LAN: 802.1x/WPA2 for WPA Protocol LABEL DESCRIPTIONS Key Management Protocol Choose WPA2 in this field. WPA Compatible Check this box if you want your G-1000 to support WPA2 and WPA at the same time. This might reduce the performance of the device, however.
G-1000 User’s Guide Figure 25 Wireless LAN: 802.1x/WPA for WPA2-PSK Protocol The following table describes the labels not previously discussed Table 21 Wireless LAN: 802.1x/WPA for WPA2-PSK Protocol LABEL DESCRIPTION Key Management Protocol Choose WPA2-PSK in this field. WPA Compatible Check this box if you want your G-1000 to support WPA2-PSK and WPA-PSK at the same time. This might reduce the performance of the device, however.
G-1000 User’s Guide To access this screen, click the WIRELESS link under ADVANCED and then the RADIUS tab. The screen appears as shown. Figure 26 RADIUS Screen The following table describes the labels in this screen. Table 22 RADIUS Screen LABEL DESCRIPTION Authentication Server Active Select whether or not the external RADIUS authentication server is active. Server IP Address Enter the IP address of the external RADIUS authentication server.
G-1000 User’s Guide CHAPTER 7 IP Screen This chapter discusses how to configure IP on the G-1000 7.1 TCP/IP Parameters 7.1.1 IP Address and Subnet Mask See the IP Address and Subnet Mask section in the Wizard Setup chapter for this information. The Ethernet parameters of the G-1000 are preset in the factory with the following values: • IP address of 192.168.1.2 • Subnet mask of 255.255.255.0 (24 bits) These parameters should work for the majority of installations. 7.1.
G-1000 User’s Guide 7.2 Configuring IP Click ADVANCED and then IP to display the screen shown next. Figure 27 IP Setup The following table describes the labels in this screen. Table 24 IP Setup LABEL DESCRIPTION IP Address Assignment Get automatically from DHCP Select this option if your G-1000 is using a dynamically assigned IP address from a DHCP server each time. Note: You must know the IP address assigned to the G-1000 (by the DHCP server) to access the G-1000 again.
G-1000 User’s Guide CHAPTER 8 Remote Management Screens This chapter provides information on the Remote Management screens. 8.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which G1000 interface (if any) from which computers. You may manage your G-1000 from a remote location via: • WLAN only • ALL (LAN and WLAN) • LAN only • Neither (Disable).
G-1000 User’s Guide 8.1.2 Remote Management and NAT When NAT is enabled: • Use the G-1000’s WLAN IP address when configuring from the WLAN. • Use the G-1000’s LAN IP address when configuring from the LAN. 8.1.3 System Timeout There is a default system management idle timeout of five minutes (three hundred seconds). The G-1000 automatically logs you out if the management session remains idle for longer than this timeout period. The management session does not time out when a statistics screen is polling.
G-1000 User’s Guide Table 25 Remote Management: WWW LABEL DESCRIPTION Apply Click Apply to save your customized settings and exit this screen. Reset Click Reset to begin configuring this screen afresh. 8.3 Configuring Telnet You can configure your G-1000 for remote Telnet access as shown next. The administrator uses Telnet from a computer on a remote network to access the G-1000. Figure 29 Telnet Configuration on a TCP/IP Network 8.
G-1000 User’s Guide Figure 30 Remote Management: Telnet The following table describes the labels in this screen. Table 26 Remote Management: Telnet LABEL DESCRIPTION Server Port You may change the server port number for a service, if needed; however, you must use the same port number in order to use this service for remote management. Server Access Select the interface(s) through which a computer may access the G-1000 using this service.
G-1000 User’s Guide Figure 31 Remote Management: FTP The following table describes the labels in this screen. Table 27 Remote Management: FTP LABEL DESCRIPTION Server Port You may change the server port number for a service, if needed; however, you must use the same port number in order to use that service for remote management. Server Access Select the interface(s) through which a computer may access the G-1000 using this service.
G-1000 User’s Guide Figure 32 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the G-1000). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions. It executes applications that control and monitor managed devices.
G-1000 User’s Guide 8.6.1 Supported MIBs The G-1000 supports MIB II that is defined in RFC-1213 and RFC-1215 as well as the proprietary ZyXEL private MIB. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance. 8.6.2 SNMP Traps The G-1000 can send the following traps to the SNMP manager. Table 28 SNMP Traps TRAP NAME OBJECT IDENTIFIER # (OID) DESCRIPTION Generic Traps coldStart 1.3.6.1.6.3.1.1.5.1 This trap is sent after booting (power on).
G-1000 User’s Guide 8.6.3 SNMP Interface Index Some traps include an SNMP interface index. The following table maps the SNMP interface indexes to the G-1000’s physical ports. Table 29 SNMP Interface Index to Physical Port Mapping INTERFACE TYPE PHYSICAL PORT enet0 WLAN enet1 Ethernet port 8.6.4 Configuring SNMP To change your G-1000’s SNMP settings, click REMOTE MGMT, then the SNMP tab. The screen appears as shown.
G-1000 User’s Guide Table 30 Remote Management: SNMP LABEL DESCRIPTION Set Community Enter the Set community, which is the password for incoming Set requests from the management station. The default is public and allows all requests. Trap Community Type the trap community, which is the password sent with each trap to the SNMP manager. The default is public and allows all requests. Destination Type the IP address of the station to send your SNMP traps to.
G-1000 User’s Guide Chapter 8 Remote Management Screens 81
G-1000 User’s Guide CHAPTER 9 Log Screens This chapter contains information about configuring general log settings and viewing the G1000’s logs. Refer to the appendix for example log message explanations. 9.1 Configuring View Log The web configurator allows you to look at all of the G-1000’s logs in one location. Click the LOGS links under ADVANCED to open the View Log screen. Use the View Log screen to see the logs for the categories that you selected in the Log Settings screen (see Figure 35).
G-1000 User’s Guide Figure 34 View Log The following table describes the labels in this screen. Table 31 View Log LABEL DESCRIPTION Display Select a log category from the drop down list box to display logs within the selected category. To view all logs, select All Logs. The number of categories shown in the drop down list box depends on the selection in the Log Settings page. Email Log Now Click Email Log Now to send the log screen to the e-mail address specified in the Log Settings page.
G-1000 User’s Guide An alert is a type of log that warrants more serious attention. Some categories such as System Errors consist of both logs and alerts. You may differentiate them by their color in the View Log screen. Alerts are displayed in red and logs are displayed in black. Figure 35 Log Settings The following table describes the labels in this screen.
G-1000 User’s Guide Table 32 Log Settings LABEL DESCRIPTION User NAME This field is effective if SMTP Authentication is checked. Enter the user name of the account on the SMTP server. Password This field is effective if SMTP Authentication is checked. Enter the password of the account on the SMTP server. Syslog Logging Syslog logging sends a log to an external syslog server used to store logs. Active Click Active to enable syslog logging.
G-1000 User’s Guide CHAPTER 10 Maintenance This chapter displays system information such as firmware, port IP addresses and port traffic statistics. 10.1 Maintenance Overview The maintenance screens can help you view system information, upload new firmware, manage configuration and restart your G-1000. 10.2 System Status Screen Click MAINTENANCE to open the System Status screen, where you can use to monitor your G-1000.
G-1000 User’s Guide 10.2.1 System Statistics Read-only information here includes port status, packet specific statistics and bridge link status. Also provided are "system up time" and "poll interval(s)". The Poll Interval field is configurable. Figure 37 System Status: Show Statistics The following table describes the labels in this screen. Table 34 System Status: Show Statistics LABEL DESCRIPTION Port This is the Ethernet or wireless port.
G-1000 User’s Guide Figure 38 Association List The following table describes the labels in this screen. Table 35 Association List LABEL DESCRIPTION # This is the index number of an associated wireless station. MAC Address This field displays the MAC address of an associated wireless station. Association Time This field displays the time a wireless station first associated with the G-1000. Refresh Click Refresh to reload the screen. 10.4 F/W Upload Screen Find firmware at www.zyxel.
G-1000 User’s Guide Figure 39 Firmware Upload The following table describes the labels in this screen. Table 36 Firmware Upload LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse... Click Browse... to find the .bin file you want to upload. Remember that you must decompress compressed (.zip) files before you can upload them. Upload Click Upload to begin the upload process. This process may take up to two minutes.
G-1000 User’s Guide Figure 41 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the System Status screen. If the upload was not successful, the following screen will appear. Click Return to go back to the F/W Upload screen. Figure 42 Firmware Upload Error 10.5 Configuration Screen See the Firmware and Configuration File Maintenance chapter for transferring configuration files using FTP/TFTP commands. Click MAINTENANCE, and then the Configuration tab.
G-1000 User’s Guide Figure 43 Configuration 10.5.1 Backup Configuration Backup configuration allows you to back up (save) the G-1000’s current configuration to a file on your computer. Once your G-1000 is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes. The backup configuration file will be useful in case you need to return to your previous settings.
G-1000 User’s Guide Note: Do not turn off the G-1000 while configuration file upload is in progress. After you see a “restore configuration successful” screen, you must then wait one minute before logging into the G-1000 again. Figure 44 Configuration Upload Successful The G-1000 automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop.
G-1000 User’s Guide Figure 46 Configuration Upload Error 10.5.3 Back to Factory Defaults Pressing the Reset button in this section clears all user-entered configuration information and returns the G-1000 to its factory defaults as shown on the screen. The following warning screen will appear. Figure 47 Reset Warning Message You can also press the RESET button on the side panel to reset the factory defaults of your G1000.
G-1000 User’s Guide C H A P T E R 11 Introducing the SMT This chapter describes how to access the SMT and provides an overview of its menus. 11.1 Connect to your G-1000 Using Telnet The following procedure details how to telnet into your G-1000. 1 In Windows, click Start (usually in the bottom left corner), Run and then type “telnet 192.168.1.2” (the default IP address) and click OK. 2 For your first login, enter the default password “1234”.
G-1000 User’s Guide Figure 50 Menu 23.1 System Security: Change Password Menu 23.1 – System Security – Change Password Old Password= **** New Password= ? Retype to confirm= ? Enter here to CONFIRM or ESC to CANCEL: 4 Type your new system password in the New Password field (up to 30 characters), and press [ENTER]. 5 Re-type your new system password in the Retype to confirm field for confirmation and press [ENTER].
G-1000 User’s Guide Table 38 SMT Menus Overview (continued) MENUS SUB MENUS 24 System Maintenance 24.1 Status 24.2 System Information and Console 24.2.1 Information Port Speed 24.2.2 Change Console Port Speed 24.3 Log and Trace 24.3.1 View Error Log 24.4 Diagnostic 24.5 Backup Configuration 24.6 Restore Configuration 24.7 Upload Firmware 24.7.1 Upload System Firmware 24.7.2 Upload System Configuration File 24.8 Command Interpreter Mode 24.10 Time and Date Setting 24.11 Remote Management Control 11.
G-1000 User’s Guide Table 39 Main Menu Commands OPERATION KEYSTROKE DESCRIPTION N/A fields Some of the fields in the SMT will show a . This symbol refers to an option that is Not Applicable. Save your configuration [ENTER] Save your configuration by pressing [ENTER] at the message “Press ENTER to confirm or ESC to cancel”. Saving the data on the screen will take you, in most cases to the previous menu. Exit the SMT Type 99, then press [ENTER].
G-1000 User’s Guide CHAPTER 12 General Setup The chapter shows you the information on general setup. Menu 1 – General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. It is recommended you type your computer's "Computer name". The Domain Name entry is what is propagated to the DHCP clients on the LAN.
G-1000 User’s Guide Table 41 Menu 1 General Setup FIELD DESCRIPTION IP Address Enter the IP addresses of the DNS servers. This field is available when you select User-Defined in the field above. When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ESC] at any time to cancel.
G-1000 User’s Guide CHAPTER 13 LAN Setup This chapter shows you how to configure the LAN on your G-1000. 13.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 – LAN Setup. From the main menu, enter 3 to display menu 3. Figure 53 Menu 3 LAN Setup Menu 3 - LAN Setup 2. TCP/IP Setup 5. Wireless LAN Setup Enter Menu Selection Number: Detailed explanation about the LAN Setup menu is given in the next chapter. 13.2 TCP/IP Ethernet Setup Use menu 3.
G-1000 User’s Guide Figure 54 Menu 3.2 TCP/IP Setup Menu 3.2 - TCP/IP Setup IP Address Assignment= Static IP Address= 192.168.1.2 IP Subnet Mask= 255.255.255.0 Gateway IP Address= 0.0.0.0 Follow the instructions in the following table on how to configure the fields in this menu. Table 42 Menu 3.2 TCP/IP Setup FIELD DESCRIPTION IP Address Assignment Press [SPACE BAR] and then [ENTER] to select Dynamic to have the G-1000 obtain an IP address from a DHCP server.
G-1000 User’s Guide Figure 55 Menu 3.5 Wireless LAN Setup Menu 3.5 - Wireless LAN Setup Name (SSID)= ZyXEL Hide Name (SSID)= No Channel ID= CH06 2437MHz RTS Threshold= 2432 Frag. Threshold= 2432 WEP Encryption= Disable Default Key= N/A Key1= N/A Key2= N/A Key3= N/A Key4= N/A Authen. Method= N/A Edit MAC Address Filter= No Edit Roaming Configuration= No Block Intra-BSS Traffic= No Preamble= Long 802.11 Mode= Mixed Max. Frame Burst= 0 Breathing LED= Yes Note: In the SMT, the ESSID is referred to as SSID.
G-1000 User’s Guide Table 43 Menu 3.5 Wireless LAN Setup FIELD DESCRIPTION Key 1 to Key 4 The WEP keys are used to encrypt data. Both the G-1000 and the wireless stations must use the same WEP key for data transmission. If you chose 64-bit WEP in the WEP Encryption field, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F"). If you chose 128-bit WEP in the WEP Encryption field, then enter 13 ASCII characters or 26 hexadecimal characters ("0-9", "A-F").
G-1000 User’s Guide 1 From the main menu, enter 3 to open Menu 3 – LAN Setup. 2 Enter 5 to display Menu 3.5 – Wireless LAN Setup. Figure 56 Menu 3.5 Wireless LAN Setup Menu 3.5 - Wireless LAN Setup Name (SSID)= ZyXEL Hide Name (SSID)= No Channel ID= CH06 2437MHz RTS Threshold= 2432 Frag. Threshold= 2432 WEP Encryption= Disable Default Key= N/A Key1= N/A Key2= N/A Key3= N/A Key4= N/A Authen.
G-1000 User’s Guide The following table describes the fields in this menu. Table 44 Menu 3.5.1 WLAN MAC Address Filter FIELD DESCRIPTION Active To enable MAC address filtering, press [SPACE BAR] to select Yes and press [ENTER]. Filter Action Define the filter action for the list of MAC addresses in the MAC address filter table. To deny access to the G-1000, press [SPACE BAR] to select Deny Association and press [ENTER]. MAC addresses not listed will be allowed to access the router.
G-1000 User’s Guide Figure 59 WLAN Roaming Configuration Menu 3.5.2 - Roaming Configuration Active= Yes Port #= 3517 The following table describes the fields in this menu. Table 45 Menu 3.5.4 Bridge Link Configuration FIELD DESCRIPTION Active Press [SPACE BAR] and then [ENTER] to select Yes to enable roaming on the G-1000 if you have two or more G-1000s on the same subnet. Port # Type the port number to communicate roaming information between access points.
G-1000 User’s Guide Chapter 13 LAN Setup 107
G-1000 User’s Guide CHAPTER 14 Dial-in User Setup This chapter shows you how to create user accounts on the G-1000. By storing user profiles locally, your G-1000 is able to authenticate wireless users without interacting with a network RADIUS server. Follow the steps below to set up user profiles on your G-1000. From the main menu, enter 14 to display Menu 14 - Dial-in User Setup. Figure 60 Menu 14- Dial-in User Setup Menu 14 - Dial-in User Setup 1. 2. 3. 4. 5. 6. 7. 8.
G-1000 User’s Guide Figure 61 Menu 14.1- Edit Dial-in User Menu 14.1 - Edit Dial-in User User Name= test Active= Yes Password= ******** Press ENTER to Confirm or ESC to Cancel: Leave name field blank to delete profile The following table describes the fields in this screen. Table 46 Menu 14.1- Edit Dial-in User FIELD DESCRIPTION User Name Enter a username up to 31 alphanumeric characters long for this user profile. This field is case sensitive.
G-1000 User’s Guide CHAPTER 15 SNMP Configuration This chapter shows you how to use SMT to configure SNMP on the G-1000. To configure SNMP, select option 22 from the main menu to open Menu 22 – SNMP Configuration as shown next. The “community” for Get, Set and Trap fields is SNMP terminology for password. Figure 62 Menu 22 SNMP Configuration Menu 22 - SNMP Configuration SNMP: Get Community= public Set Community= public Trusted Host= 0.0.0.0 Trap: Community= public Destination= 0.0.0.
G-1000 User’s Guide Chapter 15 SNMP Configuration 111
G-1000 User’s Guide CHAPTER 16 System Security This chapter describes how to configure the system password, an external RADIUS server and 802.1x in SMT. 16.1 System Password Figure 63 Menu 23 System Security Menu 23 - System Security 1. Change Password 2. RADIUS Server 4. IEEE802.1x Enter Menu Selection Number: You should change the default password. If you forget your password you have to restore the default configuration file.
G-1000 User’s Guide Figure 65 Menu 23.2 System Security: RADIUS Server Menu 23.2 - System Security - RADIUS Server Authentication Server: Active= Yes Server Address= 192.168.1.1 Port #= 1812 Shared Secret= ******** Accounting Server: Active= Yes Server Address= 192.168.1.3 Port #= 1812 Shared Secret= ******** The following table describes the fields in this menu. Table 48 Menu 23.
G-1000 User’s Guide 16.3 802.1x The IEEE 802.1x standards outline enhanced security methods for both the authentication of wireless stations and encryption key management. Follow the steps below to enable EAP authentication on your G-1000. 1 From the main menu, enter 23 to display Menu23 – System Security. Figure 66 Menu 23 System Security Menu 23 - System Security 1. Change Password 2. RADIUS Server 4. IEEE802.1x Enter Menu Selection Number: 2 Enter 4 to display Menu 23.4 – System Security – IEEE802.1x.
G-1000 User’s Guide Figure 67 Menu 23.4 System Security: IEEE802.1x Menu 23.4 - System Security - IEEE802.1x Wireless Port Control= Authentication Required ReAuthentication Timer (in second)= 41 Idle Timeout (in second)= 3641 Key Management Protocol= 802.1x Dynamic WEP Key Exchange= 64-bit WEP PSK = N/A WPA Mixed Mode= N/A WPA Broadcast/Multicast Key Update Timer= N/A Authentication Databases= RADIUS Only Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle.
G-1000 User’s Guide Table 49 Menu 23.4 System Security: IEEE802.1x FIELD DESCRIPTION Dynamic WEP Key Exchange This field is activated only when you select Authentication Required in the Wireless Port Control field. Also set the Authentication Databases field to RADIUS Only. Local user database may not be used. Select Disable to allow wireless stations to communicate with the access points without using dynamic WEP key exchange. Select 64-bit WEP or 128-bit WEP to enable data encryption.
G-1000 User’s Guide Chapter 16 System Security 117
G-1000 User’s Guide CHAPTER 17 System Information and Diagnosis This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software. This chapter describes how to use these tools in detail. Type 24 in the main menu and press [ENTER] to open Menu 24 – System Maintenance, as shown in the following figure.
G-1000 User’s Guide Figure 69 Menu 24.1 System Maintenance: Status Port Status Ethernet Down Wireless 54M Menu 24.1 - System Maintenance - Status 04:35:01 Sat. Jan. 01, 2000 TxPkts 4976 8593 Rx B/s 0 0 Port Ethernet Address Ethernet 00:13:49:00:00:01 Wireless 00:13:49:00:00:01 System up Time: RxPkts 1785 46 Cols 0 0 IP Address 192.168.1.2 Tx B/s 0 0 IP Mask 255.255.255.0 Up Time 0:00:00 4:34:59 DHCP None 4:35:04 Name: G-1000 ZyNOS F/W Version: V3.50(HH.
G-1000 User’s Guide 2 Enter 2 to display Menu 24.2 – System Information and Console Port Speed. 3 From this menu you have two choices as shown in the next figure: Figure 70 Menu 24.2 System Information and Console Port Speed Menu 24.2 - System Information and Console Port Speed 1. System Information 2. Console Port Speed Please enter selection: Note: The console port is internal and reserved for technician use only. 17.2.1 System Information Enter 1 in menu 24.2 to display the screen shown next.
G-1000 User’s Guide Table 51 Menu 24.2.1 System Maintenance: Information FIELD DESCRIPTION IP Mask This shows the subnet mask of the G-1000. DHCP This field shows the DHCP setting of the G-1000. When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen. 17.2.2 Console Port Speed Note: The console port is internal and reserved for technician use only.
G-1000 User’s Guide Figure 73 Menu 24.4 System Maintenance: Diagnostic Menu 24.4 - System Maintenance - Diagnostic TCP/IP 1. Ping Host 2. DHCP Release 3. DHCP Renewal System 11. Reboot System Enter Menu Selection Number: Host IP Address= N/A Follow the procedure next to get to display this menu: 1 From the main menu, type 24 to open Menu 24 – System Maintenance. 2 From this menu, type 4. Diagnostic to open Menu 24.4 – System Maintenance – Diagnostic.
G-1000 User’s Guide Chapter 17 System Information and Diagnosis 123
G-1000 User’s Guide CHAPTER 18 Firmware and Configuration File Maintenance This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files using the SMT screens. 18.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password and TCP/IP Setup, etc. It arrives from ZyXEL with a rom filename extension.
G-1000 User’s Guide The following table is a summary. Please note that the internal filename refers to the filename on the G-1000 and the external filename refers to the filename not on the G-1000, that is, on your computer, local network or FTP site and so the name (but not the extension) will vary. After uploading new firmware see the ZyNOS F/W Version field in Menu 24.2.1 – System Maintenance – Information to confirm that you have uploaded the correct firmware version.
G-1000 User’s Guide Figure 74 Menu 24.5 Backup Configuration Menu 24.5 – Backup Configuration To transfer the configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your router. Then type "root" and SMT password as requested. 3. Locate the ‘rom-0’ file. 4. Type ‘get rom-0’ to back up the current router configuration to your workstation.
G-1000 User’s Guide Figure 75 FTP Session Example 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 327680 bytes sent in 1.10Seconds 297.89Kbytes/sec. ftp> quit The following table describes some of the commands that you may see in third party FTP clients.
G-1000 User’s Guide 3 Enter command “sys stdio 0” to disable the SMT timeout, so the TFTP transfer will not be interrupted. Enter command “sys stdio 5” to restore the five-minute SMT timeout (default) when the file transfer is complete. 4 Launch the TFTP client on your computer and connect to the G-1000. Set the transfer mode to binary before starting data transfer. 5 Use the TFTP client (see the example below) to transfer files between the G-1000 and the computer.
G-1000 User’s Guide 1 Display menu 24.5 and enter “y” at the following screen. Figure 76 System Maintenance: Backup Configuration Ready to backup Configuration via Xmodem. Do you want to continue (y/n): 2 The following screen indicates that the Xmodem download has started. Figure 77 System Maintenance: Starting Xmodem Download Screen You can enter ctrl-x to terminate operation any time. Starting XMODEM download...
G-1000 User’s Guide CHAPTER 19 System Maintenance and Information This chapter leads you through SMT menus 24.8 and 24.10. 19.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the main system firmware. The CI provides much of the same functionality as the SMT, while adding some low-level setup and diagnostic functions. Enter the CI from the SMT by selecting menu 24.8. See the included disk or the zyxel.com web site for more detailed information on CI commands.
G-1000 User’s Guide Figure 80 Menu 24 System Maintenance Menu 24 - System Maintenance 1. 2. System Status System Information and Console Port Speed 4. 5. Diagnostic Backup Configuration 7. 8. Upload Firmware Command Interpreter Mode 10. Time and Date Setting 11. Remote Management Setup Enter Menu Selection Number: Figure 81 Valid CI Commands Copyright (c) 1994 - 2005 ZyXEL Communications Corp.
G-1000 User’s Guide Figure 82 Menu 24.10 System Maintenance: Time and Date Setting Menu 24.10 - System Maintenance - Time and Date Setting Time Protocol= NTP (RFC-1305) Time Server Address= 128.105.39.
G-1000 User’s Guide 2 When the G-1000 starts up, if there is a timeserver configured in menu 24.10. 3 24-hour intervals after starting. 19.3 Remote Management Setup 19.3.1 Telnet You can configure your G-1000 for remote Telnet access as shown next. Figure 83 Telnet Configuration on a TCP/IP Network 19.3.2 FTP You can upload and download G-1000 firmware and configuration files using FTP. To use this feature, your computer must have an FTP client. 19.3.
G-1000 User’s Guide Note: If you enable remote management of a service, but have applied a filter to block the service, then you will not be able to remotely manage the service. Enter 11, from menu 24, to display Menu 24.11 - Remote Management Control (shown next) Figure 84 Menu 24.11 Remote Management Control Menu 24.
G-1000 User’s Guide 1 A filter in menu 3.1 (LAN) or in menu 11.5 (WAN) is applied to block a Telnet, FTP or Web service. 2 You have disabled that service in menu 24.11. 3 The IP address in the Secured Client IP field (menu 24.11) does not match the client IP address. If it does not match, the G-1000 will disconnect the session immediately. 4 There is already another remote management session of the same type (Telnet, FTP or Web) running.
G-1000 User’s Guide Appendix A Troubleshooting This appendix covers potential problems and possible remedies. After each problem description, some instructions are provided to help you to diagnose and to solve the problem. Problems Starting Up the G-1000 Table 59 Troubleshooting the Start-Up of Your G-1000 PROBLEM CORRECTIVE ACTION None of the LEDs Make sure you are using the supplied power adaptor and that it is plugged in to an turn on when I plug in appropriate power source.
G-1000 User’s Guide Problems with the Password Table 61 Troubleshooting the Password PROBLEM CORRECTIVE ACTION I cannot access the The Password and Username fields are case-sensitive. Make sure that you enter the G-1000. correct password and username using the proper casing. Use the RESET button on the top panel of the G-1000 to restore the factory default configuration file (hold this button in for about 10 seconds or until the link LED turns red).
G-1000 User’s Guide Appendix B Specifications Hardware Table 64 Hardware Power Specification DC 12V 1200mA Operation Temperature 5º C ~ 50º C Storage Temperature -20º C ~ 55º C Operation Humidity 10% to 90% (Non-condensing) Storage Humidity 5% to 95% (Non-condensing) Firmware Table 65 Firmware Standards IEEE 802.3 and 802.3u 10Base-T and 100Base-TX. IEEE 802.11b specification compliance for wireless LAN. IEEE 802.11g specification compliance for wireless LAN. IEEE 802.1x security standard.
G-1000 User’s Guide Table 65 Firmware (continued) Diagnostics Capabilities The access point can perform self-diagnostic tests. These tests check the integrity of the following circuits: FLASH memory. DRAM. Dual Ethernet port. Wireless port. Syslog. Errorlog. Trace log. Packet Log. Management Embedded Web Configurator management. Command-line interface. Telnet support; Password-protected telnet access to internal configuration manager.
G-1000 User’s Guide Appendix C Brute-Force Password Guessing Protection The following describes the commands for enabling, disabling and configuring the brute-force password guessing protection mechanism for the password. See Appendix H” for information on the command structure. Table 66 Brute-Force Password Guessing Protection Commands COMMAND DESCRIPTION sys pwderrtm This command displays the brute-force guessing password protection settings.
G-1000 User’s Guide Brute-Force Password Guessing Protection 141
G-1000 User’s Guide Appendix D Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer. Windows 3.1 requires the purchase of a third-party TCP/IP application package.
G-1000 User’s Guide Figure 85 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add. 2 Select Adapter and then click Add. 3 Select the manufacturer and model of your network adapter and then click OK. If you need TCP/IP: 1 In the Network window, click Add.
G-1000 User’s Guide 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click OK. 5 Restart your computer so the changes you made take effect. Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • • If your IP address is dynamic, select Obtain an IP address automatically.
G-1000 User’s Guide Figure 87 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • • If you do not know your gateway’s IP address, remove previously installed gateways. If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window. 6 Click OK to close the Network window. Insert the Windows CD if prompted. 7 Turn on your G-1000 and restart your computer when prompted.
G-1000 User’s Guide Figure 88 Windows XP: Start Menu 2 For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Figure 89 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties.
G-1000 User’s Guide Figure 90 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. Figure 91 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). • If you have a dynamic IP address click Obtain an IP address automatically.
G-1000 User’s Guide • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. Click Advanced. Figure 92 Windows XP: Advanced TCP/IP Settings 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: • • • • • • • • In the IP Settings tab, in IP addresses, click Add.
G-1000 User’s Guide • • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them.
G-1000 User’s Guide Figure 94 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 95 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list.
G-1000 User’s Guide 4 For statically assigned settings, do the following: • • • • From the Configure box, select Manually. Type your IP address in the IP Address box. Type your subnet mask in the Subnet mask box. Type the IP address of your G-1000 in the Router address box. 5 Close the TCP/IP Control Panel. 6 Click Save if prompted, to save changes to your configuration. 7 Turn on your G-1000 and restart your computer (if prompted).
G-1000 User’s Guide Figure 97 Macintosh OS X: Network 4 For statically assigned settings, do the following: • • • • From the Configure box, select Manually. Type your IP address in the IP Address box. Type your subnet mask in the Subnet mask box. Type the IP address of your G-1000 in the Router address box. 5 Click Apply Now and close the window. 6 Turn on your G-1000 and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the Network window.
G-1000 User’s Guide Setting up Your Computer’s IP Address 153
G-1000 User’s Guide Appendix E IP Address Assignment Conflicts This appendix describes situations where IP address conflicts may occur. Subscribers with duplicate IP addresses will not be able to access the Internet. Case A: The G-1000 is using the same LAN and WAN IP addresses The following figure shows an example where the G-1000 is using a WAN IP address that is the same as the IP address of a computer on the LAN.
G-1000 User’s Guide Figure 99 IP Address Conflicts: Case B To solve this problem, make sure the G-1000 LAN IP address is not in the DHCP IP address pool. Case C: The Subscriber IP address is the same as the IP address of a network device The following figure depicts an example where the subscriber IP address is the same as the IP address of a network device not attached to the G-1000.
G-1000 User’s Guide In this case, the subscribers are not able to access the Internet. Figure 101 IP Address Conflicts: Case D This problem can be solved by adding a VLAN-enabled switch or set the computers to obtain IP addresses dynamically.
G-1000 User’s Guide IP Address Assignment Conflicts 157
G-1000 User’s Guide Appendix F Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an Ad-hoc network or Independent Basic Service Set (IBSS).
G-1000 User’s Guide Figure 103 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood.
G-1000 User’s Guide Figure 104 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference. Interference occurs when radio signals from different access points overlap causing interference and degrading performance. Adjacent channels partially overlap however.
G-1000 User’s Guide Figure 105 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations. RTS/CTS is designed to prevent collisions due to hidden nodes.
G-1000 User’s Guide A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.
G-1000 User’s Guide IEEE 802.1x In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional accounting and control features. It is supported by Windows XP and a number of network devices. Some advantages of IEEE 802.1x are: • User based identification that allows for roaming.
G-1000 User’s Guide • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another AccessRequest message. The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting: • Accounting-Request Sent by the access point requesting accounting. • Accounting-Response Sent by the RADIUS server to indicate that it has started or stopped accounting.
G-1000 User’s Guide EAP-TLS (Transport Layer Security) With EAP-TLS, digital certifications are needed by both the server and the wireless stations for mutual authentication. The server presents a certificate to the client. After validating the identity of the server, the client sends a different certificate to the server. The exchange of certificates is done in the open before a secured tunnel is created. This makes user identity vulnerable to passive attacks.
G-1000 User’s Guide For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, a simple user name and password pair is more practical. The following table is a comparison of the features of authentication types.
G-1000 User’s Guide The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has been tampered with and the packet is dropped.
G-1000 User’s Guide Table 69 Wireless Security Relational Matrix (continued) 168 AUTHENTICATION ENCRYPTION ENTER METHOD/ KEY METHOD MANUAL KEY MANAGEMENT PROTOCOL ENABLE IEEE 802.
G-1000 User’s Guide Wireless LANs 169
G-1000 User’s Guide Appendix G IP Subnetting IP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1. IP addresses are categorized into different classes. The class of an address depends on the value of its first octet. • Class “A” addresses have a 0 in the left most bit.
G-1000 User’s Guide Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127. Similarly the first octet of a class “B” must begin with “10”, therefore the first octet of a class “B” address has a valid range of 128 to 191. The first octet of a class “C” address begins with “110”, and therefore has a range of 192 to 223.
G-1000 User’s Guide Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/” followed by the number of bits in the mask after the address. For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with mask 255.255.255.128.
G-1000 User’s Guide Divide the network 192.168.1.0 into two separate subnets by converting one of the host ID bits of the IP address to a network number bit. The “borrowed” host ID bit can be either “0” or “1” thus giving two subnets; 192.168.1.0 with mask 255.255.255.128 and 192.168.1.128 with mask 255.255.255.128. Note: In the following charts, shaded/bolded last octet bit values indicate host ID bits “borrowed” to form network ID bits.
G-1000 User’s Guide Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow” two host ID bits to give four possible combinations of 00, 01, 10 and 11. The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192.
G-1000 User’s Guide Table 80 Subnet 4 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 192 IP Address (Binary) 11000000.10101000.00000001. 11000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.192 Lowest Host ID: 192.168.1.193 Broadcast Address: 192.168.1.255 Highest Host ID: 192.168.1.254 Example Eight Subnets Similarly use a 27-bit mask to create 8 subnets (001, 010, 011, 100, 101, 110).
G-1000 User’s Guide Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID. A class “B” address has two host ID octets available for subnetting and a class “A” address has three host ID octets (see Table 70) available for subnetting. The following table is a summary for class “B” subnet planning. Table 83 Class B Subnet Planning 176 NO.
G-1000 User’s Guide IP Subnetting 177
G-1000 User’s Guide Appendix H Command Interpreter The following describes how to use the command interpreter. Enter 24 in the main menu to bring up the system maintenance menu. Enter 8 to go to Menu 24.8 - Command Interpreter Mode. See the included disk or zyxel.com for more detailed information on these commands. Note: Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable. Command Syntax • • • • • The command keywords are in courier new font.
G-1000 User’s Guide Command Interpreter 179
G-1000 User’s Guide Appendix I Log Descriptions This appendix provides descriptions of example log messages. Table 84 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is successful The router has adjusted its time based on information from the time server. Time calibration failed The router failed to get information from the time server. DHCP client gets %s A DHCP client got a new IP address from the DHCP server. DHCP client IP expired A DHCP client's IP address has expired.
G-1000 User’s Guide Table 85 ICMP Notes (continued) TYPE CODE DESCRIPTION 1 Redirect datagrams for the Host 2 Redirect datagrams for the Type of Service and Network 3 Redirect datagrams for the Type of Service and Host Echo 8 0 Echo message Time Exceeded 11 0 Time to live exceeded in transit 1 Fragment reassembly time exceeded Parameter Problem 12 0 Pointer indicates the error Timestamp 13 0 Timestamp request message Timestamp Reply 14 0 Timestamp reply message Information Request 15 0
G-1000 User’s Guide Use sys logs category followed by a log category and a parameter to decide what to record Table 87 Log Categories and Available Settings LOG CATEGORIES AVAILABLE PARAMETERS error 0, 1, 2, 3 mten 0, 1 Use 0 to not record logs for that category, 1 to record only logs for that category, 2 to record only alerts for that category, and 3 to record both logs and alerts for that category.
G-1000 User’s Guide Log Descriptions 183
G-1000 User’s Guide Appendix J Antenna Selection and Positioning Recommendation An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air. Choosing the right antennas and positioning them properly increases the range and coverage area of a wireless LAN. Antenna Characteristics Frequency An antenna in the frequency of 2.
G-1000 User’s Guide • Omni-directional antennas send the RF signal out in all directions on a horizontal plane. The coverage area is torus-shaped (like a donut) which makes these antennas ideal for a room environment. With a wide coverage area, it is possible to make circular overlapping coverage areas with multiple access points. • Directional antennas concentrate the RF signal in a beam, like a flashlight.
G-1000 User’s Guide Appendix K Power Adaptor Specifications Table 88 NORTH AMERICAN PLUG STANDARDS AC Power Adaptor Model AD48-1201200DUY Input Power AC120Volts/60Hz/0.25A Output Power DC12Volts/1.2A Power Consumption 10 W Safety Standards UL, CUL (UL 1950, CSA C22.2 No.234-M90) Table 89 NORTH AMERICAN PLUG STANDARDS AC Power Adaptor Model DV-121A2-5720 Input Power AC120Volts/60Hz/27VA Output Power DC12Volts/1.2A Power Consumption 10 W Safety Standards UL, CUL (UL 1310, CSA C22.2 No.
G-1000 User’s Guide Table 93 AUSTRALIA AND NEW ZEALAND PLUG STANDARDS AC Power Adaptor Model AD-1201200DS or AD-121200DS Input Power AC240Volts/50Hz/0.2A Output Power DC12Volts/1.
ZyAIR G-3000 User’s Guide Index Numerics C 110V AC 5 230V AC 5 CA 165 Cables, Connecting 5 Certificate Authority 165 Certifications 4 Changes or Modifications 3 Channel 40, 160 Interference 160 Channel ID 53, 102 Charge 6 Circuit 3 Class B 3 Collision 119 Command Interpreter 130 Communications 3 Community 110 Compliance, FCC 3 Components 6 Condition 6 Connecting Cables 5 Consequential Damages 6 Contact Information 7 Contacting Customer Support 7 Copyright 2 Correcting Interference 3 Corrosive Liquids 5
ZyAIR G-3000 User’s Guide Default 93 Defective 6 Denmark, Contact Information 7 DHCP 121 Diagnostic 122 Diagnostic Tools 118 Disclaimer 2 Discretion 6 Distribution System (DS) 60 Dust 5 Dynamic WEP Key Exchange 165 Functionally Equivalent 6 G General Setup 41, 46, 98 Germany, Contact Information 7 God, act of 6 H E EAP 29, 50 EAP Authentication 164 Electric Shock 5 Electrocution 5 Encryption 166 Equal Value 6 ESS 159 ESS ID 40 Europe 5 Exposure 5 Extended Service Set 159 Extended Service Set IDentificat
ZyAIR G-3000 User’s Guide Link type 119 Liquids, Corrosive 5 Log Descriptions 180 Logs 82 MAC address 57 MAC Address Filter Action 58, 105 MAC Address Filtering 103 MAC Filter 57 MAC filter 51 MAC Filtering 28 MAC service data unit 53 Main Menu 97 Management Information Base (MIB) 77 Materials 6 Max. Frame Burst 54 Merchantability 6 Modifications 3 Mouse Action Sequences 25 MSDU 53 Password 47, 94, 110 Patent 2 Permission 2 Photocopying 2 Ping 122 Pool 5 Postage Prepaid.
ZyAIR G-3000 User’s Guide Registered 2 Registered Trademark 2 Regular Mail 7 Related Documentation 24 Relocate 3 Re-manufactured 6 Remote Authentication Dial In User Service 29 Remote Management and NAT 73 Remote Management Limitations 72, 134 Remote Management Setup 133 Remote Node 119 Removing 5 Reorient 3 Repair 5, 6 Replace 6 Replacement 6 Reproduction 2 Required fields 96 Reset Button 26 Restore 6, 91 Return Material Authorization (RMA) Number 6 Returned Products 6 Returns 6 Rights 2 Rights, Legal 6 R
ZyAIR G-3000 User’s Guide TV Technician 3 U Undesired Operations 3 Use Authentication 167 User Profiles 108 V Valid CI Commands 131 Value 6 Vendor 5 Ventilation Slots 5 Viewing Certifications 4 Voltage Supply 5 Voltage, High 5 W Warnings 5 Warranty 6 Warranty Information 7 Warranty Period 6 Water 5 Web 73 Web Configurator 36, 38 Web Site 7 WEP 40 WEP Encryption 28, 54, 102 WEP encryption 52 Wet Basement 5 Wi-Fi Protected Access 27, 59 Wireless Client WPA Supplicants 61 Wireless LAN 101 Configuring 52 Wi
