NWA5000/WAC6500 Series NWA5121-N / NWA5121-NI / NWA5123-NI / NWA5301-NJ / WAC6502D-E / WAC6502D-S / WAC6503D-S / WAC6553D-E 802.11 a/b/g/n/ac Unified Access Point Version 4.20 Edition 1, 10/2014 Quick Start Guide User’s Guide Default Login Details LAN IP Address http://192.168.1.2 User Name admin Password 1234 www.zyxel.
IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. This is a User’s Guide for a series of products. Not all products support all firmware features. Screenshots and graphics in this book may differ slightly from your product due to differences in your product firmware or your computer operating system. Every effort has been made to ensure that the information in this manual is accurate.
Contents Overview Contents Overview User’s Guide .......................................................................................................................................10 Introduction ............................................................................................................................................. 11 The Web Configurator .............................................................................................................................
Table of Contents Table of Contents Contents Overview ..............................................................................................................................3 Table of Contents .................................................................................................................................4 Part I: User’s Guide ......................................................................................... 10 Chapter 1 Introduction...........................................
Table of Contents Part II: Technical Reference............................................................................ 38 Chapter 3 Dashboard ...........................................................................................................................................39 3.1 Overview ...........................................................................................................................................39 3.1.1 What You Can Do in this Chapter ..............................
Table of Contents 6.5 DCS ..................................................................................................................................................74 6.6 Technical Reference ..........................................................................................................................74 Chapter 7 User......................................................................................................................................................77 7.1 Overview ......
Table of Contents 10.2.1 Add/Edit WDS Profile ..........................................................................................................107 Chapter 11 Certificates ........................................................................................................................................108 11.1 Overview .......................................................................................................................................108 11.1.
Table of Contents 12.8.4 Adding or Editing an SNMPv3 User Profile .........................................................................148 Chapter 13 Log and Report .................................................................................................................................150 13.1 Overview .......................................................................................................................................150 13.1.1 What You Can Do In this Chapter ................
Table of Contents Chapter 18 Shutdown...........................................................................................................................................179 18.1 Overview .......................................................................................................................................179 18.1.1 What You Need To Know .....................................................................................................179 18.2 Shutdown ..............................
P ART I User’s Guide 10
C HAPT ER 1 Introduction 1.1 Overview This User’s Guide covers the following models: NWA5121-N, NWA5121-NI, NWA5123-NI and NWA5301-NJ, WAC6502D-E, WAC6502D-S, WAC6503D-S and WAC6553D-E. Your NWA/WAC is a wireless AP (Access Point). It extends the range of your existing wired network without additional wiring, providing easy network access to mobile users. Table 1 NWA Series Comparison Table FEATURES NWA5121-N NWA5121-NI NWA5123-NI NWA5301-NJ IEEE 802.11b IEEE 802.11g IEEE 802.11n IEEE 802.
Chapter 1 Introduction Table 2 WAC Series Comparison Table FEATURES WAC6502D-E Number of Wireless Radios WAC6502D-S WAC6503D-S WAC6553D-E 2 2 2 2 Monitor Mode & Rogue APs Detection Yes Yes Yes Yes Layer-2 Isolation Yes Yes Yes Yes External Antennas Yes No No Yes Internal Antenna No Yes Yes No Maximum number of log messages 512 event logs or 1024 debug logs You can set the NWA/WAC to operate in either standalone AP or managed AP mode.
Chapter 1 Introduction When the NWA/WAC is in managed AP mode, it acts as a DHCP client and obtains an IP address from the AP controller. It can be configured ONLY by the AP controller. To change the NWA/WAC back to standalone AP mode, use the Reset button to restore the default configuration. Alternatively, you need to check the AP controller for the NWA/WAC’s IP address and use FTP to upload the default configuration file at conf/system-default.conf to the NWA/WAC and reboot the device. 1.1.
Chapter 1 Introduction Figure 1 Multiple BSSs 1.1.3 Dual-Radio Some of the NWA/WAC models are equipped with dual wireless radios. This means you can configure two different wireless networks to operate simultaneously. Note: A different channel should be configured for each WLAN interface to reduce the effects of radio interference. You could use the 2.
Chapter 1 Introduction Figure 2 Dual-Radio Application 1.1.4 Root AP In Root AP mode, the NWA/WAC (Z) can act as the root AP in a wireless network and also allow repeaters (X and Y) to extend the range of its wireless network at the same time. In the figure below, both clients A, B and C can access the wired network through the root AP.
Chapter 1 Introduction use either SSID to associate with the NWA/WAC in Root AP mode. A repeater must use the repeater SSID to connect to the NWA/WAC in Root AP mode. When the NWA/WAC is in Root AP mode, repeater security between the NWA/WAC and other repeater is independent of the security between the wireless clients and the AP or repeater. When repeater security is enabled, both APs and repeaters must use the same pre-shared key. See Section 6.2 on page 66 and Section 10.2 on page 106 for more details.
Chapter 1 Introduction At the time of writing, repeater security is compatible with the NWA/WAC only. 1.2 Ways to Manage the NWA/WAC You can use the following ways to manage the NWA/WAC. Web Configurator The Web Configurator allows easy NWA/WAC setup and management using an Internet browser. This User’s Guide provides information about the Web Configurator. Command-Line Interface (CLI) The CLI allows you to use text-based commands to configure the NWA/WAC.
Chapter 1 Introduction 1.5 NWA5301-NJ Hardware 1.5.1 110 Punch-Down Block This section shows you how to use a punch-down tool to seat an 8-wire Ethernet cable to the 110 punch-down block. You can connect a PoE switch to the 110 punch-down block to provide power and Internet access to the NWA through this connection. An 8-pin Ethernet cable has four pairs of color coded wires. 1 Cut out one and a half inches of the jacket from the Ethernet cable to expose the wires.
Chapter 1 Introduction 5 Trim any excess wires. Place the dust caps over the terminated wires. 1.5.2 Phone Port Connect a digital telephone to the RJ-45 PHONE port at the bottom of the NWA to forward voice traffic to/from the telephone switchboard that is connected to the RJ-45 PHONE port on the back of the NWA. The NWA does not support VoIP (Voice over Internet Protocol) and the PHONE port is NOT for making calls over the regular networking network (PSTN), either. 1.5.
Chapter 1 Introduction For local management, you can use a computer with terminal emulation software configured to the following parameters: • VT100 terminal emulation • 115200 bps • No parity, 8 data bits, 1 stop bit • No flow control The following table shows you the wire color codes and pin assignment for the console cable. Table 5 RJ45-to-DB-9 Console Cable Color Codes RJ45 PIN# WIRE COLOR DB-9 PIN# 1 Black 1 7 Brown 2 2 Blue 3 8 Purple 5 1.
Chapter 1 Introduction 1.6.1 WAC6502D-E, WAC6502D-S, WAC6503D-S and WAC6553D-E The LEDs will stay ON when the WAC is ready. You can change this setting in the Maintenance > LEDs > Suppression screen.
Chapter 1 Introduction The following table describes the LEDs. Table 6 WAC LEDs LED COLOR STATUS DESCRIPTION PWR/SYS Red Slow Blinking (On for 1s, Off for 1s) The WAC is booting up. Green On Red Off Green On Red On Green Off Red Fast Blinking (on for 50ms, Off for 50ms) Green Off Red Slow Blinking (blink for 3 times, Off for 3s) Green Off Red Slow Blinking (blink for 2 times, Off for 3s) Green Off Green On The WAC AP is managed by a controller.
Chapter 1 Introduction Table 6 WAC LEDs (continued) LED COLOR STATUS DESCRIPTION LAN Amber/Green On Amber - The port is operating as a 100-Mbps connection. Green - The port is operating as a Gigabit connection (1000 Mbps). Locator White Blinking The LAN port is sending/receiving data through the port. Off The LAN port is not connected. Blinking The Locator is activated and will show the actual location of the NWA/WAC between several devices in the network. Off The Locator function is off.
Chapter 1 Introduction The following are the LED descriptions for your NWA5301-NJ. Table 7 NWA5301-NJ LEDs LABEL COLOR STATUS DESCRIPTION PWR/SYS Amber Slow Blinking (On for 1s, Off for 1s) The NWA is booting up. Green On Amber Off Green On Amber Slow Blinking (blink for 3 times, Off for 3s) Green On PoE WLAN UPLINK LAN1-3 The NWA is ready for use.
Chapter 1 Introduction Figure 7 NWA5120 Series LED Table 8 NWA5120 Series LED COLOR STATUS DESCRIPTION Amber Slow Blinking (On for 1s, Off for 1s) The NWA is booting up. Green Off Amber Off Green Off Amber Off Green On Amber Off Green Blink Amber Slow Blinking (blink for 3 times, Off for 3s) Green On Amber On Green Off Amber Fast Blinking (On for 50ms, Off for 50ms) Green Off Amber Slow Blinking (blink for 3 times, Off for 3s) Green Off The NWA is ready for use.
Chapter 1 Introduction Table 8 NWA5120 Series LED (continued) COLOR STATUS DESCRIPTION Amber Slow Blinking (blink for 2 times, Off for 3s) The wireless LAN is disabled or fails. Green Off 1.7 Starting and Stopping the NWA/WAC Here are some of the ways to start and stop the NWA/WAC. Always use Maintenance > Shutdown or the shutdown command before you turn off the NWA/WAC or remove the power. Not doing so can cause the firmware to become corrupt.
C HAPT ER 2 The Web Configurator 2.1 Overview The NWA/WAC Web Configurator allows easy management using an Internet browser. In order to use the Web Configurator, you must: • Use Internet Explorer 7.0 and later versions, Mozilla Firefox 9.0 and later versions, Safari 4.0 and later versions, or Google Chrome 10.0 and later versions. • Allow pop-up windows. • Enable JavaScript (enabled by default). • Enable Java permissions (enabled by default). • Enable cookies.
Chapter 2 The Web Configurator 4 Click Login. If you logged in using the default user name and password, the Update Admin Info screen appears. Otherwise, the dashboard appears. The Update Admin Info screen appears every time you log in using the default user name and default password. If you change the password for the default user account, this screen does not appear anymore. 2.3 Navigating the Web Configurator The following summarizes how to navigate the web configurator from the Dashboard screen.
Chapter 2 The Web Configurator The Web Configurator’s main screen is divided into these parts: • A - Title Bar • B - Navigation Panel • C - Main Window 2.3.1 Title Bar The title bar provides some useful links that always appear over the screens below, regardless of how deep into the Web Configurator you navigate. Figure 9 Title Bar The icons provide the following functions. Table 10 Title Bar: Web Configurator Icons LABEL DESCRIPTION Logout Click this to log out of the Web Configurator.
Chapter 2 The Web Configurator The following table describes labels that can appear in this screen. Table 11 About LABEL DESCRIPTION Boot Module This shows the version number of the software that handles the booting process of the NWA/WAC. Current Version This shows the firmware version of the NWA/WAC. Released Date This shows the date (yyyy-mm-dd) and time (hh:mm:ss) when the firmware is released. OK Click this to close the screen.
Chapter 2 The Web Configurator Figure 12 Object Reference The fields vary with the type of object. The following table describes labels that can appear in this screen. Table 12 Object References LABEL DESCRIPTION Object Name This identifies the object for which the configuration settings that use it are displayed. Click the object’s name to display the object’s configuration screen in the main window. # This field is a sequential value, and it is not associated with any entry.
Chapter 2 The Web Configurator Figure 13 CLI Messages Click Clear to remove the currently displayed information. Note: See the Command Reference Guide for information about the commands. 2.3.2 Navigation Panel Use the menu items on the navigation panel to open screens to configure NWA/WAC features. Click the arrow in the middle of the right edge of the navigation panel to hide the navigation panel menus or drag it to resize them.
Chapter 2 The Web Configurator Monitor Menu The monitor menu screens display status and statistics information. Table 13 Monitor Menu Screens Summary FOLDER OR LINK TAB Network Status FUNCTION Display general LAN interface information and packet statistics. Wireless AP Information Radio List Display information about the radios of the connected APs. Station Info Display information about the connected stations.
Chapter 2 The Web Configurator Table 14 Configuration Menu Screens Summary (continued) FOLDER OR LINK TAB FUNCTION Date/Time Configure the current date, time, and time zone in the NWA/WAC. WWW Configure HTTP, HTTPS, and general authentication. SSH Configure SSH server and SSH service settings. TELNET Configure telnet server settings for the NWA/WAC. FTP Configure FTP server settings. SNMP Configure SNMP communities and services.
Chapter 2 The Web Configurator 2.3.4 Tables and Lists The Web Configurator tables and lists are quite flexible and provide several options for how to display their entries. 2.3.4.1 Manipulating Table Display Here are some of the ways you can manipulate the Web Configurator tables. 1 Click a column heading to sort the table’s entries according to that column’s criteria. 2 Click the down arrow next to a column heading for more options about how to display the entries.
Chapter 2 The Web Configurator 3 Select a column heading cell’s right border and drag to re-size the column. 4 Select a column heading and drag and drop it to change the column order. A green check mark displays next to the column’s title when you drag the column to a valid new location. 5 Use the icons and fields at the bottom of the table to navigate to different pages of entries and control how many entries display at a time. 2.3.4.
Chapter 2 The Web Configurator Here are descriptions for the most common table icons. Table 17 Common Table Icons LABEL DESCRIPTION Add Click this to create a new entry. For features where the entry’s position in the numbered list is important (features where the NWA/WAC applies the table’s entries in order like the firewall for example), you can select an entry and click Add to create a new entry after the selected entry.
P ART II Technical Reference 38
C HAPT ER 3 Dashboard 3.1 Overview Use the Dashboard screens to check status information about the NWA/WAC. 3.1.1 What You Can Do in this Chapter • The main Dashboard screen (Section 3.2 on page 39) displays the NWA/WAC’s general device information, system status, system resource usage, and interface status. You can also display other status screens for more information. 3.2 Dashboard This screen is the first thing you see when you log into the NWA/WAC.
Chapter 3 Dashboard The following table describes the labels in this screen. Table 18 Dashboard LABEL DESCRIPTION Widget Settings (A) Use this link to re-open closed widgets. Widgets that are already open appear grayed out. Refresh Time Setting (B) Set the interval for refreshing the information displayed in the widget. Refresh Now (C) Click this to update the widget’s information immediately. Close Widget (D) Click this to close the widget. Use Widget Setting to re-open it.
Chapter 3 Dashboard Table 18 Dashboard (continued) LABEL DESCRIPTION SSID This field displays the name of the wireless network to which the NWA/WAC is connected using WDS. Security Mode This field displays which secure encryption methods is being used by the NWA/WAC to connect to the root AP or repeater using WDS. Link Status This field displays the RSSI (Received Signal Strength Indicator) and transmission/ reception rate of the wireless connection in WDS.
Chapter 3 Dashboard Table 18 Dashboard (continued) LABEL IP Assignment DESCRIPTION This field displays how the interface gets its IP address. Static - This interface has a static IP address. DHCP Client - This interface gets its IP address from a DHCP server. Action If the interface has a static IP address, this shows n/a. If the interface has a dynamic IP address, use this field to get or to update the IP address for the interface. Click Renew to send a new DHCP request to a DHCP server.
Chapter 3 Dashboard Table 19 Dashboard > CPU Usage (continued) LABEL DESCRIPTION Refresh Interval Enter how often you want this window to be automatically updated. Refresh Now Click this to update the information in the window right away. 3.2.2 Memory Usage Use this screen to look at a chart of the NWA/WAC’s recent memory (RAM) usage. To access this screen, click Memory Usage in the dashboard. Figure 19 Dashboard > Memory Usage The following table describes the labels in this screen.
C HAPT ER 4 Monitor 4.1 Overview Use the Monitor screens to check status and statistics information. 4.1.1 What You Can Do in this Chapter • The Network Status screen (Section 4.3 on page 45) displays general LAN interface information and packet statistics. • The Network Status Graph screen (Section 4.3.1 on page 46) displays a line graph of packet statistics for the NWA/WAC’s physical LAN port. • The Radio List screen (Section 4.
Chapter 4 Monitor 4.3 Network Status Use this screen to look at general Ethernet interface information and packet statistics. To access this screen, click Monitor > Network Status. Figure 20 Monitor > Network Status The following table describes the labels in this screen. Table 21 Monitor > Network Status LABEL DESCRIPTION Interface Summary Use the Interface Summary section for IPv4 network settings.
Chapter 4 Monitor Table 21 Monitor > Network Status (continued) LABEL DESCRIPTION Action Use this field to get or to update the IP address for the interface. Click Renew to send a new DHCP request to a DHCP server. If the interface cannot use one of these ways to get or to update its IP address, this field displays n/a. Port Statistics Table Poll Interval Enter how often you want this window to be updated automatically, and click Set Interval.
Chapter 4 Monitor Figure 21 Monitor > Network Status > Switch to Graphic View The following table describes the labels in this screen. Table 22 Monitor > Network Status > Switch to Graphic View LABEL DESCRIPTION Refresh Interval Enter how often you want this window to be automatically updated. Refresh Now Click this to update the information in the window right away. Switch to Grid View Click this to display the port statistics as a table.
Chapter 4 Monitor Figure 22 Monitor > Wireless > AP Information > Radio List The following table describes the labels in this screen. Table 23 Monitor > Wireless > AP Information > Radio List LABEL DESCRIPTION More Information Click this to view additional information about the selected radio’s wireless traffic and station count. Information spans a 24 hour period. Status This displays whether or not the radio is enabled.
Chapter 4 Monitor Figure 23 Monitor > Wireless > AP Information > Radio List > More Information NWA5000 / WAC6500 Series User’s Guide 49
Chapter 4 Monitor The following table describes the labels in this screen. Table 24 Monitor > Wireless > AP Information > Radio List > More Information LABEL DESCRIPTION SSID Detail This list shows information about all the wireless clients that have connected to the specified radio over the preceding 24 hours. # This is the items sequential number in the list. It has no bearing on the actual data in this list. SSID Name This displays an SSID associated with this radio.
Chapter 4 Monitor The following table describes the labels in this screen. Table 25 Monitor > Wireless > Station Info LABEL DESCRIPTION # This is the station’s index number in this list. MAC Address This is the station’s MAC address. Radio This is the radio number on the NWA/WAC to which the station is connected. SSID Name This indicates the name of the wireless network to which the station is connected. A single AP can have multiple SSIDs or networks.
Chapter 4 Monitor The following table describes the labels in this screen. Table 26 Monitor > Wireless > WDS Link Info LABEL DESCRIPTION WDS Uplink Info Uplink refers to the WDS link from the repeaters to the root AP. WDS Downlink Info Downlink refers to the WDS link from the root AP to the repeaters. When the NWA/WAC is in root AP mode and connected to a repeater, only the downlink information is displayed.
Chapter 4 Monitor Figure 26 Monitor > Wireless > Detected Device The following table describes the labels in this screen. Table 27 Monitor > Wireless > Detected Device LABEL DESCRIPTION Mark as Rogue AP Click this button to mark the selected AP as a rogue AP. A rogue AP can be contained in the Configuration > Wireless > MON Mode screen (Section 6.3 on page 69). Mark as Friendly AP Click this button to mark the selected AP as a friendly AP.
Chapter 4 Monitor To access this screen, click Monitor > Log. The log is displayed in the following screen. Note: When a log reaches the maximum number of log messages, new log messages automatically overwrite existing log messages, starting with the oldest existing log message first. Events that generate an alert (as well as a log message) display in red. Regular logs display in black. Click a column’s heading cell to sort the table entries by that column’s criteria.
Chapter 4 Monitor The following table describes the labels in this screen. Table 28 Monitor > Log > View Log LABEL DESCRIPTION Show Filter / Hide Filter Click this button to show or hide the filter settings. If the filter settings are hidden, the Display, Email Log Now, Refresh, and Clear Log fields are available. If the filter settings are shown, the Display, Priority, Source Address, Destination Address, Service, Keyword, and Search fields are available.
Chapter 4 Monitor The Web Configurator saves the filter settings if you leave the View Log screen and return to it later.
C HAPT ER 5 Network 5.1 Overview This chapter describes how you can configure the management IP address and VLAN settings of your NWA/WAC. The Internet Protocol (IP) address identifies a device on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts. Figure 28 IP Setup The figure above illustrates one possible setup of your NWA/WAC. The gateway IP address is 192.
Chapter 5 Network Figure 29 CAPWAP Network Example Note: The NWA/WAC can be a standalone AP (default), or a CAPWAP managed AP. CAPWAP Discovery and Management The link between CAPWAP-enabled access points proceeds as follows: 1 An AP in managed AP mode joins a wired network (receives a dynamic IP address). 2 The AP sends out a discovery request, looking for a CAPWAP AP controller. 3 If there is an AP controller on the network, it receives the discovery request.
Chapter 5 Network CAPWAP and IP Subnets By default, CAPWAP works only between devices with IP addresses in the same subnet. However, you can configure CAPWAP to operate between devices with IP addresses in different subnets by doing the following. • Activate DHCP. Your network’s DHCP server must support option 138 defined in RFC 5415. • Configure DHCP option 138 with the IP address of the CAPWAP AP controller on your network.
Chapter 5 Network 5.2 IP Setting Use this screen to configure the IP address for your NWA/WAC. To access this screen, click Configuration > Network > IP Setting. Figure 31 Configuration > Network > IP Setting (Retake screenshot) Each field is described in the following table.
Chapter 5 Network Table 29 Configuration > Network > IP Setting (continued) LABEL DESCRIPTION IPv6 Address Assignment Enable Stateless Address Autoconfiguration (SLAAC) Select this to enable IPv6 stateless auto-configuration on the NWA/WAC. The NWA/WAC will generate an IPv6 address itself from a prefix obtained from an IPv6 router in the network. Link-Local Address This displays the IPv6 link-local address and the network prefix that the NWA/WAC generates itself for the LAN interface.
Chapter 5 Network In the figure above, to access and manage the NWA/WAC from computer A, the NWA/WAC and switch B’s ports to which computer A and the NWA/WAC are connected should be in the same VLAN. A Virtual Local Area Network (VLAN) allows a physical network to be partitioned into multiple logical networks. Devices on a logical network belong to one group. A device can belong to more than one group.
Chapter 5 Network Table 30 Configuration > Network > VLAN (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the NWA/WAC. Reset Click Reset to return the screen to its last-saved settings. LAN Setting Port Setting Edit Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings. In some tables you can just click a table entry and edit it directly in the table.
Chapter 5 Network WAC can be configured ONLY by the AP controller. See Section 5.1.1 on page 57 for more information on management mode and AP Controller. If you want to return the NWA/WAC to standalone AP mode, you can do one of the two following options: • Press the Reset button. • Check the AP controller for the NWA/WAC’s IP address and use FTP to upload the default configuration file to the NWA/WAC. You can get the configuration file at conf/system-default.conf.
C HAPT ER 6 Wireless 6.1 Overview This chapter discusses how to configure the wireless network settings in your NWA/WAC. The following figure provides an example of a wireless network. Figure 35 Example of a Wireless Network The wireless network is the part in the blue circle. In this wireless network, devices A and B are called wireless clients. The wireless clients use the access point (AP) to interact with other devices (such as the printer) or with the Internet. Your NWA/WAC is the AP. 6.1.
Chapter 6 Wireless 6.1.2 What You Need to Know The following terms and concepts may help as you read this chapter. Station / Wireless Client A station or wireless client is any wireless-capable device that can connect to an AP using a wireless signal.
Chapter 6 Wireless Figure 36 Configuration > Wireless > AP Management Each field is described in the following table. Table 32 Configuration > Wireless > AP Management LABEL DESCRIPTION Radio 1 Setting Radio 1 Activate Select the check box to enable the NWA/WAC’s first (default) radio.
Chapter 6 Wireless Table 32 Configuration > Wireless > AP Management (continued) LABEL DESCRIPTION Radio 1 OP Mode Select the operating mode for radio 1. AP Mode means the radio can receive connections from wireless clients and pass their data traffic through to the NWA/WAC to be managed (or subsequently passed on to an upstream gateway for managing).
Chapter 6 Wireless Table 32 Configuration > Wireless > AP Management (continued) LABEL DESCRIPTION Radio 2 OP Mode This displays if the NWA/WAC has a second radio. Select the operating mode for radio 2. AP Mode means the radio can receive connections from wireless clients and pass their data traffic through to the NWA/WAC to be managed (or subsequently passed on to an upstream gateway for managing).
Chapter 6 Wireless Click Configuration > Wireless > MON Mode to access this screen. Figure 37 Configuration > Wireless > MON Mode Each field is described in the following table. Table 33 Configuration > Wireless > MON Mode LABEL DESCRIPTION Rogue/Friendly AP List Add Click this button to add an AP to the list and assign it either friendly or rogue status. Edit Select an AP in the list to edit and reassign its status. Remove Select an AP in the list to remove.
Chapter 6 Wireless 6.3.1 Add/Edit Rogue/Friendly List Click Add or select an AP and click the Edit button in the Configuration > Wireless > MON Mode table to display this screen. Figure 38 Configuration > Wireless > MON Mode > Add/Edit Rogue/Friendly AP List Each field is described in the following table. Table 34 Configuration > Wireless > MON Mode > Add/Edit Rogue/Friendly AP List LABEL DESCRIPTION MAC Enter the MAC address of the AP you want to add to the list.
Chapter 6 Wireless Each field is described in the following table. Table 35 Configuration > Wireless > Load Balancing LABEL DESCRIPTION Enable Load Balancing Select this to enable load balancing on the NWA/WAC. Mode Select a mode by which load balancing is carried out. Use this section to configure wireless network traffic load balancing between the managd APs in this group. Select By Station Number to balance network traffic based on the number of specified stations connected to the NWA/WAC.
Chapter 6 Wireless For example, here the AP has a balanced bandwidth allotment of 6 Mbps. If laptop R connects and it pushes the AP over its allotment, say to 7 Mbps, then the AP delays the red laptop’s connection until it can afford the bandwidth or the laptop is picked up by a different AP with bandwidth to spare. Figure 40 Delaying a Connection The second response your AP can take is to kick the connections that are pushing it over its balanced bandwidth allotment.
Chapter 6 Wireless 6.5 DCS Use this screen to configure dynamic radio channel selection. Click Configuration > Wireless > DCS to access this screen. Figure 42 Configuration > Wireless > DCS Each field is described in the following table. Table 36 Configuration > Wireless > DCS LABEL DESCRIPTION Select Now Click this to have the NWA/WAC scan for and select an available channel immediately. Apply Click Apply to save your changes back to the NWA/WAC.
Chapter 6 Wireless Figure 43 An Example Three-Channel Deployment Three channels are situated in such a way as to create almost no interference with one another if used exclusively: 1, 6 and 11. When an AP broadcasts on any of these three channels, it should not interfere with neighboring APs as long as they are also limited to same trio.
Chapter 6 Wireless There are two kinds of wireless load balancing available on the NWA/WAC: Load balancing by station number limits the number of devices allowed to connect to your AP. If you know exactly how many stations you want to let connect, choose this option. For example, if your company’s graphic design team has their own AP and they have 10 computers, you can load balance for 10.
C HAPT ER 7 User 7.1 Overview This chapter describes how to set up user accounts and user settings for the NWA/WAC. 7.1.1 What You Can Do in this Chapter • The User screen (see Section 7.2 on page 78) provides a summary of all user accounts. • The Setting screen (see Section 7.3 on page 80) controls default settings, login settings, lockout settings, and other user settings for the NWA/WAC. 7.1.2 What You Need To Know The following terms and concepts may help as you read this chapter.
Chapter 7 User 7.2 User Summary The User screen provides a summary of all user accounts. To access this screen click Configuration > Object > User. Figure 46 Configuration > Object > User The following table describes the labels in this screen. Table 38 Configuration > Object > User LABEL DESCRIPTION Add Click this to create a new entry. Edit Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings.
Chapter 7 User • Alphanumeric A-z 0-9 (there is no unicode support) • _ [underscores] • - [dashes] The first character must be alphabetical (A-Z a-z), an underscore (_), or a dash (-). Other limitations on user names are: • User names are case-sensitive. If you enter a user 'bob' but use 'BOB' when connecting via CIFS or FTP, it will use the account settings used for 'BOB' not ‘bob’. • User names have to be different than user group names.
Chapter 7 User The following table describes the labels in this screen. Table 39 Configuration > User > User > Add/Edit A User LABEL DESCRIPTION User Name Type the user name for this user account. You may use 1-31 alphanumeric characters, underscores(_), or dashes (-), but the first character cannot be a number. This value is case-sensitive. User names have to be different than user group names, and some words are reserved. User Type Select what type of user this is.
Chapter 7 User Figure 48 Configuration > Object > User > Setting The following table describes the labels in this screen. Table 40 Configuration > Object > User > Setting LABEL DESCRIPTION User Default Setting Default Authentication Timeout Settings These authentication timeout settings are used by default when you create a new user account. They also control the settings for any existing user accounts that are set to use the default settings.
Chapter 7 User Table 40 Configuration > Object > User > Setting (continued) LABEL DESCRIPTION Reauthentication Time This is the default reauthentication time in minutes for each type of user account. It defines the number of minutes the user can be logged into the NWA/WAC in one session before having to log in again. Unlike Lease Time, the user has no opportunity to renew the session without logging out.
Chapter 7 User The following table describes the labels in this screen. Table 41 User > Setting > Edit User Authentication Timeout Settings LABEL DESCRIPTION User Type This read-only field identifies the type of user account for which you are configuring the default settings. • • Lease Time admin - this user can look at and change the configuration of the NWA/WAC. limited-admin - this user can look at the configuration of the NWA/WAC but not to change it.
C HAPT ER 8 AP Profile 8.1 Overview This chapter shows you how to configure preset profiles for the NWA/WAC. 8.1.1 What You Can Do in this Chapter • The Radio screen (Section 8.2 on page 85) creates radio configurations that can be used by the APs. • The SSID screen (Section 8.3 on page 89) configures three different types of profiles for your networked APs. 8.1.2 What You Need To Know The following terms and concepts may help as you read this chapter.
Chapter 8 AP Profile WEP WEP (Wired Equivalent Privacy) encryption scrambles all data packets transmitted between the AP and the wireless stations associated with it in order to keep network communications private. Both the wireless stations and the access points must use the same WEP key for data encryption and decryption. WPA2 WPA2 (IEEE 802.11i) is a wireless security standard that defines stronger encryption, authentication and key management than WPA.
Chapter 8 AP Profile Table 42 Configuration > Object > AP Profile > Radio (continued) LABEL DESCRIPTION Activate To turn on an entry, select it and click Activate. Inactivate To turn off an entry, select it and click Inactivate. Object Reference Click this to view which other objects are linked to the selected radio profile. # This field is a sequential value, and it is not associated with a specific user. Status This field shows whether or not the entry is activated.
Chapter 8 AP Profile The following table describes the labels in this screen. Table 43 Configuration > Object > AP Profile > Add/Edit Profile LABEL DESCRIPTION Hide / Show Advanced Settings Click this to hide or show the Advanced Settings in this window. General Settings Activate Select this option to make this profile active. Profile Name Enter up to 31 alphanumeric characters to be used as this profile’s name. Spaces and underscores are allowed. 802.
Chapter 8 AP Profile Table 43 Configuration > Object > AP Profile > Add/Edit Profile (continued) LABEL 2.4 GHz Channel Selection Method DESCRIPTION Select how you want to specify the channels the NWA/WAC switches between for 2.4 GHz operation. This field appears only when you choose 802.11b/g/n mode. Select auto to have the NWA/WAC display a 2.4 GHz Channel Deployment field you can use to limit channel switching to 3 or 4 channels.
Chapter 8 AP Profile Table 43 Configuration > Object > AP Profile > Add/Edit Profile (continued) LABEL DESCRIPTION Beacon Interval When a wirelessly networked device sends a beacon, it includes with it a beacon interval. This specifies the time period before the device sends the beacon again. The interval tells receiving devices on the network how long they can wait in low-power mode before waking up to handle the beacon. A high value helps save current consumption of the access point.
Chapter 8 AP Profile 8.3.1 SSID List This screen allows you to create and manage SSID configurations that can be used by the APs. An SSID, or Service Set IDentifier, is basically the name of the wireless network to which a wireless client can connect. The SSID appears as readable text to any device capable of scanning for wireless frequencies (such as the WiFi adapter in a laptop), and is displayed as the wireless network name when a person makes a connection to it.
Chapter 8 AP Profile Figure 53 Configuration > Object > AP Profile > Add/Edit SSID Profile The following table describes the labels in this screen. Table 45 Configuration > Object > AP Profile > Add/Edit SSID Profile LABEL DESCRIPTION Create new Object Select an object type from the list to create a new one associated with this SSID profile. Profile Name Enter up to 31 alphanumeric characters for the profile name. This name is only visible in the Web Configurator and is only for management purposes.
Chapter 8 AP Profile Table 45 Configuration > Object > AP Profile > Add/Edit SSID Profile (continued) LABEL DESCRIPTION QoS Select a Quality of Service (QoS) access category to associate with this SSID. Access categories minimize the delay of data packets across a wireless network. Certain categories, such as video or voice, are given a higher priority due to the time sensitive nature of their data packets. QoS access categories are as follows: disable: Turns off QoS for this SSID.
Chapter 8 AP Profile Figure 54 Configuration > Object > AP Profile > SSID > Security List The following table describes the labels in this screen. Table 46 Configuration > Object > AP Profile > SSID > Security List LABEL DESCRIPTION Add Click this to add a new security profile. Edit Click this to edit the selected security profile. Remove Click this to remove the selected security profile.
Chapter 8 AP Profile Figure 55 SSID > Security Profile > Add/Edit Security Profile The following table describes the labels in this screen. Table 47 SSID > Security Profile > Add/Edit Security Profile LABEL DESCRIPTION Profile Name Enter up to 31 alphanumeric characters for the profile name. This name is only visible in the Web Configurator and is only for management purposes. Spaces and underscores are allowed. Security Mode Select a security mode from the list: none, wep, wpa2, or wpa2-mix.
Chapter 8 AP Profile Table 47 SSID > Security Profile > Add/Edit Security Profile (continued) LABEL DESCRIPTION Radius Server Type This shows External and the NWA/WAC uses an external RADIUS server for authentication. Primary / Secondary Radius Server Activate Select this to have the NWA/WAC use the specified RADIUS server. Radius Server IP Address Enter the IP address of the RADIUS server to be used for authentication.
Chapter 8 AP Profile Table 47 SSID > Security Profile > Add/Edit Security Profile (continued) LABEL DESCRIPTION PSK This field is available when you select the wpa2, or wpa2-mix security mode. Select this option to use a Pre-Shared Key with WPA2 encryption. Pre-Shared Key Cipher Type Enter a pre-shared key of between 8 and 63 case-sensitive ASCII characters (including spaces and symbols) or 64 hexadecimal characters. Select an encryption cipher type from the list.
Chapter 8 AP Profile Figure 56 Configuration > Object > AP Profile > SSID > MAC Filter List The following table describes the labels in this screen. Table 48 Configuration > Object > AP Profile > SSID > MAC Filter List LABEL DESCRIPTION Add Click this to add a new MAC filtering profile. Edit Click this to edit the selected MAC filtering profile. Remove Click this to remove the selected MAC filtering profile.
Chapter 8 AP Profile Figure 57 SSID > MAC Filter List > Add/Edit MAC Filter Profile The following table describes the labels in this screen. Table 49 SSID > MAC Filter List > Add/Edit MAC Filter Profile LABEL DESCRIPTION Profile Name Enter up to 31 alphanumeric characters for the profile name. This name is only visible in the Web Configurator and is only for management purposes. Spaces and underscores are allowed.
Chapter 8 AP Profile network printer (C) while preventing the client from accessing other computers and servers on the network. The client can communicate with other wireless clients only if Intra-BSS Traffic blocking is disabled. Note: Intra-BSS Traffic Blocking is activated when you enable layer-2 isolation.
Chapter 8 AP Profile Table 50 Configuration > Object > AP Profile > SSID > Layer-2 Isolation List (continued) LABEL DESCRIPTION # This field is a sequential value, and it is not associated with a specific user. Profile Name This field indicates the name assigned to the layer-2 isolation profile. 8.6.1 Add/Edit Layer-2 Isolation Profile This screen allows you to create a new layer-2 isolation profile or edit an existing one.
Chapter 8 AP Profile Table 51 SSID > MAC Filter List > Add/Edit Layer-2 Isolation Profile (continued) LABEL DESCRIPTION OK Click OK to save your changes back to the NWA/WAC. Cancel Click Cancel to exit this screen without saving your changes.
C HAPT ER 9 MON Profile 9.1 Overview This screen allows you to set up monitor mode configurations that allow your NWA/WAC to scan for other wireless devices in the vicinity. Once detected, you can use the Wireless > MON Mode screen (Section 6.3 on page 69) to classify them as either rogue or friendly. Not all NWA/WACs support monitor mode and rogue APs detection. 9.1.1 What You Can Do in this Chapter The MON Profile screen (Section 9.
Chapter 9 MON Profile Table 52 Configuration > Object > MON Profile (continued) LABEL DESCRIPTION Activate To turn on an entry, select it and click Activate. Inactivate To turn off an entry, select it and click Inactivate. Object Reference Click this to view which other objects are linked to the selected monitor mode profile (for example, an AP management profile). # This field is a sequential value, and it is not associated with a specific profile.
Chapter 9 MON Profile The following table describes the labels in this screen. Table 53 Configuration > Object > MON Profile > Add/Edit MON Profile LABEL DESCRIPTION Activate Select this to activate this monitor mode profile. Profile Name This field indicates the name assigned to the monitor mode profile. Channel dwell time Enter the interval (in milliseconds) before the NWA/WAC switches to another channel for monitoring.
Chapter 9 MON Profile Figure 63 Rogue AP Example X A RG C B In the example above, a corporate network’s security is compromised by a rogue AP (RG) set up by an employee at his workstation in order to allow him to connect his notebook computer wirelessly (A). The company’s legitimate wireless network (the dashed ellipse B) is well-secured, but the rogue AP uses inferior security that is easily broken by an attacker (X) running readily available encryption-cracking software.
C HAPTER 10 WDS Profile 10.1 Overview This chapter shows you how to configure WDS (Wireless Disbribution System) profiles for the NWA/ WAC to form a WDS with other APs. 10.1.1 What You Can Do in this Chapter The WDS Profile screen (Section 10.2 on page 106) creates preset WDS configurations that can be used by the NWA/WAC. 10.2 WDS Profile This screen allows you to manage and create WDS profiles that can be used by the APs. To access this screen, click Configuration > Object > WDS Profile.
Chapter 10 WDS Profile 10.2.1 Add/Edit WDS Profile This screen allows you to create a new WDS profile or edit an existing one. To access this screen, click the Add button or select and existing profile and click the Edit button. Figure 65 Configuration > Object > WDS Profile > Add/Edit WDS Profile The following table describes the labels in this screen.
C HAPTER 11 Certificates 11.1 Overview The NWA/WAC can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication. 11.1.1 What You Can Do in this Chapter • The My Certificate screens (Section 11.
Chapter 11 Certificates 5 Additionally, Jenny uses her own private key to sign a message and Tim uses Jenny’s public key to verify the message. The NWA/WAC uses certificates based on public-key cryptology to authenticate users attempting to establish a connection, not to encrypt the data that you send after establishing a connection. The method used to secure the data that you send through an established connection depends on the type of connection.
Chapter 11 Certificates • Binary PKCS#12: This is a format for transferring public key and private key certificates.The private key in a PKCS #12 file is within a password-encrypted envelope. The file’s password is not connected to your certificate’s public or private passwords. Exporting a PKCS #12 file creates this and you must provide it to decrypt the contents when you import the file into the NWA/WAC. Note: Be careful not to convert a binary file to text during the transfer process.
Chapter 11 Certificates 11.2 My Certificates Click Configuration > Object > Certificate > My Certificates to open this screen. This is the NWA/WAC’s summary list of certificates and certification requests. Figure 66 Configuration > Object > Certificate > My Certificates The following table describes the labels in this screen.
Chapter 11 Certificates Table 56 Configuration > Object > Certificate > My Certificates (continued) LABEL DESCRIPTION Subject This field displays identifying information about the certificate’s owner, such as CN (Common Name), OU (Organizational Unit or department), O (Organization or company) and C (Country). It is recommended that each certificate have unique subject information.
Chapter 11 Certificates Figure 67 Configuration > Object > Certificate > My Certificates > Add NWA5000 / WAC6500 Series User’s Guide 113
Chapter 11 Certificates The following table describes the labels in this screen. Table 57 Configuration > Object > Certificate > My Certificates > Add LABEL DESCRIPTION Name Type a name to identify this certificate. You can use up to 31 alphanumeric and ;‘~!@#$%^&()_+[]{}’,.=- characters. Subject Information Use these fields to record information that identifies the owner of the certificate.
Chapter 11 Certificates Table 57 Configuration > Object > Certificate > My Certificates > Add (continued) LABEL DESCRIPTION Create a certification request and enroll for a certificate immediately online Select this to have the NWA/WAC generate a request for a certificate and apply to a certification authority for a certificate. You must have the certification authority’s certificate already imported in the Trusted Certificates screen.
Chapter 11 Certificates 11.2.2 Edit My Certificates Click Configuration > Object > Certificate > My Certificates and then the Edit icon to open the My Certificate Edit screen. You can use this screen to view in-depth certificate information and change the certificate’s name.
Chapter 11 Certificates The following table describes the labels in this screen. Table 58 Configuration > Object > Certificate > My Certificates > Edit LABEL DESCRIPTION Name This field displays the identifying name of this certificate. You can use up to 31 alphanumeric and ;‘~!@#$%^&()_+[]{}’,.=- characters. Certification Path This field displays for a certificate, not a certification request.
Chapter 11 Certificates Table 58 Configuration > Object > Certificate > My Certificates > Edit LABEL DESCRIPTION MD5 Fingerprint This is the certificate’s message digest that the NWA/WAC calculated using the MD5 algorithm. SHA1 Fingerprint This is the certificate’s message digest that the NWA/WAC calculated using the SHA1 algorithm. Certificate in PEM (Base-64) Encoded Format This read-only text box displays the certificate or certification request in Privacy Enhanced Mail (PEM) format.
Chapter 11 Certificates Figure 69 Configuration > Object > Certificate > My Certificates > Import The following table describes the labels in this screen. Table 59 Configuration > Object > Certificate > My Certificates > Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it. You cannot import a certificate with the same name as a certificate that is already in the NWA/ WAC.
Chapter 11 Certificates Figure 70 Configuration > Object > Certificate > Trusted Certificates The following table describes the labels in this screen. Table 60 Configuration > Object > Certificate > Trusted Certificates LABEL DESCRIPTION PKI Storage Space in Use This bar displays the percentage of the NWA/WAC’s PKI storage space that is currently in use. When the storage space is almost full, you should consider deleting expired or unnecessary certificates before adding more certificates.
Chapter 11 Certificates 11.3.1 Edit Trusted Certificates Click Configuration > Object > Certificate > Trusted Certificates and then a certificate’s Edit icon to open the Trusted Certificates Edit screen. Use this screen to view in-depth information about the certificate, change the certificate’s name and set whether or not you want the NWA/WAC to check a certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority.
Chapter 11 Certificates The following table describes the labels in this screen. Table 61 Configuration > Object > Certificate > Trusted Certificates > Edit LABEL DESCRIPTION Name This field displays the identifying name of this certificate. You can change the name. You can use up to 31 alphanumeric and ;‘~!@#$%^&()_+[]{}’,.=- characters.
Chapter 11 Certificates Table 61 Configuration > Object > Certificate > Trusted Certificates > Edit (continued) LABEL DESCRIPTION Signature Algorithm This field displays the type of algorithm that was used to sign the certificate. Some certification authorities use rsa-pkcs1-sha1 (RSA public-private key encryption algorithm and the SHA1 hash algorithm). Other certification authorities may use rsapkcs1-md5 (RSA public-private key encryption algorithm and the MD5 hash algorithm).
Chapter 11 Certificates Figure 72 Configuration > Object > Certificate > Trusted Certificates > Import The following table describes the labels in this screen. Table 62 Configuration > Object > Certificate > Trusted Certificates > Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it. You cannot import a certificate with the same name as a certificate that is already in the NWA/ WAC.
C HAPTER 12 System 12.1 Overview Use the system screens to configure general NWA/WAC settings. 12.1.1 What You Can Do in this Chapter • The Host Name screen (Section 12.2 on page 125) configures a unique name for the NWA/WAC in your network. • The Date/Time screen (Section 12.3 on page 126) configures the date and time for the NWA/ WAC. • The WWW screens (Section 12.4 on page 129) configure settings for HTTP or HTTPS access to the NWA/WAC. • The SSH screen (Section 12.
Chapter 12 System The following table describes the labels in this screen. Table 63 Configuration > System > Host Name LABEL DESCRIPTION System Name Choose a descriptive name to identify your NWA/WAC device. This name can be up to 64 alphanumeric characters long. Spaces are not allowed, but dashes (-) underscores (_) and periods (.) are accepted. Domain Name Enter the domain name (if you know it) here. This name is propagated to DHCP clients connected to interfaces with the DHCP server enabled.
Chapter 12 System The following table describes the labels in this screen. Table 64 Configuration > System > Date/Time LABEL DESCRIPTION Current Time and Date Current Time This field displays the present time of your NWA/WAC. Current Date This field displays the present date of your NWA/WAC. Time and Date Setup Manual Select this radio button to enter the time and date manually.
Chapter 12 System Table 64 Configuration > System > Date/Time (continued) LABEL DESCRIPTION End Date Configure the day and time when Daylight Saving Time ends if you selected Enable Daylight Saving. The at field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the first Sunday of November. Each time zone in the United States stops using Daylight Saving Time at 2 A.M. local time.
Chapter 12 System The Current Time and Current Date fields will display the appropriate settings if the synchronization is successful. If the synchronization was not successful, a log displays in the View Log screen. Try re-configuring the Date/Time screen. To manually set the NWA/WAC date and time: 1 Click System > Date/Time. 2 Select Manual under Time and Date Setup. 3 Enter the NWA/WAC’s time in the New Time field. 4 Enter the NWA/WAC’s date in the New Date field.
Chapter 12 System Figure 76 Secure and Insecure Service Access From the WAN 12.4.1 Service Access Limitations A service cannot be used to access the NWA/WAC when you have disabled that service in the corresponding screen. 12.4.2 System Timeout There is a lease timeout for administrators. The NWA/WAC automatically logs you out if the management session remains idle for longer than this timeout period. The management session does not time out when a statistics screen is polling.
Chapter 12 System certificate. You must apply for a certificate for the browser from a CA that is a trusted CA on the NWA/WAC. Please refer to the following figure. 1 HTTPS connection requests from an SSL-aware web browser go to port 443 (by default) on the NWA/WAC’s web server. 2 HTTP connection requests from a web browser go to port 80 (by default) on the NWA/WAC’s web server.
Chapter 12 System The following table describes the labels in this screen. Table 66 Configuration > System > WWW > Service Control LABEL DESCRIPTION HTTPS Enable Select the check box to allow or disallow the computer with the IP address that matches the IP address(es) in the Service Control table to access the NWA/WAC Web Configurator using secure HTTPs connections. Server Port The HTTPS server listens on port 443 by default.
Chapter 12 System Figure 79 Security Alert Dialog Box (Internet Explorer) Select Continue to this website. to proceed to the Web Configurator login screen. Otherwise, select Click here to close this webpage. to block the access. 12.4.5.2 Mozilla Firefox Warning Messages When you attempt to access the NWA/WAC HTTPS server, a The Connection is Untrusted screen appears as shown in the following screen. Click Technical Details if you want to verify more information about the certificate from the NWA/WAC.
Chapter 12 System Figure 80 Security Certificate 1 (Firefox) Figure 81 Security Certificate 2 (Firefox) 12.4.5.3 Avoiding Browser Warning Messages Here are the main reasons your browser displays warnings about the NWA/WAC’s HTTPS server certificate and what you can do to avoid seeing the warnings: • The issuing certificate authority of the NWA/WAC’s HTTPS server certificate is not one of the browser’s trusted certificate authorities.
Chapter 12 System • For the browser to trust a self-signed certificate, import the self-signed certificate into your operating system as a trusted certificate. • To have the browser trust the certificates issued by a certificate authority, import the certificate authority’s certificate into your operating system as a trusted certificate. Refer to Appendix A on page 188 for details. 12.4.5.
Chapter 12 System 12.4.5.5 Installing the CA’s Certificate 1 Double click the CA’s trusted certificate to produce a screen similar to the one shown next. 2 Click Install Certificate and follow the wizard as shown earlier in this appendix. 12.4.5.6 Installing a Personal Certificate You need a password in advance. The CA may issue the password or you may have to specify it during the enrollment.
Chapter 12 System 1 Click Next to begin the wizard. 2 The file name and path of the certificate you double-clicked should automatically appear in the File name text box. Click Browse if you wish to import a different certificate.
Chapter 12 System 3 Enter the password given to you by the CA. 4 Have the wizard determine where the certificate should be saved on your computer or select Place all certificates in the following store and choose a different location.
Chapter 12 System 5 Click Finish to complete the wizard and begin the import process. 6 You should see the following screen when the certificate is correctly installed on your computer. 12.4.5.7 Using a Certificate When Accessing the NWA/WAC To access the NWA/WAC via HTTPS: 1 Enter ‘https://NWA/WAC IP Address/ in your browser’s web address field.
Chapter 12 System 2 When Authenticate Client Certificates is selected on the NWA/WAC, the following screen asks you to select a personal certificate to send to the NWA/WAC. This screen displays even if you only have a single certificate as in the example. 3 You next see the Web Configurator login screen. 12.5 SSH You can use SSH (Secure SHell) to securely access the NWA/WAC’s command line interface.
Chapter 12 System Figure 84 How SSH v1 Works Example 1 Host Identification The SSH client sends a connection request to the SSH server. The server identifies itself with a host key. The client encrypts a randomly generated session key with the host key and server key and sends the result back to the server. The client automatically saves any new server public keys. In subsequent connections, the server public key is checked against the saved version on the client computer.
Chapter 12 System 12.5.3 Requirements for Using SSH You must install an SSH client program on a client computer (Windows or Linux operating system) that is used to connect to the NWA/WAC over SSH. 12.5.4 Configuring SSH Click Configuration > System > SSH to open the following screen. Use this screen to configure your NWA/WAC’s Secure Shell settings. Note: It is recommended that you disable Telnet and FTP when you configure SSH for secure connections.
Chapter 12 System 12.5.5.1 Example 1: Microsoft Windows This section describes how to access the NWA/WAC using the Secure Shell Client program. 1 Launch the SSH client and specify the connection information (IP address, port number) for the NWA/WAC. 2 Configure the SSH client to accept connection using SSH version 1. 3 A window displays prompting you to store the host key in you computer. Click Yes to continue. Figure 86 SSH Example 1: Store Host Key Enter the password to log in to the NWA/WAC.
Chapter 12 System Figure 88 SSH Example 2: Log in $ ssh –1 192.168.1.2 The authenticity of host '192.168.1.2 (192.168.1.2)' can't be established. RSA1 key fingerprint is 21:6c:07:25:7e:f4:75:80:ec:af:bd:d4:3d:80:53:d1. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.2' (RSA1) to the list of known hosts. Administrator@192.168.1.2's password: 3 The CLI screen displays next. 12.6 Telnet You can use Telnet to access the NWA/WAC’s command line interface.
Chapter 12 System Figure 90 Configuration > System > FTP The following table describes the labels in this screen. Table 69 Configuration > System > FTP LABEL DESCRIPTION Enable Select the check box to allow or disallow the computer with the IP address that matches the IP address(es) in the Service Control table to access the NWA/WAC using this service. TLS required Select the check box to use FTP over TLS (Transport Layer Security) to encrypt communication.
Chapter 12 System Figure 91 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the NWA/WAC). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions. It executes applications that control and monitor managed devices.
Chapter 12 System ZYXEL-ES-WIRELESS.MIB) to collect information about CPU and memory usage and VPN total throughput. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance. You can download the NWA/WAC’s MIBs from www.zyxel.com. 12.8.2 SNMP Traps The NWA/WAC will send traps to the SNMP manager when any one of the following events occurs. Table 70 SNMP Traps OBJECT LABEL OBJECT ID DESCRIPTION linkDown 1.3.6.1.6.3.1.1.5.
Chapter 12 System The following table describes the labels in this screen. Table 71 Configuration > System > SNMP LABEL DESCRIPTION Enable Select the check box to allow or disallow users to access the NWA/WAC using SNMP. Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Trap Community Type the trap community, which is the password sent with each trap to the SNMP manager.
Chapter 12 System Figure 93 Configuration > System > SNMP > Add The following table describes the labels in this screen. Table 72 Configuration > System > SNMP LABEL DESCRIPTION User Name Select the user name of the user account for which this SNMPv3 user profile is configured. Authentication Select the type of authentication the SNMPv3 user must use to connect to the NWA/WAC using this SNMPv3 user profile. Select NONE to not authenticate the SNMPv3 user.
C HAPTER 13 Log and Report 13.1 Overview Use the system screens to configure daily reporting and log settings. 13.1.1 What You Can Do In this Chapter • The Email Daily Report screen (Section 13.2 on page 150) configures how and where to send daily reports and what reports to send. • The Log Setting screens (Section 13.3 on page 152) specify which logs are e-mailed, where they are e-mailed, and how often they are e-mailed. 13.
Chapter 13 Log and Report Figure 94 Configuration > Log & Report > Email Daily Report The following table describes the labels in this screen. Table 73 Configuration > Log & Report > Email Daily Report LABEL DESCRIPTION Enable Email Daily Report Select this to send reports by e-mail every day. Mail Server Type the name or IP address of the outgoing SMTP server. Mail Subject Type the subject line for the outgoing e-mail. Select Append system name to add the NWA/WAC’s system name to the subject.
Chapter 13 Log and Report Table 73 Configuration > Log & Report > Email Daily Report (continued) LABEL DESCRIPTION Mail From Type the e-mail address from which the outgoing e-mail is delivered. This address is used in replies. Mail To Type the e-mail address (or addresses) to which the outgoing e-mail is delivered. SMTP Authentication Select this check box if it is necessary to provide a user name and password to the SMTP server.
Chapter 13 Log and Report Figure 95 Configuration > Log & Report > Log Setting The following table describes the labels in this screen. Table 74 Configuration > Log & Report > Log Setting LABEL DESCRIPTION Edit Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings. Activate To turn on an entry, select it and click Activate. Inactivate To turn off an entry, select it and click Inactivate.
Chapter 13 Log and Report 13.3.2 Edit System Log Settings This screen controls the detailed settings for each log in the system log (which includes the e-mail profiles). Select a system log entry in the Log Setting screen and click the Edit icon.
Chapter 13 Log and Report The following table describes the labels in this screen. Table 75 Configuration > Log & Report > Log Setting > Edit System Log Setting LABEL DESCRIPTION E-Mail Server 1/2 Active Select this to send log messages and alerts according to the information in this section. You specify what kinds of log messages are included in log information and what kinds of log messages are included in alerts in the Active Log and Alert section.
Chapter 13 Log and Report Table 75 Configuration > Log & Report > Log Setting > Edit System Log Setting (continued) LABEL E-mail Server 2 DESCRIPTION Use the E-Mail Server 2 drop-down list to change the settings for e-mailing logs to e-mail server 2 for all log categories. Using the System Log drop-down list to disable all logs overrides your e-mail server 2 settings. enable normal logs (green check mark) - e-mail log messages for all categories to e-mail server 2.
Chapter 13 Log and Report Figure 97 Configuration > Log & Report > Log Setting > Edit Remote Server NWA5000 / WAC6500 Series User’s Guide 157
Chapter 13 Log and Report The following table describes the labels in this screen. Table 76 Configuration > Log & Report > Log Setting > Edit Remote Server LABEL DESCRIPTION Log Settings for Remote Server Active Select this check box to send log information according to the information in this section. You specify what kinds of messages are included in log information in the Active Log section. Log Format This field displays the format of the log information. It is read-only.
Chapter 13 Log and Report Figure 98 Active Log Summary This screen provides a different view and a different way of indicating which messages are included in each log and each alert. (The Default category includes debugging messages generated by open source software.
Chapter 13 Log and Report The following table describes the fields in this screen. Table 77 Configuration > Log & Report > Log Setting > Active Log Summary LABEL DESCRIPTION Active Log Summary If the NWA/WAC is set to controller mode, the AC section controls logs generated by the controller and the AP section controls logs generated by the managed APs. System log Use the System Log drop-down list to change the log settings for all of the log categories.
Chapter 13 Log and Report Table 77 Configuration > Log & Report > Log Setting > Active Log Summary (continued) LABEL DESCRIPTION E-mail Server 1 E-mail Select whether each category of events should be included in the log messages when it is e-mailed (green check mark) and/or in alerts (red exclamation point) for the e-mail settings specified in E-Mail Server 1. The NWA/WAC does not e-mail debugging information, even if it is recorded in the System log.
C HAPTER 14 File Manager 14.1 Overview Configuration files define the NWA/WAC’s settings. Shell scripts are files of commands that you can store on the NWA/WAC and run when you need them. You can apply a configuration file or run a shell script without the NWA/WAC restarting. You can store multiple configuration files and shell script files on the NWA/WAC. You can edit configuration files or shell scripts in a text editor and upload them to the NWA/WAC. Configuration files use a .
Chapter 14 File Manager While configuration files and shell scripts have the same syntax, the NWA/WAC applies configuration files differently than it runs shell scripts. This is explained below. Table 78 Configuration Files and Shell Scripts in the NWA/WAC Configuration Files (.conf) Shell Scripts (.zysh) • • • • • Resets to default configuration. Goes into CLI Configuration mode. Runs the commands in the configuration file. Goes into CLI Privilege mode. Runs the commands in the shell script.
Chapter 14 File Manager configuration files from the NWA/WAC to your computer and upload configuration files from your computer to the NWA/WAC. Once your NWA/WAC is configured and functioning properly, it is highly recommended that you back up your configuration file before making further configuration changes. The backup configuration file will be useful in case you need to return to your previous settings. Configuration File Flow at Restart • If there is not a startup-config.
Chapter 14 File Manager The following table describes the labels in this screen. Table 79 Maintenance > File Manager > Configuration File LABEL DESCRIPTION Rename Use this button to change the label of a configuration file on the NWA/WAC. You can only rename manually saved configuration files. You cannot rename the lastgood.conf, system-default.conf and startup-config.conf files. You cannot rename a configuration file to the name of another configuration file in the NWA/WAC.
Chapter 14 File Manager Table 79 Maintenance > File Manager > Configuration File (continued) LABEL DESCRIPTION Apply Use this button to have the NWA/WAC use a specific configuration file. Click a configuration file’s row to select it and click Apply to have the NWA/WAC use that configuration file. The NWA/WAC does not have to restart in order to use a different configuration file, although you will need to wait for a few minutes while the system reconfigures.
Chapter 14 File Manager Table 79 Maintenance > File Manager > Configuration File (continued) LABEL DESCRIPTION File Name This column displays the label that identifies a configuration file. You cannot delete the following configuration files or change their file names. The system-default.conf file contains the NWA/WAC’s default settings. Select this file and click Apply to reset all of the NWA/WAC settings to the factory defaults. This configuration file is included when you upload a firmware package.
Chapter 14 File Manager 8 Use "get” to download files. Transfer the configuration file on the NWA/WAC to your computer. Type get followed by the name of the configuration file. This examples uses get startup-config.conf. C:\>ftp 192.168.1.2 Connected to 192.168.1.2. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------220-You are user number 1 of 5 allowed. 220-Local time is now 21:28. Server port: 21.
Chapter 14 File Manager Figure 100 Maintenance > File Manager > Firmware Package The following table describes the labels in this screen. Table 80 Maintenance > File Manager > Firmware Package LABEL DESCRIPTION Boot Module This is the version of the boot module that is currently on the NWA/WAC. Current Version This is the firmware version and the date created. Released Date This is the date that the version of the firmware was created.
Chapter 14 File Manager 14.3.1 Example of Firmware Upload Using FTP This procedure requires the NWA/WAC’s firmware. Download the firmware package from www.zyxel.com and unzip it. The firmware file uses a .bin extension, for example, "420AAHY1C0.bin". Do the following after you have obtained the firmware file. 1 Connect your computer to the NWA/WAC. 2 The FTP server IP address of the NWA/WAC in standalone AP mode is 192.168.1.2, so set your computer to use a static IP address from 192.168.1.3 ~192.168.1.
Chapter 14 File Manager Click Maintenance > File Manager > Shell Script to open this screen. Use the Shell Script screen to store, name, download, upload and run shell script files. You can store multiple shell script files on the NWA/WAC at the same time. Note: You should include write commands in your scripts. If you do not use the write command, the changes will be lost when the NWA/WAC restarts. You could use multiple write commands in a long script.
Chapter 14 File Manager Table 81 Maintenance > File Manager > Shell Script (continued) LABEL DESCRIPTION # This column displays the number for each shell script file entry. File Name This column displays the label that identifies a shell script file. Size This column displays the size (in KB) of a shell script file. Last Modified This column displays the date and time that the individual shell script files were last changed or saved.
C HAPTER 15 Diagnostics 15.1 Overview Use the diagnostics screen for troubleshooting. 15.1.1 What You Can Do in this Chapter • The Diagnostics screen (Section 15.2 on page 173) generates a file containing the NWA/WAC’s configuration and diagnostic information if you need to provide it to customer support during troubleshooting. 15.2 Diagnostics This screen provides an easy way for you to generate a file containing the NWA/WAC’s configuration and diagnostic information.
Chapter 15 Diagnostics Table 82 Maintenance > Diagnostics LABEL DESCRIPTION Collect Now Click this to have the NWA/WAC create a new diagnostic file. Download Click this to save the most recent diagnostic file to a computer.
C HAPTER 16 LEDs 16.1 Overview The LEDs of your NWA/WAC can be controlled such that they stay lit (ON) or OFF after the NWA/ WAC is ready. There are two features that controls the LEDs of your NWA/WAC - Locator and Suppression. 16.1.1 What You Can Do in this Chapter • The Suppression screen (Section 16.2 on page 175)) allows you to set how you want the LEDs to behave after the device is ready. • The Locator screen (Section 16.
Chapter 16 LEDs Figure 104 Maintenance > LEDs > Suppression 16.3 Locator Screen The Locator feature identifies the location of your WAC among several devices in the network. You can run this feature and set a timer in this screen. To run the locator feature, enter a number of minutes and click Turn On button to have the WAC find its location. The Locator LED will start to blink for the number of minutes set in the Locator screen. The default setting is 10 minutes.
Chapter 16 LEDs The following table describes fields in the above screen. Table 83 Maintenance > LED > Locator LABEL DESCRIPTION Turn On Click Turn On button to activate the locator. The Locator function will show the actual location of the WAC between several devices in the network. Automatically extinguish after Enter a time interval between 1 and 60 minutes to stop the locator LED from bliking. Default is 10 minutes. Apply Click Apply to save changes in this screen.
C HAPTER 17 Reboot 17.1 Overview Use this screen to restart the device. 17.1.1 What You Need To Know If you applied changes in the Web configurator, these were saved automatically and do not change when you reboot. If you made changes in the CLI, however, you have to use the write command to save the configuration before you reboot. Otherwise, the changes are lost when you reboot. Reboot is different to reset; reset returns the device to its default configuration. 17.
C HAPTER 18 Shutdown 18.1 Overview Use this screen to shutdown the device. Always use Maintenance > Shutdown > Shutdown or the shutdown command before you turn off the NWA/WAC or remove the power. Not doing so can cause the firmware to become corrupt. 18.1.1 What You Need To Know Shutdown writes all cached data to the local storage and stops the system processes. Shutdown is different to reset; reset returns the device to its default configuration. 18.
C HAPTER 19 Troubleshooting 19.1 Overview This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LED • NWA/WAC Access and Login • Internet Access • Wireless Connections • Resetting the NWA/WAC 19.2 Power, Hardware Connections, and LED The NWA/WAC does not turn on. The LED is not on. 1 Make sure you are using the power adaptor included with the NWA/WAC or a PoE power injector.
Chapter 19 Troubleshooting 4 Disconnect and re-connect the power adaptor or PoE power injector to the NWA/WAC. 5 If the problem continues, contact the vendor. 19.3 NWA/WAC Access and Login I forgot the IP address for the NWA/WAC. 1 The default IP address (in standalone AP mode) is 192.168.1.2. 2 If you changed the IP address and have forgotten it, you have to reset the device to its factory defaults. See Section 19.6 on page 187.
Chapter 19 Troubleshooting Advanced Suggestions • Try to access the NWA/WAC using another service, such as Telnet. If you can access the NWA/ WAC, check the remote management settings to find out why the NWA/WAC does not respond to HTTP. • If your computer is connected wirelessly, use a computer that is connected to a LAN/ETHERNET port. I forgot the password. 1 The default password is 1234. 2 If this does not work, you have to reset the device to its factory defaults. See Section 19.6 on page 187.
Chapter 19 Troubleshooting 1 Check the hardware connections, and make sure the LED is behaving as expected. See the Quick Start Guide and Section 19.2 on page 180. 2 Make sure the NWA/WAC is connected to a broadband modem or router with Internet access and your computer is set to obtain an dynamic IP address. 3 If you are trying to access the Internet wirelessly, make sure the wireless settings on the wireless client are the same as the settings on the NWA/WAC.
Chapter 19 Troubleshooting 19.5 Wireless Connections I cannot access the NWA/WAC or ping any computer from the WLAN. 1 Make sure the wireless LAN (wireless radio) is enabled on the NWA/WAC. 2 Make sure the radio or at least one of the NWA/WAC’s radios is operating in AP mode. 3 Make sure the wireless adapter (installed on your computer) is working properly. 4 Make sure the wireless adapter (installed on your computer) is IEEE 802.
Chapter 19 Troubleshooting • Binary X.509: This is an ITU-T recommendation that defines the formats for X.509 certificates. • PEM (Base-64) encoded X.509: This Privacy Enhanced Mail format uses lowercase letters, uppercase letters and numerals to convert a binary X.509 certificate into a printable form. • Binary PKCS#7: This is a standard that defines the general syntax for data (including digital signatures) that may be encrypted. A PKCS #7 file is used to transfer a public key certificate.
Chapter 19 Troubleshooting • Make sure that all the APs used by the wireless clients in question share the same SSID, security, and radio settings. • Make sure that all the APs are in the same broadcast domain. • Make sure that the wireless clients are in range of the other APs; if they are only in range of a single AP, then load balancing may not be as effective.
Chapter 19 Troubleshooting • Detach the WAC from the mounting bracket. 19.6 Resetting the NWA/WAC If you cannot access the NWA/WAC by any method, try restarting it by turning the power off and then on again. If you still cannot access the NWA/WAC by any method or you forget the administrator password(s), you can reset the NWA/WAC to its factory-default settings. Any configuration files or shell scripts that you saved on the NWA/WAC should still be available afterwards.
A PPENDIX A Importing Certificates This appendix shows you how to import public key certificates into your web browser. Public key certificates are used by web browsers to ensure that a secure web site is legitimate. When a certificate authority such as VeriSign, Comodo, or Network Solutions, to name a few, receives a certificate request from a website operator, they confirm that the web domain and contact information in the request match those on public record with a domain name registrar.
Appendix A Importing Certificates 1 If your device’s Web Configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error. 2 Click Continue to this website (not recommended). 3 In the Address Bar, click Certificate Error > View certificates.
Appendix A Importing Certificates 4 In the Certificate dialog box, click Install Certificate. 5 In the Certificate Import Wizard, click Next.
Appendix A Importing Certificates 6 If you want Internet Explorer to Automatically select certificate store based on the type of certificate, click Next again and then go to step 9. 7 Otherwise, select Place all certificates in the following store and then click Browse. 8 In the Select Certificate Store dialog box, choose a location in which to save the certificate and then click OK.
Appendix A Importing Certificates 9 In the Completing the Certificate Import Wizard screen, click Finish. 10 If you are presented with another Security Warning, click Yes. 11 Finally, click OK when presented with the successful certificate installation message.
Appendix A Importing Certificates 12 The next time you start Internet Explorer and go to a ZyXEL Web Configurator page, a sealed padlock icon appears in the address bar. Click it to view the page’s Website Identification information. Installing a Stand-Alone Certificate File in Internet Explorer Rather than browsing to a ZyXEL Web Configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you.
Appendix A Importing Certificates Removing a Certificate in Internet Explorer This section shows you how to remove a public key certificate in Internet Explorer 7 on Windows XP. 1 Open Internet Explorer and click Tools > Internet Options. 2 In the Internet Options dialog box, click Content > Certificates.
Appendix A Importing Certificates 3 In the Certificates dialog box, click the Trusted Root Certificates Authorities tab, select the certificate that you want to delete, and then click Remove. 4 In the Certificates confirmation, click Yes. 5 In the Root Certificate Store dialog box, click Yes. 6 The next time you go to the web site that issued the public key certificate you just removed, a certification error appears.
Appendix A Importing Certificates Firefox The following example uses Mozilla Firefox 2 on Windows XP Professional; however, the screens can also apply to Firefox 2 on all platforms. 1 If your device’s Web Configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error. 2 Select Accept this certificate permanently and click OK. 3 The certificate is stored and you can now connect securely to the Web Configurator.
Appendix A Importing Certificates Installing a Stand-Alone Certificate File in Firefox Rather than browsing to a ZyXEL Web Configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you. 1 Open Firefox and click Tools > Options. 2 In the Options dialog box, click Advanced > Encryption > View Certificates.
Appendix A Importing Certificates 3 In the Certificate Manager dialog box, click Web Sites > Import. 4 Use the Select File dialog box to locate the certificate and then click Open. 5 The next time you visit the web site, click the padlock in the address bar to open the Page Info > Security window to see the web page’s security information. Removing a Certificate in Firefox This section shows you how to remove a public key certificate in Firefox 2.
Appendix A Importing Certificates 1 Open Firefox and click Tools > Options. 2 In the Options dialog box, click Advanced > Encryption > View Certificates.
Appendix A Importing Certificates 3 In the Certificate Manager dialog box, select the Web Sites tab, select the certificate that you want to remove, and then click Delete. 4 In the Delete Web Site Certificates dialog box, click OK. 5 The next time you go to the web site that issued the public key certificate you just removed, a certification error appears.
A PPENDIX B IPv6 Overview IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 1038 IP addresses. IPv6 Addressing The 128-bit IPv6 address is written as eight 16-bit hexadecimal blocks separated by colons (:). This is an example IPv6 address 2001:0db8:1a2b:0015:0000:0000:1a2f:0000. IPv6 addresses can be abbreviated in two ways: • Leading zeros in a block can be omitted.
Appendix B IPv6 Global Address A global address uniquely identifies a device on the Internet. It is similar to a “public IP address” in IPv4. A global unicast address starts with a 2 or 3. Unspecified Address An unspecified address (0:0:0:0:0:0:0:0 or ::) is used as the source address when a device does not have its own address. It is similar to “0.0.0.0” in IPv4. Loopback Address A loopback address (0:0:0:0:0:0:0:1 or ::1) allows a host to send packets to itself. It is similar to “127.0.0.1” in IPv4.
Appendix B IPv6 Table 86 Reserved Multicast Address (continued) MULTICAST ADDRESS FF0A:0:0:0:0:0:0:0 FF0B:0:0:0:0:0:0:0 FF0C:0:0:0:0:0:0:0 FF0D:0:0:0:0:0:0:0 FF0E:0:0:0:0:0:0:0 FF0F:0:0:0:0:0:0:0 Subnet Masking Both an IPv6 address and IPv6 subnet mask compose of 128-bit binary digits, which are divided into eight 16-bit blocks and written in hexadecimal notation. Hexadecimal uses four bits for each character (1 ~ 10, A ~ F). Each block’s 16 bits are then represented by four hexadecimal characters.
Appendix B IPv6 address which combines its interface ID and global and subnet information advertised from the router. This is a routable global IP address. DHCPv6 The Dynamic Host Configuration Protocol for IPv6 (DHCPv6, RFC 3315) is a server-client protocol that allows a DHCP server to assign and pass IPv6 network addresses, prefixes and other configuration information to DHCP clients. DHCPv6 servers and clients exchange DHCP messages using UDP.
Appendix B IPv6 such as the system name. The interface-ID option provides slot number, port information and the VLAN ID to the DHCPv6 server. The remote-ID option (if any) is stripped from the Relay-Reply messages before the relay agent sends the packets to the clients. The DHCP server copies the interface-ID option from the Relay-Forward message into the Relay-Reply message and sends it to the relay agent. The interface-ID should not change even after the relay agent restarts.
Appendix B IPv6 to determine whether the destination address is on-link and can be reached directly without passing through a router. If the address is onlink, the address is considered as the next hop. Otherwise, the NWA/WAC determines the next-hop from the default router list or routing table. Once the next hop IP address is known, the NWA/WAC looks into the neighbor cache to get the linklayer address and sends the packet when the neighbor is reachable.
Appendix B IPv6 Example - Enabling IPv6 on Windows XP/2003/Vista By default, Windows XP and Windows 2003 support IPv6. This example shows you how to use the ipv6 install command on Windows XP/2003 to enable IPv6. This also displays how to use the ipconfig command to see auto-generated IP addresses. C:\>ipv6 install Installing... Succeeded. C:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific IP Address. . . . . Subnet Mask . . . . IP Address. . . . .
Appendix B IPv6 5 Click Start and then OK. 6 Now your computer can obtain an IPv6 address from a DHCPv6 server. Example - Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default. DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer. To enable IPv6 in Windows 7: 1 Select Control Panel > Network and Sharing Center > Local Area Connection. 2 Select the Internet Protocol Version 6 (TCP/IPv6) checkbox to enable it. 3 Click OK to save the change.
Appendix B IPv6 4 Click Close to exit the Local Area Connection Status screen. 5 Select Start > All Programs > Accessories > Command Prompt. 6 Use the ipconfig command to check your dynamic IPv6 address. This example shows a global address (2001:b021:2d::1000) obtained from a DHCP server. C:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS IPv6 Address. . . . . . Link-local IPv6 Address IPv4 Address. . . . . . Subnet Mask . . . . . . Default Gateway .
A PPENDIX C Customer Support In the event of problems that cannot be solved by using this manual, you should contact your vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in which you bought the device. Regional websites are listed below. See also http://www.zyxel.com/about_zyxel/zyxel_worldwide.shtml. Please have the following information ready when you contact an office. Required Information • Product model and serial number. • Warranty Information.
Appendix C Customer Support Korea • ZyXEL Korea Corp. • http://www.zyxel.kr Malaysia • ZyXEL Malaysia Sdn Bhd. • http://www.zyxel.com.my Pakistan • ZyXEL Pakistan (Pvt.) Ltd. • http://www.zyxel.com.pk Philipines • ZyXEL Philippines • http://www.zyxel.com.ph Singapore • ZyXEL Singapore Pte Ltd. • http://www.zyxel.com.sg Taiwan • ZyXEL Communications Corporation • http://www.zyxel.com Thailand • ZyXEL Thailand Co., Ltd • http://www.zyxel.co.
Appendix C Customer Support Belgium • ZyXEL Communications B.V. • http://www.zyxel.com/be/nl/ Bulgaria • ZyXEL България • http://www.zyxel.com/bg/bg/ Czech • ZyXEL Communications Czech s.r.o • http://www.zyxel.cz Denmark • ZyXEL Communications A/S • http://www.zyxel.dk Estonia • ZyXEL Estonia • http://www.zyxel.com/ee/et/ Finland • ZyXEL Communications • http://www.zyxel.fi France • ZyXEL France • http://www.zyxel.fr Germany • ZyXEL Deutschland GmbH • http://www.zyxel.
Appendix C Customer Support Lithuania • ZyXEL Lithuania • http://www.zyxel.com/lt/lt/homepage.shtml Netherlands • ZyXEL Benelux • http://www.zyxel.nl Norway • ZyXEL Communications • http://www.zyxel.no Poland • ZyXEL Communications Poland • http://www.zyxel.pl Romania • ZyXEL Romania • http://www.zyxel.com/ro/ro Russia • ZyXEL Russia • http://www.zyxel.ru Slovakia • ZyXEL Communications Czech s.r.o. organizacna zlozka • http://www.zyxel.sk Spain • ZyXEL Spain • http://www.zyxel.
Appendix C Customer Support Turkey • ZyXEL Turkey A.S. • http://www.zyxel.com.tr UK • ZyXEL Communications UK Ltd. • http://www.zyxel.co.uk Ukraine • ZyXEL Ukraine • http://www.ua.zyxel.com Latin America Argentina • ZyXEL Communication Corporation • http://www.zyxel.com/ec/es/ Ecuador • ZyXEL Communication Corporation • http://www.zyxel.com/ec/es/ Middle East Egypt • ZyXEL Communication Corporation • http://www.zyxel.com/homepage.shtml Middle East • ZyXEL Communication Corporation • http://www.zyxel.
Appendix C Customer Support Oceania Australia • ZyXEL Communications Corporation • http://www.zyxel.com/au/en/ Africa South Africa • Nology (Pty) Ltd. • http://www.zyxel.co.
A PPENDIX D Legal Information Copyright Copyright © 2014 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
Appendix D Legal Information Industry Canada RSS-GEN & RSS-210 statement • • • • • • This device complies with Industry Canada license-exempt RSS standard(s). Operation is subject to the following two conditions: (1) this device may not cause interference, and (2) this device must accept any interference, including interference that may cause undesired operation of the device.
Appendix D Legal Information Íslenska (Icelandic) Hér með lýsir, ZyXEL því yfir að þessi búnaður er í samræmi við grunnkröfur og önnur viðeigandi ákvæði tilskipunar 1999/5/EC. Italiano (Italian) Con la presente ZyXEL dichiara che questo attrezzatura è conforme ai requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva 1999/5/CE.
Appendix D Legal Information The outdoor usage of the 2.4 GHz band requires an authorization from the Electronic Communications Office. Please check http:// www.esd.lv for more details. 2.4 GHz frekvenèu joslas izmantoðanai ârpus telpâm nepiecieðama atïauja no Elektronisko sakaru direkcijas. Vairâk informâcijas: http:// www.esd.lv. Notes: 1. Although Norway, Switzerland and Liechtenstein are not EU member states, the EU Directive 2014/53/EU has also been implemented in those countries. 2.
Appendix D Legal Information Environment statement ErP (Energy-related Products) ZyXEL products put on the EU market in compliance with the requirement of the European Parliament and the Council published Directive 2009/125/EC establishing a framework for the setting of ecodesign requirements for energy-related products (recast), so called as "ErP Directive (Energy-related Products directive) as well as ecodesign requirement laid down in applicable implementing measures, power consumption has satisfied reg
Appendix D Legal Information Environmental Product Declaration NWA5000 / WAC6500 Series User’s Guide 221
Appendix D Legal Information 率 率 不 不 更 率 率 更 立 率 療 輻 Viewing Certifications Go to http://www.zyxel.com to view this product’s documentation and certifications. ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in material or workmanship for a specific period (the Warranty Period) from the date of purchase. The Warranty Period varies by region.
Index Index Certificate Management Protocol (CMP) 115 Symbols Certificate Revocation List (CRL) 109 vs OCSP 124 certificates 108 advantages of 109 and CA 109 and FTP 145 and HTTPS 130 and SSH 142 and WWW 132 certification path 109, 117, 122 expired 109 factory-default 109 file formats 109 fingerprints 118, 123 importing 112 not used for encryption 109 revoked 109 self-signed 109, 114 serial number 117, 122 storage space 111, 120 thumbprint algorithms 110 thumbprints 110 used for authentication 109 verify
Index at restart 164 backing up 164 downloading 165 downloading with FTP 144 editing 162 how applied 163 lastgood.conf 164, 167 managing 163 startup-config.conf 167 startup-config-bad.conf 164 syntax 162 system-default.
Index redirect to HTTPS 132 vs HTTPS 131 permissions 27 JavaScripts 27 HTTPS 130 and certificates 130 authenticating clients 130 avoiding warning messages 134 example 132 vs HTTP 131 with Internet Explorer 132 with Netscape Navigator 133 K key pairs 108 HyperText Transfer Protocol over Secure Socket Layer, see HTTPS L lastgood.conf 164, 167 layer-2 isolation 98 example 98 MAC 99 I IEEE 802.
Index Management Mode CAPWAP and DHCP 58 CAPWAP and IP Subnets 59 managed AP 58 standalone mode 57 packet statistics 46 pop-up windows 27 power off 26 power on 26 product registration 222 management mode 12 Public-Key Infrastructure (PKI) 109 managing the device good habits 17 using FTP. See FTP.
Index pre-configured 13 S SSID profiles 13 SCEP (Simple Certificate Enrollment Protocol) 115 SSL 130 screen resolution 27 starting the device 26 Secure Socket Layer, see SSL startup-config.conf 167 if errors 164 missing at restart 164 present at restart 164 serial number 40 service control and users 130 limitations 130 timeouts 130 startup-config-bad.
Index shell scripts 170 access 27 requirements 27 supported browsers 27 usage CPU 40, 42 flash 40 memory 40, 43 onboard flash 40 wireless channel 184 use 12 wireless client 66 user authentication 77 Wireless Distribution System (WDS) 16 user name rules 78 wireless LAN 184 web configurator 12 WEP (Wired Equivalent Privacy) 85 Wireless network overview 65 user objects 77 users 77 access, see also access users admin (type) 77 admin, see also admin users and service control 130 currently logged in