ZyXEL Communications Vantage RADIUS 50 User Manual

Hide thumbs Also See for Vantage RADIUS 50:

Brochure (1 page)

Quick start manual (20 pages)

User manual (154 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

Table of Contents

Quick Links

Download this manual

Vantage RADIUS 50

User's Guide

Version 1.0

8/2005

Table of Contents

Troubleshooting

Summary of Contents for ZyXEL Communications Vantage RADIUS 50

Page 1 Vantage RADIUS 50 User’s Guide Version 1.0 8/2005...
Page 2 ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein.
Page 3 Vantage RADIUS User’s Guide Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: This device may not cause harmful interference. This device must accept any interference received, including interference that may cause undesired operations.
Page 4: Information For Canadian Users
Vantage RADIUS User’s Guide Information for Canadian Users The Industry Canada label identifies certified equipment. This certification means that the equipment meets certain telecommunications network protective, operation, and safety requirements. The Industry Canada does not guarantee that the equipment will operate to a user's satisfaction. Before installing this equipment, users should ensure that it is permissible to be connected to the facilities of the local telecommunications company.
Page 5: Zyxel Limited Warranty
Vantage RADIUS User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to...
Page 6: Customer Support
Hsinchu 300 sales@zyxel.com.tw +886-3-578-2439 ftp.zyxel.com Taiwan ftp.europe.zyxel.com info@cz.zyxel.com +420 241 091 350 www.zyxel.cz ZyXEL Communications Czech s.r.o. CZECH Modranská 621 REPUBLIC info@cz.zyxel.com +420 241 091 359 143 01 Praha 4 – Modrany Ceská Republika support@zyxel.dk +45 39 55 07 00 www.zyxel.dk...
Page 7 SWEDEN Sjöporten 4, 41764 Göteborg sales@zyxel.se +46 31 744 7701 Sweden support@zyxel.co.uk +44 (0) 1344 303044 www.zyxel.co.uk ZyXEL Communications UK Ltd., 11, The Courtyard, Eastern Road, UNITED 08707 555779 (UK Bracknell, Berkshire, RG12 2XB, KINGDOM only) United Kingdom (UK) sales@zyxel.co.uk +44 (0) 1344 303034 ftp.zyxel.co.uk...
Page 8: Table Of Contents
Vantage RADIUS User’s Guide Table of Contents Copyright ..............................ii Federal Communications Commission (FCC) Interference Statement ..........iii Information for Canadian Users ....................... iv ZyXEL Limited Warranty .......................... v Customer Support ............................vi List of Figures ............................. xi List of Tables ............................. xiv List of Charts .............................
Page 9 Vantage RADIUS User’s Guide System Log Files........................4-9 Real Time RADIUS Logs ......................4-10 4.10 RADIUS Log Files....................... 4-11 4.11 User Trace ..........................4-12 4.12 User Trace Log Files ......................4-13 4.13 Log Settings Screen......................4-14 RADIUS Server ............................5-1 Chapter 5 RADIUS Configuration......................
Page 10 Vantage RADIUS User’s Guide Appendix C Power over Ethernet Specifications..................C-1 Appendix D Setting up Your Computer’s IP Address ................D-1 Appendix E Wireless LAN and IEEE 802.11 ..................E-1 Appendix F Wireless LAN With IEEE 802.1x ..................F-1 Appendix G Types of EAP Authentication ....................G-1 Appendix H IP Subnetting........................H-1 Appendix I Command Interpreter......................
Page 11: List Of Figures
Vantage RADIUS User’s Guide List of Figures Figure 1-1 Secure Wireless Connection ......................1-7 Figure 1-2 Remote RADIUS Authentication ....................1-8 Figure 2-1 Admin Account..........................2-2 Figure 2-2 Admin Account MAIN MENU Screen of the Web Configurator ..........2-3 Figure 3-1 IP Configuration ........................... 3-4 Figure 3-2 DHCP Server: Setup........................
Page 12 Vantage RADIUS User’s Guide Figure 5-21 Example 2: Vantage RADIUS Remote Server 2 Setup .............5-27 Figure 5-22 Example 2: Using WZC or Odyssey Client: Computer B............5-28 Figure 5-23 Example 3: Vantage RADIUS and Remote Computer Server...........5-29 Figure 5-24 Example 3: Vantage RADIUS Local Server Setup ..............5-30 Figure 5-25 Example 3: Add Remote RADIUS Server ................5-31 Figure 5-26 Example 3: Vantage RADIUS Remote Server Setup ..............5-31 Figure 5-27 Example 3: Using WZC or Odyssey Client: Computer A............5-32...
Page 13 Vantage RADIUS User’s Guide Figure A-2 Internet Options: Privacy......................A-5 Figure A-3 Internet Options: Privacy......................A-6 Figure A-4 Pop-up Blocker Settings ......................A-7 Figure A-5 Internet Options: Security......................A-8 Figure A-6 Security Settings - Java Scripting ....................A-9 Figure A-7 Security Settings - Java......................A-10 Figure A-8 Java (Sun) ..........................A-11 List of Figures xiii...
Page 14 Vantage RADIUS User’s Guide List of Tables Table 2-1 Web Configurator Screens Summary....................2-4 Table 3-1 Example of Network Properties for LAN Servers with Fixed IP Addresses........3-2 Table 3-2 IP Configuration ..........................3-4 Table 3-3 DHCP Server: Setup ........................3-6 Table 3-4 DHCP Server: Client List .......................3-7 Table 3-5 Administrator Account........................3-8 Table 3-6 Time Settings ..........................3-10 Table 4-1 Logs Table ............................4-1...
Page 15 Vantage RADIUS User’s Guide List of Charts Chart A-1 Troubleshooting the Start-Up of Your Vantage RADIUS..............A-1 Chart A-2 Troubleshooting the Ethernet Interface ..................A-1 Chart A-3 Troubleshooting the Password.......................A-3 Chart A-4 Troubleshooting Telnet........................A-3 Chart B-1 HARDWARE SPECIFICATIONS ....................B-1 Chart B-2 firmware Specifications.........................B-1 Chart C-1 Power over Ethernet Injector Specifications .................C-1 Chart C-2 Power over Ethernet Injector RJ-45 Port Pin Assignments ............C-1 Chart H-1 Classes of IP Addresses.........................H-1...
Page 17: Preface
Preface About This User's Manual Congratulations on your purchase of Vantage RADIUS 50. This manual is designed to guide you through the configuration of your Vantage RADIUS for its various applications. Use the web configurator, or command interpreter interface to configure your Vantage RADIUS Server.
Page 18 Vantage RADIUS User’s Guide • Mouse action sequences are denoted using a comma. For example, “In Windows, click Start, Settings and then Control Panel” means first click the Start button, then point your mouse pointer to Settings and then click Control Panel. •...
Page 19: Getting Started
Getting Started Part I: Getting Started This part helps you get to know your Vantage RADIUS, introduces the web configurator and how to configure for first use.
Page 21: Chapter 1 Getting To Know Your Vantage Radius
Vantage RADIUS User’s Guide Chapter 1 Getting to Know Your Vantage RADIUS This chapter introduces the main features and applications of Vantage RADIUS. Introducing Vantage RADIUS Vantage RADIUS (Remote Authentication Dial-In User Service) 50 (referred to in this guide as Vantage RADIUS) is a standalone RADIUS server.
Page 22: Reset Button
Vantage RADIUS User’s Guide Time and Date Vantage RADIUS allows you to get the current time and date from an external server when switched on. You can also set the time manually. Reset Button The reset button is built into the front panel. Use this button to restore Vantage RADIUS to factory defaults. 1.2.2 Firmware All-in-one Box Vantage RADIUS consists of a private certificate authority, Remote Authentication Dial-In User Service...
Page 23: Snmp Support
Vantage RADIUS User’s Guide Accounting data can easily be exported to spreadsheets, databases, and specialized billing software. Dynamic DNS Support With Dynamic DNS (Domain Name System) support, you can have a static hostname alias for a dynamic IP address, allowing the host to be more easily accessible from various locations on the Internet. You must register for this service with a Dynamic DNS service provider.
Page 24: Application
Vantage RADIUS User’s Guide Vantage RADIUS uses the SSH (Secure Shell) secure communication protocol to provide secure encrypted communication between two hosts over an unsecured network. HTTPS HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL is a web protocol that encrypts and decrypts web sessions.
Page 25: Figure 1-1 Secure Wireless Connection
Vantage RADIUS User’s Guide Client usernames and passwords are forwarded from a wireless network to Vantage RADIUS, which then validates them against its own list. This ensures that only individuals with valid accounts will be granted network access. Figure 1-1 Secure Wireless Connection The following gives an overview of Vantage RADIUS’...
Page 26: Figure 1-2 Remote Radius Authentication
Vantage RADIUS User’s Guide Client usernames and passwords are forwarded from a wireless network to either the local or remote RADIUS server, which then validates them against its own list. This ensures that only individuals with valid accounts will be granted network access. Figure 1-2 Remote RADIUS Authentication The following gives an overview of how remote RADIUS authentication operates in a network.
Page 27 Vantage RADIUS User’s Guide Vantage RADIUS checks the password and username against its list of valid accounts and determines whether or not to authenticate A. If A has a remote user account, Vantage RADIUS forwards the authentication to a remote RADIUS server 2.The remote RADIUS server checks the password and username against its list of valid accounts and determines whether or not to authenticate A.
Page 29: Chapter 2 Introducing The Web Configurator
Vantage RADIUS User’s Guide Chapter 2 Introducing the Web Configurator This chapter describes how to access the web configurator, reset your Vantage RADIUS and navigate the menu system. Web Configurator Overview The web configurator is an HTML-based management interface that allows easy Vantage RADIUS setup and management via Internet browser.
Page 30: Figure 2-1 Admin Account
Vantage RADIUS User’s Guide Figure 2-1 Admin Account Step 3. You should now see the web configurator MAIN MENU screen. Click the HELP icon (located in the top right corner of most screens) to view online help. Click a link under ADVANCED to configure device features. Click a link under RADIUS to enter user accounts for authentication and configure for use with your wireless access point.
Page 31: Resetting Vantage Radius
Vantage RADIUS User’s Guide Resetting Vantage RADIUS If you forget your password or cannot access the web configurator, you will need to use the RESET button on the front panel of Vantage RADIUS to reload the factory-default configuration file. This means that you will lose all configurations that you had previously and the password will be reset to “1234”.
Page 32: Table 2-1 Web Configurator Screens Summary
Vantage RADIUS User’s Guide 2.3.1 Navigation Panel After you enter the password, use the sub-menus on the navigation panel to configure Vantage RADIUS features. The following table describes the sub-menus. Table 2-1 Web Configurator Screens Summary LINK FUNCTION ADVANCED Use this screen to configure basic network configuration on Vantage RADIUS.
Page 33 Vantage RADIUS User’s Guide Table 2-1 Web Configurator Screens Summary LINK FUNCTION CONFIGURATION Use this screen to backup and restore the configuration or reset the factory defaults to your Vantage RADIUS. MANAGEMENT REMOTE Use this screen to configure which IP address(es) can access ACCESS Vantage RADIUS.
Page 35: Chapter 3 Advanced Settings
Vantage RADIUS User’s Guide Chapter 3 Advanced Settings This chapter provides information on the advanced settings screens. Advanced Settings Overview The advanced settings screens allow you to configure your Vantage RADIUS for first use, including setting up Internet access for your wireless network, DHCP server settings, managing web configurator access, time server settings and configuring the types of log services available.
Page 36: Dns Server Address Assignment
Vantage RADIUS User’s Guide The subnet mask specifies the network number portion of an IP address. This field must be configured manually; the default setting is 255.255.255.0. Unless you are implementing sub-netting, there is no need to change this field. DNS Server Address Assignment Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa, for instance, the IP address of www.zyxel.com is 204.217.0.2.
Page 37: Ip Pool Setup
Vantage RADIUS User’s Guide the clients. If DHCP service is disabled, you must have another DHCP server on your LAN, or else the computer must be manually configured. IP Pool Setup The IP pool specifies the number of consecutive IP addresses to reserve for computers on your network, starting from a specified IP address.
Page 38: Figure 3-1 Ip Configuration
Vantage RADIUS User’s Guide Figure 3-1 IP Configuration The following table describes the labels in this screen. Table 3-2 IP Configuration LABEL DESCRIPTION Basic Network Configuration IP Address Type an IP address in dotted decimal notation. Netmask Type the IP subnet mask of the RADIUS server (if your ISP gave you one) in this field. Gateway Type the IP address of the gateway device used to connect your RADIUS to the Internet.
Page 39: Dhcp Server Setup
Vantage RADIUS User’s Guide Table 3-2 IP Configuration LABEL DESCRIPTION MAC Address This field displays the physical address of your RADIUS server on the network. Apply Click Apply to save your changes back to the RADIUS. DHCP Server Setup Vantage RADIUS dynamically assigns IP addresses to clients. Click ADVANCED and then DHCP SERVER in the main menu to configure your Vantage RADIUS as a DHCP server.
Page 40: Table 3-3 Dhcp Server: Setup
Vantage RADIUS User’s Guide Table 3-3 DHCP Server: Setup LABEL DESCRIPTION Set Up DHCP Server Enable/Disable DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients (workstations) to obtain TCP/IP configuration at startup from a server. Disable this field to stop the RADIUS acting as a DHCP server.
Page 41: 3.10 Dhcp Client List
Vantage RADIUS User’s Guide 3.10 DHCP Client List Click ADVANCED in the main menu and then DHCP SERVER. Now click the DHCP Client List tab. The read-only information here relates to your DHCP status. The DHCP Client List shows current DHCP client information (including IP Address and MAC Address) of all network clients using the DHCP server.
Page 42: 3.11 Administrator's Account
Vantage RADIUS User’s Guide 3.11 Administrator’s Account To change your RADIUS system password (recommended) click ADVANCED and then ADMIN ACCOUNT from the main menu. This screen allows you to change the administrator account name and password. Figure 3-4 Administrator Account The following table describes the labels in this screen.
Page 43: 3.12 Time Settings
Vantage RADIUS User’s Guide 3.12 Time Settings Vantage RADIUS uses a system clock to synchronize time across the network and generates accurate log files. Time can be obtained from the connecting computer, or an NTP (Network Time Protocol) Server. To change your time settings, click ADVANCED in the main menu, and then click TIME.
Page 44: Table 3-6 Time Settings
Vantage RADIUS User’s Guide Table 3-6 Time Settings LABEL DESCRIPTION Current Time Year/Month/Day This field displays the date of your RADIUS. Each time you reload this page, the RADIUS synchronizes the time with the time server. Hour: Minute: Second This field displays the time of your RADIUS. Each time you reload this page, the RADIUS synchronizes the time with the time server.
Page 45 Vantage RADIUS User’s Guide Table 3-6 Time Settings LABEL DESCRIPTION Daylight Saving Time Select this option if you use daylight savings time. Daylight saving is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening.
Page 47: Chapter 4 System Logs
Vantage RADIUS User’s Guide Chapter 4 System Logs This chapter details the various logs generated by Vantage RADIUS and their role in your network. Logs Overview Vantage RADIUS generates log files that can be sent via e-mail or to a syslog server (see section 4.3) for troubleshooting, maintenance, monitoring clients’...
Page 48: Tftp Server
Vantage RADIUS User’s Guide TFTP Server Trivial File Transfer Protocol (TFTP) is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). UDP is faster than TCP and more portable. The advantage is very fast transfer times that allows a server to perform real-time logging. Syslog server Syslog servers listen for incoming syslog messages and decodes them for logging purposes.
Page 49: System Log Messages
Vantage RADIUS User’s Guide Figure 4-1 Syslog Application To avoid confusion about which log came from which Vantage RADIUS, you should configure each Vantage RADIUS on the network to send its log files to different log stores inside the syslog server. System Log Messages There are nine cases when a system log message is generated.
Page 50: Radius Log Messages
Vantage RADIUS User’s Guide Table 4-2 System Logs MESSAGE MEANING Admin login Http OK/Fail : user = admin Someone has logged in to the web configurator using the source IP administrator account via an HTTP connection. Admin login https OK/Fail : user = admin Someone has logged in to the web configurator using the source IP administrator account via a telnet connection over a secured...
Page 51: Figure 4-2 Example Of Radius Log Messages
Vantage RADIUS User’s Guide Figure 4-2 Example Of RADIUS Log Messages 4.5.1 Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and Vantage RADIUS for user authentication: • Access-Request Sent by an access point, requesting authentication. •...
Page 52: User Trace Records
Vantage RADIUS User’s Guide • Access-Challenge Sent by Vantage RADIUS requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access-Request message. The following types of RADIUS messages are exchanged between the access point and Vantage RADIUS for user accounting: •...
Page 53: Real Time System Logs
Vantage RADIUS User’s Guide This field displays the account This field displays the name of the name of the wireless client wireless AP used by the wireless client to connected to the network. connect to the network. These fields refer to the total number of packets transmitted (Output Packet) and received (Input Packet) by the wireless client.
Page 54: Figure 4-4 System Log: Real Time System Logs
Vantage RADIUS User’s Guide Figure 4-4 SYSTEM LOG: Real Time System Logs The following table describes the labels in this screen. Table 4-3 SYSTEM LOG: Real Time System Logs LABEL DESCRIPTION System Log List Clear Log Click this button to remove all log entries from the System Log List. Refresh Click this button to update the System Log List with the most recent record- able events.
Page 55: System Log Files
Vantage RADIUS User’s Guide Table 4-3 SYSTEM LOG: Real Time System Logs LABEL DESCRIPTION TFTP Log Now Click this button to send the current log to the TFTP server specified in the Log Settings screen. Make sure that you have first filled in the Send Every Real Time Event to Syslog server fields in the Log Settings screen, see section 4.13.
Page 56: Real Time Radius Logs
Vantage RADIUS User’s Guide Table 4-4 SYSTEM LOG: Log Files LABEL DESCRIPTION Log File List This field displays the index of the log file. Date This field displays the date and time the last log file was added. File Name (View and Click this link to download the .txt log file from the TFTP server.
Page 57: 4.10 Radius Log Files
Vantage RADIUS User’s Guide Table 4-5 RADIUS LOG: Real Time RADIUS Logs LABEL DESCRIPTION RADIUS Log List Clear Log Click this button to remove all entries Refresh Click this button to update the log entries Email Log Now Click Email Log Now to send logs to the e-mail address specified in the Log Settings screen.
Page 58: 4.11 User Trace
Vantage RADIUS User’s Guide The following table describes the labels in this screen. Table 4-6 RADIUS LOG: Log Files LABEL DESCRIPTION Log File List This field displays the index of the log file. Date This field displays the date and time the last log file was added. File Name (View and Click this link to download the .txt log file from the TFTP server.
Page 59: 4.12 User Trace Log Files
Vantage RADIUS User’s Guide Table 4-7 USER TRACE: Real Time User Trace LABEL DESCRIPTION System Log List Clear Log Click this button to remove all entries Refresh Click this button to update the log entries Email Log Now Click Email Log Now to send the logs to the e-mail address specified in the Log Settings screen.
Page 60: 4.13 Log Settings Screen
Vantage RADIUS User’s Guide Figure 4-9 User Trace: Log Files The following table describes the labels in this screen. Table 4-8 RADIUS Logs: Log Files LABEL DESCRIPTION Log File List This field displays the index of the log file. Date This field displays the date and time the log file was created.
Page 61: Figure 4-10 Radius Logs: Log Files
Vantage RADIUS User’s Guide Figure 4-10 RADIUS Logs: Log Files The following table describes the labels in this screen. Table 4-9 RADIUS Logs: Log Files LABEL DESCRIPTION Send every real time event to syslog server System Logs 4-15...
Page 62 Vantage RADIUS User’s Guide Table 4-9 RADIUS Logs: Log Files LABEL DESCRIPTION Send every real time Enable this field to have Vantage RADIUS log every system, RADIUS and user event to syslog server events to a syslog server. Type the syslog server IP address or domain name. Log facility The log facility allows you to log the messages to different files in the syslog server see section 4.3.
Page 63 Vantage RADIUS User’s Guide Table 4-9 RADIUS Logs: Log Files LABEL DESCRIPTION Mail Subject Type a name to identify your log e-mails from other messages sent to the same address. If there are other devices generating logs (for example, another Vantage RADIUS) on the same network, make sure you can identify the log origin.
Page 65: Radius Server
RADIUS Server Part II: RADIUS Server This part introduces the RADIUS Server screens.
Page 67: Chapter 5 Radius Configuration
Vantage RADIUS User’s Guide Chapter 5 RADIUS Configuration 802.1x Overview The IEEE 802.1x standard outlines enhanced security methods for both the authentication of wireless stations and encryption key management. Vantage RADIUS provides authentication for clients of wireless access points. Introduction to RADIUS RADIUS is based on a client-sever model that supports authentication and accounting, where access point is the client and the server is the RADIUS server.
Page 68: Secure Connections
Vantage RADIUS User’s Guide Secure Connections Vantage RADIUS authenticates wireless clients using secure connections. The access point and Vantage RADIUS use a shared secret key, which is a password that must be configured on both. The key is not sent over the network.
Page 69 Vantage RADIUS User’s Guide • The RADIUS server checks the user information against its user profile database and determines whether or not to authenticate the wireless station. MD5 authentication does not use certificates for authentication. If your wireless clients are not going to use other protocols for authentication, you do not need to configure any certificates.
Page 70: Trusted Root Ca
Vantage RADIUS User’s Guide This certificate is directly downloaded to a computer via an Ethernet connection during a management session. Clients cannot download the certificate themselves. Therefore the certificate must be transferred manually to each client wanting to use the network. Trusted Root CA If your wireless clients use MD5 authentication protocol, you do not need to configure any certificates.
Page 71: Server Certificate
Vantage RADIUS User’s Guide Table 5-1 Trusted Root Certificate LABEL DESCRIPTION Common Name Type up to 50 ASCII characters (not including spaces) to identify this certificate. Country Type two characters to identify the nation where the certificate owner is located. State Type up to 30 ASCII characters to identify your state, district or region.
Page 72: Figure 5-3 Server Certificate
Vantage RADIUS User’s Guide All the fields in this screen are required for the server certificate. Figure 5-3 Server Certificate The following table describes the labels in this screen. Table 5-2 Server Certificate LABEL DESCRIPTION Common Name Type up to 50 ASCII characters (not including spaces) to identify this certificate. Country Type two characters to identify the nation where the certificate owner is located.
Page 73: Radius Server
Vantage RADIUS User’s Guide RADIUS Server An access point can manage authentication of wireless clients via a RADIUS server. Multiple RADIUS servers can be used by forwarding authentication requests from wireless clients. Forwarding authentication to different RADIUS servers allows wireless clients to be authenticated by a user account specific to each RADIUS server.
Page 74: Figure 5-4 Radius Server Settings
Vantage RADIUS User’s Guide Select Active Directory Account to allow one administrator to manage Vantage RADIUS servers using the same administrator login as a remote RADIUS server computer. The Local Account/Remote account is set by default. Type the name of your local RADIUS server.
Page 75: Table 5-3 Radius Server Settings
Vantage RADIUS User’s Guide Table 5-3 RADIUS Server Settings LABEL DESCRIPTION RADIUS Type Active Directory Select this radio button to allow an administrator to manage a local Vantage Account RADIUS server using the same administrator login and domain name as a remote RADIUS server computer.
Page 76 Vantage RADIUS User’s Guide Table 5-3 RADIUS Server Settings LABEL DESCRIPTION Action Click the Modify button in this field to edit information about a remote RADIUS server. Delete Select the check box next to the remote RADIUS server description in this list that you want to delete, then click Delete to remove this entry.
Page 77 Vantage RADIUS User’s Guide Table 5-3 RADIUS Server Settings LABEL DESCRIPTION Allowed Network Address (max 5) Click this button to add a range of IP addresses to the Allowed IP Address list. This field displays an index number of allowed IP address entries in the list. Network Address This field displays the IP address of an accepted source to access Vantage RADIUS.
Page 78: Figure 5-5 Radius Server: Add Remote Radius Server
Vantage RADIUS User’s Guide Figure 5-5 RADIUS Server: Add Remote RADIUS Server Table 5-4 RADIUS Server: Add Remote RADIUS Server LABEL DESCRIPTION Add Remote RADIUS Server Realm Name Type up to 50 ASCII characters the name of a remote RADIUS server. IP Address Type the IP address of a remote RADIUS server.
Page 79: Figure 5-6 Radius Server: Add Allowed Ip Address
Vantage RADIUS User’s Guide If you enabled Allow Any IP Address in the preceding RADIUS SERVER screen, you do not need to configure allowed IP addresses. Click RADIUS and then RADIUS SERVER in the main menu. Now click the Add button in the Allowed IP Address section or click Modify next to an entry you want to change.
Page 80: Figure 5-7 Radius Server: Add Allowed Network Address
Vantage RADIUS User’s Guide 5.6.3 Insert/Modify Allowed Network Range This screen allows you to specify a network range in which an AP is allowed to communicate with Vantage RADIUS. You need to know the WEP key or shared secret used with your wireless APs in the network range to configure this screen.
Page 81: Radius Server Examples
Vantage RADIUS User’s Guide Table 5-6 RADIUS Server: Add Allowed Network Address LABEL DESCRIPTION Shared Secret Type a password as the key to be used. The key must be the same on Vantage RADIUS as the APs on your network. The key is not sent over the network.
Page 82: Figure 5-8 Example 1: Vantage Radius Local And Remote Server Setup
Vantage RADIUS User’s Guide Figure 5-8 Example 1: Vantage RADIUS Local and Remote Server Setup Table 5-7 Example 1: RADIUS Server User Accounts RADIUS1 RADIUS2 RADIUS3 ComputerA ComputerB ComputerC RADIUS1 and Computer A Configuration 1. In the RADIUS SERVER screen type the name of your local RADIUS server in the Local Realm Name field.
Page 83: Figure 5-9 Example 1: Vantage Radius Local Server Setup
Vantage RADIUS User’s Guide Figure 5-9 Example 1: Vantage RADIUS Local Server Setup Follow the steps to set up computer A. If computer A uses Wireless Zero Configuration utility, then type the User name (“ComputerA” in this • example) and the user account Password. See the section on User Account for more information. Type “RADIUS1”...
Page 84: Figure 5-10 Example 1: Using Wzc Or Odyssey Client: Computer A
Vantage RADIUS User’s Guide ComputerA@RADIUS1 ComputerA RADIUS1 Figure 5-10 Example 1: Using WZC or Odyssey Client: Computer A 3. If successfully authenticated, computer A can communicate with E. RADIUS2 and Computer B Configuration 1. In the RADIUS SERVER screen click the Add button under Remote RADIUS. 2.
Page 85: Figure 5-11 Example 1: Add Remote Radius Server
Vantage RADIUS User’s Guide 7. Click Apply to save the settings and return to the RADIUS SERVER screen. Figure 5-11 Example 1: Add Remote RADIUS Server The Vantage RADIUS now has a remote RADIUS server named “RADIUS2”. Figure 5-12 Example 1: Vantage RADIUS Remote Server Setup RADIUS Configuration 5-19...
Page 86: Figure 5-13 Example 1: Using Wzc Or Odyssey Client: Computer B
Vantage RADIUS User’s Guide Follow the steps to set up computer B. If computer B uses Wireless Zero Configuration utility, then type the User name “ComputerB” and the • user account Password. See the section on User Account for more information. Type “RADIUS2” in the Login domain field.
Page 87: Figure 5-14 Example 1: Vantage Radius Remote Servers
Vantage RADIUS User’s Guide The AP forwards an authentication request to the local RADIUS server. Computer B has a realm RADIUS2. The authentication request is then forwarded to the remote RADIUS server, named RADIUS2. Computer B is listed as a user account. If successfully authenticated, B can communicate with E. RADIUS3 and Computer C Configuration 1.
Page 88: Figure 5-15 Example 1: Using Wzc Or Odyssey Client: Computer C
Vantage RADIUS User’s Guide ComputerC@RADIUS3 ComputerC RADIUS3 Figure 5-15 Example 1: Using WZC or Odyssey Client: Computer C The AP forwards an authentication request to the local RADIUS server. Computer C has a realm RADIUS3. The authentication request is then forwarded to the remote RADIUS server, named RADIUS3. Computer C is listed as a user account.
Page 89: Figure 5-16 Example 2: Vantage Radius Local And Remote Server Setup
Vantage RADIUS User’s Guide Figure 5-16 Example 2: Vantage RADIUS Local and Remote Server Setup Table 5-8 Example 2: RADIUS Server User Accounts RADIUS1 ComputerA ComputerB RADIUS1 and Computer A Configuration In the RADIUS SERVER screen type the name of your local RADIUS server in the Local Realm Name field.
Page 90: Figure 5-17 Example 2: Vantage Radius Local Server 1 Setup
Vantage RADIUS User’s Guide Figure 5-17 Example 2: Vantage RADIUS Local Server 1 Setup Follow the steps to set up computer A. If computer A uses Wireless Zero Configuration utility, then type the User name “ComputerA” and • the user account Password. See the section on User Account for more information. Type “RADIUS1” in the Login domain field.
Page 91: Figure 5-18 Example 2: Using Wzc Or Odyssey Client: Computer A
Vantage RADIUS User’s Guide ComputerA@RADIUS1 ComputerA RADIUS1 Figure 5-18 Example 2: Using WZC or Odyssey Client: Computer A If successfully authenticated, A can communicate with E. RADIUS2 and Computer B Configuration The local RADIUS server is in the same subnet as B. The RADIUS server 2 must be set as the local RADIUS server and the RADIUS server 1 must be set as a remote RADIUS server.
Page 92: Figure 5-19 Example 2: Vantage Radius Local Server 2 Setup
Vantage RADIUS User’s Guide Figure 5-19 Example 2: Vantage RADIUS Local Server 2 Setup 2. In the RADIUS SERVER screen click the Add button under Remote RADIUS. 3. The Add Remote RADIUS Server screen displays. 4. Type the name of the remote RADIUS server in the Realm Name field. 5.
Page 93: Figure 5-20 Example 2: Add Remote Radius Server
Vantage RADIUS User’s Guide Figure 5-20 Example 2: Add Remote RADIUS Server RADIUS server 2 now has a remote RADIUS server named “RADIUS1”. Figure 5-21 Example 2: Vantage RADIUS Remote Server 2 Setup RADIUS Configuration 5-27...
Page 94: Figure 5-22 Example 2: Using Wzc Or Odyssey Client: Computer B
Vantage RADIUS User’s Guide Follow the steps to set up computer B. If computer B uses Wireless Zero Configuration utility, then type the User name ComputerB and the • user account Password. See the section on User Account for more information. Type RADIUS1 in the Login domain field.
Page 95: Figure 5-23 Example 3: Vantage Radius And Remote Computer Server
Vantage RADIUS User’s Guide 5.7.3 Example 3: Vantage RADIUS and Remote Computer Server Setup In the following example the computer A requests access to B. Computer A is authenticated by C via a remote RADIUS server computer 2. Figure 5-23 Example 3: Vantage RADIUS and Remote Computer Server Table 5-9 Example 3: RADIUS Server User Accounts COMSERVER2 ComputerA...
Page 96: Figure 5-24 Example 3: Vantage Radius Local Server Setup
Vantage RADIUS User’s Guide Computer A and Remote RADIUS Server Computer Configuration In the RADIUS SERVER screen type the name of your local RADIUS server in the Local Realm Name field. Click the Apply button. Figure 5-24 Example 3: Vantage RADIUS Local Server Setup 1.
Page 97: Figure 5-25 Example 3: Add Remote Radius Server
Vantage RADIUS User’s Guide Figure 5-25 Example 3: Add Remote RADIUS Server Figure 5-26 Example 3: Vantage RADIUS Remote Server Setup Follow the steps to set up computer A. RADIUS Configuration 5-31...
Page 98: Figure 5-27 Example 3: Using Wzc Or Odyssey Client: Computer A
Vantage RADIUS User’s Guide If computer A uses Wireless Zero Configuration utility, then type the User name “ComServer2” and • the user account Password. See the section on User Account for more information. Type ComServer2 in the Logon domain field. If computer A uses Odyssey Client utility, then type the Login name in computer@realm format.
Page 99: Figure 5-28 New Remote Radius Server Group
Vantage RADIUS User’s Guide 2. A new server group must be created so that the RADIUS server computer can receive authentication requests from a local RADIUS server, such as a Vantage RADIUS device. 3. To create a new server group: 4.
Page 100: Figure 5-29 New Remote Radius Server Group Wizard
Vantage RADIUS User’s Guide 6. Type the Shared secret in the Server group shared secret section. This should match the shared secret in the AP that you want to use to authenticate a wireless client. 7. Click Next to continue. Figure 5-29 New Remote RADIUS Server Group Wizard 8.
Page 101: Figure 5-30 New Connection Request Policy Wizard
Vantage RADIUS User’s Guide Figure 5-30 New Connection Request Policy Wizard 9. Enter the name of the Windows 2003 IAS computer RADIUS server in the Realm name field. 10. Click Next to complete the wizard setup. RADIUS Configuration 5-35...
Page 102: Figure 5-31 Realm Name
Vantage RADIUS User’s Guide ComServer2 Figure 5-31 Realm Name 5.7.4 Example 4: Vantage RADIUS and Windows Active Directory In the following example the computer A requests access to B. Computer A is authenticated by C via a local Vantage RADIUS server using an active directory. You can manage the Vantage RADIUS server using the same administrator login and domain name as a remote RADIUS server computer.
Page 103: Figure 5-32 Example 4: Vantage Radius And Windows Active Directory
Vantage RADIUS User’s Guide If the administrator username, password and domain name of a computer server is found matching the same fields in the Vantage RADIUS, the wireless client is authenticated by the AP. Figure 5-32 Example 4: Vantage RADIUS and Windows Active Directory Table 5-10 Example 4: RADIUS Server User Accounts RADIUS1 ComputerA...
Page 104: Figure 5-33 Example 4: Vantage Radius Active Directory Account Setup
Vantage RADIUS User’s Guide 2. In the Domain Administrator : Username field type the administrator login name of the Windows server computer, for example “Administrator”. 3. In the Domain Administrator : Password field type the administrator login name of the Windows server computer, for example “5678”.
Page 105: Figure 5-34 Example 4: Using Wzc Or Odyssey Client: Computer A
Vantage RADIUS User’s Guide ComServer2\ComputerA ComputerA ComServer2 Figure 5-34 Example 4: Using WZC or Odyssey Client: Computer A 6. If a RADIUS server computer is found with an administrator username, password and domain name that match the active directory fields configured in Vantage RADIUS Computer A is listed as a user account with Vantage RADIUS, then computer A is authenticated by C and can successfully communicate with B.
Page 106: User Account
Vantage RADIUS User’s Guide User Account Click RADIUS and then USER ACCOUNT to begin adding user accounts to your RADIUS server. Each client requiring access to the wireless network needs a username and password. UserAccount.csv Figure 5-35 User Account The following table describes the labels in this screen. Table 5-11 User Account LABEL DESCRIPTION...
Page 107 Vantage RADIUS User’s Guide Table 5-11 User Account LABEL DESCRIPTION User Account List The maximum number of configurable accounts is 200. Vantage RADIUS allows up to 50 connections at the same time. Duplicate usernames and passwords are not allowed. Add New User Click this button to add a new user account.
Page 108: Figure 5-36 Csv File Example
Vantage RADIUS User’s Guide Passwords Usernames Save the file in CSV format. Figure 5-36 CSV File Example 5.8.2 Adding a New Client Click Add New User in the USER ACCOUNT screen to add a new client account to your Vantage RADIUS.
Page 109: Importing A Certificate
Vantage RADIUS User’s Guide Table 5-12 User Account: Add New User LABEL DESCRIPTION User Name Type the wireless client’s username. The username can consist of up to 80 alphanumeric characters and is case sensitive. Enter Password Type the password corresponding to the name above. The password can consist of up to 80 alphanumeric characters and is case sensitive.
Page 110 Vantage RADIUS User’s Guide Step 2. Click Install Certificate to open the Certificate Import Wizard as shown below. Then click Next. 5-44 RADIUS Configuration...
Page 111 Vantage RADIUS User’s Guide Step 3. Click Automatically select the certificate store based on the type of certificate, or if you prefer, specify the location for the certificate to be stored, then click Next. Step 4. Click Yes to add this certificate to your computer. The Certificate Import Wizard dialog box appears as below.
Page 112: Setting Up Your Access Point (Ap)
Vantage RADIUS User’s Guide Step 5. Click OK to complete the installation. 5.10 Setting Up Your Access Point (AP) This section assumes knowledge of how to configure a management session on your AP. The following examples use screenshots from ZyXEL’s ZyAIR G-3000. Actual screens and products differ from the ones displayed.
Page 113: Figure 5-38 Zyair Radius Settings Example
Vantage RADIUS User’s Guide 1. Enable these fields to activate authentication and accounting services. 3. Type the port number of the RADIUS server. The 2. Enter the IP default port numbers are address of the shown. RADIUS server You need not change in dotted decimal these values unless you notation.
Page 114: Figure 5-39 Zyair Wireless Settings Example
Vantage RADIUS User’s Guide The authentication database contains wireless station login information. Vantage RADIUS is an external authentication server. Use this drop-down list box to select the order the wireless AP checks the databases to authenticate a wireless station. 1. Select Authentication Required so that all wireless stations have to enter usernames and passwords before access to the wired network is allowed.
Page 115: Maintenance And Management
Maintenance and Management Part III: Maintenance and Management This part explains how to maintain and manage your Vantage RADIUS.
Page 117: Chapter 6 Maintenance
Vantage RADIUS User’s Guide Chapter 6 Maintenance This chapter covers system maintenance screens Overview The maintenance screens can help you view system information, upload new firmware and manage your configuration. System Status This screen displays details about the Vantage RADIUS firmware, time running since last startup, and a list of wireless clients authenticated and currently connected to the network.
Page 118: Firmware Upload
Vantage RADIUS User’s Guide The following table describes the labels in this screen. Table 6-1 System Status LABEL DESCRIPTION System Status Boot Rom This field displays the Boot Rom’s version number. Firmware This field displays the firmware version number. System Up Time This field displays the length of time since Vantage RADIUS server was last started.
Page 119: Figure 6-2 F/W Upload
Vantage RADIUS User’s Guide Figure 6-2 F/W Upload The following table describes the fields in this screen. Figure 6-3 F/W Upload LABEL DESCRIPTION Update firmware from local file. Local PC File Path Type in the location of the file you want to upload in this field or click Browse to find it.
Page 120: Configuration
Vantage RADIUS User’s Guide Figure 6-4 Network Temporarily Disconnected The following messages display at the bottom of the screen. Wait for about two minutes, log in again and check your new firmware version in the SYSTEM STATUS screen. Configuration Click MAINTENANCE, and then the Configuration tab. Use this screen to backup or restore Vantage RADIUS configuration.
Page 121: Figure 6-5 Configuration Backup
Vantage RADIUS User’s Guide Figure 6-5 Configuration Backup 6.4.1 Configuration Backup Configuration Backup allows you to backup (save) the current system (Vantage RADIUS) configuration to your computer or a TFTP server. Backup is highly recommended once your Vantage RADIUS is functioning properly.
Page 122: Figure 6-6 Network Temporarily Disconnected
Vantage RADIUS User’s Guide 6.4.2 Configuration Restore Restore Configuration allows you to restore a previously saved configuration file from your computer to your Vantage RADIUS. Table 6-3 Configuration Restore LABEL DESCRIPTION Restore the system configuration from local file Type in the location of the file you want to restore in this field or click Browse to Local PC File Path find it.
Page 123 Vantage RADIUS User’s Guide If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default device IP address (192.168.1.3). See your Quick Start Guide or the Appendices for details on how to set up your computer’s IP address.
Page 125: Chapter 7 Management
Vantage RADIUS User’s Guide Chapter 7 Management This chapter details how to configure your Vantage RADIUS for remote access Remote Management Overview Remote management allows you to determine which services/protocols can access which Vantage RADIUS interface (if any) from which computers. To disable remote management of a service, select Disable in the corresponding field.
Page 126: Introduction To Https
Vantage RADIUS User’s Guide 7.1.2 System Timeout There is a system timeout of five minutes (three hundred seconds) for either the console port or telnet/web/FTP connections. Your Vantage RADIUS automatically logs you out if you do nothing in this timeout period. See the REMOTE ACCESS screen to change the timeout period in the Idle Time Out field.
Page 127: Ssh
Vantage RADIUS User’s Guide Figure 7-1 HTTPS Implementation If you disable HTTP (Disable) in the REMOTE ACCESS screen, then Vantage RADIUS blocks all HTTP connection attempts. Unlike Telnet, which transmit data in clear text, SSH (Secure Shell) is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network.
Page 128: Secure Telnet Using Ssh Examples
Vantage RADIUS User’s Guide 7.3.1 How SSH works The following table summarizes how a secure connection is established between two remote hosts. 1. Host Identification The SSH client sends a connection request to the SSH server. The server identifies itself with a host key.
Page 129: Figure 7-4 Ssh Example 1: Store Host Key
Vantage RADIUS User’s Guide 7.4.1 Example 1: Microsoft Windows This section describes how to access Vantage RADIUS using the Secure Shell Client program. 1. Launch the SSH client and specify the connection information (IP address, port number or device name) for Vantage RADIUS. 2.
Page 130: Telnet
Vantage RADIUS User’s Guide $ telnet 192.168.1.1 22 Trying 192.168.1.1... Connected to 192.168.1.1. Escape character is '^]'. SSH-1.5-1.0.0 Figure 7-5 SSH Example 2: Test 3. Enter “ssh –2 192.168.1.3”. This command forces your computer to connect to Vantage RADIUS using SSH version 1. If this is the first time you are connecting to Vantage RADIUS using SSH, a message displays prompting you to save the host information of Vantage RADIUS.
Page 131: Remote Access
Vantage RADIUS User’s Guide Figure 7-7 Telnet Configuration on a TCP/IP Network Remote Access To configure your Vantage RADIUS for remote access, click MANAGEMENT in the main menu, and then click REMOTE ACCESS. Management...
Page 132: Figure 7-8 Remote Access
Vantage RADIUS User’s Guide Figure 7-8 Remote Access Table 7-1 Remote Access LABEL DESCRIPTION Allowed Access Type Allow Any IP Address Enable this field to have Vantage RADIUS accept connections from all incoming IP addresses. Allow Specified IP Enable this field to have Vantage RADIUS restricts access to the list of network Address / Network addresses and IP addresses in the Allow IP Address and Allowed Network Address...
Page 133 Vantage RADIUS User’s Guide Table 7-1 Remote Access LABEL DESCRIPTION SSH (Secure Shell) is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network. Enable this field to allow SSH access to the Vantage RADIUS. You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management...
Page 134: Figure 7-9 Remote Access: Add/Modify Ip Address
Vantage RADIUS User’s Guide Table 7-1 Remote Access LABEL DESCRIPTION This field displays the index number. Network IP Address This field displays the network address in which a client is allowed to use the services to manage Vantage RADIUS. Netmask This field displays the subnet mask used to specify the network range limits for accepted IP addresses.
Page 135: Figure 7-10 Remote Access: Add/Modify Network Ip Address
Vantage RADIUS User’s Guide Table 7-2 Remote Access: Add/Modify IP Address LABEL DESCRIPTION Apply Click this button to save changes back to Vantage RADIUS and return to the REMOTE ACCESS screen. 7.6.2 Insert/Modify Allowed Network IP Address In the REMOTE ACCESS screen, click Add to insert a new entry in the Allowed Network IP Address list,.
Page 136: Snmp
Vantage RADIUS User’s Guide SNMP Simple Network Management Protocol (SNMP) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your Vantage RADIUS supports SNMP agent functionality, which allows a manager station to manage and monitor Vantage RADIUS through the network.
Page 137: Supported Mibs
Vantage RADIUS User’s Guide An agent is a management software module that resides in a managed device (Vantage RADIUS). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions. It executes applications that control and monitor managed devices.
Page 138: Configuring Snmp
Vantage RADIUS User’s Guide Configuring SNMP To configure your SNMP settings, click MAINTENANCE in the main menu, and then click SNMP AGENT. Figure 7-12 SNMP Agent At the time of writing, SNMP only has write access to the IP screen in the ADVANCED menu. 7-14 Management...
Page 139: Table 7-4 Snmp Agent
Vantage RADIUS User’s Guide Table 7-4 SNMP Agent LABEL DESCRIPTION SNMP Agent Setup Enable Click this radio button to allow SNMP access to Vantage RADIUS. Disable Click this radio button to have Vantage RADIUS ignore SNMP requests. SNMP Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
Page 140: Figure 7-13 Snmp: Allowed Ip Address
Vantage RADIUS User’s Guide 7.8.1 Insert/Modify Allowed IP Address In the SNMP AGENT screen, click Add to insert a new entry in the Allowed IP Address list. To edit an existing entry, click the Modify button next to an IP address you want to change. Figure 7-13 SNMP: Allowed IP Address Table 7-5 SNMP: Allowed IP Address LABEL...
Page 141: User Trace Records
Vantage RADIUS User’s Guide Figure 7-14 SNMP: Allowed Network Address Table 7-6 SNMP: Allowed Network Address LABEL DESCRIPTION Allowed Network Address Community Type the community, which is the password sent with each request to the SNMP manager. The default is public and allows all requests. Network Address Type the first address in your network.
Page 143: Chapter 8 Reset And Restart Vantage Radius
Vantage RADIUS User’s Guide Chapter 8 RESET and RESTART Vantage RADIUS This chapter details how to reset and restart your Vantage RADIUS Resetting Vantage RADIUS If you forget your password or cannot access the web configurator, you will need to reload the factory- default configuration file or use the RESET button on the side panel of the ZyAIR.
Page 144: Back To Factory Defaults
Vantage RADIUS User’s Guide Back to Factory Defaults The following screen allows you to reset Vantage RADIUS back to the default configuration file without turning the power off or using the RESET button. 1. Click RESTART/RESET in the main menu. 2.
Page 145: Appendices
Appendices APPENDICES This part provides troubleshooting and background information about setting up your computer’s IP address, wireless LAN, 802.1x and IP subnetting. It also provides information on the command interpreter interface.
Page 147: Appendix A Troubleshooting
Vantage RADIUS User’s Guide Appendix A Troubleshooting This appendix covers potential problems and possible remedies. After each problem description, some instructions are provided to help you to diagnose and to solve the problem. Problems Starting Up Vantage RADIUS Chart A-1 Troubleshooting the Start-Up of Your Vantage RADIUS PROBLEM CORRECTIVE ACTION None of the LEDs...
Page 148 Vantage RADIUS User’s Guide Chart A-2 Troubleshooting the Ethernet Interface PROBLEM CORRECTIVE ACTION I cannot ping any If the ETHERNET LED on the front panel is off, check the Ethernet cable computer on the connections between your Vantage RADIUS and the Ethernet device. LAN.
Page 149: Chart A-3 Troubleshooting The Password
Vantage RADIUS User’s Guide Problems with the Password Chart A-3 Troubleshooting the Password PROBLEM CORRECTIVE ACTION I cannot access The Password and Username fields are case-sensitive. Make sure that you enter Vantage RADIUS. the correct password and username using the proper casing. Use the RESET button on the front panel of Vantage RADIUS to restore the factory default configuration file (hold this button in for about 5 seconds or until the SYS LED starts to blink).
Page 150: Figure A-1 Pop-Up Blocker
Vantage RADIUS User’s Guide Either disable pop-up blocking (enabled by default in Windows XP SP (Service Pack) 2) or allow pop-up blocking and create an exception for your device’s IP address. Disable pop-up Blockers Step 1. In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker. Figure A-1 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab.
Page 151: Figure A-2 Internet Options: Privacy
Vantage RADIUS User’s Guide Figure A-2 Internet Options: Privacy Step 3. Click Apply to save this setting. Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. Step 1. In Internet Explorer, select Tools, Internet Options and then the Privacy tab.
Page 152: Figure A-3 Internet Options: Privacy
Vantage RADIUS User’s Guide Figure A-3 Internet Options: Privacy Step 3. Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. Step 4. Click Add to move the IP address to the list of Allowed sites. Troubleshooting...
Page 153: Figure A-4 Pop-Up Blocker Settings
Vantage RADIUS User’s Guide Figure A-4 Pop-up Blocker Settings Step 5. Click Close to return to the Privacy screen. Step 6. Click Apply to save this setting. JavaScripts Step 1. If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.
Page 154: Figure A-5 Internet Options: Security
Vantage RADIUS User’s Guide Figure A-5 Internet Options: Security Step 3. Click the Custom Level... button. Step 4. Scroll down to Scripting. Step 5. Under Active scripting make sure that Enable is selected (the default). Step 6. Under Scripting of Java applets make sure that Enable is selected (the default). Step 7.
Page 155: Figure A-6 Security Settings - Java Scripting
Vantage RADIUS User’s Guide Figure A-6 Security Settings - Java Scripting Java Permissions Step 1. From Internet Explorer, click Tools, Internet Options and then the Security tab. Step 2. Click the Custom Level... button. Step 3. Scroll down to Microsoft VM. Step 4.
Page 156: Figure A-7 Security Settings - Java
Vantage RADIUS User’s Guide Figure A-7 Security Settings - Java JAVA (Sun) Step 1. From Internet Explorer, click Tools, Internet Options and then the Advanced tab. Step 2. Make sure that Use Java 2 for <applet> under Java (Sun) is selected. Step 3.
Page 157: Figure A-8 Java (Sun
Vantage RADIUS User’s Guide Figure A-8 Java (Sun) Troubleshooting A-11...
Page 159: Appendix B Specifications
Vantage RADIUS User’s Guide Appendix B Specifications Hardware Chart B-1 HARDWARE SPECIFICATIONS Power Specification DC 5V 3Amp Max. Operation Temperature 0º C ~ 50º C Storage Temperature -10º C ~ 60º C Operation Humidity 10% to 90% (Non-condensing) Storage Humidity 5% to 95% (Non-condensing) Firmware CHART B-2 FIRMWARE SPECIFICATIONS...
Page 160 Vantage RADIUS User’s Guide CHART B-2 FIRMWARE SPECIFICATIONS Diagnostics Capabilities The access point can perform self-diagnostic tests. These tests check the integrity of the following circuits: FLASH memory. DRAM. Dual Ethernet port. Syslog. RADIUS log User Trace log. Management Embedded Web Configurator management. Command-line interface.
Page 161: Appendix C Power Over Ethernet Specifications
Vantage RADIUS User’s Guide Appendix C Power over Ethernet Specifications You can use a power over Ethernet injector to power this device. The injector must comply to IEEE 802.3af. Chart C-1 Power over Ethernet Injector Specifications Power Output 15.4 Watts maximum Power Current 400 mA maximum Chart C-2 Power over Ethernet Injector RJ-45 Port Pin Assignments...
Page 163: Appendix D Setting Up Your Computer's Ip Address
Vantage RADIUS User’s Guide Appendix D Setting up Your Computer’s IP Address This appendix is a general guide on how to set an IP address on your computer or have it receive an IP address automatically if the device you are connecting it to can assign it an IP address.
Page 164 Vantage RADIUS User’s Guide The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: In the Network window, click Add. Select Adapter and then click Add. Select the manufacturer and model of your network adapter and then click OK.
Page 165 Vantage RADIUS User’s Guide Click the IP Address tab. -If your IP address is dynamic, select Obtain an IP address automatically. -If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields. Click the DNS Configuration tab.
Page 166 Vantage RADIUS User’s Guide Click the Gateway tab. -If you do not know your gateway’s IP address, remove previously installed gateways. -If you have a gateway IP address, type it in the New gateway field and click Add. Click OK to save and close the TCP/IP Properties window. Click OK to close the Network window.
Page 167 Vantage RADIUS User’s Guide For Windows XP, click start, Control Panel. In Windows 2000/NT, click Start, Settings, Control Panel. For Windows XP, click Network Right-click Local Area Connection and then Connections. For Windows 2000/NT, click click Properties. Network and Dial-up Connections. Setting Up Your Computer’s IP Address...
Page 168 Vantage RADIUS User’s Guide Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). -If you have a dynamic IP address click Obtain an IP address automatically.
Page 169 Vantage RADIUS User’s Guide -If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: -In the IP Settings tab, in IP addresses, click Add.
Page 170 Vantage RADIUS User’s Guide Click OK to close the Internet Protocol (TCP/IP) Properties window. Click OK to close the Local Area Connection Properties window. Turn on your Vantage RADIUS and restart your computer (if prompted). Verifying Your Computer’s IP Address Click Start, All Programs, Accessories and then Command Prompt.
Page 171: Macintosh Os X
Vantage RADIUS User’s Guide Select Ethernet built-in from the Connect via list. For dynamically assigned settings, select Using DHCP Server from the Configure: list. For statically assigned settings, do the following: -From the Configure box, select Manually. -Type your IP address in the IP Address box. -Type your subnet mask in the Subnet mask box.
Page 172 Vantage RADIUS User’s Guide Click the Apple menu, and click System Preferences to open the System Preferences window. Click Network in the icon bar. - Select Automatic from the Location list. - Select Built-in Ethernet from the Show list. - Click the TCP/IP tab. For dynamically assigned settings, select Using DHCP from the Configure list.
Page 173 Vantage RADIUS User’s Guide Appendix E Wireless LAN and IEEE 802.11 A wireless LAN (WLAN) provides a flexible data communications system that you can use to access various services (navigating the Internet, email, printer services, etc.) without the use of a cabled connection.
Page 174 Vantage RADIUS User’s Guide Diagram E-1 Peer-to-Peer Communication in an Ad-hoc Network Infrastructure Wireless LAN Configuration For infrastructure WLANs, multiple access points (APs) link the WLAN to the wired network and allow users to efficiently share network resources. The access points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood.
Page 175 Vantage RADIUS User’s Guide Diagram E-2 ESS Provides Campus-Wide Coverage Wireless LAN and IEEE 802.11...
Page 177: Appendix F Wireless Lan With Ieee 802.1X
Vantage RADIUS User’s Guide Appendix F Wireless LAN With IEEE 802.1x As wireless networks become popular for both portable computing and corporate networks, security is now a priority. Security Flaws with IEEE 802.11 Wireless networks based on the original IEEE 802.11 have a poor reputation for safety. The IEEE 802.11b wireless access standard, first published in 1999, was based on the MAC address.
Page 178 Vantage RADIUS User’s Guide Client computer access authorized. Client computer access not authorized. Diagram F-1 Sequences for EAP MD5–Challenge Authentication Wireless LAN With IEEE 802.1x...
Page 179: Appendix G Types Of Eap Authentication
Vantage RADIUS User’s Guide Appendix G Types of EAP Authentication This appendix discusses the five popular EAP authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and LEAP. The type of authentication you use depends on the RADIUS server. Consult your network administrator for more information. EAP-MD5 (Message-Digest Algorithm 5) MD5 authentication is the simplest one-way authentication method.
Page 180 Vantage RADIUS User’s Guide LEAP LEAP (Light Extensible Authentication Protocol) is a Cisco implementation of IEEE802.1x. For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, a simple user name and password pair is more practical.
Page 181: Chart H-1 Classes Of Ip Addresses
Vantage RADIUS User’s Guide Appendix H IP Subnetting IP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1.
Page 182: Appendix H Ip Subnetting
Vantage RADIUS User’s Guide Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127. Similarly the first octet of a class “B” must begin with “10”, therefore the first octet of a class “B” address has a valid range of 128 to 191.
Page 183: Chart H-4 Alternative Subnet Mask Notation
Vantage RADIUS User’s Guide Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet.
Page 184: Chart H-5 Subnet 1
Vantage RADIUS User’s Guide In the following charts, shaded/bolded last octet bit values indicate host ID bits “borrowed” to form network ID bits. The number of “borrowed” host ID bits determines the number of subnets you can have. The remaining number of host ID bits (after “borrowing”) determines the number of hosts you can have on each subnet.
Page 185: Chart H-7 Subnet 1
Vantage RADIUS User’s Guide The above example illustrated using a 25-bit subnet mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow” two host ID bits to give four possible combinations of 00, 01, 10 and 11.
Page 186: Chart H-10 Subnet 4
Vantage RADIUS User’s Guide Chart H-10 Subnet 4 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 11000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.192 Lowest Host ID: 192.168.1.193 Broadcast Address: 192.168.1.255 Highest Host ID: 192.168.1.254 Example Eight Subnets Similarly use a 27-bit mask to create 8 subnets (001, 010, 011, 100, 101, 110).
Page 187: Chart H-13 Class B Subnet Planning
Vantage RADIUS User’s Guide NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 255.255.255.248 (/29) 255.255.255.252 (/30) 255.255.255.254 (/31) Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID.
Page 189: Appendix I Command Interpreter
Vantage RADIUS User’s Guide Appendix I Command Interpreter The following describes how to use the command interpreter. Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable. Command Syntax The interface outputs are in courier new font. Command keywords are emboldened and you should enter them exactly as shown, do not abbreviate.
Page 190 Vantage RADIUS User’s Guide Type h or help before a command to see its usage. Vantage> help netconf netconf netconf ip [IP address] netmask [netmask] gateway [gateway IP address] netconf dns1 [dns1 IP address] dns2 [dns2 IP address] Vantage> help exit exit Vantage>...
Page 191 Vantage RADIUS User’s Guide IP Address : 192.168.1.40 Netmask : 255.255.255.0 Gateway : 192.168.1.154 Primary DNS : 168.95.1.1 Secondary DNS : 168.95.192.1 : 00:00:84:40:50:05 The changes are reflected in the above example exit Type this command to logout from the console and return to the login prompt. Vantage>...
Page 192 Vantage RADIUS User’s Guide Type https enable to allow remote HTTPS access to Vantage RADIUS. Type https disable to have Vantage RADIUS block remote HTTPS access. Command Interpreter...
Page 193: Appendix J Power Adaptor Specifications
Vantage RADIUS User’s Guide Appendix J Power Adaptor Specifications NORTH AMERICAN PLUG STANDARDS AC Power Adaptor Model HPW-1005U Input Power AC120V/60HZ Output Power DC 5V Power Consumption 2.2W Safety Standards UL/C-UL EUROPEAN PLUG STANDARDS AC Power Adaptor Model HPW-1005U Input Power AC220V/50HZ Output Power DC 5V...
Page 194 Vantage RADIUS User’s Guide AUSTRALIA AND NEW ZEALAND PLUG STANDARDS AC Power Adaptor Model HPW-1005U Input Power AC240V/50HZ Output Power DC 5V Power Consumption 6.5W Safety Standards Power Adaptor Specifications...
Page 195: Appendix K Open Software Announcements
Vantage RADIUS User’s Guide Appendix K Open Software Announcements Notice Information herein is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, except the express written permission of ZyXEL Communications Corporation.
Page 196 Vantage RADIUS User’s Guide Copyright (C) 1995-1998 Jean-loup Gailly and Mark Adler This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions: 1.
Page 197 Vantage RADIUS User’s Guide ======== Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Page 198 Vantage RADIUS User’s Guide -------------------------------- Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved. This package is an SSL implementation written by Eric Young (eay@cryptsoft.com). The implementation was written so as to conform with Netscapes SSL. This library is free for commercial and non-commercial use as long as the following conditions are aheared to.
Page 199 Vantage RADIUS User’s Guide The licence and distribution terms for any publically available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution licence [including the GNU Public Licence.] This product includes NTP under NTP License NTP License Copyright (c) David L.
Page 200 Vantage RADIUS User’s Guide DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Page 201: Gnu General Public License
Vantage RADIUS User’s Guide with the protocol description in the RFC file, it must be called by a name other than "ssh" or "Secure Shell". " ===== loginrec.c loginrec.h atomicio.h atomicio.c and strlcat() (included in util.c) are from OpenSSH 3.6.1p2, and are licensed under the 2 point BSD license.
Page 202 Vantage RADIUS User’s Guide Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
Page 203 Vantage RADIUS User’s Guide derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License;...
Page 204 Vantage RADIUS User’s Guide a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange;...
Page 205 Vantage RADIUS User’s Guide unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims;...
Page 206 NOTE: Some components of the “Vantage RADIUS 50 ”software incorporate source code covered under the Zlib License, OpenSSL License, BSD License, NTP License, Dropbear License and GPL License. To obtain the source code covered under those Licenses, please contact ZyXEL Communications Corporation at: support@zyxel.com.tw...
Page 207 Vantage RADIUS User’s Guide Copyright The Software and Documentation contain material that is protected by United States Copyright Law and trade secret law, and by international treaty provisions. All rights not granted to you herein are expressly reserved by ZyXEL. You may not remove any proprietary notice of ZyXEL or any of its licensors from any copy of the Software or Documentation.
Page 208 Vantage RADIUS User’s Guide DAYS FROM THE DATE OF PURCHASE OF THE SOFTWARE, AND NO WARRANTIES SHALL APPLY AFTER THAT PERIOD. Limitation of Liability IN NO EVENT WILL ZyXEL BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, WITHOUT LIMITATION, INDIRECT, SPECIAL, PUNITIVE, OR EXEMPLARY DAMAGES FOR LOSS OF BUSINESS, LOSS OF PROFITS, BUSINESS INTERRUPTION, OR LOSS OF BUSINESS INFORMATION) ARISING OUT OF THE USE OF OR INABILITY TO USE THE PROGRAM, OR FOR ANY CLAIM BY ANY...
Page 209 Vantage RADIUS User’s Guide Documentation and to certify in writing that all known copies, including backup copies, have been destroyed. All provisions relating to confidentiality, proprietary rights, and non-disclosure shall survive the termination of this Software License Agreement. General This License Agreement shall be construed, interpreted and governed by the laws of Republic of China without regard to conflicts of laws provisions thereof.
Page 211: Appendix L Index
Vantage RADIUS User’s Guide Appendix L Index Certifications............. iii Classes of IP Addresses ......... H-1 Command Interpreter ........I-1 Access- Challenge ...........4-6 exit ...............I-3 Access- Request ..........4-6 h or help ............I-1 Access- Response..........4-6 http ...............I-3 Access-Accept..........4-5 https .............I-3 Access-Reject ..........4-5 netconf ............I-2 Access-Request ..........4-5 Command List..........I-1 Accounting ............1-4...
Page 212 Vantage RADIUS User’s Guide Independent Basic Service Set......E-2 Industry Canada ..........iv EAP..............5-2 Infrastructure Configuration ......E-2 EAP Authentication ........5-2 Internet Security Gateway......xvii MD5............G-1 IP Address..........3-1, 3-7 PEAP ............G-2 IP Addressing..........H-1 TLS ............G-1 IP Classes............H-1 TTLS............
Page 213 Vantage RADIUS User’s Guide SNMP ( Simple Network Management Protocol) ..............1-5 Packing List Card ...........xvii SNMP Support ..........1-5 PEAP ..............G-2 SSH ..........1-6, 7-3, 7-4 Power Adapter Specifications ......J-1 Subnet Mask............3-1 Power over Ethernet ........C-1 Subnet Masks ..........H-2 Power Specification.........
Page 214 Vantage RADIUS User’s Guide Web Configurator Overview......2-1 Wireless Access Point Example....5-46 User Account ..........5-40 Wireless Accounts .......... 1-6 User Feedback..........xvii Wireless Authentication Setup Example..5-47 User Trace Record .......... 1-6 Wireless LAN ..........E-1 User Trace Screen ......... 4-12 Benefits............E-1 User’s Guide ..........

ZyXEL Communications Vantage RADIUS 50 User Manual

Chapter 1 Getting to Know Your Vantage RADIUS

Chapter 2 Introducing the Web Configurator

Chapter 3 Advanced Settings

Chapter 4 System Logs

Chapter 5 RADIUS Configuration

Chapter 6 Maintenance

Chapter 7 Management

Chapter 8 RESET and RESTART Vantage RADIUS

Appendix A Troubleshooting

Appendix B Specifications

Appendix C Power over Ethernet Specifications

Appendix D Setting up Your Computer's IP Address

Appendix E Wireless LAN and IEEE 802.11

Appendix F Wireless LAN with IEEE 802.1X

Appendix G Types of EAP Authentication

Appendix H IP Subnetting

Appendix I Command Interpreter

Appendix J Power Adaptor Specifications

Appendix K Open Software Announcements

Appendix L Index

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications Vantage RADIUS 50

Summary of Contents for ZyXEL Communications Vantage RADIUS 50