Page 1 ZyAIR G-3000 802.11g Business Access Point/Bridge/Repeater User’s Guide Version 3.50 September 2004...
Page 3: Federal Communications Commission (Fcc) Interference Statement
ZyAIR G-3000 User’s Guide Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.
Page 4: Zyxel Limited Warranty
ZyAIR G-3000 User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During...
Page 5: Customer Support
ZyAIR G-3000 User’s Guide Customer Support Please have the following information ready when you contact customer support. • Product model and serial number. • Warranty Information. • Date that you received your device. • Brief description of the problem and the steps you took to solve it.
Page 6 ZyAIR G-3000 User’s Guide support@zyxel.fi +358 9 4780 8411 www.zyxel.fi ZyXEL Communications Oy Malminkaari 10 FINLAND sales@zyxel.fi +358 9 4780 8448 00700 Helsinki Finland a. “+” is the (prefix) number you enter to make an international telephone call. Customer Support...
Page 7: Table Of Contents
ZyAIR G-3000 User’s Guide Table of Contents Copyright ........................2 Federal Communications Commission (FCC) Interference Statement ....3 ZyXEL Limited Warranty..................4 Customer Support....................5 Preface ........................24 Chapter 1 Getting to Know Your ZyAIR ................. 28 1.1 Introducing the ZyAIR ..................28 1.2 ZyAIR Features ....................28...
Page 8 ZyAIR G-3000 User’s Guide 1.2.2.16 Logging and Tracing ..............33 1.2.2.17 Embedded FTP and TFTP Servers ..........33 1.2.2.18 Wireless Association List ..............33 1.2.2.19 Wireless LAN Channel Usage ............33 1.3 Applications for the ZyAIR ..................33 1.3.1 Dual WLAN Interface ................33 1.3.2 Access Point .....................34 1.3.3 AP + Bridge ....................35...
Page 9 ZyAIR G-3000 User’s Guide 5.2 Wireless LAN Basics ..................58 5.2.1 RTS/CTS ....................58 5.2.2 Fragmentation Threshold ................59 5.3 Spanning Tree Protocol (STP) ................60 5.3.1 Rapid STP ....................60 5.3.2 STP Terminology ..................60 5.3.3 How STP Works ..................61 5.3.4 STP Port States ..................61 5.4 Preamble ......................61...
Page 10 ZyAIR G-3000 User’s Guide Chapter 7 VLAN ........................96 7.1 VLAN ........................96 7.1.1 Management VLAN ID ................96 7.2 Configuring VLAN ....................96 Chapter 8 IP Screen......................... 98 8.1 Factory Ethernet Defaults ..................98 8.2 TCP/IP Parameters ....................98 8.2.1 IP Address and Subnet Mask ..............98 8.2.2 WAN IP Address Assignment ..............98...
Page 11 ZyAIR G-3000 User’s Guide Chapter 12 General Setup ....................... 124 12.1 General Setup ....................124 12.1.1 Procedure To Configure Menu 1 ............124 Chapter 13 LAN Setup......................126 13.1 LAN Setup ......................126 13.2 TCP/IP Ethernet Setup ...................126 13.3 Wireless LAN Setup ..................127 13.3.1 Configuring MAC Address Filter ............129...
Page 12 ZyAIR G-3000 User’s Guide Chapter 18 Firmware and Configuration File Maintenance ..........152 18.1 Filename Conventions ...................152 18.2 Backup Configuration ..................153 18.2.1 Backup Configuration Using FTP ............153 18.2.2 Using the FTP command from the DOS Prompt ........154 18.2.3 Backup Configuration Using TFTP ............155 18.2.4 Example: TFTP Command ..............156...
Page 13 ZyAIR G-3000 User’s Guide Power over Ethernet Specifications ..............174 Appendix D Brute-Force Password Guessing Protection............. 176 Appendix E Setting up Your Computer’s IP Address............178 Appendix F IP Address Assignment Conflicts ..............190 Appendix G IP Subnetting ......................194 Appendix H Command Interpreter...................
Page 14 ZyAIR G-3000 User’s Guide Table of Contents...
Page 15 ZyAIR G-3000 User’s Guide List of Figures Figure 1 PoE Installation Example ..................29 Figure 2 WDS Functionality Example ................. 30 Figure 3 Dual WLAN Application ..................34 Figure 4 Access Point Application ..................35 Figure 5 AP+Bridge Application ..................36 Figure 6 Bridge Application ....................
Page 16 Figure 60 Login Screen ....................... 118 Figure 61 Menu 23.1 System Security : Change Password ..........119 Figure 62 ZyAIR G-3000 SMT Menu Overview Example ........... 120 Figure 63 ZyAIR G-3000 SMT Main Menu ................. 121 Figure 64 Menu 1 General Setup ..................124 Figure 65 Menu 3 LAN Setup .....................
Page 17 ZyAIR G-3000 User’s Guide Figure 80 Menu 23.4 System Security : IEEE802.1x ............143 Figure 81 Menu 24 System Maintenance ................146 Figure 82 Menu 24.1 System Maintenance : Status ............147 Figure 83 Menu 24.2 System Information and Console Port Speed ........148 Figure 84 Menu 24.2.1 System Information : Information ...........
Page 18 ZyAIR G-3000 User’s Guide Figure 123 IP Address Conflicts: Case B ................191 Figure 124 IP Address Conflicts: Case C ................191 Figure 125 IP Address Conflicts: Case D ................192 Figure 126 Peer-to-Peer Communication in an Ad-hoc Network ........209 Figure 127 ESS Provides Campus-Wide Coverage ............
Page 19 ZyAIR G-3000 User’s Guide List of Tables Table 1 IEEE 802.11b ......................31 Table 2 IEEE 802.11g ......................31 Table 3 Wizard 1 : General Setup ..................43 Table 4 Wizard 2 : Wireless LAN Setup ................44 Table 5 Private IP Address Ranges ................... 45 Table 6 Wizard 3 : IP Address Assignment ................
Page 20 ZyAIR G-3000 User’s Guide Table 37 Menu 1 General Setup ..................124 Table 38 Menu 3.2 TCP/IP Setup ..................127 Table 39 Menu 3.5 Wireless LAN Setup ................128 Table 40 Menu 3.5.1 WLAN MAC Address Filter ............... 131 Table 41 Menu 3.5.4 Bridge Link Configuration ..............132 Table 42 Menu 14.1- Edit Dial-in User ................
Page 21 ZyAIR G-3000 User’s Guide Table 80 Class B Subnet Planning ..................200 Table 81 System Maintenance Logs .................. 204 Table 82 ICMP Notes ......................204 Table 83 Sys log ......................... 205 Table 84 Log Categories and Available Settings ..............206 Table 85 Comparison of EAP Authentication Types ............
Page 22 ZyAIR G-3000 User’s Guide List of Tables...
Page 23: Preface
ZyAIR G-3000 User’s Guide Preface Congratulations on your purchase of the ZyAIR G-3000 - 802.11g Business Access Point/ Bridge/Repeater. An AP acts as a bridge between the wireless and wired networks, extending your existing wired network without any additional wiring.
Page 24 • For brevity’s sake, we will use “e.g.,” as a shorthand for “for instance”, and “i.e.,” for “that is” or “in other words” throughout this manual. • The ZyAIR G-3000 may be referred to simply as the ZyAIR in the user’s guide. Preface...
Page 25 ZyAIR G-3000 User’s Guide Graphics Icons Key ZyAIR Computer Notebook computer Server DSLAM Firewall Modem Switch Router Wireless Signal Preface...
Page 26 ZyAIR G-3000 User’s Guide Preface...
Page 27: Getting To Know Your Zyair
This chapter introduces the main features and applications of the ZyAIR. 1.1 Introducing the ZyAIR The ZyAIR G-3000 is an enterprise level IEEE802.11g compliant business access point, bridge and repeater. The ZyAIR provides a Wireless Distribution System (WDS) to support the bridge and repeater application giving flexibility to build an extended wireless network.
Page 28: Zyair Led
ZyAIR G-3000 User’s Guide 1.2.1.4 ZyAIR LED The blue ZyAIR LED (also known as the Breathing LED) is on when the ZyAIR is on and blinks (or breaths) when data is being transmitted to/from its wireless stations. You may use the web configurator to turn this LED off even when the ZyAIR is on and data is being transmitted/received.
Page 29: Wi-Fi Protected Access
ZyAIR G-3000 User’s Guide 1.2.2.2 Wi-Fi Protected Access Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft. Key differences between WPA and WEP are user authentication and improved data encryption. 1.2.2.3 VLAN A VLAN (Virtual Local Area Network) allows a physical network to be partitioned into multiple logical networks.
Page 30: Wireless Lan Standard
ZyAIR G-3000 User’s Guide The 802.11b data rate and corresponding modulation techniques are shown in the table below. The modulation technique defines how bits are encoded onto radio waves. Table 1 IEEE 802.11b DATA RATE (MBPS) MODULATION DBPSK (Differential Binary Phase Shift Keyed) DQPSK (Differential Quadrature Phase Shift Keying 5.5 / 11...
Page 31: Ssl Passthrough
ZyAIR G-3000 User’s Guide 1.2.2.9 SSL Passthrough SSL (Secure Sockets Layer) uses a public key to encrypt data that's transmitted over an SSL connection. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with “https”...
Page 32: Logging And Tracing
ZyAIR G-3000 User’s Guide 1.2.2.16 Logging and Tracing • Built-in message logging and packet tracing. • Unix syslog facility support. 1.2.2.17 Embedded FTP and TFTP Servers The ZyAIR’s embedded FTP and TFTP servers enable fast firmware upgrades as well as configuration file backups and restoration.
Page 33: Access Point
ZyAIR G-3000 User’s Guide Figure 3 Dual WLAN Application The ZyAIR can be configured using the following WLAN operating modes 1 AP 2 AP+Bridge 3 Bridge/Repeater Applications for each operating mode are shown below. Note: A different channel should be configured for each WLAN interface to reduce the effects of radio interference.
Page 34: Ap + Bridge
ZyAIR G-3000 User’s Guide Figure 4 Access Point Application 1.3.3 AP + Bridge In AP+Bridge mode, the ZyAIR supports both AP (A and B can connect to the wired network through X) and bridge (X can communicate with Y) connection at the same time.
Page 35: Bridge / Repeater
ZyAIR G-3000 User’s Guide Figure 5 AP+Bridge Application 1.3.4 Bridge / Repeater The ZyAIR can act as a wireless network bridge and establish wireless links with other APs. In bridge mode, the ZyAIR’s (A and B) are connected to independent wired networks and have a bridge (A can communicate with B) connection at the same time.
Page 36: Figure 6 Bridge Application
ZyAIR G-3000 User’s Guide Figure 6 Bridge Application Figure 7 Repeater Application Chapter 1 Getting to Know Your ZyAIR...
Page 37: Introducing The Web Configurator
ZyAIR G-3000 User’s Guide H A P T E R Introducing the Web Configurator This chapter describes how to access the ZyAIR web configurator and provides an overview of its screens. The default IP address of the ZyAIR is 192.168.1.2.
Page 38: Resetting The Zyair
ZyAIR G-3000 User’s Guide Figure 8 Change Password Screen You should now see the MAIN MENU screen.. Note: The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the ZyAIR if this happens to you.
Page 39: Navigating The Zyair Web Configurator
ZyAIR G-3000 User’s Guide 2.3 Navigating the ZyAIR Web Configurator We use the ZyAIR G-3000 web configurator in this guide as an example. The web configurator screens for your model may vary slightly for different ZyAIR models. The following summarizes how to navigate the web configurator from the MAIN MENU screen.
Page 40 ZyAIR G-3000 User’s Guide Chapter 2 Introducing the Web Configurator...
Page 41: Chapter 3 Wizard Setup
ZyAIR G-3000 User’s Guide H A P T E R Wizard Setup This chapter provides information on the Wizard Setup screens in the web configurator. 3.1 Wizard Setup Overview The web configurator’s setup wizard helps you configure your ZyAIR for wireless stations to access your wired LAN.
Page 42: Wizard Setup: General Setup
ZyAIR G-3000 User’s Guide 3.2 Wizard Setup: General Setup General Setup contains administrative and system-related information. The Domain Name entry is what is propagated to the DHCP clients on the LAN. If you leave this blank, the domain name obtained by DHCP from the ISP is used. While you must enter the host name (System Name) on each individual computer, the domain name can be assigned from the ZyAIR via DHCP.
Page 43: Wizard Setup: Wireless Lan
ZyAIR G-3000 User’s Guide 3.3 Wizard Setup: Wireless LAN Use the second wizard screen to set up the wireless LAN. Figure 11 Wizard 2 : Wireless LAN Setup The following table describes the labels in this screen. Table 4 Wizard 2 : Wireless LAN Setup...
Page 44: Wizard Setup: Ip Address
ZyAIR G-3000 User’s Guide Table 4 Wizard 2 : Wireless LAN Setup LABEL DESCRIPTION Key 1 to Key 4 The WEP keys are used to encrypt data. Both the ZyAIR and the wireless stations must use the same WEP key for data transmission.
Page 45: Ip Address And Subnet Mask
ZyAIR G-3000 User’s Guide 3.4.2 IP Address and Subnet Mask Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number. Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
Page 46: Figure 12 Wizard 3 : Ip Address Assignment
ZyAIR G-3000 User’s Guide Figure 12 Wizard 3 : IP Address Assignment The following table describes the labels in this screen. Table 6 Wizard 3 : IP Address Assignment LABEL DESCRIPTION IP Address Assignment Get automatically from Select this option if your ZyAIR is using a dynamically assigned IP address DHCP from a DHCP server each time.
Page 47: Basic Setup Complete
ZyAIR G-3000 User’s Guide 3.5 Basic Setup Complete When you click Finish in the Wizard 3 IP Address Assignment screen, a warning window display as shown. Click OK to close the window and log in to the web configurator again using the new IP address if you change the default IP address (192.168.1.2).
Page 48 ZyAIR G-3000 User’s Guide Chapter 3 Wizard Setup...
Page 49: Chapter 4 System Screens
ZyAIR G-3000 User’s Guide H A P T E R System Screens 4.1 System Overview This section provides information on general system setup. 4.2 Configuring General Setup Click the SYSTEM link under ADVANCED to open the General screen. Figure 14 System General Setup The following table describes the labels in this screen.
Page 50: Configuring Password
ZyAIR G-3000 User’s Guide Table 7 System General Setup LABEL DESCRIPTION Administrator Type how many minutes a management session (either via the web Inactivity Timer configurator or SMT) can be left idle before the session times out. The default is 5 minutes. After it times out you have to log in with your password again.
Page 51: Configuring Time Setting
ZyAIR G-3000 User’s Guide Figure 15 Password. The following table describes the labels in this screen. Table 8 Password LABEL DESCRIPTIONS Old Password Type in your existing system password (1234 is the default password). New Password Type your new system password (up to 31 characters). Note that as you type a password, the screen displays an asterisk (*) for each character you type.
Page 52: Figure 16 Time Setting
ZyAIR G-3000 User’s Guide Figure 16 Time Setting The following table describes the labels in this screen. Table 9 Time Setting LABEL DESCRIPTION Time Protocol Select the time service protocol that your time server sends when you turn on the ZyAIR. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.
Page 53 ZyAIR G-3000 User’s Guide Table 9 Time Setting LABEL DESCRIPTION Time Zone Choose the time zone of your location. This will set the time difference between your time zone and Greenwich Mean Time (GMT). Daylight Savings Select this option if you use daylight savings time. Daylight saving is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening.
Page 54 ZyAIR G-3000 User’s Guide Chapter 4 System Screens...
Page 55: Wireless Configuration And Roaming
ZyAIR G-3000 User’s Guide H A P T E R Wireless Configuration and Roaming This chapter discusses how to configure Wireless and Roaming screens on the ZyAIR. 5.1 Wireless LAN Overview This section introduces the wireless LAN (WLAN) and some basic scenarios.
Page 56: Ess
ZyAIR G-3000 User’s Guide Intra-BSS traffic is traffic between wireless stations in the BSS. When Intra-BSS is enabled, wireless station A and B can access the wired network and communicate with each other. When Intra-BSS is disabled, wireless station A and B can still access the wired network but cannot communicate with each other.
Page 57: Wireless Lan Basics
ZyAIR G-3000 User’s Guide Figure 19 Extended Service Set 5.2 Wireless LAN Basics Refer also to the Wizard Setup chapter for more background information on Wireless LAN features, such as channels. 5.2.1 RTS/CTS A hidden node occurs when two stations are within range of the same access point, but are not within range of each other.
Page 58: Fragmentation Threshold
ZyAIR G-3000 User’s Guide Figure 20 RTS/CTS When station A sends data to the ZyAIR, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
Page 59: Spanning Tree Protocol (Stp)
ZyAIR G-3000 User’s Guide A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.
Page 60: How Stp Works
ZyAIR G-3000 User’s Guide For each LAN segment, a designated bridge is selected. This bridge has the lowest cost to the root among the bridges connected to the LAN. 5.3.3 How STP Works After a bridge determines the lowest cost-spanning tree with STP, it enables the root port and the ports that are the designated ports for connected LANs, and disables all other ports that participate in STP.
Page 61: Configuring Wireless
ZyAIR G-3000 User’s Guide Select Long if you have a ‘noisy’ network or are unsure of what preamble mode your wireless clients support as all IEEE 802.11b compliant wireless adapters must support long preamble. However, not all wireless adapters support short preamble. Use long preamble if you are unsure what preamble mode the wireless adapters support, to ensure interpretability between the ZyAIR and the wireless stations and to provide more reliable communication in ‘noisy’...
Page 62: Figure 21 Wireless
ZyAIR G-3000 User’s Guide Figure 21 Wireless The following table describes the general wireless LAN labels in this screen. Table 12 Wireless LABEL DESCRIPTION WLAN Adaptor Select Built-in from the drop down list box to configure your ZyAIR using the internal WLAN card.
Page 63 ZyAIR G-3000 User’s Guide Table 12 Wireless LABEL DESCRIPTION Hide ESSID Select this check box to hide the ESSID in the outgoing beacon frame so a station cannot obtain the ESSID through passive scanning using a site survey tool. Choose Channel Set the operating frequency/channel depending on your particular region.
Page 64: Bridge/Repeater Mode
ZyAIR G-3000 User’s Guide Table 12 Wireless LABEL DESCRIPTION 802.11 Mode Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to associate with the ZyAIR. Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to associate with the ZyAIR.
Page 65: Figure 22 Bridging Example
ZyAIR G-3000 User’s Guide Figure 22 Bridging Example Be careful to avoid bridge loops when you enable bridging in the ZyAIR. Bridge loops cause broadcast traffic to circle the network endlessly, resulting in possible throughput degradation and disruption of communications. The following examples show two network topologies that can lead to this problem: If two or more ZyAIRs (in bridge mode) are connected to the same hub as shown next.
Page 66: Figure 24 Bridge Loop: Bridge Connected To Wired Lan
ZyAIR G-3000 User’s Guide Figure 24 Bridge Loop: Bridge Connected to Wired LAN To prevent bridge loops, ensure that you enable STP in the Wireless screen or your ZyAIR is not set to bridge mode while connected to both wired and wireless segments of the same LAN.
Page 67: Figure 25 Wireless : Bridge/Repeater
ZyAIR G-3000 User’s Guide Figure 25 Wireless : Bridge/Repeater The following table describes the bridge labels in this screen. Table 13 Wireless : Bridge/Repeater LABEL DESCRIPTIONS WLAN Adaptor Select Built-in from the drop down list box to configure your ZyAIR using the internal WLAN card.
Page 68: Ap+Bridge Mode
ZyAIR G-3000 User’s Guide Table 13 Wireless : Bridge/Repeater LABEL DESCRIPTIONS Remote Bridge MAC Type the MAC address of the peer device in a valid MAC address format, that Address is, six hexadecimal character pairs, for example, 12:34:56:78:9a:bc. Type a pre-shared key from 8 to 63 case-sensitive ASCII characters (including spaces and symbols).
Page 69: Figure 26 Wireless: Ap+Bridge
ZyAIR G-3000 User’s Guide Figure 26 Wireless: AP+Bridge See the tables describing the fields in the Access Point and Bridge/Repeater operating modes for descriptions of the fields in this screen. Note: The following screens are configurable only in Access Point and AP+Bridge operating modes.
Page 70: Configuring Roaming
ZyAIR G-3000 User’s Guide 5.6 Configuring Roaming A wireless station is a device with an IEEE 802.11b or an IEEE 802.11g compliant wireless inteface. An access point (AP) acts as a bridge between the wireless and wired networks. An AP creates its own wireless coverage area. A wireless station can associate with a particular access point only if it is within the access point’s coverage area.
Page 71: Requirements For Roaming
ZyAIR G-3000 User’s Guide Figure 27 Roaming Example The steps below describe the roaming process. 1 As wireless station Y moves from the coverage area of access point AP 1 to that of access point 2 AP 2, it scans and uses the signal of access point AP 2.
Page 72: Figure 28 Roaming
ZyAIR G-3000 User’s Guide To enable roaming on your ZyAIR, click the WIRELESS link under ADVANCED and then the Roaming tab. The screen appears as shown. Figure 28 Roaming The following table describes the labels in this screen. Table 14 Roaming...
Page 73: Chapter 6 Wireless Security
ZyAIR G-3000 User’s Guide H A P T E R Wireless Security This chapter describes how to use the MAC Filter, 802.1x, Local User Database and RADIUS to configure wireless security on your ZyAIR. 6.1 Wireless Security Overview Wireless security is vital to your network to protect wireless communication between wireless stations, access points and the wired network.
Page 74: Data Encryption
ZyAIR G-3000 User’s Guide 6.2.1 Data Encryption WEP provides a mechanism for encrypting data using encryption keys. Both the AP and the wireless stations must use the same WEP key to encrypt and decrypt data. Your ZyAIR allows you to configure up to four 64-bit or 128-bit WEP keys, but only one key can be enabled at any one time.
Page 75: Configuring Wep Encryption
ZyAIR G-3000 User’s Guide When your ZyAIR's authentication method is set to open system, it will only accept open system authentication requests. The same is true for shared key authentication. However, when it is set to auto authentication, the ZyAIR will accept either type of authentication request and the ZyAIR will fall back to use open authentication if the shared key does not match.
Page 76: Table 15 Wireless
ZyAIR G-3000 User’s Guide Table 15 Wireless LABEL DESCRIPTION WEP Encryption Select Disable to allow wireless stations to communicate with the access points without any data encryption. Select 64-bit WEP or 128-bit WEP to enable data encryption. Authentication Select Auto, Open System or Shared Key from the drop-down list box.
Page 77: Mac Filter
ZyAIR G-3000 User’s Guide Table 15 Wireless LABEL DESCRIPTION Apply Click Apply to save your changes back to the ZyAIR. Reset Click Reset to begin configuring this screen afresh. 6.4 MAC Filter The MAC filter screen allows you to configure the ZyAIR to give exclusive access to up to 32 devices (Allow Association) or exclude up to 32 devices from accessing the ZyAIR (Deny Association).
Page 78: Figure 32 Mac Address Filter
ZyAIR G-3000 User’s Guide Figure 32 MAC Address Filter The following table describes the labels in this screen. Table 16 MAC Address Filter LABEL DESCRIPTION WLAN Adaptor Select Built-in from the drop down list box to configure your ZyAIR using the internal WLAN card.
Page 79: Overview
ZyAIR G-3000 User’s Guide Table 16 MAC Address Filter LABEL DESCRIPTION Apply Click Apply to save your changes back to the ZyAIR. Reset Click Reset to begin configuring this screen afresh. 6.5 802.1x Overview The IEEE 802.1x standard outlines enhanced security methods for both the authentication of wireless stations and encryption key management.
Page 80: Eap Authentication Overview
ZyAIR G-3000 User’s Guide Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access. • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access- Request message.
Page 81: Dynamic Wep Key Exchange
ZyAIR G-3000 User’s Guide Figure 33 EAP Authentication The details below provide a general description of how IEEE 802.1x EAP authentication works. For an example list of EAP-MD5 authentication steps, see the IEEE 802.1x appendix. 1 The wireless station sends a “start” message to the ZyAIR.
Page 82: Introduction To Wpa
ZyAIR G-3000 User’s Guide 6.10 Introduction to WPA Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft. Key differences between WPA and WEP are user authentication and improved data encryption. 6.10.1 User Authentication WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients using an external RADIUS database.
Page 83: Wpa-Psk Application Example
ZyAIR G-3000 User’s Guide The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference between the two is that WPA-PSK uses a simple common password, instead of user-specific credentials. The common-password approach makes WPA-PSK susceptible to brute-force password-guessing attacks but it’s still an improvement over WEP as it employs an easier-to-...
Page 84 ZyAIR G-3000 User’s Guide 1 The AP passes the wireless client’s authentication request to the RADIUS server. 2 The RADIUS server then checks the user's identification against its database and grants or denies network access accordingly. 3 The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then...
Page 85: Security Parameters Summary
ZyAIR G-3000 User’s Guide Figure 35 WPA with RADIUS Application Example 6.13 Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. You enter manual keys by first selecting 64-bit WEP or 128-bit WEP from the WEP Encryption field and then typing the keys (in ASCII or hexadecimal format) in the key text boxes.
Page 86: Wireless Client Wpa Supplicants
ZyAIR G-3000 User’s Guide Table 17 Wireless Security Relational Matrix AUTHENTICATION METHOD/ KEY ENCRYPTION ENTER MANUAL KEY IEEE 802.1X MANAGEMENT METHOD PROTOCOL Shared Enable with Dynamic WEP Key Enable without Dynamic WEP Key Disable Enable TKIP Enable WPA-PSK Enable WPA-PSK...
Page 87: Authentication Required : 802.1X
ZyAIR G-3000 User’s Guide Figure 36 Wireless LAN : 802.1x/WPA The following table describes the labels in this screen. Table 18 Wireless LAN : 802.1x/WPA LABEL DESCRIPTION Wireless Port To control wireless stations access to the wired network, select a control method Control from the drop-down list box.
Page 88: Figure 37 Wireless Lan : 802.1X/Wpa For 802.1X Protocol
ZyAIR G-3000 User’s Guide Figure 37 Wireless LAN : 802.1x/WPA for 802.1x Protocol The following table describes the labels in this screen. Table 19 Wireless LAN : 802.1x/WPA for 802.1x Protocol LABEL DESCRIPTION Wireless Port To control wireless stations access to the wired network, select a control method Control from the drop-down list box.
Page 89: Authentication Required : Wpa
ZyAIR G-3000 User’s Guide Table 19 Wireless LAN : 802.1x/WPA for 802.1x Protocol LABEL DESCRIPTION Dynamic WEP This field is activated only when you select Authentication Required in the Key Exchange Wireless Port Control field. Also set the Authentication Databases field to RADIUS Only.
Page 90: Authentication Required: Wpa-Psk
ZyAIR G-3000 User’s Guide Figure 38 Wireless LAN: 802.1x/WPA for WPA Protocol The following table describes the labels not previously discussed Table 20 Wireless LAN: 802.1x/WPA for WPA Protocol LABEL DESCRIPTIONS Key Management Choose WPA in this field. Protocol WPA Mixed Mode The ZyAIR can operate in WPA Mixed Mode, which supports both clients running WPA and clients running dynamic WEP key exchange with 802.1x in the same Wi-...
Page 91: Configuring Local User Database
ZyAIR G-3000 User’s Guide Figure 39 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol The following table describes the labels not previously discussed Table 21 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol LABEL DESCRIPTION Key Management Choose WPA-PSK in this field. Protocol Pre-Shared Key The encryption mechanisms used for WPA and WPA-PSK are the same.
Page 92: Figure 40 Local User Database
ZyAIR G-3000 User’s Guide Figure 40 Local User Database The following table describes the labels in this screen. Table 22 Local User Database LABEL DESCRIPTION Active Select this check box to activate the user profile. User Name Enter the username (up to 31 characters) for this user profile.
Page 93: Configuring Radius
ZyAIR G-3000 User’s Guide Table 22 Local User Database LABEL DESCRIPTION Password Type a password (up to 31 characters) for this user profile. Note that as you type a password, the screen displays a (*) for each character you type.
Page 94 ZyAIR G-3000 User’s Guide Table 23 RADIUS LABEL DESCRIPTION Port Number Enter the port number of the external authentication server. The default port number is 1812. You need not change this value unless your network administrator instructs you to do so with additional information.
Page 95: Chapter 7 Vlan
ZyAIR G-3000 User’s Guide H A P T E R VLAN This chapter discusses how to configure VLAN on the ZyAIR 7.1 VLAN A VLAN (Virtual Local Area Network) allows a physical network to be partitioned into multiple logical networks. Stations on a logical network can belong to one or more groups.
Page 96: Figure 42 Vlan
ZyAIR G-3000 User’s Guide Figure 42 VLAN The following table describes the labels in this screen. Table 24 VLAN LABEL DESCRIPTION Enable VLAN Tagging Select this check box to turn on VLAN tagging. Management VLAN ID Enter a number from 1 to 255 to define this VLAN group. At least one device in your network must belong to this VLAN group in order to manage the ZyAIR.
Page 97: Chapter 8 Ip Screen
ZyAIR G-3000 User’s Guide H A P T E R IP Screen This chapter discusses how to configure IP on the ZyAIR 8.1 Factory Ethernet Defaults The Ethernet parameters of the ZyAIR are preset in the factory with the following values: 1 IP address of 192.168.1.2...
Page 98: Configuring Ip
ZyAIR G-3000 User’s Guide You can obtain your IP address from the IANA, from an ISP or have it assigned by a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks.
Page 99 ZyAIR G-3000 User’s Guide Table 26 IP Setup LABEL DESCRIPTION IP Subnet Mask Type the subnet mask. Gateway IP Address Type the IP address of the gateway. The gateway is an immediate neighbor of your ZyAIR that will forward the packet to the destination. On the LAN, the gateway must be a router on the same segment as your ZyAIR;...
Page 100 ZyAIR G-3000 User’s Guide Chapter 8 IP Screen...
Page 101: Chapter 9 Log Screens
ZyAIR G-3000 User’s Guide H A P T E R Log Screens This chapter contains information about configuring general log settings and viewing the ZyAIR’s logs. Refer to the appendix for example log message explanations. 9.1 Configuring View Log The web configurator allows you to look at all of the ZyAIR’s logs in one location.
Page 102: Configuring Log Settings
ZyAIR G-3000 User’s Guide Figure 44 View Log The following table describes the labels in this screen. Table 27 View Log LABEL DESCRIPTION Display Select a log category from the drop down list box to display logs within the selected category. To view all logs, select All Logs.
Page 103: Figure 45 Log Settings
ZyAIR G-3000 User’s Guide An alert is a type of log that warrants more serious attention. Some categories such as System Errors consist of both logs and alerts. You may differentiate them by their color in the View Log screen. Alerts are displayed in red and logs are displayed in black.
Page 104 ZyAIR G-3000 User’s Guide Table 28 Log Settings LABEL DESCRIPTION Log Facility Select a location from the drop down list box. The log facility allows you to log the messages to different files in the syslog server. Refer to the documentation of your syslog program for more details.
Page 105: Maintenance
ZyAIR G-3000 User’s Guide H A P T E R Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 10.1 Maintenance Overview The maintenance screens can help you view system information, upload new firmware, manage configuration and restart your ZyAIR.
Page 106: System Statistics
ZyAIR G-3000 User’s Guide Table 29 System Status LABEL DESCRIPTION DHCP This is the Ethernet port DHCP role - Client or None. Show Statistics Click Show Statistics to see router performance statistics such as number of packets sent and number of packets received for each port.
Page 107: Association List
ZyAIR G-3000 User’s Guide Table 30 System Status: Show Statistics LABEL DESCRIPTION Collisions This is the number of collisions on this port. Tx B/s This shows the transmission speed in bytes per second on this port. Rx B/s This shows the reception speed in bytes per second on this port.
Page 108: Channel Usage
ZyAIR G-3000 User’s Guide Figure 48 Association List The following table describes the labels in this screen. Table 31 Association List LABEL DESCRIPTION This is the index number of an associated wireless station. MAC Address This field displays the MAC address of an associated wireless station.
Page 109: Figure 49 Channel Usage
ZyAIR G-3000 User’s Guide Figure 49 Channel Usage The following table describes the labels in this screen. Table 32 Channel Usage LABEL DESCRIPTION SSID This is the Service Set IDentification name of the AP in an Infrastructure wireless network or wireless station in an Ad-Hoc wireless network. For our...
Page 110: F/W Upload Screen
ZyAIR G-3000 User’s Guide 10.5 F/W Upload Screen Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a "*.bin" extension, e.g., "zyair.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot.
Page 111: Figure 51 Firmware Upload In Process
ZyAIR G-3000 User’s Guide Figure 51 Firmware Upload In Process The ZyAIR automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 52 Network Temporarily Disconnecte After two minutes, log in again and check your new firmware version in the System Status screen.
Page 112: Configuration Screen
ZyAIR G-3000 User’s Guide Figure 53 Firmware Upload Error 10.6 Configuration Screen See the Firmware and Configuration File Maintenance chapter for transferring configuration files using FTP/TFTP commands. Click MAINTENANCE, and then the Configuration tab. Information related to factory defaults, backup configuration, and restoring configuration appears as shown next.
Page 113: Backup Configuration
ZyAIR G-3000 User’s Guide Figure 54 Configuration 10.6.1 Backup Configuration Backup configuration allows you to back up (save) the ZyAIR’s current configuration to a file on your computer. Once your ZyAIR is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes.
Page 114: Figure 55 Configuration Upload Successful
ZyAIR G-3000 User’s Guide Note: Do not turn off the ZyAIR while configuration file upload is in progress. After you see a “restore configuration successful” screen, you must then wait one minute before logging into the ZyAIR again. Figure 55 Configuration Upload Successful The ZyAIR automatically restarts in this time causing a temporary network disconnect.
Page 115: Back To Factory Defaults
ZyAIR G-3000 User’s Guide Figure 57 Configuration Upload Error 10.6.3 Back to Factory Defaults Pressing the Reset button in this section clears all user-entered configuration information and returns the ZyAIR to its factory defaults as shown on the screen. The following warning screen will appear.
Page 116: Figure 59 Restart Screen
ZyAIR G-3000 User’s Guide Figure 59 Restart Screen Chapter 10 Maintenance...
Page 117: Chapter 11 Introducing The Smt
ZyAIR G-3000 User’s Guide H A P T E R Introducing the SMT This chapter describes how to access the SMT and provides an overview of its menus 11.1 Connect to your ZyAIR Using Telnet The following procedure details how to telnet into your ZyAIR.
Page 118: Zyair Smt Menu Overview Example
ZyAIR G-3000 User’s Guide Figure 61 Menu 23.1 System Security : Change Password Menu 23.1 – System Security – Change Password Old Password= **** New Password= ? Retype to confirm= ? Enter here to CONFIRM or ESC to CANCEL: 4 Type your new system password in the New Password field (up to 30 characters), and press [ENTER].
Page 119: Navigating The Smt Interface
ZyAIR G-3000 User’s Guide Figure 62 ZyAIR G-3000 SMT Menu Overview Example 11.4 Navigating the SMT Interface The SMT (System Management Terminal) is the interface that you use to configure your ZyAIR. Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below.
Page 120: System Management Terminal Interface Summary
SMT interface. After you enter the password, the SMT displays the main menu, as shown next. Figure 63 ZyAIR G-3000 SMT Main Menu Copyright (c) 1994 - 2004 ZyXEL Communications Corp. ZyAIR G-3000 Main Menu Getting Started Advanced Management 1.
Page 121 ZyAIR G-3000 User’s Guide Table 36 Main Menu Summary MENU TITLE DESCRIPTION SNMP Configuration Use this menu to set up SNMP related parameters. System Security Use this menu to change your password and enable network user authentication. System Maintenance This menu provides system status, diagnostics, software upload, etc.
Page 122 ZyAIR G-3000 User’s Guide Chapter 11 Introducing the SMT...
Page 123: Chapter 12 General Setup
ZyAIR G-3000 User’s Guide H A P T E R General Setup The chapter shows you the information on general setup. 12.1 General Setup Menu 1 – General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. It is recommended you type your computer's "Computer name".
Page 124 ZyAIR G-3000 User’s Guide Table 37 Menu 1 General Setup FIELD DESCRIPTION First/Second/Third Press [SPACE BAR] to select From DHCP, User Defined or None and press System DNS Server [ENTER]. These fields are not available on all models. IP Address Enter the IP addresses of the DNS servers.
Page 125: Chapter 13 Lan Setup
ZyAIR G-3000 User’s Guide H A P T E R LAN Setup This chapter shows you how to configure the LAN on your ZyAIR. 13.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 – LAN Setup. From the main menu, enter 3 to display menu 3.
Page 126: Wireless Lan Setup
ZyAIR G-3000 User’s Guide Figure 66 Menu 3.2 TCP/IP Setup Menu 3.2 - TCP/IP Setup IP Address Assignment= Static IP Address= 192.168.1.2 IP Subnet Mask= 255.255.255.0 Gateway IP Address= 0.0.0.0 Follow the instructions in the following table on how to configure the fields in this menu.
Page 127: Figure 67 Menu 3.5 Wireless Lan Setup
ZyAIR G-3000 User’s Guide Figure 67 Menu 3.5 Wireless LAN Setup Menu 3.5 - Wireless LAN Setup WLAN Adapter Index= WLAN 1 Operating Mode= Access Point Edit MAC Address Filter= No ESSID= Wireless Hide ESSID= No Edit Bridge Link Configuration= N/A...
Page 128: Configuring Mac Address Filter
ZyAIR G-3000 User’s Guide Table 39 Menu 3.5 Wireless LAN Setup FIELD DESCRIPTION Key 1 to Key 4 The WEP keys are used to encrypt data. Both the ZyAIR and the wireless stations must use the same WEP key for data transmission.
Page 129: Figure 68 Menu 3.5 Wireless Lan Setup
ZyAIR G-3000 User’s Guide 1 From the main menu, enter 3 to open Menu 3 – LAN Setup. 2 Enter 5 to display Menu 3.5 – Wireless LAN Setup. Figure 68 Menu 3.5 Wireless LAN Setup Menu 3.5 - Wireless LAN Setup...
Page 130: Configuring Bridge Link
ZyAIR G-3000 User’s Guide The following table describes the fields in this menu. Table 40 Menu 3.5.1 WLAN MAC Address Filter FIELD DESCRIPTION Active To enable MAC address filtering, press [SPACE BAR] to select Yes and press [ENTER]. Filter Action Define the filter action for the list of MAC addresses in the MAC address filter table.
Page 131: Figure 71 Menu 3.5.4 Bridge Link Configuration
ZyAIR G-3000 User’s Guide 4 Move the cursor to the Edit Bridge Link Configuration field. Press [SPACE BAR] to select Yes and press [ENTER]. Menu 3.5.4 – Bridge Link Configuration displays as shown next. Figure 71 Menu 3.5.4 Bridge Link Configuration Menu 3.5.4 - Bridge Link Configuration...
Page 132 ZyAIR G-3000 User’s Guide Chapter 13 LAN Setup...
Page 133: Chapter 14 Dial-In User Setup
ZyAIR G-3000 User’s Guide H A P T E R Dial-in User Setup This chapter shows you how to create user accounts on the ZyAIR. 14.1 Dial-in User Setup By storing user profiles locally, your ZyAIR is able to authenticate wireless users without interacting with a network RADIUS server.
Page 134: Figure 73 Menu 14.1- Edit Dial-In User
ZyAIR G-3000 User’s Guide Figure 73 Menu 14.1- Edit Dial-in User Menu 14.1 - Edit Dial-in User User Name= test Active= Yes Password= ******** Press ENTER to Confirm or ESC to Cancel: Leave name field blank to delete profile The following table describes the fields in this screen.
Page 135: Chapter 15 Snmp Configuration
ZyAIR G-3000 User’s Guide H A P T E R SNMP Configuration This chapter explains SNMP Configuration menu 22. 15.1 About SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your ZyAIR supports SNMP agent functionality, which allows a manager station to manage and monitor the ZyAIR through the network.
Page 136: Supported Mibs
ZyAIR G-3000 User’s Guide The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include the number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects.
Page 137: Snmp Traps
ZyAIR G-3000 User’s Guide Figure 75 Menu 22 SNMP Configuration Menu 22 - SNMP Configuration SNMP: Get Community= public Set Community= public Trusted Host= 0.0.0.0 Trap: Community= public Destination= 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: The following table describes the SNMP configuration parameters.
Page 138: Table 45 Ports And Interface Types
ZyAIR G-3000 User’s Guide Table 44 SNMP Traps TRAP # TRAP NAME DESCRIPTION authenticationFailure (defined in A trap is sent to the manager when receiving any SNMP RFC-1215) get or set requirements with wrong community (password). linkDown (defined in RFC-1215) A trap is sent when the port is down.
Page 139: Chapter 16 System Security
ZyAIR G-3000 User’s Guide H A P T E R System Security This chapter describes how to configure the system security on the ZyAIR. 16.1 System Security You can configure the system password, an external RADIUS server and 802.1x in this menu.
Page 140: Figure 77 Menu 23 System Security
ZyAIR G-3000 User’s Guide Figure 77 Menu 23 System Security Menu 23 - System Security 1. Change Password 2. RADIUS Server 4. IEEE802.1x Enter Menu Selection Number: From Menu 23- System Security, enter 2 to display Menu 23.2 – System Security –...
Page 141: 142
ZyAIR G-3000 User’s Guide Table 46 Menu 23.2 System Security : RADIUS Server FIELD DESCRIPTION Active Press [SPACE BAR] to select Yes and press [ENTER] to enable user authentication through an external accounting server. Server Address Enter the IP address of the external accounting server in dotted decimal notation.
Page 142: Figure 80 Menu 23.4 System Security : Ieee802.1X
ZyAIR G-3000 User’s Guide Figure 80 Menu 23.4 System Security : IEEE802.1x Menu 23.4 - System Security - IEEE802.1x Wireless Port Control= Authentication Required ReAuthentication Timer (in second)= 1800 Idle Timeout (in second)= 3600 Key Management Protocol= 802.1x Dynamic WEP Key Exchange= 128-bit WEP...
Page 143 ZyAIR G-3000 User’s Guide Table 47 Menu 23.4 System Security : IEEE802.1x FIELD DESCRIPTION Dynamic WEP Key This field is activated only when you select Authentication Required in the Exchange Wireless Port Control field. Also set the Authentication Databases field to RADIUS Only.
Page 144 ZyAIR G-3000 User’s Guide Once you enable user authentication, you need to specify an external RADIUS server or create local user accounts on the ZyAIR for authentication Chapter 16 System Security...
Page 145: System Information And Diagnosis
ZyAIR G-3000 User’s Guide H A P T E R System Information and Diagnosis This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software.
Page 146: System Information
This is the time the ZyAIR is up and running from the last reboot. ZyNOS F/W Version Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. Name This displays the device name.
Page 147: System Information
Routing Refers to the routing protocol used. ZyNOS F/W Version Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. Country Code Refers to the country code of the firmware.
Page 148: Console Port Speed
ZyAIR G-3000 User’s Guide Table 49 Menu 24.2.1 System Maintenance : Information FIELD DESCRIPTION Ethernet Address Refers to the Ethernet MAC (Media Access Control) of your ZyAIR. IP Address This is the IP address of the ZyAIR in dotted decimal notation.
Page 149: Diagnostic
ZyAIR G-3000 User’s Guide Figure 86 Menu 24.3 System Maintenance : Log and Trace Menu 24.3 - System Maintenance - Log and Trace 1. View Error Log Please enter selection: 3 Enter 1 from Menu 24.3 – System Maintenance – Log and Trace and press [ENTER] twice to display the error log in the system.
Page 150: Table 50 Menu 24.4 System Maintenance Menu: Diagnostic
ZyAIR G-3000 User’s Guide 2 From this menu, type 4. Diagnostic to open Menu 24.4 – System Maintenance – Diagnostic. The following table describes the diagnostic tests available in menu 24.4 for your ZyAIR and the connections. Table 50 Menu 24.4 System Maintenance Menu: Diagnostic...
Page 151: Firmware And Configuration File Maintenance
ZyAIR G-3000 User’s Guide H A P T E R Firmware and Configuration File Maintenance This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files using the SMT screens.
Page 152: Backup Configuration
ZyAIR G-3000 User’s Guide The following table is a summary. Please note that the internal filename refers to the filename on the ZyAIR and the external filename refers to the filename not on the ZyAIR, that is, on your computer, local network or FTP site and so the name (but not the extension) will vary.
Page 153: Using The Ftp Command From The Dos Prompt
ZyAIR G-3000 User’s Guide Figure 89 Menu 24.5 Backup Configuration Menu 24.5 – Backup Configuration To transfer the configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your router. Then type "root" and SMT password as requested.
Page 154: Backup Configuration Using Tftp
ZyAIR G-3000 User’s Guide Figure 90 FTP Session Example 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 327680 bytes sent in 1.10Seconds...
Page 155: Example: Tftp Command
ZyAIR G-3000 User’s Guide 3 Enter command “sys stdio 0” to disable the SMT timeout, so the TFTP transfer will not be interrupted. Enter command “sys stdio 5” to restore the five-minute SMT timeout (default) when the file transfer is complete.
Page 156: Restore Configuration
ZyAIR G-3000 User’s Guide Figure 91 System Maintenance: Backup Configuration Ready to backup Configuration via Xmodem. Do you want to continue (y/n): 2 The following screen indicates that the Xmodem download has started. Figure 92 System Maintenance: Starting Xmodem Download Screen You can enter ctrl-x to terminate operation any time.
Page 157: Restore Using Ftp
ZyAIR G-3000 User’s Guide 18.3.1 Restore Using FTP For details about backup using (T)FTP please refer to earlier sections on FTP and TFTP file upload in this chapter. Figure 95 Menu 24.6 Restore Configuration Menu 24.6 – Restore Configuration To transfer the firmware and the configuration file, follow the procedure below: 1.
Page 158: Firmware Upload
ZyAIR G-3000 User’s Guide 18.4.1 Firmware Upload FTP is the preferred method for uploading the firmware and configuration. To use this feature, your computer must have an FTP client. When you telnet into the ZyAIR, you will see the following screens for uploading firmware and the configuration file using FTP.
Page 159: Using The Ftp Command From The Dos Prompt Example
ZyAIR G-3000 User’s Guide To transfer the firmware and the configuration file, follow these examples: 18.4.3 Using the FTP command from the DOS Prompt Example 1 Launch the FTP client on your computer. 2 Enter “open” and the IP address of your ZyAIR.
Page 160: Example: Tftp Command
ZyAIR G-3000 User’s Guide 2 Put the SMT in command interpreter (CI) mode by entering 8 in Menu 24 – System Maintenance. 3 Enter the command “sys stdio 0” to disable the SMT timeout, so the TFTP transfer will not be interrupted. Enter command “sys stdio 5” to restore the five-minute SMT timeout (default) when the file transfer is complete.
Page 161: Example Xmodem Firmware Upload Using Hyperterminal
ZyAIR G-3000 User’s Guide Figure 100 Menu 24.7.1 as seen using the Console Port Menu 24.7.1 - System Maintenance - Upload System Firmware To upload system firmware: 1. Enter "y" at the prompt below to go into debug mode. 2. Enter "atur" after "Enter Debug Mode" message.
Page 162: Example Xmodem Configuration Upload Using Hyperterminal
ZyAIR G-3000 User’s Guide Figure 102 Menu 24.7.2 as seen using the Console Port Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload system configuration file: 1. Enter "y" at the prompt below to go into debug mode.
Page 163: System Maintenance And Information
ZyAIR G-3000 User’s Guide H A P T E R System Maintenance and Information This chapter leads you through SMT menus 24.8 and 24.10. 19.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the main system firmware. The CI provides much of the same functionality as the SMT, while adding some low-level setup and diagnostic functions.
Page 164: Time And Date Setting
Upload Firmware Command Interpreter Mode 10. Time and Date Setting 11. Remote Management Setup Enter Menu Selection Number: Figure 105 Valid CI Commands Copyright (c) 1994 - 2004 ZyXEL Communications Corp. G-3000> ? Valid commands are: exit ether wlan bridge...
Page 165: Resetting The Time
ZyAIR G-3000 User’s Guide Figure 106 Menu 24.10 System Maintenance : Time and Date Setting Menu 24.10 - System Maintenance - Time and Date Setting Time Protocol= NTP (RFC-1305) Time Server Address= 128.105.39.21 Current Time: 05 : 47 : 19...
Page 166: Remote Management Setup
ZyAIR G-3000 User’s Guide 1 On leaving menu 24.10 after making changes. 2 When the ZyAIR starts up, if there is a timeserver configured in menu 24.10. 3 24-hour intervals after starting. 19.3 Remote Management Setup 19.3.1 Telnet You can configure your ZyAIR for remote Telnet access as shown next.
Page 167: Remote Management Limitations
ZyAIR G-3000 User’s Guide Note: If you enable remote management of a service, but have applied a filter to block the service, then you will not be able to remotely manage the service. Enter 11, from menu 24, to display Menu 24.11 - Remote Management Control (shown next) Figure 108 Menu 24.11 Remote Management Control...
Page 168: Remote Management And Nat
ZyAIR G-3000 User’s Guide 1 A filter in menu 3.1 (LAN) or in menu 11.5 (WAN) is applied to block a Telnet, FTP or Web service. 2 You have disabled that service in menu 24.11. 3 The IP address in the Secured Client IP field (menu 24.11) does not match the client IP address.
Page 169: Appendix A Troubleshooting
ZyAIR G-3000 User’s Guide Appendix A Troubleshooting This appendix covers potential problems and possible remedies. After each problem description, some instructions are provided to help you to diagnose and to solve the problem. Problems Starting Up the ZyAIR Table 57 Troubleshooting the Start-Up of Your ZyAIR...
Page 170: Table 59 Troubleshooting The Password
ZyAIR G-3000 User’s Guide Problems with the Password Table 59 Troubleshooting the Password PROBLEM CORRECTIVE ACTION I cannot access the The Password and Username fields are case-sensitive. Make sure that you enter the ZyAIR. correct password and username using the proper casing.
Page 171: Appendix B Specifications
ZyAIR G-3000 User’s Guide Appendix B Specifications Hardware Table 62 Hardware Power Specification DC 12V 1200mA Operation Temperature 0º C ~ 50º C Storage Temperature -30º C ~ 60º C Operation Humidity 20% to 95% (Non-condensing) Storage Humidity 20% to 95% (Non-condensing)
Page 172 ZyAIR G-3000 User’s Guide Table 63 Firmware (continued) Diagnostics Capabilities The access point can perform self-diagnostic tests. These tests check the integrity of the following circuits: FLASH memory. DRAM. Dual Ethernet port. Wireless port. Syslog. Errorlog. Trace log. Packet Log.
Page 173: Power Over Ethernet Specifications
ZyAIR G-3000 User’s Guide Appendix C Power over Ethernet Specifications You can use a power over Ethernet injector to power this device. The injector must comply to IEEE 802.3af.-7 Table 64 Power over Ethernet Injector Specifications Power Output 15.4 Watts maximum...
Page 174 ZyAIR G-3000 User’s Guide Appendix C Power over Ethernet Specifications...
Page 175: Brute-Force Password Guessing Protection
ZyAIR G-3000 User’s Guide Appendix D Brute-Force Password Guessing Protection The following describes the commands for enabling, disabling and configuring the brute-force password guessing protection mechanism for the password. See Appendix H” for information on the command structure. Table 66 Brute-Force Password Guessing Protection Commands...
Page 176 ZyAIR G-3000 User’s Guide Appendix D Brute-Force Password Guessing Protection...
Page 177: Setting Up Your Computer's Ip Address
ZyAIR G-3000 User’s Guide Appendix E Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer.
Page 178: Figure 109 Windows 95/98/Me: Network: Configuration
ZyAIR G-3000 User’s Guide Figure 109 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
Page 179: Figure 110 Windows 95/98/Me: Tcp/Ip Properties: Ip Address
ZyAIR G-3000 User’s Guide 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab.
Page 180: Figure 111 Windows 95/98/Me: Tcp/Ip Properties: Dns Configuration
ZyAIR G-3000 User’s Guide Figure 111 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add.
Page 181: Figure 112 Windows Xp: Start Menu
ZyAIR G-3000 User’s Guide Figure 112 Windows XP: Start Menu 2 For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Figure 113 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties.
Page 182: Figure 114 Windows Xp: Control Panel: Network Connections: Properties
ZyAIR G-3000 User’s Guide Figure 114 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. Figure 115 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Page 183: Figure 116 Windows Xp: Advanced Tcp/Ip Settings
ZyAIR G-3000 User’s Guide • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. Click Advanced. Figure 116 Windows XP: Advanced TCP/IP Settings 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK.
Page 184: Figure 117 Windows Xp: Internet Protocol (Tcp/Ip) Properties
ZyAIR G-3000 User’s Guide • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
Page 185: Figure 118 Macintosh Os 8/9: Apple Menu
ZyAIR G-3000 User’s Guide Figure 118 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 119 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. Appendix E Setting up Your Computer’s IP Address...
Page 186: Figure 120 Macintosh Os X: Apple Menu
ZyAIR G-3000 User’s Guide 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. •...
Page 187: Figure 121 Macintosh Os X: Network
ZyAIR G-3000 User’s Guide Figure 121 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box.
Page 188 ZyAIR G-3000 User’s Guide Appendix E Setting up Your Computer’s IP Address...
Page 189: Ip Address Assignment Conflicts
ZyAIR G-3000 User’s Guide Appendix F IP Address Assignment Conflicts This appendix describes situations where IP address conflicts may occur. Subscribers with duplicate IP addresses will not be able to access the Internet. Case A: The ZyAIR is using the same LAN and WAN IP...
Page 190: Figure 123 Ip Address Conflicts: Case B
ZyAIR G-3000 User’s Guide Figure 123 IP Address Conflicts: Case B To solve this problem, make sure the ZyAIR LAN IP address is not in the DHCP IP address pool. Case C: The Subscriber IP address is the same as the IP...
Page 191: Figure 125 Ip Address Conflicts: Case D
ZyAIR G-3000 User’s Guide In this case, the subscribers are not able to access the Internet. Figure 125 IP Address Conflicts: Case D This problem can be solved by adding a VLAN-enabled switch or set the computers to obtain IP addresses dynamically.
Page 192 ZyAIR G-3000 User’s Guide Appendix F IP Address Assignment Conflicts...
Page 193: Appendix Gip Subnetting
ZyAIR G-3000 User’s Guide Appendix G IP Subnetting IP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1.
Page 194: Table 68 Allowed Ip Address Range By Class
ZyAIR G-3000 User’s Guide Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127. Similarly the first octet of a class “B” must begin with “10”, therefore the first octet of a class “B”...
Page 195: Table 70 Alternative Subnet Mask Notation
ZyAIR G-3000 User’s Guide Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/”...
Page 196: Table 72 Subnet 1
ZyAIR G-3000 User’s Guide Divide the network 192.168.1.0 into two separate subnets by converting one of the host ID bits of the IP address to a network number bit. The “borrowed” host ID bit can be either “0” or “1”...
Page 197: Table 74 Subnet 1
ZyAIR G-3000 User’s Guide Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow” two host ID bits to give four possible combinations of 00, 01, 10 and 11. The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192.
Page 198: Table 77 Subnet 4
ZyAIR G-3000 User’s Guide Table 77 Subnet 4 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 11000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.193 192.168.1.192 Broadcast Address: Highest Host ID: 192.168.1.254 192.168.1.255...
Page 199: Table 80 Class B Subnet Planning
ZyAIR G-3000 User’s Guide Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID.
Page 200 ZyAIR G-3000 User’s Guide Appendix G IP Subnetting...
Page 201: Appendix H Command Interpreter
ZyAIR G-3000 User’s Guide Appendix H Command Interpreter The following describes how to use the command interpreter. Enter 24 in the main menu to bring up the system maintenance menu. Enter 8 to go to Menu 24.8 - Command Interpreter Mode.
Page 202 ZyAIR G-3000 User’s Guide Appendix H Command Interpreter...
Page 203: Appendix I Log Descriptions
ZyAIR G-3000 User’s Guide Appendix I Log Descriptions This appendix provides descriptions of example log messages. Table 81 System Maintenance Logs LOG MESSAGE DESCRIPTION The router has adjusted its time based on information from the time server. Time calibration is successful The router failed to get information from the time server.
Page 204: Table 83 Sys Log
ZyAIR G-3000 User’s Guide Table 82 ICMP Notes (continued) TYPE CODE DESCRIPTION Redirect datagrams for the Host Redirect datagrams for the Type of Service and Network Redirect datagrams for the Type of Service and Host Echo Echo message Time Exceeded...
Page 205: Table 84 Log Categories And Available Settings
ZyAIR G-3000 User’s Guide Use sys logs category followed by a log category and a parameter to decide what to record Table 84 Log Categories and Available Settings LOG CATEGORIES AVAILABLE PARAMETERS error 0, 1, 2, 3 mten 0, 1...
Page 206 ZyAIR G-3000 User’s Guide Appendix I Log Descriptions...
Page 207: Wireless Lan And Ieee 802.11
ZyAIR G-3000 User’s Guide Appendix J Wireless LAN and IEEE 802.11 A wireless LAN (WLAN) provides a flexible data communications system that you can use to access various services (navigating the Internet, email, printer services, etc.) without the use of a cabled connection.
Page 208: Figure 126 Peer-To-Peer Communication In An Ad-Hoc Network
ZyAIR G-3000 User’s Guide Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless nodes or stations (STA), which is called a Basic Service Set (BSS). In the most basic form, a wireless LAN connects a set of computers with wireless adapters. Any...
Page 209: Figure 127 Ess Provides Campus-Wide Coverage
ZyAIR G-3000 User’s Guide Figure 127 ESS Provides Campus-Wide Coverage Appendix J Wireless LAN and IEEE 802.11...
Page 210 ZyAIR G-3000 User’s Guide Appendix J Wireless LAN and IEEE 802.11...
Page 211: Wireless Lan With Ieee 802.1X
ZyAIR G-3000 User’s Guide Appendix K Wireless LAN With IEEE 802.1x As wireless networks become popular for both portable computing and corporate networks, security is now a priority. Security Flaws with IEEE 802.11 Wireless networks based on the original IEEE 802.11 have a poor reputation for safety. The IEEE 802.11b wireless access standard, first published in 1999, was based on the MAC...
Page 212: Figure 128 Sequences For Eap Md5-Challenge Authentication
ZyAIR G-3000 User’s Guide RADIUS Server Authentication Sequence The following figure depicts a typical wireless network with a remote RADIUS server for user authentication using EAPOL (EAP Over LAN). Figure 128 Sequences for EAP MD5–Challenge Authentication Appendix K Wireless LAN With IEEE 802.1x...
Page 213: Types Of Eap Authentication
ZyAIR G-3000 User’s Guide Appendix L Types of EAP Authentication This appendix discusses the five popular EAP authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and LEAP. The type of authentication you use depends on the RADIUS server or the AP. Consult your network administrator for more information.
Page 214: Table 85 Comparison Of Eap Authentication Types
ZyAIR G-3000 User’s Guide PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication.
Page 215: Antenna Selection And Positioning Recommendation
ZyAIR G-3000 User’s Guide Appendix M Antenna Selection and Positioning Recommendation An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air.
Page 216 ZyAIR G-3000 User’s Guide • Omni-directional antennas send the RF signal out in all directions on a horizontal plane. The coverage area is torus-shaped (like a donut) which makes these antennas ideal for a room environment. With a wide coverage area, it is possible to make circular overlapping coverage areas with multiple access points.
Page 217: Power Adaptor Specifications
ZyAIR G-3000 User’s Guide Appendix N Power Adaptor Specifications Table 86 NORTH AMERICAN PLUG STANDARDS AC Power Adaptor Model AD48-1201200DUY Input Power AC120Volts/60Hz/0.25A Output Power DC12Volts/1.2A Power Consumption 10 W Safety Standards UL, CUL (UL 1950, CSA C22.2 No.234-M90) Table 87 NORTH AMERICAN PLUG STANDARDS...
Page 218: Table 91 Australia And New Zealand Plug Standards
ZyAIR G-3000 User’s Guide Table 91 Australia and New Zealand plug standards AC Power Adaptor Model AD-1201200DS or AD-121200DS Input Power AC240Volts/50Hz/0.2A Output Power DC12Volts/1.2A Power Consumption 10 W Safety Standards NATA (AS 3260) Appendix N Power Adaptor Specifications...
Page 219 ZyAIR G-3000 User’s Guide Index Address Assignment 45, 98 Data Encryption Ad-hoc Data encryption Alternative Subnet Mask Notation Default Antenna DHCP Directional Diagnostic Omni-directional Diagnostic Tools Antenna gain Direct Sequence Spread Spectrum Applications Distribution System 57, 209 Authentication Auto-crossover Ethernet/Fast Ethernet Interface...
Page 220 ZyAIR G-3000 User’s Guide Fragmentation Threshold Frequency-Hopping Spread Spectrum MAC address Restrictions MAC Address Filter Action 79, 131 FTP File Transfer MAC Address Filtering MAC Filter MAC Filtering MAC service data unit Main Menu Management Information Base (MIB) General Setup...
Page 221 ZyAIR G-3000 User’s Guide STP Port States STP Terminology Subnet Mask 46, 98, 127, 149 RADIUS Subnet Masks Rapid STP Subnetting Syntax Conventions Rate System Receiving Console Port Speed Transmission Diagnostic ReAuthentication Time Log and Trace Related Documentation System Information...
Page 222 ZyAIR G-3000 User’s Guide Valid CI Commands Virtual Local Area Network VLAN 30, 96 30, 65 Web Configurator 38, 40 42, 74 WEP Encryption 32, 64, 77, 128 Wi-Fi Protected Access Wired Equivalent Privacy Wireless Client WPA Supplicants Wireless Distribution System...

ZyXEL Communications ZyAIR G-3000 User Manual

Chapter 1 Getting to Know Your Zyair

Chapter 2 Introducing the Web Configurator

Chapter 3 Wizard Setup

Chapter 4 System Screens

Chapter 5 Wireless Configuration and Roaming

Chapter 6 Wireless Security

Chapter 7 VLAN

Chapter 8 IP Screen

Chapter 9 Log Screens

Chapter 10 Maintenance

Chapter 11 Introducing the SMT

Chapter 12 General Setup

Chapter 13 LAN Setup

Chapter 14 Dial-In User Setup

Chapter 15 SNMP Configuration

Chapter 16 System Security

Chapter 17 System Information and Diagnosis

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications ZyAIR G-3000

Summary of Contents for ZyXEL Communications ZyAIR G-3000