ZyXEL Communications ZyXEL ZyAIR G-3000H User Manual

802.11g wireless access point
Hide thumbs Also See for ZyXEL ZyAIR G-3000H:
Table of Contents

Advertisement

Quick Links

G-3000H
802.11g Wireless Access Point
User's Guide
Version 3.50
11/2005

Advertisement

Table of Contents
loading

Summary of Contents for ZyXEL Communications ZyXEL ZyAIR G-3000H

  • Page 1 G-3000H 802.11g Wireless Access Point User’s Guide Version 3.50 11/2005...
  • Page 2: Copyright

    ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved.
  • Page 3: Federal Communications Commission (Fcc) Interference Statement

    Federal Communications Commission (FCC) Interference This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.
  • Page 4 G-3000H User’s Guide Certifications Go to www.zyxel.com 1 Select your product from the drop-down list box on the ZyXEL home page to go to that product's page. 2 Select the certification you wish to view from this page Federal Communications Commission (FCC) Interference Statement...
  • Page 5: Zyxel Limited Warranty

    ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating...
  • Page 6: Customer Support

    +7-3272-590-689 1-800-255-4101 www.us.zyxel.com +1-714-632-0882 +1-714-632-0858 ftp.us.zyxel.com +47-22-80-61-80 www.zyxel.no +47-22-80-61-81 REGULAR MAIL ZyXEL Communications Corp. 6 Innovation Road II Science Park Hsinchu 300 Taiwan ZyXEL Communications Czech s.r.o. Modranská 621 143 01 Praha 4 - Modrany Ceská Republika ZyXEL Communications A/S...
  • Page 7 Poland ZyXEL Russia Ostrovityanova 37a Str. Moscow, 117279 Russia ZyXEL Communications Alejandro Villegas 33 1º, 28043 Madrid Spain ZyXEL Communications A/S Sjöporten 4, 41764 Göteborg Sweden ZyXEL Ukraine 13, Pimonenko Str. Kiev, 04050 Ukraine ZyXEL Communications UK Ltd.,11 The Courtyard,...
  • Page 8 G-3000H User’s Guide Customer Support...
  • Page 9: Table Of Contents

    Copyright ... 2 Federal Communications Commission (FCC) Interference Statement ... 3 ZyXEL Limited Warranty... 5 Customer Support... 6 Table of Contents ... 9 List of Figures ... 17 List of Tables ... 23 Preface ... 27 Chapter 1 Getting to Know Your ZyAIR ... 31 1.1 Introducing the ZyAIR ...31 1.2 ZyAIR Features ...31 1.2.1 Physical Features ...31...
  • Page 10 G-3000H User’s Guide 3.1.3 WEP Encryption ...45 3.2 Wizard Setup: General Setup ...46 3.3 Wizard Setup: Wireless LAN ...46 3.4 Wizard Setup: IP Address ...48 3.4.1 IP Address Assignment ...48 3.4.2 IP Address and Subnet Mask ...48 3.5 Basic Setup Complete ...50 Chapter 4 System Screens ...
  • Page 11 6.1.2 Authentication ...73 6.1.3 Restricted Access ...73 6.1.4 Hide ZyAIR Identity ...74 6.1.5 WEP Encryption ...74 6.2 Configuring WEP Encryption ...74 6.3 802.1x Overview ...74 6.4 EAP Authentication Overview ...74 6.5 Dynamic WEP Key Exchange ...75 6.6 Introduction to WPA ...75 6.6.1 User Authentication ...76 6.6.2 Encryption ...76 6.6.3 WPA(2)-PSK Application Example ...76...
  • Page 12 G-3000H User’s Guide 8.2 Configuring Layer-2 Isolation ...104 8.2.1 Layer-2 Isolation Examples ...105 8.2.2 Layer-2 Isolation Example 1 ...106 8.2.3 Layer-2 Isolation Example 2 ...106 8.2.4 Layer-2 Isolation Example 3 ...107 8.3 Configuring MAC Filter ...108 8.4 Configuring Roaming ...109 8.4.1 Requirements for Roaming ...
  • Page 13 Chapter 12 Remote Management Screens ... 147 12.1 Remote Management Overview ...147 12.1.1 Remote Management Limitations ...147 12.1.2 Remote Management and NAT ...148 12.1.3 System Timeout ...148 12.2 Configuring WWW ...148 12.3 Configuring Telnet ...150 12.4 Configuring TELNET ...150 12.5 Configuring FTP ...151 12.6 SNMP ...152 12.6.1 Supported MIBs ...154 12.6.2 SNMP Traps ...154...
  • Page 14 G-3000H User’s Guide Chapter 16 General Setup ... 177 16.1 General Setup ...177 16.1.1 Procedure To Configure Menu 1 ...177 Chapter 17 LAN Setup... 179 17.1 LAN Setup ...179 17.2 TCP/IP Ethernet Setup ...179 17.3 Wireless LAN Setup ...180 17.3.1 Configuring MAC Address Filter ...182 17.3.2 Configuring Roaming ...184 17.3.3 Configuring SSID Profiles ...186 17.3.4 Configuring Bridge Link ...187...
  • Page 15 Chapter 23 Firmware and Configuration File Maintenance ... 207 23.1 Filename Conventions ...207 23.2 Backup Configuration ...208 23.2.1 Backup Configuration Using FTP ...208 23.2.2 Using the FTP command from the DOS Prompt ...209 23.2.3 Backup Configuration Using TFTP ...210 23.2.4 Example: TFTP Command ...211 23.2.5 Backup Via Console Port ...211 23.3 Restore Configuration ...212 23.3.1 Restore Using FTP ...213...
  • Page 16 G-3000H User’s Guide Appendix B Specifications... 233 Appendix C Power over Ethernet (PoE) Specifications ... 235 Appendix D Brute-Force Password Guessing Protection... 237 Appendix E Setting up Your Computer’s IP Address... 239 Appendix F IP Address Assignment Conflicts ... 251 Appendix G Wireless LANs ...
  • Page 17: List Of Figures

    G-3000H User’s Guide List of Figures Figure 1 PoE Installation Example ... 32 Figure 2 WDS Functionality Example ... 33 Figure 3 Access Point Application ... 37 Figure 4 Multiple ESS Application ... 38 Figure 5 AP+Bridge Application ... 39 Figure 6 Bridge Application ...
  • Page 18 G-3000H User’s Guide Figure 39 Multi-ESS with VLAN Example ... 94 Figure 40 Wireless: Multiple ESS ... 95 Figure 41 SSID ... 97 Figure 42 Configuring SSID ... 99 Figure 43 Second Rx VLAN ID Example ... 100 Figure 44 Configuring SSID: Second Rx VLAN ID Example ... 100 Figure 45 Layer-2 Isolation Application ...
  • Page 19 G-3000H User’s Guide Figure 82 Remote Management: WWW ... 149 Figure 83 Telnet Configuration on a TCP/IP Network ... 150 Figure 84 Remote Management: Telnet ... 151 Figure 85 Remote Management: FTP ... 152 Figure 86 SNMP Management Model ... 153 Figure 87 Remote Management: SNMP ...
  • Page 20 G-3000H User’s Guide Figure 125 Menu 23 System Security ... 199 Figure 126 Menu 23 - System Security ... 200 Figure 127 Menu 23.5 Security Profile Edit ... 200 Figure 128 Menu 24 System Maintenance ... 201 Figure 129 Menu 24.1 System Maintenance: Status ... 202 Figure 130 Menu 24.2 System Information and Console Port Speed ...
  • Page 21 G-3000H User’s Guide Figure 168 Macintosh OS 8/9: TCP/IP ... 247 Figure 169 Macintosh OS X: Apple Menu ... 248 Figure 170 Macintosh OS X: Network ... 249 Figure 171 IP Address Conflicts: Case A ... 251 Figure 172 IP Address Conflicts: Case B ... 252 Figure 173 IP Address Conflicts: Case C ...
  • Page 22 G-3000H User’s Guide List of Figures...
  • Page 23: List Of Tables

    G-3000H User’s Guide List of Tables Table 1 IEEE 802.11b ... 34 Table 2 IEEE 802.11g ... 34 Table 3 Wizard 1: General Setup ... 46 Table 4 Wizard 2: Wireless LAN Setup ... 47 Table 5 Private IP Address Ranges ... 48 Table 6 Wizard 3: IP Address Assignment ...
  • Page 24 G-3000H User’s Guide Table 39 My Certificate Import ... 133 Table 40 My Certificate Create ... 134 Table 41 My Certificate Details ... 137 Table 42 Trusted CAs ... 140 Table 43 Trusted CA Import ... 141 Table 44 Trusted CA Details ... 143 Table 45 Remote Management: WWW ...
  • Page 25 G-3000H User’s Guide Table 82 Menu 24.11 Remote Management Control ... 228 Table 83 Troubleshooting the Start-Up of Your ZyAIR ... 231 Table 84 Troubleshooting the Ethernet Interface ... 231 Table 85 Troubleshooting the Password ... 232 Table 86 Troubleshooting Telnet ... 232 Table 87 Troubleshooting the WLAN Interface ...
  • Page 26 G-3000H User’s Guide List of Tables...
  • Page 27: Preface

    Congratulations on your purchase of the G-3000H - 802.11g Wireless Access Point/Bridge/ Repeater. An AP acts as a bridge between the wireless and wired networks, extending your existing wired network without any additional wiring. The ZyAIR can function as a wireless network bridge/repeater and establish up to five wireless links with other APs.
  • Page 28: User Guide Feedback

    Help us help you! E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you! Syntax Conventions •...
  • Page 29: Graphics Icons Key

    Graphics Icons Key ZyAIR Server Modem Wireless Signal Preface Computer Notebook computer DSLAM Firewall Switch Router G-3000H User’s Guide...
  • Page 30 G-3000H User’s Guide Preface...
  • Page 31: Getting To Know Your Zyair

    Getting to Know Your ZyAIR This chapter introduces the main features and applications of the ZyAIR. 1.1 Introducing the ZyAIR The G-3000H extends the range of your existing wired network without any additional wiring efforts, providing easy network access to mobile users. The ZyAIR offers highly secured wireless connectivity to your wired network with IEEE 802.1x, Wi-Fi Protected Access, WEP data encryption and MAC address filtering.
  • Page 32: Firmware Features

    G-3000H User’s Guide ZyAIR LED The blue ZyAIR LED (also known as the Breathing LED) is on when the ZyAIR is on and blinks (or breaths) when data is being transmitted to/from its wireless stations. You may use the web configurator to turn this LED off even when the ZyAIR is on and data is being transmitted/received.
  • Page 33: Figure 2 Wds Functionality Example

    VLAN A VLAN (Virtual Local Area Network) allows a physical network to be partitioned into multiple logical networks. Only stations within the same group can talk to each other. Stations on a logical network can belong to one or more groups. The ZyAIR supports 802.1Q VLAN tagging.
  • Page 34: Table 1 Ieee 802.11B

    G-3000H User’s Guide The 802.11b data rate and corresponding modulation techniques are shown in the table below. The modulation technique defines how bits are encoded onto radio waves. Table 1 IEEE 802.11b DATA RATE (MBPS) 5.5 / 11 802.11g Wireless LAN Standard The ZyAIR, complies with the 802.11g wireless standard and is also fully compatible with the 802.11b standard.
  • Page 35: Limit The Number Of Client Connections

    Limit the number of Client Connections You may set a maximum number of wireless stations that may connect to the ZyAIR. This may be necessary if for example, there is interference or difficulty with channel assignment due to a high density of APs within a coverage area. SSL Passthrough SSL (Secure Sockets Layer) uses a public key to encrypt data that's transmitted over an SSL connection.
  • Page 36: Applications For The Zyair

    G-3000H User’s Guide Full Network Management The embedded web configurator is an all-platform web-based utility that allows you to easily access the ZyAIR’s management settings. Most functions of the ZyAIR are also software configurable via the SMT (System Management Terminal) interface. The SMT is a menu- driven interface that you can access from a terminal emulator over a telnet connection.
  • Page 37: Access Point

    1.3.1 Access Point The ZyAIR is an ideal access solution for wireless Internet connection. A typical Internet access application for your ZyAIR is shown as follows. Stations A, B and C can access the wired network through the ZyAIRs. Figure 3 Access Point Application 1.3.2 Multiple ESS The ZyAIR’s Multiple ESS function allows multiple ESSs to be configured on just one access point (the ZyAIR).
  • Page 38: Ap + Bridge

    G-3000H User’s Guide Figure 4 Multiple ESS Application 1.3.3 AP + Bridge In AP+Bridge mode, the ZyAIR supports both AP (A and B can connect to the wired network through X) and bridge (X can communicate with Y) connection at the same time. When the ZyAIR is in AP + Bridge mode, the traffic between ZyAIRs (the WDS) is not encrypted.
  • Page 39: Bridge / Repeater

    Figure 5 AP+Bridge Application 1.3.4 Bridge / Repeater The ZyAIR can act as a wireless network bridge and establish wireless links with other APs. In bridge mode, the ZyAIR’s (A and B) are connected to independent wired networks and have a bridge (A can communicate with B) connection at the same time.
  • Page 40: Figure 6 Bridge Application

    G-3000H User’s Guide Figure 6 Bridge Application Figure 7 Repeater Application Chapter 1 Getting to Know Your ZyAIR...
  • Page 41: Introducing The Web Configurator

    This chapter describes how to access the ZyAIR web configurator and provides an overview of its screens. The default IP address of the ZyAIR is 192.168.1.2. 2.1 Accessing the ZyAIR Web Configurator 1 Make sure your ZyAIR hardware is properly connected and prepare your computer/ computer network to connect to the ZyAIR (refer to the Quick Start Guide).
  • Page 42: Figure 8 Change Password Screen

    G-3000H User’s Guide Figure 8 Change Password Screen 6 Click Apply in the Replace Certificate screen to create a certificate using your ZyAIR’s MAC address that will be specific to this device. Figure 9 Replace Certificate Screen You should now see the MAIN MENU screen. Note: The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes).
  • Page 43: Resetting The Zyair

    2.2 Resetting the ZyAIR If you forget your password or cannot access the web configurator, you will need to reload the factory-default configuration file or use the RESET button on the side panel of the ZyAIR. Uploading this configuration file replaces the current configuration file with the factory- default configuration file.
  • Page 44: Figure 10 The Main Menu Screen Of The Web Configurator

    G-3000H User’s Guide Note: Follow the instructions you see in the MAIN MENU screen or click the icon (located in the top right corner of most screens) to view online help. icon does not appear in the MAIN MENU screen. Figure 10 The MAIN MENU Screen of the Web Configurator Click WIZARD SETUP for initial configuration including general setup, Wireless LAN setup and IP address assignment.
  • Page 45: Chapter 3 Wizard Setup

    This chapter provides information on the Wizard Setup screens in the web configurator. 3.1 Wizard Setup Overview The web configurator’s setup wizard helps you configure your ZyAIR for wireless stations to access your wired LAN. 3.1.1 Channel A channel is the radio frequency(ies) used by IEEE 802.11b and IEEE 802.11g wireless devices.
  • Page 46: Wizard Setup: General Setup

    G-3000H User’s Guide 3.2 Wizard Setup: General Setup General Setup contains administrative and system-related information. Figure 11 Wizard 1: General Setup The following table describes the labels in this screen. Table 3 Wizard 1: General Setup LABEL System Name Domain Name Next 3.3 Wizard Setup: Wireless LAN Use the second wizard screen to set up the wireless LAN.
  • Page 47: Figure 12 Wizard 2: Wireless Lan Setup

    Figure 12 Wizard 2: Wireless LAN Setup The following table describes the labels in this screen. Table 4 Wizard 2: Wireless LAN Setup LABEL Wireless LAN Setup Name (SSID) Choose Channel ID Scan WEP Encryption ASCII Key 1 to Key 4 Back Next Chapter 3 Wizard Setup...
  • Page 48: Wizard Setup: Ip Address

    G-3000H User’s Guide 3.4 Wizard Setup: IP Address The third wizard screen allows you to configure IP address assignment. 3.4.1 IP Address Assignment Every computer on the Internet must have a unique IP address. If your networks are isolated from the Internet, for instance, only between your two branch offices, you can assign any IP addresses to the hosts without problems.
  • Page 49: Figure 13 Wizard 3: Ip Address Assignment

    Once you have decided on the network number, pick an IP address that is easy to remember, for instance, 192.168.1.2, for your ZyAIR, but make sure that no other device on your network is using that IP address. The subnet mask specifies the network number portion of an IP address. Your ZyAIR will compute the subnet mask automatically based on the IP address that you entered.
  • Page 50: Basic Setup Complete

    G-3000H User’s Guide 3.5 Basic Setup Complete When you click Finish in the Wizard 3 IP Address Assignment screen, a warning window display as shown. Click OK to close the window and log in to the web configurator again using the new IP address if you change the default IP address (192.168.1.2). You have successfully set up the ZyAIR.
  • Page 51: Chapter 4 System Screens

    4.1 System Overview This section provides information on general system setup. 4.2 Configuring General Setup Click the SYSTEM link under ADVANCED to open the General screen. Figure 15 System General Setup The following table describes the labels in this screen. Table 7 System General Setup LABEL General Setup...
  • Page 52: Configuring Password

    G-3000H User’s Guide Table 7 System General Setup LABEL Administrator Inactivity Timer System DNS Servers First DNS Server Second DNS Server Third DNS Server Apply Reset 4.3 Configuring Password To change your ZyAIR’s password (recommended), click the SYSTEM link under ADVANCED and then the Password tab.
  • Page 53: Configuring Time Setting

    Figure 16 Password. The following table describes the labels in this screen. Table 8 Password LABEL Old Password New Password Retype to Confirm Apply Reset 4.4 Configuring Time Setting To change your ZyAIR’s time and date, click the SYSTEM link under ADVANCED and then the Time Setting tab.
  • Page 54: Figure 17 Time Setting

    G-3000H User’s Guide Figure 17 Time Setting The following table describes the labels in this screen. Table 9 Time Setting LABEL Time Protocol Time Server Address Current Time (hh:mm:ss) New Time (hh:mm:ss) This field displays the last updated time from the time server. Current Date (yyyy/ mm/dd) New Date (yyyy/mm/...
  • Page 55 Table 9 Time Setting LABEL Time Zone Daylight Savings Start Date (mm-dd) End Date (mm-dd) Apply Reset Chapter 4 System Screens DESCRIPTION Choose the time zone of your location. This will set the time difference between your time zone and Greenwich Mean Time (GMT). Select this option if you use daylight savings time.
  • Page 56 G-3000H User’s Guide Chapter 4 System Screens...
  • Page 57: Wireless Configuration

    Wireless Configuration This chapter discusses how to configure Wireless screens on the ZyAIR. 5.1 Wireless LAN Overview This section introduces the wireless LAN (WLAN) and some basic scenarios. 5.1.1 BSS A Basic Service Set (BSS) exists when all communications between wireless stations or between a wireless station and a wired network client go through one access point (AP).
  • Page 58: Ess

    G-3000H User’s Guide Figure 18 Basic Service set 5.1.2 ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). An ESSID (ESS IDentification) uniquely identifies each ESS.
  • Page 59: Wireless Lan Basics

    Figure 19 Extended Service Set 5.2 Wireless LAN Basics Refer also to the Wizard Setup features, such as channels. See the Wireless LANs Appendix for information on the following: • Wireless LAN Topologies • Channel • RTS/CTS • Fragmentation Threshold •...
  • Page 60: Wmm Qos

    G-3000H User’s Guide 5.3 WMM QoS WMM (Wi-Fi MultiMedia) QoS (Quality of Service) ensures quality of service in wireless networks for multimedia applications. WMM QoS prioritizes wireless traffic according to the delivery requirements of the individual and applications. WMM QoS is a part of the IEEE 802.11e QoS enhancement to certified Wi-Fi wireless networks.
  • Page 61: Diffserv

    5.3.2.1 DiffServ DiffServ is a class of service (CoS) model that marks packets so that they receive specific per- hop treatment at DiffServ-compliant network devices along the route based on the application types and traffic flow. Packets are marked with DiffServ Code Points (DSCPs) indicating the level of service desired.
  • Page 62: Spanning Tree Protocol (Stp)

    G-3000H User’s Guide Table 11 ToS and IEEE 802.1d to WMM QoS Priority Level Mapping DSCP VALUE 96, 0 64, 32 a. The ZyAIR also uses best effort for any DSCP value for which another WMM QoS priority is not specified (255, 158 or 37 for example). 5.4 Spanning Tree Protocol (STP) STP detects and breaks network loops and provides backup links between switches, bridges or routers.
  • Page 63: How Stp Works

    On each bridge, the root port is the port through which this bridge communicates with the root. It is the port on this switch with the lowest path cost to the root (the root path cost). If there is no root port, then this bridge has been accepted as the root bridge of the spanning tree network. For each LAN segment, a designated bridge is selected.
  • Page 64: Configuring Wireless

    G-3000H User’s Guide 1 Configure the ZyAIR as an AP, an AP+Bridge, a Bridge/Repeater or to use multiple ESS in the Wireless screen. You can also select an SSID Profile in the Wireless screen. 2 Use the SSID screens to view and create SSID profiles. 3 Use the Security screen to configure wireless profiles.
  • Page 65: Figure 21 Wireless: Access Point

    Figure 21 Wireless: Access Point The following table describes the general wireless LAN labels in this screen. Table 14 Wireless: Access Point LABEL DESCRIPTION Operating Mode Select the operating mode from the drop-down list. The options are Access Point, Bridge/Repeater, AP+Bridge and MESSID. Choose Channel Set the operating frequency/channel depending on your particular region.
  • Page 66: Bridge/Repeater Mode

    G-3000H User’s Guide Table 14 Wireless: Access Point LABEL DESCRIPTION Hide Name Select this check box to hide the SSID in the outgoing beacon frame so a station (SSID) cannot obtain the SSID through scanning using a site survey tool. Enable Intra- Intra-BSS traffic is traffic between wireless stations in the same BSS.
  • Page 67: Figure 22 Bridging Example

    G-3000H User’s Guide In the example below, when both ZyAIRs are in Bridge/Repeater mode, they form a WDS (Wireless Distribution System) allowing the computers in LAN 1 to connect to the computers in LAN 2. Figure 22 Bridging Example Be careful to avoid bridge loops when you enable bridging in the ZyAIR. Bridge loops cause broadcast traffic to circle the network endlessly, resulting in possible throughput degradation and disruption of communications.
  • Page 68: Figure 23 Bridge Loop: Two Bridges Connected To Hub

    G-3000H User’s Guide Figure 23 Bridge Loop: Two Bridges Connected to Hub If your ZyAIR (in bridge mode) is connected to a wired LAN while communicating with another wireless bridge that is also connected to the same wired LAN as shown next. Figure 24 Bridge Loop: Bridge Connected to Wired LAN To prevent bridge loops, ensure that you enable STP in the Wireless screen or your ZyAIR is not set to bridge mode while connected to both wired and wireless segments of the same LAN.
  • Page 69: Figure 25 Wireless: Bridge/Repeater

    Figure 25 Wireless: Bridge/Repeater The following table describes the bridge labels in this screen. Table 15 Wireless: Bridge/Repeater LABEL Operating Mode Choose Channel ID Scan RTS/CTS Threshold Fragmentation Threshold Chapter 5 Wireless Configuration DESCRIPTIONS Select Bridge/Repeater in this field to display the screen as shown. Set the operating frequency/channel depending on your particular region.
  • Page 70: Ap+Bridge Mode

    G-3000H User’s Guide Table 15 Wireless: Bridge/Repeater LABEL Enable WDS Security Select the check box to enable WDS on your ZyAIR. A Wireless Distribution Active Remote Bridge MAC Address Table 14 on page 65 5.6.3 AP+Bridge Mode Click the WIRELESS link under ADVANCED. Select AP+Bridge as the Operating Mode to display the screen as shown next.
  • Page 71: Multiple Ess Mode

    Figure 26 Wireless: AP+Bridge See the tables describing the fields in the Access Point and Bridge/Repeater operating modes for descriptions of the fields in this screen. 5.6.4 Multiple ESS Mode Select MESSID as the Operating Mode to display the screen. Refer to the chapter on Multiple ESS and VLAN for configuration and detailed information.
  • Page 72 G-3000H User’s Guide Chapter 5 Wireless Configuration...
  • Page 73: Wireless Security Configuration

    Wireless Security Configuration This chapter describes how to use the Security, RADIUS and Local User Database screens to configure wireless security on your ZyAIR. 6.1 Wireless Security Overview Wireless security is vital to your network to protect wireless communication between wireless stations, access points and the wired network.
  • Page 74: Hide Zyair Identity

    G-3000H User’s Guide 6.1.4 Hide ZyAIR Identity If you hide the ESSID, then the ZyAIR cannot be seen when a wireless client scans for local APs. The trade-off for the extra security of “hiding” the ZyAIR may be inconvenience for some valid WLAN clients.
  • Page 75: Dynamic Wep Key Exchange

    The following figure shows an overview of authentication when you specify a RADIUS server on your access point. Figure 27 EAP Authentication The details below provide a general description of how IEEE 802.1x EAP authentication works. For an example list of EAP-MD5 authentication steps, see the IEEE 802.1x appendix. 1 The wireless station sends a “start”...
  • Page 76: User Authentication

    G-3000H User’s Guide 6.6.1 User Authentication WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients using an external RADIUS database. See later in this chapter and the appendices for more information on IEEE 802.1x, RADIUS, EAP and PEAP. If you don’t have an external RADIUS server you should use WPA-PSK (WPA -Pre-Shared Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client.
  • Page 77: Wpa(2) With Radius Application Example

    1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters (including spaces and symbols). 2 The AP checks each wireless client's password and (only) allows it to join the network if the password matches.
  • Page 78: Security Modes

    G-3000H User’s Guide Figure 29 WPA(2) with RADIUS Application Example 6.8 Security Modes The following table describes the security modes you can configure. Table 16 Security Modes SECURITY MODE None 802.1x-Only 802.1x-Dynamic64 802.1x-Dynamic128 802.1x-Static64 802.1x-Static128 WPA-PSK WPA2-PSK WPA2-PSK-MIX WPA-MIX WPA2 DESCRIPTION Select this to have no data encryption.
  • Page 79: Security Modes And Wireless Client Compatibility

    Table 16 Security Modes SECURITY MODE WPA2-MIX No-Access 6.9 Security Modes and Wireless Client Compatibility Different security modes can be configured for each SSID. However, not all security modes are compatible with the security mode of the wireless client. The following table shows combinations of security modes between a Windows XP wireless client and the ZyAIR.
  • Page 80: Wireless Security Effectiveness

    G-3000H User’s Guide The Funk Software's Odyssey client is bundled free (at the time of writing) with the client wireless adaptor(s). 6.11 Wireless Security Effectiveness The following figure shows the relative effectiveness of these wireless security methods available on your ZyAIR. EAP (Extensible Authentication Protocol) is used for authentication and utilizes dynamic WEP key exchange.
  • Page 81: Security: No Access

    Figure 30 Security The following table describes the labels in this screen. Table 19 Security LABEL Index Profile Name Security Mode Edit The next screen varies by the Security Mode you select. 6.12.1 Security: No Access Select No Access in the Security Mode field to display the following screen. Chapter 6 Wireless Security Configuration DESCRIPTION This is the index number of the security profile address.
  • Page 82: Security: Wep

    G-3000H User’s Guide Figure 31 Security: No Access or None The following table describes the labels in this screen. Table 20 Security: No Access or None LABEL DESCRIPTION Name Type a name to identify this security profile. Security Mode Choose No Access or None in this field. Apply Click Apply to save your changes back to the ZyAIR.
  • Page 83: Security: 802.1X Only, 802.1X Static 64-Bit Wep, 128-Bit Wep

    Table 21 Security: WEP LABEL DESCRIPTION WEP Encryption Select Disable to allow wireless stations to communicate with the access points without any data encryption. Select 64-bit WEP or 128-bit WEP to enable data encryption. Authentication Select Auto, Open System or Shared Key from the drop-down list box. Method The default setting is Auto.
  • Page 84: Figure 33 Security: 802.1X Only, 802.1X Static 64-Bit Wep, 128-Bit Wep

    G-3000H User’s Guide Figure 33 Security: 802.1x Only, 802.1x Static 64-bit WEP, 128-bit WEP The following table describes the labels in this screen. Table 22 Security: 802.1x Only, 802.1x Static 64-bit WEP, 128-bit WEP LABEL DESCRIPTION Name Type a name to identify this security profile. Security Mode Choose 802.1x Only, 802.1x Static 64 or 802.1x Static 128 in this field.
  • Page 85: Security: 802.1X Dynamic 64-Bit Wep, 128-Bit Wep

    Table 22 Security: 802.1x Only, 802.1x Static 64-bit WEP, 128-bit WEP LABEL DESCRIPTION Authentication The authentication database contains wireless station login information. The local Databases user database is the built-in database on the ZyAIR. The RADIUS is an external server. Use this drop-down list box to select which database the ZyAIR should use (first) to authenticate a wireless station.
  • Page 86: Security: Wpa, Wpa-Mix, Wpa2, Wpa2-Mix

    G-3000H User’s Guide Table 23 Security: 802.1x Dynamic 64-bit WEP, 128-bit WEP LABEL DESCRIPTION ReAuthentication Specify how often wireless stations have to resend usernames and passwords in Timer order to stay connected. Enter a time interval between 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes).
  • Page 87: Security: Wpa-Psk, Wpa2-Psk, Wpa2-Psk-Mix

    Figure 35 Security: WPA, WPA-MIX, WPA2 or WPA2-MIX The following table describes the labels not previously discussed Table 24 Security: WPA, WPA-MIX, WPA2 or WPA2-MIX LABEL DESCRIPTIONS Name Type a name to identify this security profile. Security Mode Choose WPA, WPA-MIX, WPA2 or WPA2-MIX in this field. ReAuthentication Specify how often wireless stations have to resend usernames and passwords in Timer...
  • Page 88: Figure 36 Security: Wpa-Psk, Wpa2-Psk Or Wpa2-Psk-Mix

    G-3000H User’s Guide Figure 36 Security: WPA-PSK, WPA2-PSK or WPA2-PSK-MIX The following table describes the labels not previously discussed Table 25 Security: WPA-PSK, WPA2-PSK or WPA2-PSK-MIX LABEL DESCRIPTION Name Type a name to identify this security profile. Security Mode Choose WPA-PSK, WPA2-PSK or WPA2-PSK-MIX in this field. Pre-Shared Key The encryption mechanisms used for WPA and WPA-PSK are the same.
  • Page 89: Introduction To Radius

    6.13 Introduction to RADIUS RADIUS is based on a client-sever model that supports authentication and accounting, where access point is the client and the server is the RADIUS server. The RADIUS server handles the following tasks among others: • Authentication Determines the identity of the users.
  • Page 90: Figure 37 Radius

    G-3000H User’s Guide Figure 37 RADIUS The following table describes the labels in this screen. Table 26 RADIUS LABEL Index Profile Name Primary Backup Active RADIUS Server IP Address RADIUS Server Port Share Secret Active DESCRIPTION Select the RADIUS profile you want to configure from the drop-down list box. Type a name for the RADIUS profile associated with the Index number above.
  • Page 91: Configuring Local User Database

    Table 26 RADIUS LABEL Accounting Server IP Address Accounting Server Port Enter the port number of the external accounting server. The default port Share Secret Apply Reset 6.15 Configuring Local User Database To change your ZyAIR’s local user database, click the WIRELESS link under ADVANCED and then the Local User Database tab.
  • Page 92 G-3000H User’s Guide Chapter 6 Wireless Security Configuration...
  • Page 93: Multiple Ess, Ssid And Vlan

    Multiple ESS, SSID and VLAN This chapter describes how to use configure multiple ESS, SSID and VLAN on your ZyAIR. 7.1 Wireless LAN Infrastructures See the Wizard Setup and Wireless LAN chapters for some basic WLAN scenarios and terminology. 7.1.1 Multiple ESS Traditionally, you needed different APs to configure different ESSs.
  • Page 94: Multiple Ess Example

    G-3000H User’s Guide 7.1.3 Multiple ESS Example Refer to the section on ZyAIR applications for more information. 7.1.4 Multi-ESS with VLAN Example In this example, VLAN 2 is the management VLAN and includes the computers in ESS1 and LAN 1. Computers in ESS2 and LAN 2 belong to VLAN 2. “Wireless group” ESS1is limited to accessing the resources on LAN 1 and similarly “wireless group”...
  • Page 95: Figure 40 Wireless: Multiple Ess

    Figure 40 Wireless: Multiple ESS The following table describes the labels in this screen. Table 28 Wireless: Multiple ESS LABEL Operating Mode Choose Channel ID Scan RTS/CTS Threshold Fragmentation Threshold Chapter 7 Multiple ESS, SSID and VLAN DESCRIPTION Select MESSID in this field to display the screen as shown Set the operating frequency/channel depending on your particular region.
  • Page 96 G-3000H User’s Guide Table 28 Wireless: Multiple ESS LABEL Select SSID Profile Index Profile Enable Intra-BSS Traffic Enable Breathing LED Select this check box to enable the Breathing LED, also known as the ZyAIR Enable Spanning Tree Control (STP) Output Power Preamble 802.11 Mode DESCRIPTION...
  • Page 97: Ssid

    Table 28 Wireless: Multiple ESS LABEL Max. Frame Burst Apply Reset 7.2 SSID Click the WIRELESS link under ADVANCED and the SSID tab to display the screen as shown. Figure 41 SSID The following table describes the labels in this screen. Table 29 SSID LABEL Index...
  • Page 98: Configuring Ssid

    G-3000H User’s Guide Table 29 SSID LABEL SSID VLAN Second Rx VLAN Security RADIUS Edit 7.2.1 Configuring SSID Configure appropriate fields in the Wireless, Security, RADIUS, MAC Filter, Layer-2 Isolation and VLAN screens to use those settings in the following screen. These settings can be used instead of the default settings to create SSID profiles.
  • Page 99: Figure 42 Configuring Ssid

    Figure 42 Configuring SSID The following table describes the labels in this screen. Table 30 Configuring SSID LABEL Name SSID VLAN Second Rx VLAN Security RADIUS L2 Isolation Enable MAC Filtering Apply Reset Chapter 7 Multiple ESS, SSID and VLAN DESCRIPTION Type a name to identify this SSID profile on the ZyAIR.
  • Page 100: Second Rx Vlan Id

    G-3000H User’s Guide 7.2.2 Second Rx VLAN ID The ZyAIR tags Ethernet frames in VLAN 1 with VLAN ID 1 and tags Ethernet frames in VLAN 2 with VLAN ID 2. Both VLAN 1 and VLAN 2 have Internet access. VLAN 1 and VLAN 2 have access to a server.
  • Page 101 G-3000H User’s Guide Chapter 7 Multiple ESS, SSID and VLAN...
  • Page 102 G-3000H User’s Guide Chapter 7 Multiple ESS, SSID and VLAN...
  • Page 103: Other Wireless Configurations

    Other Wireless Configurations This chapter describes how to configure the Layer-2 Isolation, MAC Filter and Roaming screens on your ZyAIR. 8.1 Layer-2 Isolation Introduction Layer-2 isolation is used to prevent wireless clients associated with your ZyAIR from communicating with other wireless clients, AP’s, computers or routers in a network. In the following figure, A represents your ZyAIR, B represents an AP, C represents a server and 1, 2 and 3 represent wireless clients.
  • Page 104: Configuring Layer-2 Isolation

    G-3000H User’s Guide Figure 45 Layer-2 Isolation Application MAC addresses that are not listed in the Allow devices with these MAC addresses table are blocked from communicating with the ZyAIR’s wireless clients except for broadcast packets. Layer-2 isolation does not check the traffic between wireless clients that are associated with the same AP.
  • Page 105: Layer-2 Isolation Examples

    Figure 46 Layer-2 Isolation Configuration Screen The following table describes the labels in this screen. Table 31 Layer-2 Isolation Configuration LABEL DESCRIPTION Enable Layer-2 Select the Enable Layer-2 Isolation check box to enable layer-2 isolation on the Isolation ZyAIR. When you select the Enable Layer-2 Isolation check box and save this configuration screen, the Enable Intra-BSS Traffic check box in the Wireless configuration screen is cleared.
  • Page 106: Layer-2 Isolation Example 1

    G-3000H User’s Guide Figure 47 Layer-2 Isolation Example 00:0a:c5:00:00:cc 8.2.2 Layer-2 Isolation Example 1 In the following example wireless clients 1 and 2 cannot communicate with C, B or 3. • Select the Enable Layer-2 Isolation check box, but do not configure any MAC addresses in the Allow devices with these MAC addresses table (1 and 2 cannot communicate with each other unless you enable Intra-BSS).
  • Page 107: Layer-2 Isolation Example 3

    • Select the Enable Layer-2 Isolation check box. • Enter C’s MAC address in the Allow devices with these MAC addresses field. Figure 49 Layer-2 Isolation Example 2 8.2.4 Layer-2 Isolation Example 3 In the following example wireless clients 1 and 2 can communicate with B and C but not 3. •...
  • Page 108: Configuring Mac Filter

    G-3000H User’s Guide Figure 50 Layer-2 Isolation Example 3 8.3 Configuring MAC Filter The MAC filter screen allows you to configure the ZyAIR to give exclusive access to up to 32 devices (Allow Association) or exclude up to 32 devices from accessing the ZyAIR (Deny Association).
  • Page 109: Configuring Roaming

    Figure 51 MAC Address Filter The following table describes the labels in this screen. Table 32 MAC Address Filter LABEL Filter Action MAC Address Apply Reset Note: To activate MAC filtering on a profile, select Enable from the Enable MAC Filtering drop-down list box in the SSID configuration screen and click Apply.
  • Page 110: Figure 52 Roaming Example

    G-3000H User’s Guide The roaming feature on the access points allows the access points to relay information about the wireless stations to each other. When a wireless station moves from a coverage area to another, it scans and uses the channel of a new access point, which then informs the access points on the LAN about the change.
  • Page 111: Requirements For Roaming

    8.4.1 Requirements for Roaming The following requirements must be met in order for wireless stations to roam between the coverage areas. 1 All the access points must be on the same subnet and configured with the same ESSID. 2 If IEEE 802.1x user authentication is enabled and to be done locally on the access point, the new access point must have the user profile for the wireless station.
  • Page 112 G-3000H User’s Guide Chapter 8 Other Wireless Configurations...
  • Page 113: Chapter 9 Vlan

    This chapter discusses how to configure VLAN on the ZyAIR. 9.1 VLAN A VLAN (Virtual Local Area Network) allows a physical network to be partitioned into multiple logical networks. Stations on a logical network can belong to one or more groups. Only stations within the same group can talk to each other.
  • Page 114: Figure 54 Vlan

    G-3000H User’s Guide Figure 54 VLAN The following table describes the labels in this screen. Table 34 VLAN LABEL Enable VLAN Tagging Management VLAN ID Enter a number from 1 to 4094 to define this VLAN group. At least one device VLAN Mapping Table Index DESCRIPTION...
  • Page 115: Configuring Management Vlan Example

    Table 34 VLAN LABEL Name Apply Reset 9.2.1 Configuring Management VLAN Example This section shows you how to create a VLAN on an Ethernet switch. By default, the port on the ZyAIR is a member of the management VLAN (VID 1). The following procedure shows you how to configure a tagged VLAN.
  • Page 116: Figure 56 Vlan-Aware Switch - Static Vlan

    G-3000H User’s Guide 5 Type a VLAN Group ID. This should be the same as the management VLAN ID on the ZyAIR. 6 Enable Tx Tagging on the port which you want to connect to the ZyAIR. Disable Tx Tagging on the port you are using to connect to your computer. 7 Under Control, select Fixed to set the port as a member of the VLAN.
  • Page 117: Configuring Microsoft's Ias Server Example

    3 Click Apply. VLAN Setup Figure 59 4 The ZyAIR attempts to connect with a VLAN-aware device. You can now access and mange the ZyAIR though the Ethernet switch. Note: If you do not connect the ZyAIR to a correctly configured VLAN-aware device, you will lock yourself out of the ZyAIR.
  • Page 118: Configuring Vlan Groups

    G-3000H User’s Guide 1 When you configure your wireless credentials, the ZyAIR sends the information to the IAS server using RADIUS protocol. 2 Authentication by the RADIUS server is successful. 3 The RADIUS server sends three attributes related to this feature. 4 The ZyAIR compares these attributes with the VLAN screen mapping table.
  • Page 119: Configuring Remote Access Policies

    • The IAS uses group memberships to determine which user accounts belong to which VLAN groups. Click the Add button and configure the VLAN group details. 3 Repeat the previous step to add each VLAN group required. Figure 61 Add Group Members 9.2.2.2 Configuring Remote Access Policies Once the VLAN Groups have been created, the IAS Remote Access Policy needs to be defined.
  • Page 120: Figure 62 New Remote Access Policy For Vlan Group

    G-3000H User’s Guide Figure 62 New Remote Access Policy for VLAN Group 2 The Conditions window displays. Select Add to add a condition for this policy to act on. 3 In the Select Attribute screen, click Windows-Groups and the Add button. Figure 63 Specifying Windows-Group Condition 4 The Select Groups window displays.
  • Page 121: Figure 64 Adding Vlan Group

    Figure 64 Adding VLAN Group 6 When the Permissions options screen displays, select Grant remote access permission. • Click Next to grant access based on group membership. • Click the Edit Profile button. Figure 65 Granting Permissions and User Profile Screens 7 The Edit Dial-in Profile screen displays.
  • Page 122: Figure 66 Authentication Tab Settings

    G-3000H User’s Guide Figure 66 Authentication Tab Settings 8 Click the Encryption tab. Select the Strongest encryption option. This step is not required for EAP-MD5, but is performed as a safeguard. Figure 67 Encryption Tab Settings 9 Click the IP tab and select the Client may request an IP address check box for DHCP support.
  • Page 123: Figure 68 Connection Attributes Screen

    Figure 68 Connection Attributes Screen 11The RADIUS Attribute screen displays. From the list, three RADIUS attributes will be added: • • • • Click the Add button • Select Tunnel-Medium-Type • Click the Add button. Chapter 9 VLAN Tunnel-Medium-Type Tunnel-Pvt-Group-ID Tunnel-Type G-3000H User’s Guide...
  • Page 124: Figure 69 Radius Attribute Screen

    G-3000H User’s Guide Figure 69 RADIUS Attribute Screen 12 The Enumerable Attribute Information screen displays. Select the 802 value from the Attribute value drop-down list box. • Click OK. Figure 70 802 Attribute Setting for Tunnel-Medium-Type 13Return to the RADIUS Attribute Screen shown as •...
  • Page 125: Figure 71 Vlan Id Attribute Setting For Tunnel-Pvt-Group-Id

    Figure 71 VLAN ID Attribute Setting for Tunnel-Pvt-Group-ID 15Return to the RADIUS Attribute Screen shown as • Select Tunnel-Type. • Click Add. 16The Enumerable Attribute Information screen displays. • Select Virtual LANs (VLAN) from the attribute value drop-down list box. •...
  • Page 126: Figure 73 Completed Advanced Tab

    G-3000H User’s Guide Figure 73 Completed Advanced Tab Note: Repeat the Configuring Remote Access Policies procedure for each VLAN Group defined in the Active Directory. Remember to place the most general Remote Access Policies at the bottom of the list and the most specific at the top of the list. Chapter 9 VLAN...
  • Page 127: Chapter 10 Ip Screen

    This chapter discusses how to configure IP on the ZyAIR 10.1 Factory Ethernet Defaults The Ethernet parameters of the ZyAIR are preset in the factory with the following values: 1 IP address of 192.168.1.2 2 Subnet mask of 255.255.255.0 (24 bits) These parameters should work for the majority of installations.
  • Page 128: Configuring Ip

    G-3000H User’s Guide Note: Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space.
  • Page 129: Chapter 11 Certificates

    This chapter gives background information about public-key certificates and explains how to use them. 11.1 Certificates Overview The ZyAIR can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key.
  • Page 130: Advantages Of Certificates

    G-3000H User’s Guide 11.1.1 Advantages of Certificates Certificates offer the following benefits. • The ZyAIR only has to store the certificates of the certification authorities that you decide to trust, no matter how many devices you need to authenticate. • Key distribution is simple and very secure since you can freely distribute public keys and you never need to transmit private keys.
  • Page 131: Figure 75 My Certificates

    Figure 75 My Certificates The following table describes the labels in this screen. Table 38 My Certificates LABEL DESCRIPTION PKI Storage This bar displays the percentage of the ZyAIR’s PKI storage space that is currently Space in Use in use. When you are using 80% or less of the storage space, the bar is green. When the amount of space used is over 80%, the bar is red.
  • Page 132: Certificate File Formats

    G-3000H User’s Guide Table 38 My Certificates (continued) LABEL DESCRIPTION Issuer This field displays identifying information about the certificate’s issuing certification authority, such as a common name, organizational unit or department, organization or company and country. With self-signed certificates, this is the same information as in the Subject field.
  • Page 133: Importing A Certificate

    • PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses 64 ASCII characters to convert a binary PKCS#7 certificate into a printable form. 11.6 Importing a Certificate Click CERTIFICATES, My Certificates and then Import to open the My Certificate Import screen.
  • Page 134: Creating A Certificate

    G-3000H User’s Guide 11.7 Creating a Certificate Click CERTIFICATES, My Certificates and then Create to open the My Certificate Create screen. Use this screen to have the ZyAIR create a self-signed certificate, enroll a certificate with a certification authority or generate a certification request, see the following figure.
  • Page 135 Table 40 My Certificate Create (continued) LABEL Organizational Unit Organization Country Key Length Enrollment Options Create a self-signed certificate Create a certification request and save it locally for later manual enrollment Create a certification request and enroll for a certificate immediately online Enrollment Protocol CA Server Address...
  • Page 136: My Certificate Details

    G-3000H User’s Guide Table 40 My Certificate Create (continued) LABEL Apply Cancel After you click Apply in the My Certificate Create screen, you see a screen that tells you the ZyAIR is generating the self-signed certificate or certification request. After the ZyAIR successfully enrolls a certificate or generates a certification request or a self- signed certificate, you see a screen with a Return button that takes you back to the My Certificates screen.
  • Page 137: Figure 78 My Certificate Details

    Figure 78 My Certificate Details The following table describes the labels in this screen. Table 41 My Certificate Details LABEL Name Property Default self-signed certificate which signs the imported remote host certificates. Chapter 11 Certificates DESCRIPTION This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this certificate.
  • Page 138 G-3000H User’s Guide Table 41 My Certificate Details (continued) LABEL Certificate Path Refresh Certificate Information Type Version Serial Number Subject Issuer Signature Algorithm Valid From Valid To Key Algorithm Subject Alternative Name Key Usage Basic Constraint MD5 Fingerprint DESCRIPTION Click the Refresh button to have this read-only text box display the hierarchy of certification authorities that validate the certificate (and the certificate itself).
  • Page 139: Trusted Cas

    Table 41 My Certificate Details (continued) LABEL SHA1 Fingerprint Certificate in PEM (Base-64) Encoded Format Export Apply Cancel 11.9 Trusted CAs Click CERTIFICATES, Trusted CAs to open the Trusted CAs screen. This screen displays a summary list of certificates of the certification authorities that you have set the ZyAIR to accept as trusted.
  • Page 140: Figure 79 Trusted Cas

    G-3000H User’s Guide Figure 79 Trusted CAs The following table describes the labels in this screen. Table 42 Trusted CAs LABEL DESCRIPTION PKI Storage This bar displays the percentage of the ZyAIR’s PKI storage space that is currently Space in Use in use.
  • Page 141: Importing A Trusted Ca's Certificate

    Table 42 Trusted CAs (continued) LABEL DESCRIPTION Delete Click Delete to delete an existing certificate. A window display asking you to confirm that you want to delete the certificate. Note that subsequent certificates move up by one when you take this action. Refresh Click this button to display the current validity status of the certificates.
  • Page 142: Trusted Ca Certificate Details

    G-3000H User’s Guide 11.11 Trusted CA Certificate Details Click CERTIFICATES, Trusted CAs to open the Trusted CAs screen. Click the details icon to open the Trusted CA Details screen. Use this screen to view in-depth information about the certification authority’s certificate, change the certificate’s name and set whether or not you want the ZyAIR to check a certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority.
  • Page 143: Figure 81 Trusted Ca Details

    Figure 81 Trusted CA Details The following table describes the labels in this screen. Table 44 Trusted CA Details LABEL Name Property Default self-signed certificate which signs the imported remote host certificates. Chapter 11 Certificates DESCRIPTION This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this key certificate.
  • Page 144 G-3000H User’s Guide Table 44 Trusted CA Details (continued) LABEL Certificate Path Refresh Certificate Information Type Version Serial Number Subject Issuer Signature Algorithm Valid From Valid To Key Algorithm Subject Alternative Name Key Usage Basic Constraint DESCRIPTION Click the Refresh button to have this read-only text box display the end entity’s certificate and a list of certification authority certificates that shows the hierarchy of certification authorities that validate the end entity’s certificate.
  • Page 145 Table 44 Trusted CA Details (continued) LABEL CRL Distribution Points MD5 Fingerprint SHA1 Fingerprint Certificate in PEM (Base-64) Encoded Format Export Apply Cancel Chapter 11 Certificates DESCRIPTION This field displays how many directory servers with Lists of revoked certificates the issuing certification authority of this certificate makes available. This field also displays the domain names or IP addresses of the servers.
  • Page 146 G-3000H User’s Guide Chapter 11 Certificates...
  • Page 147: Remote Management Screens

    Remote Management Screens This chapter provides information on the Remote Management screens. 12.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which ZyAIR interface (if any) from which computers. You may manage your ZyAIR from a remote location via: •...
  • Page 148: Remote Management And Nat

    G-3000H User’s Guide 12.1.2 Remote Management and NAT When NAT is enabled: • Use the ZyAIR’s WAN IP address when configuring from the WAN. • Use the ZyAIR’s LAN IP address when configuring from the LAN. 12.1.3 System Timeout There is a default system management idle timeout of five minutes (three hundred seconds). The ZyAIR automatically logs you out if the management session remains idle for longer than this timeout period.
  • Page 149: Figure 82 Remote Management: Www

    Figure 82 Remote Management: WWW The following table describes the labels in this screen. Table 45 Remote Management: WWW LABEL DESCRIPTION HTTPS Server Certificate Select the Server Certificate that the ZyAIR will use to identify itself. The ZyAIR is the SSL server and must always authenticate itself to the SSL client (the computer which requests the HTTPS connection with the ZyAIR).
  • Page 150: Configuring Telnet

    G-3000H User’s Guide Table 45 Remote Management: WWW LABEL DESCRIPTION Server Access Select the interface(s) through which a computer may access the ZyAIR using this service. Secured Client IP A secured client is a “trusted” computer that is allowed to communicate with the Address ZyAIR using this service.
  • Page 151: Configuring Ftp

    Figure 84 Remote Management: Telnet The following table describes the labels in this screen. Table 46 Remote Management: Telnet LABEL Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Server Access Select the interface(s) through which a computer may access the ZyAIR using this service.
  • Page 152: Snmp

    G-3000H User’s Guide Figure 85 Remote Management: FTP The following table describes the labels in this screen. Table 47 Remote Management: FTP LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
  • Page 153: Figure 86 Snmp Management Model

    Figure 86 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the ZyAIR). An agent translates the local management information from the managed device into a form compatible with SNMP.
  • Page 154: Supported Mibs

    G-3000H User’s Guide 12.6.1 Supported MIBs The ZyAIR supports MIB II that is defined in RFC-1213 and RFC-1215 as well as the proprietary ZyXEL private MIB. The purpose of the MIBs is to let administrators collect statistical data and monitor status and performance. 12.6.2 SNMP Traps The ZyAIR can send the following traps to the SNMP manager.
  • Page 155: Snmp Traps

    Table 48 SNMP Traps TRAP NAME pwWlanStaAuthFail pwTFTPStatus 12.7 SNMP Traps Some traps include an SNMP interface index. The following table maps the SNMP interface indexes to the ZyAIR’s physical ports. Table 49 SNMP Interface Index to Physical Port Mapping INTERFACE TYPE enet0 enet1...
  • Page 156: Figure 87 Remote Management: Snmp

    G-3000H User’s Guide Figure 87 Remote Management: SNMP The following table describes the labels in this screen. Table 50 Remote Management: SNMP LABEL SNMP Configuration Get Community Set Community Community Destination SNMP Service Port Service Access Secured Client IP Address Apply Reset DESCRIPTION...
  • Page 157: Chapter 13 Log Screens

    This chapter contains information about configuring general log settings and viewing the ZyAIR’s logs. Refer to the appendix for example log message explanations. 13.1 Configuring View Log The web configurator allows you to look at all of the ZyAIR’s logs in one location. Click the LOGS links under ADVANCED to open the View Log screen.
  • Page 158: Configuring Log Settings

    G-3000H User’s Guide Table 51 View Log LABEL Notes Email Log Now Refresh Clear Log 13.2 Configuring Log Settings To change your ZyAIR’s log settings, click the LOGS links under ADVANCED and then the Log Settings tab. The screen appears as shown. Use the Log Settings screen to configure to where the ZyAIR is to send the logs;...
  • Page 159: Figure 89 Log Settings

    Figure 89 Log Settings The following table describes the labels in this screen. Table 52 Log Settings LABEL Address Info Mail Server Mail Subject Send Log to Send Alerts to Syslog Logging Active Syslog Server IP Address Log Facility Send Log Chapter 13 Log Screens DESCRIPTION Enter the server name or the IP address of the mail server for the e-mail...
  • Page 160 G-3000H User’s Guide Table 52 Log Settings LABEL Log Schedule Day for Sending Log Time for Sending Log Clear log after sending mail Send Immediate Alert Apply Reset DESCRIPTION This drop-down menu is used to configure the frequency of log messages being sent as E-mail: •...
  • Page 161: Chapter 14 Maintenance

    This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 14.1 Maintenance Overview The maintenance screens can help you view system information, upload new firmware, manage configuration and restart your ZyAIR. 14.2 System Status Screen Click MAINTENANCE to open the System Status screen, where you can use to monitor your ZyAIR.
  • Page 162: System Statistics

    G-3000H User’s Guide 14.2.1 System Statistics Read-only information here includes port status, packet specific statistics and bridge link status. Also provided are "system up time" and "poll interval(s)". The Poll Interval field is configurable. Figure 91 System Status: Show Statistics The following table describes the labels in this screen.
  • Page 163: Association List

    Table 54 System Status: Show Statistics LABEL TxPkts RxPkts System Up Time Poll Interval(s) Set Interval Stop 14.3 Association List View the wireless stations that are currently associated to the ZyAIR in the Association List screen. Click MAINTENANCE and then the Association List tab to display the screen as shown next.
  • Page 164: Channel Usage

    G-3000H User’s Guide Table 55 Association List LABEL Privacy Refresh 14.4 Channel Usage The Channel Usage screen shows whether a channel is used by another wireless network or not. If a channel is being used, you should select a channel removed from it by five channels to completely avoid overlap.
  • Page 165: Figure 93 Channel Usage

    Figure 93 Channel Usage The following table describes the labels in this screen. Table 56 Channel Usage LABEL SSID MAC Address Channel Signal Chapter 14 Maintenance DESCRIPTION This is the Service Set IDentification name of the AP in an Infrastructure wireless network or wireless station in an Ad-Hoc wireless network.
  • Page 166: F/W Upload Screen

    G-3000H User’s Guide Table 56 Channel Usage LABEL Network Mode Refresh 14.5 F/W Upload Screen Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a "*.bin" extension, e.g., "zyair.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes.
  • Page 167: Figure 95 Firmware Upload In Process

    G-3000H User’s Guide After you see the Firmware Upload in Process screen, wait two minutes before logging into the ZyAIR again. Figure 95 Firmware Upload In Process The ZyAIR automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop.
  • Page 168: Configuration Screen

    G-3000H User’s Guide Figure 97 Firmware Upload Error 14.6 Configuration Screen See the Firmware and Configuration File Maintenance files using FTP/TFTP commands. Click MAINTENANCE, and then the Configuration tab. Information related to factory defaults, backup configuration, and restoring configuration appears as shown next. Figure 98 Configuration 14.6.1 Backup Configuration Backup configuration allows you to back up (save) the ZyAIR’s current configuration to a file...
  • Page 169: Restore Configuration

    Click Backup to save the ZyAIR’s current configuration to your computer. 14.6.2 Restore Configuration Restore configuration allows you to upload a new or previously saved configuration file from your computer to your ZyAIR. Table 58 Restore Configuration LABEL File Path Browse...
  • Page 170: Back To Factory Defaults

    G-3000H User’s Guide Figure 101 Configuration Upload Error 14.6.3 Back to Factory Defaults Pressing the Reset button in this section clears all user-entered configuration information and returns the ZyAIR to its factory defaults as shown on the screen. The following warning screen will appear.
  • Page 171: Chapter 15 Introducing The Smt

    This chapter describes how to access the SMT and provides an overview of its menus 15.1 Connect to your ZyAIR Using Telnet The following procedure details how to telnet into your ZyAIR. 1 In Windows, click Start (usually in the bottom left corner), Run and then type “telnet 192.168.1.2”...
  • Page 172: Zyair Smt Menu Overview Example

    G-3000H User’s Guide Figure 105 Menu 23.1 System Security: Change Password Menu 23.1 – System Security – Change Password 4 Type your new system password in the New Password field (up to 30 characters), and press [ENTER]. 5 Re-type your new system password in the Retype to confirm field for confirmation and press [ENTER].
  • Page 173: Navigating The Smt Interface

    Table 59 SMT Menus Overview (continued) MENUS 24 System Maintenance 24.1 System Status 15.4 Navigating the SMT Interface The SMT (System Management Terminal) is the interface that you use to configure your ZyAIR. Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below.
  • Page 174: System Management Terminal Interface Summary

    Type 99, then press [ENTER]. After you enter the password, the SMT displays the main menu, as shown next. Figure 106 G-3000H SMT Main Menu Copyright (c) 1994 - 2005 ZyXEL Communications Corp. Getting Started 1. General Setup 3. LAN Setup Advanced Applications 14.
  • Page 175 Table 61 Main Menu Summary MENU TITLE System Maintenance Exit Chapter 15 Introducing the SMT DESCRIPTION This menu provides system status, diagnostics, software upload, etc. Use this to exit from SMT and return to a blank screen. G-3000H User’s Guide...
  • Page 176 G-3000H User’s Guide Chapter 15 Introducing the SMT...
  • Page 177: Chapter 16 General Setup

    The chapter shows you the information on general setup. 16.1 General Setup Menu 1 – General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. It is recommended you type your computer's "Computer name". The Domain Name entry is what is propagated to the DHCP clients on the LAN.
  • Page 178 G-3000H User’s Guide Table 62 Menu 1 General Setup FIELD First/Second/Third System DNS Server IP Address When you have completed this menu, press [ save your configuration, or press [ DESCRIPTION Press [SPACE BAR] to select From DHCP, User Defined or None and press [ENTER].
  • Page 179: Chapter 17 Lan Setup

    This chapter shows you how to configure the LAN on your ZyAIR. 17.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 – LAN Setup. From the main menu, enter 3 to display menu 3. Figure 108 Menu 3 LAN Setup 2.
  • Page 180: Wireless Lan Setup

    G-3000H User’s Guide Figure 109 Menu 3.2 TCP/IP Setup Follow the instructions in the following table on how to configure the fields in this menu. Table 63 Menu 3.2 TCP/IP Setup FIELD DESCRIPTION IP Address Press [SPACE BAR] and then [ENTER] to select Dynamic to have the ZyAIR Assignment obtain an IP address from a DHCP server.
  • Page 181: Figure 110 Menu 3.5 Wireless Lan Setup

    Figure 110 Menu 3.5 Wireless LAN Setup Menu 3.5 - Wireless LAN Setup Operating Mode= Bridge / Repeater Hide Name (SSID)= N/A Channel ID= CH06 2437MHz RTS Threshold= 2432 Frag. Threshold= 2432 Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle.
  • Page 182: Configuring Mac Address Filter

    G-3000H User’s Guide Table 64 Menu 3.5 Wireless LAN Setup FIELD DESCRIPTION Edit SSID Profile Use [SPACE BAR] to choose Yes and press [ENTER] to go to Menu 3.5.6 - SSID Profile Edit. This field is only available when you select MESSID in the Operating Mode field. Select SSID Profile Use [SPACE BAR] to choose an SSID profile.
  • Page 183: Figure 111 Menu 3.5 Wireless Lan Setup

    Figure 111 Menu 3.5 Wireless LAN Setup Menu 3.5 - Wireless LAN Setup Operating Mode= Access Point Hide Name (SSID)= No Channel ID= CH06 2437MHz RTS Threshold= 2432 Frag. Threshold= 2432 Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle. 3 Press [SPACE BAR] to select Access Point or AP + Bridge in the Operating Mode field and press [ENTER].
  • Page 184: Configuring Roaming

    G-3000H User’s Guide The following table describes the fields in this menu. Table 65 Menu 3.5.1 WLAN MAC Address Filter FIELD DESCRIPTION Active To enable MAC address filtering, press [SPACE BAR] to select Yes and press [ENTER]. Filter Action Define the filter action for the list of MAC addresses in the MAC address filter table. To deny access to the ZyAIR, press [SPACE BAR] to select Deny Association and press [ENTER].
  • Page 185: Figure 113 Menu 3.5 Wireless Lan Setup

    Figure 113 Menu 3.5 Wireless LAN Setup Operating Mode= MESSID Hide Name (SSID)= No Channel ID= CH06 2437MHz RTS Threshold= 2432 Frag. Threshold= 2432 Press Space Bar to Toggle. 3 Move the cursor to the Edit Roaming Configuration field. Press [SPACE BAR] to select Yes and then press [ENTER].
  • Page 186: Configuring Ssid Profiles

    G-3000H User’s Guide 17.3.3 Configuring SSID Profiles Follow the steps below to configure SSID profiles on your ZyAIR. 1 From the main menu, enter 3 to open Menu 3 – LAN Setup. 2 Enter 5 to display Menu 3.5 – Wireless LAN Setup. Figure 115 Menu 3.5 Wireless LAN Setup Operating Mode= MESSID Hide Name (SSID)= No...
  • Page 187: Configuring Bridge Link

    Figure 116 Menu 3.5.6 - SSID Profile Edit Press Space Bar to Toggle. The following table describes the fields in this menu. Table 67 Menu 3.5.6 - SSID Profile Edit FIELD SSID 1~8 Active When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel”...
  • Page 188: Figure 117 Menu 3.5 Wireless Lan Setup

    G-3000H User’s Guide Figure 117 Menu 3.5 Wireless LAN Setup Operating Mode= Bridge / Repeater Hide Name (SSID)= N/A Channel ID= CH06 2437MHz RTS Threshold= 2432 Frag. Threshold= 2432 Press Space Bar to Toggle. 3 In the Operating Mode field, press [SPACE BAR] to select Bridge / Repeater or AP + Bridge and press [ENTER].
  • Page 189: Configuring Layer-2 Isolation

    Figure 118 Menu 3.5.4 Bridge Link Configuration Enable Link 1= Yes PSK= ******** Enable Link 2= No PSK= ******** Enable Link 3= Yes PSK= ******** Enable Link 4= No PSK= ******** Enable Link 5= Yes PSK= ******** Press Space Bar to Toggle. The following table describes the fields in this menu.
  • Page 190: Figure 119 Menu 3.5 Wireless Lan Setup

    G-3000H User’s Guide Figure 119 Menu 3.5 Wireless LAN Setup Operating Mode= MESSID Hide Name (SSID)= No Channel ID= CH06 2437MHz RTS Threshold= 2432 Frag. Threshold= 2432 Press Space Bar to Toggle. 3 Move the cursor to the Edit Layer-2 Isolation field. Press [SPACE BAR] to select Yes and press [ENTER].
  • Page 191: Table 69 Menu 3.5.5 Layer-2 Isolation

    The following table describes the fields in this menu. Table 69 Menu 3.5.5 Layer-2 Isolation FIELD Allow devices with these MAC addresses When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen. Chapter 17 LAN Setup DESCRIPTION These are the MAC address of a wireless client, AP, computer or router.
  • Page 192 G-3000H User’s Guide Chapter 17 LAN Setup...
  • Page 193: Chapter 18 Dial-In User Setup

    This chapter shows you how to create user accounts on the ZyAIR. 18.1 Dial-in User Setup By storing user profiles locally, your ZyAIR is able to authenticate wireless users without interacting with a network RADIUS server. Follow the steps below to set up user profiles on your ZyAIR. From the main menu, enter 14 to display Menu 14 - Dial-in User Setup.
  • Page 194: Figure 122 Menu 14.1- Edit Dial-In User

    G-3000H User’s Guide Figure 122 Menu 14.1- Edit Dial-in User Menu 14.1 - Edit Dial-in User User Name= test Active= Yes Password= ******** Press ENTER to Confirm or ESC to Cancel: Leave name field blank to delete profile The following table describes the fields in this screen. Table 70 Menu 14.1- Edit Dial-in User FIELD User Name...
  • Page 195: Chapter 19 Vlan Setup

    This chapter explains VLAN Setup menu 16. Refer to the Multiple-ESS and VLAN chapter for background information on VLAN. 19.1 VLAN Setup To setup VLAN, select option 16 from the main menu to open Menu 16 – VLAN Setup as shown next.
  • Page 196 G-3000H User’s Guide Table 71 Menu 16 VLAN Setup FIELD Active Name When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen. DESCRIPTION To enable a VLAN mapping profile, press [SPACE BAR] to select Yes and press [ENTER].
  • Page 197: Chapter 20 Snmp Configuration

    This chapter explains SNMP Configuration menu 22. See the web configurator chapter on SNMP for background information. 20.1 SNMP Configuration To configure SNMP, select option 22 from the main menu to open Menu 22 – SNMP Configuration as shown next. The “community” for Get, Set and Trap fields is SNMP terminology for password.
  • Page 198 G-3000H User’s Guide Table 72 Menu 22 SNMP Configuration FIELD DESCRIPTION Destination Type the IP address of the station to send your SNMP traps to. When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel”...
  • Page 199: Chapter 21 System Security

    This chapter describes how to configure the system security on the ZyAIR. 21.1 System Security You can configure the system password, an external RADIUS server and 802.1x in this menu. 21.1.1 System Password Figure 125 Menu 23 System Security You should change the default password. If you forget your password you have to restore the default configuration file.
  • Page 200: Figure 126 Menu 23 - System Security

    G-3000H User’s Guide Figure 126 Menu 23 - System Security From Menu 23 - System Security, enter 5 to display Menu 23.5 – Security Profile Edit as shown next. Figure 127 Menu 23.5 Security Profile Edit Press Space Bar to Toggle. The fields in this screen vary according to the security Mode you select.
  • Page 201: Chapter 22 System Information And Diagnosis

    System Information and This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software. This chapter describes how to use these tools in detail. Type 24 in the main menu and press [ENTER] to open Menu 24 –...
  • Page 202: Figure 129 Menu 24.1 System Maintenance: Status

    This is the time the ZyAIR is up and running from the last reboot. ZyNOS F/W Version Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. Name This displays the device name.
  • Page 203: System Information

    22.2 System Information To get to the System Information: 1 Enter 24 to display Menu 24 – System Maintenance. 2 Enter 2 to display Menu 24.2 – System Information and Console Port Speed. 3 From this menu you have two choices as shown in the next figure: Figure 130 Menu 24.2 System Information and Console Port Speed Menu 24.2 - System Information and Console Port Speed 1.
  • Page 204: Console Port Speed

    2 From menu 24, type 3 to display Menu 24.3 – System Maintenance – Log and Trace. DESCRIPTION Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. Refers to the country code of the firmware.
  • Page 205: Diagnostic

    Figure 133 Menu 24.3 System Maintenance: Log and Trace Menu 24.3 - System Maintenance - Log and Trace Please enter selection: 3 Enter 1 from Menu 24.3 – System Maintenance – Log and Trace and press [ENTER] twice to display the error log in the system. After the ZyAIR finishes displaying the error log, you will have the option to clear it.
  • Page 206: Table 75 Menu 24.4 System Maintenance Menu: Diagnostic

    G-3000H User’s Guide 1 From the main menu, type 24 to open Menu 24 – System Maintenance. 2 From this menu, type 4. Diagnostic to open Menu 24.4 – System Maintenance – Diagnostic. The following table describes the diagnostic tests available in menu 24.4 for your ZyAIR and the connections.
  • Page 207: Firmware And Configuration File Maintenance

    Firmware and Configuration File This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files using the SMT screens. 23.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password and TCP/IP Setup, etc.
  • Page 208: Backup Configuration

    G-3000H User’s Guide The following table is a summary. Please note that the internal filename refers to the filename on the ZyAIR and the external filename refers to the filename not on the ZyAIR, that is, on your computer, local network or FTP site and so the name (but not the extension) will vary. After uploading new firmware see the ZyNOS F/W Version field in Menu 24.2.1 –...
  • Page 209: Using The Ftp Command From The Dos Prompt

    Figure 136 Menu 24.5 Backup Configuration Menu 24.5 – Backup Configuration To transfer the configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your router. Then type "root" and SMT password as requested.
  • Page 210: Backup Configuration Using Tftp

    G-3000H User’s Guide Figure 137 FTP Session Example 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 327680 bytes sent in 1.10Seconds 297.89Kbytes/sec.
  • Page 211: Example: Tftp Command

    3 Enter command “sys stdio 0” to disable the SMT timeout, so the TFTP transfer will not be interrupted. Enter command “sys stdio 5” to restore the five-minute SMT timeout (default) when the file transfer is complete. 4 Launch the TFTP client on your computer and connect to the ZyAIR. Set the transfer mode to binary before starting data transfer.
  • Page 212: Restore Configuration

    G-3000H User’s Guide Figure 138 System Maintenance: Backup Configuration Ready to backup Configuration via Xmodem. Do you want to continue (y/n): 2 The following screen indicates that the Xmodem download has started. Figure 139 System Maintenance: Starting Xmodem Download Screen You can enter ctrl-x to terminate operation any time.
  • Page 213: Restore Using Ftp

    23.3.1 Restore Using FTP For details about backup using (T)FTP please refer to earlier sections on FTP and TFTP file upload in this chapter. Figure 142 Menu 24.6 Restore Configuration To transfer the firmware and the configuration file, follow the procedure below: 1.
  • Page 214: Firmware Upload

    G-3000H User’s Guide 23.4.1 Firmware Upload FTP is the preferred method for uploading the firmware and configuration. To use this feature, your computer must have an FTP client. When you telnet into the ZyAIR, you will see the following screens for uploading firmware and the configuration file using FTP.
  • Page 215: Using The Ftp Command From The Dos Prompt Example

    To transfer the firmware and the configuration file, follow these examples: 23.4.3 Using the FTP command from the DOS Prompt Example 1 Launch the FTP client on your computer. 2 Enter “open” and the IP address of your ZyAIR. 3 Press [ENTER] when prompted for a username. 4 Enter “root”...
  • Page 216: Example: Tftp Command

    G-3000H User’s Guide 2 Put the SMT in command interpreter (CI) mode by entering 8 in Menu 24 – System Maintenance. 3 Enter the command “sys stdio 0” to disable the SMT timeout, so the TFTP transfer will not be interrupted. Enter command “sys stdio 5” to restore the five-minute SMT timeout (default) when the file transfer is complete.
  • Page 217: Example Xmodem Firmware Upload Using Hyperterminal

    Figure 147 Menu 24.7.1 as seen using the Console Port Menu 24.7.1 - System Maintenance - Upload System Firmware To upload system firmware: 1. Enter "y" at the prompt below to go into debug mode. 2. Enter "atur" after "Enter Debug Mode" message. 3.
  • Page 218: Example Xmodem Configuration Upload Using Hyperterminal

    G-3000H User’s Guide Figure 149 Menu 24.7.2 as seen using the Console Port Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload system configuration file: 1. Enter "y" at the prompt below to go into debug mode. 2.
  • Page 219: System Maintenance And Information

    System Maintenance and This chapter leads you through SMT menus 24.8 and 24.10. 24.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the main system firmware. The CI provides much of the same functionality as the SMT, while adding some low-level setup and diagnostic functions.
  • Page 220: Cnm

    G-3000H User’s Guide Figure 151 Menu 24 System Maintenance Figure 152 Valid CI Commands Copyright (c) 1994 - 2005 ZyXEL Communications Corp. G-3000H> ? Valid commands are: exit bridge wcfg G-3000H> 24.1.1 CNM Vantage CNM (Centralized Network Management) is a browser-based, global management solution that allows an administrator to easily configure, manage, monitor and troubleshoot ZyXEL devices located worldwide.
  • Page 221: Figure 153 Cnm Cl

    Figure 153 CNM CL G-3000H>cnm active sgid reset simulate G-3000H> The following table describes the commands in this screen. All commands begin with “cnm” so for example, type “cnm active 1” to enable Vantage CNM on your device. Table 79 CNM Commands COMMAND SUB COMMAND active...
  • Page 222 G-3000H User’s Guide Table 79 CNM Commands COMMAND SUB COMMAND managerIp [addr] debug <0:Disable 1:Vantage 2:Agent tester 3:Server> reset encrykey [string] DESCRIPTION This command displays the public IP address of the Vantage CNM server. If the Vantage server is on the same subnet as the ZyXEL device, enter the private or public IP address of the Vantage CNM server.
  • Page 223: Configuration Example

    Table 79 CNM Commands COMMAND SUB COMMAND encrymode <0:NONE 1:DES 2:3DES> keepalive [seconds] version 24.1.3 Configuration Example This is an example allowing Vantage CNM server (on the same subnet as your ZyXEL device) with an IP address of 10.1.1.1, to manage your device. The device and Vantage CNM communicate using DES encryption and a password of “12345678”.
  • Page 224: Time And Date Setting

    G-3000H User’s Guide Figure 154 CNM Configuration Example G-3000H> cnm active sgid reset encrykey version G-3000H> G-3000H> cnm active cnm active 0 <0:Disable 1:Enable CNM via WAN 2:Enable CNM via WAN or LAN> Last Register Time: 0-0-0 0:0:0 G-3000H> cnm active 1 cnm active 1 G-3000H>...
  • Page 225: Figure 155 Menu 24.10 System Maintenance: Time And Date Setting

    time manually or get the current time and date from an external server when you turn on your ZyAIR. Menu 24.10 allows you to update the time and date settings of your ZyAIR. The real time is then displayed in the ZyAIR error logs. 1 Select menu 24 in the main menu to open Menu 24 –...
  • Page 226: Resetting The Time

    G-3000H User’s Guide Table 80 System Maintenance: Time and Date Setting FIELD End Date Once you have filled in this menu, press [ENTER] at the message “Press ENTER to Confirm or ESC to Cancel“ to save your configuration, or press [ESC] to cancel. 24.2.1 Resetting the Time The ZyAIR resets the time in three instances: 1 On leaving menu 24.10 after making changes.
  • Page 227: Web

    24.3.3 Web You can use the ZyAIR’s embedded web configurator for configuration and file management. See the online help for details. 24.3.4 Remote Management Setup Remote management setup is for managing Telnet, FTP and Web services. You can customize the service port, access interface and the secured client IP address to enhance security and flexibility.
  • Page 228: Figure 157 Menu 24.11 Remote Management Control

    G-3000H User’s Guide Figure 157 Menu 24.11 Remote Management Control TELNET Server: FTP Server: HTTPS Server: HTTP Server: SNMP Service: The following table describes the fields in this menu. Table 82 Menu 24.11 Remote Management Control FIELD TELNET Server: FTP Server: HTTPS Server: HTTP Server: SNMP Service:...
  • Page 229: Remote Management Limitations

    24.3.5 Remote Management Limitations Remote management over LAN or WAN will not work when: 1 A filter in menu 3.1 (LAN) or in menu 11.5 (WAN) is applied to block a Telnet, FTP or Web service. 2 You have disabled that service in menu 24.11. 3 The IP address in the Secured Client IP field (menu 24.11) does not match the client IP address.
  • Page 230 G-3000H User’s Guide Chapter 24 System Maintenance and Information...
  • Page 231: Appendix A Troubleshooting

    This appendix covers potential problems and possible remedies. After each problem description, some instructions are provided to help you to diagnose and to solve the problem. Problems Starting Up the ZyAIR Table 83 Troubleshooting the Start-Up of Your ZyAIR PROBLEM CORRECTIVE ACTION None of the LEDs Make sure you are using the supplied power adaptor and that it is plugged in to an...
  • Page 232: Table 85 Troubleshooting The Password

    G-3000H User’s Guide Problems with the Password Table 85 Troubleshooting the Password PROBLEM CORRECTIVE ACTION I cannot access the The Password and Username fields are case-sensitive. Make sure that you enter the correct ZyAIR. password and username using the proper casing. Use the RESET button on the top panel of the ZyAIR to restore the factory default configuration file (hold this button in for about 10 seconds or until the link LED turns red).
  • Page 233: Appendix B Specifications

    Hardware Table 88 Hardware Power Specification DC 12V 1200mA Operation Temperature 5º C ~ 50º C Storage Temperature -20º C ~ 55º C Operation Humidity 10% to 90% (Non-condensing) Storage Humidity 5% to 95% (Non-condensing) Firmware Table 89 Firmware Standards IEEE 802.3 and 802.3u 10Base-T and 100Base-TX.
  • Page 234 G-3000H User’s Guide Table 89 Firmware (continued) Diagnostics Capabilities Management The access point can perform self-diagnostic tests. These tests check the integrity of the following circuits: FLASH memory. DRAM. Wireless port. Syslog. Errorlog. Trace log. Packet Log. Embedded Web Configurator management. Command-line interface.
  • Page 235: Power Over Ethernet (Poe) Specifications

    You can use a power over Ethernet injector to power this device. The injector must comply to IEEE 802.3af.-7 Table 90 Power over Ethernet Injector Specifications Power Output Power Current Table 91 Power over Ethernet Injector RJ-45 Port Pin Assignments PIN NO 1 2 3 4 5 6 7 8 Appendix C Power over Ethernet (PoE) Specifications...
  • Page 236 G-3000H User’s Guide Appendix C Power over Ethernet (PoE) Specifications...
  • Page 237: Appendix D Brute-Force Password Guessing Protection

    Brute-Force Password Guessing The following describes the commands for enabling, disabling and configuring the brute-force password guessing protection mechanism for the password. See the command structure. Table 92 Brute-Force Password Guessing Protection Commands COMMAND DESCRIPTION sys pwderrtm This command displays the brute-force guessing password protection settings. sys pwderrtm 0 This command turns off the password’s protection from brute-force guessing.
  • Page 238 G-3000H User’s Guide Appendix D Brute-Force Password Guessing Protection...
  • Page 239: Setting Up Your Computer's Ip Address

    Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer.
  • Page 240: Figure 158 Windows 95/98/Me: Network: Configuration

    G-3000H User’s Guide Figure 158 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
  • Page 241: Figure 159 Windows 95/98/Me: Tcp/Ip Properties: Ip Address

    3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab.
  • Page 242: Figure 160 Windows 95/98/Me: Tcp/Ip Properties: Dns Configuration

    G-3000H User’s Guide Figure 160 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • • 5 Click OK to save and close the TCP/IP Properties window. 6 Click OK to close the Network window. Insert the Windows CD if prompted. 7 Turn on your ZyAIR and restart your computer when prompted.
  • Page 243: Figure 161 Windows Xp: Start Menu

    Figure 161 Windows XP: Start Menu 2 For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Figure 162 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. Appendix E Setting up Your Computer’s IP Address G-3000H User’s Guide...
  • Page 244: Figure 163 Windows Xp: Control Panel: Network Connections: Properties

    G-3000H User’s Guide Figure 163 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. Figure 164 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
  • Page 245: Figure 165 Windows Xp: Advanced Tcp/Ip Settings

    • Figure 165 Windows XP: Advanced TCP/IP Settings 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
  • Page 246: Figure 166 Windows Xp: Internet Protocol (Tcp/Ip) Properties

    G-3000H User’s Guide • • Figure 166 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click OK to close the Local Area Connection Properties window. 10Turn on your ZyAIR and restart your computer (if prompted). Verifying Settings 1 Click Start, All Programs, Accessories and then Command Prompt.
  • Page 247: Figure 167 Macintosh Os 8/9: Apple Menu

    Figure 167 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 168 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. Appendix E Setting up Your Computer’s IP Address G-3000H User’s Guide...
  • Page 248: Figure 169 Macintosh Os X: Apple Menu

    G-3000H User’s Guide 4 For statically assigned settings, do the following: • • • • 5 Close the TCP/IP Control Panel. 6 Click Save if prompted, to save changes to your configuration. 7 Turn on your ZyAIR and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the TCP/IP Control Panel window.
  • Page 249: Figure 170 Macintosh Os X: Network

    Figure 170 Macintosh OS X: Network 4 For statically assigned settings, do the following: • • • • 5 Click Apply Now and close the window. 6 Turn on your ZyAIR and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the Network window. Appendix E Setting up Your Computer’s IP Address From the Configure box, select Manually.
  • Page 250 G-3000H User’s Guide Appendix E Setting up Your Computer’s IP Address...
  • Page 251: Ip Address Assignment Conflicts

    IP Address Assignment Conflicts This appendix describes situations where IP address conflicts may occur. Subscribers with duplicate IP addresses will not be able to access the Internet. Case A: The ZyAIR is using the same LAN and WAN IP addresses The following figure shows an example where the ZyAIR is using a WAN IP address that is the same as the IP address of a computer on the LAN.
  • Page 252: Figure 172 Ip Address Conflicts: Case B

    G-3000H User’s Guide Figure 172 IP Address Conflicts: Case B To solve this problem, make sure the ZyAIR LAN IP address is not in the DHCP IP address pool. Case C: The Subscriber IP address is the same as the IP address of a network device The following figure depicts an example where the subscriber IP address is the same as the IP address of a network device not attached to the ZyAIR.
  • Page 253: Figure 174 Ip Address Conflicts: Case D

    G-3000H User’s Guide Figure 174 IP Address Conflicts: Case D This problem can be solved by adding a VLAN-enabled switch or set the computers to obtain IP addresses dynamically. Appendix F IP Address Assignment Conflicts...
  • Page 254 G-3000H User’s Guide Appendix F IP Address Assignment Conflicts...
  • Page 255: Appendix G Wireless Lans

    Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an Ad-hoc network or Independent Basic Service Set (IBSS).
  • Page 256: Figure 176 Basic Service Set

    G-3000H User’s Guide Figure 176 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN.
  • Page 257: Figure 177 Infrastructure Wlan

    Figure 177 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference.
  • Page 258: Figure 178 Rts/Cts

    G-3000H User’s Guide Figure 178 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
  • Page 259: Table 93 Ieee 802.11B

    A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.
  • Page 260: Types Of Radius Messages

    G-3000H User’s Guide IEEE 802.1x In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional accounting and control features. It is supported by Windows XP and a number of network devices. Some advantages of IEEE 802.1x are: •...
  • Page 261: Types Of Authentication

    • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access- Request message. The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting: •...
  • Page 262 G-3000H User’s Guide EAP-TLS (Transport Layer Security) With EAP-TLS, digital certifications are needed by both the server and the wireless stations for mutual authentication. The server presents a certificate to the client. After validating the identity of the server, the client sends a different certificate to the server. The exchange of certificates is done in the open before a secured tunnel is created.
  • Page 263: Table 94 Comparison Of Eap Authentication Types

    The following table is a comparison of the features of authentication types. Table 94 Comparison of EAP Authentication Types Mutual Authentication Certificate – Client Certificate – Server Dynamic Key Exchange Credential Integrity Deployment Difficulty Client Identity Protection WPA(2) Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA 2 (IEEE 802.11i) is a wireless security standard that defines stronger encryption, authentication and key management than WPA.
  • Page 264: Table 95 Wireless Security Relational Matrix

    G-3000H User’s Guide The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has been tampered with and the packet is dropped.
  • Page 265 Table 95 Wireless Security Relational Matrix (continued) AUTHENTICATION METHOD/ KEY MANAGEMENT PROTOCOL Shared WPA-PSK WPA-PSK Appendix G Wireless LANs ENCRYPTION ENTER ENABLE IEEE 802.1X METHOD MANUAL KEY Enable with Dynamic WEP Key Enable without Dynamic WEP Key Disable TKIP TKIP G-3000H User’s Guide...
  • Page 266 G-3000H User’s Guide Appendix G Wireless LANs...
  • Page 267: Ip Subnetting

    IP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1.
  • Page 268: Table 97 Allowed Ip Address Range By Class

    G-3000H User’s Guide Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127. Similarly the first octet of a class “B” must begin with “10”, therefore the first octet of a class “B”...
  • Page 269: Table 99 Alternative Subnet Mask Notation

    Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/”...
  • Page 270: Table 101 Subnet 1

    G-3000H User’s Guide Note: In the following charts, shaded/bolded last octet bit values indicate host ID bits “borrowed” to form network ID bits. The number of “borrowed” host ID bits determines the number of subnets you can have. The remaining number of host ID bits (after “borrowing”) determines the number of hosts you can have on each subnet.
  • Page 271: Table 103 Subnet 1

    Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow” two host ID bits to give four possible combinations of 00, 01, 10 and 11. The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192.
  • Page 272: Table 106 Subnet 4

    G-3000H User’s Guide Table 106 Subnet 4 IP Address IP Address (Binary) Subnet Mask (Binary) Subnet Address: 192.168.1.192 Broadcast Address: 192.168.1.255 Example Eight Subnets Similarly use a 27-bit mask to create 8 subnets (001, 010, 011, 100, 101, 110). The following table shows class C IP address last octet values for each subnet. Table 107 Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS...
  • Page 273: Table 109 Class B Subnet Planning

    Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID. A class “B” address has two host ID octets available for subnetting and a class “A” address has three host ID octets (see Table The following table is a summary for class “B”...
  • Page 274 G-3000H User’s Guide Appendix H IP Subnetting...
  • Page 275: Appendix I Command Interpreter

    The following describes how to use the command interpreter. Enter 24 in the main menu to bring up the system maintenance menu. Enter 8 to go to Menu 24.8 - Command Interpreter Mode. See the included disk or zyxel.com for more detailed information on these commands. Note: Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable.
  • Page 276 G-3000H User’s Guide Appendix I Command Interpreter...
  • Page 277: Appendix J Log Descriptions

    This appendix provides descriptions of example log messages. Table 110 System Maintenance Logs LOG MESSAGE Time calibration is successful Time calibration failed DHCP client gets %s DHCP client IP expired DHCP server assigns %s SMT Login Successfully SMT Login Fail WEB Login Successfully WEB Login Fail TELNET Login Successfully Someone has logged on to the router via telnet.
  • Page 278: Table 112 Sys Log

    G-3000H User’s Guide Table 111 ICMP Notes (continued) TYPE CODE DESCRIPTION Redirect datagrams for the Network Redirect datagrams for the Host Redirect datagrams for the Type of Service and Network Redirect datagrams for the Type of Service and Host Echo Echo message Time Exceeded Time to live exceeded in transit...
  • Page 279: Table 113 Log Categories And Available Settings

    Use sys logs category followed by a log category and a parameter to decide what to record Table 113 Log Categories and Available Settings LOG CATEGORIES error mten to not record logs for that category, alerts for that category, and Use the sys logs save command to store the settings in the ZyAIR (you must do this in order to record logs).
  • Page 280 G-3000H User’s Guide Appendix J Log Descriptions...
  • Page 281: Indoor Installation Recommendations

    Indoor Installation Recommendations An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air. Positioning the antennas properly increases the range and coverage area of a wireless LAN.
  • Page 282 G-3000H User’s Guide • Omni-directional antennas send the RF signal out in all directions on a horizontal plane. The coverage area is torus-shaped (like a donut) which makes these antennas ideal for a room environment. With a wide coverage area, it is possible to make circular overlapping coverage areas with multiple access points.
  • Page 283: Power Adaptor Specifications

    Power Adaptor Specifications Table 114 North American Plug Standards AC Power Adaptor Model Input Power Output Power Power Consumption Safety Standards Table 115 European Plug Standards AC Power Adaptor Model Input Power Output Power Power Consumption Safety Standards Table 116 United Kingdom Plug Standards AC Power Adaptor Model Input Power Output Power...
  • Page 284 G-3000H User’s Guide Appendix L Power Adaptor Specifications...
  • Page 285: Index

    Address Assignment 48, 127 Alternative Subnet Mask Notation Antenna Directional Omni-directional Antenna gain AP (access point) Applications Authentication databases 85, 86 Auto-crossover Ethernet/Fast Ethernet Interface Auto-negotiating Ethernet/Fast Ethernet Interface auto-negotiation Backup backup Basic Service Set Bridge Protocol Data Units (BPDUs) Bridge/Repeater Brute-Force Password Guessing Protection 57, 255...
  • Page 286 G-3000H User’s Guide Filename Conventions Finland, Contact Information Firmware File Maintenance Fragment Threshold Fragmentation Threshold Fragmentation threshold France, Contact Information 147, 151, 229 Restrictions FTP File Transfer FTP Restrictions General Setup 46, 51, 177 General Specifications Germany, Contact Information Hidden Menus Hidden node Host Host IDs...
  • Page 287 PHB (Per-Hop Behavior) Ping 32, 235 Power over Ethernet Power Specification Preamble Mode Priorities Private IP Address 48, 127 Product Model Product Serial Number Quick Start Guide RADIUS 35, 260 Shared Secret Key RADIUS Message Types RADIUS Messages Rapid STP Rate Receiving Transmission...
  • Page 288 G-3000H User’s Guide TFTP File Transfer TFTP Restrictions Time and Date Setting Time Setting Time Zone Trace Records Troubleshooting Accessing ZyAIR Ethernet Port Start-Up Type Of Service Upload Firmware Use Authentication User Authentication User Profiles Valid CI Commands Virtual Local Area Network VLAN 33, 113 Warranty Information...

Table of Contents