ZyXEL Communications Wireless Access Point ZyAIR B-500 User Manual

Wireless access point
Hide thumbs Also See for Wireless Access Point ZyAIR B-500:
Table of Contents

Advertisement

ZyAIR B-500
Wireless Access Point
User's Guide
Version 3.50
June 2004

Advertisement

Table of Contents
loading

Summary of Contents for ZyXEL Communications Wireless Access Point ZyAIR B-500

  • Page 1 ZyAIR B-500 Wireless Access Point User's Guide Version 3.50 June 2004...
  • Page 2 Trademarks ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
  • Page 3: Federal Communications Commission

    Federal Communications Commission This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.
  • Page 4: Zyxel Limited Warranty

    ZyAIR B-500 Wireless Access Point User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or...
  • Page 5: Customer Support

    +47 22 80 61 80 www.zyxel.no +47 22 80 61 81 +46 31 744 7700 www.zyxel.se +46 31 744 7701 REGULAR MAIL ZyXEL Communications Corp. 6 Innovation Road II Science Park Hsinchu 300 Taiwan ZyXEL Communications Inc. 1130 N. Miller St.
  • Page 6 ZyAIR B-500 Wireless Access Point User’s Guide METHOD SUPPORT E-MAIL SALES E-MAIL LOCATION FINLAND support@zyxel.fi sales@zyxel.fi TELEPHONE WEB SITE FTP SITE +358-9-4780-8411 www.zyxel.fi +358-9-4780 8448 REGULAR MAIL ZyXEL Communications Oy Malminkaari 10 00700 Helsinki Finland ZyXEL Warranty...
  • Page 7: Table Of Contents

    Copyright ...ii Federal Communications Commission (FCC) Interference Statement ...iii ZyXEL Limited Warranty...iv Customer Support...v List of Figures...xi List of Tables...xv Preface...xvii OVERVIEW ... I Chapter 1 Getting to Know Your ZyAIR ...1-1 Introducing the ZyAIR Wireless Access Point ...1-1 ZyAIR Features...1-1 Applications for the ZyAIR...1-4 1.3.1 Internet Access Application ...1-4...
  • Page 8 5.1.2 BSS ...5-1 5.1.3 ESS ...5-2 Wireless LAN Basics...5-3 5.2.1 RTS/CTS...5-3 5.2.2 Fragmentation Threshold ...5-4 Configuring Wireless ...5-5 Configuring Roaming ...5-6 5.4.1 Requirements for Roaming ...5-8 Chapter 6 Wireless Security...6-1 Wireless Security Overview...6-1 WEP Overview ...6-1 6.2.1 Data Encryption ...6-1 6.2.2 Authentication...6-2 Configuring WEP Encryption...6-3...
  • Page 9 Configuration Screen ...9-8 9.5.1 Backup Configuration ...9-8 9.5.2 Restore Configuration ...9-9 9.5.3 Back to Factory Defaults...9-11 SMT CONFIGURATION... V Chapter 10 Introducing the SMT ...10-1 10.1 Connect to your ZyAIR Using Telnet ...10-1 10.2 Changing the System Password ...10-1 10.3 ZyAIR SMT Menu Overview Example ...10-2 10.4 Navigating the SMT Interface...10-4 10.4.1 System Management Terminal Interface Summary ...10-5...
  • Page 10 Chapter 17 Firmware and Configuration File Maintenance ...17-1 17.1 Filename Conventions ...17-1 17.2 Backup Configuration...17-2 17.2.1 Backup Configuration Using FTP...17-2 17.2.2 Using the FTP command from the DOS Prompt ...17-3 17.2.3 Backup Configuration Using TFTP ...17-4 17.2.4 Example: TFTP Command ...17-4 17.3 Restore Configuration...17-5 17.4 Uploading Firmware and Configuration Files ...17-6 17.4.1...
  • Page 11: List Of Figures

    ZyAIR B-500 Wireless Access Point User’s Guide List of Figures Figure 1-1 Internet Access Application... 1-4 Figure 1-2 Corporation Network Application ... 1-5 Figure 2-1 Change Password Screen... 2-1 Figure 2-2 Navigating the ZyAIR Web Configurator ... 2-3 Figure 3-1 Wizard 1 : General Setup... 3-2 Figure 3-2 Wizard 2 : Wireless LAN Setup ...
  • Page 12 ZyAIR B-500 Wireless Access Point User’s Guide Figure 9-12 Network Temporarily Disconnected...9-10 Figure 9-13 Configuration Upload Error ...9-11 Figure 9-14 Back to Factory Default ...9-12 Figure 9-15 Reset Warning Message ...9-12 Figure 10-1 Login Screen ...10-1 Figure 10-2 Menu 23.1 System Security : Change Password ...10-2 Figure 10-3 ZyAIR B-500 SMT Menu Overview Example ...10-3 Figure 10-4 ZyAIR B-500 SMT Main Menu...10-5 Figure 11-1 Menu 1 General Setup...11-1...
  • Page 13 ZyAIR B-500 Wireless Access Point User’s Guide Figure 18-2 Valid CI Commands ... 18-1 Figure 18-3 Menu 24.10 System Maintenance : Time and Date Setting... 18-2 List of Figures xiii...
  • Page 15: List Of Tables

    ZyAIR B-500 Wireless Access Point User’s Guide List of Tables Table 3-1 Wizard 1 : General Setup ... 3-2 Table 3-2 Wizard 2 : Wireless LAN Setup ... 3-3 Table 3-3 Private IP Address Ranges ... 3-5 Table 3-4 Wizard 3 : IP Address Assignment ... 3-6 Table 4-1 System General Setup ...
  • Page 16 ZyAIR B-500 Wireless Access Point User’s Guide Table 17-1 Filename Conventions ...17-2 Table 17-2 General Commands for Third Party FTP Clients...17-3 Table 17-3 General Commands for Third Party TFTP Clients ...17-5 Table 18-1 Menu 24.10 System Maintenance : Time and Date Setting ...18-3 List of Tables...
  • Page 17: Preface

    Congratulations on your purchase from the ZyAIR B-500 Wireless Access Point. An access point (AP) acts as a bridge between the wireless and wired networks, extending your existing wired network without any additional wiring. This User’s Guide is designed to guide you through the configuration of your ZyAIR using the web configurator or the SMT.
  • Page 18 Help us help you. E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you.
  • Page 19: Overview

    Overview OVERVIEW This part introduces the main features and applications of ZyAIR and shows how to access the web configurator and use the Wizard to setup the ZyAIR.
  • Page 21: Chapter 1 Getting To Know Your Zyair

    Introducing the ZyAIR Wireless Access Point The ZyAIR extends the range of your existing wired network without any additional wiring efforts. The ZyAIR provides easy network access to mobile users. The ZyAIR offers highly secured wireless connectivity to your wired network with IEEE 802.1x, Wi-Fi Protected Access, WEP data encryption and MAC address filtering.
  • Page 22: B Wireless Lan Standard

    802.11b Wireless LAN Standard ZyAIR products containing the letter “B” in the model name, such as ZyAIR B-1000, ZyAIR B-500, comply with the 802.11b wireless standard. The 802.11b data rate and corresponding modulation techniques are as follows. The modulation technique defines how bits are encoded onto radio waves.
  • Page 23: Full Network Management

    WEP Encryption WEP (Wired Equivalent Privacy) encrypts data frames before transmitting over the wireless network to help keep network communications private. Wi-Fi Protected Access Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft. Key differences between WPA and WEP are user authentication and improved data encryption.
  • Page 24: Applications For The Zyair

    ZyAIR B-500 Wireless Access Point User’s Guide Wireless LAN Channel Usage The Wireless Channel Usage screen displays whether the radio channels are used by other wireless devices within the transmission range of the ZyAIR. This allows you to select the channel with minimum interference for your ZyAIR.
  • Page 25: Figure 1-2 Corporation Network Application

    ZyAIR B-500 Wireless Access Point User’s Guide Figure 1-2 Corporation Network Application Getting to Know Your ZyAIR...
  • Page 27: Chapter 2 Introducing The Web Configurator

    Introducing the Web Configurator This chapter describes how to access the ZyAIR web configurator and provides an overview of its Accessing the ZyAIR Web Configurator Step 1. Make sure your ZyAIR hardware is properly connected (refer to the Quick Installation Guide). Step 2.
  • Page 28: Resetting The Zyair

    The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into Resetting the ZyAIR If you forget your password or cannot access the ZyAIR, you will need to reload the factory-default configuration file or use the RESET button on the top panel of the ZyAIR.
  • Page 29: Navigating The Zyair Web Configurator

    Navigating the ZyAIR Web Configurator The following summarizes how to navigate the web configurator. Follow the instructions below or click the Click WIZARD SETUP for initial configuration including general setup, Wireless LAN setup and IP address assignment. Click LOGOUT at any time to exit the Click MAINTENANCE to view information about your ZyAIR or upgrade web configurator.
  • Page 31: Chapter 3 Wizard Setup

    ZyAIR B-500 Wireless Access Point User’s Guide Chapter 3 Wizard Setup This chapter provides information on the Wizard Setup screens in the web configurator. Wizard Setup Overview The web configurator’s setup wizard helps you configure your ZyAIR for wireless stations to access your wired LAN.
  • Page 32: Wizard Setup: General Setup

    Wizard Setup: General Setup General Setup contains administrative and system-related information. The following table describes the labels in this screen. LABEL System Name It is recommended you type your computer's "Computer name". In Windows 95/98 click Start, Settings, Control Panel, Network. Click the Identification tab, note the entry for the Computer Name field and enter it as the System Name.
  • Page 33: Wizard Setup: Wireless Lan

    LABEL Domain Name This is not a required field. Leave this field blank or enter the domain name here if you know Next Click Next to proceed to the next screen. Wizard Setup: Wireless LAN Use the second wizard screen to set up the wireless LAN. Figure 3-2 Wizard 2 : Wireless LAN Setup The following table describes the labels in this screen.
  • Page 34 LABEL Choose Channel To manually set the ZyAIR to use a channel, select a channel from the drop-down list box. Open the Channel Usage screen to make sure the channel is not already used by another AP or independent peer-to-peer wireless network. To have the ZyAIR automatically select a channel, click Scan instead.
  • Page 35 The following table describes the labels in this screen. Table 3-3 Wizard 2 : Wireless LAN Setup LABEL Wireless LAN Setup WEP Encryption Select 64-bit WEP or 128-bit WEP to allow data encryption. ASCII Select this option in order to enter ASCII characters as the WEP keys. Select this option to enter hexadecimal characters as the WEP keys.
  • Page 36: Wizard Setup: Ip Address

    Extend Security If you choose Extend security in the Wireless LAN Setup screen, you can set up a Pre-Shared Key. The following table describes the labels in this screen. LABEL Wireless LAN Setup Pre-Shared Key Type from 8 to 31 case-sensitive ASCII characters or from 16 to 62 hexadecimal ("0- 9", "A-F") characters.
  • Page 37: Ip Address And Subnet Mask

    You can obtain your IP address from the IANA, from an ISP or have it assigned by a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks.
  • Page 38: Figure 3-3 Wizard 3 : Ip Address Assignment

    Figure 3-3 Wizard 3 : IP Address Assignment The following table describes the labels in this screen. Table 3-6 Wizard 3 : IP Address Assignment LABEL IP Address Assignment Get automatically From Select this option if your ZyAIR is using a dynamically assigned IP address from DHCP a DHCP server each time.
  • Page 39: Basic Setup Complete

    Table 3-6 Wizard 3 : IP Address Assignment LABEL Gateway IP Address Enter the IP address of a gateway. The gateway is an immediate neighbor of your ZyAIR that will forward the packet to the destination. On the LAN, the gateway must be a router on the same segment as your ZyAIR;...
  • Page 40 ZyAIR B-500 Wireless Access Point User’s Guide Well done! You have successfully set up your ZyAIR to operate on your network and access the Internet. 3-10 Wizard Setup...
  • Page 41: System, Wireless And Ip

    System, Wireless and IP Part II: SYSTEM, WIRELESS AND IP This part covers the information and web configurator screens of System, Wireless and IP.
  • Page 43: Chapter 4 System Screens

    System Overview This section provides information on general system setup. Configuring General Setup Click SYSTEM to open the General screen. The following table describes the labels in this screen. System Screens ZyAIR B-500 Wireless Access Point User’s Guide This chapter provides information on the System screens. Figure 4-1 System General Setup Chapter 4 System Screens...
  • Page 44: Configuring Password

    LABEL System Name Type a descriptive name to identify the ZyAIR in the Ethernet network. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes "-" and underscores "_" are accepted. Domain Name This is not a required field. Leave this field blank or enter the domain name here if you know it.
  • Page 45: Configuring Time Setting

    The following table describes the labels in this screen. LABEL Old Password Type in your existing system password (1234 is the default password). New Password Type your new system password (up to 31 characters). Note that as you type a password, the screen displays an asterisk (*) for each character you type.
  • Page 46: Figure 4-3 Time Setting

    The following table describes the labels in this screen. LABEL Time Protocol Select the time service protocol that your time server sends when you turn on the ZyAIR. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.
  • Page 47 LABEL Time Server Enter the IP address or the URL of your time server. Check with your ISP/network Address administrator if you are unsure of this information. Current Time This field displays the time of your ZyAIR. (hh:mm:ss) Each time you reload this page, the ZyAIR synchronizes the time with the time server.
  • Page 49: Chapter 5 Wireless Configuration And Roaming

    ZyAIR B-500 Wireless Access Point User’s Guide Chapter 5 Wireless Configuration and Roaming This chapter discusses how to configure Wireless and Roaming screens on the ZyAIR. Wireless LAN Overview This section introduces the wireless LAN (WLAN) and some basic scenarios. 5.1.1 IBSS An Independent Basic Service Set (IBSS), also called an Ad-hoc network, is the simplest WLAN configuration.
  • Page 50: Ess

    ZyAIR B-500 Wireless Access Point User’s Guide Figure 5-2 Basic Service set 5.1.3 ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS).
  • Page 51: Wireless Lan Basics

    ZyAIR B-500 Wireless Access Point User’s Guide Figure 5-3 Extended Service Set Wireless LAN Basics Refer also to the chapter on wizard setup for more background information on Wireless LAN features, such as channels. 5.2.1 RTS/CTS A hidden node occurs when two stations are within range of the same access point, but are not within range of each other.
  • Page 52: Fragmentation Threshold

    ZyAIR B-500 Wireless Access Point User’s Guide Figure 5-4 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
  • Page 53: Configuring Wireless

    If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Preamble Type A preamble is used to synchronize the transmission timing in your wireless network.
  • Page 54: Figure 5-5 Wireless

    The following table describes the general wireless LAN labels in this screen. LABEL ESSID (Extended Service Set IDentity) The ESSID identifies the Service Set with which a wireless station is associated. Wireless stations associating to the access point (AP) must have the same ESSID. Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN.
  • Page 55 LABEL Hide ESSID Select this check box to hide the ESSID in the outgoing beacon frame so a station cannot obtain the ESSID through passive scanning using a site survey tool. Choose Set the operating frequency/channel depending on your particular region. Channel ID To manually set the ZyAIR to use a channel, select a channel from the drop-down list box.
  • Page 56: Configuring Roaming

    ZyAIR B-500 Wireless Access Point User’s Guide Configuring Roaming A wireless station is a device with an IEEE 802.11b compliant wireless adapters. An access point (AP) acts as a bridge between the wireless and wired networks. An AP creates its own wireless coverage area. A wireless station can associate with a particular access point only if it is within the access point’s coverage area.
  • Page 57: Requirements For Roaming

    The steps below describe the roaming process. Step 1. As wireless station Y moves from the coverage area of access point AP 1 to that of access point AP 2, it scans and uses the signal of access point AP 2. Step 2.
  • Page 58: Figure 5-7 Roaming

    5. The access points must be connected to the Ethernet and be able to get IP addresses from a DHCP server if using dynamic IP address assignment. To enable roaming on your ZyAIR, click the WIRELESS link under ADVANCED and then the Roaming tab.
  • Page 59: Chapter 6 Wireless Security

    ZyAIR B-500 Wireless Access Point User’s Guide Chapter 6 Wireless Security This chapter describes how to use the MAC Filter, 802.1x, Local User Database and RADIUS to configure wireless security on your ZyAIR. Wireless Security Overview Wireless security is vital to your network to protect wireless communication between wireless stations, access points and the wired network.
  • Page 60 The following table describes the wireless LAN security label in this screen. LABEL Security Choose from one of the security features listed in the drop-down box. • • • • • • • Figure 6-2 Wireless Table 6-1 Wireless DESCRIPTION No Security Static WEP WPA-PSK...
  • Page 61: Wep Overview

    Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. You enter manual keys by first selecting 64-bit WEP or 128-bit WEP from the WEP Encryption field and then typing the keys (in ASCII or hexadecimal format) in the key text boxes.
  • Page 62: Authentication

    ZyAIR B-500 Wireless Access Point User’s Guide 6.3.2 Authentication Three different methods can be used to authenticate wireless stations to the network: Open System, Shared Key, and Auto. The following figure illustrates the steps involved. Figure 6-3 WEP Authentication Steps Open system authentication involves an unencrypted two-message procedure.
  • Page 63: Configuring Wep Encryption

    ZyAIR B-500 Wireless Access Point User’s Guide When your ZyAIR's authentication method is set to open system, it will only accept open system authentication requests. The same is true for shared key authentication. However, when it is set to auto authentication, the ZyAIR will accept either type of authentication request and the ZyAIR will fall back to use open authentication if the shared key does not match.
  • Page 64 ZyAIR B-500 Wireless Access Point User’s Guide Figure 6-4 Wireless: Static WEP The following table describes the wireless LAN security labels in this screen. Wireless Security...
  • Page 65: Introduction To Wpa

    LABEL Security Select Static WEP from the drop-down list. Select 64-bit WEP or 128-bit WEP to enable data encryption. Encryption Authentication Select Auto, Open System or Shared Key from the drop-down list box. Method If WEP encryption is activated, the default setting is Auto. ASCII Select this option to enter ASCII characters as the WEP keys.
  • Page 66 6.5.2 Encryption WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and distributed by the authentication server. It includes a per-packet key mixing function, a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism.
  • Page 67 ZyAIR B-500 Wireless Access Point User’s Guide Figure 6-5 WPA - PSK Authentication Configuring WPA-PSK Authentication In order to configure and enable WPA-PSK Authentication; click the WIRELESS link under ADVANCED to display the Wireless screen. Select WPA-PSK from the Security list. Wireless Security...
  • Page 68 ZyAIR B-500 Wireless Access Point User’s Guide Figure 6-6 Wireless: WPA-PSK The following table describes the wireless LAN security labels in this screen. Table 6-4 Wireless: WPA-PSK LABEL DESCRIPTION Security Select WPA-PSK from the drop-down list. 6-10 Wireless Security...
  • Page 69: Wireless Client Wpa Supplicants

    LABEL Pre-Shared Key The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference between the two is that WPA-PSK uses a simple common password, instead of user-specific credentials. Type a pre-shared key from 8 to 63 case-sensitive ASCII characters (including spaces and symbols).
  • Page 70: Wpa With Radius Application Example

    WPA with RADIUS Application Example You need the IP address of the RADIUS server, its port number (default is 1812), and the RADIUS shared secret. A WPA application example with an external RADIUS server looks as follows. “A” is the RADIUS server.
  • Page 71 ZyAIR B-500 Wireless Access Point User’s Guide Figure 6-8 Wireless: WPA The following table describes the wireless LAN security labels in this screen. Table 6-5 Wireless: WPA LABEL DESCRIPTION Security Select WPA from the drop-down list. Wireless Security 6-13...
  • Page 72: Dynamic Wep Key Exchange

    LABEL ReAuthentication Specify how often wireless stations have to reenter usernames and passwords in Timer (in seconds) order to stay connected. Enter a time interval between 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes). Idle Timeout The ZyAIR automatically disconnects a wireless station from the wired network after a period of inactivity.
  • Page 73 • EAP-TTLS • PEAP EAP-MD5 cannot be used with Dynamic WEP Key Exchange. 6.13 Configuring 802.1x and Dynamic WEP Key Exchange In order to configure and enable 802.1x and Dynamic WEP Key Exchange; click the WIRELESS link under ADVANCED to display the Wireless screen. Select 802.1x + Dynamic WEP from the Security list. Figure 6-9 Wireless: 802.1x and Dynamic WEP The following table describes the wireless LAN security labels in this screen.
  • Page 74 Table 6-6 Wireless: 802.1x and Dynamic WEP LABEL Security Select 802.1x + Dynamic WEP from the drop-down list. ReAuthentication Specify how often wireless stations have to reenter usernames and passwords in Timer (in seconds) order to stay connected. Enter a time interval between 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes).
  • Page 75 ZyAIR B-500 Wireless Access Point User’s Guide Figure 6-10 Wireless: 802.1x + Static WEP The following table describes the wireless LAN security labels in this screen. Wireless Security 6-17...
  • Page 76 LABEL Security Select 802.1x + Static WEP from the drop-down list. Select 64-bit WEP or 128-bit WEP to enable data encryption. WEP Encryption Authentication Select Auto, Open System or Shared Key from the drop-down list box. Method If WEP encryption is activated, the default setting is Auto. ASCII Select this option to enter ASCII characters as the WEP keys.
  • Page 77 LABEL Authentication The authentication database contains wireless station login information. The local user Databases database is the built-in database on the ZyAIR. The RADIUS is an external server. Use this drop-down list box to select which database the ZyAIR should use (first) to authenticate a wireless station.
  • Page 78 ZyAIR B-500 Wireless Access Point User’s Guide Figure 6-11 Wireless: 802.1x + No WEP The following table describes the wireless LAN security labels in this screen. Table 6-8 Wireless: 802.1x + No WEP LABEL DESCRIPTION Select 802.1x from the drop-down list. Security 6-20 Wireless Security...
  • Page 79 LABEL ReAuthentication Specify how often wireless stations have to reenter usernames and passwords in Timer (in order to stay connected. This field is activated only when you select Authentication Seconds) Required in the Wireless Port Control field. Enter a time interval between 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes).
  • Page 80: Mac Filter

    ZyAIR B-500 Wireless Access Point User’s Guide Once you enable user authentication, you need to specify an external RADIUS server or create local user accounts on the ZyAIR for authentication. 6.16 MAC Filter The MAC filter screen allows you to configure the ZyAIR to give exclusive access to up to 32 devices (Allow Association) or exclude up to 32 devices from accessing the ZyAIR (Deny Association).
  • Page 81 ZyAIR B-500 Wireless Access Point User’s Guide Figure 6-12 MAC Address Filter The following table describes the labels in this screen. Wireless Security 6-23...
  • Page 82 LABEL Active Select Yes from the drop down list box to enable MAC address filtering. Filter Action Define the filter action for the list of MAC addresses in the MAC address filter table. Select Deny Association to block access to the ZyAIR, MAC addresses not listed will be allowed to access the ZyAIR.
  • Page 83: Eap Authentication Overview

    • Access-Accept Sent by a RADIUS server allowing access. • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access-Request message. The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting: •...
  • Page 84: Introduction To Local User Database

    The details below provide a general description of how IEEE 802.1x EAP authentication works. For an example list of EAP-MD5 authentication steps, see the IEEE 802.1x appendix. • The wireless station sends a “start” message to the ZyAIR. • The ZyAIR sends a “request identity” message to the wireless station for identity information. •...
  • Page 85 ZyAIR B-500 Wireless Access Point User’s Guide Figure 6-14 Local User Database Wireless Security 6-27...
  • Page 86: Configuring Radius

    The following table describes the labels in this screen. LABEL Active Select this check box to activate the user profile. User Name Enter the username (up to 31 characters) for this user profile. Password Type a password (up to 31 characters) for this user profile. Note that as you type a password, the screen displays a (*) for each character you type.
  • Page 87 The following table describes the labels in this screen. LABEL Authentication Server Active Select Yes from the drop-down list box to enable user authentication through an external authentication server. Select No to enable user authentication using the local user profile on the ZyAIR. Server IP Address Enter the IP address of the external authentication server in dotted decimal notation.
  • Page 88 LABEL Port Number Enter the port number of the external authentication server. The default port number is 1812. You need not change this value unless your network administrator instructs you to do so with additional information. Shared Secret Enter a password (up to 31 alphanumeric characters) as the key to be shared between the external authentication server and the ZyAIR.
  • Page 89: Chapter 7 Ip Screen

    Factory Ethernet Defaults The Ethernet parameters of the ZyAIR are preset in the factory with the following values: • IP address of 192.168.1.2 • Subnet mask of 255.255.255.0 (24 bits) These parameters should work for the majority of installations. TCP/IP Parameters 7.2.1 IP Address and Subnet Mask Refer to the section on IP address and subnet mask in the Wizard Setup chapter for this information.
  • Page 90: Table 7-1 Ip Setup

    The following table describes the labels in this screen. LABEL IP Address Assignment Get automatically from Select this option if your ZyAIR is using a dynamically assigned IP address from DHCP a DHCP server each time. Use fixed IP address Select this option if your ZyAIR is using a static IP address.
  • Page 91: Logs

    Logs Part III: LOGS This part provides information and configuration instructions for the logs.
  • Page 93: Chapter 8 Logs Screens

    ZyAIR B-500 Wireless Access Point User’s Guide Chapter 8 Logs Screens This chapter contains information about configuring general log settings and viewing the ZyAIR’s logs. Refer to the appendix for example log message explanations. Configuring View Log The web configurator allows you to look at all of the ZyAIR’s logs in one location. Click LOGS to open the View Log screen.
  • Page 94: Configuring Log Settings

    The following table describes the labels in this screen. LABEL Display Select a log category from the drop down list box to display logs within the selected category. To view all logs, select All Logs. The number of categories shown in the drop down list box depends on the selection in the Log Settings page.
  • Page 95: Figure 8-2 Log Settings

    ZyAIR B-500 Wireless Access Point User’s Guide Figure 8-2 Log Settings The following table describes the labels in this screen. Logs Screens...
  • Page 96: Table 8-2 Log Settings

    ZyAIR B-500 Wireless Access Point User’s Guide LABEL Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and alert messages will not be sent via e-mail.
  • Page 97 LABEL Clear log after sanding Select the check box to clear all logs after logs and alert messages are sent via e- mail mail. Select the categories of logs that you want to record. Send Immediate Alert Select the categories of alerts for which you want the ZyAIR to immediately send e-mail alerts.
  • Page 99: Maintenance

    Maintenance Part IV: MAINTENANCE This part describes the Maintenance web configurator screens.
  • Page 101: Chapter 9 Maintenance

    This chapter describes the Maintenance screens that display system information such as ZyNOS Maintenance Overview The maintenance screens can help you view system information, upload new firmware, manage configuration and restart your ZyAIR. System Status Screen Click MAINTENANCE to display the screen, where you can use to monitor your ZyAIR. Note that these labels are READ-ONLY and are meant to be used for diagnostic purposes.
  • Page 102: System Statistics

    LABEL ZyNOS Firmware This is the ZyNOS Firmware version and the date created. ZyNOS is ZyXEL's Version proprietary Network Operating System design. IP Address This is the Ethernet port IP address. IP Subnet Mask This is the Ethernet port subnet mask. DHCP This is the Ethernet port DHCP role - Client or None.
  • Page 103: Association List

    Table 9-2 System Status: Show Statistics LABEL Status This shows the port speed and duplex setting if you are using Ethernet encapsulation for the Ethernet port. This shows the transmission speed only for wireless port. TxPkts This is the number of transmitted packets on this port. RxPkts This is the number of received packets on this port.
  • Page 104: Channel Usage

    The following table describes the labels in this screen. LABEL This is the index number of an associated wireless station. MAC Address This field displays the MAC address of an associated wireless station. Association Time This field displays the time a wireless station first associated with the ZyAIR. Refresh Click Refresh to reload the screen.
  • Page 105: Figure 9-4 Channel Usage

    The following table describes the labels in this screen. LABEL SSID This is the Service Set IDentification name of the AP in an Infrastructure wireless network or wireless station in an Ad-Hoc wireless network. For our purposes, we define an Infrastructure network as a wireless network that uses an AP and an Ad-Hoc network (also known as Independent Basic Service Set (IBSS)) as one that doesn’t.
  • Page 106: F/W Upload Screen

    LABEL Signal This field displays the strength of the AP’s signal. If you must choose a channel that’s currently in use, choose one with low signal strength for minimum interference. Network Mode “Network mode” in this screen refers to your wireless LAN infrastructure (refer to the Wireless LAN chapter) and WEP setup.
  • Page 107: Figure 9-6 Firmware Upload In Process

    LABEL File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse... Click Browse... to find the .bin file you want to upload. Remember that you must decompress compressed (.zip) files before you can upload them.
  • Page 108: Configuration Screen

    ZyAIR B-500 Wireless Access Point User’s Guide If the upload was not successful, the following screen will appear. Click Return to go back to the F/W Upload screen. Figure 9-8 Firmware Upload Error Configuration Screen See the Firmware and Configuration File Maintenance chapter for transferring configuration files using FTP/TFTP commands.
  • Page 109: Backup Configuration

    ZyAIR B-500 Wireless Access Point User’s Guide Figure 9-9 Configuration 9.6.1 Backup Configuration Backup configuration allows you to back up (save) the ZyAIR’s current configuration to a file on your computer. Once your ZyAIR is configured and functioning properly, it is highly recommended that you back Maintenance...
  • Page 110: Restore Configuration

    up your configuration file before making configuration changes. The backup configuration file will be useful in case you need to return to your previous settings. Click Backup to save the ZyAIR’s current configuration to your computer. 9.6.2 Restore Configuration Restore configuration allows you to upload a new or previously saved configuration file from your computer to your ZyAIR.
  • Page 111: Back To Factory Defaults

    ZyAIR B-500 Wireless Access Point User’s Guide Figure 9-11 Network Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default ZyAIR IP address (192.168.1.2). See your Quick Installation Guide for details on how to set up your computer’s IP address.
  • Page 112: Restart Screen

    ZyAIR B-500 Wireless Access Point User’s Guide Figure 9-13 Reset Warning Message You can also press the RESET button on the top panel to reset the factory defaults of your ZyAIR. Refer to the section on resetting the ZyAIR for more information on the RESET button. Restart Screen System restart allows you to reboot the ZyAIR without turning the power off.
  • Page 113: Smt Configuration

    SMT Configuration Part V: SMT CONFIGURATION This part contains SMT (System Management Terminal) configuration and background information for features only configurable by SMT. See the web configurator parts of this guide for background information on features configurable by web configurator and SMT.
  • Page 115: Chapter 10 Introducing The Smt

    This chapter describes how to access the SMT and provides an overview of its menus 10.1 Connect to your ZyAIR Using Telnet The following procedure details how to telnet into your ZyAIR. Step 1. In Windows, click Start (usually in the bottom left corner), Run and then type “telnet 192.168.1.2”...
  • Page 116: Zyair Smt Menu Overview Example

    ZyAIR B-500 Wireless Access Point User’s Guide Figure 10-2 Menu 23.1 System Security : Change Password Step 4. Type your new system password in the New Password field (up to 30 characters), and press [ENTER]. Step 5. Re-type your new system password in the Retype to confirm field for confirmation and press [ENTER].
  • Page 117: Figure 10-3 Zyair B-500 Smt Menu Overview Example

    ZyAIR B-500 Main Menu Menu 1 Menu 3 General Setup LAN Setup Menu 3.2 TCP/IP Setup Menu 3.5 Menu 3.5.1 Wireless LAN WLAN MAC Address Filter Setup Menu 24.5 Menu 24.4 Backup System Maintenance Configuration - Diagnostic Menu 24.6 Restore Configuration Menu 24.7.1 Menu 24.7...
  • Page 118: Navigating The Smt Interface

    ZyAIR B-500 Wireless Access Point User’s Guide 10.4 Navigating the SMT Interface The SMT (System Management Terminal) is the interface that you use to configure your ZyAIR. Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below.
  • Page 119: System Management Terminal Interface Summary

    Copyright (c) 1994 - 2004 ZyXEL Communications Corp. Getting Started 1. General Setup 3. LAN Setup Advanced Applications 14. Dial-in User Setup Figure 10-4 ZyAIR B-500 SMT Main Menu 10.4.1 System Management Terminal Interface Summary MENU TITLE General Setup LAN Setup...
  • Page 121: Chapter 11 General Setup

    11.1 General Setup Menu 1 – General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. It is recommended you type your computer's "Computer name". The Domain Name entry is what is propagated to the DHCP clients on the LAN. This is not a required field.
  • Page 122: Table 11-1 Menu 1 General Setup

    ZyAIR B-500 Wireless Access Point User’s Guide FIELD System Name Choose a descriptive name for identification purposes. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes “-” and underscores "_" are accepted. Domain Name This is not a required field.
  • Page 123: Chapter 12 Lan Setup

    12.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 – LAN Setup. From the main menu, enter 3 to display menu 3. 12.2 TCP/IP Ethernet Setup Use menu 3.2 to configure your ZyAIR for TCP/IP. To edit menu 3.2, enter 3 from the main menu to display Menu 3-LAN Setup.
  • Page 124: Wireless Lan Setup

    ZyAIR B-500 Wireless Access Point User’s Guide FIELD IP Address Press [SPACE BAR] and then [ENTER] to select Dynamic to have the Assignment ZyAIR obtain an IP address from a DHCP server. You must know the IP address assigned to the ZyAIR (by the DHCP server) to access the ZyAIR again.
  • Page 125: Figure 12-3 Menu 3.5 Wireless Lan Setup

    ESSID= Wireless Hide ESSID= No Channel ID= CH06 2437MHz RTS Threshold= 2432 Frag. Threshold= 2432 WEP Encryption= 64-bit WEP Default Key= 1 Key1= ******** Key2= ******** Key3= ******** Key4= ******** Authen. Method= Auto Press Space Bar to Toggle. The following table describes the fields in this menu. FIELD ESSID The ESSID (Extended Service Set IDentity) identifies the AP to which the...
  • Page 126 ZyAIR B-500 Wireless Access Point User’s Guide FIELD Default Key Enter the key number (1 to 4) in this field. Only one key can be enabled at any one time. This key must be the same on the ZyAIR and the wireless stations to communicate.
  • Page 127: Configuring Mac Address Filter

    FIELD When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen. 12.3.1 Configuring MAC Address Filter Your ZyAIR checks the MAC address of the wireless station device against a list of allowed or denied MAC addresses.
  • Page 128: Figure 12-5 Menu 3.5.1 Wlan Mac Address Filter

    ZyAIR B-500 Wireless Access Point User’s Guide ------------------------------------------------------------------------------ 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 ------------------------------------------------------------------------------ Figure 12-5 Menu 3.5.1 WLAN MAC Address Filter The following table describes the fields in this menu. Table 12-3 Menu 3.5.1 WLAN MAC Address Filter FIELD Active To enable MAC address filtering, press [SPACE BAR] to select Yes and press [ENTER].
  • Page 129: Configuring Roaming

    12.3.2 Configuring Roaming Enable the roaming feature if you have two or more ZyAIRs on the same subnet. Follow the steps below to allow roaming on your ZyAIR. Step 1. From the main menu, enter 3 to display Menu 3 – LAN Setup. Step 2.
  • Page 130: Table 12-4 Menu 3.5.2 Roaming Configuration

    ZyAIR B-500 Wireless Access Point User’s Guide Table 12-4 Menu 3.5.2 Roaming Configuration FIELD Active Press [SPACE BAR] and then [ENTER] to select Yes to enable roaming on the ZyAIR if you have two or more ZyAIRs on the same subnet. Port # Type the port number to communicate roaming information between access points.
  • Page 131: Chapter 13 Dial-In User Setup

    13.1 Dial-in User Setup By storing user profiles locally, your ZyAIR is able to authenticate wireless users without interacting with a network RADIUS server. Follow the steps below to set up user profiles on your ZyAIR. Step 1. From the main menu, enter 14 to display Menu 14 - Dial-in User Setup. 1.
  • Page 132: Table 13-1 Menu 14.1- Edit Dial-In User

    ZyAIR B-500 Wireless Access Point User’s Guide FIELD User Name Enter a username up to 31 alphanumeric characters long for this user profile. This field is case sensitive. Active Press [SPACE BAR] to select Yes and press [ENTER] to enable the user profile. Password Enter a password up to 31 characters long for this user profile.
  • Page 133: Chapter 14 Snmp Configuration

    ZyAIR B-500 Wireless Access Point User’s Guide Chapter 14 SNMP Configuration This chapter explains SNMP Configuration menu 22. 14.1 About SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your ZyAIR supports SNMP agent functionality, which allows a manager station to manage and monitor the ZyAIR through the network.
  • Page 134: Supported Mibs

    ZyAIR B-500 Wireless Access Point User’s Guide An agent is a management software module that resides in a managed device (the ZyAIR). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions. It executes applications that control and monitor managed devices.
  • Page 135: Snmp Traps

    Figure 14-2 Menu 22 SNMP Configuration The following table describes the SNMP configuration parameters. FIELD SNMP: Type the Get Community, which is the password for the incoming Get Community Get- and GetNext requests from the management station. Set Community Type the Set Community, which is the password for incoming Set requests from the management station.
  • Page 136: Table 14-2 Snmp Traps

    ZyAIR B-500 Wireless Access Point User’s Guide TRAP # TRAP NAME coldStart (defined in RFC-1215) warmStart (defined in RFC-1215) linkUp (defined in RFC-1215) authenticationFailure (defined in RFC-1215) linkDown (defined in RFC-1215) 14-4 Table 14-2 SNMP Traps A trap is sent after booting (power on). A trap is sent after booting (software reboot).
  • Page 137: Chapter 15 System Security

    This chapter describes how to configure the system security on the ZyAIR. 15.1 System Security You can configure the system password, an external RADIUS server and 802.1x in this menu. 15.1.1 System Password You should change the default password. If you forget your password you have to restore the default configuration file.
  • Page 138: Figure 15-3 Menu 23.2 System Security : Radius Server

    ZyAIR B-500 Wireless Access Point User’s Guide Figure 15-3 Menu 23.2 System Security : RADIUS Server The following table describes the fields in this menu. Table 15-1 Menu 23.2 System Security : RADIUS Server FIELD Authentication Server Press [SPACE BAR] to select Yes and press [ENTER] to enable Active user authentication through an external authentication server.
  • Page 139: Figure 15-4 Menu 23 System Security

    Table 15-1 Menu 23.2 System Security : RADIUS Server FIELD Port The default port of the RADIUS server for accounting is 1813. You need not change this value unless your network administrator instructs you to do so with additional information. Shared Secret Specify a password (up to 31 alphanumeric characters) as the key to be shared between the external accounting server and the...
  • Page 140: Figure 15-5 Menu 23.4 System Security : Ieee802.1X

    ZyAIR B-500 Wireless Access Point User’s Guide Wireless Port Control= Authentication Required ReAuthentication Timer (in second)= 1800 Idle Timeout (in second)= 3600 Key Management Protocol= 802.1x Dynamic WEP Key Exchange= Disable PSK = N/A Data Privacy for Broadcast/Multicast packets= N/A WPA Broadcast/Multicast Key Update Timer= N/A Authentication Databases= Local User Database Only Figure 15-5 Menu 23.4 System Security : IEEE802.1x...
  • Page 141 Table 15-2 Menu 23.4 System Security : IEEE802.1x FIELD Idle Timeout The ZyAIR automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the username and password again before access to the wired network is allowed. This field is activated only when you select Authentication Required in the Wireless Port Control field.
  • Page 142 ZyAIR B-500 Wireless Access Point User’s Guide Table 15-2 Menu 23.4 System Security : IEEE802.1x FIELD Authentication The authentication database contains wireless station login information. The local Databases user database is the built-in database on the ZyAIR. The RADIUS is an external server.
  • Page 143: Chapter 16 System Information And Diagnosis

    System Information and Diagnosis This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. 16.1 Overview These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software. This chapter describes how to use these tools in detail. Type 24 in the main menu and press [ENTER] to open Menu 24 following figure.
  • Page 144: Figure 16-2 Menu 24.1 System Maintenance : Status

    ZyAIR B-500 Wireless Access Point User’s Guide The following table describes the fields present in Menu 24.1 – System Maintenance – Status which are read-only and meant for diagnostic purposes. Port Status 100M/Full WLAN 16.5M Port Ethernet Address 00:A0:C5:00:00:04 WLAN 00:A0:C5:00:00:04 System up Time: Name: B-500.
  • Page 145: System Information

    Table 16-1 Menu 24.1 System Maintenance : Status FIELD System Up Time This is the time the ZyAIR is up and running from the last reboot. 16.3 System Information To get to the System Information: Step 1. Enter 24 to display Menu 24 – System Maintenance. Step 2.
  • Page 146: Console Port Speed

    Refers to the routing protocol used. ZyNOS F/W Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. Version ZyNOS is a registered trademark of ZyXEL Communications Corporation. Country Code Refers to the country code of the firmware. Ethernet Address Refers to the Ethernet MAC (Media Access Control) of your ZyAIR.
  • Page 147: Log And Trace

    16.4 Log and Trace Your ZyAIR provides the error logs and trace records that are stored locally. 16.4.1 Viewing Error Log The first place you should look for clues when something goes wrong is the error log. Follow the procedures to view the local error/trace log: Step 1.
  • Page 148: Figure 16-8 Menu 24.4 System Maintenance : Diagnostic

    ZyAIR B-500 Wireless Access Point User’s Guide Figure 16-8 Menu 24.4 System Maintenance : Diagnostic Follow the procedure next to get to display this menu: Step 1. From the main menu, type 24 to open Menu 24 – System Maintenance. Step 2.
  • Page 149: Chapter 17 Firmware And Configuration File Maintenance

    ZyAIR B-500 Wireless Access Point User’s Guide Chapter 17 Firmware and Configuration File Maintenance This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files using the SMT screens. 17.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password and TCP/IP Setup, etc.
  • Page 150: Backup Configuration

    ZyAIR B-500 Wireless Access Point User’s Guide FILE TYPE INTERNAL NAME Configuration File Rom-0 Firmware 17.2 Backup Configuration Option 5 from Menu 24 – System Maintenance allows you to backup the current ZyAIR configuration to your computer. Backup is highly recommended once your ZyAIR is functioning properly. FTP is the preferred method, although TFTP can also be used.
  • Page 151: Using The Ftp Command From The Dos Prompt

    17.2.2 Using the FTP command from the DOS Prompt Step 1. Launch the FTP client on your computer. Step 2. Enter “open” and the IP address of your ZyAIR. Step 3. Press [ENTER] when prompted for a username. Step 4. Enter “root”...
  • Page 152: Backup Configuration Using Tftp

    ZyAIR B-500 Wireless Access Point User’s Guide Table 17-2 General Commands for Third Party FTP Clients COMMAND Initial Remote Specify the default remote directory (path). Directory Initial Local Specify the default local directory (path). Directory 17.2.3 Backup Configuration Using TFTP The ZyAIR supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN.
  • Page 153: Restore Configuration

    where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the ZyAIR IP address, “get” transfers the file source on the ZyAIR (rom-0 name of the configuration file on the ZyAIR) to the file destination on the computer and renames it config.rom. The following table describes some of the fields that you may see in third party TFTP clients.
  • Page 154: Uploading Firmware And Configuration Files

    ZyAIR B-500 Wireless Access Point User’s Guide To transfer the firmware and the configuration file, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your router. Then type "root" and SMT password as requested.
  • Page 155: Firmware Upload

    17.4.1 Firmware Upload FTP is the preferred method for uploading the firmware and configuration. To use this feature, your computer must have an FTP client. When you telnet into the ZyAIR, you will see the following screens for uploading firmware and the configuration file using FTP.
  • Page 156: Using The Ftp Command From The Dos Prompt Example

    ZyAIR B-500 Wireless Access Point User’s Guide Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload the system configuration file, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your system. Then type "root" and SMT password as requested.
  • Page 157: Tftp File Upload

    331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> put firmware.bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 327680 bytes sent in 1.10Seconds 297.89Kbytes/sec. ftp>...
  • Page 158: Example: Tftp Command

    ZyAIR B-500 Wireless Access Point User’s Guide 17.4.5 Example: TFTP Command The following is an example TFTP command: TFTP [-i] host put firmware.bin ras where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the ZyAIR’s IP address, “put”...
  • Page 159: Chapter 18 System Maintenance And Information

    ? at the command prompt. Type “exit” to return to the SMT main menu when finished. Menu 24 – System Maintenance 10. Time and Date Setting Enter Menu Selection Number: Figure 18-1 Menu 24 System Maintenance Copyright (c) 1994 - 2004 ZyXEL Communications Corp. B-500> ? Valid commands are: config bridge 8021x B-500>...
  • Page 160: Time And Date Setting

    ZyAIR B-500 Wireless Access Point User’s Guide 18.2 Time and Date Setting The ZyAIR keeps track of the time and date. There is also a software mechanism to set the time manually or get the current time and date from an external server when you turn on your ZyAIR. Menu 24.10 allows you to update the time and date settings of your ZyAIR.
  • Page 161: Resetting The Time

    Table 18-1 Menu 24.10 System Maintenance : Time and Date Setting FIELD Time Protocol Enter the time service protocol that your time server sends when you turn on the ZyAIR. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.
  • Page 162 ZyAIR B-500 Wireless Access Point User’s Guide On leaving menu 24.10 after making changes. When the ZyAIR starts up, if there is a time server configured in menu 24.10. iii. 24-hour intervals after starting. 18-4 System Maintenance and Information...
  • Page 163: Appendices

    Appendices Part VI: APPENDICES This part provides troubleshooting and background information about setting up your computer’s IP address, wireless LAN, 802.1x and IP subnetting. It also provides information on the command interpreter interface and logs.
  • Page 165: Appendix A Troubleshooting

    This appendix covers potential problems and possible remedies. After each problem description, some instructions are provided to help you to diagnose and to solve the problem. Problems Starting Up the ZyAIR Chart A-1 Troubleshooting the Start-Up of Your ZyAIR PROBLEM None of the LEDs Make sure you are using the supplied power adaptor and that it is plugged in to an turn on when I...
  • Page 166: Problems With The Password

    ZyAIR B-500 Wireless Access Point User’s Guide Chart A-2 Troubleshooting the Ethernet Interface PROBLEM I cannot ping any If the ETHN LED on the front panel is off, check the Ethernet cable connections computer on the between your ZyAIR and the Ethernet device. LAN.
  • Page 167: Problems With The Wlan Interface

    Problems with the WLAN Interface Chart A-5 Troubleshooting the WLAN Interface PROBLEM Cannot access the Make sure the wireless adapter on the wireless station is working properly. ZyAIR from the Check that both the ZyAIR and your wireless station are using the same ESSID, WLAN.
  • Page 169: Appendix B Brute-Force Password Guessing Protection

    Brute-Force Password Guessing The following describes the commands for enabling, disabling and configuring the brute-force password guessing protection mechanism for the password. See the Command Interpreter appendix for information on the command structure. Chart B-1 Brute-Force Password Guessing Protection Commands COMMAND sys pwderrtm This command displays the brute-force guessing password protection settings.
  • Page 171: Appendix C Setting Up Your Computer's Ip Address

    ZyAIR B-500 Wireless Access Point User’s Guide Appendix C Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer.
  • Page 172 ZyAIR B-500 Wireless Access Point User’s Guide If you need the adapter: In the Network window, click Add. Select Adapter and then click Add. Select the manufacturer and model of your network adapter and then click OK. If you need TCP/IP: In the Network window, click Add.
  • Page 173 Click the IP Address tab. -If your IP address is dynamic, select Obtain an IP address automatically. -If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields. Click the DNS Configuration tab.
  • Page 174 ZyAIR B-500 Wireless Access Point User’s Guide Click the Gateway tab. -If you do not know your gateway’s IP address, remove previously installed gateways. -If you have a gateway IP address, type it in the New gateway field and click Add. Click OK to save and close the TCP/IP Properties window.
  • Page 175 For Windows XP, click start, Control Panel. In Windows 2000/NT, click Start, Settings, Control Panel. For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Setting Up Your Computer’s IP Address ZyAIR B-500 Wireless Access Point User’s Guide Right-click Local Area Connection and then click Properties.
  • Page 176 ZyAIR B-500 Wireless Access Point User’s Guide Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). -If you have a dynamic IP address click Obtain an IP address automatically.
  • Page 177 ZyAIR B-500 Wireless Access Point User’s Guide -If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: -In the IP Settings tab, in IP addresses, click Add.
  • Page 178 ZyAIR B-500 Wireless Access Point User’s Guide In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): -Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). -If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
  • Page 179 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. Select Ethernet built-in from the Connect via list. For dynamically assigned settings, select Using DHCP Server from the Configure: list. Setting Up Your Computer’s IP Address ZyAIR B-500 Wireless Access Point User’s Guide...
  • Page 180: Macintosh Os X

    ZyAIR B-500 Wireless Access Point User’s Guide For statically assigned settings, do the following: -From the Configure box, select Manually. -Type your IP address in the IP Address box. -Type your subnet mask in the Subnet mask box. -Type the IP address of your ZyAIR in the Router address box. Close the TCP/IP Control Panel.
  • Page 181 Click Network in the icon bar. - Select Automatic from the Location list. - Select Built-in Ethernet from the Show list. - Click the TCP/IP tab. For dynamically assigned settings, select Using DHCP from the Configure list. For statically assigned settings, do the following: -From the Configure box, select Manually.
  • Page 183: Benefits Of A Wireless Lan

    Wireless LAN and IEEE 802.11 A wireless LAN (WLAN) provides a flexible data communications system that you can use to access various services (navigating the Internet, email, printer services, etc.) without the use of a cabled connection. In effect a wireless LAN environment provides you the freedom to stay connected to the network while roaming around in the coverage area.
  • Page 184: Infrastructure Wireless Lan Configuration

    ZyAIR B-500 Wireless Access Point User’s Guide unlicensed ISM (Industrial, Scientific and Medical) band. The third method is infrared technology, using very high frequencies, just below visible light in the electromagnetic spectrum to carry data. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless nodes or stations (STA), which is called a Basic Service Set (BSS).
  • Page 185 ZyAIR B-500 Wireless Access Point User’s Guide The Extended Service Set (ESS) shown in the next figure consists of a series of overlapping BSSs (each containing an Access Point) connected together by means of a Distribution System (DS). Although the DS could be any type of network, it is almost invariably an Ethernet LAN.
  • Page 187: Appendix E Wireless Lan With Ieee 802.1X

    Wireless LAN With IEEE 802.1x As wireless networks become popular for both portable computing and corporate networks, security is now a priority. Security Flaws with IEEE 802.11 Wireless networks based on the original IEEE 802.11 have a poor reputation for safety. The IEEE 802.11b wireless access standard, first published in 1999, was based on the MAC address.
  • Page 188 ZyAIR B-500 Wireless Access Point User’s Guide The following figure depicts a typical wireless network with a remote RADIUS server for user authentication using EAPOL (EAP Over LAN). Diagram E-1 Sequences for EAP MD5–Challenge Authentication RADIUS Server Authentication Sequence Client computer access authorized.
  • Page 189: Appendix F Types Of Eap Authentication

    ZyAIR B-500 Wireless Access Point User’s Guide Appendix F Types of EAP Authentication This appendix discusses the five popular EAP authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and LEAP. The type of authentication you use depends on the RADIUS server. Consult your network administrator for more information.
  • Page 190 ZyAIR B-500 Wireless Access Point User’s Guide and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco. LEAP LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE802.1x. For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption.
  • Page 191 IP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1.
  • Page 192: Subnet Masks

    ZyAIR B-500 Wireless Access Point User’s Guide A class “A” address (24 host bits) can have 2 Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127.
  • Page 193 sequence of ones beginning from the left most bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits. Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet.
  • Page 194 ZyAIR B-500 Wireless Access Point User’s Guide Divide the network 192.168.1.0 into two separate subnets by converting one of the host ID bits of the IP address to a network number bit. The “borrowed” host ID bit can be either “0” or “1” thus giving two subnets;...
  • Page 195 to an actual host for the first subnet is 192.168.1.1 and the highest is 192.168.1.126. Similarly the host ID range for the second subnet is 192.168.1.129 to 192.168.1.254. Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide a class “C” address space into two subnets.
  • Page 196: Example Eight Subnets

    ZyAIR B-500 Wireless Access Point User’s Guide Subnet Mask (Binary) Subnet Address: 192.168.1.128 Broadcast Address: 192.168.1.191 IP Address IP Address (Binary) Subnet Mask (Binary) Subnet Address: 192.168.1.192 Broadcast Address: 192.168.1.255 Example Eight Subnets Similarly use a 27-bit mask to create 8 subnets (001, 010, 011, 100, 101, 110). The following table shows class C IP address last octet values for each subnet.
  • Page 197: Subnetting With Class A And Class B Networks

    The following table is a summary for class “C” subnet planning. NO. “BORROWED” HOST BITS Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID.
  • Page 198: Appendix G Ip Subnetting

    ZyAIR B-500 Wireless Access Point User’s Guide NO. “BORROWED” HOST BITS Chart G-13 Class B Subnet Planning SUBNET MASK NO. SUBNETS 255.255.255.128 (/25) 255.255.255.192 (/26) 255.255.255.224 (/27) 255.255.255.240 (/28) 255.255.255.248 (/29) 255.255.255.252 (/30) 255.255.255.254 (/31) NO. HOSTS PER SUBNET 1024 2048 4096 8192...
  • Page 199: Appendix H Command Interpreter

    ZyAIR B-500 Wireless Access Point User’s Guide Appendix H Command Interpreter The following describes how to use the command interpreter. Enter 24 in the main menu to bring up the system maintenance menu. Enter 8 to go to Menu 24.8 - Command Interpreter Mode. See the included disk or www.zyxel.com for more detailed information on these commands.
  • Page 201: Appendix I Log Descriptions

    LOG MESSAGE Time calibration is successful Time calibration failed DHCP client gets %s DHCP client IP expired DHCP server assigns SMT Login Successfully SMT Login Fail WEB Login Successfully WEB Login Fail TELNET Login Successfully TELNET Login Fail FTP Login Successfully FTP Login Fail Log Description...
  • Page 202 ZyAIR B-500 Wireless Access Point User’s Guide TYPE CODE Echo Reply Echo reply message Destination Unreachable Net unreachable Host unreachable Protocol unreachable Port unreachable A packet that needed fragmentation was dropped because it was set to Don't Fragment (DF) Source route failed Source Quench A gateway may discard internet datagrams if it does not have the buffer space needed to queue the datagrams for output to the next network on the route to...
  • Page 203: Log Commands

    TYPE CODE Timestamp Timestamp request message Timestamp Reply Timestamp reply message Information Request Information request message Information Reply Information reply message LOG MESSAGE Mon dd hr:mm:ss hostname src="<srcIP:srcPort>" dst="<dstIP:dstPort>" msg="<msg>" note="<note>" Log Commands Go to the command interpreter interface (the Command Interpreter Appendix explains how to access and use the commands).
  • Page 204: Displaying Logs

    ZyAIR B-500 Wireless Access Point User’s Guide Chart I-4 Log Categories and Available Settings LOG CATEGORIES 8021x access error icmp mten packetfilter remote tcpreset to not record logs for that category, alerts for that category, and Use the sys logs save command to store the settings in the ZyAIR (you must do this in order to record logs).
  • Page 205 ZyAIR B-500 Wireless Access Point User’s Guide .time source destination notes message 0|11/11/2002 15:10:12 |172.22.3.80:137 |172.22.255.255:137 |ACCESS BLOCK Log Description...
  • Page 207: Appendix J Index

    802.1x Overview ...6-14 Address Assignment...3-6 Ad-hoc Configuration... D-2 Alternative Subnet Mask Notation ... G-3 Applications ...1-4 Authentication ...6-4 auto-negotiation...1-1 backup ...17-2 Backup...9-9 Basic Service Set ... D-2 BSS... See Basic Service Set CA ...F-1 Certificate Authority... See CA Channel ID ...5-7, 12-3 Classes of IP Addresses...
  • Page 208 ZyAIR B-500 Wireless Access Point User’s Guide General Setup ... 3-2, 4-1, 11-1 Hidden Menus...10-4 Host ...4-3 Host IDs...G-1 IBSS... See Independent Basic Service Set IEEE 802.11 ...D-1 Deployment Issues ... E-1 Security Flaws... E-1 IEEE 802.1x ...E-1, 1-3 Advantages... E-1 Independent Basic Service Set...
  • Page 209 Community ...14-3 Configuration ...14-2 Get ...14-2 GetNext...14-2 Manager ...14-2 MIBs ...14-2 Set ...14-2 Trap... 14-2 Traps ...14-3, 14-4 Trusted Host...14-3 Subnet Mask... 3-7, 7-1, 12-2, 16-4 Subnet Masks ... G-2 Subnetting ... G-3 Supporting Disk... xvii System Console Port Speed Diagnostic Log and Trace System Information...16-3...

Table of Contents