ZyXEL Communications NWA-3100 User Manual

ZyXEL Communications NWA-3100 User Manual

802.11a/b/g wireless access point
Hide thumbs Also See for NWA-3100:
Table of Contents

Advertisement

NWA-3100
802.11a/b/g Wireless Access Point
User's Guide
Version 3.60
10/2006
Edition 1
www.zyxel.com

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the NWA-3100 and is the answer not in the manual?

Questions and answers

Summary of Contents for ZyXEL Communications NWA-3100

  • Page 1 NWA-3100 802.11a/b/g Wireless Access Point User’s Guide Version 3.60 10/2006 Edition 1 www.zyxel.com...
  • Page 3: About This User's Guide

    About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the ZyXEL Device using the web configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology.
  • Page 4: Document Conventions

    Syntax Conventions • The NWA-3100 may be referred to as the “ZyXEL Device”, the “device”, the “product” or the “system” in this User’s Guide. • Product labels, screen names, field labels and field choices are all in bold font.
  • Page 5 Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Computer Notebook computer Server DSLAM Firewall Telephone Switch Router...
  • Page 6: Safety Warnings

    • The PoE (Power over Ethernet) devices that supply or receive power and their connected Ethernet cables must all be completely indoors. • Fuse Warning! Replace a fuse only with a fuse of the same type and rating. This product is recyclable. Dispose of it properly. ZyXEL NWA-3100 User’s Guide...
  • Page 7 Safety Warnings ZyXEL NWA-3100 User’s Guide...
  • Page 8 Safety Warnings ZyXEL NWA-3100 User’s Guide...
  • Page 9: Table Of Contents

    Contents Overview Contents Overview Introduction ..........................29 Introducing the ZyXEL Device ....................31 Introducing the Web Configurator ....................39 Tutorial ............................43 The Web Configurator ......................61 System Screens ........................63 Wireless Configuration ......................67 Wireless Security Configuration ....................81 MBSSID and SSID ........................
  • Page 10 Contents Overview ZyXEL NWA-3100 User’s Guide...
  • Page 11: Table Of Contents

    1.2.4 MBSSID ........................35 1.2.5 Pre-Configured SSID Profiles ..................36 1.3 Ways to Manage the ZyXEL Device ..................36 1.4 Good Habits for Managing the ZyXEL Device ..............36 1.5 LEDs ............................ 37 Chapter 2 Introducing the Web Configurator ..................39 2.1 Accessing the Web Configurator ..................
  • Page 12 5.3.3 ATC+WMM ......................... 70 5.3.3.1 ATC+WMM from LAN to WLAN ................ 70 5.3.3.2 ATC+WMM from WLAN to LAN ................ 71 5.3.4 Type Of Service (ToS) ....................71 5.3.4.1 DiffServ ......................71 5.3.4.2 DSCP and Per-Hop Behavior ................71 ZyXEL NWA-3100 User’s Guide...
  • Page 13 6.9.5 Security: WPA2 or WPA2-MIX ..................92 6.9.6 Security: WPA-PSK, WPA2-PSK, WPA2-PSK-MIX ............ 93 6.10 Introduction to RADIUS ..................... 95 6.11 Configuring RADIUS ......................95 Chapter 7 MBSSID and SSID ........................97 7.1 Wireless LAN Infrastructures ....................97 ZyXEL NWA-3100 User’s Guide...
  • Page 14 10.3.2 Rogue AP: Friendly AP ..................120 10.3.3 Rogue AP List ......................121 Chapter 11 Remote Management......................123 11.1 Remote Management Overview ..................123 11.1.1 Remote Management Limitations ................124 11.1.2 System Timeout ...................... 124 11.2 SSH ..........................124 ZyXEL NWA-3100 User’s Guide...
  • Page 15 13.2 Configuring Log Settings ....................152 13.3 Example Log Messages ....................154 13.4 Log Commands ....................... 155 13.4.1 Configuring What You Want the ZyXEL Device to Log .......... 155 13.4.2 Displaying Logs ...................... 156 13.5 Log Command Example ....................156 Chapter 14 VLAN ............................
  • Page 16 Part III: SMT and Troubleshooting............185 Chapter 16 Introducing the SMT ......................187 16.1 Connect to your ZyXEL Device Using Telnet ..............187 16.2 Changing the System Password ..................187 16.3 SMT Menu Overview Example ..................188 16.4 Navigating the SMT Interface ..................188 16.4.1 System Management Terminal Interface Summary ..........
  • Page 17 22.4.7 Uploading Firmware File Via Console Port ............214 22.4.8 Example Xmodem Firmware Upload Using HyperTerminal ........214 22.4.9 Uploading Configuration File Via Console Port ............215 22.4.10 Example Xmodem Configuration Upload Using HyperTerminal ......215 Chapter 23 System Maintenance and Information ................217 ZyXEL NWA-3100 User’s Guide...
  • Page 18 23.4 System Timeout ....................... 222 Chapter 24 Troubleshooting........................223 24.1 Power, Hardware Connections, and LEDs ..............223 24.2 ZyXEL Device Access and Login ..................223 24.3 Internet Access ........................ 225 Part IV: Appendices and Index ............227 Appendix A Product Specifications..................229 Appendix B Setting up Your Computer’s IP Address............
  • Page 19: List Of Figures

    Figure 33 Password..........................64 Figure 34 Time Setting ........................... 65 Figure 35 Basic Service set ........................67 Figure 36 Extended Service Set ......................68 Figure 37 DiffServ: Differentiated Service Field ..................72 Figure 38 Wireless: Access Point ......................75 ZyXEL NWA-3100 User’s Guide...
  • Page 20 Figure 76 Remote Management: FTP ....................126 Figure 77 Remote Management: WWW ....................127 Figure 78 SNMP Management Model ....................128 Figure 79 Remote Management: SNMP ....................131 Figure 80 Certificates on Your Computer ..................... 134 Figure 81 Certificate Details ........................ 135 ZyXEL NWA-3100 User’s Guide...
  • Page 21 Figure 119 Firmware Upload In Process ....................179 Figure 120 Network Temporarily Disconnected ..................180 Figure 121 Firmware Upload Error ....................... 180 Figure 122 Configuration ........................181 Figure 123 Configuration Upload Successful ..................182 Figure 124 Network Temporarily Disconnected ..................182 ZyXEL NWA-3100 User’s Guide...
  • Page 22 Figure 164 Windows 95/98/Me: TCP/IP Properties: IP Address ............235 Figure 165 Windows 95/98/Me: TCP/IP Properties: DNS Configuration ..........236 Figure 166 Windows XP: Start Menu ....................237 Figure 167 Windows XP: Control Panel ....................237 ZyXEL NWA-3100 User’s Guide...
  • Page 23 Figure 197 WEP Configuration File Example ..................278 Figure 198 802.1X Configuration File Example ..................279 Figure 199 WPA-PSK Configuration File Example ................279 Figure 200 WPA Configuration File Example ..................280 Figure 201 wlan Configuration File Example ..................281 ZyXEL NWA-3100 User’s Guide...
  • Page 24 List of Figures ZyXEL NWA-3100 User’s Guide...
  • Page 25: List Of Tables

    Table 34 IP Setup ..........................114 Table 35 ROGUE AP > Configuration ....................120 Table 36 ROGUE AP > Friendly AP ....................121 Table 37 ROGUE AP > Rogue AP ....................... 122 Table 38 Remote Management Overview ................... 123 ZyXEL NWA-3100 User’s Guide...
  • Page 26 Table 78 General Commands for Third Party TFTP Clients ............... 208 Table 79 Brute-Force Password Guessing Protection Commands ............. 218 Table 80 System Maintenance: Time and Date Setting ............... 219 Table 81 Menu 24.11 Remote Management Control ................221 ZyXEL NWA-3100 User’s Guide...
  • Page 27 Table 104 Manual Configuration ......................276 Table 105 Configuration via SNMP ...................... 276 Table 106 Displaying the File Version ....................277 Table 107 Displaying the File Version ....................277 Table 108 Displaying the Auto Configuration Status ................278 ZyXEL NWA-3100 User’s Guide...
  • Page 28 List of Tables ZyXEL NWA-3100 User’s Guide...
  • Page 29: Introduction

    Introduction Introducing the ZyXEL Device (31) Introducing the Web Configurator (39) Tutorial (43)
  • Page 31: Introducing The Zyxel Device

    1.2.1 Access Point The ZyXEL Device is an ideal access solution for wireless Internet connection. A typical Internet access application for your ZyXEL Device is shown as follows. Stations A, B and C can access the wired network through the ZyXEL Devices.
  • Page 32: Ap + Bridge

    Figure 1 Access Point Application 1.2.2 AP + Bridge In AP+Bridge mode, the ZyXEL Device supports both AP and bridge connection at the same time. In the figure below, A and B use X as an AP to access the wired network, while X and Y communicate in bridge mode.
  • Page 33: Bridge / Repeater

    The ZyXEL Device can act as a wireless network bridge and establish wireless links with other APs. In the figure below, the two ZyXEL Devices (A and B) are connected to independent wired networks and have a bridge connection (A can communicate with B) at the same time.
  • Page 34: Figure 3 Bridge Application

    Chapter 1 Introducing the ZyXEL Device Figure 3 Bridge Application Figure 4 Repeater Application ZyXEL NWA-3100 User’s Guide...
  • Page 35: Mbssid

    An SSID (Service Set IDentifier) is the name of a BSS. In MBSSID (Multiple BSS) mode, the ZyXEL Device provides multiple virtual APs, each forming its own BSS and using its own individual SSID profile.
  • Page 36: Pre-Configured Ssid Profiles

    User’s Guide. 1.4 Good Habits for Managing the ZyXEL Device Do the following things regularly to make the ZyXEL Device more secure and to manage it more effectively. • Change the password often. Use a password that’s not easy to guess and that consists of different types of characters, such as numbers and letters.
  • Page 37: Leds

    Flashing The ZyXEL Device is starting up. Either • The ZyXEL Device is in Access Point or MBSSID mode and is functioning normally. • The ZyXEL Device is in AP+Bridge or Bridge/ Repeater mode and has not established a Wireless Distribution System (WDS) connection.
  • Page 38 Section 5.6.1 on page 74 for how to enable the ZyAIR LED. ETHN Green The ZyXEL Device has a 10 Mbps Ethernet connection. Blinking The ZyXEL Device has a 10 Mbps Ethernet connection and is sending or receiving data. Yellow The ZyXEL Device has a 100 Mbps Ethernet connection.
  • Page 39: Introducing The Web Configurator

    H A P T E R Introducing the Web Configurator This chapter describes how to access the ZyXEL Device’s web configurator and provides an overview of its screens. 2.1 Accessing the Web Configurator 1 Make sure your hardware is properly connected and prepare your computer or computer network to connect to the ZyXEL Device (refer to the Quick Start Guide).
  • Page 40: Resetting The Zyxel Device

    Chapter 2 Introducing the Web Configurator Figure 7 Change Password Screen 6 Click Apply in the Replace Certificate screen to create a certificate using your ZyXEL Device’s MAC address that will be specific to this device. Figure 8 Replace Certificate Screen You should now see the MAIN MENU screen.
  • Page 41: Methods Of Restoring Factory-Defaults

    Use the web configurator to restore defaults (refer to Chapter 15 on page 175). Transfer the configuration file to your ZyXEL Device using FTP. See the section on SMT configuration for more information. 2.3 Navigating the Web Configurator The following summarizes how to navigate the web configurator from the MAIN MENU screen.
  • Page 42 ), LOGS (View Logs and Log Settings) and VLAN (Wireless VLAN and RADIUS Trusted CAs VLAN). Click MAINTENANCE to view information about your ZyXEL Device or upgrade configuration and firmware files. Maintenance features include Status (Statistics), Association List, Channel Usage, F/W (firmware) Upload, Configuration (Backup, Restore and Default) and Restart.
  • Page 43: Tutorial

    3.1 How to Configure Multiple Wireless Networks In this example, you have been using your ZyXEL Device as an access point for your office network (See your Quick Start Guide for information on how to set up your ZyXEL Device in Access Point mode).
  • Page 44: Change The Operating Mode

    Log in to the ZyXEL Device (see Section 2.1 on page 39). Click WIRELESS > Wireless. The Wireless screen appears. In this example, the ZyXEL Device is set to Access Point operating mode, and is currently using the SSID04 profile. ZyXEL NWA-3100 User’s Guide...
  • Page 45: Figure 11 Tutorial: Wireless Lan: Before

    This Select SSID Profile table allows you to activate or deactivate SSID profiles. Your wireless network was previously using the SSID04 profile, so select SSID04 in one of the Profile list boxes (number 3 in this example). ZyXEL NWA-3100 User’s Guide...
  • Page 46: Configure The Voip Network

    VoIP_SSID and Guest_SSID profiles you will need to set different security profiles. Figure 13 Tutorial: WIRELESS > SSID The Voice over IP (VoIP) network will use the pre-configured SSID profile, so select VoIP_SSID’s radio button and click Edit. The following screen displays. ZyXEL NWA-3100 User’s Guide...
  • Page 47: Set Up Security For The Voip Profile

    • Leave all the other fields at their defaults and click Apply. 3.1.2.1 Set Up Security for the VoIP Profile Now you need to configure the security settings to use on the VoIP wireless network. Click the Security tab. ZyXEL NWA-3100 User’s Guide...
  • Page 48: Figure 15 Tutorial: Voip Security

    PSK in the Security Mode field. WPA2-PSK provides strong security that anyone with a compatible wireless client can use, once they know the pre-shared key (PSK). Enter the PSK you want to use in your network in the Pre Shared Key field. In this example, the PSK is “ThisismyWPA2-PSKpre-sharedkey”. ZyXEL NWA-3100 User’s Guide...
  • Page 49: Activate The Voip Profile

    105), and “intra-BSS traffic blocking” means that the client cannot access other clients on the same wireless network (see Section 5.1.1 on page 67). Click WIRELESS > SSID. Select Guest_SSID’s entry in the list and click Edit. The following screen appears. ZyXEL NWA-3100 User’s Guide...
  • Page 50: Set Up Security For The Guest Profile

    You already chose to use the security03 profile for this network, so select security03’s entry in the list and click Edit. The following screen appears. Figure 20 Tutorial: Guest Security Profile Edit • Change the Name field to “Guest_Security” to make it easier to remember and identify. ZyXEL NWA-3100 User’s Guide...
  • Page 51: Set Up Layer 2 Isolation

    3.1.3.3 Activate the Guest Profile You need to activate the Guest_SSID profile before it can be used. Click the Wireless tab. In the Select SSID Profile table, select the check box for the Guest_SSID profile and click Apply. ZyXEL NWA-3100 User’s Guide...
  • Page 52: Testing The Wireless Networks

    Device. A rogue AP is a wireless access point operating in a network’s coverage area that is not a sanctioned part of that network. The example also shows how to set the ZyXEL Device to send out e-mail alerts whenever it detects a rogue wireless access point. See...
  • Page 53: Figure 24 Tutorial: Wireless Network Example

    Your wireless network operates in an office building. It consists of four access points (all ZyXEL Devices) and a variable number of wireless clients. You also know that the coffee shop on the ground floor has a wireless network consisting of a single access point, which can be detected and accessed from your floor of the building.
  • Page 54: Set Up And Save A Friendly Ap List

    UNKNOWN AF:AF:AF:FA:FA:FA The ZyXEL Device can detect the MAC addresses of APs automatically. However, it is more secure to obtain the correct MAC addresses from another source and add them to the friendly AP list manually, if possible. For example, an attacker’s AP mimicking the correct SSID could be placed on the friendly AP...
  • Page 55: Figure 26 Tutorial: Friendly Ap (After Data Entry)

    3 Next, you will save the list of friendly APs in order to provide a backup and upload it to your other access points. Click the Configuration tab.The following screen appears. Figure 27 Tutorial: Configuration 4 Click Export. If a window similar to the following appears, click Save. ZyXEL NWA-3100 User’s Guide...
  • Page 56: Activate Periodic Rogue Ap Detection

    Figure 29 Tutorial: Save Friendly AP list 3.2.2 Activate Periodic Rogue AP Detection Take the following steps to activate rogue AP detection on the first of your ZyXEL Devices. 1 In the ROGUE AP > Configuration screen, select Yes from the Activate Rogue AP Period Detection field.
  • Page 57: Set Up E-Mail Logs

    Chapter 3 Tutorial 2 In the Period (min.) field, enter how often you want the ZyXEL Device to scan for rogue APs. You can have the ZyXEL Device scan anywhere from once every ten minutes to once every hour. In this example, enter “10”.
  • Page 58: Configure Your Other Access Points

    AP alert, email alerts are correctly configured on that ZyXEL Device. • If you have another access point that is not used in your network, make a note of its MAC address and set it up next to each of your ZyXEL Devices in turn while the network is running.
  • Page 59 Chapter 3 Tutorial • Check your e-mail. You should have received at least one e-mail alert (your other ZyXEL Devices may also have sent alerts, depending on their proximity and the output power of your “rogue” AP). ZyXEL NWA-3100 User’s Guide...
  • Page 60 Chapter 3 Tutorial ZyXEL NWA-3100 User’s Guide...
  • Page 61: The Web Configurator

    The Web Configurator System Screens (63) Wireless Configuration (67) Wireless Security Configuration (81) MBSSID and SSID (97) Other Wireless Configuration (105) IP Screen (113) Rogue AP (117) Remote Management (123) Certificates (133) Log Screens (151) VLAN (157) Maintenance (175)
  • Page 63: System Screens

    DESCRIPTION General Setup System Name Type a descriptive name to identify the ZyXEL Device in the Ethernet network. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes "-" and underscores "_" are accepted.
  • Page 64: Configuring Password

    It is strongly recommended that you change your ZyXEL Device’s password. Click SYSTEM > Password. The screen appears as shown. If you forget your ZyXEL Device’s password (or IP address), you will need to reset the device. See the section on resetting the ZyXEL Device for details Figure 33 Password.
  • Page 65: Configuring Time Setting

    4.4 Configuring Time Setting To change your ZyXEL Device’s time and date, click SYSTEM > Time Setting. The screen appears as shown. Use this screen to configure the ZyXEL Device’s time based on your local time zone. Figure 34 Time Setting The following table describes the labels in this screen.
  • Page 66 End Date (mm-dd) Enter the month and day that your daylight-savings time ends on if you selected Daylight Savings. Apply Click Apply to save your changes. Reset Click Reset to reload the previous configuration for this screen. ZyXEL NWA-3100 User’s Guide...
  • Page 67: Wireless Configuration

    H A P T E R Wireless Configuration This chapter discusses how to configure the Wireless screens on the ZyXEL Device. 5.1 Wireless LAN Overview This section introduces the wireless LAN (WLAN) and some basic scenarios. 5.1.1 BSS A Basic Service Set (BSS) exists when all communications between wireless stations or between a wireless station and a wired network client go through one access point (AP).
  • Page 68: Ess

    See the Wireless LANs Appendix for information on the following: • Wireless LAN Topologies • Channel • RTS/CTS • Fragmentation Threshold • IEEE 802.1x • RADIUS • Types of Authentication • WPA • Security Parameters Summary ZyXEL NWA-3100 User’s Guide...
  • Page 69: Quality Of Service

    The ZyXEL Device uses WMM QoS to prioritize traffic streams according to the VLAN or DSCP information in each packet’s header. The ZyXEL Device automatically determines the priority to use for an individual traffic stream.
  • Page 70: Atc+Wmm

    WMM QoS settings. 5.3.3 ATC+WMM The ZyXEL Device can use a mapping mechanism to use both ATC and WMM QoS. The ATC+WMM function prioritizes all packets transmitted onto the wireless network using WMM QoS, and prioritizes all packets transmitted onto the wired network using ATC. See Section 7.2.2 on page 101...
  • Page 71: Atc+Wmm From Wlan To Lan

    Network traffic can be classified by setting the ToS (Type Of Service) values at the data source (for example, at the ZyXEL Device) so a server can decide the best method of delivery, that is the least cost, fastest route and so on.
  • Page 72: Tos (Type Of Service) And Wmm Qos

    DSCP value in order to make the best use of WMM QoS. A Voice over IP (VoIP) device for example may allow you to define the DSCP value. The following table lists which WMM QoS priority level the ZyXEL Device uses for specific DSCP values.
  • Page 73: Stp Terminology

    Table 15 STP Port States PORT STATES DESCRIPTIONS Disabled STP is disabled (default). Blocking Only configuration and management BPDUs are received and processed. ZyXEL NWA-3100 User’s Guide...
  • Page 74: Wireless Screen Overview

    5.5 Wireless Screen Overview The following is a list of the screens you can configure on the ZyXEL Device. 1 Configure the ZyXEL Device to operate in AP, AP+Bridge, Bridge/Repeater or MBSSID mode in the Wireless screen. You can also select an SSID Profile in the Wireless screen.
  • Page 75: Figure 38 Wireless: Access Point

    256 and 2346. Output Power Set the output power of the ZyXEL Device in this field. If there is a high density of APs in an area, decrease the output power of the ZyXEL Device to reduce interference with other APs. Select one of the following 100%(Full Power), 50%, 25%, 12.5% or Minimum.
  • Page 76: Bridge/Repeater Mode

    The blue ZyAIR LED is on when the ZyXEL Device is receiving power and blinks (or breathes) when data is being transmitted to and from its wireless stations. Clear the check box to turn this LED off even when the ZyXEL Device is on and data is being transmitted and received.
  • Page 77: Figure 39 Bridging Example

    Chapter 5 Wireless Configuration Figure 39 Bridging Example Be careful to avoid bridge loops when you enable bridging in the ZyXEL Device. Bridge loops cause broadcast traffic to circle the network endlessly, resulting in possible throughput degradation and disruption of communications. The following examples show two network topologies that can lead to this problem: •...
  • Page 78: Figure 41 Bridge Loop: Bridge Connected To Wired Lan

    Figure 41 Bridge Loop: Bridge Connected to Wired LAN To prevent bridge loops, ensure that you enable STP in the Wireless screen or your ZyXEL Device is not set to bridge mode while connected to both wired and wireless segments of the same LAN.
  • Page 79: Table 17 Wireless: Bridge/Repeater

    256 and 2346. Output Power Set the output power of the ZyXEL Device in this field. If there is a high density of APs in an area, decrease the output power of the ZyXEL Device to reduce interference with other APs. Select from 100% (Full Power), 50%, 25%, 12.5% and Minimum.
  • Page 80: Ap+Bridge Mode

    5.6.3 AP+Bridge Mode Select AP+Bridge as the Operating Mode in the WIRELESS > Wireless screen to have the ZyXEL Device function as a bridge and access point simultaneously. See the section on applications for more information. Figure 43 Wireless: AP+Bridge See the tables describing the fields in the Access Point and Bridge/Repeater operating modes for descriptions of the fields in this screen.
  • Page 81: Wireless Security Configuration

    (Allow Association) or exclude them from accessing the AP (Deny Association). 6.1.3 Hide Identity If you hide the SSID, then the ZyXEL Device cannot be seen when a wireless client scans for local APs. The trade-off for the extra security of “hiding” the ZyXEL Device may be inconvenience for some valid WLAN clients.
  • Page 82: Overview

    Chapter 6 Wireless Security Configuration Your ZyXEL Device allows you to configure up to four 64-bit, 128-bit or 152-bit WEP keys but only one key can be enabled at any one time. 6.2 802.1x Overview The IEEE 802.1x standard outlines enhanced security methods for both the authentication of wireless stations and encryption key management.
  • Page 83: User Authentication

    By generating unique data encryption keys for every data packet and by creating an integrity checking mechanism (MIC), TKIP makes it much more difficult to decode data on a Wi-Fi network than WEP, making it difficult for an intruder to break into the network. ZyXEL NWA-3100 User’s Guide...
  • Page 84: Wpa(2)-Psk Application Example

    3 The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients. ZyXEL NWA-3100 User’s Guide...
  • Page 85: Security Modes

    Select this to use either WPA2 or WPA depending on which security mode the wireless client uses. WPA2-PSK Select this to use WPA2 with a pre-shared key. WPA2-PSK-MIX Select this to use either WPA-PSK or WPA2-PSK depending on which security mode the wireless client uses. ZyXEL NWA-3100 User’s Guide...
  • Page 86: Wireless Client Wpa Supplicants

    Wi-Fi Protected Access (WPA) Most Secure WPA2 If you do not enable any wireless security on your ZyXEL Device, your network is accessible to any wireless networking device within range. 6.9 Configuring Security The following screens are configurable only in Access Point, AP+Bridge and MBSSID operating modes only.
  • Page 87: Security: Wep

    Chapter 6 Wireless Security Configuration To change your ZyXEL Device’s wireless security settings, click WIRELESS > Security. Figure 47 Security The following table describes the labels in this screen. Table 20 Security LABEL DESCRIPTION Index This is the index number of the security profile address.
  • Page 88: Security: 802.1X Only

    Select this option to enter hexadecimal characters as the WEP keys. The preceding “0x” is entered automatically. Key 1 to The WEP keys are used to encrypt data. Both the ZyXEL Device and the wireless stations must use the same WEP key for data transmission. Key 4 If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F").
  • Page 89: Security: 802.1X Static 64-Bit, 802.1X Static 128-Bit

    RADIUS server has priority. Idle Timeout The ZyXEL Device automatically disconnects a wireless station from the wireless network after a period of inactivity. The wireless station needs to send the username and password again before it can use the wireless network again. Some wireless clients may prompt users for a username and password;...
  • Page 90: Figure 50 Security: 802.1X Static 64-Bit, 802.1X Static 128-Bit

    Enter a time interval between 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes). Note: If wireless station authentication is done using a RADIUS server, the reauthentication timer on the RADIUS server has priority. ZyXEL NWA-3100 User’s Guide...
  • Page 91: Security: Wpa

    DESCRIPTION Idle Timeout The ZyXEL Device automatically disconnects a wireless station from the wireless network after a period of inactivity. The wireless station needs to send the username and password again before it can use the wireless network again. Some wireless clients may prompt users for a username and password;...
  • Page 92: Security: Wpa2 Or Wpa2-Mix

    DESCRIPTION Idle Timeout The ZyXEL Device automatically disconnects a wireless station from the wireless network after a period of inactivity. The wireless station needs to send the username and password again before it can use the wireless network again. Some wireless clients may prompt users for a username and password;...
  • Page 93: Security: Wpa-Psk, Wpa2-Psk, Wpa2-Psk-Mix

    RADIUS server has priority. Idle Timeout The ZyXEL Device automatically disconnects a wireless station from the wireless network after a period of inactivity. The wireless station needs to send the username and password again before it can use the wireless network again.
  • Page 94: Figure 53 Security: Wpa-Psk, Wpa2-Psk Or Wpa2-Psk-Mix

    RADIUS server has priority. Idle Timeout The ZyXEL Device automatically disconnects a wireless station from the wireless network after a period of inactivity. The wireless station needs to send the username and password again before it can use the wireless network again.
  • Page 95: Introduction To Radius

    These profiles can be assigned to an SSID profile in the SSID configuration screen To set up your ZyXEL Device’s RADIUS server settings, click WIRELESS > RADIUS. The screen appears as shown. Figure 54 RADIUS The following table describes the labels in this screen.
  • Page 96 Backup If the ZyXEL Device cannot communicate with the Primary accounting server, you can have the ZyXEL Device use a Backup RADIUS server. Make sure the Active check boxes are selected if you want to use backup servers. The ZyXEL Device will attempt to communicate three times before using the Backup servers.
  • Page 97: Mbssid And Ssid

    H A P T E R MBSSID and SSID This chapter describes how to configure and use your ZyXEL Device’s MBSSID mode and configure SSID profiles. 7.1 Wireless LAN Infrastructures See the Wireless LAN chapter for some basic WLAN scenarios and terminology.
  • Page 98: Configuring Multiple Bsss

    Figure 55 Multiple BSS with VLAN Example 7.1.5 Configuring Multiple BSSs Click WIRELESS > Wireless and select MBSSID in the Operating Mode drop-down list box to display the screen as shown. Figure 56 Wireless: Multiple BSS ZyXEL NWA-3100 User’s Guide...
  • Page 99: Table 28 Wireless: Multiple Bss

    256 and 2346. Output Power Set the output power of the ZyXEL Device in this field. If there is a high density of APs in an area, decrease the output power to reduce interference with other APs. Select one of the following 100%(Full Power), 50%, 25%, 12.5% or Minimum.
  • Page 100: Ssid

    The blue ZyAIR LED is on when the ZyXEL Device is on and blinks (or breathes) when data is being transmitted to/from its wireless stations. Clear the check box to turn this LED off even when the ZyXEL Device is on and data is being transmitted/received.
  • Page 101: Configuring Ssid

    Index This field displays the index number of each SSID profile. Name This field displays the identification name of each SSID profile on the ZyXEL Device. SSID This field displays the name of the wireless profile on the network. When a wireless client scans for an AP to associate with, this is the name that is broadcast and seen in the wireless client utility.
  • Page 102: Figure 58 Configuring Ssid

    Hide Name (SSID) Select Disable if you want the ZyXEL Device to broadcast this SSID (a wireless client scanning for an AP will find this SSID). Alternatively, select Enable to have the ZyXEL Device hide this SSID (a wireless client scanning for an AP will not find this SSID).
  • Page 103 WMM_BACKGROUND, the ZyXEL Device applies that QoS setting to all of that SSID’s traffic. • If you select NONE, the ZyXEL Device applies no priority to traffic on this SSID. Note: When you configure an SSID profile’s QoS settings, the ZyXEL Device applies the same QoS setting to all of the profile’s traffic.
  • Page 104 Chapter 7 MBSSID and SSID ZyXEL NWA-3100 User’s Guide...
  • Page 105: Other Wireless Configuration

    APs, computers or routers in a network. In the following example, layer-2 isolation is enabled on the ZyXEL Device (Z, in the figure) to allow a guest wireless client (A) to access the main network router (B), the router providing Internet access (C), and the network printer (D) while preventing the client from accessing other computers and servers on the network.
  • Page 106: Configuring Layer-2 Isolation

    8.2 Configuring Layer-2 Isolation If layer-2 isolation is enabled, you need to know the MAC address of the wireless client, AP, computer or router that you want to allow to communicate with the ZyXEL Device's wireless clients. To configure layer-2 isolation, click WIRELESS > Layer-2 Isolation. The screen appears as shown next.
  • Page 107: Layer-2 Isolation Examples

    Reset Click Reset to begin configuring this screen afresh. 8.2.1 Layer-2 Isolation Examples The following section shows you example layer-2 isolation configurations on the ZyXEL Device (A). When configuring, remember to enable layer-2 isolation in the WIRELESS > SSID > Edit screen of the relevant SSID profile.
  • Page 108: Layer-2 Isolation Example 1

    In the following example wireless clients 1 and 2 can communicate with B and C but not 3. • Configure more than one MAC address. Enter the server’s and your ZyXEL Device’s MAC addresses in the Allow devices with these MAC addresses fields.
  • Page 109: Configuring Mac Filter

    Figure 63 Layer-2 Isolation Example 2 8.3 Configuring MAC Filter The MAC filter screen allows you to configure the ZyXEL Device to give exclusive access to up to 32 devices (Allow Association) or exclude up to 32 devices from accessing the ZyXEL Device (Deny Association).
  • Page 110: Figure 64 Mac Address Filter

    Select Allow Association to permit access to the router. MAC addresses not listed will be denied access to the router. MAC Address Enter the MAC addresses (in XX:XX:XX:XX:XX:XX format) of the wireless station to be allowed or denied access to the ZyXEL Device. Apply Click Apply to save your changes. Reset Click Reset to begin configuring this screen afresh.
  • Page 111: Configuring Roaming

    (bridge tables are updated) and maximum AP efficiency. The AP deletes records of wireless stations that associate with other APs (Non-ZyXEL APs may not be able to perform this). 802.1x authentication information is not exchanged (at the time of writing).
  • Page 112: Requirements For Roaming

    5 The access points must be connected to the Ethernet and be able to get IP addresses from a DHCP server if using dynamic IP address assignment. To enable roaming on your ZyXEL Device, click WIRELESS > Wireless. The screen appears as shown.
  • Page 113: Ip Screen

    IP Screen This chapter discusses how to configure IP on the ZyXEL Device. 9.1 Factory Ethernet Defaults The Ethernet parameters of the ZyXEL Device are preset in the factory with the following values: 1 IP address of 192.168.1.2 2 Subnet mask of 255.255.255.0 (24 bits) These parameters should work for the majority of installations.
  • Page 114: Configuring Ip

    ZyXEL Device (by the DHCP server) to access the ZyXEL Device again. Use fixed IP address Select this option if your ZyXEL Device is using a static IP address. When you select this option, fill in the fields below. IP Address Enter the IP address of your ZyXEL Device in dotted decimal notation.
  • Page 115 Chapter 9 IP Screen Table 34 IP Setup LABEL DESCRIPTION Apply Click Apply to save your changes. Reset Click Reset to begin configuring this screen afresh. ZyXEL NWA-3100 User’s Guide...
  • Page 116 Chapter 9 IP Screen ZyXEL NWA-3100 User’s Guide...
  • Page 117: Rogue Ap

    H A P T E R Rogue AP This chapter discusses rogue wireless access points (APs) and how to configure the ZyXEL Device’s rogue AP detection feature. 10.1 Rogue AP Introduction A rogue AP is a wireless access point operating in a network’s coverage area that is not a sanctioned part of that network.
  • Page 118: Honeypot" Attack

    This scenario can also be part of a wireless denial of service (DoS) attack, in which associated wireless clients are deprived of network access. Other opportunities for the attacker include the introduction of malware (malicious software) into the network. ZyXEL NWA-3100 User’s Guide...
  • Page 119: Configuring Rogue Ap Detection

    You can choose to scan for rogue APs manually, or to have the ZyXEL Device scan automatically at pre-defined intervals. You can also set the ZyXEL Device to email you immediately when a rogue AP is detected (see Chapter 13 on page 151 for information on how to set up email logs).
  • Page 120: Rogue Ap: Friendly Ap

    Select No to turn rogue AP detection off. Period (min.) Enter the period you want the ZyXEL Device to wait between scanning for rogue APs (between 10 and 60 minutes). You must also select Yes in the Active Rogue AP Period Detection field.
  • Page 121: Rogue Ap List

    Device’s coverage area, except for the ZyXEL Device itself and the access points included in the friendly AP list (see Section 10.3.2 on page 120). You can set how often you want the ZyXEL Device to scan for rogue APs in the ROGUE AP > Configuration screen (see Section 10.3.1 on page 119).
  • Page 122: Figure 72 Rogue Ap > Rogue Ap

    Table 37 ROGUE AP > Rogue AP LABEL DESCRIPTION Rogue AP List This displays details of access points in the ZyXEL Device’s coverage area that are not listed in the friendly AP list (see Section 10.3.2 on page 120) Refresh Click this button to have the ZyXEL Device scan for rogue APs.
  • Page 123: Remote Management

    To disable remote management of a service, select Disable in the corresponding Server Access field. You may only have one remote management session running at a time. The ZyXEL Device automatically disconnects a remote management session of lower priority when another remote management session of higher priority starts.
  • Page 124: Remote Management Limitations

    SSH is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network. In the following figure, computer A on the Internet uses SSH to securely connect to the ZyXEL Device for a management session.
  • Page 125: Configuring Ftp

    ZyXEL Device using this service. Address Select All to allow any computer to access the ZyXEL Device using this service. Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service.
  • Page 126: Configuring Www

    To change your ZyXEL Device’s World Wide Web settings, click REMOTE MGNT > WWW. You can set the ZyXEL Device to use HTTP or HTTPS (HTTPS adds security) for web configurator sessions. Specify which interfaces allow web configurator access and from which IP address the access can come.
  • Page 127: Figure 77 Remote Management: Www

    ZyXEL Device by sending the ZyXEL Device a certificate. To do that the SSL client must have a CA-signed certificate from a CA that has been imported as a trusted CA on the ZyXEL Device (see the appendix on importing certificates for details).
  • Page 128: Snmp

    Address ZyXEL Device using this service. Select All to allow any computer to access the ZyXEL Device using this service. Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service.
  • Page 129: Supported Mibs

    • Trap - Used by the agent to inform the manager of some events. 11.6.1 Supported MIBs The ZyXEL Device supports MIB II that is defined in RFC-1213 and RFC-1215 as well as the proprietary ZyXEL private MIB. The purpose of the MIBs is to let administrators collect statistical data and monitor status and performance.
  • Page 130: Snmp Traps

    Table 43 SNMP Interface Index to Physical Port Mapping INTERFACE TYPE PHYSICAL PORT enet0 WLAN enet1 Ethernet port 11.7.1 Configuring SNMP To change your ZyXEL Device’s SNMP settings, click REMOTE MGMT > SNMP. The screen appears as shown. ZyXEL NWA-3100 User’s Guide...
  • Page 131: Figure 79 Remote Management: Snmp

    Address ZyXEL Device using this service. Select All to allow any computer to access the ZyXEL Device using this service. Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service.
  • Page 132 Chapter 11 Remote Management ZyXEL NWA-3100 User’s Guide...
  • Page 133: Certificates

    A certification path is the hierarchy of certification authority certificates that validate a certificate. The ZyXEL Device does not trust a certificate if any certificate on its path has expired or been revoked.
  • Page 134: Advantages Of Certificates

    12.2 Self-signed Certificates You can have the ZyXEL Device act as a certification authority and sign its own certificates. 12.3 Verifying a Certificate Before you import a trusted CA certificate into the ZyXEL Device, you should verify that you have the actual certificate.
  • Page 135: Configuration Summary

    Use the My Certificate screens to generate and export self-signed certificates or certification requests and import the ZyXEL Devices’ CA-signed certificates. Use the Trusted CA screens to save CA certificates to the ZyXEL Device. 12.5 My Certificates Click CERTIFICATES > My Certificates to open the ZyXEL Device’s summary list of certificates and certification requests.
  • Page 136: Figure 82 My Certificates

    LABEL DESCRIPTION PKI Storage This bar displays the percentage of the ZyXEL Device’s PKI storage space that is Space in Use currently in use. When you are using 80% or less of the storage space, the bar is green. When the amount of space used is over 80%, the bar is red. When the bar is red, you should consider deleting expired or unnecessary certificates before adding more certificates.
  • Page 137: Certificate File Formats

    Note that subsequent certificates move up by one when you take this action Create Click Create to go to the screen where you can have the ZyXEL Device generate a certificate or a certification request. Import Click Import to open a screen where you can save the certificate that you have enrolled from a certification authority from your computer to the ZyXEL Device.
  • Page 138: Importing A Certificate

    Import screen. Follow the instructions in this screen to save an existing certificate to the ZyXEL Device. You can import only a certificate that matches a corresponding certification request that was generated by the ZyXEL Device. The certificate you import replaces the corresponding request in the My Certificates screen.
  • Page 139: Creating A Certificate

    Click CERTIFICATES > My Certificates and then Create to open the My Certificate Create screen. Use this screen to have the ZyXEL Device create a self-signed certificate, enroll a certificate with a certification authority or generate a certification request, see the following figure.
  • Page 140 Select Create a certification request and save it locally for later manual request and save it enrollment to have the ZyXEL Device generate and store a request for a locally for later certificate. Use the My Certificate Details screen to view the certification manual enrollment request and copy it to send to the certification authority.
  • Page 141: My Certificate Details

    In the case of a self-signed certificate, you can set it to be the one that the ZyXEL Device uses to sign the trusted remote host certificates that you import to the ZyXEL Device.
  • Page 142: Figure 85 My Certificate Details

    31 characters to identify this certificate. You may use any character (not including spaces). Property Select this check box to have the ZyXEL Device use this certificate to sign the Default self-signed trusted remote host certificates that you import to the ZyXEL Device. This check certificate which box is only available with self-signed certificates.
  • Page 143 If the certificate is a self-signed certificate, the certificate itself is the only one in the list. The ZyXEL Device does not trust the certificate and displays “Not trusted” in this field if any certificate on the path has expired or been revoked.
  • Page 144: Trusted Cas

    Click CERTIFICATES, Trusted CAs to open the Trusted CAs screen. This screen displays a summary list of certificates of the certification authorities that you have set the ZyXEL Device to accept as trusted. The ZyXEL Device accepts any valid certificate signed by a certification authority on this list as being trustworthy;...
  • Page 145: Importing A Trusted Ca's Certificate

    LABEL DESCRIPTION PKI Storage This bar displays the percentage of the ZyXEL Device’s PKI storage space that is Space in Use currently in use. When you are using 80% or less of the storage space, the bar is green. When the amount of space used is over 80%, the bar is red. When the bar is red, you should consider deleting expired or unnecessary certificates before adding more certificates.
  • Page 146: Trusted Ca Certificate Details

    Trusted CA Details screen. Use this screen to view in-depth information about the certification authority’s certificate, change the certificate’s name and set whether or not you want the ZyXEL Device to check a certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority.
  • Page 147: Figure 88 Trusted Ca Details

    31 characters to identify this key certificate. You may use any character (not including spaces). Property Select this check box to have the ZyXEL Device check incoming certificates that Check incoming are issued by this certification authority against a Certificate Revocation List certificates issued (CRL).
  • Page 148 Key Algorithm This field displays the type of algorithm that was used to generate the certificate’s key pair (the ZyXEL Device uses RSA encryption) and the length of the key set in bits (1024 bits for example). Subject Alternative This field displays the certificate’s owner‘s IP address (IP), domain name (DNS)
  • Page 149 Apply Click Apply to save your changes. You can only change the name and/or set whether or not you want the ZyXEL Device to check the CRL that the certification authority issues before trusting a certificate issued by the certification authority.
  • Page 150 Chapter 12 Certificates ZyXEL NWA-3100 User’s Guide...
  • Page 151: Log Screens

    13.1 Configuring View Log The web configurator allows you to look at all of the ZyXEL Device’s logs in one location. Click LOGS > View Log. Use the View Log screen to see the logs for the categories that you...
  • Page 152: Configuring Log Settings

    To change your ZyXEL Device’s log settings, click LOGS > Log Settings. The screen appears as shown. Use the Log Settings screen to configure to where and when the ZyXEL Device is to send the logs and which logs and/or immediate alerts it is to send.
  • Page 153: Table 53 Log Settings

    Select the categories of logs that you want to record. Send Immediate Select the categories of alerts for which you want the ZyXEL Device to Alert immediately send e-mail alerts. Apply Click Apply to save your customized settings and exit this screen.
  • Page 154: Example Log Messages

    Redirect Redirect datagrams for the Network Redirect datagrams for the Host Redirect datagrams for the Type of Service and Network Redirect datagrams for the Type of Service and Host ZyXEL NWA-3100 User’s Guide...
  • Page 155: Log Commands

    13.4.1 Configuring What You Want the ZyXEL Device to Log Use the sys logs load command to load the log setting buffer that allows you to configure which logs the ZyXEL Device is to record.
  • Page 156: Displaying Logs

    Use the sys logs clear command to erase all of the ZyXEL Device’s logs. 13.5 Log Command Example This example shows how to set the ZyXEL Device to record the error logs and alerts and then view the results. ras> sys logs load ras>...
  • Page 157: Vlan

    The Management VLAN ID identifies the “management VLAN”. A device must be a member of this “management VLAN” in order to access and manage the ZyXEL Device. If a device is not a member of this VLAN, then that device cannot manage the ZyXEL Device.
  • Page 158: Configuring Vlan

    The ZyXEL Device allows you to configure VLAN based on SSID profile (wireless VLAN), and / or based on your RADIUS server (RADIUS VLAN). • When you use wireless VLAN, the ZyXEL Device tags all packets from an SSID with the VLAN ID you set in the Wireless VLAN screen.
  • Page 159: Figure 91 Wireless Vlan

    Section 14.2.3 on page 161 for more information. VLAN Mapping Table Use this table to have the ZyXEL Device assign VLAN tags to packets from wireless clients based on the SSID they use to connect to the ZyXEL Device. Index This is the index number of the SSID profile.
  • Page 160: Radius Vlan

    Enter a VLAN ID number from 1 to 4094. Packets coming from the WLAN using this SSID profile are tagged with the VLAN ID number by the ZyXEL Device. Different SSID profiles can use the same or different VLAN IDs. This allows you to split wireless stations into groups using similar VLAN IDs.
  • Page 161: Configuring Management Vlan Example

    This section shows you how to create a VLAN on an Ethernet switch. By default, the port on the ZyXEL Device is a member of the management VLAN (VLAN ID 1). The following procedure shows you how to configure a tagged VLAN.
  • Page 162: Figure 93 Management Vlan Configuration Example

    5 Type a VLAN Group ID. This should be the same as the management VLAN ID on the ZyXEL Device. 6 Enable Tx Tagging on the port which you want to connect to the ZyXEL Device. Disable Tx Tagging on the port you are using to connect to your computer.
  • Page 163: Figure 96 Vlan-Aware Switch - Vlan Status

    Chapter 14 VLAN Figure 96 VLAN-Aware Switch - VLAN Status Follow the instructions in the Quick Start Guide to set up your ZyXEL Device for configuration. The ZyXEL Device should be connected to the VLAN-aware switch. In the above example, the switch is using port 1 to connect to your computer and port 2 to connect to...
  • Page 164: Configuring Microsoft's Ias Server Example

    ID (Name:string) is between 1 and 4094. 4c If a or b are not matched, the ZyXEL Device uses the VLAN ID configured in the WIRELESS VLAN screen and the wireless station. This VLAN ID is independent and hence different to the ID in the VLAN screen.
  • Page 165: Configuring Remote Access Policies

    For example, if the Day-And-Time Restriction policy is still present, it should be moved to the bottom or deleted to allow the VLAN Group policies to take precedence. ZyXEL NWA-3100 User’s Guide...
  • Page 166: Figure 100 New Remote Access Policy For Vlan Group

    4 The Select Groups window displays. Select a remote access policy and click the Add button. The policy is added to the field below. Only one VLAN Group should be associated with each policy. 5 Click OK and Next in the next few screens to accept the group value. ZyXEL NWA-3100 User’s Guide...
  • Page 167: Figure 102 Adding Vlan Group

    Extensible Authentication Protocol check box. • Select an EAP type depending on your authentication needs from the drop-down list box. • Clear the check boxes for all other authentication types listed below the drop-down list box. ZyXEL NWA-3100 User’s Guide...
  • Page 168: Figure 104 Authentication Tab Settings

    9 Click the IP tab and select the Client may request an IP address check box for DHCP support. 10 Click the Advanced tab. The current default parameters returned to the ZyXEL Device should be Service-Type and Framed-Protocol. • Click the Add button to add an additional three RADIUS VLAN attributes required for 802.1X Dynamic VLAN Assignment.
  • Page 169: Figure 106 Connection Attributes Screen

    • Click the Add button • Select Tunnel-Medium-Type • Click the Add button. Figure 107 RADIUS Attribute Screen 12 The Enumerable Attribute Information screen displays. Select the 802 value from the Attribute value drop-down list box. • Click OK. ZyXEL NWA-3100 User’s Guide...
  • Page 170: Figure 108 802 Attribute Setting For Tunnel-Medium-Type

    4094 or a Name for this policy. This Name should match a name in the VLAN mapping table on the ZyXEL Device. Wireless stations belonging to the VLAN Group specified in this policy will be given a VLAN ID specified in the ZyXEL Device VLAN table.
  • Page 171: Figure 110 Vlan Attribute Setting For Tunnel-Type

    Repeat the Configuring Remote Access Policies procedure for each VLAN Group defined in the Active Directory. Remember to place the most general Remote Access Policies at the bottom of the list and the most specific at the top of the list. ZyXEL NWA-3100 User’s Guide...
  • Page 172: Second Rx Vlan Id Example

    Rx VLAN ID configured, and the ZyXEL Device forwards only packets tagged with VLAN ID 2 to it. 14.2.5.1 Second Rx VLAN Setup Example The following steps show you how to setup a second Rx VLAN ID on the ZyXEL Device. 1 Log into the Web Configurator. 2 Click VLAN > Wireless VLAN.
  • Page 173: Figure 113 Configuring Ssid: Second Rx Vlan Id Example

    6 Click Apply to save these settings. Outgoing packets from clients in SSID03 are tagged with a VLAN ID of 3, and incoming packets with a VLAN ID of 3 or 4 are forwarded to SSID03. ZyXEL NWA-3100 User’s Guide...
  • Page 174 Chapter 14 VLAN ZyXEL NWA-3100 User’s Guide...
  • Page 175: Maintenance

    15.2 System Status Screen Click MAINTENANCE to open the System Status screen, where you can use to monitor your ZyXEL Device. Note that these labels are READ-ONLY and are meant to be used for diagnostic purposes. Figure 114 System Status The following table describes the labels in this screen.
  • Page 176: System Statistics

    This is the index number of the bridge connection. Active This shows whether the bridge connection is activated or not. Remote Bridge MAC This is the MAC address of the peer device in bridge mode. Address ZyXEL NWA-3100 User’s Guide...
  • Page 177: Association List

    Click this button to stop refreshing statistics. 15.3 Association List View the wireless stations that are currently associated with the ZyXEL Device in the Association List screen. Click MAINTENANCE and then the Association List tab to display the screen as shown next.
  • Page 178: Channel Usage

    Click Refresh to reload the screen. 15.5 F/W Upload Screen Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a "*.bin" extension, for example "NWA-3100.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot.
  • Page 179: Figure 118 Firmware Upload

    Click Upload to begin the upload process. This process may take up to two minutes. Do not turn off the ZyXEL Device while firmware upload is in progress! After you see the Firmware Upload in Process screen, wait two minutes before logging into the ZyXEL Device again.
  • Page 180: Configuration Screen

    15.6 Configuration Screen Chapter 22 on page 205 for information on how to transfer configuration files using FTP/ TFTP commands. Click MAINTENANCE > Configuration. Information related to factory defaults, backup configuration, and restoring configuration appears as shown next. ZyXEL NWA-3100 User’s Guide...
  • Page 181: Backup Configuration

    Backup configuration allows you to back up (save) the ZyXEL Device’s current configuration to a file on your computer. Once your ZyXEL Device is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes.
  • Page 182: Back To Factory Defaults

    If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default ZyXEL Device IP address (192.168.1.2). See your Quick Start Guide for details on how to set up your computer’s IP address.
  • Page 183: Restart Screen

    Chapter 15 Maintenance Figure 126 Reset Warning Message You can also press the RESET button to reset your ZyXEL Device to its factory default settings. Refer to Section 2.2 on page 40 for more information. 15.7 Restart Screen System restart allows you to reboot the ZyXEL Device without turning the power off.
  • Page 184 Chapter 15 Maintenance ZyXEL NWA-3100 User’s Guide...
  • Page 185: Smt And Troubleshooting

    SMT and Troubleshooting Introducing the SMT (187) General Setup (191) LAN Setup (193) SNMP Configuration (195) System Password (197) System Information and Diagnosis (199) Firmware and Configuration File Maintenance (205) System Maintenance and Information (217) Troubleshooting (223)
  • Page 187: Introducing The Smt

    Please note that if there is no activity for longer than five minutes (default timeout period) after you log in, your ZyXEL Device will automatically log you out. You will then have to telnet into the ZyXEL Device again. You can use the web configurator or the CI commands to change the inactivity time out period.
  • Page 188: Smt Menu Overview Example

    Note that as you type a password, the screen displays an asterisk “*” for each character you type. 16.3 SMT Menu Overview Example The following table gives you an overview of your ZyXEL Device’s various SMT menus. Table 67 SMT Menus Overview MENUS...
  • Page 189: Figure 130 Smt Main Menu

    [ENTER]. exit the SMT interface. After you enter the password, the SMT displays the main menu, as shown next. Figure 130 SMT Main Menu Copyright (c) 1994 - 2006 ZyXEL Communications Corp. NWA-3100 Main Menu Getting Started Advanced Management 1. General Setup 22.
  • Page 190: System Management Terminal Interface Summary

    Use this menu to set up SNMP related parameters. System Password Use this menu to change your password. System Maintenance This menu provides system status, diagnostics, software upload, etc. Exit Use this to exit the SMT. ZyXEL NWA-3100 User’s Guide...
  • Page 191: General Setup

    The Domain Name entry is what is propagated to the DHCP clients on the LAN. While you must enter the host name (System Name) on each individual computer, the domain name can be assigned from the ZyXEL Device via DHCP. 17.1.1 Procedure To Configure Menu 1 Enter 1 in the Main Menu to open Menu 1 –...
  • Page 192 User-Defined in the field above. ENTER When you have completed this menu, press [ ] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ ] at any time to cancel. ZyXEL NWA-3100 User’s Guide...
  • Page 193: Lan Setup

    H A P T E R LAN Setup This chapter shows you how to configure the LAN on your ZyXEL Device. 18.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 – LAN Setup. From the main menu, enter “3”...
  • Page 194: Table 71 Menu 3.2 Tcp/Ip Setup

    ZyXEL Device (by the DHCP server) to access the ZyXEL Device again. Select Static to give the ZyXEL Device a fixed, unique IP address. Enter a subnet mask appropriate to your network and the gateway IP address if applicable.
  • Page 195: Snmp Configuration

    Trusted Host If you enter a trusted host, your ZyXEL Device will only respond to SNMP messages from this address. A blank (default) field means your ZyXEL Device will respond to all SNMP messages it receives, regardless of source.
  • Page 196 Type the IP address of the station to send your SNMP traps to. When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen. ZyXEL NWA-3100 User’s Guide...
  • Page 197: System Password

    H A P T E R System Password This chapter describes how to configure the ZyXEL Device’s system password. 20.1 System Password You can configure the system password in this menu. Figure 135 Menu 23 System Password Menu 23 - System Password...
  • Page 198 Chapter 20 System Password ZyXEL NWA-3100 User’s Guide...
  • Page 199: System Information And Diagnosis

    The first selection, System Status gives you information on the status and statistics of the ports, as shown next. System Status is a tool that can be used to monitor your ZyXEL Device. Specifically, it gives you information on your Ethernet and Wireless LAN status, and the number of packets sent and received.
  • Page 200: System Information

    This shows the DHCP setting (None or Client) for the port. System Up Time This is the time the ZyXEL Device is up and running from the last reboot. ZyNOS F/W Version Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation.
  • Page 201: System Information

    1. System Information 2. Console Port Speed Please enter selection: The ZyXEL Device has an internal console port for support personnel only. Do not open the ZyXEL Device as it will void your warranty. 21.2.1 System Information Enter 1 in menu 24.2 to display the screen shown next.
  • Page 202: Console Port Speed

    Console Port Speed: 9600 Press ENTER to Confirm or ESC to Cancel: After you changed your ZyXEL Device’s console port speed, you must also make the same change to the console port speed parameter of your communication software. 21.3 Log and Trace Your ZyXEL Device provides error logs and trace records that are stored locally.
  • Page 203: Diagnostic

    3 Enter 1 from Menu 24.3 – System Maintenance – Log and Trace and press [ENTER] twice to display the error log in the system. After the ZyXEL Device finishes displaying the error log, you will have the option to clear it. Samples of typical error and information messages are presented in the next figure.
  • Page 204: Table 75 Menu 24.4 System Maintenance Menu: Diagnostic

    2 From this menu, type 4. Diagnostic to open Menu 24.4 – System Maintenance – Diagnostic. The following table describes the diagnostic tests available in menu 24.4 for your ZyXEL Device and the connections. Table 75 Menu 24.4 System Maintenance Menu: Diagnostic...
  • Page 205: Firmware And Configuration File Maintenance

    The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password and TCP/IP Setup, etc. It arrives from ZyXEL with a rom filename extension. Once you have customized the ZyXEL Device's settings, they can be saved back to your computer under a filename of your choosing.
  • Page 206: Backup Configuration

    The following table is a summary. Please note that the internal filename refers to the filename on the ZyXEL Device and the external filename refers to the filename not on the ZyXEL Device, that is, on your computer, local network or FTP site and so the name (but not the extension) will vary.
  • Page 207: Using The Ftp Command From The Dos Prompt

    4 Enter “root” and your SMT password as requested. The default is 1234. 5 Enter “bin” to set transfer mode to binary. 6 Use “get” to transfer files from the ZyXEL Device to the computer, for example, “get rom-0 config.rom” transfers the configuration file on the ZyXEL Device to your computer and renames it “config.rom”.
  • Page 208: Example: Tftp Command

    To use TFTP, your computer must have both telnet and TFTP clients. To backup the configuration file, follow the procedure shown next: 1 Use telnet from your computer to connect to the ZyXEL Device and log in. Because TFTP does not have any security checks, the ZyXEL Device records the IP address of the telnet client and accepts TFTP requests only from this address.
  • Page 209: Backup Via Console Port

    4 After a successful backup you will see the following screen. Press any key to return to the SMT menu. Figure 149 Successful Backup Confirmation Screen ** Backup Configuration completed. OK. ### Hit any key to continue.### ZyXEL NWA-3100 User’s Guide...
  • Page 210: Restore Configuration

    Menu 24.6 –- System Maintenance – Restore Configuration allows you to restore the configuration via FTP or TFTP to your ZyXEL Device. The preferred method is FTP. Note that this function erases the current configuration before restoring the previous backup configuration;...
  • Page 211: Firmware Upload

    FTP is the preferred method for uploading the firmware and configuration. To use this feature, your computer must have an FTP client. When you telnet into the ZyXEL Device, you will see the following screens for uploading firmware and the configuration file using FTP.
  • Page 212: Using The Ftp Command From The Dos Prompt Example

    4 Enter “root” and your SMT password as requested. The default is 1234. 5 Enter “bin” to set transfer mode to binary. 6 Use “put” to transfer files from the computer to the ZyXEL Device for example “put firmware.bin ras” transfers the firmware on your computer (firmware.bin) to the ZyXEL Device and renames it “ras”.
  • Page 213: Tftp File Upload

    1 Use telnet from your computer to connect to the ZyXEL Device and log in. Because TFTP does not have any security checks, the ZyXEL Device records the IP address of the telnet client and accepts TFTP requests only from this address.
  • Page 214: Uploading Firmware File Via Console Port

    Chapter 22 Firmware and Configuration File Maintenance The ZyXEL Device has an internal console port for support personnel only. Do not open the ZyXEL Device as it will void your warranty. 22.4.7 Uploading Firmware File Via Console Port Select 1 from Menu 24.7 – System Maintenance – Upload Firmware to display Menu 24.7.1 –...
  • Page 215: Uploading Configuration File Via Console Port

    Follow the procedure as shown previously for the HyperTerminal program. The procedure for other serial communications programs should be similar. 3 Enter “atgo” to restart the ZyXEL Device. 22.4.10 Example Xmodem Configuration Upload Using HyperTerminal Click Transfer, then Send File to display the following screen.
  • Page 216 Chapter 22 Firmware and Configuration File Maintenance After the configuration upload process has completed, restart the ZyXEL Device by entering “atgo”. ZyXEL NWA-3100 User’s Guide...
  • Page 217: System Maintenance And Information

    Enter the CI from the SMT by selecting menu 24.8. See the included disk or the zyxel.com web site for more detailed information on CI commands. Enter 8 from Menu 24 – System Maintenance. A list of valid commands can be found by typing help or ? at the command prompt.
  • Page 218: Command Syntax

    Chapter 23 System Maintenance and Information Figure 160 Valid CI Commands Copyright (c) 1994 - 2005 ZyXEL Communications Corp. NWA-3100> ? Valid commands are: exit device ether config wlan bridge hdap certificates radius 8021x wcfg rogueAP NWA-3100> 23.1.1 Command Syntax •...
  • Page 219: Time And Date Setting

    23.2 Time and Date Setting The ZyXEL Device keeps track of the time and date. There is also a software mechanism to set the time manually or get the current time and date from an external server when you turn on your ZyXEL Device.
  • Page 220: Resetting The Time

    The ZyXEL Device resets the time in three instances: 1 On leaving menu 24.10 after making changes. 2 When the ZyXEL Device starts up, if there is a timeserver configured in menu 24.10. 3 24-hour intervals after starting. 23.3 Remote Management Setup 23.3.1 Telnet...
  • Page 221: Figure 162 Menu 24.11 Remote Management Control

    LAN only, WAN only, All or Disable. The default is LAN only. Secured Client IP The default 0.0.0.0 allows any client to use this service to remotely manage the ZyXEL Device. Enter an IP address to restrict access to a client with a matching IP address. Certificate This field displays the name used to identify this certificate.
  • Page 222: Remote Management Limitations

    There is a system timeout of five minutes (300 seconds) for Telnet/web/FTP connections. Your ZyXEL Device will automatically log you out if you do nothing in this timeout period, except when it is continuously updating the status in menu 24.1 or when sys stdio has been changed on the command line.
  • Page 223: Troubleshooting

    1 Make sure you are using the power adaptor or cord included with the ZyXEL Device. 2 Make sure the power adaptor or cord is connected to the ZyXEL Device and plugged in to an appropriate power source. Make sure the power source is turned on.
  • Page 224 Section 24.1 on page 223. 4 Make sure your computer is in the same subnet as the ZyXEL Device. (If you know that there are routers between your computer and the ZyXEL Device, skip this step.) • If there is no DHCP server on your network, make sure your computer’s IP address is in the same subnet as the ZyXEL Device.
  • Page 225: Internet Access

    2 You cannot log in to the web configurator while someone is using the SMT or Telnet to access the ZyXEL Device. Log out of the ZyXEL Device in the other session, or ask the person who is logged in to log out.
  • Page 226 Internet, especially peer-to-peer applications. 2 Check the signal strength. If the signal is weak, try moving the ZyXEL Device closer to the AP (if possible), and look around to see if there are any devices that might be interfering with the wireless network (microwaves, other wireless networks, and so on).
  • Page 227: Appendices And Index

    Appendices and Index Product Specifications (229) Setting up Your Computer’s IP Address (233) IP Address Assignment Conflicts (245) Wireless LANs (249) Indoor Installation Recommendations (259) Pop-up Windows, JavaScripts and Java Permissions (261) IP Addresses and Subnetting (267) Text File Based Auto Configuration (275) Legal Information (283) Customer Support (287) Index (291)
  • Page 229: Appendix A Product Specifications

    APs, computers or routers in a network. Multiple BSSID (MBSSID) MBSSID mode allows the ZyXEL Device to operate up to 8 different wireless networks (BSSs) simultaneously, each with independently- configurable wireless and security settings. Rogue AP detection Rogue AP detection detects and logs unknown access points (APs) operating in the area.
  • Page 230: Table 84 Power Over Ethernet Injector Specifications

    MAC addresses. Wireless Association List With the wireless association list, you can see the list of the wireless stations that are currently using the ZyXEL Device to access your wired network. Logging and Tracing Built-in message logging and packet tracing.
  • Page 231: Table 85 Power Over Ethernet Injector Rj-45 Port Pin Assignments

    Table 89 Australia and New Zealand Plug Standards AC Power Adaptor Model MU18-2120150-A3 Input Power 100~240 Volts AC, 50~60 Hz, 0.6 A Output Power 12 Volts DC, 1.5 A Power Consumption 18 W Max Safety Standards EN 60950:2000 ZyXEL NWA-3100 User’s Guide...
  • Page 232 Appendix A Product Specifications ZyXEL NWA-3100 User’s Guide...
  • Page 233: Appendix B Setting Up Your Computer's Ip Address

    After the appropriate TCP/IP components are installed, configure the TCP/IP settings in order to "communicate" with your network. If you manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the ZyXEL Device’s LAN port. Windows 95/98/Me...
  • Page 234: Figure 163 Windows 95/98/Me: Network: Configuration

    2 Select Client and then click Add. 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. ZyXEL NWA-3100 User’s Guide...
  • Page 235: Figure 164 Windows 95/98/Me: Tcp/Ip Properties: Ip Address

    • If you do not know your DNS information, select Disable DNS. • If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in). ZyXEL NWA-3100 User’s Guide...
  • Page 236: Figure 165 Windows 95/98/Me: Tcp/Ip Properties: Dns Configuration

    5 Click OK to save and close the TCP/IP Properties window. 6 Click OK to close the Network window. Insert the Windows CD if prompted. 7 Turn on your ZyXEL Device and restart your computer when prompted. Verifying Settings 1 Click Start and then Run.
  • Page 237: Figure 166 Windows Xp: Start Menu

    Figure 166 Windows XP: Start Menu 2 For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Figure 167 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. ZyXEL NWA-3100 User’s Guide...
  • Page 238: Figure 168 Windows Xp: Control Panel: Network Connections: Properties

    • If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. Click Advanced. ZyXEL NWA-3100 User’s Guide...
  • Page 239: Figure 170 Windows Xp: Advanced Tcp/Ip Settings

    • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. ZyXEL NWA-3100 User’s Guide...
  • Page 240: Figure 171 Windows Xp: Internet Protocol (Tcp/Ip) Properties

    8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click OK to close the Local Area Connection Properties window. 10 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings 1 Click Start, All Programs, Accessories and then Command Prompt.
  • Page 241: Figure 172 Macintosh Os 8/9: Apple Menu

    2 Select Ethernet built-in from the Connect via list. Figure 173 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: • From the Configure box, select Manually. ZyXEL NWA-3100 User’s Guide...
  • Page 242: Figure 174 Macintosh Os X: Apple Menu

    • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. 5 Close the TCP/IP Control Panel.
  • Page 243: Figure 175 Macintosh Os X: Network

    • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. 5 Click Apply Now and close the window.
  • Page 244 Appendix B Setting up Your Computer’s IP Address ZyXEL NWA-3100 User’s Guide...
  • Page 245: Appendix C Ip Address Assignment Conflicts

    You must set the ZyXEL Device to use different LAN and WAN IP addresses on different subnets if you enable DHCP server on the ZyXEL Device. For example, you set the WAN IP address to 192.59.1.1 and the LAN IP address to 10.59.1.1. Otherwise, It is recommended the ZyXEL Device use a public WAN IP address.
  • Page 246: Figure 177 Ip Address Conflicts: Case B

    Appendix C IP Address Assignment Conflicts Figure 177 IP Address Conflicts: Case B To solve this problem, make sure the ZyXEL Device LAN IP address is not in the DHCP IP address pool. Case C: The Subscriber IP address is the same as the IP...
  • Page 247: Figure 179 Ip Address Conflicts: Case D

    Appendix C IP Address Assignment Conflicts Figure 179 IP Address Conflicts: Case D This problem can be solved by adding a VLAN-enabled switch or set the computers to obtain IP addresses dynamically. ZyXEL NWA-3100 User’s Guide...
  • Page 248 Appendix C IP Address Assignment Conflicts ZyXEL NWA-3100 User’s Guide...
  • Page 249: Appendix D Wireless Lans

    A and B can access the wired network and communicate with each other. When Intra-BSS is disabled, wireless station A and B can still access the wired network but cannot communicate with each other. ZyXEL NWA-3100 User’s Guide...
  • Page 250: Figure 181 Basic Service Set

    An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless stations within the same ESS must have the same ESSID in order to communicate. ZyXEL NWA-3100 User’s Guide...
  • Page 251: Figure 182 Infrastructure Wlan

    (AP) or wireless gateway, but out-of-range of each other, so they cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other. ZyXEL NWA-3100 User’s Guide...
  • Page 252: Figure 183 Rts/Cts

    AP will fragment the packet into smaller data frames. A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. ZyXEL NWA-3100 User’s Guide...
  • Page 253: Types Of Radius Messages

    RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. The ZyXEL Device may be prone to RF (Radio Frequency) interference from other 2.4 GHz devices such as microwave ovens, wireless phones, Bluetooth enabled devices, and other wireless LANs.
  • Page 254 In addition, it is possible to impersonate an authentication server as MD5 authentication method does not perform mutual authentication. Finally, MD5 authentication method does not support data encryption with dynamic session key. You must configure WEP encryption keys for data encryption. ZyXEL NWA-3100 User’s Guide...
  • Page 255: Dynamic Wep Key Exchange

    For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, a simple user name and password pair is more practical. ZyXEL NWA-3100 User’s Guide...
  • Page 256: Table 90 Comparison Of Eap Authentication Types

    By generating unique data encryption keys for every data packet and by creating an integrity checking mechanism (MIC), TKIP makes it much more difficult to decode data on a Wi-Fi network than WEP, making it difficult for an intruder to break into the network. ZyXEL NWA-3100 User’s Guide...
  • Page 257: Table 91 Wireless Security Relational Matrix

    METHOD/ KEY ENABLE IEEE 802.1X METHOD MANUAL KEY MANAGEMENT PROTOCOL Open None Open Enable with Dynamic WEP Key Enable without Dynamic WEP Shared Enable with Dynamic WEP Key Enable without Dynamic WEP TKIP WPA-PSK TKIP WPA2 WPA2-PSK ZyXEL NWA-3100 User’s Guide...
  • Page 258 Appendix D Wireless LANs ZyXEL NWA-3100 User’s Guide...
  • Page 259: Appendix E Indoor Installation Recommendations

    Types of Antennas For WLAN There are two types of antennas used for wireless LAN applications. ZyXEL NWA-3100 User’s Guide...
  • Page 260 For a single AP application, place omni-directional antennas as close to the center of the coverage area as possible. For directional antennas, point the antenna in the direction of the desired coverage area. ZyXEL NWA-3100 User’s Guide...
  • Page 261: Appendix F Pop-Up Windows, Javascripts And Java Permissions

    1 In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker. Figure 184 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. 1 In Internet Explorer, select Tools, Internet Options, Privacy. ZyXEL NWA-3100 User’s Guide...
  • Page 262: Figure 185 Internet Options: Privacy

    Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen. ZyXEL NWA-3100 User’s Guide...
  • Page 263: Figure 186 Internet Options: Privacy

    3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 187 Pop-up Blocker Settings ZyXEL NWA-3100 User’s Guide...
  • Page 264: Figure 188 Internet Options: Security

    3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window. ZyXEL NWA-3100 User’s Guide...
  • Page 265: Figure 189 Security Settings - Java Scripting

    2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window. Figure 190 Security Settings - Java ZyXEL NWA-3100 User’s Guide...
  • Page 266: Figure 191 Java (Sun)

    1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Figure 191 Java (Sun) ZyXEL NWA-3100 User’s Guide...
  • Page 267: Appendix G Ip Addresses And Subnetting

    Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal. The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. ZyXEL NWA-3100 User’s Guide...
  • Page 268: Figure 192 Network Number And Host Id

    Subnet masks can be referred to by the size of the network number part (the bits with a “1” value). For example, an “8-bit mask” means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes. ZyXEL NWA-3100 User’s Guide...
  • Page 269: Table 93 Subnet Masks

    For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with subnet mask 255.255.255.128. The following table shows some possible subnet masks using both notations. Table 95 Alternative Subnet Mask Notation ALTERNATIVE LAST OCTET LAST OCTET SUBNET MASK NOTATION (BINARY) (DECIMAL) 255.255.255.0 0000 0000 255.255.255.128 1000 0000 ZyXEL NWA-3100 User’s Guide...
  • Page 270: Figure 193 Subnetting Example: Before Subnetting

    The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. The following figure shows the company network after subnetting. There are now two sub- networks, A and B. ZyXEL NWA-3100 User’s Guide...
  • Page 271: Figure 194 Subnetting Example: After Subnetting

    LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE IP Address (Decimal) 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 00000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.1 192.168.1.0 Broadcast Address: Highest Host ID: 192.168.1.62 192.168.1.63 ZyXEL NWA-3100 User’s Guide...
  • Page 272: Table 97 Subnet 2

    Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet. Table 100 Eight Subnets SUBNET LAST BROADCAST SUBNET FIRST ADDRESS ADDRESS ADDRESS ADDRESS ZyXEL NWA-3100 User’s Guide...
  • Page 273: Table 101 24-Bit Network Number Subnet Planning

    255.255.128.0 (/17) 32766 255.255.192.0 (/18) 16382 255.255.224.0 (/19) 8190 255.255.240.0 (/20) 4094 255.255.248.0 (/21) 2046 255.255.252.0 (/22) 1022 255.255.254.0 (/23) 255.255.255.0 (/24) 255.255.255.128 (/25) 255.255.255.192 (/26) 1024 255.255.255.224 (/27) 2048 255.255.255.240 (/28) 4096 255.255.255.248 (/29) 8192 ZyXEL NWA-3100 User’s Guide...
  • Page 274: Private Ip Addresses

    You must also enable Network Address Translation (NAT) on the ZyXEL Device. Once you have decided on the network number, pick an IP address for your ZyXEL Device that is easy to remember (for instance, 192.168.1.1) but make sure that no other device on your network is using that IP address.
  • Page 275: Appendix H Text File Based Auto Configuration

    You can have a different configuration file for each AP. You can also have multiple APs use the same configuration file. ZyXEL NWA-3100 User’s Guide...
  • Page 276: Table 103 Auto Configuration By Dhcp

    Use the following procedure to have the AP download the configuration file. Table 105 Configuration via SNMP STEPS MIB VARIABLE VALUE Step 1 pwTftpServer Set the IP address of the TFTP server. Step 2 pwTftpFileName Set the file name, for example, devicecfg.txt. ZyXEL NWA-3100 User’s Guide...
  • Page 277: Figure 196 Configuration File Format

    You can only use the commands in the configuration file. The AP ignores wlan wcfg other ZyNOS commands but continues to check the next command. The AP ignores any improperly formatted commands and continues to check the next line. ZyXEL NWA-3100 User’s Guide...
  • Page 278: Figure 197 Wep Configuration File Example

    1 wep key4 defgh wcfg security 1 wep keyindex 1 wcfg security save wcfg ssid 1 name ssid-wep wcfg ssid 1 security Test-wep wcfg ssid 1 l2iolation disable wcfg ssid 1 macfilter disable wcfg ssid save ZyXEL NWA-3100 User’s Guide...
  • Page 279: Figure 198 802.1X Configuration File Example

    3 groupkeytime 1800 wcfg security save wcfg ssid 3 name ssid-wpapsk wcfg ssid 3 security Test-wpapsk wcfg ssid 3 qos 4 wcfg ssid 3 l2siolation disable wcfg ssid 3 macfilter disable wcfg ssid save ZyXEL NWA-3100 User’s Guide...
  • Page 280: Figure 200 Wpa Configuration File Example

    Remember that the commands are applied in order. So for example, you would place the commands that create security and SSID profiles before the commands that tell the AP to use those profiles. ZyXEL NWA-3100 User’s Guide...
  • Page 281: Figure 201 Wlan Configuration File Example

    0 wlan ssidprofile ssid-wep !change operating mode -> MBSSID mode, !then select ssid-wpapsk, ssid-wpa2psk as running WLAN profiles wlan opmode 3 wlan ssidprofile ssid-wpapsk ssid-wpa2psk ! set output power level to 50% wlan output power 2 ZyXEL NWA-3100 User’s Guide...
  • Page 282 Appendix H Text File Based Auto Configuration ZyXEL NWA-3100 User’s Guide...
  • Page 283: Appendix I Legal Information

    Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others.
  • Page 284 This device has been designed for the WLAN 2.4 GHz and 5 GHz networks throughout the EC region and Switzerland, with restrictions in France. This Class B digital apparatus complies with Canadian ICES-003. Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada. ZyXEL NWA-3100 User’s Guide...
  • Page 285: Zyxel Limited Warranty

    Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.
  • Page 286 Appendix I Legal Information ZyXEL NWA-3100 User’s Guide...
  • Page 287: Appendix J Customer Support

    • Telephone: +506-2017878 • Fax: +506-2015098 • Web Site: www.zyxel.co.cr • FTP Site: ftp.zyxel.co.cr • Regular Mail: ZyXEL Costa Rica, Plaza Roble Escazú, Etapa El Patio, Tercer Piso, San José, Costa Rica Czech Republic • E-mail: info@cz.zyxel.com • Telephone: +420-241-091-350 •...
  • Page 288 • E-mail: info@zyxel.fr • Telephone: +33-4-72-52-97-97 • Fax: +33-4-72-52-19-20 • Web Site: www.zyxel.fr • Regular Mail: ZyXEL France, 1 rue des Vergers, Bat. 1 / C, 69760 Limonest, France Germany • Support E-mail: support@zyxel.de • Sales E-mail: sales@zyxel.de • Telephone: +49-2405-6909-0 •...
  • Page 289 • Sales E-mail: sales@zyxel.com • Telephone: +1-800-255-4101, +1-714-632-0882 • Fax: +1-714-632-0858 • Web Site: www.us.zyxel.com • FTP Site: ftp.us.zyxel.com • Regular Mail: ZyXEL Communications Inc., 1130 N. Miller St., Anaheim, CA 92806- 2001, U.S.A. Norway • Support E-mail: support@zyxel.no • Sales E-mail: sales@zyxel.no •...
  • Page 290 Appendix J Customer Support • Web Site: www.zyxel.es • Regular Mail: ZyXEL Communications, Arte, 21 5ª planta, 28033 Madrid, Spain Sweden • Support E-mail: support@zyxel.se • Sales E-mail: sales@zyxel.se • Telephone: +46-31-744-7700 • Fax: +46-31-744-7701 • Web Site: www.zyxel.se • Regular Mail: ZyXEL Communications A/S, Sjöporten 4, 41764 Göteborg, Sweden Ukraine •...
  • Page 291: Index

    DiffServ Code Point (DSCP) 35, 67, 249 DiffServ Code Points DiffServ marking rule dimensions disclaimer Distribution System DS Field DS field Certificate Authority DSCPs see CA dynamic WEP key exchange certificates thumbprint algorithms thumbprints verifying fingerprints certifications notices viewing ZyXEL NWA-3100 User’s Guide...
  • Page 292 FTP. See FTP. using Telnet. See command interface. using the command interface. See command hidden menus interface. hidden node max age honeypot attack MBSSID 35, 43, 45 host MSDU 75, 79, 99 humidity multiple wireless networks HyperTerminal ZyXEL NWA-3100 User’s Guide...
  • Page 293 Spanning Tree Protocol see STP SSID hide SSID RADIUS 48, 253 SSID profile 35, 45, 101 shared secret key pre-configured 35, 46, 49 RADIUS message types 72, 73, 230 RADIUS messages path costs Rapid STP ZyXEL NWA-3100 User’s Guide...
  • Page 294 TFTP file transfer WPA with RADIUS Application time and date setting WPA, WPA2 time setting WPA2-PSK time zone WPA-PSK trace records trademarks tutorial Type of Service ZyNOS ZyNOS F/W Version upload firmware user authentication 83, 257 ZyXEL NWA-3100 User’s Guide...

Table of Contents