Summary of Contents for ZyXEL Communications ZyAIR G-500
Page 1
ZyAIR G-500 802.11g Wireless Access Point User's Guide Version 3.50 April 2004...
Page 2
Trademarks ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
Page 3
ZyAIR G-500 Wireless Access Point User’s Guide Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.
ZyAIR G-500 Wireless Access Point User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and...
ZyAIR G-500 Wireless Access Point User’s Guide Customer Support Please have the following information ready when you contact customer support. • Product model and serial number. • Warranty Information. • Date that you received your device. • Brief description of the problem and the steps you took to solve it.
Page 6
ZyAIR G-500 Wireless Access Point User’s Guide METHOD SUPPORT E-MAIL TELEPHONE WEB SITE REGULAR MAIL SALES E-MAIL FTP SITE LOCATION FINLAND support@zyxel.fi +358-9-4780-8411 www.zyxel.fi ZyXEL Communications Oy Malminkaari 10 sales@zyxel.fi +358-9-4780 8448 00700 Helsinki Finland Customer Support...
ZyAIR G-500 Wireless Access Point User’s Guide Table of Contents Copyright .................................ii Federal Communications Commission (FCC) Interference Statement .............iii ZyXEL Limited Warranty..........................iv Customer Support............................v List of Figures..............................xii List of Tables..............................xv Preface................................xvii OVERVIEW ..............................I Chapter 1 Getting to Know Your ZyAIR ....................1-1 Introducing the ZyAIR Wireless Access Point ................1-1...
ZyAIR G-500 Wireless Access Point User’s Guide List of Figures Figure 1-1 Internet Access Application......................1-4 Figure 1-2 Corporation Network Application....................1-5 Figure 2-1 Change Password Screen ......................2-1 Figure 2-2 Navigating the ZyAIR Web Configurator ..................2-3 Figure 3-1 Wizard 1 : General Setup ......................3-2 Figure 3-2 Wizard 2 : Wireless LAN Setup ....................3-3...
Page 13
Figure 10-13 Restart Screen........................10-11 Figure 11-1 Login Screen..........................11-1 Figure 11-2 Menu 23.1 System Security : Change Password ...............11-2 Figure 11-3 ZyAIR G-500 SMT Menu Overview Example .................11-3 Figure 11-4 ZyAIR G-500 SMT Main Menu....................11-5 Figure 12-1 Menu 1 General Setup ......................12-1 Figure 13-1 Menu 3 LAN Setup ........................
Page 14
ZyAIR G-500 Wireless Access Point User’s Guide Figure 17-8 Menu 24.4 System Maintenance : Diagnostic................17-6 Figure 18-1 Menu 24.5 Backup Configuration.....................18-2 Figure 18-2 FTP Session Example........................18-3 Figure 18-3 Menu 24.6 Restore Configuration.....................18-6 Figure 18-4 Menu 24.7 System Maintenance : Upload Firmware ..............18-6 Figure 18-5 Menu 24.7.1 System Maintenance : Upload System Firmware ..........18-7...
Page 15
ZyAIR G-500 Wireless Access Point User’s Guide List of Tables Table 3-1 Wizard 1 : General Setup ....................... 3-2 Table 3-2 Wizard 2 : Wireless LAN Setup ..................... 3-3 Table 3-3 Private IP Address Ranges ......................3-5 Table 3-4 Wizard 3 : IP Address Assignment ....................3-6 Table 4-1 System General Setup ........................
Page 16
ZyAIR G-500 Wireless Access Point User’s Guide Table 14-1 Menu 14.1- Edit Dial-in User .....................14-2 Table 15-1 Menu 22 SNMP Configuration ....................15-3 Table 15-2 SNMP Traps..........................15-4 Table 16-1 Menu 23.2 System Security : RADIUS Server................16-2 Table 16-2 Menu 23.4 System Security : IEEE802.1x .................16-4 Table 17-1 Menu 24.1 System Maintenance : Status ..................17-2...
ZyAIR G-500 Wireless Access Point User’s Guide Preface Congratulations on your purchase from the ZyAIR G-500 802.11g Wireless Access Point. An access point (AP) acts as a bridge between the wireless and wired networks, extending your existing wired network without any additional wiring.
Page 18
For brevity’s sake, we will use “e.g.,” as a shorthand for “for instance”, and “i.e.,” for “that is” or “in other words” throughout this manual. • The ZyAIR G-500 802.11g Wireless Access Point may be referred to simply as the ZyAIR in the user’s guide. User Guide Feedback Help us help you.
Overview OVERVIEW This part introduces the main features and applications of ZyAIR and shows how to access the web configurator and use the Wizard to setup the ZyAIR.
ZyAIR G-500 Wireless Access Point User’s Guide Chapter 1 Getting to Know Your ZyAIR This chapter introduces the main features and applications of the ZyAIR. Introducing the ZyAIR Wireless Access Point The ZyAIR extends the range of your existing wired network without any additional wiring efforts. The ZyAIR provides easy network access to mobile users.
ZyAIR G-500 Wireless Access Point User’s Guide 802.11g Wireless LAN Standard ZyAIR products containing the letter “G” in the model name, such as ZyAIR G-500 and ZyAIR G-2000, comply with the 802.11g wireless standard. 802.11g will be fully compatible with the 802.11b standard. This means an 802.11b radio card can interface directly with an 802.11g access point (and vice versa) at 11 Mbps or lower depending on range.
ZyAIR G-500 Wireless Access Point User’s Guide IEEE 802.1x Network Security The ZyAIR supports the IEEE 802.1x standard to enhance user authentication. Use the built-in user profile database to authenticate up to 32 users using MD5 encryption. Use an EAP-compatible RADIUS (RFC2138, 2139 - Remote Authentication Dial In User Service) server to authenticate a limitless number of users using EAP (Extensible Authentication Protocol).
ZyAIR G-500 Wireless Access Point User’s Guide 1.3.1 Internet Access Application The ZyAIR is an ideal access solution for wireless Internet connection. A typical Internet access application for your ZyAIR is shown as follows. Figure 1-1 Internet Access Application 1.3.2 Corporation Network Application...
ZyAIR G-500 Wireless Access Point User’s Guide Chapter 2 Introducing the Web Configurator This chapter describes how to access the ZyAIR web configurator and provides an overview of its screens. The default IP address of the ZyAIR is 192.168.1.2. Accessing the ZyAIR Web Configurator Step 1.
ZyAIR G-500 Wireless Access Point User’s Guide The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the ZyAIR if this happens to you. Resetting the ZyAIR If you forget your password or cannot access the ZyAIR, you will need to reload the factory-default configuration file or use the RESET button on the top panel of the ZyAIR.
ZyAIR G-500 Wireless Access Point User’s Guide Navigating the ZyAIR Web Configurator The following summarizes how to navigate the web configurator. Follow the instructions below or click the icon (located in the top right corner of most screens) to view online help.
ZyAIR G-500 Wireless Access Point User’s Guide Chapter 3 Wizard Setup This chapter provides information on the Wizard Setup screens in the web configurator. Wizard Setup Overview The web configurator’s setup wizard helps you configure your ZyAIR for wireless stations to access your wired LAN.
ZyAIR G-500 Wireless Access Point User’s Guide Wizard Setup: General Setup General Setup contains administrative and system-related information. Figure 3-1 Wizard 1 : General Setup The following table describes the labels in this screen. Table 3-1 Wizard 1 : General Setup...
ZyAIR G-500 Wireless Access Point User’s Guide Table 3-1 Wizard 1 : General Setup LABEL DESCRIPTION Domain Name This is not a required field. Leave this field blank or enter the domain name here if you know Next Click Next to proceed to the next screen.
ZyAIR G-500 Wireless Access Point User’s Guide Table 3-2 Wizard 2 : Wireless LAN Setup LABEL DESCRIPTION ESSID Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN. If you change this field on the ZyAIR, make sure all wireless stations use the same ESSID in order to access the network.
ZyAIR G-500 Wireless Access Point User’s Guide Table 3-3 Private IP Address Ranges 10.0.0.0 10.255.255.255 172.16.0.0 172.31.255.255 192.168.0.0 192.168.255.255 You can obtain your IP address from the IANA, from an ISP or have it assigned by a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks.
ZyAIR G-500 Wireless Access Point User’s Guide Figure 3-3 Wizard 3 : IP Address Assignment The following table describes the labels in this screen. Table 3-4 Wizard 3 : IP Address Assignment LABEL DESCRIPTION IP Address Assignment Get automatically from...
ZyAIR G-500 Wireless Access Point User’s Guide Table 3-4 Wizard 3 : IP Address Assignment LABEL DESCRIPTION Gateway IP Address Enter the IP address of a gateway. The gateway is an immediate neighbor of your ZyAIR that will forward the packet to the destination. On the LAN, the gateway must be a router on the same segment as your ZyAIR;...
Page 38
ZyAIR G-500 Wireless Access Point User’s Guide Well done! You have successfully set up your ZyAIR to operate on your network and access the Internet. Wizard Setup...
ZyAIR G-500 Wireless Access Point User’s Guide Chapter 4 System Screens This chapter provides information on the System screens. System Overview This section provides information on general system setup. Configuring General Setup Click SYSTEM to open the General screen. Figure 4-1 System General Setup The following table describes the labels in this screen.
ZyAIR G-500 Wireless Access Point User’s Guide Table 4-1 System General Setup LABEL DESCRIPTION System Name Type a descriptive name to identify the ZyAIR in the Ethernet network. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes "-"...
ZyAIR G-500 Wireless Access Point User’s Guide Figure 4-2 Password The following table describes the labels in this screen. Table 4-2 Password LABEL DESCRIPTION Old Password Type in your existing system password (1234 is the default password). New Password Type your new system password (up to 31 characters). Note that as you type a password, the screen displays an asterisk (*) for each character you type.
ZyAIR G-500 Wireless Access Point User’s Guide Figure 4-3 Time Setting The following table describes the labels in this screen. Table 4-3 Time Setting LABEL DESCRIPTION Time Protocol Select the time service protocol that your time server sends when you turn on the ZyAIR.
Page 45
ZyAIR G-500 Wireless Access Point User’s Guide Table 4-3 Time Setting LABEL DESCRIPTION Time Server Enter the IP address or the URL of your time server. Check with your ISP/network Address administrator if you are unsure of this information. Current Time This field displays the time of your ZyAIR.
ZyAIR G-500 Wireless Access Point User’s Guide Chapter 5 Wireless Configuration and Roaming This chapter discusses how to configure Wireless and Roaming screens on the ZyAIR. Wireless LAN Overview This section introduces the wireless LAN (WLAN) and some basic scenarios.
ZyAIR G-500 Wireless Access Point User’s Guide Figure 5-2 Basic Service set 5.1.3 ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS).
ZyAIR G-500 Wireless Access Point User’s Guide Figure 5-3 Extended Service Set Wireless LAN Basics Refer also to the chapter on wizard setup for more background information on Wireless LAN features, such as channels. 5.2.1 RTS/CTS A hidden node occurs when two stations are within range of the same access point, but are not within range of each other.
ZyAIR G-500 Wireless Access Point User’s Guide Figure 5-4 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
ZyAIR G-500 Wireless Access Point User’s Guide If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.
ZyAIR G-500 Wireless Access Point User’s Guide The following table describes the general wireless LAN labels in this screen. Table 5-1 Wireless LABEL DESCRIPTION ESSID (Extended Service Set IDentity) The ESSID identifies the Service Set with which a wireless station is associated. Wireless stations associating to the access point (AP) must have the same ESSID.
ZyAIR G-500 Wireless Access Point User’s Guide The roaming feature on the access points allows the access points to relay information about the wireless stations to each other. When a wireless station moves from a coverage area to another, it scans and uses the channel of a new access point, which then informs the access points on the LAN about the change.
ZyAIR G-500 Wireless Access Point User’s Guide Step 3. Access point AP 1 updates the new position of wireless station. Step 4. Wireless station Y sends a request to access point AP 2 for reauthentication. 5.4.1 Requirements for Roaming The following requirements must be met in order for wireless stations to roam between the coverage areas.
ZyAIR G-500 Wireless Access Point User’s Guide Table 5-2 Roaming LABEL DESCRIPTION Active Select Yes from the drop-down list box to enable roaming on the ZyAIR if you have two or more ZyAIRs on the same subnet. All APs on the same subnet and the wireless stations must have the same ESSID to allow roaming.
ZyAIR G-500 Wireless Access Point User’s Guide Chapter 6 Wireless Security This chapter describes how to use the MAC Filter, 802.1x, Local User Database and RADIUS to configure wireless security on your ZyAIR. Wireless Security Overview Wireless security is vital to your network to protect wireless communication between wireless stations, access points and the wired network.
ZyAIR G-500 Wireless Access Point User’s Guide 6.2.1 Data Encryption WEP provides a mechanism for encrypting data using encryption keys. Both the AP and the wireless stations must use the same WEP key to encrypt and decrypt data. Your ZyAIR allows you to configure up to four 64- bit or 128-bit WEP keys, but only one key can be enabled at any one time.
ZyAIR G-500 Wireless Access Point User’s Guide Shared key authentication involves a four-message procedure. A wireless station sends a shared key authentication request to the AP, which will then reply with a challenge text message. The wireless station must then use the AP’s default WEP key to encrypt the challenge text and return it to the AP, which attempts to decrypt the message using the AP’s default WEP key.
ZyAIR G-500 Wireless Access Point User’s Guide Figure 6-3 Wireless The following table describes the wireless LAN security labels in this screen. Table 6-1 Wireless LABEL DESCRIPTION Select Disable to allow wireless stations to communicate with the access points without Encryption any data encryption.
Page 61
ZyAIR G-500 Wireless Access Point User’s Guide Table 6-1 Wireless LABEL DESCRIPTION Authentication Select Auto, Open System or Shared Key from the drop-down list box. Method This field is not available if WEP is not activated. If WEP encryption is activated, the default setting is Auto.
ZyAIR G-500 Wireless Access Point User’s Guide MAC Filter The MAC filter screen allows you to configure the ZyAIR to give exclusive access to up to 32 devices (Allow Association) or exclude up to 32 devices from accessing the ZyAIR (Deny Association). Every Ethernet device has a unique MAC (Media Access Control) address.
ZyAIR G-500 Wireless Access Point User’s Guide Figure 6-4 MAC Address Filter The following table describes the labels in this screen. Wireless Security...
ZyAIR G-500 Wireless Access Point User’s Guide Table 6-2 MAC Address Filter LABEL DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering. Filter Action Define the filter action for the list of MAC addresses in the MAC address filter table.
ZyAIR G-500 Wireless Access Point User’s Guide • Access-Request Sent by an access point requesting authentication. • Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access. • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access-Request message.
ZyAIR G-500 Wireless Access Point User’s Guide Figure 6-5 EAP Authentication The details below provide a general description of how IEEE 802.1x EAP authentication works. For an example list of EAP-MD5 authentication steps, see the IEEE 802.1x appendix. • The wireless station sends a “start” message to the ZyAIR.
ZyAIR G-500 Wireless Access Point User’s Guide Introduction to WPA Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft. Key differences between WPA and WEP are user authentication and improved data encryption. 6.9.1 User Authentication WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients...
ZyAIR G-500 Wireless Access Point User’s Guide 6.10 WPA-PSK Application Example A WPA-PSK application looks as follows. Step 1. First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters (including spaces and symbols).
ZyAIR G-500 Wireless Access Point User’s Guide Figure 6-7 WPA with RADIUS Application Example 6.12 Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. You enter manual keys by first selecting 64-bit WEP or 128-bit WEP from the WEP Encryption field and then typing the keys (in ASCII or hexadecimal format) in the key text boxes.
ZyAIR G-500 Wireless Access Point User’s Guide Table 6-3 Wireless Security Relational Matrix AUTHENTICATION ENCRYPTION ENTER IEEE 802.1X METHOD/ KEY METHOD MANUAL KEY MANAGEMENT PROTOCOL Enable without Dynamic WEP Key Disable Enable TKIP Enable WPA-PSK Enable WPA-PSK TKIP Enable 6.13 Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA.
ZyAIR G-500 Wireless Access Point User’s Guide Figure 6-8 Wireless LAN: 802.1x/WPA The following table describes the labels in this screen. Table 6-4 Wireless LAN: 802.1x/WPA LABEL DESCRIPTION Wireless Port To control wireless stations access to the wired network, select a control method from Control the drop-down list box.
ZyAIR G-500 Wireless Access Point User’s Guide Figure 6-9 Wireless LAN: 802.1x/WPA for 802.1x Protocol The following table describes the labels in this screen. Table 6-5 Wireless LAN: 802.1x/WPA for 802.1x Protocol LABEL DESCRIPTION Wireless Port To control wireless stations access to the wired network, select a control method from Control the drop-down list box.
Page 73
ZyAIR G-500 Wireless Access Point User’s Guide Table 6-5 Wireless LAN: 802.1x/WPA for 802.1x Protocol LABEL DESCRIPTION ReAuthentication Specify how often wireless stations have to reenter usernames and passwords in Timer order to stay connected. This field is activated only when you select Authentication Required in the Wireless Port Control field.
ZyAIR G-500 Wireless Access Point User’s Guide Table 6-5 Wireless LAN: 802.1x/WPA for 802.1x Protocol LABEL DESCRIPTION Authentication The authentication database contains wireless station login information. The local Databases user database is the built-in database on the ZyAIR. The RADIUS is an external server.
ZyAIR G-500 Wireless Access Point User’s Guide Figure 6-10 Wireless LAN: 802.1x/WPA for WPA Protocol The following table describes the labels not previously discussed Table 6-6 Wireless LAN: 802.1x/WPA for WPA Protocol LABEL DESCRIPTION Key Management Choose WPA in this field.
ZyAIR G-500 Wireless Access Point User’s Guide Table 6-6 Wireless LAN: 802.1x/WPA for WPA Protocol LABEL DESCRIPTION Authentication When you configure Key Management Protocol to WPA, the Authentication Databases Databases must be RADIUS Only. You can only use the Local User Database Only with 802.1x Key Management Protocol.
ZyAIR G-500 Wireless Access Point User’s Guide Table 6-7 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol LABEL DESCRIPTION Key Management Choose WPA-PSK in this field. Protocol Pre-Shared Key The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference between the two is that WPA-PSK uses a simple common password, instead of user-specific credentials.
ZyAIR G-500 Wireless Access Point User’s Guide Figure 6-12 Local User Database The following table describes the labels in this screen. 6-22 Wireless Security...
ZyAIR G-500 Wireless Access Point User’s Guide Table 6-8 Local User Database LABEL DESCRIPTION Active Select this check box to activate the user profile. User Name Enter the username (up to 31 characters) for this user profile. Password Type a password (up to 31 characters) for this user profile. Note that as you type a password, the screen displays a (*) for each character you type.
ZyAIR G-500 Wireless Access Point User’s Guide The following table describes the labels in this screen. Table 6-9 RADIUS LABEL DESCRIPTION Authentication Server Active Select Yes from the drop-down list box to enable user authentication through an external authentication server.
ZyAIR G-500 Wireless Access Point User’s Guide Chapter 7 IP Screen This chapter discusses how to configure IP on the ZyAIR Factory Ethernet Defaults The Ethernet parameters of the ZyAIR are preset in the factory with the following values: •...
ZyAIR G-500 Wireless Access Point User’s Guide The following table describes the labels in this screen. Table 7-1 IP Setup LABEL DESCRIPTION IP Address Assignment Get automatically from Select this option if your ZyAIR is using a dynamically assigned IP address from DHCP a DHCP server each time.
Remote Management and Logs Part III: REMOTE MANAGEMENT AND LOGS This part provides information and configuration instructions for Remote Management and the logs.
ZyAIR G-500 Wireless Access Point User’s Guide Chapter 8 Remote Management This chapter provides information on the Remote Management screens. Remote Management Overview Remote management allows you to determine which services/protocols can access which ZyAIR interface (if any) from which computers. You can customize the service port, access interface and the secured client IP address to enhance security and flexibility.
ZyAIR G-500 Wireless Access Point User’s Guide Telnet You can telnet into the ZyAIR to perform remote management. Figure 8-1 Telnet Configuration on a TCP/IP Network Configuring TELNET Click REMOTE MGNT to open the TELNET screen. Figure 8-2 Telnet The following table describes the labels in this screen.
ZyAIR G-500 Wireless Access Point User’s Guide Table 8-1 Telnet LABEL DESCRIPTION Server Access Select the interface(s) through which a computer may access the ZyAIR using this service. Secured Client A secured client is a “trusted” computer that is allowed to communicate with the ZyAIR IP Address using this service.
ZyAIR G-500 Wireless Access Point User’s Guide Table 8-2 FTP LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
ZyAIR G-500 Wireless Access Point User’s Guide Table 8-3 WWW LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
ZyAIR G-500 Wireless Access Point User’s Guide Figure 8-5 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the ZyAIR). An agent translates the local management information from the managed device into a form compatible with SNMP.
ZyAIR G-500 Wireless Access Point User’s Guide • Trap - Used by the agent to inform the manager of some events. 8.6.1 Supported MIBs The ZyAIR supports MIB II that is defined in RFC-1213 and RFC-1215. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance.
Page 92
ZyAIR G-500 Wireless Access Point User’s Guide Figure 8-6 SNMP The following table describes the labels in this screen. Table 8-6 SNMP LABEL DESCRIPTION SNMP Configuration Get Community Enter the Get Community, which is the password for the incoming Get and GetNext requests from the management station.
ZyAIR G-500 Wireless Access Point User’s Guide Table 8-6 SNMP LABEL DESCRIPTION Trusted Host If you enter a trusted host, your ZyAIR will only respond to SNMP messages from this address. A blank (default) field means your ZyAIR will respond to all SNMP messages it receives, regardless of source.
ZyAIR G-500 Wireless Access Point User’s Guide Chapter 9 Logs Screens This chapter contains information about configuring general log settings and viewing the ZyAIR’s logs. Refer to the appendix for example log message explanations. Configuring View Log The web configurator allows you to look at all of the ZyAIR’s logs in one location.
ZyAIR G-500 Wireless Access Point User’s Guide The following table describes the labels in this screen. Table 9-1 View Log LABEL DESCRIPTION Display Select a log category from the drop down list box to display logs within the selected category. To view all logs, select All Logs.
ZyAIR G-500 Wireless Access Point User’s Guide Table 9-2 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and alert messages will not be sent via e-mail.
Page 99
ZyAIR G-500 Wireless Access Point User’s Guide Table 9-2 Log Settings LABEL DESCRIPTION Clear log after sanding Select the check box to clear all logs after logs and alert messages are sent via e- mail mail. Select the categories of logs that you want to record.
ZyAIR G-500 Wireless Access Point User’s Guide Chapter 10 Maintenance This chapter describes the Maintenance screens that display system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 10.1 Maintenance Overview The maintenance screens can help you view system information, upload new firmware, manage configuration and restart your ZyAIR.
ZyAIR G-500 Wireless Access Point User’s Guide Table 10-1 System Status LABEL DESCRIPTION ZyNOS Firmware This is the ZyNOS Firmware version and the date created. ZyNOS is ZyXEL's Version proprietary Network Operating System design. IP Address This is the Ethernet port IP address.
ZyAIR G-500 Wireless Access Point User’s Guide Table 10-2 System Status: Show Statistics LABEL DESCRIPTION TxPkts This is the number of transmitted packets on this port. RxPkts This is the number of received packets on this port. Collisions This is the number of collisions on this port.
ZyAIR G-500 Wireless Access Point User’s Guide Figure 10-3 Association List The following table describes the labels in this screen. Table 10-3 Association List LABEL DESCRIPTION This is the index number of an associated wireless station. MAC Address This field displays the MAC address of an associated wireless station.
ZyAIR G-500 Wireless Access Point User’s Guide Figure 10-4 Firmware Upload The following table describes the labels in this screen. Table 10-4 Firmware Upload LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it.
ZyAIR G-500 Wireless Access Point User’s Guide Figure 10-5 Firmware Upload In Process The ZyAIR automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 10-6 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the System Status screen.
ZyAIR G-500 Wireless Access Point User’s Guide Figure 10-7 Firmware Upload Error 10.5 Configuration Screen See the Firmware and Configuration File Maintenance chapter for transferring configuration files using FTP/TFTP commands. Click MAINTENANCE, and then the Configuration tab. Information related to factory defaults, backup configuration, and restoring configuration appears as shown next.
ZyAIR G-500 Wireless Access Point User’s Guide Figure 10-8 Configuration 10.5.1 Backup Configuration Backup configuration allows you to back up (save) the ZyAIR’s current configuration to a file on your computer. Once your ZyAIR is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes.
ZyAIR G-500 Wireless Access Point User’s Guide 10.5.2 Restore Configuration Restore configuration allows you to upload a new or previously saved configuration file from your computer to your ZyAIR. Table 10-5 Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it.
ZyAIR G-500 Wireless Access Point User’s Guide Figure 10-10 Network Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default ZyAIR IP address (192.168.1.2). See your Quick Installation Guide for details on how to set up your computer’s IP address.
ZyAIR G-500 Wireless Access Point User’s Guide Figure 10-12 Reset Warning Message You can also press the RESET button on the rear panel to reset the factory defaults of your ZyAIR. Refer to the section on resetting the ZyAIR for more information on the RESET button.
SMT Configuration Part V: SMT CONFIGURATION This part contains SMT (System Management Terminal) configuration and background information for features only configurable by SMT. See the web configurator parts of this guide for background information on features configurable by web configurator and SMT.
ZyAIR G-500 Wireless Access Point User’s Guide Chapter 11 Introducing the SMT This chapter describes how to access the SMT and provides an overview of its menus 11.1 Connect to your ZyAIR Using Telnet The following procedure details how to telnet into your ZyAIR.
ZyAIR G-500 Wireless Access Point User’s Guide Menu 23.1 – System Security – Change Password Old Password= **** New Password= ? Retype to confirm= ? Enter here to CONFIRM or ESC to CANCEL: Figure 11-2 Menu 23.1 System Security : Change Password Step 4.
Upload System - Change Console Port Upload Firmware Firmware Configuration File Speed Menu 24.8 Menu 24.10 Menu 24.1 Remote Command Time and Date Management Control Setting Interpreter Mode Figure 11-3 ZyAIR G-500 SMT Menu Overview Example Introducing the SMT 11-3...
ZyAIR G-500 Wireless Access Point User’s Guide 11.4 Navigating the SMT Interface The SMT (System Management Terminal) is the interface that you use to configure your ZyAIR. Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below.
ZyAIR G-500 Wireless Access Point User’s Guide Chapter 12 General Setup The chapter shows you the information on general setup. 12.1 General Setup Menu 1 – General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. It is recommended you type your computer's "Computer name".
ZyAIR G-500 Wireless Access Point User’s Guide Table 12-1 Menu 1 General Setup FIELD DESCRIPTION EXAMPLE System Name Choose a descriptive name for identification purposes. This name can G-500 be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes “-”...
ZyAIR G-500 Wireless Access Point User’s Guide Chapter 13 LAN Setup This chapter shows you how to configure the LAN on your ZyAIR. 13.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 – LAN Setup. From the main menu, enter 3 to display menu 3.
ZyAIR G-500 Wireless Access Point User’s Guide Table 13-1 Menu 3.2 TCP/IP Setup FIELD DESCRIPTION EXAMPLE IP Address Press [SPACE BAR] and then [ENTER] to select Dynamic to have the Assignment ZyAIR obtain an IP address from a DHCP server. You must know the IP address assigned to the ZyAIR (by the DHCP server) to access the ZyAIR again.
ZyAIR G-500 Wireless Access Point User’s Guide Menu 3.5 - Wireless LAN Setup ESSID= Wireless Hide ESSID= No Channel ID= CH06 2437MHz Edit MAC Address Filter= No RTS Threshold= 2432 Edit Roaming Configuration= Frag. Threshold= 2432 Preamble= Long WEP Encryption= 64-bit WEP 802.11 Mode= Mixed...
Page 128
ZyAIR G-500 Wireless Access Point User’s Guide Table 13-2 Menu 3.5 Wireless LAN Setup FIELD DESCRIPTION EXMAPLE Default Key Enter the key number (1 to 4) in this field. Only one key can be enabled at any one time. This key must be the same on the ZyAIR and the wireless stations to communicate.
ZyAIR G-500 Wireless Access Point User’s Guide Table 13-2 Menu 3.5 Wireless LAN Setup FIELD DESCRIPTION EXMAPLE Max. Frame Enable Maximum Frame Burst to help eliminate collisions in mixed-mode Burst networks (networks with both IEEE 802.11g and IEEE 802.11b traffic) and enhance the performance of both pure IEEE 802.11g and mixed IEEE...
ZyAIR G-500 Wireless Access Point User’s Guide Table 13-3 Menu 3.5.1 WLAN MAC Address Filter FIELD DESCRIPTION Active To enable MAC address filtering, press [SPACE BAR] to select Yes and press [ENTER]. Filter Action Define the filter action for the list of MAC addresses in the MAC address filter table.
ZyAIR G-500 Wireless Access Point User’s Guide Chapter 14 Dial-in User Setup This chapter shows you how to create user accounts on the ZyAIR. 14.1 Dial-in User Setup By storing user profiles locally, your ZyAIR is able to authenticate wireless users without interacting with a network RADIUS server.
ZyAIR G-500 Wireless Access Point User’s Guide Table 14-1 Menu 14.1- Edit Dial-in User FIELD DESCRIPTION User Name Enter a username up to 31 alphanumeric characters long for this user profile. This field is case sensitive. Active Press [SPACE BAR] to select Yes and press [ENTER] to enable the user profile.
ZyAIR G-500 Wireless Access Point User’s Guide Chapter 15 SNMP Configuration This chapter explains SNMP Configuration menu 22. 15.1 About SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your ZyAIR supports SNMP agent functionality, which allows a manager station to manage and monitor the ZyAIR through the network.
ZyAIR G-500 Wireless Access Point User’s Guide An agent is a management software module that resides in a managed device (the ZyAIR). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions.
ZyAIR G-500 Wireless Access Point User’s Guide Menu 22 - SNMP Configuration SNMP: Get Community= public Set Community= public Trusted Host= 0.0.0.0 Trap: Community= public Destination= 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: Figure 15-2 Menu 22 SNMP Configuration The following table describes the SNMP configuration parameters.
ZyAIR G-500 Wireless Access Point User’s Guide Table 15-2 SNMP Traps TRAP # TRAP NAME DESCRIPTION coldStart (defined in RFC-1215) A trap is sent after booting (power on). warmStart (defined in RFC-1215) A trap is sent after booting (software reboot).
ZyAIR G-500 Wireless Access Point User’s Guide Chapter 16 System Security This chapter describes how to configure the system security on the ZyAIR. 16.1 System Security You can configure the system password, an external RADIUS server and 802.1x in this menu.
ZyAIR G-500 Wireless Access Point User’s Guide Menu 23.2 - System Security - RADIUS Server Authentication Server: Active= No Server Address= 10.11.12.13 Port #= 1812 Shared Secret= ? Accounting Server: Active= No Server Address= 10.11.12.13 Port #= 1813 Shared Secret= ? Press ENTER to Confirm or ESC to Cancel: Figure 16-3 Menu 23.2 System Security : RADIUS Server...
ZyAIR G-500 Wireless Access Point User’s Guide Table 16-1 Menu 23.2 System Security : RADIUS Server FIELD DESCRIPTION EXAMPLE Port The default port of the RADIUS server for accounting is 1813. 1813 You need not change this value unless your network administrator instructs you to do so with additional information.
ZyAIR G-500 Wireless Access Point User’s Guide Menu 23.4 - System Security - IEEE802.1x Wireless Port Control= Authentication Required ReAuthentication Timer (in second)= 1800 Idle Timeout (in second)= 3600 Key Management Protocol= 802.1x Dynamic WEP Key Exchange= Disable PSK = N/A...
Page 143
ZyAIR G-500 Wireless Access Point User’s Guide Table 16-2 Menu 23.4 System Security : IEEE802.1x FIELD DESCRIPTION Idle Timeout The ZyAIR automatically disconnects a client from the wired network after a period of (in second) inactivity. The client needs to enter the username and password again before access to the wired network is allowed.
Page 144
ZyAIR G-500 Wireless Access Point User’s Guide Table 16-2 Menu 23.4 System Security : IEEE802.1x FIELD DESCRIPTION Authentication The authentication database contains wireless station login information. The local user Databases database is the built-in database on the ZyAIR. The RADIUS is an external server. Use this field to decide which database the ZyAIR should use (first) to authenticate a wireless station.
ZyAIR G-500 Wireless Access Point User’s Guide Chapter 17 System Information and Diagnosis This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. 17.1 Overview These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software.
ZyAIR G-500 Wireless Access Point User’s Guide The following table describes the fields present in Menu 24.1 – System Maintenance – Status which are read-only and meant for diagnostic purposes. Menu 24.1 - System Maintenance - Status 00:17:34 Sat. Jan. 01, 2000...
ZyAIR G-500 Wireless Access Point User’s Guide Table 17-1 Menu 24.1 System Maintenance : Status FIELD DESCRIPTION System Up Time This is the time the ZyAIR is up and running from the last reboot. 17.3 System Information To get to the System Information: Step 1.
Refers to the routing protocol used. ZyNOS F/W Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. Version ZyNOS is a registered trademark of ZyXEL Communications Corporation. Country Code Refers to the country code of the firmware. Ethernet Address Refers to the Ethernet MAC (Media Access Control) of your ZyAIR.
ZyAIR G-500 Wireless Access Point User’s Guide 17.4 Log and Trace Your ZyAIR provides the error logs and trace records that are stored locally. 17.4.1 Viewing Error Log The first place you should look for clues when something goes wrong is the error log. Follow the procedures to view the local error/trace log: Step 1.
ZyAIR G-500 Wireless Access Point User’s Guide 17.5 Diagnostic The diagnostic facility allows you to test the different aspects of your ZyAIR to determine if it is working properly. Menu 24.4 allows you to choose among various types of diagnostic tests to evaluate your system, as shown in the following figure.
ZyAIR G-500 Wireless Access Point User’s Guide Chapter 18 Firmware and Configuration File Maintenance This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files using the SMT screens. 18.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password and TCP/IP Setup, etc.
ZyAIR G-500 Wireless Access Point User’s Guide Table 18-1 Filename Conventions FILE TYPE INTERNAL EXTERNAL DESCRIPTION NAME NAME Configuration File Rom-0 *.rom This is the configuration filename on the ZyAIR. Uploading the rom-0 file replaces the entire ROM file system, including your ZyAIR configurations, system-related data (including the default password), the error log and the trace log.
ZyAIR G-500 Wireless Access Point User’s Guide 18.2.2 Using the FTP command from the DOS Prompt Step 1. Launch the FTP client on your computer. Step 2. Enter “open” and the IP address of your ZyAIR. Step 3. Press [ENTER] when prompted for a username.
ZyAIR G-500 Wireless Access Point User’s Guide Table 18-2 General Commands for Third Party FTP Clients COMMAND DESCRIPTION Initial Remote Specify the default remote directory (path). Directory Initial Local Specify the default local directory (path). Directory 18.2.3 Backup Configuration Using TFTP The ZyAIR supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN.
ZyAIR G-500 Wireless Access Point User’s Guide where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the ZyAIR IP address, “get” transfers the file source on the ZyAIR (rom-0 name of the configuration file on the ZyAIR) to the file destination on the computer and renames it config.rom.
ZyAIR G-500 Wireless Access Point User’s Guide Menu 24.6 – Restore Configuration To transfer the firmware and the configuration file, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your router. Then type "root" and SMT password as requested.
ZyAIR G-500 Wireless Access Point User’s Guide 18.4.1 Firmware Upload FTP is the preferred method for uploading the firmware and configuration. To use this feature, your computer must have an FTP client. When you telnet into the ZyAIR, you will see the following screens for uploading firmware and the configuration file using FTP.
ZyAIR G-500 Wireless Access Point User’s Guide Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload the system configuration file, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your system. Then type "root" and SMT password as requested.
ZyAIR G-500 Wireless Access Point User’s Guide 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> put firmware.bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 327680 bytes sent in 1.10Seconds 297.89Kbytes/sec.
ZyAIR G-500 Wireless Access Point User’s Guide 18.4.5 Example: TFTP Command The following is an example TFTP command: TFTP [-i] host put firmware.bin ras where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the ZyAIR’s IP address, “put”...
ZyAIR G-500 Wireless Access Point User’s Guide Chapter 19 System Maintenance and Information This chapter leads you through SMT menus 24.8 and 24.10. 19.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the main system firmware. The CI provides much of the same functionality as the SMT, while adding some low-level setup and diagnostic functions.
ZyAIR G-500 Wireless Access Point User’s Guide 19.2 Time and Date Setting The ZyAIR keeps track of the time and date. There is also a software mechanism to set the time manually or get the current time and date from an external server when you turn on your ZyAIR. Menu 24.10 allows you to update the time and date settings of your ZyAIR.
ZyAIR G-500 Wireless Access Point User’s Guide Table 19-1 Menu 24.10 System Maintenance : Time and Date Setting FIELD DESCRIPTION Use Time Server Enter the time service protocol that your time server sends when you turn on the when Bootup ZyAIR.
ZyAIR G-500 Wireless Access Point User’s Guide Chapter 20 Remote Management This chapter covers remote management (SMT menu 24.11). 20.1 Telnet You can configure your ZyAIR for remote Telnet access as shown next. Figure 20-1 Telnet Configuration on a TCP/IP Network 20.2 FTP...
ZyAIR G-500 Wireless Access Point User’s Guide 20.4.1 Remote Management Setup Remote management setup is for managing Telnet, FTP and Web services. You can customize the service port, access interface and the secured client IP address to enhance security and flexibility.
ZyAIR G-500 Wireless Access Point User’s Guide Table 20-1 Menu 24.11 Remote Management Control FIELD DESCRIPTION EXAMPLE Access Select the access interface (if any) by pressing the [SPACE BAR]. LAN only Choices are: LAN only, WLAN only, All or Disable. The default is LAN only.
Appendices Part VI: APPENDICES This part provides troubleshooting and background information about setting up your computer’s IP address, wireless LAN, 802.1x and IP subnetting. It also provides information on the command interpreter interface and logs.
ZyAIR B-500 Wireless Access Point User’s Guide Appendix A Troubleshooting This appendix covers potential problems and possible remedies. After each problem description, some instructions are provided to help you to diagnose and to solve the problem. Problems Starting Up the ZyAIR Chart A-1 Troubleshooting the Start-Up of Your ZyAIR PROBLEM CORRECTIVE ACTION...
ZyAIR B-500 Wireless Access Point User’s Guide Chart A-2 Troubleshooting the Ethernet Interface PROBLEM CORRECTIVE ACTION I cannot ping any If the ETHN LED on the front panel is off, check the Ethernet cable connections computer on the between your ZyAIR and the Ethernet device. LAN.
ZyAIR B-500 Wireless Access Point User’s Guide Problems with the WLAN Interface Chart A-5 Troubleshooting the WLAN Interface PROBLEM CORRECTIVE ACTION Cannot access the Make sure the wireless adapter on the wireless station is working properly. ZyAIR from the Check that both the ZyAIR and your wireless station are using the same ESSID, WLAN.
ZyAIR B-500 Wireless Access Point User’s Guide Appendix B Brute-Force Password Guessing Protection The following describes the commands for enabling, disabling and configuring the brute-force password guessing protection mechanism for the password. See the Command Interpreter appendix for information on the command structure. Chart B-1 Brute-Force Password Guessing Protection Commands COMMAND DESCRIPTION...
ZyAIR B-500 Wireless Access Point User’s Guide Appendix C Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer.
Page 178
ZyAIR B-500 Wireless Access Point User’s Guide If you need the adapter: In the Network window, click Add. Select Adapter and then click Add. Select the manufacturer and model of your network adapter and then click OK. If you need TCP/IP: In the Network window, click Add.
Page 179
ZyAIR B-500 Wireless Access Point User’s Guide Click the IP Address tab. -If your IP address is dynamic, select Obtain an IP address automatically. -If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields.
Page 180
ZyAIR B-500 Wireless Access Point User’s Guide Click the Gateway tab. -If you do not know your gateway’s IP address, remove previously installed gateways. -If you have a gateway IP address, type it in the New gateway field and click Add. Click OK to save and close the TCP/IP Properties window.
Page 181
ZyAIR B-500 Wireless Access Point User’s Guide For Windows XP, click start, Control Panel. In Windows 2000/NT, click Start, Settings, Control Panel. For Windows XP, click Network Right-click Local Area Connection and then Connections. For Windows 2000/NT, click click Properties. Network and Dial-up Connections.
Page 182
ZyAIR B-500 Wireless Access Point User’s Guide Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). -If you have a dynamic IP address click Obtain an IP address automatically.
Page 183
ZyAIR B-500 Wireless Access Point User’s Guide -If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: -In the IP Settings tab, in IP addresses, click Add.
Page 184
ZyAIR B-500 Wireless Access Point User’s Guide In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): -Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). -If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
Page 185
ZyAIR B-500 Wireless Access Point User’s Guide Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. Select Ethernet built-in from the Connect via list. For dynamically assigned settings, select Using DHCP Server from the Configure: list. Setting Up Your Computer’s IP Address...
Page 186
ZyAIR B-500 Wireless Access Point User’s Guide For statically assigned settings, do the following: -From the Configure box, select Manually. -Type your IP address in the IP Address box. -Type your subnet mask in the Subnet mask box. -Type the IP address of your ZyAIR in the Router address box. Close the TCP/IP Control Panel.
Page 187
ZyAIR B-500 Wireless Access Point User’s Guide Click Network in the icon bar. - Select Automatic from the Location list. - Select Built-in Ethernet from the Show list. - Click the TCP/IP tab. For dynamically assigned settings, select Using DHCP from the Configure list. For statically assigned settings, do the following: -From the Configure box, select Manually.
Page 189
ZyAIR B-500 Wireless Access Point User’s Guide Appendix D Wireless LAN and IEEE 802.11 A wireless LAN (WLAN) provides a flexible data communications system that you can use to access various services (navigating the Internet, email, printer services, etc.) without the use of a cabled connection.
Page 190
ZyAIR B-500 Wireless Access Point User’s Guide unlicensed ISM (Industrial, Scientific and Medical) band. The third method is infrared technology, using very high frequencies, just below visible light in the electromagnetic spectrum to carry data. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless nodes or stations (STA), which is called a Basic Service Set (BSS).
Page 191
ZyAIR B-500 Wireless Access Point User’s Guide The Extended Service Set (ESS) shown in the next figure consists of a series of overlapping BSSs (each containing an Access Point) connected together by means of a Distribution System (DS). Although the DS could be any type of network, it is almost invariably an Ethernet LAN.
ZyAIR B-500 Wireless Access Point User’s Guide Appendix E Wireless LAN With IEEE 802.1x As wireless networks become popular for both portable computing and corporate networks, security is now a priority. Security Flaws with IEEE 802.11 Wireless networks based on the original IEEE 802.11 have a poor reputation for safety. The IEEE 802.11b wireless access standard, first published in 1999, was based on the MAC address.
Page 194
ZyAIR B-500 Wireless Access Point User’s Guide RADIUS Server Authentication Sequence The following figure depicts a typical wireless network with a remote RADIUS server for user authentication using EAPOL (EAP Over LAN). Client computer access authorized. Client computer access not authorized. Diagram E-1 Sequences for EAP MD5–Challenge Authentication Wireless LAN with IEEE 802.1x...
ZyAIR B-500 Wireless Access Point User’s Guide Appendix F Types of EAP Authentication This appendix discusses the four popular EAP authentication types: EAP-MD5, EAP-TLS, EAP-TTLS and PEAP. The type of authentication you use depends on the RADIUS server or the AP. Consult your network administrator for more information.
Page 196
ZyAIR B-500 Wireless Access Point User’s Guide hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5 and EAP- MSCHAPv2, for client authentication. For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, simple user name and password pair is more practical.
Page 197
ZyAIR B-500 Wireless Access Point User’s Guide Appendix G IP Subnetting IP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1.
ZyAIR B-500 Wireless Access Point User’s Guide A class “A” address (24 host bits) can have 2 –2 hosts (approximately 16 million hosts). Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127.
Page 199
ZyAIR B-500 Wireless Access Point User’s Guide sequence of ones beginning from the left most bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits. Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet.
Page 200
ZyAIR B-500 Wireless Access Point User’s Guide Divide the network 192.168.1.0 into two separate subnets by converting one of the host ID bits of the IP address to a network number bit. The “borrowed” host ID bit can be either “0” or “1” thus giving two subnets;...
Page 201
ZyAIR B-500 Wireless Access Point User’s Guide to an actual host for the first subnet is 192.168.1.1 and the highest is 192.168.1.126. Similarly the host ID range for the second subnet is 192.168.1.129 to 192.168.1.254. Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide a class “C” address space into two subnets.
Page 202
ZyAIR B-500 Wireless Access Point User’s Guide Chart G-9 Subnet 3 NETWORK NUMBER LAST OCTET BIT VALUE Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.128 Lowest Host ID: 192.168.1.129 Broadcast Address: 192.168.1.191 Highest Host ID: 192.168.1.190 Chart G-10 Subnet 4 NETWORK NUMBER LAST OCTET BIT VALUE IP Address...
Page 203
ZyAIR B-500 Wireless Access Point User’s Guide The following table is a summary for class “C” subnet planning. Chart G-12 Class C Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 255.255.255.128 (/25) 255.255.255.192 (/26) 255.255.255.224 (/27) 255.255.255.240 (/28) 255.255.255.248 (/29)
ZyAIR B-500 Wireless Access Point User’s Guide Appendix H Command Interpreter The following describes how to use the command interpreter. Enter 24 in the main menu to bring up the system maintenance menu. Enter 8 to go to Menu 24.8 - Command Interpreter Mode. See the included disk or www.zyxel.com for more detailed information on these commands.
ZyAIR B-500 Wireless Access Point User’s Guide Appendix I Log Descriptions Chart I-1 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is The ZyAIR has adjusted its time based on information from the time server. successful Time calibration The ZyAIR failed to get information from the time server. failed DHCP client gets %s A DHCP client got a new IP address from the DHCP server.
Page 208
ZyAIR B-500 Wireless Access Point User’s Guide Chart I-2 ICMP Notes TYPE CODE DESCRIPTION Echo Reply Echo reply message Destination Unreachable Net unreachable Host unreachable Protocol unreachable Port unreachable A packet that needed fragmentation was dropped because it was set to Don't Fragment (DF) Source route failed Source Quench...
ZyAIR B-500 Wireless Access Point User’s Guide Chart I-2 ICMP Notes TYPE CODE DESCRIPTION Timestamp Timestamp request message Timestamp Reply Timestamp reply message Information Request Information request message Information Reply Information reply message Chart I-3 Sys log LOG MESSAGE DESCRIPTION Mon dd hr:mm:ss hostname This message is sent by the "RAS"...