1. Manuals
  2. Brands
  3. ZyXEL Communications Manuals
  4. Wireless Access Point
  5. ZyXEL ZyAIR G-500
  6. User manual

ZyXEL Communications ZyAIR G-500 User Manual

802.11g wireless access point
Hide thumbs Also See for ZyAIR G-500:
Table of Contents

Advertisement

Quick Links

Download this manual
ZyAIR G-500
802.11g Wireless Access Point
User's Guide
Version 3.50
April 2004

Advertisement

Table of Contents
loading

Related Manuals for ZyXEL Communications ZyAIR G-500

Summary of Contents for ZyXEL Communications ZyAIR G-500

  • Page 1 ZyAIR G-500 802.11g Wireless Access Point User's Guide Version 3.50 April 2004...
  • Page 2 Trademarks ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
  • Page 3 ZyAIR G-500 Wireless Access Point User’s Guide Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.

  • Page 4: Zyxel Limited Warranty

    ZyAIR G-500 Wireless Access Point User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and...

  • Page 5: Customer Support

    ZyAIR G-500 Wireless Access Point User’s Guide Customer Support Please have the following information ready when you contact customer support. • Product model and serial number. • Warranty Information. • Date that you received your device. • Brief description of the problem and the steps you took to solve it.
  • Page 6 ZyAIR G-500 Wireless Access Point User’s Guide METHOD SUPPORT E-MAIL TELEPHONE WEB SITE REGULAR MAIL SALES E-MAIL FTP SITE LOCATION FINLAND support@zyxel.fi +358-9-4780-8411 www.zyxel.fi ZyXEL Communications Oy Malminkaari 10 sales@zyxel.fi +358-9-4780 8448 00700 Helsinki Finland Customer Support...

  • Page 7: Table Of Contents

    ZyAIR G-500 Wireless Access Point User’s Guide Table of Contents Copyright .................................ii Federal Communications Commission (FCC) Interference Statement .............iii ZyXEL Limited Warranty..........................iv Customer Support............................v List of Figures..............................xii List of Tables..............................xv Preface................................xvii OVERVIEW ..............................I Chapter 1 Getting to Know Your ZyAIR ....................1-1 Introducing the ZyAIR Wireless Access Point ................1-1...
  • Page 8 ZyAIR G-500 Wireless Access Point User’s Guide 5.1.2 BSS ............................5-1 5.1.3 ESS ............................5-2 Wireless LAN Basics.........................5-3 5.2.1 RTS/CTS..........................5-3 5.2.2 Fragmentation Threshold ....................5-4 Configuring Wireless .........................5-5 Configuring Roaming ........................5-6 5.4.1 Requirements for Roaming ....................5-8 Chapter 6 Wireless Security........................6-1 Wireless Security Overview.......................6-1 WEP Overview ..........................6-1...
  • Page 9 ZyAIR G-500 Wireless Access Point User’s Guide Remote Management Overview....................8-1 8.1.1 Remote Management Limitations ..................8-1 8.1.2 System Timeout .........................8-1 Telnet ............................8-2 Configuring TELNET ........................8-2 Configuring FTP ........................8-3 Configuring WWW........................8-4 Configuring SNMP ........................8-5 8.6.1 Supported MIBs .........................8-7 8.6.2 SNMP Traps........................8-7 8.6.3 REMOTE MANAGEMENT: SNMP.................8-7...
  • Page 10 ZyAIR G-500 Wireless Access Point User’s Guide 13.3.2 Configuring Roaming ......................13-7 Chapter 14 Dial-in User Setup........................14-1 14.1 Dial-in User Setup ........................14-1 Chapter 15 SNMP Configuration ......................15-1 15.1 About SNMP..........................15-1 15.2 Supported MIBs ........................15-2 15.3 SNMP Configuration .......................15-2 15.4 SNMP Traps ..........................15-3 Chapter 16 System Security........................16-1...
  • Page 11 ZyAIR G-500 Wireless Access Point User’s Guide 20.1 Telnet ............................20-1 20.2 FTP............................20-1 20.3 Web ............................20-1 20.4 Remote Management .......................20-1 20.4.1 Remote Management Setup....................20-2 20.4.2 Remote Management Limitations ..................20-3 20.5 System Timeout ........................20-3 APPENDICES .............................VII Appendix A Troubleshooting........................A-1 Appendix B Brute-Force Password Guessing Protection ................B-1 Appendix C Setting up Your Computer’s IP Address ................C-1...

  • Page 12: List Of Figures

    ZyAIR G-500 Wireless Access Point User’s Guide List of Figures Figure 1-1 Internet Access Application......................1-4 Figure 1-2 Corporation Network Application....................1-5 Figure 2-1 Change Password Screen ......................2-1 Figure 2-2 Navigating the ZyAIR Web Configurator ..................2-3 Figure 3-1 Wizard 1 : General Setup ......................3-2 Figure 3-2 Wizard 2 : Wireless LAN Setup ....................3-3...
  • Page 13 Figure 10-13 Restart Screen........................10-11 Figure 11-1 Login Screen..........................11-1 Figure 11-2 Menu 23.1 System Security : Change Password ...............11-2 Figure 11-3 ZyAIR G-500 SMT Menu Overview Example .................11-3 Figure 11-4 ZyAIR G-500 SMT Main Menu....................11-5 Figure 12-1 Menu 1 General Setup ......................12-1 Figure 13-1 Menu 3 LAN Setup ........................
  • Page 14 ZyAIR G-500 Wireless Access Point User’s Guide Figure 17-8 Menu 24.4 System Maintenance : Diagnostic................17-6 Figure 18-1 Menu 24.5 Backup Configuration.....................18-2 Figure 18-2 FTP Session Example........................18-3 Figure 18-3 Menu 24.6 Restore Configuration.....................18-6 Figure 18-4 Menu 24.7 System Maintenance : Upload Firmware ..............18-6 Figure 18-5 Menu 24.7.1 System Maintenance : Upload System Firmware ..........18-7...
  • Page 15 ZyAIR G-500 Wireless Access Point User’s Guide List of Tables Table 3-1 Wizard 1 : General Setup ....................... 3-2 Table 3-2 Wizard 2 : Wireless LAN Setup ..................... 3-3 Table 3-3 Private IP Address Ranges ......................3-5 Table 3-4 Wizard 3 : IP Address Assignment ....................3-6 Table 4-1 System General Setup ........................
  • Page 16 ZyAIR G-500 Wireless Access Point User’s Guide Table 14-1 Menu 14.1- Edit Dial-in User .....................14-2 Table 15-1 Menu 22 SNMP Configuration ....................15-3 Table 15-2 SNMP Traps..........................15-4 Table 16-1 Menu 23.2 System Security : RADIUS Server................16-2 Table 16-2 Menu 23.4 System Security : IEEE802.1x .................16-4 Table 17-1 Menu 24.1 System Maintenance : Status ..................17-2...

  • Page 17: Preface

    ZyAIR G-500 Wireless Access Point User’s Guide Preface Congratulations on your purchase from the ZyAIR G-500 802.11g Wireless Access Point. An access point (AP) acts as a bridge between the wireless and wired networks, extending your existing wired network without any additional wiring.
  • Page 18 For brevity’s sake, we will use “e.g.,” as a shorthand for “for instance”, and “i.e.,” for “that is” or “in other words” throughout this manual. • The ZyAIR G-500 802.11g Wireless Access Point may be referred to simply as the ZyAIR in the user’s guide. User Guide Feedback Help us help you.

  • Page 19: Overview

    Overview OVERVIEW This part introduces the main features and applications of ZyAIR and shows how to access the web configurator and use the Wizard to setup the ZyAIR.

  • Page 21: Chapter 1 Getting To Know Your Zyair

    ZyAIR G-500 Wireless Access Point User’s Guide Chapter 1 Getting to Know Your ZyAIR This chapter introduces the main features and applications of the ZyAIR. Introducing the ZyAIR Wireless Access Point The ZyAIR extends the range of your existing wired network without any additional wiring efforts. The ZyAIR provides easy network access to mobile users.

  • Page 22: G Wireless Lan Standard

    ZyAIR G-500 Wireless Access Point User’s Guide 802.11g Wireless LAN Standard ZyAIR products containing the letter “G” in the model name, such as ZyAIR G-500 and ZyAIR G-2000, comply with the 802.11g wireless standard. 802.11g will be fully compatible with the 802.11b standard. This means an 802.11b radio card can interface directly with an 802.11g access point (and vice versa) at 11 Mbps or lower depending on range.

  • Page 23: Applications For The Zyair

    ZyAIR G-500 Wireless Access Point User’s Guide IEEE 802.1x Network Security The ZyAIR supports the IEEE 802.1x standard to enhance user authentication. Use the built-in user profile database to authenticate up to 32 users using MD5 encryption. Use an EAP-compatible RADIUS (RFC2138, 2139 - Remote Authentication Dial In User Service) server to authenticate a limitless number of users using EAP (Extensible Authentication Protocol).

  • Page 24: Internet Access Application

    ZyAIR G-500 Wireless Access Point User’s Guide 1.3.1 Internet Access Application The ZyAIR is an ideal access solution for wireless Internet connection. A typical Internet access application for your ZyAIR is shown as follows. Figure 1-1 Internet Access Application 1.3.2 Corporation Network Application...

  • Page 25: Figure 1-2 Corporation Network Application

    ZyAIR G-500 Wireless Access Point User’s Guide Figure 1-2 Corporation Network Application Getting to Know Your ZyAIR...

  • Page 27: Chapter 2 Introducing The Web Configurator

    ZyAIR G-500 Wireless Access Point User’s Guide Chapter 2 Introducing the Web Configurator This chapter describes how to access the ZyAIR web configurator and provides an overview of its screens. The default IP address of the ZyAIR is 192.168.1.2. Accessing the ZyAIR Web Configurator Step 1.

  • Page 28: Resetting The Zyair

    ZyAIR G-500 Wireless Access Point User’s Guide The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the ZyAIR if this happens to you. Resetting the ZyAIR If you forget your password or cannot access the ZyAIR, you will need to reload the factory-default configuration file or use the RESET button on the top panel of the ZyAIR.

  • Page 29: Navigating The Zyair Web Configurator

    ZyAIR G-500 Wireless Access Point User’s Guide Navigating the ZyAIR Web Configurator The following summarizes how to navigate the web configurator. Follow the instructions below or click the icon (located in the top right corner of most screens) to view online help.

  • Page 31: Chapter 3 Wizard Setup

    ZyAIR G-500 Wireless Access Point User’s Guide Chapter 3 Wizard Setup This chapter provides information on the Wizard Setup screens in the web configurator. Wizard Setup Overview The web configurator’s setup wizard helps you configure your ZyAIR for wireless stations to access your wired LAN.

  • Page 32: Wizard Setup: General Setup

    ZyAIR G-500 Wireless Access Point User’s Guide Wizard Setup: General Setup General Setup contains administrative and system-related information. Figure 3-1 Wizard 1 : General Setup The following table describes the labels in this screen. Table 3-1 Wizard 1 : General Setup...

  • Page 33: Wizard Setup: Wireless Lan

    ZyAIR G-500 Wireless Access Point User’s Guide Table 3-1 Wizard 1 : General Setup LABEL DESCRIPTION Domain Name This is not a required field. Leave this field blank or enter the domain name here if you know Next Click Next to proceed to the next screen.

  • Page 34: Wizard Setup: Ip Address

    ZyAIR G-500 Wireless Access Point User’s Guide Table 3-2 Wizard 2 : Wireless LAN Setup LABEL DESCRIPTION ESSID Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN. If you change this field on the ZyAIR, make sure all wireless stations use the same ESSID in order to access the network.

  • Page 35: Ip Address And Subnet Mask

    ZyAIR G-500 Wireless Access Point User’s Guide Table 3-3 Private IP Address Ranges 10.0.0.0 10.255.255.255 172.16.0.0 172.31.255.255 192.168.0.0 192.168.255.255 You can obtain your IP address from the IANA, from an ISP or have it assigned by a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks.

  • Page 36: Figure 3-3 Wizard 3 : Ip Address Assignment

    ZyAIR G-500 Wireless Access Point User’s Guide Figure 3-3 Wizard 3 : IP Address Assignment The following table describes the labels in this screen. Table 3-4 Wizard 3 : IP Address Assignment LABEL DESCRIPTION IP Address Assignment Get automatically from...

  • Page 37: Basic Setup Complete

    ZyAIR G-500 Wireless Access Point User’s Guide Table 3-4 Wizard 3 : IP Address Assignment LABEL DESCRIPTION Gateway IP Address Enter the IP address of a gateway. The gateway is an immediate neighbor of your ZyAIR that will forward the packet to the destination. On the LAN, the gateway must be a router on the same segment as your ZyAIR;...
  • Page 38 ZyAIR G-500 Wireless Access Point User’s Guide Well done! You have successfully set up your ZyAIR to operate on your network and access the Internet. Wizard Setup...

  • Page 39: System, Wireless And Ip

    System, Wireless and IP Part II: SYSTEM, WIRELESS AND IP This part covers the information and web configurator screens of System, Wireless and IP.

  • Page 41: Chapter 4 System Screens

    ZyAIR G-500 Wireless Access Point User’s Guide Chapter 4 System Screens This chapter provides information on the System screens. System Overview This section provides information on general system setup. Configuring General Setup Click SYSTEM to open the General screen. Figure 4-1 System General Setup The following table describes the labels in this screen.

  • Page 42: Configuring Password

    ZyAIR G-500 Wireless Access Point User’s Guide Table 4-1 System General Setup LABEL DESCRIPTION System Name Type a descriptive name to identify the ZyAIR in the Ethernet network. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes "-"...

  • Page 43: Configuring Time Setting

    ZyAIR G-500 Wireless Access Point User’s Guide Figure 4-2 Password The following table describes the labels in this screen. Table 4-2 Password LABEL DESCRIPTION Old Password Type in your existing system password (1234 is the default password). New Password Type your new system password (up to 31 characters). Note that as you type a password, the screen displays an asterisk (*) for each character you type.

  • Page 44: Figure 4-3 Time Setting

    ZyAIR G-500 Wireless Access Point User’s Guide Figure 4-3 Time Setting The following table describes the labels in this screen. Table 4-3 Time Setting LABEL DESCRIPTION Time Protocol Select the time service protocol that your time server sends when you turn on the ZyAIR.
  • Page 45 ZyAIR G-500 Wireless Access Point User’s Guide Table 4-3 Time Setting LABEL DESCRIPTION Time Server Enter the IP address or the URL of your time server. Check with your ISP/network Address administrator if you are unsure of this information. Current Time This field displays the time of your ZyAIR.

  • Page 47: Chapter 5 Wireless Configuration And Roaming

    ZyAIR G-500 Wireless Access Point User’s Guide Chapter 5 Wireless Configuration and Roaming This chapter discusses how to configure Wireless and Roaming screens on the ZyAIR. Wireless LAN Overview This section introduces the wireless LAN (WLAN) and some basic scenarios.

  • Page 48: Ess

    ZyAIR G-500 Wireless Access Point User’s Guide Figure 5-2 Basic Service set 5.1.3 ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS).

  • Page 49: Wireless Lan Basics

    ZyAIR G-500 Wireless Access Point User’s Guide Figure 5-3 Extended Service Set Wireless LAN Basics Refer also to the chapter on wizard setup for more background information on Wireless LAN features, such as channels. 5.2.1 RTS/CTS A hidden node occurs when two stations are within range of the same access point, but are not within range of each other.

  • Page 50: Fragmentation Threshold

    ZyAIR G-500 Wireless Access Point User’s Guide Figure 5-4 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.

  • Page 51: Configuring Wireless

    ZyAIR G-500 Wireless Access Point User’s Guide If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.

  • Page 52: Configuring Roaming

    ZyAIR G-500 Wireless Access Point User’s Guide The following table describes the general wireless LAN labels in this screen. Table 5-1 Wireless LABEL DESCRIPTION ESSID (Extended Service Set IDentity) The ESSID identifies the Service Set with which a wireless station is associated. Wireless stations associating to the access point (AP) must have the same ESSID.

  • Page 53: Figure 5-6 Roaming Example

    ZyAIR G-500 Wireless Access Point User’s Guide The roaming feature on the access points allows the access points to relay information about the wireless stations to each other. When a wireless station moves from a coverage area to another, it scans and uses the channel of a new access point, which then informs the access points on the LAN about the change.

  • Page 54: Requirements For Roaming

    ZyAIR G-500 Wireless Access Point User’s Guide Step 3. Access point AP 1 updates the new position of wireless station. Step 4. Wireless station Y sends a request to access point AP 2 for reauthentication. 5.4.1 Requirements for Roaming The following requirements must be met in order for wireless stations to roam between the coverage areas.

  • Page 55: Table 5-2 Roaming

    ZyAIR G-500 Wireless Access Point User’s Guide Table 5-2 Roaming LABEL DESCRIPTION Active Select Yes from the drop-down list box to enable roaming on the ZyAIR if you have two or more ZyAIRs on the same subnet. All APs on the same subnet and the wireless stations must have the same ESSID to allow roaming.

  • Page 57: Chapter 6 Wireless Security

    ZyAIR G-500 Wireless Access Point User’s Guide Chapter 6 Wireless Security This chapter describes how to use the MAC Filter, 802.1x, Local User Database and RADIUS to configure wireless security on your ZyAIR. Wireless Security Overview Wireless security is vital to your network to protect wireless communication between wireless stations, access points and the wired network.

  • Page 58: Data Encryption

    ZyAIR G-500 Wireless Access Point User’s Guide 6.2.1 Data Encryption WEP provides a mechanism for encrypting data using encryption keys. Both the AP and the wireless stations must use the same WEP key to encrypt and decrypt data. Your ZyAIR allows you to configure up to four 64- bit or 128-bit WEP keys, but only one key can be enabled at any one time.

  • Page 59: Preamble Type

    ZyAIR G-500 Wireless Access Point User’s Guide Shared key authentication involves a four-message procedure. A wireless station sends a shared key authentication request to the AP, which will then reply with a challenge text message. The wireless station must then use the AP’s default WEP key to encrypt the challenge text and return it to the AP, which attempts to decrypt the message using the AP’s default WEP key.

  • Page 60: Figure 6-3 Wireless

    ZyAIR G-500 Wireless Access Point User’s Guide Figure 6-3 Wireless The following table describes the wireless LAN security labels in this screen. Table 6-1 Wireless LABEL DESCRIPTION Select Disable to allow wireless stations to communicate with the access points without Encryption any data encryption.
  • Page 61 ZyAIR G-500 Wireless Access Point User’s Guide Table 6-1 Wireless LABEL DESCRIPTION Authentication Select Auto, Open System or Shared Key from the drop-down list box. Method This field is not available if WEP is not activated. If WEP encryption is activated, the default setting is Auto.

  • Page 62: Mac Filter

    ZyAIR G-500 Wireless Access Point User’s Guide MAC Filter The MAC filter screen allows you to configure the ZyAIR to give exclusive access to up to 32 devices (Allow Association) or exclude up to 32 devices from accessing the ZyAIR (Deny Association). Every Ethernet device has a unique MAC (Media Access Control) address.

  • Page 63: Figure 6-4 Mac Address Filter

    ZyAIR G-500 Wireless Access Point User’s Guide Figure 6-4 MAC Address Filter The following table describes the labels in this screen. Wireless Security...

  • Page 64: Overview

    ZyAIR G-500 Wireless Access Point User’s Guide Table 6-2 MAC Address Filter LABEL DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering. Filter Action Define the filter action for the list of MAC addresses in the MAC address filter table.

  • Page 65: Eap Authentication Overview

    ZyAIR G-500 Wireless Access Point User’s Guide • Access-Request Sent by an access point requesting authentication. • Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access. • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access-Request message.

  • Page 66: Dynamic Wep Key Exchange

    ZyAIR G-500 Wireless Access Point User’s Guide Figure 6-5 EAP Authentication The details below provide a general description of how IEEE 802.1x EAP authentication works. For an example list of EAP-MD5 authentication steps, see the IEEE 802.1x appendix. • The wireless station sends a “start” message to the ZyAIR.

  • Page 67: Introduction To Wpa

    ZyAIR G-500 Wireless Access Point User’s Guide Introduction to WPA Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft. Key differences between WPA and WEP are user authentication and improved data encryption. 6.9.1 User Authentication WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients...

  • Page 68: Wpa-Psk Application Example

    ZyAIR G-500 Wireless Access Point User’s Guide 6.10 WPA-PSK Application Example A WPA-PSK application looks as follows. Step 1. First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters (including spaces and symbols).

  • Page 69: Security Parameters Summary

    ZyAIR G-500 Wireless Access Point User’s Guide Figure 6-7 WPA with RADIUS Application Example 6.12 Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. You enter manual keys by first selecting 64-bit WEP or 128-bit WEP from the WEP Encryption field and then typing the keys (in ASCII or hexadecimal format) in the key text boxes.

  • Page 70: Wireless Client Wpa Supplicants

    ZyAIR G-500 Wireless Access Point User’s Guide Table 6-3 Wireless Security Relational Matrix AUTHENTICATION ENCRYPTION ENTER IEEE 802.1X METHOD/ KEY METHOD MANUAL KEY MANAGEMENT PROTOCOL Enable without Dynamic WEP Key Disable Enable TKIP Enable WPA-PSK Enable WPA-PSK TKIP Enable 6.13 Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA.

  • Page 71: Authentication Required: 802.1X

    ZyAIR G-500 Wireless Access Point User’s Guide Figure 6-8 Wireless LAN: 802.1x/WPA The following table describes the labels in this screen. Table 6-4 Wireless LAN: 802.1x/WPA LABEL DESCRIPTION Wireless Port To control wireless stations access to the wired network, select a control method from Control the drop-down list box.

  • Page 72: Figure 6-9 Wireless Lan: 802.1X/Wpa For 802.1X Protocol

    ZyAIR G-500 Wireless Access Point User’s Guide Figure 6-9 Wireless LAN: 802.1x/WPA for 802.1x Protocol The following table describes the labels in this screen. Table 6-5 Wireless LAN: 802.1x/WPA for 802.1x Protocol LABEL DESCRIPTION Wireless Port To control wireless stations access to the wired network, select a control method from Control the drop-down list box.
  • Page 73 ZyAIR G-500 Wireless Access Point User’s Guide Table 6-5 Wireless LAN: 802.1x/WPA for 802.1x Protocol LABEL DESCRIPTION ReAuthentication Specify how often wireless stations have to reenter usernames and passwords in Timer order to stay connected. This field is activated only when you select Authentication Required in the Wireless Port Control field.

  • Page 74: Authentication Required: Wpa

    ZyAIR G-500 Wireless Access Point User’s Guide Table 6-5 Wireless LAN: 802.1x/WPA for 802.1x Protocol LABEL DESCRIPTION Authentication The authentication database contains wireless station login information. The local Databases user database is the built-in database on the ZyAIR. The RADIUS is an external server.

  • Page 75: Figure 6-10 Wireless Lan: 802.1X/Wpa For Wpa Protocol

    ZyAIR G-500 Wireless Access Point User’s Guide Figure 6-10 Wireless LAN: 802.1x/WPA for WPA Protocol The following table describes the labels not previously discussed Table 6-6 Wireless LAN: 802.1x/WPA for WPA Protocol LABEL DESCRIPTION Key Management Choose WPA in this field.

  • Page 76: Authentication Required: Wpa-Psk

    ZyAIR G-500 Wireless Access Point User’s Guide Table 6-6 Wireless LAN: 802.1x/WPA for WPA Protocol LABEL DESCRIPTION Authentication When you configure Key Management Protocol to WPA, the Authentication Databases Databases must be RADIUS Only. You can only use the Local User Database Only with 802.1x Key Management Protocol.

  • Page 77: Introduction To Local User Database

    ZyAIR G-500 Wireless Access Point User’s Guide Table 6-7 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol LABEL DESCRIPTION Key Management Choose WPA-PSK in this field. Protocol Pre-Shared Key The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference between the two is that WPA-PSK uses a simple common password, instead of user-specific credentials.

  • Page 78: Figure 6-12 Local User Database

    ZyAIR G-500 Wireless Access Point User’s Guide Figure 6-12 Local User Database The following table describes the labels in this screen. 6-22 Wireless Security...

  • Page 79: Configuring Radius

    ZyAIR G-500 Wireless Access Point User’s Guide Table 6-8 Local User Database LABEL DESCRIPTION Active Select this check box to activate the user profile. User Name Enter the username (up to 31 characters) for this user profile. Password Type a password (up to 31 characters) for this user profile. Note that as you type a password, the screen displays a (*) for each character you type.

  • Page 80: Table 6-9 Radius

    ZyAIR G-500 Wireless Access Point User’s Guide The following table describes the labels in this screen. Table 6-9 RADIUS LABEL DESCRIPTION Authentication Server Active Select Yes from the drop-down list box to enable user authentication through an external authentication server.

  • Page 81: Chapter 7 Ip Screen

    ZyAIR G-500 Wireless Access Point User’s Guide Chapter 7 IP Screen This chapter discusses how to configure IP on the ZyAIR Factory Ethernet Defaults The Ethernet parameters of the ZyAIR are preset in the factory with the following values: •...

  • Page 82: Table 7-1 Ip Setup

    ZyAIR G-500 Wireless Access Point User’s Guide The following table describes the labels in this screen. Table 7-1 IP Setup LABEL DESCRIPTION IP Address Assignment Get automatically from Select this option if your ZyAIR is using a dynamically assigned IP address from DHCP a DHCP server each time.

  • Page 83: Remote Management And Logs

    Remote Management and Logs Part III: REMOTE MANAGEMENT AND LOGS This part provides information and configuration instructions for Remote Management and the logs.

  • Page 85: Chapter 8 Remote Management

    ZyAIR G-500 Wireless Access Point User’s Guide Chapter 8 Remote Management This chapter provides information on the Remote Management screens. Remote Management Overview Remote management allows you to determine which services/protocols can access which ZyAIR interface (if any) from which computers. You can customize the service port, access interface and the secured client IP address to enhance security and flexibility.

  • Page 86: Telnet

    ZyAIR G-500 Wireless Access Point User’s Guide Telnet You can telnet into the ZyAIR to perform remote management. Figure 8-1 Telnet Configuration on a TCP/IP Network Configuring TELNET Click REMOTE MGNT to open the TELNET screen. Figure 8-2 Telnet The following table describes the labels in this screen.

  • Page 87: Configuring Ftp

    ZyAIR G-500 Wireless Access Point User’s Guide Table 8-1 Telnet LABEL DESCRIPTION Server Access Select the interface(s) through which a computer may access the ZyAIR using this service. Secured Client A secured client is a “trusted” computer that is allowed to communicate with the ZyAIR IP Address using this service.

  • Page 88: Configuring Www

    ZyAIR G-500 Wireless Access Point User’s Guide Table 8-2 FTP LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.

  • Page 89: Configuring Snmp

    ZyAIR G-500 Wireless Access Point User’s Guide Table 8-3 WWW LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.

  • Page 90: Figure 8-5 Snmp Management Model

    ZyAIR G-500 Wireless Access Point User’s Guide Figure 8-5 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the ZyAIR). An agent translates the local management information from the managed device into a form compatible with SNMP.

  • Page 91: Supported Mibs

    ZyAIR G-500 Wireless Access Point User’s Guide • Trap - Used by the agent to inform the manager of some events. 8.6.1 Supported MIBs The ZyAIR supports MIB II that is defined in RFC-1213 and RFC-1215. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance.
  • Page 92 ZyAIR G-500 Wireless Access Point User’s Guide Figure 8-6 SNMP The following table describes the labels in this screen. Table 8-6 SNMP LABEL DESCRIPTION SNMP Configuration Get Community Enter the Get Community, which is the password for the incoming Get and GetNext requests from the management station.

  • Page 93: Table 8-6 Snmp

    ZyAIR G-500 Wireless Access Point User’s Guide Table 8-6 SNMP LABEL DESCRIPTION Trusted Host If you enter a trusted host, your ZyAIR will only respond to SNMP messages from this address. A blank (default) field means your ZyAIR will respond to all SNMP messages it receives, regardless of source.

  • Page 95: Chapter 9 Logs Screens

    ZyAIR G-500 Wireless Access Point User’s Guide Chapter 9 Logs Screens This chapter contains information about configuring general log settings and viewing the ZyAIR’s logs. Refer to the appendix for example log message explanations. Configuring View Log The web configurator allows you to look at all of the ZyAIR’s logs in one location.

  • Page 96: Configuring Log Settings

    ZyAIR G-500 Wireless Access Point User’s Guide The following table describes the labels in this screen. Table 9-1 View Log LABEL DESCRIPTION Display Select a log category from the drop down list box to display logs within the selected category. To view all logs, select All Logs.

  • Page 97: Figure 9-2 Log Settings

    ZyAIR G-500 Wireless Access Point User’s Guide Figure 9-2 Log Settings The following table describes the labels in this screen. Logs Screens...

  • Page 98: Table 9-2 Log Settings

    ZyAIR G-500 Wireless Access Point User’s Guide Table 9-2 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and alert messages will not be sent via e-mail.
  • Page 99 ZyAIR G-500 Wireless Access Point User’s Guide Table 9-2 Log Settings LABEL DESCRIPTION Clear log after sanding Select the check box to clear all logs after logs and alert messages are sent via e- mail mail. Select the categories of logs that you want to record.

  • Page 101: Maintenance

    Maintenance Part IV: MAINTENANCE This part describes the Maintenance web configurator screens.

  • Page 103: Chapter 10 Maintenance

    ZyAIR G-500 Wireless Access Point User’s Guide Chapter 10 Maintenance This chapter describes the Maintenance screens that display system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 10.1 Maintenance Overview The maintenance screens can help you view system information, upload new firmware, manage configuration and restart your ZyAIR.

  • Page 104: System Statistics

    ZyAIR G-500 Wireless Access Point User’s Guide Table 10-1 System Status LABEL DESCRIPTION ZyNOS Firmware This is the ZyNOS Firmware version and the date created. ZyNOS is ZyXEL's Version proprietary Network Operating System design. IP Address This is the Ethernet port IP address.

  • Page 105: Association List

    ZyAIR G-500 Wireless Access Point User’s Guide Table 10-2 System Status: Show Statistics LABEL DESCRIPTION TxPkts This is the number of transmitted packets on this port. RxPkts This is the number of received packets on this port. Collisions This is the number of collisions on this port.

  • Page 106: F/W Upload Screen

    ZyAIR G-500 Wireless Access Point User’s Guide Figure 10-3 Association List The following table describes the labels in this screen. Table 10-3 Association List LABEL DESCRIPTION This is the index number of an associated wireless station. MAC Address This field displays the MAC address of an associated wireless station.

  • Page 107: Figure 10-4 Firmware Upload

    ZyAIR G-500 Wireless Access Point User’s Guide Figure 10-4 Firmware Upload The following table describes the labels in this screen. Table 10-4 Firmware Upload LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it.

  • Page 108: Figure 10-5 Firmware Upload In Process

    ZyAIR G-500 Wireless Access Point User’s Guide Figure 10-5 Firmware Upload In Process The ZyAIR automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 10-6 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the System Status screen.

  • Page 109: Configuration Screen

    ZyAIR G-500 Wireless Access Point User’s Guide Figure 10-7 Firmware Upload Error 10.5 Configuration Screen See the Firmware and Configuration File Maintenance chapter for transferring configuration files using FTP/TFTP commands. Click MAINTENANCE, and then the Configuration tab. Information related to factory defaults, backup configuration, and restoring configuration appears as shown next.

  • Page 110: Backup Configuration

    ZyAIR G-500 Wireless Access Point User’s Guide Figure 10-8 Configuration 10.5.1 Backup Configuration Backup configuration allows you to back up (save) the ZyAIR’s current configuration to a file on your computer. Once your ZyAIR is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes.

  • Page 111: Restore Configuration

    ZyAIR G-500 Wireless Access Point User’s Guide 10.5.2 Restore Configuration Restore configuration allows you to upload a new or previously saved configuration file from your computer to your ZyAIR. Table 10-5 Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it.

  • Page 112: Back To Factory Defaults

    ZyAIR G-500 Wireless Access Point User’s Guide Figure 10-10 Network Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default ZyAIR IP address (192.168.1.2). See your Quick Installation Guide for details on how to set up your computer’s IP address.

  • Page 113: Restart Screen

    ZyAIR G-500 Wireless Access Point User’s Guide Figure 10-12 Reset Warning Message You can also press the RESET button on the rear panel to reset the factory defaults of your ZyAIR. Refer to the section on resetting the ZyAIR for more information on the RESET button.

  • Page 115: Smt Configuration

    SMT Configuration Part V: SMT CONFIGURATION This part contains SMT (System Management Terminal) configuration and background information for features only configurable by SMT. See the web configurator parts of this guide for background information on features configurable by web configurator and SMT.

  • Page 117: Chapter 11 Introducing The Smt

    ZyAIR G-500 Wireless Access Point User’s Guide Chapter 11 Introducing the SMT This chapter describes how to access the SMT and provides an overview of its menus 11.1 Connect to your ZyAIR Using Telnet The following procedure details how to telnet into your ZyAIR.

  • Page 118: Zyair Smt Menu Overview Example

    ZyAIR G-500 Wireless Access Point User’s Guide Menu 23.1 – System Security – Change Password Old Password= **** New Password= ? Retype to confirm= ? Enter here to CONFIRM or ESC to CANCEL: Figure 11-2 Menu 23.1 System Security : Change Password Step 4.

  • Page 119: Figure 8-6 Snmp

    Upload System - Change Console Port Upload Firmware Firmware Configuration File Speed Menu 24.8 Menu 24.10 Menu 24.1 Remote Command Time and Date Management Control Setting Interpreter Mode Figure 11-3 ZyAIR G-500 SMT Menu Overview Example Introducing the SMT 11-3...

  • Page 120: Navigating The Smt Interface

    ZyAIR G-500 Wireless Access Point User’s Guide 11.4 Navigating the SMT Interface The SMT (System Management Terminal) is the interface that you use to configure your ZyAIR. Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below.

  • Page 121: System Management Terminal Interface Summary

    ZyAIR G-500 Wireless Access Point User’s Guide Copyright (c) 1994 - 2003 ZyXEL Communications Corp. ZyAIR G-500 Main Menu Getting Started Advanced Management 1. General Setup 22. SNMP Configuration 3. LAN Setup 23. System Security 24. System Maintenance Advanced Applications 14.

  • Page 123: Chapter 12 General Setup

    ZyAIR G-500 Wireless Access Point User’s Guide Chapter 12 General Setup The chapter shows you the information on general setup. 12.1 General Setup Menu 1 – General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. It is recommended you type your computer's "Computer name".

  • Page 124: Table 12-1 Menu 1 General Setup

    ZyAIR G-500 Wireless Access Point User’s Guide Table 12-1 Menu 1 General Setup FIELD DESCRIPTION EXAMPLE System Name Choose a descriptive name for identification purposes. This name can G-500 be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes “-”...

  • Page 125: Chapter 13 Lan Setup

    ZyAIR G-500 Wireless Access Point User’s Guide Chapter 13 LAN Setup This chapter shows you how to configure the LAN on your ZyAIR. 13.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 – LAN Setup. From the main menu, enter 3 to display menu 3.

  • Page 126: Wireless Lan Setup

    ZyAIR G-500 Wireless Access Point User’s Guide Table 13-1 Menu 3.2 TCP/IP Setup FIELD DESCRIPTION EXAMPLE IP Address Press [SPACE BAR] and then [ENTER] to select Dynamic to have the Assignment ZyAIR obtain an IP address from a DHCP server. You must know the IP address assigned to the ZyAIR (by the DHCP server) to access the ZyAIR again.

  • Page 127: Figure 13-3 Menu 3.5 Wireless Lan Setup

    ZyAIR G-500 Wireless Access Point User’s Guide Menu 3.5 - Wireless LAN Setup ESSID= Wireless Hide ESSID= No Channel ID= CH06 2437MHz Edit MAC Address Filter= No RTS Threshold= 2432 Edit Roaming Configuration= Frag. Threshold= 2432 Preamble= Long WEP Encryption= 64-bit WEP 802.11 Mode= Mixed...
  • Page 128 ZyAIR G-500 Wireless Access Point User’s Guide Table 13-2 Menu 3.5 Wireless LAN Setup FIELD DESCRIPTION EXMAPLE Default Key Enter the key number (1 to 4) in this field. Only one key can be enabled at any one time. This key must be the same on the ZyAIR and the wireless stations to communicate.

  • Page 129: Configuring Mac Address Filter

    ZyAIR G-500 Wireless Access Point User’s Guide Table 13-2 Menu 3.5 Wireless LAN Setup FIELD DESCRIPTION EXMAPLE Max. Frame Enable Maximum Frame Burst to help eliminate collisions in mixed-mode Burst networks (networks with both IEEE 802.11g and IEEE 802.11b traffic) and enhance the performance of both pure IEEE 802.11g and mixed IEEE...

  • Page 130: Figure 13-4 Menu 3.5 Wireless Lan Setup

    ZyAIR G-500 Wireless Access Point User’s Guide Menu 3.5 - Wireless LAN Setup ESSID= Wireless Hide ESSID= No Edit MAC Address Filter= Yes Channel ID= CH06 2437MHz RTS Threshold= 2432 Edit Roaming Configuration= Frag. Threshold= 2432 Preamble= Long WEP Encryption= 64-bit WEP 802.11 Mode= Mixed...

  • Page 131: Configuring Roaming

    ZyAIR G-500 Wireless Access Point User’s Guide Table 13-3 Menu 3.5.1 WLAN MAC Address Filter FIELD DESCRIPTION Active To enable MAC address filtering, press [SPACE BAR] to select Yes and press [ENTER]. Filter Action Define the filter action for the list of MAC addresses in the MAC address filter table.

  • Page 132: Figure 13-6 Menu 3.5 Wireless Lan Setup

    ZyAIR G-500 Wireless Access Point User’s Guide Menu 3.5 - Wireless LAN Setup ESSID= Wireless Hide ESSID= No Channel ID= CH06 2437MHz Edit MAC Address Filter= No Edit Roaming Configuration= Yes RTS Threshold= 2432 Frag. Threshold= 2432 Preamble= Long WEP Encryption= 64-bit WEP 802.11 Mode= Mixed...

  • Page 133: Chapter 14 Dial-In User Setup

    ZyAIR G-500 Wireless Access Point User’s Guide Chapter 14 Dial-in User Setup This chapter shows you how to create user accounts on the ZyAIR. 14.1 Dial-in User Setup By storing user profiles locally, your ZyAIR is able to authenticate wireless users without interacting with a network RADIUS server.

  • Page 134: Table 14-1 Menu 14.1- Edit Dial-In User

    ZyAIR G-500 Wireless Access Point User’s Guide Table 14-1 Menu 14.1- Edit Dial-in User FIELD DESCRIPTION User Name Enter a username up to 31 alphanumeric characters long for this user profile. This field is case sensitive. Active Press [SPACE BAR] to select Yes and press [ENTER] to enable the user profile.

  • Page 135: Chapter 15 Snmp Configuration

    ZyAIR G-500 Wireless Access Point User’s Guide Chapter 15 SNMP Configuration This chapter explains SNMP Configuration menu 22. 15.1 About SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your ZyAIR supports SNMP agent functionality, which allows a manager station to manage and monitor the ZyAIR through the network.

  • Page 136: Supported Mibs

    ZyAIR G-500 Wireless Access Point User’s Guide An agent is a management software module that resides in a managed device (the ZyAIR). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions.

  • Page 137: Snmp Traps

    ZyAIR G-500 Wireless Access Point User’s Guide Menu 22 - SNMP Configuration SNMP: Get Community= public Set Community= public Trusted Host= 0.0.0.0 Trap: Community= public Destination= 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: Figure 15-2 Menu 22 SNMP Configuration The following table describes the SNMP configuration parameters.

  • Page 138: Table 15-2 Snmp Traps

    ZyAIR G-500 Wireless Access Point User’s Guide Table 15-2 SNMP Traps TRAP # TRAP NAME DESCRIPTION coldStart (defined in RFC-1215) A trap is sent after booting (power on). warmStart (defined in RFC-1215) A trap is sent after booting (software reboot).

  • Page 139: Chapter 16 System Security

    ZyAIR G-500 Wireless Access Point User’s Guide Chapter 16 System Security This chapter describes how to configure the system security on the ZyAIR. 16.1 System Security You can configure the system password, an external RADIUS server and 802.1x in this menu.

  • Page 140: Figure 16-3 Menu 23.2 System Security : Radius Server

    ZyAIR G-500 Wireless Access Point User’s Guide Menu 23.2 - System Security - RADIUS Server Authentication Server: Active= No Server Address= 10.11.12.13 Port #= 1812 Shared Secret= ? Accounting Server: Active= No Server Address= 10.11.12.13 Port #= 1813 Shared Secret= ? Press ENTER to Confirm or ESC to Cancel: Figure 16-3 Menu 23.2 System Security : RADIUS Server...

  • Page 141: Figure 16-4 Menu 23 System Security

    ZyAIR G-500 Wireless Access Point User’s Guide Table 16-1 Menu 23.2 System Security : RADIUS Server FIELD DESCRIPTION EXAMPLE Port The default port of the RADIUS server for accounting is 1813. 1813 You need not change this value unless your network administrator instructs you to do so with additional information.

  • Page 142: Figure 16-5 Menu 23.4 System Security : Ieee802.1X

    ZyAIR G-500 Wireless Access Point User’s Guide Menu 23.4 - System Security - IEEE802.1x Wireless Port Control= Authentication Required ReAuthentication Timer (in second)= 1800 Idle Timeout (in second)= 3600 Key Management Protocol= 802.1x Dynamic WEP Key Exchange= Disable PSK = N/A...
  • Page 143 ZyAIR G-500 Wireless Access Point User’s Guide Table 16-2 Menu 23.4 System Security : IEEE802.1x FIELD DESCRIPTION Idle Timeout The ZyAIR automatically disconnects a client from the wired network after a period of (in second) inactivity. The client needs to enter the username and password again before access to the wired network is allowed.
  • Page 144 ZyAIR G-500 Wireless Access Point User’s Guide Table 16-2 Menu 23.4 System Security : IEEE802.1x FIELD DESCRIPTION Authentication The authentication database contains wireless station login information. The local user Databases database is the built-in database on the ZyAIR. The RADIUS is an external server. Use this field to decide which database the ZyAIR should use (first) to authenticate a wireless station.

  • Page 145: Chapter 17 System Information And Diagnosis

    ZyAIR G-500 Wireless Access Point User’s Guide Chapter 17 System Information and Diagnosis This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. 17.1 Overview These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software.

  • Page 146: Figure 17-2 Menu 24.1 System Maintenance : Status

    ZyAIR G-500 Wireless Access Point User’s Guide The following table describes the fields present in Menu 24.1 – System Maintenance – Status which are read-only and meant for diagnostic purposes. Menu 24.1 - System Maintenance - Status 00:17:34 Sat. Jan. 01, 2000...

  • Page 147: System Information

    ZyAIR G-500 Wireless Access Point User’s Guide Table 17-1 Menu 24.1 System Maintenance : Status FIELD DESCRIPTION System Up Time This is the time the ZyAIR is up and running from the last reboot. 17.3 System Information To get to the System Information: Step 1.

  • Page 148: Console Port Speed

    Refers to the routing protocol used. ZyNOS F/W Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. Version ZyNOS is a registered trademark of ZyXEL Communications Corporation. Country Code Refers to the country code of the firmware. Ethernet Address Refers to the Ethernet MAC (Media Access Control) of your ZyAIR.

  • Page 149: Log And Trace

    ZyAIR G-500 Wireless Access Point User’s Guide 17.4 Log and Trace Your ZyAIR provides the error logs and trace records that are stored locally. 17.4.1 Viewing Error Log The first place you should look for clues when something goes wrong is the error log. Follow the procedures to view the local error/trace log: Step 1.

  • Page 150: Diagnostic

    ZyAIR G-500 Wireless Access Point User’s Guide 17.5 Diagnostic The diagnostic facility allows you to test the different aspects of your ZyAIR to determine if it is working properly. Menu 24.4 allows you to choose among various types of diagnostic tests to evaluate your system, as shown in the following figure.

  • Page 151: Chapter 18 Firmware And Configuration File Maintenance

    ZyAIR G-500 Wireless Access Point User’s Guide Chapter 18 Firmware and Configuration File Maintenance This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files using the SMT screens. 18.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password and TCP/IP Setup, etc.

  • Page 152: Backup Configuration

    ZyAIR G-500 Wireless Access Point User’s Guide Table 18-1 Filename Conventions FILE TYPE INTERNAL EXTERNAL DESCRIPTION NAME NAME Configuration File Rom-0 *.rom This is the configuration filename on the ZyAIR. Uploading the rom-0 file replaces the entire ROM file system, including your ZyAIR configurations, system-related data (including the default password), the error log and the trace log.

  • Page 153: Using The Ftp Command From The Dos Prompt

    ZyAIR G-500 Wireless Access Point User’s Guide 18.2.2 Using the FTP command from the DOS Prompt Step 1. Launch the FTP client on your computer. Step 2. Enter “open” and the IP address of your ZyAIR. Step 3. Press [ENTER] when prompted for a username.

  • Page 154: Backup Configuration Using Tftp

    ZyAIR G-500 Wireless Access Point User’s Guide Table 18-2 General Commands for Third Party FTP Clients COMMAND DESCRIPTION Initial Remote Specify the default remote directory (path). Directory Initial Local Specify the default local directory (path). Directory 18.2.3 Backup Configuration Using TFTP The ZyAIR supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN.

  • Page 155: Restore Configuration

    ZyAIR G-500 Wireless Access Point User’s Guide where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the ZyAIR IP address, “get” transfers the file source on the ZyAIR (rom-0 name of the configuration file on the ZyAIR) to the file destination on the computer and renames it config.rom.

  • Page 156: Uploading Firmware And Configuration Files

    ZyAIR G-500 Wireless Access Point User’s Guide Menu 24.6 – Restore Configuration To transfer the firmware and the configuration file, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your router. Then type "root" and SMT password as requested.

  • Page 157: Firmware Upload

    ZyAIR G-500 Wireless Access Point User’s Guide 18.4.1 Firmware Upload FTP is the preferred method for uploading the firmware and configuration. To use this feature, your computer must have an FTP client. When you telnet into the ZyAIR, you will see the following screens for uploading firmware and the configuration file using FTP.

  • Page 158: Using The Ftp Command From The Dos Prompt Example

    ZyAIR G-500 Wireless Access Point User’s Guide Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload the system configuration file, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your system. Then type "root" and SMT password as requested.

  • Page 159: Tftp File Upload

    ZyAIR G-500 Wireless Access Point User’s Guide 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> put firmware.bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 327680 bytes sent in 1.10Seconds 297.89Kbytes/sec.

  • Page 160: Example: Tftp Command

    ZyAIR G-500 Wireless Access Point User’s Guide 18.4.5 Example: TFTP Command The following is an example TFTP command: TFTP [-i] host put firmware.bin ras where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the ZyAIR’s IP address, “put”...

  • Page 161: Chapter 19 System Maintenance And Information

    ZyAIR G-500 Wireless Access Point User’s Guide Chapter 19 System Maintenance and Information This chapter leads you through SMT menus 24.8 and 24.10. 19.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the main system firmware. The CI provides much of the same functionality as the SMT, while adding some low-level setup and diagnostic functions.

  • Page 162: Time And Date Setting

    ZyAIR G-500 Wireless Access Point User’s Guide 19.2 Time and Date Setting The ZyAIR keeps track of the time and date. There is also a software mechanism to set the time manually or get the current time and date from an external server when you turn on your ZyAIR. Menu 24.10 allows you to update the time and date settings of your ZyAIR.

  • Page 163: Resetting The Time

    ZyAIR G-500 Wireless Access Point User’s Guide Table 19-1 Menu 24.10 System Maintenance : Time and Date Setting FIELD DESCRIPTION Use Time Server Enter the time service protocol that your time server sends when you turn on the when Bootup ZyAIR.

  • Page 165: Chapter 20 Remote Management

    ZyAIR G-500 Wireless Access Point User’s Guide Chapter 20 Remote Management This chapter covers remote management (SMT menu 24.11). 20.1 Telnet You can configure your ZyAIR for remote Telnet access as shown next. Figure 20-1 Telnet Configuration on a TCP/IP Network 20.2 FTP...

  • Page 166: Remote Management Setup

    ZyAIR G-500 Wireless Access Point User’s Guide 20.4.1 Remote Management Setup Remote management setup is for managing Telnet, FTP and Web services. You can customize the service port, access interface and the secured client IP address to enhance security and flexibility.

  • Page 167: Remote Management Limitations

    ZyAIR G-500 Wireless Access Point User’s Guide Table 20-1 Menu 24.11 Remote Management Control FIELD DESCRIPTION EXAMPLE Access Select the access interface (if any) by pressing the [SPACE BAR]. LAN only Choices are: LAN only, WLAN only, All or Disable. The default is LAN only.

  • Page 169: Appendices

    Appendices Part VI: APPENDICES This part provides troubleshooting and background information about setting up your computer’s IP address, wireless LAN, 802.1x and IP subnetting. It also provides information on the command interpreter interface and logs.

  • Page 171: Appendix A Troubleshooting

    ZyAIR B-500 Wireless Access Point User’s Guide Appendix A Troubleshooting This appendix covers potential problems and possible remedies. After each problem description, some instructions are provided to help you to diagnose and to solve the problem. Problems Starting Up the ZyAIR Chart A-1 Troubleshooting the Start-Up of Your ZyAIR PROBLEM CORRECTIVE ACTION...

  • Page 172: Problems With The Password

    ZyAIR B-500 Wireless Access Point User’s Guide Chart A-2 Troubleshooting the Ethernet Interface PROBLEM CORRECTIVE ACTION I cannot ping any If the ETHN LED on the front panel is off, check the Ethernet cable connections computer on the between your ZyAIR and the Ethernet device. LAN.

  • Page 173: Problems With The Wlan Interface

    ZyAIR B-500 Wireless Access Point User’s Guide Problems with the WLAN Interface Chart A-5 Troubleshooting the WLAN Interface PROBLEM CORRECTIVE ACTION Cannot access the Make sure the wireless adapter on the wireless station is working properly. ZyAIR from the Check that both the ZyAIR and your wireless station are using the same ESSID, WLAN.

  • Page 175: Appendix B Brute-Force Password Guessing Protection

    ZyAIR B-500 Wireless Access Point User’s Guide Appendix B Brute-Force Password Guessing Protection The following describes the commands for enabling, disabling and configuring the brute-force password guessing protection mechanism for the password. See the Command Interpreter appendix for information on the command structure. Chart B-1 Brute-Force Password Guessing Protection Commands COMMAND DESCRIPTION...

  • Page 177: Appendix C Setting Up Your Computer's Ip Address

    ZyAIR B-500 Wireless Access Point User’s Guide Appendix C Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer.
  • Page 178 ZyAIR B-500 Wireless Access Point User’s Guide If you need the adapter: In the Network window, click Add. Select Adapter and then click Add. Select the manufacturer and model of your network adapter and then click OK. If you need TCP/IP: In the Network window, click Add.
  • Page 179 ZyAIR B-500 Wireless Access Point User’s Guide Click the IP Address tab. -If your IP address is dynamic, select Obtain an IP address automatically. -If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields.
  • Page 180 ZyAIR B-500 Wireless Access Point User’s Guide Click the Gateway tab. -If you do not know your gateway’s IP address, remove previously installed gateways. -If you have a gateway IP address, type it in the New gateway field and click Add. Click OK to save and close the TCP/IP Properties window.
  • Page 181 ZyAIR B-500 Wireless Access Point User’s Guide For Windows XP, click start, Control Panel. In Windows 2000/NT, click Start, Settings, Control Panel. For Windows XP, click Network Right-click Local Area Connection and then Connections. For Windows 2000/NT, click click Properties. Network and Dial-up Connections.
  • Page 182 ZyAIR B-500 Wireless Access Point User’s Guide Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). -If you have a dynamic IP address click Obtain an IP address automatically.
  • Page 183 ZyAIR B-500 Wireless Access Point User’s Guide -If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: -In the IP Settings tab, in IP addresses, click Add.
  • Page 184 ZyAIR B-500 Wireless Access Point User’s Guide In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): -Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). -If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
  • Page 185 ZyAIR B-500 Wireless Access Point User’s Guide Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. Select Ethernet built-in from the Connect via list. For dynamically assigned settings, select Using DHCP Server from the Configure: list. Setting Up Your Computer’s IP Address...
  • Page 186 ZyAIR B-500 Wireless Access Point User’s Guide For statically assigned settings, do the following: -From the Configure box, select Manually. -Type your IP address in the IP Address box. -Type your subnet mask in the Subnet mask box. -Type the IP address of your ZyAIR in the Router address box. Close the TCP/IP Control Panel.
  • Page 187 ZyAIR B-500 Wireless Access Point User’s Guide Click Network in the icon bar. - Select Automatic from the Location list. - Select Built-in Ethernet from the Show list. - Click the TCP/IP tab. For dynamically assigned settings, select Using DHCP from the Configure list. For statically assigned settings, do the following: -From the Configure box, select Manually.
  • Page 189 ZyAIR B-500 Wireless Access Point User’s Guide Appendix D Wireless LAN and IEEE 802.11 A wireless LAN (WLAN) provides a flexible data communications system that you can use to access various services (navigating the Internet, email, printer services, etc.) without the use of a cabled connection.
  • Page 190 ZyAIR B-500 Wireless Access Point User’s Guide unlicensed ISM (Industrial, Scientific and Medical) band. The third method is infrared technology, using very high frequencies, just below visible light in the electromagnetic spectrum to carry data. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless nodes or stations (STA), which is called a Basic Service Set (BSS).
  • Page 191 ZyAIR B-500 Wireless Access Point User’s Guide The Extended Service Set (ESS) shown in the next figure consists of a series of overlapping BSSs (each containing an Access Point) connected together by means of a Distribution System (DS). Although the DS could be any type of network, it is almost invariably an Ethernet LAN.

  • Page 193: Appendix E Wireless Lan With Ieee 802.1X

    ZyAIR B-500 Wireless Access Point User’s Guide Appendix E Wireless LAN With IEEE 802.1x As wireless networks become popular for both portable computing and corporate networks, security is now a priority. Security Flaws with IEEE 802.11 Wireless networks based on the original IEEE 802.11 have a poor reputation for safety. The IEEE 802.11b wireless access standard, first published in 1999, was based on the MAC address.
  • Page 194 ZyAIR B-500 Wireless Access Point User’s Guide RADIUS Server Authentication Sequence The following figure depicts a typical wireless network with a remote RADIUS server for user authentication using EAPOL (EAP Over LAN). Client computer access authorized. Client computer access not authorized. Diagram E-1 Sequences for EAP MD5–Challenge Authentication Wireless LAN with IEEE 802.1x...

  • Page 195: Appendix F Types Of Eap Authentication

    ZyAIR B-500 Wireless Access Point User’s Guide Appendix F Types of EAP Authentication This appendix discusses the four popular EAP authentication types: EAP-MD5, EAP-TLS, EAP-TTLS and PEAP. The type of authentication you use depends on the RADIUS server or the AP. Consult your network administrator for more information.
  • Page 196 ZyAIR B-500 Wireless Access Point User’s Guide hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5 and EAP- MSCHAPv2, for client authentication. For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, simple user name and password pair is more practical.
  • Page 197 ZyAIR B-500 Wireless Access Point User’s Guide Appendix G IP Subnetting IP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1.

  • Page 198: Subnet Masks

    ZyAIR B-500 Wireless Access Point User’s Guide A class “A” address (24 host bits) can have 2 –2 hosts (approximately 16 million hosts). Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127.
  • Page 199 ZyAIR B-500 Wireless Access Point User’s Guide sequence of ones beginning from the left most bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits. Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet.
  • Page 200 ZyAIR B-500 Wireless Access Point User’s Guide Divide the network 192.168.1.0 into two separate subnets by converting one of the host ID bits of the IP address to a network number bit. The “borrowed” host ID bit can be either “0” or “1” thus giving two subnets;...
  • Page 201 ZyAIR B-500 Wireless Access Point User’s Guide to an actual host for the first subnet is 192.168.1.1 and the highest is 192.168.1.126. Similarly the host ID range for the second subnet is 192.168.1.129 to 192.168.1.254. Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide a class “C” address space into two subnets.
  • Page 202 ZyAIR B-500 Wireless Access Point User’s Guide Chart G-9 Subnet 3 NETWORK NUMBER LAST OCTET BIT VALUE Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.128 Lowest Host ID: 192.168.1.129 Broadcast Address: 192.168.1.191 Highest Host ID: 192.168.1.190 Chart G-10 Subnet 4 NETWORK NUMBER LAST OCTET BIT VALUE IP Address...
  • Page 203 ZyAIR B-500 Wireless Access Point User’s Guide The following table is a summary for class “C” subnet planning. Chart G-12 Class C Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 255.255.255.128 (/25) 255.255.255.192 (/26) 255.255.255.224 (/27) 255.255.255.240 (/28) 255.255.255.248 (/29)

  • Page 204: Appendix G Ip Subnetting

    ZyAIR B-500 Wireless Access Point User’s Guide Chart G-13 Class B Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 255.255.255.128 (/25) 255.255.255.192 1024 (/26) 255.255.255.224 2048 (/27) 255.255.255.240 4096 (/28) 255.255.255.248 8192 (/29) 255.255.255.252 16384 (/30) 255.255.255.254...

  • Page 205: Appendix H Command Interpreter

    ZyAIR B-500 Wireless Access Point User’s Guide Appendix H Command Interpreter The following describes how to use the command interpreter. Enter 24 in the main menu to bring up the system maintenance menu. Enter 8 to go to Menu 24.8 - Command Interpreter Mode. See the included disk or www.zyxel.com for more detailed information on these commands.

  • Page 207: Appendix I Log Descriptions

    ZyAIR B-500 Wireless Access Point User’s Guide Appendix I Log Descriptions Chart I-1 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is The ZyAIR has adjusted its time based on information from the time server. successful Time calibration The ZyAIR failed to get information from the time server. failed DHCP client gets %s A DHCP client got a new IP address from the DHCP server.
  • Page 208 ZyAIR B-500 Wireless Access Point User’s Guide Chart I-2 ICMP Notes TYPE CODE DESCRIPTION Echo Reply Echo reply message Destination Unreachable Net unreachable Host unreachable Protocol unreachable Port unreachable A packet that needed fragmentation was dropped because it was set to Don't Fragment (DF) Source route failed Source Quench...

  • Page 209: Log Commands

    ZyAIR B-500 Wireless Access Point User’s Guide Chart I-2 ICMP Notes TYPE CODE DESCRIPTION Timestamp Timestamp request message Timestamp Reply Timestamp reply message Information Request Information request message Information Reply Information reply message Chart I-3 Sys log LOG MESSAGE DESCRIPTION Mon dd hr:mm:ss hostname This message is sent by the "RAS"...

  • Page 210: Displaying Logs

    ZyAIR B-500 Wireless Access Point User’s Guide Chart I-4 Log Categories and Available Settings LOG CATEGORIES AVAILABLE PARAMETERS 8021x 0, 1 access 0, 1, 2, 3 error 0, 1, 2, 3 icmp 0, 1 mten 0, 1 packetfilter 0, 1 remote 0, 1 tcpreset...
  • Page 211 ZyAIR B-500 Wireless Access Point User’s Guide .time source destination notes message 0|11/11/2002 15:10:12 |172.22.3.80:137 |172.22.255.255:137 |ACCESS BLOCK Log Description...

  • Page 213: Appendix J Index

    ZyAIR B-500 Wireless Access Point User’s Guide Appendix J Index DS...........See Distribution System DSSS ....See Direct Sequence Spread Spectrum Address Assignment..........3-4 Ad-hoc Configuration..........D-2 Alternative Subnet Mask Notation ......G-3 EAP ..............1-3, 6-1 Applications ............1-3 EAP Authentication ..........F-1 auto-negotiation............1-1 MD5 ..............
  • Page 214 ZyAIR B-500 Wireless Access Point User’s Guide Hidden Menus............11-4 Packets ..............17-2 Host .................4-3 Password ..........4-2, 11-1, 15-2 Host IDs..............G-1 Ping ............... 17-6 Preamble Mode ............6-3 Private IP Address........... 3-5 IBSS....... See Independent Basic Service Set IEEE 802.11 ............D-1 Deployment Issues ..........
  • Page 215 ZyAIR B-500 Wireless Access Point User’s Guide GetNext.............15-2 Trace Records ............17-5 Manager .............8-6, 15-2 Transport Layer Security ........ See TLS MIBs ............8-7, 15-2 Troubleshooting Set ..............15-2 Accessing ZyAIR ........A-2, A-3 Trap............8-7, 15-2 Ethernet Port............A-1 Traps ............15-3, 15-4 Password ............A-2 Trusted Host............15-3 Start-Up ..............A-1 SNMP Traps............8-7...
  • Page 216 ZyAIR B-500 Wireless Access Point User’s Guide Index...

Table of Contents