802.11 b/g/n in-wall managed access point (2 pages)
Summary of Contents for ZyXEL Communications NWA5121-N
Page 1
NWA5000/WAC6500 Series NWA5121-N / NWA5121-NI / NWA5123-NI / NWA5301-NJ / WAC6502D-E / WAC6502D-S / WAC6503D-S / WAC6553D-E 802.11 a/b/g/n/ac Unified Access Point Version 4.20 Edition 1, 10/2014 Quick Start Guide User’s Guide Default Login Details LAN IP Address http://192.168.1.2 User Name admin www.zyxel.com...
Page 2
IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. This is a User’s Guide for a series of products. Not all products support all firmware features. Screenshots and graphics in this book may differ slightly from your product due to differences in your product firmware or your computer operating system.
1.5.2 Phone Port ..........................19 1.5.3 Console Port ..........................19 1.6 LEDs ..............................20 1.6.1 WAC6502D-E, WAC6502D-S, WAC6503D-S and WAC6553D-E ...........21 1.6.2 NWA5301-NJ ...........................23 1.6.3 NWA5121-N, NWA5121-NI, and NWA5123-NI ...............24 1.7 Starting and Stopping the NWA/WAC ....................26 Chapter 2 The Web Configurator ........................27 2.1 Overview ............................27 2.2 Access ...............................27...
Page 5
Table of Contents Part II: Technical Reference................38 Chapter 3 Dashboard ............................39 3.1 Overview ............................39 3.1.1 What You Can Do in this Chapter ....................39 3.2 Dashboard ............................39 3.2.1 CPU Usage ..........................42 3.2.2 Memory Usage ........................43 Chapter 4 Monitor..............................44 4.1 Overview ............................44 4.1.1 What You Can Do in this Chapter ....................44 4.2 What You Need to Know ........................44 4.3 Network Status ..........................45...
Page 6
Table of Contents 6.5 DCS ..............................74 6.6 Technical Reference ..........................74 Chapter 7 User..............................77 7.1 Overview ............................77 7.1.1 What You Can Do in this Chapter ....................77 7.1.2 What You Need To Know ......................77 7.2 User Summary ..........................78 7.2.1 Add/Edit User ..........................78 7.3 Setting ..............................80 7.3.1 Edit User Authentication Timeout Settings ................82 Chapter 8...
Page 7
Table of Contents 10.2.1 Add/Edit WDS Profile ......................107 Chapter 11 Certificates ............................108 11.1 Overview ............................108 11.1.1 What You Can Do in this Chapter ..................108 11.1.2 What You Need to Know ......................108 11.1.3 Verifying a Certificate ......................110 11.2 My Certificates ..........................111 11.2.1 Add My Certificates ......................
Page 8
Table of Contents 12.8.4 Adding or Editing an SNMPv3 User Profile .................148 Chapter 13 Log and Report ..........................150 13.1 Overview ............................150 13.1.1 What You Can Do In this Chapter ..................150 13.2 Email Daily Report ........................150 13.3 Log Setting ...........................152 13.3.1 Log Setting ..........................152 13.3.2 Edit System Log Settings ....................154 13.3.3 Edit Remote Server ......................156 13.3.4 Active Log Summary ......................158...
Page 9
Table of Contents Chapter 18 Shutdown............................179 18.1 Overview ............................179 18.1.1 What You Need To Know .....................179 18.2 Shutdown ............................179 Chapter 19 Troubleshooting..........................180 19.1 Overview ............................180 19.2 Power, Hardware Connections, and LED ..................180 19.3 NWA/WAC Access and Login .......................181 19.4 Internet Access ..........................182 19.5 Wireless Connections ........................184 19.6 Resetting the NWA/WAC ......................187 19.7 Getting More Troubleshooting Help ....................187...
H A PT ER Introduction 1.1 Overview This User’s Guide covers the following models: NWA5121-N, NWA5121-NI, NWA5123-NI and NWA5301-NJ, WAC6502D-E, WAC6502D-S, WAC6503D-S and WAC6553D-E. Your NWA/WAC is a wireless AP (Access Point). It extends the range of your existing wired network without additional wiring, providing easy network access to mobile users.
Chapter 1 Introduction Table 2 WAC Series Comparison Table FEATURES WAC6502D-E WAC6502D-S WAC6503D-S WAC6553D-E Number of Wireless Radios Monitor Mode & Rogue APs Detection Layer-2 Isolation External Antennas Internal Antenna Maximum number of log messages 512 event logs or 1024 debug logs You can set the NWA/WAC to operate in either standalone AP or managed AP mode.
Chapter 1 Introduction When the NWA/WAC is in managed AP mode, it acts as a DHCP client and obtains an IP address from the AP controller. It can be configured ONLY by the AP controller. To change the NWA/WAC back to standalone AP mode, use the Reset button to restore the default configuration. Alternatively, you need to check the AP controller for the NWA/WAC’s IP address and use FTP to upload the default configuration file at conf/system-default.conf to the NWA/WAC and reboot the device.
Chapter 1 Introduction Figure 1 Multiple BSSs 1.1.3 Dual-Radio Some of the NWA/WAC models are equipped with dual wireless radios. This means you can configure two different wireless networks to operate simultaneously. Note: A different channel should be configured for each WLAN interface to reduce the effects of radio interference.
Chapter 1 Introduction Figure 2 Dual-Radio Application 1.1.4 Root AP In Root AP mode, the NWA/WAC (Z) can act as the root AP in a wireless network and also allow repeaters (X and Y) to extend the range of its wireless network at the same time. In the figure below, both clients A, B and C can access the wired network through the root AP.
Chapter 1 Introduction use either SSID to associate with the NWA/WAC in Root AP mode. A repeater must use the repeater SSID to connect to the NWA/WAC in Root AP mode. When the NWA/WAC is in Root AP mode, repeater security between the NWA/WAC and other repeater is independent of the security between the wireless clients and the AP or repeater.
Chapter 1 Introduction At the time of writing, repeater security is compatible with the NWA/WAC only. 1.2 Ways to Manage the NWA/WAC You can use the following ways to manage the NWA/WAC. Web Configurator The Web Configurator allows easy NWA/WAC setup and management using an Internet browser. This User’s Guide provides information about the Web Configurator.
Chapter 1 Introduction 1.5 NWA5301-NJ Hardware 1.5.1 110 Punch-Down Block This section shows you how to use a punch-down tool to seat an 8-wire Ethernet cable to the 110 punch-down block. You can connect a PoE switch to the 110 punch-down block to provide power and Internet access to the NWA through this connection.
Chapter 1 Introduction Trim any excess wires. Place the dust caps over the terminated wires. 1.5.2 Phone Port Connect a digital telephone to the RJ-45 PHONE port at the bottom of the NWA to forward voice traffic to/from the telephone switchboard that is connected to the RJ-45 PHONE port on the back of the NWA.
Chapter 1 Introduction For local management, you can use a computer with terminal emulation software configured to the following parameters: • VT100 terminal emulation • 115200 bps • No parity, 8 data bits, 1 stop bit • No flow control The following table shows you the wire color codes and pin assignment for the console cable.
Chapter 1 Introduction 1.6.1 WAC6502D-E, WAC6502D-S, WAC6503D-S and WAC6553D-E The LEDs will stay ON when the WAC is ready. You can change this setting in the Maintenance > LEDs > Suppression screen. Figure 5 WAC Series LEDs NWA5000 / WAC6500 Series User’s Guide...
Page 22
Chapter 1 Introduction The following table describes the LEDs. Table 6 WAC LEDs COLOR STATUS DESCRIPTION PWR/SYS Slow The WAC is booting up. Blinking (On for 1s, Off for 1s) Green The WAC is ready for use. Green There is system error and the WAC cannot boot up, or the WAC suffered a system failure.
Chapter 1 Introduction Table 6 WAC LEDs (continued) COLOR STATUS DESCRIPTION Amber/Green Amber - The port is operating as a 100-Mbps connection. Green - The port is operating as a Gigabit connection (1000 Mbps). Blinking The LAN port is sending/receiving data through the port. The LAN port is not connected.
LAN1-3 Green The port is connected. Blinking The NWA/WAC is sending/receiving data through the port. The port is not connected. 1.6.3 NWA5121-N, NWA5121-NI, and NWA5123-NI The following are the LED descriptions for your NWA512x. NWA5000 / WAC6500 Series User’s Guide...
Page 25
Chapter 1 Introduction Figure 7 NWA5120 Series LED Table 8 NWA5120 Series LED COLOR STATUS DESCRIPTION Amber Slow Blinking (On for The NWA is booting up. 1s, Off for 1s) Green Amber The NWA is ready for use. Green Amber The NWA’s wireless interface is activated.
Chapter 1 Introduction Table 8 NWA5120 Series LED (continued) COLOR STATUS DESCRIPTION Amber Slow Blinking (blink The wireless LAN is disabled or fails. for 2 times, Off for Green 1.7 Starting and Stopping the NWA/WAC Here are some of the ways to start and stop the NWA/WAC. Always use Maintenance >...
H A PT ER The Web Configurator 2.1 Overview The NWA/WAC Web Configurator allows easy management using an Internet browser. In order to use the Web Configurator, you must: • Use Internet Explorer 7.0 and later versions, Mozilla Firefox 9.0 and later versions, Safari 4.0 and later versions, or Google Chrome 10.0 and later versions.
Chapter 2 The Web Configurator Click Login. If you logged in using the default user name and password, the Update Admin Info screen appears. Otherwise, the dashboard appears. The Update Admin Info screen appears every time you log in using the default user name and default password.
Chapter 2 The Web Configurator The Web Configurator’s main screen is divided into these parts: • A - Title Bar • B - Navigation Panel • C - Main Window 2.3.1 Title Bar The title bar provides some useful links that always appear over the screens below, regardless of how deep into the Web Configurator you navigate.
Page 30
Chapter 2 The Web Configurator The following table describes labels that can appear in this screen. Table 11 About LABEL DESCRIPTION Boot Module This shows the version number of the software that handles the booting process of the NWA/WAC. Current Version This shows the firmware version of the NWA/WAC.
Page 31
Chapter 2 The Web Configurator Figure 12 Object Reference The fields vary with the type of object. The following table describes labels that can appear in this screen. Table 12 Object References LABEL DESCRIPTION Object Name This identifies the object for which the configuration settings that use it are displayed. Click the object’s name to display the object’s configuration screen in the main window.
Chapter 2 The Web Configurator Figure 13 CLI Messages Click Clear to remove the currently displayed information. Note: See the Command Reference Guide for information about the commands. 2.3.2 Navigation Panel Use the menu items on the navigation panel to open screens to configure NWA/WAC features. Click the arrow in the middle of the right edge of the navigation panel to hide the navigation panel menus or drag it to resize them.
Chapter 2 The Web Configurator Monitor Menu The monitor menu screens display status and statistics information. Table 13 Monitor Menu Screens Summary FOLDER OR LINK FUNCTION Network Status Display general LAN interface information and packet statistics. Wireless AP Information Radio List Display information about the radios of the connected APs.
Chapter 2 The Web Configurator Table 14 Configuration Menu Screens Summary (continued) FOLDER OR LINK FUNCTION Date/Time Configure the current date, time, and time zone in the NWA/WAC. Configure HTTP, HTTPS, and general authentication. Configure SSH server and SSH service settings. TELNET Configure telnet server settings for the NWA/WAC.
Chapter 2 The Web Configurator 2.3.4 Tables and Lists The Web Configurator tables and lists are quite flexible and provide several options for how to display their entries. 2.3.4.1 Manipulating Table Display Here are some of the ways you can manipulate the Web Configurator tables. Click a column heading to sort the table’s entries according to that column’s criteria.
Page 36
Chapter 2 The Web Configurator Select a column heading cell’s right border and drag to re-size the column. Select a column heading and drag and drop it to change the column order. A green check mark displays next to the column’s title when you drag the column to a valid new location. Use the icons and fields at the bottom of the table to navigate to different pages of entries and control how many entries display at a time.
Page 37
Chapter 2 The Web Configurator Here are descriptions for the most common table icons. Table 17 Common Table Icons LABEL DESCRIPTION Click this to create a new entry. For features where the entry’s position in the numbered list is important (features where the NWA/WAC applies the table’s entries in order like the firewall for example), you can select an entry and click Add to create a new entry after the selected entry.
H A PT ER Dashboard 3.1 Overview Use the Dashboard screens to check status information about the NWA/WAC. 3.1.1 What You Can Do in this Chapter • The main Dashboard screen (Section 3.2 on page 39) displays the NWA/WAC’s general device information, system status, system resource usage, and interface status.
Page 40
Chapter 3 Dashboard The following table describes the labels in this screen. Table 18 Dashboard LABEL DESCRIPTION Widget Settings (A) Use this link to re-open closed widgets. Widgets that are already open appear grayed out. Refresh Time Set the interval for refreshing the information displayed in the widget. Setting (B) Refresh Now (C) Click this to update the widget’s information immediately.
Page 41
Chapter 3 Dashboard Table 18 Dashboard (continued) LABEL DESCRIPTION SSID This field displays the name of the wireless network to which the NWA/WAC is connected using WDS. Security Mode This field displays which secure encryption methods is being used by the NWA/WAC to connect to the root AP or repeater using WDS.
Chapter 3 Dashboard Table 18 Dashboard (continued) LABEL DESCRIPTION IP Assignment This field displays how the interface gets its IP address. Static - This interface has a static IP address. DHCP Client - This interface gets its IP address from a DHCP server. Action If the interface has a static IP address, this shows n/a.
Chapter 3 Dashboard Table 19 Dashboard > CPU Usage (continued) LABEL DESCRIPTION Refresh Interval Enter how often you want this window to be automatically updated. Refresh Now Click this to update the information in the window right away. 3.2.2 Memory Usage Use this screen to look at a chart of the NWA/WAC’s recent memory (RAM) usage.
H A PT ER Monitor 4.1 Overview Use the Monitor screens to check status and statistics information. 4.1.1 What You Can Do in this Chapter • The Network Status screen (Section 4.3 on page 45) displays general LAN interface information and packet statistics.
Chapter 4 Monitor 4.3 Network Status Use this screen to look at general Ethernet interface information and packet statistics. To access this screen, click Monitor > Network Status. Figure 20 Monitor > Network Status The following table describes the labels in this screen. Table 21 Monitor >...
Chapter 4 Monitor Table 21 Monitor > Network Status (continued) LABEL DESCRIPTION Action Use this field to get or to update the IP address for the interface. Click Renew to send a new DHCP request to a DHCP server. If the interface cannot use one of these ways to get or to update its IP address, this field displays n/a.
Chapter 4 Monitor Figure 21 Monitor > Network Status > Switch to Graphic View The following table describes the labels in this screen. Table 22 Monitor > Network Status > Switch to Graphic View LABEL DESCRIPTION Refresh Interval Enter how often you want this window to be automatically updated. Refresh Now Click this to update the information in the window right away.
Chapter 4 Monitor Figure 22 Monitor > Wireless > AP Information > Radio List The following table describes the labels in this screen. Table 23 Monitor > Wireless > AP Information > Radio List LABEL DESCRIPTION More Click this to view additional information about the selected radio’s wireless traffic and Information station count.
Page 49
Chapter 4 Monitor Figure 23 Monitor > Wireless > AP Information > Radio List > More Information NWA5000 / WAC6500 Series User’s Guide...
Chapter 4 Monitor The following table describes the labels in this screen. Table 24 Monitor > Wireless > AP Information > Radio List > More Information LABEL DESCRIPTION SSID Detail This list shows information about all the wireless clients that have connected to the specified radio over the preceding 24 hours.
Chapter 4 Monitor The following table describes the labels in this screen. Table 25 Monitor > Wireless > Station Info LABEL DESCRIPTION This is the station’s index number in this list. MAC Address This is the station’s MAC address. Radio This is the radio number on the NWA/WAC to which the station is connected.
Chapter 4 Monitor The following table describes the labels in this screen. Table 26 Monitor > Wireless > WDS Link Info LABEL DESCRIPTION WDS Uplink Info Uplink refers to the WDS link from the repeaters to the root AP. WDS Downlink Downlink refers to the WDS link from the root AP to the repeaters.
Chapter 4 Monitor Figure 26 Monitor > Wireless > Detected Device The following table describes the labels in this screen. Table 27 Monitor > Wireless > Detected Device LABEL DESCRIPTION Mark as Rogue Click this button to mark the selected AP as a rogue AP. A rogue AP can be contained in the Configuration >...
Page 54
Chapter 4 Monitor To access this screen, click Monitor > Log. The log is displayed in the following screen. Note: When a log reaches the maximum number of log messages, new log messages automatically overwrite existing log messages, starting with the oldest existing log message first.
Page 55
Chapter 4 Monitor The following table describes the labels in this screen. Table 28 Monitor > Log > View Log LABEL DESCRIPTION Show Filter / Click this button to show or hide the filter settings. Hide Filter If the filter settings are hidden, the Display, Email Log Now, Refresh, and Clear Log fields are available.
Page 56
Chapter 4 Monitor The Web Configurator saves the filter settings if you leave the View Log screen and return to it later. NWA5000 / WAC6500 Series User’s Guide...
H A PT ER Network 5.1 Overview This chapter describes how you can configure the management IP address and VLAN settings of your NWA/WAC. The Internet Protocol (IP) address identifies a device on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network.
Page 58
Chapter 5 Network Figure 29 CAPWAP Network Example Note: The NWA/WAC can be a standalone AP (default), or a CAPWAP managed AP. CAPWAP Discovery and Management The link between CAPWAP-enabled access points proceeds as follows: An AP in managed AP mode joins a wired network (receives a dynamic IP address). The AP sends out a discovery request, looking for a CAPWAP AP controller.
Chapter 5 Network CAPWAP and IP Subnets By default, CAPWAP works only between devices with IP addresses in the same subnet. However, you can configure CAPWAP to operate between devices with IP addresses in different subnets by doing the following. •...
Chapter 5 Network 5.2 IP Setting Use this screen to configure the IP address for your NWA/WAC. To access this screen, click Configuration > Network > IP Setting. Figure 31 Configuration > Network > IP Setting (Retake screenshot) Each field is described in the following table. Table 29 Configuration >...
Chapter 5 Network Table 29 Configuration > Network > IP Setting (continued) LABEL DESCRIPTION IPv6 Address Assignment Enable Stateless Select this to enable IPv6 stateless auto-configuration on the NWA/WAC. The NWA/WAC Address Auto- will generate an IPv6 address itself from a prefix obtained from an IPv6 router in the configuration network.
Page 62
Chapter 5 Network In the figure above, to access and manage the NWA/WAC from computer A, the NWA/WAC and switch B’s ports to which computer A and the NWA/WAC are connected should be in the same VLAN. A Virtual Local Area Network (VLAN) allows a physical network to be partitioned into multiple logical networks.
Chapter 5 Network Table 30 Configuration > Network > VLAN (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the NWA/WAC. Reset Click Reset to return the screen to its last-saved settings. LAN Setting Port Setting Edit Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings.
Page 64
Chapter 5 Network WAC can be configured ONLY by the AP controller. See Section 5.1.1 on page 57 for more information on management mode and AP Controller. If you want to return the NWA/WAC to standalone AP mode, you can do one of the two following options: •...
H A PT ER Wireless 6.1 Overview This chapter discusses how to configure the wireless network settings in your NWA/WAC. The following figure provides an example of a wireless network. Figure 35 Example of a Wireless Network The wireless network is the part in the blue circle. In this wireless network, devices A and B are called wireless clients.
Chapter 6 Wireless 6.1.2 What You Need to Know The following terms and concepts may help as you read this chapter. Station / Wireless Client A station or wireless client is any wireless-capable device that can connect to an AP using a wireless signal.
Page 67
Chapter 6 Wireless Figure 36 Configuration > Wireless > AP Management Each field is described in the following table. Table 32 Configuration > Wireless > AP Management LABEL DESCRIPTION Radio 1 Setting Radio 1 Activate Select the check box to enable the NWA/WAC’s first (default) radio. NWA5000 / WAC6500 Series User’s Guide...
Page 68
Chapter 6 Wireless Table 32 Configuration > Wireless > AP Management (continued) LABEL DESCRIPTION Radio 1 OP Mode Select the operating mode for radio 1. AP Mode means the radio can receive connections from wireless clients and pass their data traffic through to the NWA/WAC to be managed (or subsequently passed on to an upstream gateway for managing).
Chapter 6 Wireless Table 32 Configuration > Wireless > AP Management (continued) LABEL DESCRIPTION Radio 2 OP Mode This displays if the NWA/WAC has a second radio. Select the operating mode for radio AP Mode means the radio can receive connections from wireless clients and pass their data traffic through to the NWA/WAC to be managed (or subsequently passed on to an upstream gateway for managing).
Page 70
Chapter 6 Wireless Click Configuration > Wireless > MON Mode to access this screen. Figure 37 Configuration > Wireless > MON Mode Each field is described in the following table. Table 33 Configuration > Wireless > MON Mode LABEL DESCRIPTION Rogue/Friendly AP List Click this button to add an AP to the list and assign it either friendly or rogue status.
Chapter 6 Wireless 6.3.1 Add/Edit Rogue/Friendly List Click Add or select an AP and click the Edit button in the Configuration > Wireless > MON Mode table to display this screen. Figure 38 Configuration > Wireless > MON Mode > Add/Edit Rogue/Friendly AP List Each field is described in the following table.
Chapter 6 Wireless Each field is described in the following table. Table 35 Configuration > Wireless > Load Balancing LABEL DESCRIPTION Enable Load Select this to enable load balancing on the NWA/WAC. Balancing Use this section to configure wireless network traffic load balancing between the managd APs in this group.
Page 73
Chapter 6 Wireless For example, here the AP has a balanced bandwidth allotment of 6 Mbps. If laptop R connects and it pushes the AP over its allotment, say to 7 Mbps, then the AP delays the red laptop’s connection until it can afford the bandwidth or the laptop is picked up by a different AP with bandwidth to spare.
Chapter 6 Wireless 6.5 DCS Use this screen to configure dynamic radio channel selection. Click Configuration > Wireless > DCS to access this screen. Figure 42 Configuration > Wireless > DCS Each field is described in the following table. Table 36 Configuration > Wireless > DCS LABEL DESCRIPTION Select Now...
Page 75
Chapter 6 Wireless Figure 43 An Example Three-Channel Deployment Three channels are situated in such a way as to create almost no interference with one another if used exclusively: 1, 6 and 11. When an AP broadcasts on any of these three channels, it should not interfere with neighboring APs as long as they are also limited to same trio.
Page 76
Chapter 6 Wireless There are two kinds of wireless load balancing available on the NWA/WAC: Load balancing by station number limits the number of devices allowed to connect to your AP. If you know exactly how many stations you want to let connect, choose this option. For example, if your company’s graphic design team has their own AP and they have 10 computers, you can load balance for 10.
H A PT ER User 7.1 Overview This chapter describes how to set up user accounts and user settings for the NWA/WAC. 7.1.1 What You Can Do in this Chapter • The User screen (see Section 7.2 on page 78) provides a summary of all user accounts. •...
Chapter 7 User 7.2 User Summary The User screen provides a summary of all user accounts. To access this screen click Configuration > Object > User. Figure 46 Configuration > Object > User The following table describes the labels in this screen. Table 38 Configuration >...
Page 79
Chapter 7 User • Alphanumeric A-z 0-9 (there is no unicode support) • _ [underscores] • - [dashes] The first character must be alphabetical (A-Z a-z), an underscore (_), or a dash (-). Other limitations on user names are: • User names are case-sensitive. If you enter a user 'bob' but use 'BOB' when connecting via CIFS or FTP, it will use the account settings used for 'BOB' not ‘bob’.
Chapter 7 User The following table describes the labels in this screen. Table 39 Configuration > User > User > Add/Edit A User LABEL DESCRIPTION User Name Type the user name for this user account. You may use 1-31 alphanumeric characters, underscores( ), or dashes (-), but the first character cannot be a number.
Page 81
Chapter 7 User Figure 48 Configuration > Object > User > Setting The following table describes the labels in this screen. Table 40 Configuration > Object > User > Setting LABEL DESCRIPTION User Default Setting Default Authentication These authentication timeout settings are used by default when you create a Timeout Settings new user account.
Chapter 7 User Table 40 Configuration > Object > User > Setting (continued) LABEL DESCRIPTION Reauthentication Time This is the default reauthentication time in minutes for each type of user account. It defines the number of minutes the user can be logged into the NWA/WAC in one session before having to log in again.
Page 83
Chapter 7 User The following table describes the labels in this screen. Table 41 User > Setting > Edit User Authentication Timeout Settings LABEL DESCRIPTION User Type This read-only field identifies the type of user account for which you are configuring the default settings.
H A PT ER AP Profile 8.1 Overview This chapter shows you how to configure preset profiles for the NWA/WAC. 8.1.1 What You Can Do in this Chapter • The Radio screen (Section 8.2 on page 85) creates radio configurations that can be used by the APs.
Chapter 8 AP Profile WEP (Wired Equivalent Privacy) encryption scrambles all data packets transmitted between the AP and the wireless stations associated with it in order to keep network communications private. Both the wireless stations and the access points must use the same WEP key for data encryption and decryption.
Chapter 8 AP Profile Table 42 Configuration > Object > AP Profile > Radio (continued) LABEL DESCRIPTION Activate To turn on an entry, select it and click Activate. Inactivate To turn off an entry, select it and click Inactivate. Object Reference Click this to view which other objects are linked to the selected radio profile. This field is a sequential value, and it is not associated with a specific user.
Page 87
Chapter 8 AP Profile The following table describes the labels in this screen. Table 43 Configuration > Object > AP Profile > Add/Edit Profile LABEL DESCRIPTION Hide / Show Click this to hide or show the Advanced Settings in this window. Advanced Settings General Settings Activate...
Page 88
Chapter 8 AP Profile Table 43 Configuration > Object > AP Profile > Add/Edit Profile (continued) LABEL DESCRIPTION 2.4 GHz Channel Select how you want to specify the channels the NWA/WAC switches between for 2.4 Selection Method GHz operation. This field appears only when you choose 802.11b/g/n mode. Select auto to have the NWA/WAC display a 2.4 GHz Channel Deployment field you can use to limit channel switching to 3 or 4 channels.
Chapter 8 AP Profile Table 43 Configuration > Object > AP Profile > Add/Edit Profile (continued) LABEL DESCRIPTION Beacon Interval When a wirelessly networked device sends a beacon, it includes with it a beacon interval. This specifies the time period before the device sends the beacon again. The interval tells receiving devices on the network how long they can wait in low-power mode before waking up to handle the beacon.
Chapter 8 AP Profile 8.3.1 SSID List This screen allows you to create and manage SSID configurations that can be used by the APs. An SSID, or Service Set IDentifier, is basically the name of the wireless network to which a wireless client can connect.
Page 91
Chapter 8 AP Profile Figure 53 Configuration > Object > AP Profile > Add/Edit SSID Profile The following table describes the labels in this screen. Table 45 Configuration > Object > AP Profile > Add/Edit SSID Profile LABEL DESCRIPTION Create new Select an object type from the list to create a new one associated with this SSID profile.
Chapter 8 AP Profile Table 45 Configuration > Object > AP Profile > Add/Edit SSID Profile (continued) LABEL DESCRIPTION Select a Quality of Service (QoS) access category to associate with this SSID. Access categories minimize the delay of data packets across a wireless network. Certain categories, such as video or voice, are given a higher priority due to the time sensitive nature of their data packets.
Chapter 8 AP Profile Figure 54 Configuration > Object > AP Profile > SSID > Security List The following table describes the labels in this screen. Table 46 Configuration > Object > AP Profile > SSID > Security List LABEL DESCRIPTION Click this to add a new security profile.
Page 94
Chapter 8 AP Profile Figure 55 SSID > Security Profile > Add/Edit Security Profile The following table describes the labels in this screen. Table 47 SSID > Security Profile > Add/Edit Security Profile LABEL DESCRIPTION Profile Name Enter up to 31 alphanumeric characters for the profile name. This name is only visible in the Web Configurator and is only for management purposes.
Page 95
Chapter 8 AP Profile Table 47 SSID > Security Profile > Add/Edit Security Profile (continued) LABEL DESCRIPTION Radius Server Type This shows External and the NWA/WAC uses an external RADIUS server for authentication. Primary / Select this to have the NWA/WAC use the specified RADIUS server. Secondary Radius Server Activate Radius Server...
Chapter 8 AP Profile Table 47 SSID > Security Profile > Add/Edit Security Profile (continued) LABEL DESCRIPTION This field is available when you select the wpa2, or wpa2-mix security mode. Select this option to use a Pre-Shared Key with WPA2 encryption. Pre-Shared Key Enter a pre-shared key of between 8 and 63 case-sensitive ASCII characters (including spaces and symbols) or 64 hexadecimal characters.
Chapter 8 AP Profile Figure 56 Configuration > Object > AP Profile > SSID > MAC Filter List The following table describes the labels in this screen. Table 48 Configuration > Object > AP Profile > SSID > MAC Filter List LABEL DESCRIPTION Click this to add a new MAC filtering profile.
Chapter 8 AP Profile Figure 57 SSID > MAC Filter List > Add/Edit MAC Filter Profile The following table describes the labels in this screen. Table 49 SSID > MAC Filter List > Add/Edit MAC Filter Profile LABEL DESCRIPTION Profile Name Enter up to 31 alphanumeric characters for the profile name.
Page 99
Chapter 8 AP Profile network printer (C) while preventing the client from accessing other computers and servers on the network. The client can communicate with other wireless clients only if Intra-BSS Traffic blocking is disabled. Note: Intra-BSS Traffic Blocking is activated when you enable layer-2 isolation. Figure 58 Layer-2 Isolation Application MAC addresses that are not listed in the layer-2 isolation table are blocked from communicating with the NWA/WAC’s wireless clients except for broadcast packets.
Chapter 8 AP Profile Table 50 Configuration > Object > AP Profile > SSID > Layer-2 Isolation List (continued) LABEL DESCRIPTION This field is a sequential value, and it is not associated with a specific user. Profile Name This field indicates the name assigned to the layer-2 isolation profile. 8.6.1 Add/Edit Layer-2 Isolation Profile This screen allows you to create a new layer-2 isolation profile or edit an existing one.
Page 101
Chapter 8 AP Profile Table 51 SSID > MAC Filter List > Add/Edit Layer-2 Isolation Profile (continued) LABEL DESCRIPTION Click OK to save your changes back to the NWA/WAC. Cancel Click Cancel to exit this screen without saving your changes. NWA5000 / WAC6500 Series User’s Guide...
H A PT ER MON Profile 9.1 Overview This screen allows you to set up monitor mode configurations that allow your NWA/WAC to scan for other wireless devices in the vicinity. Once detected, you can use the Wireless > MON Mode screen (Section 6.3 on page 69) to classify them as either rogue or friendly.
Chapter 9 MON Profile Table 52 Configuration > Object > MON Profile (continued) LABEL DESCRIPTION Activate To turn on an entry, select it and click Activate. Inactivate To turn off an entry, select it and click Inactivate. Object Reference Click this to view which other objects are linked to the selected monitor mode profile (for example, an AP management profile).
Chapter 9 MON Profile The following table describes the labels in this screen. Table 53 Configuration > Object > MON Profile > Add/Edit MON Profile LABEL DESCRIPTION Activate Select this to activate this monitor mode profile. Profile Name This field indicates the name assigned to the monitor mode profile. Channel dwell time Enter the interval (in milliseconds) before the NWA/WAC switches to another channel for monitoring.
Page 105
Chapter 9 MON Profile Figure 63 Rogue AP Example In the example above, a corporate network’s security is compromised by a rogue AP (RG) set up by an employee at his workstation in order to allow him to connect his notebook computer wirelessly (A).
HAPTER WDS Profile 10.1 Overview This chapter shows you how to configure WDS (Wireless Disbribution System) profiles for the NWA/ WAC to form a WDS with other APs. 10.1.1 What You Can Do in this Chapter The WDS Profile screen (Section 10.2 on page 106) creates preset WDS configurations that can be used by the NWA/WAC.
Chapter 10 WDS Profile 10.2.1 Add/Edit WDS Profile This screen allows you to create a new WDS profile or edit an existing one. To access this screen, click the Add button or select and existing profile and click the Edit button. Figure 65 Configuration >...
HAPTER Certificates 11.1 Overview The NWA/WAC can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication. 11.1.1 What You Can Do in this Chapter •...
Page 109
Chapter 11 Certificates Additionally, Jenny uses her own private key to sign a message and Tim uses Jenny’s public key to verify the message. The NWA/WAC uses certificates based on public-key cryptology to authenticate users attempting to establish a connection, not to encrypt the data that you send after establishing a connection. The method used to secure the data that you send through an established connection depends on the type of connection.
Chapter 11 Certificates • Binary PKCS#12: This is a format for transferring public key and private key certificates.The private key in a PKCS #12 file is within a password-encrypted envelope. The file’s password is not connected to your certificate’s public or private passwords. Exporting a PKCS #12 file creates this and you must provide it to decrypt the contents when you import the file into the NWA/WAC.
Chapter 11 Certificates 11.2 My Certificates Click Configuration > Object > Certificate > My Certificates to open this screen. This is the NWA/WAC’s summary list of certificates and certification requests. Figure 66 Configuration > Object > Certificate > My Certificates The following table describes the labels in this screen.
Chapter 11 Certificates Table 56 Configuration > Object > Certificate > My Certificates (continued) LABEL DESCRIPTION Subject This field displays identifying information about the certificate’s owner, such as CN (Common Name), OU (Organizational Unit or department), O (Organization or company) and C (Country).
Page 114
Chapter 11 Certificates The following table describes the labels in this screen. Table 57 Configuration > Object > Certificate > My Certificates > Add LABEL DESCRIPTION Name Type a name to identify this certificate. You can use up to 31 alphanumeric and ;‘~!@#$%^&()_+[]{}’,.=- characters.
Page 115
Chapter 11 Certificates Table 57 Configuration > Object > Certificate > My Certificates > Add (continued) LABEL DESCRIPTION Create a certification Select this to have the NWA/WAC generate a request for a certificate and apply to a request and enroll for certification authority for a certificate.
Chapter 11 Certificates 11.2.2 Edit My Certificates Click Configuration > Object > Certificate > My Certificates and then the Edit icon to open the My Certificate Edit screen. You can use this screen to view in-depth certificate information and change the certificate’s name. Figure 68 Configuration >...
Page 117
Chapter 11 Certificates The following table describes the labels in this screen. Table 58 Configuration > Object > Certificate > My Certificates > Edit LABEL DESCRIPTION Name This field displays the identifying name of this certificate. You can use up to 31 alphanumeric and ;‘~!@#$%^&()_+[]{}’,.=- characters.
Chapter 11 Certificates Table 58 Configuration > Object > Certificate > My Certificates > Edit LABEL DESCRIPTION MD5 Fingerprint This is the certificate’s message digest that the NWA/WAC calculated using the MD5 algorithm. SHA1 Fingerprint This is the certificate’s message digest that the NWA/WAC calculated using the SHA1 algorithm.
Chapter 11 Certificates Figure 69 Configuration > Object > Certificate > My Certificates > Import The following table describes the labels in this screen. Table 59 Configuration > Object > Certificate > My Certificates > Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it.
Page 120
Chapter 11 Certificates Figure 70 Configuration > Object > Certificate > Trusted Certificates The following table describes the labels in this screen. Table 60 Configuration > Object > Certificate > Trusted Certificates LABEL DESCRIPTION PKI Storage This bar displays the percentage of the NWA/WAC’s PKI storage space that is currently in Space in Use use.
Chapter 11 Certificates 11.3.1 Edit Trusted Certificates Click Configuration > Object > Certificate > Trusted Certificates and then a certificate’s Edit icon to open the Trusted Certificates Edit screen. Use this screen to view in-depth information about the certificate, change the certificate’s name and set whether or not you want the NWA/WAC to check a certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority.
Page 122
Chapter 11 Certificates The following table describes the labels in this screen. Table 61 Configuration > Object > Certificate > Trusted Certificates > Edit LABEL DESCRIPTION Name This field displays the identifying name of this certificate. You can change the name. You can use up to 31 alphanumeric and ;‘~!@#$%^&()_+[]{}’,.=- characters.
Chapter 11 Certificates Table 61 Configuration > Object > Certificate > Trusted Certificates > Edit (continued) LABEL DESCRIPTION Signature Algorithm This field displays the type of algorithm that was used to sign the certificate. Some certification authorities use rsa-pkcs1-sha1 (RSA public-private key encryption algorithm and the SHA1 hash algorithm).
Chapter 11 Certificates Figure 72 Configuration > Object > Certificate > Trusted Certificates > Import The following table describes the labels in this screen. Table 62 Configuration > Object > Certificate > Trusted Certificates > Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it.
HAPTER System 12.1 Overview Use the system screens to configure general NWA/WAC settings. 12.1.1 What You Can Do in this Chapter • The Host Name screen (Section 12.2 on page 125) configures a unique name for the NWA/WAC in your network. •...
Chapter 12 System The following table describes the labels in this screen. Table 63 Configuration > System > Host Name LABEL DESCRIPTION System Name Choose a descriptive name to identify your NWA/WAC device. This name can be up to 64 alphanumeric characters long.
Page 127
Chapter 12 System The following table describes the labels in this screen. Table 64 Configuration > System > Date/Time LABEL DESCRIPTION Current Time and Date Current Time This field displays the present time of your NWA/WAC. Current Date This field displays the present date of your NWA/WAC. Time and Date Setup Manual...
Chapter 12 System Table 64 Configuration > System > Date/Time (continued) LABEL DESCRIPTION End Date Configure the day and time when Daylight Saving Time ends if you selected Enable Daylight Saving. The at field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the first Sunday of November.
Chapter 12 System The Current Time and Current Date fields will display the appropriate settings if the synchronization is successful. If the synchronization was not successful, a log displays in the View Log screen. Try re-configuring the Date/Time screen. To manually set the NWA/WAC date and time: Click System >...
Chapter 12 System Figure 76 Secure and Insecure Service Access From the WAN 12.4.1 Service Access Limitations A service cannot be used to access the NWA/WAC when you have disabled that service in the corresponding screen. 12.4.2 System Timeout There is a lease timeout for administrators. The NWA/WAC automatically logs you out if the management session remains idle for longer than this timeout period.
Chapter 12 System certificate. You must apply for a certificate for the browser from a CA that is a trusted CA on the NWA/WAC. Please refer to the following figure. HTTPS connection requests from an SSL-aware web browser go to port 443 (by default) on the NWA/WAC’s web server.
Chapter 12 System The following table describes the labels in this screen. Table 66 Configuration > System > WWW > Service Control LABEL DESCRIPTION HTTPS Enable Select the check box to allow or disallow the computer with the IP address that matches the IP address(es) in the Service Control table to access the NWA/WAC Web Configurator using secure HTTPs connections.
Page 133
Chapter 12 System Figure 79 Security Alert Dialog Box (Internet Explorer) Select Continue to this website. to proceed to the Web Configurator login screen. Otherwise, select Click here to close this webpage. to block the access. 12.4.5.2 Mozilla Firefox Warning Messages When you attempt to access the NWA/WAC HTTPS server, a The Connection is Untrusted screen appears as shown in the following screen.
Page 134
Chapter 12 System Figure 80 Security Certificate 1 (Firefox) Figure 81 Security Certificate 2 (Firefox) 12.4.5.3 Avoiding Browser Warning Messages Here are the main reasons your browser displays warnings about the NWA/WAC’s HTTPS server certificate and what you can do to avoid seeing the warnings: •...
Page 135
Chapter 12 System • For the browser to trust a self-signed certificate, import the self-signed certificate into your operating system as a trusted certificate. • To have the browser trust the certificates issued by a certificate authority, import the certificate authority’s certificate into your operating system as a trusted certificate.
Page 136
Chapter 12 System 12.4.5.5 Installing the CA’s Certificate Double click the CA’s trusted certificate to produce a screen similar to the one shown next. Click Install Certificate and follow the wizard as shown earlier in this appendix. 12.4.5.6 Installing a Personal Certificate You need a password in advance.
Page 137
Chapter 12 System Click Next to begin the wizard. The file name and path of the certificate you double-clicked should automatically appear in the File name text box. Click Browse if you wish to import a different certificate. NWA5000 / WAC6500 Series User’s Guide...
Page 138
Chapter 12 System Enter the password given to you by the CA. Have the wizard determine where the certificate should be saved on your computer or select Place all certificates in the following store and choose a different location. NWA5000 / WAC6500 Series User’s Guide...
Page 139
Chapter 12 System Click Finish to complete the wizard and begin the import process. You should see the following screen when the certificate is correctly installed on your computer. 12.4.5.7 Using a Certificate When Accessing the NWA/WAC To access the NWA/WAC via HTTPS: Enter ‘https://NWA/WAC IP Address/ in your browser’s web address field.
Chapter 12 System When Authenticate Client Certificates is selected on the NWA/WAC, the following screen asks you to select a personal certificate to send to the NWA/WAC. This screen displays even if you only have a single certificate as in the example. You next see the Web Configurator login screen.
Chapter 12 System Figure 84 How SSH v1 Works Example Host Identification The SSH client sends a connection request to the SSH server. The server identifies itself with a host key. The client encrypts a randomly generated session key with the host key and server key and sends the result back to the server.
Chapter 12 System 12.5.3 Requirements for Using SSH You must install an SSH client program on a client computer (Windows or Linux operating system) that is used to connect to the NWA/WAC over SSH. 12.5.4 Configuring SSH Click Configuration > System > SSH to open the following screen. Use this screen to configure your NWA/WAC’s Secure Shell settings.
Page 143
Chapter 12 System 12.5.5.1 Example 1: Microsoft Windows This section describes how to access the NWA/WAC using the Secure Shell Client program. Launch the SSH client and specify the connection information (IP address, port number) for the NWA/WAC. Configure the SSH client to accept connection using SSH version 1. A window displays prompting you to store the host key in you computer.
Chapter 12 System Figure 88 SSH Example 2: Log in $ ssh –1 192.168.1.2 The authenticity of host '192.168.1.2 (192.168.1.2)' can't be established. RSA1 key fingerprint is 21:6c:07:25:7e:f4:75:80:ec:af:bd:d4:3d:80:53:d1. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.2' (RSA1) to the list of known hosts. Administrator@192.168.1.2's password: The CLI screen displays next.
Chapter 12 System Figure 90 Configuration > System > FTP The following table describes the labels in this screen. Table 69 Configuration > System > FTP LABEL DESCRIPTION Enable Select the check box to allow or disallow the computer with the IP address that matches the IP address(es) in the Service Control table to access the NWA/WAC using this service.
Chapter 12 System Figure 91 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the NWA/WAC). An agent translates the local management information from the managed device into a form compatible with SNMP.
Chapter 12 System ZYXEL-ES-WIRELESS.MIB) to collect information about CPU and memory usage and VPN total throughput. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance. You can download the NWA/WAC’s MIBs from www.zyxel.com. 12.8.2 SNMP Traps The NWA/WAC will send traps to the SNMP manager when any one of the following events occurs.
Chapter 12 System The following table describes the labels in this screen. Table 71 Configuration > System > SNMP LABEL DESCRIPTION Enable Select the check box to allow or disallow users to access the NWA/WAC using SNMP. Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
Page 149
Chapter 12 System Figure 93 Configuration > System > SNMP > Add The following table describes the labels in this screen. Table 72 Configuration > System > SNMP LABEL DESCRIPTION User Name Select the user name of the user account for which this SNMPv3 user profile is configured. Authentication Select the type of authentication the SNMPv3 user must use to connect to the NWA/WAC using this SNMPv3 user profile.
HAPTER Log and Report 13.1 Overview Use the system screens to configure daily reporting and log settings. 13.1.1 What You Can Do In this Chapter • The Email Daily Report screen (Section 13.2 on page 150) configures how and where to send daily reports and what reports to send.
Page 151
Chapter 13 Log and Report Figure 94 Configuration > Log & Report > Email Daily Report The following table describes the labels in this screen. Table 73 Configuration > Log & Report > Email Daily Report LABEL DESCRIPTION Enable Email Select this to send reports by e-mail every day.
Chapter 13 Log and Report Table 73 Configuration > Log & Report > Email Daily Report (continued) LABEL DESCRIPTION Mail From Type the e-mail address from which the outgoing e-mail is delivered. This address is used in replies. Mail To Type the e-mail address (or addresses) to which the outgoing e-mail is delivered.
Page 153
Chapter 13 Log and Report Figure 95 Configuration > Log & Report > Log Setting The following table describes the labels in this screen. Table 74 Configuration > Log & Report > Log Setting LABEL DESCRIPTION Edit Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings.
Chapter 13 Log and Report 13.3.2 Edit System Log Settings This screen controls the detailed settings for each log in the system log (which includes the e-mail profiles). Select a system log entry in the Log Setting screen and click the Edit icon. Figure 96 Configuration >...
Page 155
Chapter 13 Log and Report The following table describes the labels in this screen. Table 75 Configuration > Log & Report > Log Setting > Edit System Log Setting LABEL DESCRIPTION E-Mail Server 1/2 Active Select this to send log messages and alerts according to the information in this section.
Chapter 13 Log and Report Table 75 Configuration > Log & Report > Log Setting > Edit System Log Setting (continued) LABEL DESCRIPTION E-mail Server 2 Use the E-Mail Server 2 drop-down list to change the settings for e-mailing logs to e-mail server 2 for all log categories.
Page 157
Chapter 13 Log and Report Figure 97 Configuration > Log & Report > Log Setting > Edit Remote Server NWA5000 / WAC6500 Series User’s Guide...
Chapter 13 Log and Report The following table describes the labels in this screen. Table 76 Configuration > Log & Report > Log Setting > Edit Remote Server LABEL DESCRIPTION Log Settings for Remote Server Active Select this check box to send log information according to the information in this section. You specify what kinds of messages are included in log information in the Active Log section.
Page 159
Chapter 13 Log and Report Figure 98 Active Log Summary This screen provides a different view and a different way of indicating which messages are included in each log and each alert. (The Default category includes debugging messages generated by open source software.) NWA5000 / WAC6500 Series User’s Guide...
Page 160
Chapter 13 Log and Report The following table describes the fields in this screen. Table 77 Configuration > Log & Report > Log Setting > Active Log Summary LABEL DESCRIPTION Active Log If the NWA/WAC is set to controller mode, the AC section controls logs generated by the Summary controller and the AP section controls logs generated by the managed APs.
Page 161
Chapter 13 Log and Report Table 77 Configuration > Log & Report > Log Setting > Active Log Summary (continued) LABEL DESCRIPTION E-mail Server 1 Select whether each category of events should be included in the log messages when it is E-mail e-mailed (green check mark) and/or in alerts (red exclamation point) for the e-mail settings specified in E-Mail Server 1.
HAPTER File Manager 14.1 Overview Configuration files define the NWA/WAC’s settings. Shell scripts are files of commands that you can store on the NWA/WAC and run when you need them. You can apply a configuration file or run a shell script without the NWA/WAC restarting. You can store multiple configuration files and shell script files on the NWA/WAC.
Chapter 14 File Manager While configuration files and shell scripts have the same syntax, the NWA/WAC applies configuration files differently than it runs shell scripts. This is explained below. Table 78 Configuration Files and Shell Scripts in the NWA/WAC Configuration Files (.conf) Shell Scripts (.zysh) •...
Page 164
Chapter 14 File Manager configuration files from the NWA/WAC to your computer and upload configuration files from your computer to the NWA/WAC. Once your NWA/WAC is configured and functioning properly, it is highly recommended that you back up your configuration file before making further configuration changes. The backup configuration file will be useful in case you need to return to your previous settings.
Page 165
Chapter 14 File Manager The following table describes the labels in this screen. Table 79 Maintenance > File Manager > Configuration File LABEL DESCRIPTION Rename Use this button to change the label of a configuration file on the NWA/WAC. You can only rename manually saved configuration files.
Page 166
Chapter 14 File Manager Table 79 Maintenance > File Manager > Configuration File (continued) LABEL DESCRIPTION Apply Use this button to have the NWA/WAC use a specific configuration file. Click a configuration file’s row to select it and click Apply to have the NWA/WAC use that configuration file.
Chapter 14 File Manager Table 79 Maintenance > File Manager > Configuration File (continued) LABEL DESCRIPTION File Name This column displays the label that identifies a configuration file. You cannot delete the following configuration files or change their file names. The system-default.conf file contains the NWA/WAC’s default settings.
Chapter 14 File Manager Use "get” to download files. Transfer the configuration file on the NWA/WAC to your computer. Type get followed by the name of the configuration file. This examples uses get startup-config.conf. C:\>ftp 192.168.1.2 Connected to 192.168.1.2. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220-You are user number 1 of 5 allowed.
Page 169
Chapter 14 File Manager Figure 100 Maintenance > File Manager > Firmware Package The following table describes the labels in this screen. Table 80 Maintenance > File Manager > Firmware Package LABEL DESCRIPTION Boot This is the version of the boot module that is currently on the NWA/WAC. Module Current This is the firmware version and the date created.
Chapter 14 File Manager 14.3.1 Example of Firmware Upload Using FTP This procedure requires the NWA/WAC’s firmware. Download the firmware package from www.zyxel.com and unzip it. The firmware file uses a .bin extension, for example, "420AAHY1C0.bin". Do the following after you have obtained the firmware file. Connect your computer to the NWA/WAC.
Page 171
Chapter 14 File Manager Click Maintenance > File Manager > Shell Script to open this screen. Use the Shell Script screen to store, name, download, upload and run shell script files. You can store multiple shell script files on the NWA/WAC at the same time. Note: You should include write commands in your scripts.
Page 172
Chapter 14 File Manager Table 81 Maintenance > File Manager > Shell Script (continued) LABEL DESCRIPTION This column displays the number for each shell script file entry. File Name This column displays the label that identifies a shell script file. Size This column displays the size (in KB) of a shell script file.
HAPTER Diagnostics 15.1 Overview Use the diagnostics screen for troubleshooting. 15.1.1 What You Can Do in this Chapter • The Diagnostics screen (Section 15.2 on page 173) generates a file containing the NWA/WAC’s configuration and diagnostic information if you need to provide it to customer support during troubleshooting.
Page 174
Chapter 15 Diagnostics Table 82 Maintenance > Diagnostics LABEL DESCRIPTION Collect Now Click this to have the NWA/WAC create a new diagnostic file. Download Click this to save the most recent diagnostic file to a computer. NWA5000 / WAC6500 Series User’s Guide...
HAPTER LEDs 16.1 Overview The LEDs of your NWA/WAC can be controlled such that they stay lit (ON) or OFF after the NWA/ WAC is ready. There are two features that controls the LEDs of your NWA/WAC - Locator and Suppression.
Chapter 16 LEDs Figure 104 Maintenance > LEDs > Suppression 16.3 Locator Screen The Locator feature identifies the location of your WAC among several devices in the network. You can run this feature and set a timer in this screen. To run the locator feature, enter a number of minutes and click Turn On button to have the WAC find its location.
Page 177
Chapter 16 LEDs The following table describes fields in the above screen. Table 83 Maintenance > LED > Locator LABEL DESCRIPTION Turn On Click Turn On button to activate the locator. The Locator function will show the actual location of the WAC between several devices in the network. Automatically extinguish Enter a time interval between 1 and 60 minutes to stop the locator LED from after...
HAPTER Reboot 17.1 Overview Use this screen to restart the device. 17.1.1 What You Need To Know If you applied changes in the Web configurator, these were saved automatically and do not change when you reboot. If you made changes in the CLI, however, you have to use the write command to save the configuration before you reboot.
HAPTER Shutdown 18.1 Overview Use this screen to shutdown the device. Always use Maintenance > Shutdown > Shutdown or the shutdown command before you turn off the NWA/WAC or remove the power. Not doing so can cause the firmware to become corrupt. 18.1.1 What You Need To Know Shutdown writes all cached data to the local storage and stops the system processes.
HAPTER Troubleshooting 19.1 Overview This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LED • NWA/WAC Access and Login • Internet Access • Wireless Connections •...
Chapter 19 Troubleshooting Disconnect and re-connect the power adaptor or PoE power injector to the NWA/WAC. If the problem continues, contact the vendor. 19.3 NWA/WAC Access and Login I forgot the IP address for the NWA/WAC. The default IP address (in standalone AP mode) is 192.168.1.2. If you changed the IP address and have forgotten it, you have to reset the device to its factory defaults.
Chapter 19 Troubleshooting Advanced Suggestions • Try to access the NWA/WAC using another service, such as Telnet. If you can access the NWA/ WAC, check the remote management settings to find out why the NWA/WAC does not respond to HTTP. •...
Page 183
Chapter 19 Troubleshooting Check the hardware connections, and make sure the LED is behaving as expected. See the Quick Start Guide and Section 19.2 on page 180. Make sure the NWA/WAC is connected to a broadband modem or router with Internet access and your computer is set to obtain an dynamic IP address.
Chapter 19 Troubleshooting 19.5 Wireless Connections I cannot access the NWA/WAC or ping any computer from the WLAN. Make sure the wireless LAN (wireless radio) is enabled on the NWA/WAC. Make sure the radio or at least one of the NWA/WAC’s radios is operating in AP mode. Make sure the wireless adapter (installed on your computer) is working properly.
Page 185
Chapter 19 Troubleshooting • Binary X.509: This is an ITU-T recommendation that defines the formats for X.509 certificates. • PEM (Base-64) encoded X.509: This Privacy Enhanced Mail format uses lowercase letters, uppercase letters and numerals to convert a binary X.509 certificate into a printable form. •...
Page 186
Chapter 19 Troubleshooting • Make sure that all the APs used by the wireless clients in question share the same SSID, security, and radio settings. • Make sure that all the APs are in the same broadcast domain. • Make sure that the wireless clients are in range of the other APs; if they are only in range of a single AP, then load balancing may not be as effective.
Chapter 19 Troubleshooting • Detach the WAC from the mounting bracket. 19.6 Resetting the NWA/WAC If you cannot access the NWA/WAC by any method, try restarting it by turning the power off and then on again. If you still cannot access the NWA/WAC by any method or you forget the administrator password(s), you can reset the NWA/WAC to its factory-default settings.
PP EN D I X Importing Certificates This appendix shows you how to import public key certificates into your web browser. Public key certificates are used by web browsers to ensure that a secure web site is legitimate. When a certificate authority such as VeriSign, Comodo, or Network Solutions, to name a few, receives a certificate request from a website operator, they confirm that the web domain and contact information in the request match those on public record with a domain name registrar.
Page 189
Appendix A Importing Certificates If your device’s Web Configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error. Click Continue to this website (not recommended). In the Address Bar, click Certificate Error > View certificates. NWA5000 / WAC6500 Series User’s Guide...
Page 190
Appendix A Importing Certificates In the Certificate dialog box, click Install Certificate. In the Certificate Import Wizard, click Next. NWA5000 / WAC6500 Series User’s Guide...
Page 191
Appendix A Importing Certificates If you want Internet Explorer to Automatically select certificate store based on the type of certificate, click Next again and then go to step 9. Otherwise, select Place all certificates in the following store and then click Browse. In the Select Certificate Store dialog box, choose a location in which to save the certificate and then click OK.
Page 192
Appendix A Importing Certificates In the Completing the Certificate Import Wizard screen, click Finish. 10 If you are presented with another Security Warning, click Yes. 11 Finally, click OK when presented with the successful certificate installation message. NWA5000 / WAC6500 Series User’s Guide...
Page 193
Appendix A Importing Certificates 12 The next time you start Internet Explorer and go to a ZyXEL Web Configurator page, a sealed padlock icon appears in the address bar. Click it to view the page’s Website Identification information. Installing a Stand-Alone Certificate File in Internet Explorer Rather than browsing to a ZyXEL Web Configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you.
Page 194
Appendix A Importing Certificates Removing a Certificate in Internet Explorer This section shows you how to remove a public key certificate in Internet Explorer 7 on Windows XP. Open Internet Explorer and click Tools > Internet Options. In the Internet Options dialog box, click Content > Certificates. NWA5000 / WAC6500 Series User’s Guide...
Page 195
Appendix A Importing Certificates In the Certificates dialog box, click the Trusted Root Certificates Authorities tab, select the certificate that you want to delete, and then click Remove. In the Certificates confirmation, click Yes. In the Root Certificate Store dialog box, click Yes. The next time you go to the web site that issued the public key certificate you just removed, a certification error appears.
Page 196
Appendix A Importing Certificates Firefox The following example uses Mozilla Firefox 2 on Windows XP Professional; however, the screens can also apply to Firefox 2 on all platforms. If your device’s Web Configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error.
Page 197
Appendix A Importing Certificates Installing a Stand-Alone Certificate File in Firefox Rather than browsing to a ZyXEL Web Configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you. Open Firefox and click Tools >...
Page 198
Appendix A Importing Certificates In the Certificate Manager dialog box, click Web Sites > Import. Use the Select File dialog box to locate the certificate and then click Open. The next time you visit the web site, click the padlock in the address bar to open the Page Info > Security window to see the web page’s security information.
Page 199
Appendix A Importing Certificates Open Firefox and click Tools > Options. In the Options dialog box, click Advanced > Encryption > View Certificates. NWA5000 / WAC6500 Series User’s Guide...
Page 200
Appendix A Importing Certificates In the Certificate Manager dialog box, select the Web Sites tab, select the certificate that you want to remove, and then click Delete. In the Delete Web Site Certificates dialog box, click OK. The next time you go to the web site that issued the public key certificate you just removed, a certification error appears.
PP EN D I X IPv6 Overview IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 10 addresses.
Page 202
Appendix B IPv6 Global Address A global address uniquely identifies a device on the Internet. It is similar to a “public IP address” in IPv4. A global unicast address starts with a 2 or 3. Unspecified Address An unspecified address (0:0:0:0:0:0:0:0 or ::) is used as the source address when a device does not have its own address.
Page 203
Appendix B IPv6 Table 86 Reserved Multicast Address (continued) MULTICAST ADDRESS FF0A:0:0:0:0:0:0:0 FF0B:0:0:0:0:0:0:0 FF0C:0:0:0:0:0:0:0 FF0D:0:0:0:0:0:0:0 FF0E:0:0:0:0:0:0:0 FF0F:0:0:0:0:0:0:0 Subnet Masking Both an IPv6 address and IPv6 subnet mask compose of 128-bit binary digits, which are divided into eight 16-bit blocks and written in hexadecimal notation. Hexadecimal uses four bits for each character (1 ~ 10, A ~ F).
Appendix B IPv6 address which combines its interface ID and global and subnet information advertised from the router. This is a routable global IP address. DHCPv6 The Dynamic Host Configuration Protocol for IPv6 (DHCPv6, RFC 3315) is a server-client protocol that allows a DHCP server to assign and pass IPv6 network addresses, prefixes and other configuration information to DHCP clients.
Page 205
Appendix B IPv6 such as the system name. The interface-ID option provides slot number, port information and the VLAN ID to the DHCPv6 server. The remote-ID option (if any) is stripped from the Relay-Reply messages before the relay agent sends the packets to the clients. The DHCP server copies the interface-ID option from the Relay-Forward message into the Relay-Reply message and sends it to the relay agent.
Page 206
Appendix B IPv6 to determine whether the destination address is on-link and can be reached directly without passing through a router. If the address is onlink, the address is considered as the next hop. Otherwise, the NWA/WAC determines the next-hop from the default router list or routing table. Once the next hop IP address is known, the NWA/WAC looks into the neighbor cache to get the link- layer address and sends the packet when the neighbor is reachable.
Page 207
Appendix B IPv6 Example - Enabling IPv6 on Windows XP/2003/Vista By default, Windows XP and Windows 2003 support IPv6. This example shows you how to use the ipv6 install command on Windows XP/2003 to enable IPv6. This also displays how to use the ipconfig command to see auto-generated IP addresses.
Page 208
Appendix B IPv6 Click Start and then OK. Now your computer can obtain an IPv6 address from a DHCPv6 server. Example - Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default. DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer.
Page 209
Appendix B IPv6 Click Close to exit the Local Area Connection Status screen. Select Start > All Programs > Accessories > Command Prompt. Use the ipconfig command to check your dynamic IPv6 address. This example shows a global address (2001:b021:2d::1000) obtained from a DHCP server. C:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection:...
• Brief description of the problem and the steps you took to solve it. Corporate Headquarters (Worldwide) Taiwan • ZyXEL Communications Corporation • http://www.zyxel.com Asia China • ZyXEL Communications (Shanghai) Corp. ZyXEL Communications (Beijing) Corp. ZyXEL Communications (Tianjin) Corp. • http://www.zyxel.cn India • ZyXEL Technology India Pvt Ltd • http://www.zyxel.in Kazakhstan •...
Page 212
Appendix C Customer Support Belgium • ZyXEL Communications B.V. • http://www.zyxel.com/be/nl/ Bulgaria • ZyXEL България • http://www.zyxel.com/bg/bg/ Czech • ZyXEL Communications Czech s.r.o • http://www.zyxel.cz Denmark • ZyXEL Communications A/S • http://www.zyxel.dk Estonia • ZyXEL Estonia • http://www.zyxel.com/ee/et/ Finland • ZyXEL Communications •...
Page 213
• ZyXEL Communications Poland • http://www.zyxel.pl Romania • ZyXEL Romania • http://www.zyxel.com/ro/ro Russia • ZyXEL Russia • http://www.zyxel.ru Slovakia • ZyXEL Communications Czech s.r.o. organizacna zlozka • http://www.zyxel.sk Spain • ZyXEL Spain • http://www.zyxel.es Sweden • ZyXEL Communications • http://www.zyxel.se Switzerland •...
Page 214
• ZyXEL Communication Corporation • http://www.zyxel.com/ec/es/ Middle East Egypt • ZyXEL Communication Corporation • http://www.zyxel.com/homepage.shtml Middle East • ZyXEL Communication Corporation • http://www.zyxel.com/homepage.shtml North America • ZyXEL Communications, Inc. - North America Headquarters • http://www.us.zyxel.com/ NWA5000 / WAC6500 Series User’s Guide...
Page 215
Appendix C Customer Support Oceania Australia • ZyXEL Communications Corporation • http://www.zyxel.com/au/en/ Africa South Africa • Nology (Pty) Ltd. • http://www.zyxel.co.za NWA5000 / WAC6500 Series User’s Guide...
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved.
Page 217
Appendix D Legal Information Industry Canada RSS-GEN & RSS-210 statement • This device complies with Industry Canada license-exempt RSS standard(s). Operation is subject to the following two conditions: (1) this device may not cause interference, and (2) this device must accept any interference, including interference that may cause undesired operation of the device.
Page 218
Appendix D Legal Information Íslenska Hér með lýsir, ZyXEL því yfir að þessi búnaður er í samræmi við grunnkröfur og önnur viðeigandi ákvæði tilskipunar (Icelandic) 1999/5/EC. Italiano Con la presente ZyXEL dichiara che questo attrezzatura è conforme ai requisiti essenziali ed alle altre disposizioni (Italian) pertinenti stabilite dalla direttiva 1999/5/CE.
Appendix D Legal Information The outdoor usage of the 2.4 GHz band requires an authorization from the Electronic Communications Office. Please check http:// www.esd.lv for more details. 2.4 GHz frekvenèu joslas izmantoðanai ârpus telpâm nepiecieðama atïauja no Elektronisko sakaru direkcijas. Vairâk informâcijas: http:// www.esd.lv.
Page 220
Appendix D Legal Information Environment statement ErP (Energy-related Products) ZyXEL products put on the EU market in compliance with the requirement of the European Parliament and the Council published Directive 2009/125/EC establishing a framework for the setting of ecodesign requirements for energy-related products (recast), so called as "ErP Directive (Energy-related Products directive) as well as ecodesign requirement laid down in applicable implementing measures, power consumption has satisfied regulation requirements which are: Network standby power consumption <...
Page 221
Appendix D Legal Information Environmental Product Declaration NWA5000 / WAC6500 Series User’s Guide...
Page 222
Appendix D Legal Information 台灣 以下訊息僅適用於產品銷售至台灣地區 第十二條 經型式認證合格之低功率射頻電機,非經許可,公司、商號或使用者均不得擅自變更頻率、加大功率或變更原設計之特性及功能。 第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通信;經發現有干擾現象時,應立即停用,並改善至無干擾時方得繼續使用。 前項合法通信,指依電信法規定作業之無線電通信。低功率射頻電機須忍受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。 Viewing Certifications Go to http://www.zyxel.com to view this product’s documentation and certifications. ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in material or workmanship for a specific period (the Warranty Period) from the date of purchase.
Index Index Certificate Management Protocol (CMP) Symbols Certificate Revocation List (CRL) vs OCSP certificates advantages of and CA and FTP and HTTPS access and SSH and WWW access privileges certification path 109, 117, 122 access users expired see also users factory-default admin users file formats...
Page 224
Index at restart dynamic channel selection backing up downloading downloading with FTP editing how applied e-mail lastgood.conf 164, 167 daily statistics report managing startup-config.conf encryption startup-config-bad.conf syntax ESSID system-default.conf Extended Service Set IDentification uploading uploading with FTP use without restart contact information Control and Provisioning of Wireless Access Points FCC interference statement...
Page 225
Index redirect to HTTPS permissions vs HTTPS JavaScripts HTTPS and certificates authenticating clients avoiding warning messages example key pairs vs HTTP with Internet Explorer with Netscape Navigator HyperText Transfer Protocol over Secure Socket Layer, see HTTPS lastgood.conf 164, 167 layer-2 isolation example IEEE 802.1x LEDs...
Page 226
Index Management Mode packet statistics CAPWAP and DHCP pop-up windows CAPWAP and IP Subnets power off managed AP power on standalone mode product registration management mode Public-Key Infrastructure (PKI) managing the device public-private key pairs good habits using FTP. See FTP. MBSSID memory usage 40, 43...
Page 227
Index pre-configured SSID profiles SCEP (Simple Certificate Enrollment Protocol) starting the device screen resolution startup-config.conf Secure Socket Layer, see SSL if errors serial number missing at restart service control present at restart and users startup-config-bad.conf limitations station timeouts statistics Service Set daily e-mail report Service Set Identifier status...
Page 228
Index shell scripts access requirements usage supported browsers 40, 42 flash web configurator memory WEP (Wired Equivalent Privacy) 40, 43 onboard flash wireless channel wireless client user authentication Wireless Distribution System (WDS) user name wireless LAN rules Wireless network user objects overview users wireless network...