Page 1 G-3000H 802.11g Wireless Access Point User’s Guide Version 3.50 1/2006...
Page 3: Federal Communications Commission (Fcc) Interference Statement
G-3000H User’s Guide Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.
Page 4 G-3000H User’s Guide Certifications Go to www.zyxel.com 1 Select your product from the drop-down list box on the ZyXEL home page to go to that product's page. 2 Select the certification you wish to view from this page This product has been designed for the WLAN 2.4 GHz network throughout the EC region and Switzerland, with restrictions in France.
Page 5: Safety Warnings
G-3000H User’s Guide Safety Warnings 1 To reduce the risk of fire, use only No. 26 AWG or larger telephone wire. 2 Do not use this product near water, for example, in a wet basement or near a swimming pool.
Page 6: Zyxel Limited Warranty
G-3000H User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During...
Page 7: Customer Support
G-3000H User’s Guide Customer Support Please have the following information ready when you contact customer support. • Product model and serial number. • Warranty Information. • Date that you received your device. • Brief description of the problem and the steps you took to solve it.
Page 8 G-3000H User’s Guide METHOD SUPPORT E-MAIL TELEPHONE WEB SITE REGULAR MAIL SALES E-MAIL FTP SITE LOCATION info@pl.zyxel.com +48-22-5286603 www.pl.zyxel.com ZyXEL Communications ul.Emilli Plater 53 POLAND +48-22-5206701 00-113 Warszawa Poland http://zyxel.ru/support +7-095-542-89-29 www.zyxel.ru ZyXEL Russia Ostrovityanova 37a Str. RUSSIA sales@zyxel.ru +7-095-542-89-25...
Page 9: Table Of Contents
G-3000H User’s Guide Table of Contents Copyright ........................2 Federal Communications Commission (FCC) Interference Statement ....3 Safety Warnings ....................... 5 ZyXEL Limited Warranty..................6 Customer Support....................7 Table of Contents ..................... 9 List of Figures ......................17 List of Tables ......................23 Preface ........................
Page 10 G-3000H User’s Guide 3.1.2 ESS ID ......................43 3.1.3 WEP Encryption ..................43 3.2 Wizard Setup: General Setup ................44 3.3 Wizard Setup: Wireless LAN ................44 3.4 Wizard Setup: IP Address ..................46 3.4.1 IP Address Assignment ................46 3.4.2 IP Address and Subnet Mask ..............46 3.5 Basic Setup Complete ..................48...
Page 11 G-3000H User’s Guide 6.1.1 Encryption ....................67 6.1.2 Authentication ...................67 6.1.3 Restricted Access ..................67 6.1.4 Hide ZyAIR Identity ...................68 6.1.5 WEP Encryption ..................68 6.2 Configuring WEP Encryption ................68 6.3 802.1x Overview ....................68 6.4 EAP Authentication Overview ................68 6.5 Dynamic WEP Key Exchange ................69 6.6 Introduction to WPA ...................69...
Page 12 G-3000H User’s Guide Chapter 8 Other Wireless Configurations ................93 8.1 Layer-2 Isolation Introduction ................93 8.2 Configuring Layer-2 Isolation ................94 8.2.1 Layer-2 Isolation Examples ..............95 8.2.2 Layer-2 Isolation Example 1 ..............96 8.2.3 Layer-2 Isolation Example 2 ..............96 8.2.4 Layer-2 Isolation Example 3 ..............97 8.3 Configuring MAC Filter ..................97...
Page 13 G-3000H User’s Guide 11.10 Importing a Trusted CA’s Certificate .............129 11.11 Trusted CA Certificate Details ...............130 Chapter 12 Remote Management Screens ................135 12.1 Remote Management Overview ..............135 12.1.1 Remote Management Limitations ............135 12.1.2 Remote Management and NAT ............136 12.1.3 System Timeout ...................136 12.2 Configuring WWW ..................136...
Page 14 G-3000H User’s Guide 15.4 Navigating the SMT Interface .................161 15.4.1 System Management Terminal Interface Summary ......162 Chapter 16 General Setup ....................... 165 16.1 General Setup ....................165 16.1.1 Procedure To Configure Menu 1 ............165 Chapter 17 LAN Setup......................167 17.1 LAN Setup ......................167 17.2 TCP/IP Ethernet Setup ...................167...
Page 15 G-3000H User’s Guide 22.3 Log and Trace ....................192 22.3.1 Viewing Error Log .................192 22.4 Diagnostic ......................193 Chapter 23 Firmware and Configuration File Maintenance ..........195 23.1 Filename Conventions ...................195 23.2 Backup Configuration ..................196 23.2.1 Backup Configuration Using FTP ............196 23.2.2 Using the FTP command from the DOS Prompt ........197 23.2.3 Backup Configuration Using TFTP ............198...
Page 16 G-3000H User’s Guide Appendix A Troubleshooting....................219 Appendix B Specifications...................... 221 Appendix C Power over Ethernet (PoE) Specifications ............223 Appendix D Brute-Force Password Guessing Protection............. 225 Appendix E Setting up Your Computer’s IP Address............227 Appendix F IP Address Assignment Conflicts ..............239 Appendix G Wireless LANs ......................
Page 17: List Of Figures
G-3000H User’s Guide List of Figures Figure 1 PoE Installation Example ..................30 Figure 2 WDS Functionality Example ................. 31 Figure 3 Access Point Application ..................35 Figure 4 Multiple ESS Application ..................36 Figure 5 AP+Bridge Application ..................37 Figure 6 Bridge Application ....................
Page 18 G-3000H User’s Guide Figure 39 Multi-ESS with VLAN Example ................86 Figure 40 Wireless: Multiple ESS ..................87 Figure 41 SSID ........................89 Figure 42 Configuring SSID ....................90 Figure 43 Second Rx VLAN ID Example ................92 Figure 44 Configuring SSID: Second Rx VLAN ID Example ..........92 Figure 45 Layer-2 Isolation Application ................
Page 19 Figure 104 Login Screen ..................... 159 Figure 105 Menu 23.1 System Security: Change Password ..........160 Figure 106 G-3000H SMT Main Menu ................162 Figure 107 Menu 1 General Setup ..................165 Figure 108 Menu 3 LAN Setup ................... 167 Figure 109 Menu 3.2 TCP/IP Setup ..................
Page 20 G-3000H User’s Guide Figure 125 Menu 23 System Security ................. 187 Figure 126 Menu 23 - System Security ................188 Figure 127 Menu 23.5 Security Profile Edit ................. 188 Figure 128 Menu 24 System Maintenance ................. 189 Figure 129 Menu 24.1 System Maintenance: Status ............190 Figure 130 Menu 24.2 System Information and Console Port Speed .........
Page 21 G-3000H User’s Guide Figure 168 Macintosh OS 8/9: TCP/IP ................235 Figure 169 Macintosh OS X: Apple Menu ................236 Figure 170 Macintosh OS X: Network ................. 237 Figure 171 IP Address Conflicts: Case A ................239 Figure 172 IP Address Conflicts: Case B ................240 Figure 173 IP Address Conflicts: Case C ................
Page 22 G-3000H User’s Guide List of Figures...
Page 23: List Of Tables
G-3000H User’s Guide List of Tables Table 1 IEEE 802.11b ......................32 Table 2 IEEE 802.11g ......................32 Table 3 Wizard 1: General Setup ..................44 Table 4 Wizard 2: Wireless LAN Setup ................45 Table 5 Private IP Address Ranges ................... 46 Table 6 Wizard 3: IP Address Assignment .................
Page 24 G-3000H User’s Guide Table 39 My Certificate Import ................... 121 Table 40 My Certificate Create ................... 122 Table 41 My Certificate Details ................... 125 Table 42 Trusted CAs ......................128 Table 43 Trusted CA Import ....................129 Table 44 Trusted CA Details ....................131 Table 45 Remote Management: WWW ................
Page 25 G-3000H User’s Guide Table 82 Menu 24.11 Remote Management Control ............216 Table 83 Troubleshooting the Start-Up of Your ZyAIR ............219 Table 84 Troubleshooting the Ethernet Interface ............... 219 Table 85 Troubleshooting the Password ................220 Table 86 Troubleshooting Telnet ..................220 Table 87 Troubleshooting the WLAN Interface ..............
Page 26 G-3000H User’s Guide List of Tables...
Page 27: Preface
G-3000H User’s Guide Preface Congratulations on your purchase of the G-3000H - 802.11g Wireless Access Point/Bridge/ Repeater. An AP acts as a bridge between the wireless and wired networks, extending your existing wired network without any additional wiring. The ZyAIR can function as a wireless network bridge/repeater and establish up to five wireless links with other APs.
Page 28 Control Panels and then click Modem. • “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”. • The G-3000H may be referred to simply as the ZyAIR in the user’s guide. Graphics Icons Key...
Page 29: Getting To Know Your Zyair
This chapter introduces the main features and applications of the ZyAIR. 1.1 Introducing the ZyAIR The G-3000H extends the range of your existing wired network without any additional wiring efforts, providing easy network access to mobile users. The ZyAIR offers highly secured wireless connectivity to your wired network with IEEE 802.1x, Wi-Fi Protected Access, WEP data encryption and MAC address filtering.
Page 30: Firmware Features
G-3000H User’s Guide ZyAIR LED The blue ZyAIR LED (also known as the Breathing LED) is on when the ZyAIR is on and blinks (or breaths) when data is being transmitted to/from its wireless stations. You may use the web configurator to turn this LED off even when the ZyAIR is on and data is being transmitted/received.
Page 31: Figure 2 Wds Functionality Example
G-3000H User’s Guide VLAN A VLAN (Virtual Local Area Network) allows a physical network to be partitioned into multiple logical networks. Only stations within the same group can talk to each other. Stations on a logical network can belong to one or more groups. The ZyAIR supports 802.1Q VLAN tagging.
Page 32: Table 1 Ieee 802.11B
G-3000H User’s Guide The 802.11b data rate and corresponding modulation techniques are shown in the table below. The modulation technique defines how bits are encoded onto radio waves. Table 1 IEEE 802.11b DATA RATE (MBPS) MODULATION DBPSK (Differential Binary Phase Shifted Keying) DQPSK (Differential Quadrature Phase Shifted Keying 5.5 / 11...
Page 33: Wireless Lan Mac Address Filtering
G-3000H User’s Guide Limit the number of Client Connections You may set a maximum number of wireless stations that may connect to the ZyAIR. This may be necessary if for example, there is interference or difficulty with channel assignment due to a high density of APs within a coverage area.
Page 34: Full Network Management
G-3000H User’s Guide Wireless LAN Channel Usage The Wireless Channel Usage screen displays whether the radio channels are used by other wireless devices within the transmission range of the ZyAIR. This allows you to select the channel with minimum interference for your ZyAIR.
Page 35: Applications For The Zyair
G-3000H User’s Guide 1.3 Applications for the ZyAIR Here are some ZyAIR application examples. The ZyAIR can be configured using the following WLAN operating modes 1 AP 2 AP+Bridge 3 Bridge/Repeater Applications for each operating mode are shown below. Note: A different channel should be configured for each WLAN interface to reduce the effects of radio interference.
Page 36: Ap + Bridge
G-3000H User’s Guide Station 1 relays communications via the ZyAIR within the Multi-ESS coverage area and with AP X if it moves to the RD ESS coverage area. Similarly, Station 2 relays communications via the ZyAIR within the Multi-ESS coverage area and with AP Y if it moves to the Sales ESS coverage area.
Page 37: Bridge / Repeater
G-3000H User’s Guide Figure 5 AP+Bridge Application 1.3.4 Bridge / Repeater The ZyAIR can act as a wireless network bridge and establish wireless links with other APs. In bridge mode, the ZyAIR’s (A and B) are connected to independent wired networks and have a bridge (A can communicate with B) connection at the same time.
Page 38: Figure 6 Bridge Application
G-3000H User’s Guide Figure 6 Bridge Application Figure 7 Repeater Application Chapter 1 Getting to Know Your ZyAIR...
Page 39: Introducing The Web Configurator
G-3000H User’s Guide H A P T E R Introducing the Web Configurator This chapter describes how to access the ZyAIR web configurator and provides an overview of its screens. The default IP address of the ZyAIR is 192.168.1.2. 2.1 Accessing the ZyAIR Web Configurator 1 Make sure your ZyAIR hardware is properly connected and prepare your computer/ computer network to connect to the ZyAIR (refer to the Quick Start Guide).
Page 40: Figure 8 Change Password Screen
G-3000H User’s Guide Figure 8 Change Password Screen 6 Click Apply in the Replace Certificate screen to create a certificate using your ZyAIR’s MAC address that will be specific to this device. Figure 9 Replace Certificate Screen You should now see the MAIN MENU screen.
Page 41: Resetting The Zyair
2.3 Navigating the ZyAIR Web Configurator We use the G-3000H web configurator in this guide as an example. The web configurator screens for your model may vary slightly for different ZyAIR models. The following summarizes how to navigate the web configurator from the MAIN MENU screen.
Page 42: Figure 10 The Main Menu Screen Of The Web Configurator
G-3000H User’s Guide Figure 10 The MAIN MENU Screen of the Web Configurator Click WIZARD SETUP for initial configuration including general setup, Wireless LAN setup and IP address assignment. Click the links under ADVANCED to configure advanced features such as SYSTEM...
Page 43: Chapter 3 Wizard Setup
G-3000H User’s Guide H A P T E R Wizard Setup This chapter provides information on the Wizard Setup screens in the web configurator. 3.1 Wizard Setup Overview The web configurator’s setup wizard helps you configure your ZyAIR for wireless stations to access your wired LAN.
Page 44: Wizard Setup: General Setup
G-3000H User’s Guide 3.2 Wizard Setup: General Setup General Setup contains administrative and system-related information. Figure 11 Wizard 1: General Setup The following table describes the labels in this screen. Table 3 Wizard 1: General Setup LABEL DESCRIPTION System Name It is recommended you type your computer's "Computer name".
Page 45: Figure 12 Wizard 2: Wireless Lan Setup
G-3000H User’s Guide Figure 12 Wizard 2: Wireless LAN Setup The following table describes the labels in this screen. Table 4 Wizard 2: Wireless LAN Setup LABEL DESCRIPTION Wireless LAN Setup Name (SSID) Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN.
Page 46: Wizard Setup: Ip Address
G-3000H User’s Guide 3.4 Wizard Setup: IP Address The third wizard screen allows you to configure IP address assignment. 3.4.1 IP Address Assignment Every computer on the Internet must have a unique IP address. If your networks are isolated from the Internet, for instance, only between your two branch offices, you can assign any IP addresses to the hosts without problems.
Page 47: Figure 13 Wizard 3: Ip Address Assignment
G-3000H User’s Guide Once you have decided on the network number, pick an IP address that is easy to remember, for instance, 192.168.1.2, for your ZyAIR, but make sure that no other device on your network is using that IP address.
Page 48: Basic Setup Complete
G-3000H User’s Guide 3.5 Basic Setup Complete When you click Finish in the Wizard 3 IP Address Assignment screen, a warning window display as shown. Click OK to close the window and log in to the web configurator again using the new IP address if you change the default IP address (192.168.1.2).
Page 49: Chapter 4 System Screens
G-3000H User’s Guide H A P T E R System Screens 4.1 System Overview This section provides information on general system setup. 4.2 Configuring General Setup Click the SYSTEM link under ADVANCED to open the General screen. Figure 15 System General Setup The following table describes the labels in this screen.
Page 50: Configuring Password
G-3000H User’s Guide Table 7 System General Setup LABEL DESCRIPTION Administrator Type how many minutes a management session (either via the web Inactivity Timer configurator or SMT) can be left idle before the session times out. The default is 5 minutes. After it times out you have to log in with your password again.
Page 51: Configuring Time Setting
G-3000H User’s Guide The following table describes the labels in this screen. Table 8 Password LABEL DESCRIPTIONS Old Password Type in your existing system password (1234 is the default password). New Password Type your new system password (up to 31 characters). Note that as you type a password, the screen displays an asterisk (*) for each character you type.
Page 52: Table 9 Time Setting
G-3000H User’s Guide The following table describes the labels in this screen. Table 9 Time Setting LABEL DESCRIPTION Time Protocol Select the time service protocol that your time server sends when you turn on the ZyAIR. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.
Page 53: Wireless Configuration
G-3000H User’s Guide H A P T E R Wireless Configuration This chapter discusses how to configure Wireless screens on the ZyAIR. 5.1 Wireless LAN Overview This section introduces the wireless LAN (WLAN) and some basic scenarios. 5.1.1 BSS A Basic Service Set (BSS) exists when all communications between wireless stations or between a wireless station and a wired network client go through one access point (AP).
Page 54: Ess
G-3000H User’s Guide 5.1.2 ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). An ESSID (ESS IDentification) uniquely identifies each ESS.
Page 55: Wmm Qos
G-3000H User’s Guide • WPA • Security Parameters Summary 5.3 WMM QoS WMM (Wi-Fi MultiMedia) QoS (Quality of Service) ensures quality of service in wireless networks for multimedia applications. WMM QoS prioritizes wireless traffic according to the delivery requirements of the individual and applications. WMM QoS is a part of the IEEE 802.11e QoS enhancement to certified Wi-Fi wireless networks.
Page 56: Diffserv
G-3000H User’s Guide 5.3.2.1 DiffServ DiffServ is a class of service (CoS) model that marks packets so that they receive specific per- hop treatment at DiffServ-compliant network devices along the route based on the application types and traffic flow. Packets are marked with DiffServ Code Points (DSCPs) indicating the level of service desired.
Page 57: Spanning Tree Protocol (Stp)
G-3000H User’s Guide Table 11 ToS and IEEE 802.1d to WMM QoS Priority Level Mapping DSCP VALUE WMM QOS PRIORITY LEVEL 96, 0 besteffort 64, 32 background a. The ZyAIR also uses best effort for any DSCP value for which another WMM QoS priority is not specified (255, 158 or 37 for example).
Page 58: How Stp Works
G-3000H User’s Guide For each LAN segment, a designated bridge is selected. This bridge has the lowest cost to the root among the bridges connected to the LAN. 5.4.3 How STP Works After a bridge determines the lowest cost-spanning tree with STP, it enables the root port and the ports that are the designated ports for connected LANs, and disables all other ports that participate in STP.
Page 59: Configuring Wireless
G-3000H User’s Guide 3 Use the Security screen to configure wireless profiles. For each profile you can configure a name and one of the wireless security modes. 4 Use the RADIUS screen to configure RADIUS authentication and accounting settings. 5 Use the Layer-2 Isolation screen to prevent wireless clients associated with your ZyAIR from communicating with other wireless clients, AP’s, computers or routers in a network.
Page 60: Table 14 Wireless: Access Point
G-3000H User’s Guide The following table describes the general wireless LAN labels in this screen. Table 14 Wireless: Access Point LABEL DESCRIPTION Operating Mode Select the operating mode from the drop-down list. The options are Access Point, Bridge/Repeater, AP+Bridge and MESSID.
Page 61: Bridge/Repeater Mode
G-3000H User’s Guide Table 14 Wireless: Access Point LABEL DESCRIPTION Output Power Set the output power of the ZyAIR in this field. If there is a high density of APs within an area, decrease the output power of the ZyAIR to reduce interference with other APs.
Page 62: Figure 22 Bridging Example
G-3000H User’s Guide Figure 22 Bridging Example Be careful to avoid bridge loops when you enable bridging in the ZyAIR. Bridge loops cause broadcast traffic to circle the network endlessly, resulting in possible throughput degradation and disruption of communications. The following examples show two network topologies that can lead to this problem: If two or more ZyAIRs (in bridge mode) are connected to the same hub as shown next.
Page 63: Figure 24 Bridge Loop: Bridge Connected To Wired Lan
G-3000H User’s Guide Figure 24 Bridge Loop: Bridge Connected to Wired LAN To prevent bridge loops, ensure that you enable STP in the Wireless screen or your ZyAIR is not set to bridge mode while connected to both wired and wireless segments of the same LAN.
Page 64: Figure 25 Wireless: Bridge/Repeater
G-3000H User’s Guide Figure 25 Wireless: Bridge/Repeater The following table describes the bridge labels in this screen. Table 15 Wireless: Bridge/Repeater LABEL DESCRIPTIONS Operating Mode Select Bridge/Repeater in this field to display the screen as shown. Choose Channel ID Set the operating frequency/channel depending on your particular region.
Page 65: Ap+Bridge Mode
G-3000H User’s Guide Table 15 Wireless: Bridge/Repeater LABEL DESCRIPTIONS Enable WDS Security Select the check box to enable WDS on your ZyAIR. A Wireless Distribution System (WDS) is a wireless connection between two or more APs. When you select the check box, you are prompted to type a Pre-Shared Key (PSK).
Page 66: Multiple Ess Mode
G-3000H User’s Guide Figure 26 Wireless: AP+Bridge See the tables describing the fields in the Access Point and Bridge/Repeater operating modes for descriptions of the fields in this screen. 5.6.4 Multiple ESS Mode Select MESSID as the Operating Mode to display the screen. Refer to the chapter on Multiple ESS and VLAN for configuration and detailed information.
Page 67: Wireless Security Configuration
G-3000H User’s Guide H A P T E R Wireless Security Configuration This chapter describes how to use the Security, RADIUS and Local User Database screens to configure wireless security on your ZyAIR. 6.1 Wireless Security Overview Wireless security is vital to your network to protect wireless communication between wireless stations, access points and the wired network.
Page 68: Hide Zyair Identity
G-3000H User’s Guide 6.1.4 Hide ZyAIR Identity If you hide the ESSID, then the ZyAIR cannot be seen when a wireless client scans for local APs. The trade-off for the extra security of “hiding” the ZyAIR may be inconvenience for some valid WLAN clients.
Page 69: Dynamic Wep Key Exchange
G-3000H User’s Guide The following figure shows an overview of authentication when you specify a RADIUS server on your access point. Figure 27 EAP Authentication The details below provide a general description of how IEEE 802.1x EAP authentication works. For an example list of EAP-MD5 authentication steps, see the IEEE 802.1x appendix.
Page 70: User Authentication
G-3000H User’s Guide 6.6.1 User Authentication WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients using an external RADIUS database. See later in this chapter and the appendices for more information on IEEE 802.1x, RADIUS, EAP and PEAP.
Page 71: Wpa(2) With Radius Application Example
G-3000H User’s Guide 1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters (including spaces and symbols). 2 The AP checks each wireless client's password and (only) allows it to join the network if the password matches.
Page 72: Security Modes
G-3000H User’s Guide Figure 29 WPA(2) with RADIUS Application Example 6.8 Security Modes The following table describes the security modes you can configure. Table 16 Security Modes SECURITY MODE DESCRIPTION None Select this to have no data encryption. Select this to use WEP encryption.
Page 73: Security Modes And Wireless Client Compatibility
G-3000H User’s Guide Table 16 Security Modes SECURITY MODE DESCRIPTION WPA2-MIX Select this to use either WPA2 or WPA depending on which security mode the wireless client uses. No-Access Select this to prevent wireless client access to the ZyAIR. 6.9 Security Modes and Wireless Client Compatibility Different security modes can be configured for each SSID.
Page 74: Wireless Security Effectiveness
G-3000H User’s Guide The Funk Software's Odyssey client is bundled free (at the time of writing) with the client wireless adaptor(s). 6.11 Wireless Security Effectiveness The following figure shows the relative effectiveness of these wireless security methods available on your ZyAIR. EAP (Extensible Authentication Protocol) is used for authentication and utilizes dynamic WEP key exchange.
Page 75: Security: No Access
G-3000H User’s Guide Figure 30 Security The following table describes the labels in this screen. Table 19 Security LABEL DESCRIPTION Index This is the index number of the security profile address. Profile Name This field displays a name given to a security profile in the Security configuration screen.
Page 76: Security: Wep
G-3000H User’s Guide The following table describes the labels in this screen. Table 20 Security: No Access or None LABEL DESCRIPTION Name Type a name to identify this security profile. Security Mode Choose No Access or None in this field.
Page 77: Security: 802.1X Only, 802.1X Static 64-Bit Wep, 128-Bit Wep
G-3000H User’s Guide Table 21 Security: WEP LABEL DESCRIPTION Key 1 to The WEP keys are used to encrypt data. Both the ZyAIR and the wireless stations must use the same WEP key for data transmission. Key 4 If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F").
Page 78: Security: 802.1X Dynamic 64-Bit Wep, 128-Bit Wep
G-3000H User’s Guide Table 22 Security: 802.1x Only, 802.1x Static 64-bit WEP, 128-bit WEP LABEL DESCRIPTION Key 1 to Key 4 If you chose 64-bit WEP in the WEP Encryption field, then enter any 5 characters (ASCII string) or 10 hexadecimal characters ("0-9", "A-F") preceded by 0x for each key.
Page 79: Figure 34 Security: 802.1X Dynamic 64-Bit Wep, 128-Bit Wep
G-3000H User’s Guide Figure 34 Security: 802.1x Dynamic 64-bit WEP, 128-bit WEP The following table describes the labels in this screen. Table 23 Security: 802.1x Dynamic 64-bit WEP, 128-bit WEP LABEL DESCRIPTION Name Type a name to identify this security profile.
Page 80: Security: Wpa, Wpa-Mix, Wpa2, Wpa2-Mix
G-3000H User’s Guide 6.12.5 Security: WPA, WPA-MIX, WPA2, WPA2-MIX Select WPA, WPA-MIX, WPA2 or WPA2-MIX in the Security Mode field to display the following screen. Figure 35 Security: WPA, WPA-MIX, WPA2 or WPA2-MIX The following table describes the labels not previously discussed...
Page 81: Figure 36 Security: Wpa-Psk, Wpa2-Psk Or Wpa2-Psk-Mix
G-3000H User’s Guide Figure 36 Security: WPA-PSK, WPA2-PSK or WPA2-PSK-MIX The following table describes the labels not previously discussed Table 25 Security: WPA-PSK, WPA2-PSK or WPA2-PSK-MIX LABEL DESCRIPTION Name Type a name to identify this security profile. Security Mode Choose WPA-PSK, WPA2-PSK or WPA2-PSK-MIX in this field.
Page 82: Introduction To Radius
G-3000H User’s Guide 6.13 Introduction to RADIUS RADIUS is based on a client-sever model that supports authentication and accounting, where access point is the client and the server is the RADIUS server. The RADIUS server handles the following tasks among others: •...
Page 83: Configuring Local User Database
G-3000H User’s Guide The following table describes the labels in this screen. Table 26 RADIUS LABEL DESCRIPTION Index Select the RADIUS profile you want to configure from the drop-down list box. Profile Name Type a name for the RADIUS profile associated with the Index number above.
Page 84: Figure 38 Local User Database
G-3000H User’s Guide Figure 38 Local User Database The following table describes the labels in this screen. Table 27 Local User Database LABEL DESCRIPTION Active Select this check box to activate the user profile. User Name Enter the username (up to 31 characters) for this user profile.
Page 85: Multiple Ess, Ssid And Vlan
G-3000H User’s Guide H A P T E R Multiple ESS, SSID and VLAN This chapter describes how to use configure multiple ESS, SSID and VLAN on your ZyAIR. 7.1 Wireless LAN Infrastructures See the Wizard Setup and Wireless LAN chapters for some basic WLAN scenarios and terminology.
Page 86: Multiple Ess Example
G-3000H User’s Guide 7.1.3 Multiple ESS Example Refer to the section on ZyAIR applications for more information. 7.1.4 Multi-ESS with VLAN Example In this example, VLAN 2 is the management VLAN and includes the computers in ESS1 and LAN 1. Computers in ESS2 and LAN 2 belong to VLAN 2. “Wireless group” ESS1is limited to accessing the resources on LAN 1 and similarly “wireless group”...
Page 87: Figure 40 Wireless: Multiple Ess
G-3000H User’s Guide Figure 40 Wireless: Multiple ESS The following table describes the labels in this screen. Table 28 Wireless: Multiple ESS LABEL DESCRIPTION Operating Mode Select MESSID in this field to display the screen as shown Choose Channel ID Set the operating frequency/channel depending on your particular region.
Page 88 G-3000H User’s Guide Table 28 Wireless: Multiple ESS LABEL DESCRIPTION Select SSID Profile The SSID (Service Set IDentity) identifies the Service Set with which a wireless station is associated. Wireless stations associating to the access point (AP) must have the same SSID.
Page 89: Ssid
G-3000H User’s Guide Table 28 Wireless: Multiple ESS LABEL DESCRIPTION Max. Frame Burst Enable Maximum Frame Burst to help eliminate collisions in mixed-mode networks (networks with both IEEE 802.11g and IEEE 802.11b traffic) and enhance the performance of both pure IEEE 802.11g and mixed IEEE 802.11b/g networks.
Page 90: Configuring Ssid
G-3000H User’s Guide Table 29 SSID LABEL DESCRIPTION SSID This field displays the name of the wireless profile on the network. When a wireless client scans for an AP to associate, this is the identity that is broadcast and viewed in the wireless client utility.
Page 91: Second Rx Vlan Id
G-3000H User’s Guide The following table describes the labels in this screen. Table 30 Configuring SSID LABEL DESCRIPTION Name Type a name to identify this SSID profile on the ZyAIR. SSID Type a name to identify this wireless profile on the network. When a wireless client scans for an AP to associate, this is the identity that is broadcast and viewed in the wireless client utility.
Page 92: Figure 43 Second Rx Vlan Id Example
G-3000H User’s Guide Figure 43 Second Rx VLAN ID Example The following steps show you where to setup a Second Rx VLAN ID on the ZyAIR. 1 Click WIRELESS under ADVANCED in your web configurator and the SSID tab. 2 Click Edit in the SSID screen.
Page 93: Other Wireless Configurations
G-3000H User’s Guide H A P T E R Other Wireless Configurations This chapter describes how to configure the Layer-2 Isolation, MAC Filter and Roaming screens on your ZyAIR. 8.1 Layer-2 Isolation Introduction Layer-2 isolation is used to prevent wireless clients associated with your ZyAIR from communicating with other wireless clients, AP’s, computers or routers in a network.
Page 94: Configuring Layer-2 Isolation
G-3000H User’s Guide MAC addresses that are not listed in the Allow devices with these MAC addresses table are blocked from communicating with the ZyAIR’s wireless clients except for broadcast packets. Layer-2 isolation does not check the traffic between wireless clients that are associated with the same AP.
Page 95: Layer-2 Isolation Examples
G-3000H User’s Guide The following table describes the labels in this screen. Table 31 Layer-2 Isolation Configuration LABEL DESCRIPTION Enable Layer-2 Select the Enable Layer-2 Isolation check box to enable layer-2 isolation on the Isolation ZyAIR. When you select the Enable Layer-2 Isolation check box and save this configuration screen, the Enable Intra-BSS Traffic check box in the Wireless configuration screen is cleared.
Page 96: Layer-2 Isolation Example 1
G-3000H User’s Guide 8.2.2 Layer-2 Isolation Example 1 In the following example wireless clients 1 and 2 cannot communicate with C, B or 3. • Select the Enable Layer-2 Isolation check box, but do not configure any MAC addresses in the Allow devices with these MAC addresses table (1 and 2 cannot communicate with each other unless you enable Intra-BSS).
Page 97: Layer-2 Isolation Example 3
G-3000H User’s Guide 8.2.4 Layer-2 Isolation Example 3 In the following example wireless clients 1 and 2 can communicate with B and C but not 3. • Select the Enable Layer-2 Isolation check box. • Configure more than one MAC address. Enter the server and your ZyAIR MAC addresses in the Allow devices with these MAC addresses fields.
Page 98: Configuring Roaming
G-3000H User’s Guide Figure 51 MAC Address Filter The following table describes the labels in this screen. Table 32 MAC Address Filter LABEL DESCRIPTION Filter Action Define the filter action for the list of MAC addresses in the MAC address filter table.
Page 99: Figure 52 Roaming Example
G-3000H User’s Guide The roaming feature on the access points allows the access points to relay information about the wireless stations to each other. When a wireless station moves from a coverage area to another, it scans and uses the channel of a new access point, which then informs the access points on the LAN about the change.
Page 100: Requirements For Roaming
G-3000H User’s Guide 8.4.1 Requirements for Roaming The following requirements must be met in order for wireless stations to roam between the coverage areas. 1 All the access points must be on the same subnet and configured with the same ESSID.
Page 101: Chapter 9 Vlan
G-3000H User’s Guide H A P T E R VLAN This chapter discusses how to configure VLAN on the ZyAIR. 9.1 VLAN A VLAN (Virtual Local Area Network) allows a physical network to be partitioned into multiple logical networks. Stations on a logical network can belong to one or more groups.
Page 102: Figure 54 Vlan
G-3000H User’s Guide Figure 54 VLAN The following table describes the labels in this screen. Table 34 VLAN LABEL DESCRIPTION Enable VLAN Tagging Select this check box to turn on VLAN tagging. Management VLAN ID Enter a number from 1 to 4094 to define this VLAN group. At least one device in your network must belong to this VLAN group in order to manage the ZyAIR.
Page 103: Configuring Management Vlan Example
G-3000H User’s Guide Table 34 VLAN LABEL DESCRIPTION Name Type a name to have the ZyAIR check for specific VLAN attributes on incoming messages from the RADIUS server. Access-accept packets sent by the RADIUS server contain VLAN related attributes. The configured Name field is checked against these attributes.
Page 104: Figure 56 Vlan-Aware Switch - Static Vlan
G-3000H User’s Guide 5 Type a VLAN Group ID. This should be the same as the management VLAN ID on the ZyAIR. 6 Enable Tx Tagging on the port which you want to connect to the ZyAIR. Disable Tx Tagging on the port you are using to connect to your computer.
Page 105: Configuring Microsoft's Ias Server Example
G-3000H User’s Guide 3 Click Apply. VLAN Setup Figure 59 4 The ZyAIR attempts to connect with a VLAN-aware device. You can now access and mange the ZyAIR though the Ethernet switch. Note: If you do not connect the ZyAIR to a correctly configured VLAN-aware device, you will lock yourself out of the ZyAIR.
Page 106: Configuring Vlan Groups
G-3000H User’s Guide 1 When you configure your wireless credentials, the ZyAIR sends the information to the IAS server using RADIUS protocol. 2 Authentication by the RADIUS server is successful. 3 The RADIUS server sends three attributes related to this feature.
Page 107: Configuring Remote Access Policies
G-3000H User’s Guide • The IAS uses group memberships to determine which user accounts belong to which VLAN groups. Click the Add button and configure the VLAN group details. 3 Repeat the previous step to add each VLAN group required.
Page 108: Figure 62 New Remote Access Policy For Vlan Group
G-3000H User’s Guide Figure 62 New Remote Access Policy for VLAN Group 2 The Conditions window displays. Select Add to add a condition for this policy to act on. 3 In the Select Attribute screen, click Windows-Groups and the Add button.
Page 109: Figure 64 Adding Vlan Group
G-3000H User’s Guide Figure 64 Adding VLAN Group 6 When the Permissions options screen displays, select Grant remote access permission. • Click Next to grant access based on group membership. • Click the Edit Profile button. Figure 65 Granting Permissions and User Profile Screens 7 The Edit Dial-in Profile screen displays.
Page 110: Figure 66 Authentication Tab Settings
G-3000H User’s Guide Figure 66 Authentication Tab Settings 8 Click the Encryption tab. Select the Strongest encryption option. This step is not required for EAP-MD5, but is performed as a safeguard. Figure 67 Encryption Tab Settings 9 Click the IP tab and select the Client may request an IP address check box for DHCP support.
Page 111: Figure 68 Connection Attributes Screen
G-3000H User’s Guide Figure 68 Connection Attributes Screen 11The RADIUS Attribute screen displays. From the list, three RADIUS attributes will be added: • Tunnel-Medium-Type • Tunnel-Pvt-Group-ID • Tunnel-Type • Click the Add button • Select Tunnel-Medium-Type • Click the Add button.
Page 112: Figure 70 802 Attribute Setting For Tunnel-Medium-Type
G-3000H User’s Guide 12 The Enumerable Attribute Information screen displays. Select the 802 value from the Attribute value drop-down list box. • Click OK. Figure 70 802 Attribute Setting for Tunnel-Medium-Type 13Return to the RADIUS Attribute Screen shown as Figure 69 on page 111.
Page 113: Figure 72 Vlan Attribute Setting For Tunnel-Type
G-3000H User’s Guide 16The Enumerable Attribute Information screen displays. • Select Virtual LANs (VLAN) from the attribute value drop-down list box. • Click OK. Figure 72 VLAN Attribute Setting for Tunnel-Type 17Return to the RADIUS Attribute Screen shown as Figure 69 on page 111.
Page 114 G-3000H User’s Guide Chapter 9 VLAN...
Page 115: Chapter 10 Ip Screen
G-3000H User’s Guide H A P T E R IP Screen This chapter discusses how to configure IP on the ZyAIR 10.1 Factory Ethernet Defaults The Ethernet parameters of the ZyAIR are preset in the factory with the following values: 1 IP address of 192.168.1.2...
Page 116: Configuring Ip
G-3000H User’s Guide Note: Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space.
Page 117: Chapter 11 Certificates
G-3000H User’s Guide H A P T E R Certificates This chapter gives background information about public-key certificates and explains how to use them. 11.1 Certificates Overview The ZyAIR can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs.
Page 118: Advantages Of Certificates
G-3000H User’s Guide 11.1.1 Advantages of Certificates Certificates offer the following benefits. • The ZyAIR only has to store the certificates of the certification authorities that you decide to trust, no matter how many devices you need to authenticate. • Key distribution is simple and very secure since you can freely distribute public keys and you never need to transmit private keys.
Page 119: Figure 75 My Certificates
G-3000H User’s Guide Figure 75 My Certificates The following table describes the labels in this screen. Table 38 My Certificates LABEL DESCRIPTION PKI Storage This bar displays the percentage of the ZyAIR’s PKI storage space that is currently Space in Use in use.
Page 120: Certificate File Formats
G-3000H User’s Guide Table 38 My Certificates (continued) LABEL DESCRIPTION Issuer This field displays identifying information about the certificate’s issuing certification authority, such as a common name, organizational unit or department, organization or company and country. With self-signed certificates, this is the same information as in the Subject field.
Page 121: Importing A Certificate
G-3000H User’s Guide • PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses 64 ASCII characters to convert a binary PKCS#7 certificate into a printable form. 11.6 Importing a Certificate Click CERTIFICATES, My Certificates and then Import to open the My Certificate Import screen.
Page 122: Creating A Certificate
G-3000H User’s Guide 11.7 Creating a Certificate Click CERTIFICATES, My Certificates and then Create to open the My Certificate Create screen. Use this screen to have the ZyAIR create a self-signed certificate, enroll a certificate with a certification authority or generate a certification request, see the following figure.
Page 123 G-3000H User’s Guide Table 40 My Certificate Create (continued) LABEL DESCRIPTION Organizational Unit Type up to 127 characters to identify the organizational unit or department to which the certificate owner belongs. You may use any character, including spaces, but the ZyAIR drops trailing spaces.
Page 124: My Certificate Details
G-3000H User’s Guide Table 40 My Certificate Create (continued) LABEL DESCRIPTION Type the key that the certification authority gave you. Apply Click Apply to begin certificate or certification request generation. Cancel Click Cancel to quit and return to the My Certificates screen.
Page 125: Figure 78 My Certificate Details
G-3000H User’s Guide Figure 78 My Certificate Details The following table describes the labels in this screen. Table 41 My Certificate Details LABEL DESCRIPTION Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this certificate. You may use any character (not including spaces).
Page 126 G-3000H User’s Guide Table 41 My Certificate Details (continued) LABEL DESCRIPTION Certificate Path Click the Refresh button to have this read-only text box display the hierarchy of certification authorities that validate the certificate (and the certificate itself). If the issuing certification authority is one that you have imported as a trusted certification authority, it may be the only certification authority in the list (along with the certificate itself).
Page 127: Trusted Cas
G-3000H User’s Guide Table 41 My Certificate Details (continued) LABEL DESCRIPTION SHA1 Fingerprint This is the certificate’s message digest that the ZyAIR calculated using the SHA1 algorithm. Certificate in PEM This read-only text box displays the certificate or certification request in Privacy (Base-64) Encoded Enhanced Mail (PEM) format.
Page 128: Figure 79 Trusted Cas
G-3000H User’s Guide Figure 79 Trusted CAs The following table describes the labels in this screen. Table 42 Trusted CAs LABEL DESCRIPTION PKI Storage This bar displays the percentage of the ZyAIR’s PKI storage space that is currently Space in Use in use.
Page 129: Importing A Trusted Ca's Certificate
G-3000H User’s Guide Table 42 Trusted CAs (continued) LABEL DESCRIPTION Delete Click Delete to delete an existing certificate. A window display asking you to confirm that you want to delete the certificate. Note that subsequent certificates move up by one when you take this action.
Page 130: Trusted Ca Certificate Details
G-3000H User’s Guide 11.11 Trusted CA Certificate Details Click CERTIFICATES, Trusted CAs to open the Trusted CAs screen. Click the details icon to open the Trusted CA Details screen. Use this screen to view in-depth information about the certification authority’s certificate, change the certificate’s name and set whether or not you want the ZyAIR to check a certification authority’s list of revoked certificates before...
Page 131: Figure 81 Trusted Ca Details
G-3000H User’s Guide Figure 81 Trusted CA Details The following table describes the labels in this screen. Table 44 Trusted CA Details LABEL DESCRIPTION Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this key certificate. You may use any character (not including spaces).
Page 132 G-3000H User’s Guide Table 44 Trusted CA Details (continued) LABEL DESCRIPTION Certificate Path Click the Refresh button to have this read-only text box display the end entity’s certificate and a list of certification authority certificates that shows the hierarchy of certification authorities that validate the end entity’s certificate. If the issuing...
Page 133 G-3000H User’s Guide Table 44 Trusted CA Details (continued) LABEL DESCRIPTION CRL Distribution This field displays how many directory servers with Lists of revoked certificates Points the issuing certification authority of this certificate makes available. This field also displays the domain names or IP addresses of the servers.
Page 134 G-3000H User’s Guide Chapter 11 Certificates...
Page 135: Remote Management Screens
G-3000H User’s Guide H A P T E R Remote Management Screens This chapter provides information on the Remote Management screens. 12.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which ZyAIR interface (if any) from which computers.
Page 136: Remote Management And Nat
G-3000H User’s Guide 12.1.2 Remote Management and NAT When NAT is enabled: • Use the ZyAIR’s WAN IP address when configuring from the WAN. • Use the ZyAIR’s LAN IP address when configuring from the LAN. 12.1.3 System Timeout There is a default system management idle timeout of five minutes (three hundred seconds).
Page 137: Figure 82 Remote Management: Www
G-3000H User’s Guide Figure 82 Remote Management: WWW The following table describes the labels in this screen. Table 45 Remote Management: WWW LABEL DESCRIPTION HTTPS Server Certificate Select the Server Certificate that the ZyAIR will use to identify itself. The ZyAIR is the SSL server and must always authenticate itself to the SSL client (the computer which requests the HTTPS connection with the ZyAIR).
Page 138: Configuring Telnet
G-3000H User’s Guide Table 45 Remote Management: WWW LABEL DESCRIPTION Server Access Select the interface(s) through which a computer may access the ZyAIR using this service. Secured Client IP A secured client is a “trusted” computer that is allowed to communicate with the Address ZyAIR using this service.
Page 139: Configuring Ftp
G-3000H User’s Guide Figure 84 Remote Management: Telnet The following table describes the labels in this screen. Table 46 Remote Management: Telnet LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
Page 140: Snmp
G-3000H User’s Guide Figure 85 Remote Management: FTP The following table describes the labels in this screen. Table 47 Remote Management: FTP LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
Page 141: Figure 86 Snmp Management Model
G-3000H User’s Guide Figure 86 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the ZyAIR). An agent translates the local management information from the managed device into a form compatible with SNMP.
Page 142: Supported Mibs
G-3000H User’s Guide 12.6.1 Supported MIBs The ZyAIR supports MIB II that is defined in RFC-1213 and RFC-1215 as well as the proprietary ZyXEL private MIB. The purpose of the MIBs is to let administrators collect statistical data and monitor status and performance.
Page 143: Snmp Traps
G-3000H User’s Guide Table 48 SNMP Traps OBJECT IDENTIFIER # TRAP NAME DESCRIPTION (OID) pwWlanStaAuthFail 1.3.6.1.4.1.890.1.9.2.3.2.1 This trap is sent when a wireless client has failed to connect to the AP. The MAC address of the wireless client, the ESSID and the reason are listed.
Page 144: Figure 87 Remote Management: Snmp
G-3000H User’s Guide Figure 87 Remote Management: SNMP The following table describes the labels in this screen. Table 50 Remote Management: SNMP LABEL DESCRIPTION SNMP Configuration Get Community Enter the Get Community, which is the password for the incoming Get and GetNext requests from the management station.
Page 145: Chapter 13 Log Screens
G-3000H User’s Guide H A P T E R Log Screens This chapter contains information about configuring general log settings and viewing the ZyAIR’s logs. Refer to the appendix for example log message explanations. 13.1 Configuring View Log The web configurator allows you to look at all of the ZyAIR’s logs in one location.
Page 146: Configuring Log Settings
G-3000H User’s Guide Table 51 View Log LABEL DESCRIPTION Notes This field displays additional information about the log entry. Email Log Now Click Email Log Now to send the log screen to the e-mail address specified in the Log Settings page.
Page 147: Figure 89 Log Settings
G-3000H User’s Guide Figure 89 Log Settings The following table describes the labels in this screen. Table 52 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
Page 148 G-3000H User’s Guide Table 52 Log Settings LABEL DESCRIPTION Log Schedule This drop-down menu is used to configure the frequency of log messages being sent as E-mail: • Daily • Weekly • Hourly • When Log is Full • None.
Page 149: Chapter 14 Maintenance
G-3000H User’s Guide H A P T E R Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 14.1 Maintenance Overview The maintenance screens can help you view system information, upload new firmware, manage configuration and restart your ZyAIR.
Page 150: System Statistics
G-3000H User’s Guide 14.2.1 System Statistics Read-only information here includes port status, packet specific statistics and bridge link status. Also provided are "system up time" and "poll interval(s)". The Poll Interval field is configurable. Figure 91 System Status: Show Statistics The following table describes the labels in this screen.
Page 151: Association List
G-3000H User’s Guide Table 54 System Status: Show Statistics LABEL DESCRIPTION TxPkts This is the number of transmitted packets on the wireless bridge. RxPkts This is the number of received packets on the wireless bridge. System Up Time This is the total time the ZyAIR has been on.
Page 152: Channel Usage
G-3000H User’s Guide Table 55 Association List LABEL DESCRIPTION Privacy This field displays whether traffic on the WDS is encrypted or not. Refresh Click Refresh to reload the screen. 14.4 Channel Usage The Channel Usage screen shows whether a channel is used by another wireless network or not.
Page 153: Figure 93 Channel Usage
G-3000H User’s Guide Figure 93 Channel Usage The following table describes the labels in this screen. Table 56 Channel Usage LABEL DESCRIPTION SSID This is the Service Set IDentification name of the AP in an Infrastructure wireless network or wireless station in an Ad-Hoc wireless network. For our...
Page 154: F/W Upload Screen
G-3000H User’s Guide Table 56 Channel Usage LABEL DESCRIPTION Network Mode “Network mode” in this screen refers to your wireless LAN infrastructure (refer to the Wireless LAN chapter) and WEP setup. Network modes are: Infrastructure (same as an extended service set ESS)), Infrastructure with WEP (WEP encryption is enabled), Ad-Hoc (same as an independent basic service set IBSS)), or Ad-Hoc with WEP.
Page 155: Figure 95 Firmware Upload In Process
G-3000H User’s Guide After you see the Firmware Upload in Process screen, wait two minutes before logging into the ZyAIR again. Figure 95 Firmware Upload In Process The ZyAIR automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop.
Page 156: Configuration Screen
G-3000H User’s Guide Figure 97 Firmware Upload Error 14.6 Configuration Screen See the Firmware and Configuration File Maintenance chapter for transferring configuration files using FTP/TFTP commands. Click MAINTENANCE, and then the Configuration tab. Information related to factory defaults, backup configuration, and restoring configuration appears as shown next.
Page 157: Restore Configuration
G-3000H User’s Guide Click Backup to save the ZyAIR’s current configuration to your computer. 14.6.2 Restore Configuration Restore configuration allows you to upload a new or previously saved configuration file from your computer to your ZyAIR. Table 58 Restore Configuration...
Page 158: Back To Factory Defaults
G-3000H User’s Guide Figure 101 Configuration Upload Error 14.6.3 Back to Factory Defaults Pressing the Reset button in this section clears all user-entered configuration information and returns the ZyAIR to its factory defaults as shown on the screen. The following warning screen will appear.
Page 159: Chapter 15 Introducing The Smt
G-3000H User’s Guide H A P T E R Introducing the SMT This chapter describes how to access the SMT and provides an overview of its menus 15.1 Connect to your ZyAIR Using Telnet The following procedure details how to telnet into your ZyAIR.
Page 160: Zyair Smt Menu Overview Example
G-3000H User’s Guide Figure 105 Menu 23.1 System Security: Change Password Menu 23.1 – System Security – Change Password Old Password= **** New Password= ? Retype to confirm= ? Enter here to CONFIRM or ESC to CANCEL: 4 Type your new system password in the New Password field (up to 30 characters), and press [ENTER].
Page 161: Navigating The Smt Interface
G-3000H User’s Guide Table 59 SMT Menus Overview (continued) MENUS SUB MENUS 24 System Maintenance 24.1 System Status 24.2 System Information and 24.2.1 System Information Console Port Speed 24.2.2 Console Port Speed 24.3 Log and Trace 24.3.2 Syslog Logging 24.3.4 Call-Triggering Packet 24.4 Diagnostic...
Page 162: System Management Terminal Interface Summary
SMT interface. After you enter the password, the SMT displays the main menu, as shown next. Figure 106 G-3000H SMT Main Menu Copyright (c) 1994 - 2005 ZyXEL Communications Corp. ZyAIR G-3000H Main Menu Getting Started Advanced Management 1.
Page 163 G-3000H User’s Guide Table 61 Main Menu Summary MENU TITLE DESCRIPTION System Maintenance This menu provides system status, diagnostics, software upload, etc. Exit Use this to exit from SMT and return to a blank screen. Chapter 15 Introducing the SMT...
Page 164 G-3000H User’s Guide Chapter 15 Introducing the SMT...
Page 165: Chapter 16 General Setup
G-3000H User’s Guide H A P T E R General Setup The chapter shows you the information on general setup. 16.1 General Setup Menu 1 – General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. It is recommended you type your computer's "Computer name".
Page 166 G-3000H User’s Guide Table 62 Menu 1 General Setup FIELD DESCRIPTION First/Second/Third Press [SPACE BAR] to select From DHCP, User Defined or None and press System DNS Server [ENTER]. These fields are not available on all models. IP Address Enter the IP addresses of the DNS servers. This field is available when you select User-Defined in the field above.
Page 167: Chapter 17 Lan Setup
G-3000H User’s Guide H A P T E R LAN Setup This chapter shows you how to configure the LAN on your ZyAIR. 17.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 – LAN Setup. From the main menu, enter 3 to display menu 3.
Page 168: Wireless Lan Setup
G-3000H User’s Guide Figure 109 Menu 3.2 TCP/IP Setup Menu 3.2 - TCP/IP Setup IP Address Assignment= Static IP Address= 192.168.1.2 IP Subnet Mask= 255.255.255.0 Gateway IP Address= 0.0.0.0 Follow the instructions in the following table on how to configure the fields in this menu.
Page 169: Figure 110 Menu 3.5 Wireless Lan Setup
G-3000H User’s Guide Figure 110 Menu 3.5 Wireless LAN Setup Menu 3.5 - Wireless LAN Setup Edit MAC Address Filter= N/A Operating Mode= Bridge / Repeater Edit Roaming Configuration= N/A Edit SSID Profile= N/A Hide Name (SSID)= N/A Select SSID Profile= N/A...
Page 170: Configuring Mac Address Filter
G-3000H User’s Guide Table 64 Menu 3.5 Wireless LAN Setup FIELD DESCRIPTION Edit SSID Profile Use [SPACE BAR] to choose Yes and press [ENTER] to go to Menu 3.5.6 - SSID Profile Edit. This field is only available when you select MESSID in the Operating Mode field.
Page 171: Figure 111 Menu 3.5 Wireless Lan Setup
G-3000H User’s Guide Figure 111 Menu 3.5 Wireless LAN Setup Menu 3.5 - Wireless LAN Setup Edit MAC Address Filter= Yes Operating Mode= Access Point Edit Roaming Configuration= No Edit SSID Profile= N/A Hide Name (SSID)= No Select SSID Profile= SSID01...
Page 172: Configuring Roaming
G-3000H User’s Guide The following table describes the fields in this menu. Table 65 Menu 3.5.1 WLAN MAC Address Filter FIELD DESCRIPTION Active To enable MAC address filtering, press [SPACE BAR] to select Yes and press [ENTER]. Filter Action Define the filter action for the list of MAC addresses in the MAC address filter table.
Page 173: Figure 113 Menu 3.5 Wireless Lan Setup
G-3000H User’s Guide Figure 113 Menu 3.5 Wireless LAN Setup Menu 3.5 - Wireless LAN Setup Edit MAC Address Filter= No Operating Mode= MESSID Edit Roaming Configuration= Yes Edit SSID Profile= No Hide Name (SSID)= No Select SSID Profile= N/A...
Page 174: Configuring Ssid Profiles
G-3000H User’s Guide 17.3.3 Configuring SSID Profiles Follow the steps below to configure SSID profiles on your ZyAIR. 1 From the main menu, enter 3 to open Menu 3 – LAN Setup. 2 Enter 5 to display Menu 3.5 – Wireless LAN Setup.
Page 175: Configuring Bridge Link
G-3000H User’s Guide Figure 116 Menu 3.5.6 - SSID Profile Edit Menu 3.5.6 - SSID Profile Edit 1 SSID03 5 SSID01 Active= Yes Active= No 2 SSID01 6 SSID01 Active= No Active= No 3 SSID01 7 SSID01 Active= No Active= No...
Page 176: Figure 117 Menu 3.5 Wireless Lan Setup
G-3000H User’s Guide Figure 117 Menu 3.5 Wireless LAN Setup Menu 3.5 - Wireless LAN Setup Edit MAC Address Filter= N/A Operating Mode= Bridge / Repeater Edit Roaming Configuration= N/A Edit SSID Profile= N/A Hide Name (SSID)= N/A Select SSID Profile= N/A...
Page 177: Configuring Layer-2 Isolation
G-3000H User’s Guide Figure 118 Menu 3.5.4 Bridge Link Configuration Menu 3.5.4 - Bridge Link Configuration Enable Link 1= Yes Peer MAC Address= 0b:16:21:2c:37:45 PSK= ******** Enable Link 2= No Peer MAC Address= 00:0b:16:2c:37:3d PSK= ******** Enable Link 3= Yes...
Page 178: Figure 119 Menu 3.5 Wireless Lan Setup
G-3000H User’s Guide Figure 119 Menu 3.5 Wireless LAN Setup Menu 3.5 - Wireless LAN Setup Edit MAC Address Filter= No Operating Mode= MESSID Edit Roaming Configuration= No Edit SSID Profile= No Hide Name (SSID)= No Select SSID Profile= N/A...
Page 179: Table 69 Menu 3.5.5 Layer-2 Isolation
G-3000H User’s Guide The following table describes the fields in this menu. Table 69 Menu 3.5.5 Layer-2 Isolation FIELD DESCRIPTION Allow devices with These are the MAC address of a wireless client, AP, computer or router. A these MAC wireless client associated with the ZyAIR can communicate with another...
Page 180 G-3000H User’s Guide Chapter 17 LAN Setup...
Page 181: Chapter 18 Dial-In User Setup
G-3000H User’s Guide H A P T E R Dial-in User Setup This chapter shows you how to create user accounts on the ZyAIR. 18.1 Dial-in User Setup By storing user profiles locally, your ZyAIR is able to authenticate wireless users without interacting with a network RADIUS server.
Page 182: Figure 122 Menu 14.1- Edit Dial-In User
G-3000H User’s Guide Figure 122 Menu 14.1- Edit Dial-in User Menu 14.1 - Edit Dial-in User User Name= test Active= Yes Password= ******** Press ENTER to Confirm or ESC to Cancel: Leave name field blank to delete profile The following table describes the fields in this screen.
Page 183: Chapter 19 Vlan Setup
G-3000H User’s Guide H A P T E R VLAN Setup This chapter explains VLAN Setup menu 16. Refer to the Multiple-ESS and VLAN chapter for background information on VLAN. 19.1 VLAN Setup To setup VLAN, select option 16 from the main menu to open Menu 16 – VLAN Setup as shown next.
Page 184 G-3000H User’s Guide Table 71 Menu 16 VLAN Setup FIELD DESCRIPTION Active To enable a VLAN mapping profile, press [SPACE BAR] to select Yes and press [ENTER]. Press [SPACE BAR] to select a VLAN ID or enter one from 1 to 4094.
Page 185: Chapter 20 Snmp Configuration
G-3000H User’s Guide H A P T E R SNMP Configuration This chapter explains SNMP Configuration menu 22. See the web configurator chapter on SNMP for background information. 20.1 SNMP Configuration To configure SNMP, select option 22 from the main menu to open Menu 22 – SNMP Configuration as shown next.
Page 186 G-3000H User’s Guide Table 72 Menu 22 SNMP Configuration FIELD DESCRIPTION Destination Type the IP address of the station to send your SNMP traps to. When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel”...
Page 187: Chapter 21 System Security
G-3000H User’s Guide H A P T E R System Security This chapter describes how to configure the system security on the ZyAIR. 21.1 System Security You can configure the system password, an external RADIUS server and 802.1x in this menu.
Page 188: Figure 126 Menu 23 - System Security
G-3000H User’s Guide Figure 126 Menu 23 - System Security Menu 23 - System Security 1. Change Password 5. Security Profile Edit Enter Menu Selection Number: From Menu 23 - System Security, enter 5 to display Menu 23.5 – Security Profile Edit as shown next.
Page 189: System Information And Diagnosis
G-3000H User’s Guide H A P T E R System Information and Diagnosis This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software.
Page 190: Figure 129 Menu 24.1 System Maintenance: Status
This is the time the ZyAIR is up and running from the last reboot. ZyNOS F/W Version Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. Name This displays the device name.
Page 191: System Information
G-3000H User’s Guide 22.2 System Information To get to the System Information: 1 Enter 24 to display Menu 24 – System Maintenance. 2 Enter 2 to display Menu 24.2 – System Information and Console Port Speed. 3 From this menu you have two choices as shown in the next figure: Figure 130 Menu 24.2 System Information and Console Port Speed...
Page 192: Console Port Speed
Table 74 Menu 24.2.1 System Maintenance: Information FIELD DESCRIPTION ZyNOS F/W Version Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. Country Code Refers to the country code of the firmware. Ethernet Address Refers to the Ethernet MAC (Media Access Control) of your ZyAIR.
Page 193: Diagnostic
G-3000H User’s Guide Figure 133 Menu 24.3 System Maintenance: Log and Trace Menu 24.3 - System Maintenance - Log and Trace 1. View Error Log Please enter selection: 3 Enter 1 from Menu 24.3 – System Maintenance – Log and Trace and press [ENTER] twice to display the error log in the system.
Page 194: Table 75 Menu 24.4 System Maintenance Menu: Diagnostic
G-3000H User’s Guide 1 From the main menu, type 24 to open Menu 24 – System Maintenance. 2 From this menu, type 4. Diagnostic to open Menu 24.4 – System Maintenance – Diagnostic. The following table describes the diagnostic tests available in menu 24.4 for your ZyAIR and the connections.
Page 195: Firmware And Configuration File Maintenance
G-3000H User’s Guide H A P T E R Firmware and Configuration File Maintenance This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files using the SMT screens. 23.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password and TCP/IP Setup, etc.
Page 196: Backup Configuration
G-3000H User’s Guide The following table is a summary. Please note that the internal filename refers to the filename on the ZyAIR and the external filename refers to the filename not on the ZyAIR, that is, on your computer, local network or FTP site and so the name (but not the extension) will vary.
Page 197: Using The Ftp Command From The Dos Prompt
G-3000H User’s Guide Figure 136 Menu 24.5 Backup Configuration Menu 24.5 – Backup Configuration To transfer the configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your router. Then type "root" and SMT password as requested.
Page 198: Backup Configuration Using Tftp
G-3000H User’s Guide Figure 137 FTP Session Example 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 327680 bytes sent in 1.10Seconds...
Page 199: Example: Tftp Command
G-3000H User’s Guide 3 Enter command “sys stdio 0” to disable the SMT timeout, so the TFTP transfer will not be interrupted. Enter command “sys stdio 5” to restore the five-minute SMT timeout (default) when the file transfer is complete.
Page 200: Restore Configuration
G-3000H User’s Guide Figure 138 System Maintenance: Backup Configuration Ready to backup Configuration via Xmodem. Do you want to continue (y/n): 2 The following screen indicates that the Xmodem download has started. Figure 139 System Maintenance: Starting Xmodem Download Screen You can enter ctrl-x to terminate operation any time.
Page 201: Restore Using Ftp
G-3000H User’s Guide 23.3.1 Restore Using FTP For details about backup using (T)FTP please refer to earlier sections on FTP and TFTP file upload in this chapter. Figure 142 Menu 24.6 Restore Configuration Menu 24.6 – Restore Configuration To transfer the firmware and the configuration file, follow the procedure below: 1.
Page 202: Firmware Upload
G-3000H User’s Guide 23.4.1 Firmware Upload FTP is the preferred method for uploading the firmware and configuration. To use this feature, your computer must have an FTP client. When you telnet into the ZyAIR, you will see the following screens for uploading firmware and the configuration file using FTP.
Page 203: Using The Ftp Command From The Dos Prompt Example
G-3000H User’s Guide To transfer the firmware and the configuration file, follow these examples: 23.4.3 Using the FTP command from the DOS Prompt Example 1 Launch the FTP client on your computer. 2 Enter “open” and the IP address of your ZyAIR.
Page 204: Example: Tftp Command
G-3000H User’s Guide 2 Put the SMT in command interpreter (CI) mode by entering 8 in Menu 24 – System Maintenance. 3 Enter the command “sys stdio 0” to disable the SMT timeout, so the TFTP transfer will not be interrupted. Enter command “sys stdio 5” to restore the five-minute SMT timeout (default) when the file transfer is complete.
Page 205: Example Xmodem Firmware Upload Using Hyperterminal
G-3000H User’s Guide Figure 147 Menu 24.7.1 as seen using the Console Port Menu 24.7.1 - System Maintenance - Upload System Firmware To upload system firmware: 1. Enter "y" at the prompt below to go into debug mode. 2. Enter "atur" after "Enter Debug Mode" message.
Page 206: Example Xmodem Configuration Upload Using Hyperterminal
G-3000H User’s Guide Figure 149 Menu 24.7.2 as seen using the Console Port Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload system configuration file: 1. Enter "y" at the prompt below to go into debug mode.
Page 207: System Maintenance And Information
G-3000H User’s Guide H A P T E R System Maintenance and Information This chapter leads you through SMT menus 24.8 and 24.10. 24.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the main system firmware. The CI provides much of the same functionality as the SMT, while adding some low-level setup and diagnostic functions.
Page 208: Cnm
Upload Firmware Command Interpreter Mode 10. Time and Date Setting 11. Remote Management Setup Enter Menu Selection Number: Figure 152 Valid CI Commands Copyright (c) 1994 - 2005 ZyXEL Communications Corp. G-3000H> ? Valid commands are: exit ether wlan bridge...
Page 209: Figure 153 Cnm Cl
G-3000H User’s Guide Figure 153 CNM CL G-3000H>cnm active sgid managerIp debug reset simulate encrykey encrymode G-3000H> The following table describes the commands in this screen. All commands begin with “cnm” so for example, type “cnm active 1” to enable Vantage CNM on your device.
Page 210 G-3000H User’s Guide Table 79 CNM Commands COMMAND SUB COMMAND DESCRIPTION This command displays the public IP address of the managerIp Vantage CNM server. If the Vantage server is on the same subnet as the ZyXEL device, enter the private or public IP address of the Vantage CNM server.
Page 211: Configuration Example
G-3000H User’s Guide Table 79 CNM Commands COMMAND SUB COMMAND DESCRIPTION This command is used to encrypt communications encrymode between the ZyXEL device and the Vantage CNM server. Use this command to set the encryption mode. <0:NONE Type 0 to have no encryption, type 1 to have the ZyXEL...
Page 212: Time And Date Setting
G-3000H> G-3000H> cnm active cnm active 0 <0:Disable 1:Enable CNM via WAN 2:Enable CNM via WAN or LAN> Last Register Time: 0-0-0 0:0:0 G-3000H> cnm active 1 cnm active 1 G-3000H> G-3000H> cnm managerIp managerIp 0.0.0.0 G-3000H> cnm managerIp 10.1.1.1 managerIp 10.1.1.1...
Page 213: Figure 155 Menu 24.10 System Maintenance: Time And Date Setting
G-3000H User’s Guide time manually or get the current time and date from an external server when you turn on your ZyAIR. Menu 24.10 allows you to update the time and date settings of your ZyAIR. The real time is then displayed in the ZyAIR error logs.
Page 214: Resetting The Time
G-3000H User’s Guide Table 80 System Maintenance: Time and Date Setting FIELD DESCRIPTION End Date If using daylight savings time, enter the month and day that it ends on Once you have filled in this menu, press [ENTER] at the message “Press ENTER to Confirm or ESC to Cancel“...
Page 215: Web
G-3000H User’s Guide 24.3.3 Web You can use the ZyAIR’s embedded web configurator for configuration and file management. See the online help for details. 24.3.4 Remote Management Setup Remote management setup is for managing Telnet, FTP and Web services. You can customize the service port, access interface and the secured client IP address to enhance security and flexibility.
Page 216: Figure 157 Menu 24.11 Remote Management Control
G-3000H User’s Guide Figure 157 Menu 24.11 Remote Management Control Menu 24.11 - Remote Management Control TELNET Server: Port = 23 Access = ALL Secure Client IP = 0.0.0.0 FTP Server: Port = 21 Access = ALL Secure Client IP = 0.0.0.0...
Page 217: Remote Management Limitations
G-3000H User’s Guide 24.3.5 Remote Management Limitations Remote management over LAN or WAN will not work when: 1 A filter in menu 3.1 (LAN) or in menu 11.5 (WAN) is applied to block a Telnet, FTP or Web service. 2 You have disabled that service in menu 24.11.
Page 218 G-3000H User’s Guide Chapter 24 System Maintenance and Information...
Page 219: Appendix A Troubleshooting
G-3000H User’s Guide Appendix A Troubleshooting This appendix covers potential problems and possible remedies. After each problem description, some instructions are provided to help you to diagnose and to solve the problem. Problems Starting Up the ZyAIR Table 83 Troubleshooting the Start-Up of Your ZyAIR...
Page 220: Table 85 Troubleshooting The Password
G-3000H User’s Guide Problems with the Password Table 85 Troubleshooting the Password PROBLEM CORRECTIVE ACTION I cannot access the The Password and Username fields are case-sensitive. Make sure that you enter the correct ZyAIR. password and username using the proper casing.
Page 221: Appendix B Specifications
G-3000H User’s Guide Appendix B Specifications Hardware Table 88 Hardware Power Specification DC 12V 1200mA Operation Temperature 5º C ~ 50º C Storage Temperature -20º C ~ 55º C Operation Humidity 10% to 90% (Non-condensing) Storage Humidity 5% to 95% (Non-condensing)
Page 222 G-3000H User’s Guide Table 89 Firmware (continued) Diagnostics Capabilities The access point can perform self-diagnostic tests. These tests check the integrity of the following circuits: FLASH memory. DRAM. Wireless port. Syslog. Errorlog. Trace log. Packet Log. Management Embedded Web Configurator management.
Page 223: Power Over Ethernet (Poe) Specifications
G-3000H User’s Guide Appendix C Power over Ethernet (PoE) Specifications You can use a power over Ethernet injector to power this device. The injector must comply to IEEE 802.3af.-7 Table 90 Power over Ethernet Injector Specifications Power Output 15.4 Watts maximum...
Page 224 G-3000H User’s Guide Appendix C Power over Ethernet (PoE) Specifications...
Page 225: Brute-Force Password Guessing Protection
G-3000H User’s Guide Appendix D Brute-Force Password Guessing Protection The following describes the commands for enabling, disabling and configuring the brute-force password guessing protection mechanism for the password. See Appendix I for information on the command structure. Table 92 Brute-Force Password Guessing Protection Commands...
Page 226 G-3000H User’s Guide Appendix D Brute-Force Password Guessing Protection...
Page 227: Setting Up Your Computer's Ip Address
G-3000H User’s Guide Appendix E Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer.
Page 228: Figure 158 Windows 95/98/Me: Network: Configuration
G-3000H User’s Guide Figure 158 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
Page 229: Figure 159 Windows 95/98/Me: Tcp/Ip Properties: Ip Address
G-3000H User’s Guide 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab.
Page 230: Figure 160 Windows 95/98/Me: Tcp/Ip Properties: Dns Configuration
G-3000H User’s Guide Figure 160 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add.
Page 231: Figure 161 Windows Xp: Start Menu
G-3000H User’s Guide Figure 161 Windows XP: Start Menu 2 For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Figure 162 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. Appendix E Setting up Your Computer’s IP Address...
Page 232: Figure 163 Windows Xp: Control Panel: Network Connections: Properties
G-3000H User’s Guide Figure 163 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. Figure 164 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Page 233: Figure 165 Windows Xp: Advanced Tcp/Ip Settings
G-3000H User’s Guide • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. Click Advanced. Figure 165 Windows XP: Advanced TCP/IP Settings 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK.
Page 234: Figure 166 Windows Xp: Internet Protocol (Tcp/Ip) Properties
G-3000H User’s Guide • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
Page 235: Figure 167 Macintosh Os 8/9: Apple Menu
G-3000H User’s Guide Figure 167 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 168 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. Appendix E Setting up Your Computer’s IP Address...
Page 236: Figure 169 Macintosh Os X: Apple Menu
G-3000H User’s Guide 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyAIR in the Router address box.
Page 237: Figure 170 Macintosh Os X: Network
G-3000H User’s Guide Figure 170 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box.
Page 238 G-3000H User’s Guide Appendix E Setting up Your Computer’s IP Address...
Page 239: Ip Address Assignment Conflicts
G-3000H User’s Guide Appendix F IP Address Assignment Conflicts This appendix describes situations where IP address conflicts may occur. Subscribers with duplicate IP addresses will not be able to access the Internet. Case A: The ZyAIR is using the same LAN and WAN IP...
Page 240: Figure 172 Ip Address Conflicts: Case B
G-3000H User’s Guide Figure 172 IP Address Conflicts: Case B To solve this problem, make sure the ZyAIR LAN IP address is not in the DHCP IP address pool. Case C: The Subscriber IP address is the same as the IP...
Page 241: Figure 174 Ip Address Conflicts: Case D
G-3000H User’s Guide Figure 174 IP Address Conflicts: Case D This problem can be solved by adding a VLAN-enabled switch or set the computers to obtain IP addresses dynamically. Appendix F IP Address Assignment Conflicts...
Page 242 G-3000H User’s Guide Appendix F IP Address Assignment Conflicts...
Page 243: Appendix G Wireless Lans
G-3000H User’s Guide Appendix G Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an Ad-hoc network or Independent Basic Service Set (IBSS).
Page 244: Figure 176 Basic Service Set
G-3000H User’s Guide Figure 176 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS).
Page 245: Figure 177 Infrastructure Wlan
G-3000H User’s Guide Figure 177 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference.
Page 246: Figure 178 Rts/Cts
G-3000H User’s Guide Figure 178 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
Page 247: Table 93 Ieee 802.11B
G-3000H User’s Guide A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.
Page 248 G-3000H User’s Guide IEEE 802.1x In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional accounting and control features. It is supported by Windows XP and a number of network devices. Some advantages of IEEE 802.1x are:...
Page 249 G-3000H User’s Guide • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access- Request message. The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting: •...
Page 250 G-3000H User’s Guide EAP-TLS (Transport Layer Security) With EAP-TLS, digital certifications are needed by both the server and the wireless stations for mutual authentication. The server presents a certificate to the client. After validating the identity of the server, the client sends a different certificate to the server. The exchange of certificates is done in the open before a secured tunnel is created.
Page 251: Table 94 Comparison Of Eap Authentication Types
G-3000H User’s Guide The following table is a comparison of the features of authentication types. Table 94 Comparison of EAP Authentication Types EAP-MD5 EAP-TLS EAP-TTLS PEAP LEAP Mutual Authentication Certificate – Client Optional Optional Certificate – Server Dynamic Key Exchange...
Page 252: Table 95 Wireless Security Relational Matrix
G-3000H User’s Guide The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has been tampered with and the packet is dropped.
Page 253 G-3000H User’s Guide Table 95 Wireless Security Relational Matrix (continued) AUTHENTICATION ENCRYPTION ENTER METHOD/ KEY ENABLE IEEE 802.1X METHOD MANUAL KEY MANAGEMENT PROTOCOL Shared Enable with Dynamic WEP Key Enable without Dynamic WEP Key Disable TKIP WPA-PSK WPA-PSK TKIP Appendix G Wireless LANs...
Page 254 G-3000H User’s Guide Appendix G Wireless LANs...
Page 255: Ip Subnetting
G-3000H User’s Guide Appendix H IP Subnetting IP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1.
Page 256: Table 97 Allowed Ip Address Range By Class
G-3000H User’s Guide Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127. Similarly the first octet of a class “B” must begin with “10”, therefore the first octet of a class “B”...
Page 257: Table 99 Alternative Subnet Mask Notation
G-3000H User’s Guide Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/”...
Page 258: Table 101 Subnet 1
G-3000H User’s Guide Note: In the following charts, shaded/bolded last octet bit values indicate host ID bits “borrowed” to form network ID bits. The number of “borrowed” host ID bits determines the number of subnets you can have. The remaining number of host ID bits (after “borrowing”) determines the number of hosts you can have on each subnet.
Page 259: Table 103 Subnet 1
G-3000H User’s Guide Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow” two host ID bits to give four possible combinations of 00, 01, 10 and 11. The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192.
Page 260: Table 106 Subnet 4
G-3000H User’s Guide Table 106 Subnet 4 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 11000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.193 192.168.1.192 Broadcast Address: Highest Host ID: 192.168.1.254 192.168.1.255 Example Eight Subnets Similarly use a 27-bit mask to create 8 subnets (001, 010, 011, 100, 101, 110).
Page 261: Table 109 Class B Subnet Planning
G-3000H User’s Guide Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID. A class “B” address has two host ID octets available for subnetting and a class “A” address has...
Page 262 G-3000H User’s Guide Appendix H IP Subnetting...
Page 263: Appendix I Command Interpreter
G-3000H User’s Guide Appendix I Command Interpreter The following describes how to use the command interpreter. Enter 24 in the main menu to bring up the system maintenance menu. Enter 8 to go to Menu 24.8 - Command Interpreter Mode. See the included disk or zyxel.com for more detailed information on these commands.
Page 264 G-3000H User’s Guide Appendix I Command Interpreter...
Page 265: Appendix J Log Descriptions
G-3000H User’s Guide Appendix J Log Descriptions This appendix provides descriptions of example log messages. Table 110 System Maintenance Logs LOG MESSAGE DESCRIPTION The router has adjusted its time based on information from the time Time calibration is server. successful The router failed to get information from the time server.
Page 266: Table 112 Sys Log
G-3000H User’s Guide Table 111 ICMP Notes (continued) TYPE CODE DESCRIPTION Redirect datagrams for the Network Redirect datagrams for the Host Redirect datagrams for the Type of Service and Network Redirect datagrams for the Type of Service and Host Echo...
Page 267: Table 113 Log Categories And Available Settings
G-3000H User’s Guide Use sys logs category followed by a log category and a parameter to decide what to record Table 113 Log Categories and Available Settings LOG CATEGORIES AVAILABLE PARAMETERS error 0, 1, 2, 3 mten 0, 1 to not record logs for that category,...
Page 268 G-3000H User’s Guide Appendix J Log Descriptions...
Page 269: Indoor Installation Recommendations
G-3000H User’s Guide Appendix K Indoor Installation Recommendations An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air.
Page 270 G-3000H User’s Guide • Omni-directional antennas send the RF signal out in all directions on a horizontal plane. The coverage area is torus-shaped (like a donut) which makes these antennas ideal for a room environment. With a wide coverage area, it is possible to make circular overlapping coverage areas with multiple access points.
Page 271: Power Adaptor Specifications
G-3000H User’s Guide Appendix L Power Adaptor Specifications Table 114 North American Plug Standards AC Power Adaptor Model ADS6818-1812-W 1215 Input Power 100~240 Volts AC, 50~60 Hz, 0.5 A Output Power 12 Volts DC, 1.5A, 18W Power Consumption 6 W Max Safety Standards UL, CUL (UL60950 Third Edition, CSA C22.2 No.
Page 272 G-3000H User’s Guide Appendix L Power Adaptor Specifications...
Page 273: Text File Based Auto Configuration
G-3000H User’s Guide Appendix M Text File Based Auto Configuration This chapter describes how administrators can use text configuration files to configure the wireless LAN settings for multiple APs. Text File Based Auto Configuration Overview You can use plain text configuration files to configure the wireless LAN settings on multiple APs.
Page 274: Table 118 Auto Configuration By Dhcp
G-3000H User’s Guide Auto Configuration by DHCP A DHCP response can use options 66 and 67 to assign a TFTP server IP address and a filename. If the AP is configured as a DHCP client, these settings can be used to perform auto configuration.
Page 275: Figure 180 Configuration File Format
G-3000H User’s Guide Verifying Your Configuration File Upload Via SNMP You can use SNMP management software to display the configuration file version currently on the device by using the following MIB. Table 121 Displaying the File Version ITEM OBJECT ID...
Page 276: Figure 181 Wep Configuration File Example
G-3000H User’s Guide The AP ignores any improperly formatted commands and continues to check the next line. If there are any errors while processing the configuration file, the AP generates a message with the line number and reason for the first error (subsequent errors during the processing of an individual configuration file are not recorded).
Page 277: Figure 182 802.1X Configuration File Example
G-3000H User’s Guide Figure 182 802.1X Configuration File Example !#ZYXEL PROWLAN !#VERSION 12 wan security 2 name Test-8021x wcfg security 2 security 8021x-dynamic128 wcfg security 2 reauthtime 1800 wcfg security 2 idletime 3600 wcfg security save wcfg radius 2 name radius-rd wcfg radius 2 primary 172.23.3.4 1812 untagged secret...
Page 278: Figure 184 Wpa Configuration File Example
G-3000H User’s Guide Figure 184 WPA Configuration File Example !#ZYXEL PROWLAN !#VERSION 14 wcfg security 4 name Test-wpa wcfg security 4 mode wpa wcfg security 4 reauthtime 1800 wcfg security 4 idletime 3600 wcfg security 4 groupkeytime 1800 wcfg security save wcfg radius 4 name radius-rd1 wcfg radius 4 primary 172.0.20.38 1812 20 secret...
Page 279: Figure 185 Wlan Configuration File Example
G-3000H User’s Guide Figure 185 wlan Configuration File Example !#ZYXEL PROWLAN !#VERSION 15 wcfg ssid 1 name ssid-wep wcfg ssid 1 security Test-wep wcfg ssid 2 name ssid-8021x wcfg ssid 2 security Test-8021x wcfg ssid 2 radius radius-rd wcfg ssid 3 name ssid-wpapsk...
Page 280 G-3000H User’s Guide Appendix M Text File Based Auto Configuration...
Page 281: Appendix N Wireless Lan Manager
G-3000H User’s Guide Appendix N Wireless LAN Manager This appendix shows you how to install and use the Wireless LAN Manager. The Wireless LAN Manager (WLM) software simplifies SNMP based firmware and configuration file upgrades on the AP. WLM is an Element Manager System (EMS) plug-in for SNMPc management software.
Page 282: Figure 186 Ems Installation Wizard: Welcome Screen
G-3000H User’s Guide 1 Install SNMPc if it is not already installed. See the user’s guide for more information. 2 Insert the CD. The CD auto-runs. Click the Tools link and then the WLM EMS link. Otherwise you can go to the WLM EMS folder and double-click Setup.exe.
Page 283: Figure 188 Ems Installation Wizard: Complete Screen
G-3000H User’s Guide Figure 188 EMS Installation Wizard: Complete Screen SNMPc Network Manager Startup Use the following steps to set whether or not SNMPc starts automatically each time you turn on your computer. 1 Click Start, Programs, SNMPc Network Manager, Startup System to manually start the SNMPc network manager.
Page 284: Figure 189 Starting The Snmpc Network Manager
G-3000H User’s Guide Figure 189 Starting the SNMPc Network Manager 2 Click Config, System Startup..Figure 190 Accessing the SNMPc Startup Settings 3 Select Auto Startup check box if you want SNMPc to automatically start each time you turn on your computer, otherwise clear it. Click Close.
Page 285: Figure 191 Snmpc Task Setup Screen
G-3000H User’s Guide Figure 191 SNMPc Task Setup Screen Adding MIBs The Management Information Base (MIB) is designed for holding management information on systems (such as the AP) that the standard MIB does not include. 1 From the SNMPc Network Manager main screen, click Config, Mib Database.
Page 286: Figure 193 Compile Mibs Screen
G-3000H User’s Guide Figure 193 Compile Mibs Screen 3 The Add Mib files... screen opens. Select zyxel-prowireless.mib in the list box and click Figure 194 Add Mib files Screen 4 In the Compile Mibs screen, click Compile. Figure 195 Compile Mibs Screen 5 Click Yes when asked to confirm.
Page 287: Figure 196 Compile Mibs Confirm Screen
G-3000H User’s Guide Figure 196 Compile Mibs Confirm Screen 6 This screen appears after the compiling finishes. Click OK. Figure 197 Compile Mib OK Screen 7 Finally click Done in the Compile Mibs screen. Proprietary MIBs The following objects are contained in the zyxel-prowireless.mib.
Page 288: Figure 198 Selecting The Root Subnet
G-3000H User’s Guide 1 Select the Root Subnet. Figure 198 Selecting the Root Subnet 2 Click Insert, MAP Object, Device. Figure 199 Accessing the MAP Object Properties Screen 3 In the MAP Object Properties screen, enter a descriptive device name and IP address for the device.
Page 289: Figure 201 Map Object Properties: Access
G-3000H User’s Guide Figure 201 MAP Object Properties: Access 5 Change the read and write communities (passwords) to match the ones you use in your AP. Then click OK. Note: For security purposes, it is strongly recommended to change the Read Community and Read/Write Community on your AP.
Page 290: Figure 203 Accessing The Discovery/Polling Agents Screen
G-3000H User’s Guide Device Auto-Discovery Do the following to enable auto-discovery. 1 Click Config, Discovery/Polling. Figure 203 Accessing the Discovery/Polling Agents Screen 2 Select the Enable Discovery check box and click OK. Figure 204 Discovery/Polling Agents Screen 3 After the device has been found, an icon and label appear in the network manager view window.
Page 291: Figure 205 Device Icon
G-3000H User’s Guide Figure 205 Device Icon 4 The MAP Object Properties screen opens. Click the Access tab. Figure 206 MAP Object Properties: Access 5 Change the read and write communities (passwords) to match the ones you use in your AP.
Page 292: Figure 207 Wlm Ems Screen
G-3000H User’s Guide Accessing the EMS In the SNMPc main screen, double-click the device icon to open the WLM EMS screen. Use this screen to view the current firmware and text configuration file versions on an AP. You can also upload firmware and text configuration files from a TFTP server to a specific AP. This is also referred to as text file based auto configuration.
Page 293 G-3000H User’s Guide • Make sure that the device you want to manage is connected to the network and operating properly. • If the problem still persists, uninstall and re-install the EMS software. Appendix N Wireless LAN Manager...
Page 294 G-3000H User’s Guide Appendix N Wireless LAN Manager...
Page 295: Index
G-3000H User’s Guide Index Community 185, 289 Configuration File Examples Address Assignment 46, 115 Format Alternative Subnet Mask Notation Configuration File Rules Antenna Contact Information Directional Contacting Customer Support Omni-directional Antenna gain CPU Load AP (access point) CTS (Clear to Send)
Page 296 G-3000H User’s Guide Installation System Requirements Troubleshooting IBSS Encryption 70, 251 IEEE 802.1x 33, 248 Error Log In-band Management Error/Information Messages Independent Basic Service Set 153, 243 Sample Install SNMPc 54, 244 Installing EMS ESS ID Internet access ESS IDentification...
Page 297 G-3000H User’s Guide Rate Receiving Transmission Network Management Read Community North America Contact Information Read/Write Community Norway, Contact Information ReAuthentication Time 78, 79, 80, 81 Registration Regular Mail Related Documentation Remote Authentication Dial In User Service Remote Management and NAT...
Page 298 G-3000H User’s Guide Subnet Masks User Authentication Subnetting User Profiles Support E-mail Sweden, Contact Information Syntax Conventions System Console Port Speed Diagnostic Valid CI Commands Log and Trace Virtual Local Area Network System Information VLAN 31, 101 System Status Time and Date System Information System Information &...
Page 299 G-3000H User’s Guide ZyNOS F/W Version zyxel-prowireless.mib Index...

ZyXEL Communications G-3000H User Manual

Chapter 1 Getting to Know Your Zyair

Chapter 2 Introducing the Web Configurator

Chapter 3 Wizard Setup

Chapter 4 System Screens

Chapter 5 Wireless Configuration

Chapter 6 Wireless Security Configuration

Chapter 7 Multiple ESS, SSID and VLAN

Chapter 8 Other Wireless Configurations

Chapter 9 VLAN

Chapter 10 IP Screen

Chapter 11 Certificates

Chapter 12 Remote Management Screens

Chapter 13 Log Screens

Quick Links

Troubleshooting

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for ZyXEL Communications G-3000H

Summary of Contents for ZyXEL Communications G-3000H