ZyXEL Communications NXC2500 User Manual

ZyXEL Communications NXC2500 User Manual

Wireless lan controller
Hide thumbs Also See for NXC2500:
Table of Contents

Advertisement

NXC2500
Wireless LAN Controller
Version 4.00
Edition 1, 05/2013
Quick Start Guide
User's Guide
Default Login Details
IP Address
User Name
Password
www.zyxel.com
https://192.168.1.1
admin
1234
Copyright © 2013 ZyXEL Communications Corporation

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the NXC2500 and is the answer not in the manual?

Questions and answers

Summary of Contents for ZyXEL Communications NXC2500

  • Page 1 NXC2500 Wireless LAN Controller Version 4.00 Edition 1, 05/2013 Quick Start Guide User’s Guide Default Login Details IP Address https://192.168.1.1 User Name admin Password 1234 www.zyxel.com Copyright © 2013 ZyXEL Communications Corporation...
  • Page 2 NXC. Note: It is recommended you use the Web Configurator to configure the NXC. • Web Configurator Online Help Click the help icon in any screen for help in configuring that screen and supplementary information. NXC2500 User’s Guide...
  • Page 3: Table Of Contents

    MON Profile ............................203 Addresses .............................209 Services ..............................215 Schedules .............................221 AAA Server ............................227 Authentication Method ..........................238 Certificates ............................241 System ..............................259 Log and Report .............................297 File Manager ............................313 Diagnostics ............................325 Packet Flow Explore ..........................337 Reboot ..............................345 Shutdown ..............................347 Troubleshooting ............................349 NXC2500 User’s Guide...
  • Page 4 Contents Overview NXC2500 User’s Guide...
  • Page 5: Table Of Contents

    2.2 Front Panel ............................25 2.2.1 Front Panel LEDs ........................26 2.3 Rear Panel ............................27 Chapter 3 The Web Configurator ........................29 3.1 Overview ............................29 3.2 Access ...............................29 3.3 The Main Screen ..........................31 3.3.1 Title Bar ...........................31 3.3.2 Navigation Panel ........................38 NXC2500 User’s Guide...
  • Page 6 5.11 AP List ............................73 5.11.1 Station Count of AP .......................74 5.12 Radio List ............................75 5.12.1 AP Mode Radio Information ....................77 5.13 Station List ............................78 5.14 Detected Device ..........................79 5.15 View Log ............................80 5.16 View AP Log ...........................83 Chapter 6 Registration............................85 NXC2500 User’s Guide...
  • Page 7 8.3.2 Add/Edit VLAN ........................116 8.4 Technical Reference ........................121 Chapter 9 Policy and Static Routes ........................125 9.1 Overview ............................125 9.1.1 What You Can Do in this Chapter ..................125 9.1.2 What You Need to Know .......................125 9.2 Policy Route ...........................126 NXC2500 User’s Guide...
  • Page 8 13.1.1 What You Can Do in this Chapter ..................149 13.1.2 What You Need to Know ......................149 13.2 IP/MAC Binding Summary ......................150 13.2.1 Edit IP/MAC Binding ......................151 13.2.2 Add/Edit Static DHCP Rule ....................152 13.3 IP/MAC Binding Exempt List ......................153 Chapter 14 Captive Portal............................155 14.1 Overview ............................155 NXC2500 User’s Guide...
  • Page 9 16.3.1 SSID List ..........................193 16.3.2 Security List .........................196 16.3.3 MAC Filter List ........................201 Chapter 17 MON Profile ............................203 17.1 Overview ............................203 17.1.1 What You Can Do in this Chapter ..................203 17.1.2 What You Need To Know .....................203 NXC2500 User’s Guide...
  • Page 10 21.1.1 What You Can Do in this Chapter ..................227 21.1.2 What You Need To Know .....................227 21.2 Active Directory / LDAP .........................230 21.2.1 Add/Edit Active Directory / LDAP Server ................232 21.3 RADIUS ............................235 21.3.1 Add/Edit RADIUS .......................236 NXC2500 User’s Guide...
  • Page 11 24.6.2 Configuring the DNS Screen ....................265 24.6.3 Address Record ........................268 24.6.4 PTR Record .........................268 24.6.5 Adding an Address/PTR Record ..................268 24.6.6 Domain Zone Forwarder .....................269 24.6.7 Add Domain Zone Forwarder ....................269 24.6.8 MX Record ..........................270 24.6.9 Add MX Record ........................270 NXC2500 User’s Guide...
  • Page 12 25.3.4 Edit Remote Server Log Settings ..................307 25.3.5 Log Category Settings ......................308 Chapter 26 File Manager............................313 26.1 Overview ............................313 26.1.1 What You Can Do in this Chapter ..................313 26.1.2 What you Need to Know ......................313 26.2 Configuration File ..........................315 26.3 Firmware Package ........................319 NXC2500 User’s Guide...
  • Page 13 Shutdown............................347 30.1 Overview ............................347 30.1.1 What You Need To Know .....................347 30.2 Shutdown ............................347 Chapter 31 Troubleshooting..........................349 31.1 Overview ............................349 31.1.1 General ..........................349 31.1.2 Wireless ..........................354 31.2 Resetting the NXC ........................356 31.3 Getting More Troubleshooting Help ....................357 NXC2500 User’s Guide...
  • Page 14 Table of Contents Appendix A Log Descriptions......................359 Appendix B Common Services ......................387 Appendix C Importing Certificates ....................391 Appendix D Wireless LANs......................405 Appendix E Legal Information......................417 Index ..............................421 NXC2500 User’s Guide...
  • Page 15: User's Guide

    User’s Guide...
  • Page 17: Introduction

    There are two types of interfaces in the NXC. In addition to being used in various features, interfaces also describe the network that is directly connected to it. • Ethernet interfaces are the foundation for defining other interfaces and network policies. NXC2500 User’s Guide...
  • Page 18: Example Interface And Zone Configuration

    • The LAN zone contains the ge1~ ge6 interfaces (physical ports P1~P6). By default, all LAN interfaces are put in vlan0. • The console port is not in a zone and can be directly accessed by a computer attached to it using a special console-to-Ethernet adapter. NXC2500 User’s Guide...
  • Page 19: Applications

    Note: Monitoring for rogue APs is not supported by the NWA5121-N, NWA5121-NI and NWA5123-NI when they are in managed AP mode. NXC2500 User’s Guide...
  • Page 20: Captive Portal

    APs and determining what channels are currently being used by other devices not connected to the network. 1.3.6 User-Aware Access Control Set up security policies that restrict access to sensitive information and shared resources based on the user who is trying to access it. NXC2500 User’s Guide...
  • Page 21: Management Overview

    If you are in a screen that uses objects, you can also usually select Create new Object to be able to configure a new object. Use the Object Reference screen to see what objects are configured and which configuration settings reference specific objects. NXC2500 User’s Guide...
  • Page 22: Starting And Stopping The Nxc

    The NXC does not stop or start the system processes when you apply configuration files or run shell scripts although you may temporarily lose access to network resources. NXC2500 User’s Guide...
  • Page 23: Hardware Installation And Connection

    Note: Failure to use the proper screws may damage the unit. 2.1.1 Rack-Mounted Installation Procedure Align one bracket with the holes on one side of the NXC and secure it with the included bracket screws (smaller than the rack-mounting screws). NXC2500 User’s Guide...
  • Page 24 Chapter 2 Hardware Installation and Connection Attach the other bracket in a similar fashion. NXC2500 User’s Guide...
  • Page 25: Front Panel

    Ethernet so the speed can be 100 Mbps or 1000 Mbps. The duplex mode can be both half or full duplex at 100 Mbps and full duplex only at 1000 Mbps. An auto-negotiating port can detect and NXC2500 User’s Guide...
  • Page 26: Front Panel Leds

    Orange This port has a successful link to a 1000 Mbps Ethernet network. Blinking The NXC is sending or receiving packets to/from a 1000 Mbps Ethernet network on this port There is no connection on this port. NXC2500 User’s Guide...
  • Page 27: Rear Panel

    • No flow control Connect the male 9-pin end of the RS-232 console cable to the console port of the NXC. Connect the female end to a serial port (COM1, COM2 or other COM port) of your computer. NXC2500 User’s Guide...
  • Page 28 Chapter 2 Hardware Installation and Connection NXC2500 User’s Guide...
  • Page 29: The Web Configurator

    The recommended screen resolution is 1024 x 768 pixels and higher. 3.2 Access Make sure your NXC hardware is properly connected. See the Quick Start Guide. Browse to http://192.168.1.1. The Login screen appears. Enter the user name (default: “admin”) and password (default: “1234”). NXC2500 User’s Guide...
  • Page 30 Otherwise, the dashboard appears. This screen appears every time you log in using the default user name and default password. If you change the password for the default user account, this screen does not appear anymore. NXC2500 User’s Guide...
  • Page 31: The Main Screen

    The icons provide the following functions. Table 6 Title Bar: Web Configurator Icons LABEL DESCRIPTION Logout Click this to log out of the Web Configurator. Help Click this to open the help page for the current screen. NXC2500 User’s Guide...
  • Page 32 This shows the version number of the software that handles the booting process of the NXC. Current Version This shows the firmware version of the NXC. Released Date This shows the date (yyyy-mm-dd) and time (hh:mm:ss) when the firmware is released. Click this to close the screen. NXC2500 User’s Guide...
  • Page 33 Figure 9 Site Map Object Reference Click Object Reference to open the Object Reference screen. Select the type of object and the individual object and click Refresh to show which configuration settings reference the object. Figure 10 Object Reference NXC2500 User’s Guide...
  • Page 34 Note: To view the functions in the Web Configurator user interface that correspond directly to specific NXC CLI commands, use the CLI Messages window (see Section on page 37) in tandem with this one. Figure 11 Console NXC2500 User’s Guide...
  • Page 35 • Your web browser of choice allows pop-up windows from the IP address assigned to your NXC. • Your web browser allows Java programs. • You are using the latest version of the Java program (http://www.java.com). To login in through the Console: Click the Console button on the Web Configurator title bar. NXC2500 User’s Guide...
  • Page 36 Next, enter the User Name of the account being used to log into your target device and then click You may be prompted to authenticate your account password, depending on the type of device that you are logging into. Enter the password and click OK. NXC2500 User’s Guide...
  • Page 37 Click CLI to look at the CLI commands sent by the Web Configurator. These commands appear in a popup window, such as the following. Figure 12 CLI Messages Click Clear to remove the currently displayed information. See the Command Reference Guide for information about the commands. NXC2500 User’s Guide...
  • Page 38: Navigation Panel

    List the users currently logged into the NXC. Dynamic Guest List the dynamic guest accounts in the NXC’s local database. USB Storage Display details about a USB device connected to the NXC. Wireless AP Information AP List Display information about the connected APs. NXC2500 User’s Guide...
  • Page 39 Configure ranges of IP addresses to which the NXC does not apply IP/MAC binding. Captive Portal Captive Portal Assign the captive portal web page to various network services. Login Page Assign and customize the login page user’s see when they hit the captive portal. Object NXC2500 User’s Guide...
  • Page 40 Language Select the Web Configurator language. Log & Report Email Daily Configure where and how to send daily reports and what reports Report to send. Log Settings Configure the system log, e-mail logs, and remote syslog servers. NXC2500 User’s Guide...
  • Page 41: Warning Messages

    3.3.4 Tables and Lists The Web Configurator tables and lists are quite flexible and provide several options for how to display their entries. Manipulating Table Display Here are some of the ways you can manipulate the Web Configurator tables. NXC2500 User’s Guide...
  • Page 42 • Sort in ascending alphabetical order • Sort in descending (reverse) alphabetical order • Select which columns to display • Group entries by field • Show entries in groups • Filter by mathematical operators (<, >, or =) or searching for text. NXC2500 User’s Guide...
  • Page 43 Select a column heading cell’s right border and drag to re-size the column. Select a column heading and drag and drop it to change the column order. A green check mark displays next to the column’s title when you drag the column to a valid new location. NXC2500 User’s Guide...
  • Page 44 To remove an entry, select it and click Remove. The NXC confirms you want to remove it before doing so. Activate To turn on an entry, select it and click Activate. Inactivate To turn off an entry, select it and click Inactivate. NXC2500 User’s Guide...
  • Page 45 In some lists you can also use the [Shift] or [Ctrl] key to select multiple entries, and then use the arrow button to move them to the other list. Figure 15 Working with Lists NXC2500 User’s Guide...
  • Page 46 Chapter 3 The Web Configurator NXC2500 User’s Guide...
  • Page 47: Technical Reference

    Technical Reference...
  • Page 49: Dashboard

    57) displays the IP addresses currently assigned to DHCP clients and the IP addresses reserved for specific MAC addresses. • The Number of Login Users screen (Section 4.2.5 on page 58) displays the users currently logged into the NXC. NXC2500 User’s Guide...
  • Page 50: Dashboard

    Dashboard icon in the navigation panel. The Dashboard displays general device information, system status, system resource usage, licensed service status, and interface status in widgets that you can re-arrange to suit your needs. You can also collapse, refresh, and close individual widgets. Figure 16 Dashboard NXC2500 User’s Guide...
  • Page 51 NXC. Hover your cursor over this field to display icons. Click the Detail icon to go to the Session Monitor screen to see details about the active sessions. Click the Show Active Sessions icon to display a chart of NXC’s recent session usage. NXC2500 User’s Guide...
  • Page 52 Fallback to system default configuration - The NXC was unable to apply the lastgood.conf configuration file and fell back to the system default configuration file (system-default.conf). Booting in progress - The NXC is still applying the system configuration. NXC2500 User’s Guide...
  • Page 53 Displays the top 5 Access Points (AP) with the highest number of station (aka wireless client) connections. This field displays the rank of the station. AP MAC This field displays the MAC address of the AP to which the station belongs. NXC2500 User’s Guide...
  • Page 54: Cpu Usage

    The x-axis shows the time period over which the CPU usage occurred Refresh Interval Enter how often you want this window to be automatically updated. Refresh Now Click this to update the information in the window right away. NXC2500 User’s Guide...
  • Page 55: Memory Usage

    The x-axis shows the time period over which the RAM usage occurred Refresh Interval Enter how often you want this window to be automatically updated. Refresh Now Click this to update the information in the window right away. NXC2500 User’s Guide...
  • Page 56: Session Usage

    The x-axis shows the time period over which the session usage occurred Refresh Interval Enter how often you want this window to be automatically updated. Refresh Now Click this to update the information in the window right away. NXC2500 User’s Guide...
  • Page 57: Dhcp Table

    If this field is clear, this entry is a dynamic DHCP entry. The IP address is assigned to a DHCP client. To create a static DHCP entry using an existing dynamic DHCP entry, select this field. To remove a static DHCP entry, clear this field. NXC2500 User’s Guide...
  • Page 58: Number Of Login Users

    If the user type is ext-user (external user), this field will show its external-group information when you move your mouse over it. If the external user matches two external- group objects, both external-group object names will be shown. Force Logout Click this icon to end a user’s session. NXC2500 User’s Guide...
  • Page 59: Monitor

    • The View AP Log screen (Section 5.16 on page 83) displays the NXC’s current wireless AP log messages. NXC2500 User’s Guide...
  • Page 60: What You Need To Know

    Click this to stop the window from updating automatically. You can start it again by setting the Poll Interval and clicking Set Interval. Switch to Click this to display the port statistics as a line graph. Graphic View NXC2500 User’s Guide...
  • Page 61 Up Time This field displays how long the physical port has been connected. System Up Time This field displays how long the NXC has been running since it last restarted or was turned NXC2500 User’s Guide...
  • Page 62: Port Statistics Graph

    This line represents traffic transmitted from the NXC on the physical port since it was last connected. This line represents the traffic received by the NXC on the physical port since it was last connected. Last Update This field displays the date and time the information in the window was last updated. NXC2500 User’s Guide...
  • Page 63: Interface Status

    Up - The VLAN interface is enabled and one of its member Ethernet interfaces is connected. Down - The VLAN interface is enabled but none of its member Ethernet interfaces is connected. Inactive - The VLAN interface is disabled. NXC2500 User’s Guide...
  • Page 64: Traffic Statistics

    5.5 Traffic Statistics Click Monitor > System Status > Traffic Statistics to display this screen. This screen provides basic information about the different kinds of data traffic moving through the NXC. For example: NXC2500 User’s Guide...
  • Page 65 Click Apply to save your changes back to the NXC. Reset Click Reset to return the screen to its last-saved settings. Statistics Interface Select the interface from which to collect information. You can collect information from Ethernet or VLAN interfaces. NXC2500 User’s Guide...
  • Page 66 HTTP GET packets. Many Web sites have HTTP GET references to other Web sites, and the NXC counts these as hits too. The count starts over at zero if the number of hits passes the hit count limit. See Table 25 on page NXC2500 User’s Guide...
  • Page 67: Session Monitor

    You can also filter the information by user, protocol / service or service group, source address, and/ or destination address and view it by user. Click Monitor > System Status > Session Monitor to display the following screen. Figure 26 Monitor > System Status > Session Monitor NXC2500 User’s Guide...
  • Page 68 This field displays the amount of information received by the source in the active session. This field displays the amount of information transmitted by the source in the active session. Duration This field displays the length of the active session in seconds. NXC2500 User’s Guide...
  • Page 69: Ip/Mac Binding Monitor

    This is when the device last established a session with the NXC through this interface. Description This field displays the descriptive name that helps identify the entry. Refresh Click this button to update the information in the screen. NXC2500 User’s Guide...
  • Page 70: Login Users

    Internet or the NXC’s services in a specified period of time. Multiple dynamic guest accounts can be automatically generated at one time for guest users by using the web configurator and the guest-manager account. Guest users can log in with the dynamic accounts NXC2500 User’s Guide...
  • Page 71: Usb Storage

    This field displays the additional information for the user account. Refresh Click this button to update the information in the screen. 5.10 USB Storage This screen displays information about a connected USB storage device. Click Monitor > System Status > USB Storage to display this screen. NXC2500 User’s Guide...
  • Page 72 Mounting - the NXC is mounting the USB storage device. Removing - the NXC is unmounting the USB storage device. none - the USB device is operating normally or not connected. NXC2500 User’s Guide...
  • Page 73: Ap List

    NXC last started up. Last Off-line This displays the most recent time the AP went off-line. N/A displays if the AP has either Time not come on-line or gone off-line since the NXC last started up. NXC2500 User’s Guide...
  • Page 74: Station Count Of Ap

    Use this screen to look at station statistics for the connected AP. To access this screen, select an entry and click the More Information button in the AP List screen. Figure 32 Monitor > Wireless > AP Information > AP List > Station Count of AP NXC2500 User’s Guide...
  • Page 75: Radio List

    This indicates the radio number on the AP to which it belongs. OP Mode This indicates the radio’s operating mode. Operating modes are AP (access point) or MON (monitor). Profile This indicates the profile name to which the radio belongs. NXC2500 User’s Guide...
  • Page 76 DESCRIPTION When an AP is being load balanced, this icon means it is operating over the maximum allocated bandwidth. When an AP is being load balanced, this icon means it is operating under the maximum allocated bandwidth. NXC2500 User’s Guide...
  • Page 77: Ap Mode Radio Information

    24 hours. To access this window, select an entry and click the More Information button in the Radio List screen. Figure 34 Monitor > Wireless > AP Information > Radio List > AP Mode Radio Information NXC2500 User’s Guide...
  • Page 78: Station List

    Click this to close this window. 5.13 Station List Use this screen to view statistics pertaining to the associated stations (or “wireless clients”). Click Monitor > Wireless > Station Info to access this screen. Figure 35 Monitor > Wireless > Station List NXC2500 User’s Guide...
  • Page 79: Detected Device

    Note: At least one radio of the APs connected to the NXC must be set to monitor mode in order to detect other wireless devices in the Wireless > AP Management screen) its vicinity. Figure 36 Monitor > Wireless > Rogue AP > Detected Device NXC2500 User’s Guide...
  • Page 80: View Log

    • For individual log descriptions, see Appendix A on page 359. • For the maximum number of log messages in the NXC, see the datasheet. NXC2500 User’s Guide...
  • Page 81 Debug Log. Source Address This displays when you show the filter. Type the source IP address of the incoming packet that generated the log message. Do not include the port in this filter. NXC2500 User’s Guide...
  • Page 82 This field displays the destination IP address and the port number of the event that generated the log message. Note This field displays any additional information about the log message. The Web Configurator saves the filter settings if you leave the View Log screen and return to it later. NXC2500 User’s Guide...
  • Page 83: View Ap Log

    Last Log Query This indicates the last time the AP was queried for its log messages. Time Display Select the log file from the specified AP that you want displayed. Note: This criterion only appears when you Show Filter. NXC2500 User’s Guide...
  • Page 84 This displays content of the selected log message. Source This displays the source IP address of the selected log message. Destination This displays the source IP address of the selected log message. Note This displays any notes associated with the selected log message. NXC2500 User’s Guide...
  • Page 85: Registration

    The NXC is initially configured to support up to 8 managed APs (such as the NWA5123-NI). You can increase this by subscribing to additional licenses. As of this writing, each license upgrade allows an additional 8 managed APs while the maximum number of APs a single NXC can support is 24. NXC2500 User’s Guide...
  • Page 86: Registration

    Click this button to check with the myZyXEL.com database to verify the user name you entered has not been used. Password Enter a password of between six and 20 alphanumeric characters (and the underscore). Spaces are not allowed. Confirm Password Enter the password again for confirmation. NXC2500 User’s Guide...
  • Page 87: Service

    Figure 40 Configuration > Licensing > Registration: Registered Device 6.3 Service Use this screen to display the status of your service registrations and upgrade licenses. To activate or extend a standard service subscription, purchase an iCard and enter the iCard’s PIN number NXC2500 User’s Guide...
  • Page 88 If a standard service subscription runs out, you need to buy a new iCard (specific to your NXC) and enter the new PIN number to extend the service. Service License Refresh Click this button to renew service license information (such as the registration status and expiration day). NXC2500 User’s Guide...
  • Page 89: Wireless

    Wireless load balancing is the process where you limit the number of connections allowed on an wireless access point (AP) or you limit the amount of wireless traffic transmitted and received on it so the AP does not become overloaded. NXC2500 User’s Guide...
  • Page 90: Controller

    Click Reset to return the screen to its last-saved settings. 7.3 AP Management Use this screen to manage all of the APs connected to the NXC. Click Configuration > Wireless > AP Management to access this screen. Figure 43 Configuration > Wireless > AP Management NXC2500 User’s Guide...
  • Page 91 AP’s management VLAN ID does not match the Mgnt. VLAN ID(AC). This field displays n/a if the NXC cannot get VLAN information from the AP. Description This field displays the AP’s description, which you can configure by selecting the AP’s entry and clicking the Edit button. NXC2500 User’s Guide...
  • Page 92: Edit Ap List

    MON Mode means the AP monitors the broadcast area for other APs, then passes their information on to the NXC where it can be determined if those APs are friendly or rogue. If an AP is set to this mode it cannot receive connections from wireless clients. NXC2500 User’s Guide...
  • Page 93: Mon Mode

    Click this button to add an AP to the list and assign it either friendly or rogue status. Edit Select an AP in the list to edit and reassign its status. Remove Select an AP in the list to remove. NXC2500 User’s Guide...
  • Page 94: Add/Edit Rogue/Friendly List

    Enter up to 60 characters for the AP’s description. Spaces and underscores are allowed. Role Select either Rogue AP or Friendly AP for the AP’s role. Apply Click Apply to save your changes back to the NXC. Reset Click Reset to return the screen to its last-saved settings. NXC2500 User’s Guide...
  • Page 95: Load Balancing

    Note: If you enable this function, you should ensure that there are multiple APs within the broadcast radius that can accept any rejected or kicked wireless clients; otherwise, a wireless client attempting to connect to an overloaded AP will be kicked continuously and never be allowed to connect. NXC2500 User’s Guide...
  • Page 96: Disassociating And Delaying Connections

    AP over its allotment, say to 7 Mbps, then the AP delays the red laptop’s connection until it can afford the bandwidth or the laptop is picked up by a different AP with bandwidth to spare. Figure 48 Delaying a Connection NXC2500 User’s Guide...
  • Page 97: Dcs

    7.6 DCS Use DCS (Dynamic Channel Selection) in an environment where are many APs and there may be interference. DCS allows APs to automatically find a less-used channel in such an environment. Use NXC2500 User’s Guide...
  • Page 98 If the channel on which it is currently broadcasting suddenly comes into use by another AP, the NXC will then dynamically select the next available clean channel or a channel with lower interference. NXC2500 User’s Guide...
  • Page 99 Select manual and specify the channels the AP uses in the 5 GHz band. Available This text box lists the channels that are available in the 5 GHz band. Select the channels channels that you want the AP to use, and click the right arrow button to add them. NXC2500 User’s Guide...
  • Page 100: Technical Reference

    In the 2.4 GHz spectrum, each channel from 1 to 13 is broken up into discrete 22 MHz segments that are spaced 5 MHz apart. Channel 1 is centered on 2.412 GHz while channel 13 is centered on 2.472 GHz. Figure 51 An Example Three-Channel Deployment NXC2500 User’s Guide...
  • Page 101: Load Balancing

    AP. If he still connects to the AP regardless of the delay, then the AP may boot other people who are already connected in order to associate with the new connection. NXC2500 User’s Guide...
  • Page 102 AP has the bandwidth to spare. If too many people connect and the AP hits its bandwidth cap then all new connections must basically wait for their turn or get shunted to the nearest identical AP. NXC2500 User’s Guide...
  • Page 103: Interfaces

    You can create several types of interfaces in the NXC. • Ethernet interfaces are the foundation for defining other interfaces and network policies. • VLAN interfaces receive and send tagged frames. The NXC automatically adds or removes the tags as needed. NXC2500 User’s Guide...
  • Page 104: Ethernet Summary

    However, the routers also generate more network traffic, and some routing protocols require a significant amount of configuration and management. Figure 54 Configuration > Network > Interface > Ethernet NXC2500 User’s Guide...
  • Page 105: Edit Ethernet

    Reset Click Reset to return the screen to its last-saved settings. 8.2.1 Edit Ethernet This screen lets you configure IP address assignment and interface parameters. To access this screen, click an Edit icon in the Ethernet screen. NXC2500 User’s Guide...
  • Page 106 IP address settings change. For example, if you change LAN’s IP address, the NXC automatically updates the corresponding interface- based, LAN subnet address object. Figure 55 Configuration > Network > Interface > Ethernet > Edit (general) NXC2500 User’s Guide...
  • Page 107 This field is enabled if you set the Interface Type to internal or you select Use Fixed IP Address. Enter the subnet mask of this interface in dot decimal notation. The subnet mask indicates what part of the IP address is the same for all computers in the network. NXC2500 User’s Guide...
  • Page 108 This field only displays when you set the Check Method to tcp. Specify the port number to use for a TCP connectivity check. DHCP Setting These fields appear when you set the Interface Type to Internal or General. NXC2500 User’s Guide...
  • Page 109 This table is available if you selected DHCP server. Options Configure this table if you want to send more information to DHCP clients through DHCP packets. Click this to create an entry in this table. See Section 8.2.3 on page 111. NXC2500 User’s Guide...
  • Page 110 SNAT behavior for an interface with the Interface Type set to Internal or External. Click OK to save your changes back to the NXC. Cancel Click Cancel to exit this screen without saving. NXC2500 User’s Guide...
  • Page 111: Object References

    DHCP option you select in this screen. To open the screen, click Configuration > Network > Interface > Ethernet > Edit, select DHCP Server in the DHCP Setting section, and then click Add or Edit in the Extended Options table. NXC2500 User’s Guide...
  • Page 112 If you selected VIVS (125), enter additional information for the corresponding enterprise Information, number in these fields. Second Information Click this to close this screen and update the settings to the previous Edit screen. Cancel Click Cancel to close the screen. NXC2500 User’s Guide...
  • Page 113: Vlan Interfaces

    TFTP; however, the option may be used for purposes other than contacting a VoIP configuration server. 8.3 VLAN Interfaces A Virtual Local Area Network (VLAN) divides a physical network into multiple logical networks. The standard is defined in IEEE 802.1q. NXC2500 User’s Guide...
  • Page 114 This approach provides a few advantages. • Increased performance - In VLAN 2, the extra switch should route traffic inside the sales department faster than the router does. In addition, broadcasts are limited to smaller, more logical groups of users. NXC2500 User’s Guide...
  • Page 115: Vlan Summary

    This field is a sequential value, and it is not associated with any interface. Status This icon is lit when the entry is active and dimmed when the entry is inactive. Name This field displays the name of the interface. NXC2500 User’s Guide...
  • Page 116: Add/Edit Vlan

    VLAN interface. To access this screen, click the Add icon at the top of the Add column or click an Edit icon next to a VLAN interface in the VLAN Summary screen. The following screen appears. NXC2500 User’s Guide...
  • Page 117 Table 56 Configuration > Network > Interface > VLAN > Add/Edit LABEL DESCRIPTION Show / Hide Click this button to display a greater or lesser number of configuration fields. Advanced Settings General Settings Enable Select this to turn this interface on. Clear this to disable this interface. NXC2500 User’s Guide...
  • Page 118 Route to associate traffic with this VLAN. Interface Parameters Egress Enter the maximum amount of traffic, in kilobits per second, the NXC can send through Bandwidth the interface to the network. Allowed values are 0 - 1048576. NXC2500 User’s Guide...
  • Page 119 Specify how long each computer can use the information (especially the IP address) before it has to request the information again. Choices are: infinite - select this if IP addresses never expire days, hours, and minutes - select this to enter how long IP addresses are valid. NXC2500 User’s Guide...
  • Page 120 This field only displays when you set the Check Method to tcp. Specify the port number to use for a TCP connectivity check. Click OK to save your changes back to the NXC. Cancel Click Cancel to exit this screen without saving. NXC2500 User’s Guide...
  • Page 121: Technical Reference

    The NXC also restricts the size of each data packet. The maximum number of bytes in each packet is called the maximum transmission unit (MTU). If a packet is larger than the MTU, the NXC divides At the time of writing, the NXC does not support ingress bandwidth management. NXC2500 User’s Guide...
  • Page 122 9.9.9.2, and the pool size is 253. • Subnet mask - The interface provides the same subnet mask you specify for the interface. • Gateway - The interface provides the same gateway you specify for the interface. NXC2500 User’s Guide...
  • Page 123 IP address. In this way WINS is similar to DNS, although WINS does not use a hierarchy (unlike DNS). A network can have more than one WINS server. Samba can also serve as a WINS server. NXC2500 User’s Guide...
  • Page 124 Chapter 8 Interfaces NXC2500 User’s Guide...
  • Page 125: Policy And Static Routes

    Internet. To have the NXC send data to devices not reachable through the default gateway, use static routes. Policy Routes Versus Static Routes • Policy routes are more flexible than static routes. You can select more criteria for the traffic to match and can also use schedules and NAT. NXC2500 User’s Guide...
  • Page 126: Policy Route

    IP protocol (ICMP, UDP, TCP, etc.) and port. The actions that can be taken include: • Routing the packet to a different gateway or outgoing interface. • Limiting the amount of bandwidth available and setting a priority for traffic. NXC2500 User’s Guide...
  • Page 127 This is the interface on which the packets are received. Source This is the name of the source IP address (group) object. any means all IP addresses. Destination This is the name of the destination IP address (group) object. any means all IP addresses. NXC2500 User’s Guide...
  • Page 128 This is the source IP address that the route uses. It displays none if the NXC does not perform NAT for this route. Apply Click Apply to save your changes back to the NXC. Reset Click Reset to return the screen to its last-saved settings. NXC2500 User’s Guide...
  • Page 129: Add/Edit Policy Route

    Enable Select this to activate the policy. Description Enter a descriptive name of up to 60 printable ASCII characters for the policy. Criteria User Select a user name or user group from which the packets are sent. NXC2500 User’s Guide...
  • Page 130 NXC send traffic that matches the policy route through the specified interface. Auto-Disable This field displays when you select Interface in the Type field. Select this to have the NXC automatically disable this policy route when the next-hop’s connection is down. DSCP Marking NXC2500 User’s Guide...
  • Page 131: Static Route

    Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings. Remove To remove an entry, select it and click Remove. The NXC confirms you want to remove it before doing so. NXC2500 User’s Guide...
  • Page 132: Static Route Setting

    The number need not be precise, but it must be 0~127. In practice, 2 or 3 is usually a good number. Click OK to save your changes back to the NXC. Cancel Click Cancel to exit this screen without saving. NXC2500 User’s Guide...
  • Page 133: Technical Reference

    Class 3 Class 4 Low Drop Precedence AF11 (10) AF21 (18) AF31 (26) AF41 (34) Medium Drop Precedence AF12 (12) AF22 (20) AF32 (28) AF42 (36) High Drop Precedence AF13 (14) AF23 (22) AF33 (30) AF43 (38) NXC2500 User’s Guide...
  • Page 134 If traffic from an SSID does not have strict throughput requirements, then this access category is recommended. For example, an SSID that only has network printers connected to it. NXC2500 User’s Guide...
  • Page 135: Zones

    • Extra-zone traffic is traffic to or from any interface that is not assigned to a zone. • Some zone-based security and policy settings may apply to extra-zone traffic, especially if you can set the zone attribute in them to Any or All. See the specific feature for more information. NXC2500 User’s Guide...
  • Page 136: Zone

    This field is a sequential value, and it is not associated with any interface. Name This field displays the name of the zone. Member This field displays the names of the interfaces that belong to each zone. NXC2500 User’s Guide...
  • Page 137: Add/Edit Zone

    Member lists the interfaces that belong to the zone. Select any interfaces that you want to remove from the zone, and click the left arrow button to remove them. Click OK to save your customized settings and exit this screen. Cancel Click Cancel to exit this screen without saving. NXC2500 User’s Guide...
  • Page 138 Chapter 10 Zones NXC2500 User’s Guide...
  • Page 139: Nat

    11.2 NAT Summary The NAT summary screen provides a summary of all NAT rules and their configuration. In addition, this screen allows you to create new NAT rules and edit and delete existing NAT rules. To access this NXC2500 User’s Guide...
  • Page 140 This field displays the new destination port(s) for the packet. This field is blank if there is no restriction on the original destination port. Apply Click this button to save your changes to the NXC. Reset Click this button to return the screen to its last-saved settings. NXC2500 User’s Guide...
  • Page 141: Add/Edit Nat

    Type in the name of the NAT rule. The name is used to refer to the NAT rule. You may use 1-31 alphanumeric characters, underscores( ), or dashes (-), but the first character cannot be a number. This value is case-sensitive. NXC2500 User’s Guide...
  • Page 142 This field displays for Many 1:1 NAT. Select to which translated destination IP address Subnet/Range subnet or IP address range this NAT rule forwards packets. The original and mapped IP address subnets or ranges must have the same number of IP addresses. NXC2500 User’s Guide...
  • Page 143 Click OK to save your changes back to the NXC. Cancel Click Cancel to return to the NAT summary screen without creating the NAT rule (if it is new) or saving any changes (if it already exists). NXC2500 User’s Guide...
  • Page 144: Technical Reference

    SMTP server’s domain name (xxx.LAN-SMTP.com in this example) and gets the SMTP server’s mapped public IP address of 1.1.1.1. Figure 71 LAN Computer Queries a Public DNS Server xxx.LAN-SMTP.com = 1.1.1.1 xxx.LAN-SMTP.com = ? 1.1.1.1 192.168.1.21 192.168.1.89 NXC2500 User’s Guide...
  • Page 145 NAT, the source would not match the original destination address which would cause the LAN user’s computer to shut down the session. Figure 73 LAN to LAN Return Traffic Source 192.168.1.21 Source 1.1.1.1 SMTP SMTP 192.168.1.21 192.168.1.89 NXC2500 User’s Guide...
  • Page 146 Chapter 11 NAT NXC2500 User’s Guide...
  • Page 147: Alg

    LAN, you must also configure NAT (port forwarding) rules if you want to allow access to the server from the WAN. 12.1.3 Before You Begin You must also enable NAT in the NXC to allow sessions initiated from the WAN. NXC2500 User’s Guide...
  • Page 148: Alg

    File Transfer Protocol (FTP) is an Internet file transfer service that operates on the Internet and over TCP/IP networks. A system running the FTP server accepts commands from a system running an FTP client. The service allows users to send commands to the server for uploading and downloading files. NXC2500 User’s Guide...
  • Page 149: Ip/Mac Binding

    NXC does not apply IP/MAC binding. 13.1.2 What You Need to Know The following terms and concepts may help as you read this chapter. DHCP IP/MAC address bindings are based on the NXC’s dynamic and static DHCP entries. NXC2500 User’s Guide...
  • Page 150: Ip/Mac Binding Summary

    This is the name of an interface that supports IP/MAC binding. Number of This field displays the interface’s total number of IP/MAC bindings and IP addresses that Binding the interface has assigned by DHCP. Apply Click Apply to save your changes back to the NXC. NXC2500 User’s Guide...
  • Page 151: Edit Ip/Mac Binding

    Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings. Remove To remove an entry, select it and click Remove. The NXC confirms you want to remove it before doing so. This is the index number of the static DHCP entry. NXC2500 User’s Guide...
  • Page 152: Add/Edit Static Dhcp Rule

    Enter up to 64 printable ASCII characters to help identify the entry. For example, you may want to list the computer’s owner. Click OK to save your changes back to the NXC. Cancel Click Cancel to exit this screen without saving. NXC2500 User’s Guide...
  • Page 153: Ip/Mac Binding Exempt List

    Enter the first IP address in a range of IP addresses for which the NXC does not apply IP/ MAC binding. End IP Enter the last IP address in a range of IP addresses for which the NXC does not apply IP/ MAC binding. Apply Click Apply to save your changes back to the NXC. NXC2500 User’s Guide...
  • Page 154 Chapter 13 IP/MAC Binding NXC2500 User’s Guide...
  • Page 155: Captive Portal

    Figure 80 Captive Portal Example The captive portal page only appears once per authentication session. Unless a user idles out or closes the connection, he or she generally will not see it again during the same session. NXC2500 User’s Guide...
  • Page 156: Captive Portal Type

    157) configures which HTTP-based network services default to the captive portal page when a client makes an initial network connection. • The Login Page screen (Section 14.3 on page 162) assigns a default login page or create a customized one. NXC2500 User’s Guide...
  • Page 157: Captive Portal

    Internal Web Select this to use the login page built into the NXC. Portal The login page appears whenever the web portal intercepts network traffic, preventing unauthorized users from gaining access to the network. NXC2500 User’s Guide...
  • Page 158 Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings. Remove To remove an entry, select it and click Remove. The NXC confirms you want to remove it before doing so. Activate To turn on an entry, select it and click Activate. NXC2500 User’s Guide...
  • Page 159: Add Exceptional Services

    Exceptional Services table on the Captive Portal screen to access this screen. Note: If you want 802.1x to work properly, you must set BOOTP_Client and DNS as exceptional services. Figure 82 Configuration > Captive Portal > Add Exceptional Services NXC2500 User’s Guide...
  • Page 160: Auth. Policy Add/Edit

    SSID Profile called ‘CoffeeBar’, then you can select it immediately from the SSID list in this screen. Enable Policy Select this to enable the new authentication policy. You can later edit the authentication policy and deselect it if you want to disable it. NXC2500 User’s Guide...
  • Page 161 Select this option to redirect HTTP traffic to the login screen if the user has not logged in Authentication yet. Click OK to save your changes back to the NXC. Cancel Click Cancel to exit this screen without saving. NXC2500 User’s Guide...
  • Page 162: Login Page

    NXC’s default page as it is saved indefinitely. Use Customized Select this to use a custom login page instead of the default one built into the NXC. Once Login Page this option is selected, the custom login page controls below become active. NXC2500 User’s Guide...
  • Page 163 Title Enter 1-64 characters for the page title. Spaces are allowed. This corresponds to the “NXC2500” title in the default page. Title Color Select a font color for the page title. You can use the color palette chooser, or enter a color value of your own.
  • Page 164: Custom Login And Access

    14.3.1 Custom Login and Access Pages The following identify the parts you can customize in the login and access pages. Figure 85 Login Page Customization Logo Title Message Color (color of all text) Background Note Message (last line of text) NXC2500 User’s Guide...
  • Page 165 Your desired color should display in the preview screen on the right after you click in another field, click Apply, or press [ENTER]. If your desired color does not display, your browser may not support it. Try selecting another color. NXC2500 User’s Guide...
  • Page 166: External Or Uploaded Web Portal Details

    You can also configure the look and feel of the web portal page if you use an external web portal or upload a web portal file to the NXC. Here are some examples. Figure 87 External Web Portal Login Page Example Figure 88 External Web Portal Welcome Page Example NXC2500 User’s Guide...
  • Page 167 Chapter 14 Captive Portal Figure 89 External Web Portal Session Page Example Figure 90 External Web Portal Logout Page Example NXC2500 User’s Guide...
  • Page 168 The remaining seconds before authentication timeout lease_time Total remaining seconds before lease timeout username Login username cgi_str The CGI for user login. The admin type is “admin.cgi” and the user related type is “login.cgi”. Ses_time Accounting session timeout NXC2500 User’s Guide...
  • Page 169: User/Group

    Table 81 Types of User Accounts TYPE ABILITIES LOGIN METHOD(S) Admin Users admin Change NXC configuration (web, CLI) WWW, TELNET, SSH, FTP, Console limited-admin Look at NXC configuration (web, CLI) WWW, TELNET, SSH, Console Perform basic diagnostics (CLI) Access Users NXC2500 User’s Guide...
  • Page 170 A dynamic guest account user can access the NXC’s services only within a given period of time and will become invalid after the expiration date/time. You cannot modify or edit a dynamic guest account. NXC2500 User’s Guide...
  • Page 171 ‘user-aware policies’ that define what services they can use. User Role Priority The NXC checks the following in order of priority. User role setting in ext-user. User role setting in ext-group-user. User role setting in default user (ldap-users, ad-users, radius-users). NXC2500 User’s Guide...
  • Page 172: User Summary

    - an external server authenticates wireless clients based on their MAC addresses. After authentication the NXC maps a wireless client to a MAC address user account (MAC role). User-aware features control MAC address user access to specific resources. Description This field displays the description for each user. NXC2500 User’s Guide...
  • Page 173: Add/Edit User

    • root • shutdown • sshd • sync • uucp • zyxel To access this screen, go to the User screen, and click Add or Edit. Figure 93 Configuration > User/Group > User > Add/Edit A User NXC2500 User’s Guide...
  • Page 174 Use a user account from the group specified above to test if the configuration is correct. Enter n Validation the account’s user name in the User Name field and click Test. Click OK to save your changes back to the NXC. Cancel Click Cancel to exit this screen without saving your changes. NXC2500 User’s Guide...
  • Page 175: Group Summary

    Group Name This field displays the name of each user group. Description This field displays the description for each user group. Member This field lists the members in the user group. Each member is separated by a comma. NXC2500 User’s Guide...
  • Page 176: Add/Edit Group

    NXC. You can also use this screen to specify when users must log in to the NXC before it routes traffic for them. To access this screen, login to the Web Configurator, and click Configuration > Object > User/ Group > Setting. NXC2500 User’s Guide...
  • Page 177 Chapter 15 User/Group Figure 96 Configuration > Object > User/Group > Setting NXC2500 User’s Guide...
  • Page 178 Select this check box if you want the NXC to monitor how long each access user is logged in and idle (in other words, there is no traffic for this access user). The NXC automatically logs out the access user once the User idle timeout has been reached. NXC2500 User’s Guide...
  • Page 179 Enter the notes (such as the SSID and security key the dynamic guests can use to Note access the network services) you wan to display in the paper along with the account information you print out for dynamic guest users. You can enter up to 1024 ASCII characters. NXC2500 User’s Guide...
  • Page 180: Edit User Authentication Timeout Settings

    Configurator. Access users can renew the session by clicking the Renew button on their screen. If you allow access users to renew time automatically, the users can select this check box on their screen as well. In this case, the session is automatically renewed before the lease time expires. NXC2500 User’s Guide...
  • Page 181: Add/Edit Dynamic Guest Group

    Specify the name used to identify the dynamic guest group. Description Enter a description for the dynamic guest group. Click OK to save your changes back to the NXC. Cancel Click Cancel to exit this screen without saving your changes. NXC2500 User’s Guide...
  • Page 182: User Aware Login Example

    Remaining time This field displays how much longer the user can use the session before the NXC before session automatically logs the access user out. timeout NXC2500 User’s Guide...
  • Page 183: Guest Manager Login Example

    Select the dynamic guest group with which the dynamic guest account(s) is associated. User Group Apply Click this icon to create the account(s). Logout Click this icon to exit and go back to the Web Configurator login screen. NXC2500 User’s Guide...
  • Page 184 Guest(s) Print Click this icon to print out the account information and the notes you specified in the User/ Group > Setting screen for dynamic guests. Return Click this icon to go back to the previous screen. NXC2500 User’s Guide...
  • Page 185: Mac Address

    Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings. Remove To remove an entry, select it and click Remove. The NXC confirms you want to remove it before doing so. NXC2500 User’s Guide...
  • Page 186: Add/Edit Mac Address

    NXC authenticate the MAC address or OUI using the local user database. Description Enter the description of the mapping, if any. Click OK to save your changes back to the NXC. Cancel Click Cancel to exit this screen without saving your changes. NXC2500 User’s Guide...
  • Page 187: Ap Profile

    The SSID (Service Set IDentifier) is the name that identifies the Service Set with which a wireless station is associated. Wireless stations associating to the access point (AP) must have the same SSID. In other words, it is the name of the wireless network that clients use to connect to it. NXC2500 User’s Guide...
  • Page 188: Radio

    Table 94 Configuration > Object > AP Profile > Radio LABEL DESCRIPTION Click this to add a new radio profile. Edit Click this to edit the selected radio profile. Remove Click this to remove the selected radio profile. NXC2500 User’s Guide...
  • Page 189 Channel ID This field indicates the broadcast channel which this radio profile is configured to use. Apply Click Apply to save your changes back to the NXC. Reset Click Reset to return the screen to its last-saved settings. NXC2500 User’s Guide...
  • Page 190: Add/Edit Radio Profile

    This screen allows you to create a new radio profile or edit an existing one. To access this screen, click the Add button or select a radio profile from the list and click the Edit button. Figure 106 Configuration > Object > AP Profile > Add/Edit Radio Profile NXC2500 User’s Guide...
  • Page 191 802.11n headers and wraps them in a 802.11n MAC header. This method is useful for increasing bandwidth throughput in environments that are prone to high error rates. A-MPDU Limit Enter the maximum frame size to be aggregated. NXC2500 User’s Guide...
  • Page 192 Select the check box and set a minimum client signal strength for connecting to the AP. -20 dBm is the strongest signal you can require and -76 is the weakest. Clear the check box to not require wireless clients to have a minimum signal strength to connect to the AP. NXC2500 User’s Guide...
  • Page 193: Ssid

    (such as the WiFi adapter in a laptop), and is displayed as the wireless network name when a person makes a connection to it. To access this screen click Configuration > Object > AP Profile > SSID. NXC2500 User’s Guide...
  • Page 194 This field indicates the QoS type associated with the SSID profile. MAC Filtering This field indicates which (if any) MAC Filter Profile is associated with the SSID profile. Profile VLAN ID This field indicates the VLAN ID associated with the SSID profile. NXC2500 User’s Guide...
  • Page 195 MAC filtering allows you to limit the wireless clients connecting to your network through a particular SSID by wireless client MAC addresses. Any clients that have MAC addresses not in the MAC filtering profile of allowed addresses are denied connections. The disable setting means no MAC filtering is used. NXC2500 User’s Guide...
  • Page 196: Security List

    This screen allows you to manage wireless security configurations that can be used by your SSIDs. Wireless security is implemented strictly between the AP broadcasting the SSID and the stations that are connected to it. To access this screen click Configuration > Object > AP Profile > SSID > Security List. NXC2500 User’s Guide...
  • Page 197 This field is a sequential value, and it is not associated with a specific profile. Profile Name This field indicates the name assigned to the security profile. Security Mode This field indicates this profile’s security mode (if any). NXC2500 User’s Guide...
  • Page 198 Add button or select a security profile from the list and click the Edit button. Note: This screen’s options change based on the Security Mode selected. Only the default screen is displayed here. Figure 110 Configuration > Object > AP Profile > SSID > Security Profile > Add/Edit Security Profile NXC2500 User’s Guide...
  • Page 199 Station ID for MAC authentication. Configure the ones the external server uses. Delimiter (Account) Select the separator the external server uses for the two-character pairs within account MAC addresses. Case (Account) Select the case (upper or lower) the external server requires for letters in the account MAC addresses. NXC2500 User’s Guide...
  • Page 200 SSIDs. To access this screen click Configuration > Object > AP Profile > SSID > MAC Filter List. Note: You can have a maximum of 32 MAC filtering profiles on the NXC. Figure 111 Configuration > Object > AP Profile > SSID > MAC Filter List NXC2500 User’s Guide...
  • Page 201: Mac Filter List

    Click this to edit the selected MAC address in the profile’s list. Remove Click this to remove the selected MAC address from the profile’s list. This field is a sequential value, and it is not associated with a specific profile. NXC2500 User’s Guide...
  • Page 202 This field displays a description for the MAC address associated with this profile. You can click the description to make it editable. Enter up to 60 characters, spaces and underscores allowed. Click OK to save your changes back to the NXC. Cancel Click Cancel to exit this screen without saving your changes. NXC2500 User’s Guide...
  • Page 203: Mon Profile

    802.11 frequencies by sending probe request frames. Passive Scan A passive scan is performed when an 802.11-compatible monitoring device is set to periodically listen to a specified channel or number of channels for other wireless devices broadcasting on the 802.11 frequencies. NXC2500 User’s Guide...
  • Page 204: Mon Profile

    This icon is lit when the entry is active and dimmed when the entry is inactive. Profile Name This field indicates the name assigned to the monitor profile. Apply Click Apply to save your changes back to the NXC. Reset Click Reset to return the screen to its last-saved settings. NXC2500 User’s Guide...
  • Page 205: Add/Edit Mon Profile

    Select auto to have the AP switch to the next sequential channel once the Channel dwell time expires. Select manual to set specific channels through which to cycle sequentially when the Channel dwell time expires. Selecting this options makes the Scan Channel List options available. NXC2500 User’s Guide...
  • Page 206: Technical Reference

    (A). The company’s legitimate wireless network (the dashed ellipse B) is well-secured, but the rogue AP uses inferior security that is easily broken by an attacker (X) running readily available NXC2500 User’s Guide...
  • Page 207 (those from recognized networks, for example). It is recommended that you export (save) your list of friendly APs often, especially if you have a network with a large number of access points. NXC2500 User’s Guide...
  • Page 208 Chapter 17 MON Profile NXC2500 User’s Guide...
  • Page 209: Addresses

    • HOST - a host address is defined by an IP Address. • RANGE - a range address is defined by a Starting IP Address and an Ending IP Address. • SUBNET - a network address is defined by a Network IP address and Netmask subnet mask. NXC2500 User’s Guide...
  • Page 210: Add/Edit Address

    The Add/Edit Address screen allows you to create a new address or edit an existing one. To access this screen, go to the Address screen, and click either the Add icon or an Edit icon. Figure 117 Configuration > Object > Address > Address > Add/Edit NXC2500 User’s Guide...
  • Page 211: Address Group Summary

    Configuration > Object > Address > Address Group. Click a column’s heading cell to sort the table entries by that column’s criteria. Click the heading cell again to reverse the sort order. Figure 118 Configuration > Object > Address > Address Group NXC2500 User’s Guide...
  • Page 212: Add/Edit Address Group Rule

    ), or dashes (-), but the first character cannot be a number. This value is case-sensitive. Description This field displays the description of each address group, if any. You can use up to 60 characters, punctuation marks, and spaces. NXC2500 User’s Guide...
  • Page 213 Move any members you do not want included to the Available list. Click OK to save your changes back to the NXC. Cancel Click Cancel to exit this screen without saving your changes. NXC2500 User’s Guide...
  • Page 214 Chapter 18 Addresses NXC2500 User’s Guide...
  • Page 215: Services

    For example, ICMP is used to send the response if a computer cannot be reached. Another use is ping. ICMP does not guarantee delivery, but networks often treat ICMP messages differently, sometimes looking at the message itself to decide where to send it. NXC2500 User’s Guide...
  • Page 216: Service Summary

    To access this screen, log in to the Web Configurator, and click Configuration > Object > Service > Service. Click a column’s heading cell to sort the table entries by that column’s criteria. Click the heading cell again to reverse the sort order. Figure 120 Configuration > Object > Service > Service NXC2500 User’s Guide...
  • Page 217: Add/Edit Service Rule

    Number Enter the number of the next-level protocol (IP protocol). Allowed values are 0 - 255. Click OK to save your changes back to the NXC. Cancel Click Cancel to exit this screen without saving your changes. NXC2500 User’s Guide...
  • Page 218: Service Group Summary

    This field is a sequential value, and it is not associated with a specific service group. Name This field displays the name of each service group. Description This field displays the description of each service group, if any. NXC2500 User’s Guide...
  • Page 219: Add/Edit Service Group Rule

    Move any members you do not want included to the Available list. Click OK to save your changes back to the NXC. Cancel Click Cancel to exit this screen without saving your changes. NXC2500 User’s Guide...
  • Page 220 Chapter 19 Services NXC2500 User’s Guide...
  • Page 221: Schedules

    Recurring schedules begin at a specific start time and end at a specific stop time on selected days of the week (Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, and Saturday). Recurring schedules always begin and end in the same day. Recurring schedules are useful for defining the workday and off-work hours. NXC2500 User’s Guide...
  • Page 222: Schedule Summary

    Select an entry and click Object Reference to open a screen that shows which settings Reference use the entry. This field is a sequential value, and it is not associated with a specific schedule. Name This field displays the name of the schedule, which is used to refer to the schedule. NXC2500 User’s Guide...
  • Page 223: Add/Edit Schedule One-Time Rule

    Specify the year, month, and day when the schedule ends. Year - 1900 - 2999 Month - 1 - 12 Day - 1 - 31 (it is not possible to specify illegal dates, such as February 31.) NXC2500 User’s Guide...
  • Page 224: Add/Edit Schedule Recurring Rule

    Specify the hour and minute when the schedule begins each day. Hour - 0 - 23 Minute - 0 - 59 StopTime Specify the hour and minute when the schedule ends each day. Hour - 0 - 23 Minute - 0 - 59 NXC2500 User’s Guide...
  • Page 225 LABEL DESCRIPTION Weekly Week Days Select each day of the week the recurring schedule is effective. Click OK to save your changes back to the NXC. Cancel Click Cancel to exit this screen without saving your changes. NXC2500 User’s Guide...
  • Page 226 Chapter 20 Schedules NXC2500 User’s Guide...
  • Page 227: Aaa Server

    A user logs in with a user name and password pair. The NXC tries to bind (or log in) to the LDAP/AD server. When the binding process is successful, the NXC checks the user information in the directory against the user name and password pair. NXC2500 User’s Guide...
  • Page 228 The following lists the types of authentication server the NXC supports. • Local user database The NXC uses the built-in local user database to authenticate administrative users logging into the NXC’s Web Configurator or network access users logging into the network through the NXC. NXC2500 User’s Guide...
  • Page 229 The leftmost attribute is the Relative Distinguished Name (RDN). This provides a unique name for entries that have the same “parent DN” (“cn=domain1.com, ou=Sales, o=MyCompany” in the following examples). cn=domain1.com, ou = Sales, o=MyCompany, c=US cn=domain1.com, ou = Sales, o=MyCompany, c=JP NXC2500 User’s Guide...
  • Page 230: Active Directory / Ldap

    Select an entry and click Object Reference to open a screen that shows which settings Reference use the entry. This field displays the index number. Name This is the name that you specified to identify the server. NXC2500 User’s Guide...
  • Page 231 Chapter 21 AAA Server Table 116 Configuration > Object > AAA Server > Active Directory/LDAP (continued) LABEL DESCRIPTION Server Address This is the address of the AD or LDAP server. Base DN This specifies a directory. For example, o=ZyXEL, c=US NXC2500 User’s Guide...
  • Page 232: Add/Edit Active Directory / Ldap Server

    Note: The Active Directory and LDAP server setup screens are almost identical, so the features for both screens are described in this section. Figure 131 Configuration > Object > AAA Server > Active Directory > Add/Edit NXC2500 User’s Guide...
  • Page 233 Specify the timeout period (between 1 and 300 seconds) before the NXC disconnects from the AD server. In this case, user authentication fails. Search timeout occurs when either the user information is not in the AD or LDAP server or the AD or LDAP server is down. NXC2500 User’s Guide...
  • Page 234 Use a user account from the server specified above to test if the configuration is correct. Validation Enter the account’s user name in the Username field and click Test. Click OK to save the changes. Cancel Click Cancel to discard the changes. NXC2500 User’s Guide...
  • Page 235: Radius

    Select an entry and click Object Reference to open a screen that shows which settings Reference use the entry. This field displays the index number. Name This is the name of the RADIUS server entry. Server Address This is the address of the AD or LDAP server. NXC2500 User’s Guide...
  • Page 236: Add/Edit Radius

    Specify the timeout period (between 1 and 300 seconds) before the NXC disconnects from the RADIUS server. In this case, user authentication fails. Search timeout occurs when either the user information is not in the RADIUS server or the RADIUS server is down. NXC2500 User’s Guide...
  • Page 237 “RD”, and “management”. Then you could also create a ext-group-user user object for each group. One with “sales” as the group identifier, another for “RD” and a third for “management”. Click OK to save the changes. Cancel Click Cancel to discard the changes. NXC2500 User’s Guide...
  • Page 238: Authentication Method

    Configure AAA server objects before you configure authentication method objects. 22.2 Authentication Method Click Configuration > Object > Auth. Method to display this screen. Note: You can create up to 16 authentication method objects. Figure 135 Configuration > Object > Auth. Method NXC2500 User’s Guide...
  • Page 239: Add Authentication Method

    If two accounts with the same username exist on two authentication servers you specify, the NXC does not continue the search on the second authentication server when you enter the username and password that doesn’t match the one on the first authentication server. NXC2500 User’s Guide...
  • Page 240 NXC does not continue the search on the second authentication server when you enter the username and password that doesn’t match the one on the first authentication server. Click OK to save the changes. Cancel Click Cancel to discard the changes. NXC2500 User’s Guide...
  • Page 241: Certificates

    Jenny receives the message and uses Tim’s public key to verify it. Jenny knows that the message is from Tim, and that although other people may have been able to read the message, no-one can have altered it (because they cannot re-sign the message with Tim’s private key). NXC2500 User’s Guide...
  • Page 242 The NXC currently allows the importation of a PKS#7 file that contains a single certificate. • PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses lowercase letters, uppercase letters and numerals to convert a binary PKCS#7 certificate into a printable form. NXC2500 User’s Guide...
  • Page 243: Verifying A Certificate

    Use a secure method to verify that the certificate owner has the same information in the Thumbprint Algorithm and Thumbprint fields. The secure method may very based on your situation. Possible examples would be over the telephone or through an HTTPS connection. NXC2500 User’s Guide...
  • Page 244: My Certificates

    Use the My Certificate Import screen to import the certificate and replace the request. SELF represents a self-signed certificate. CERT represents a certificate issued by a certification authority. NXC2500 User’s Guide...
  • Page 245 Expired! message if the certificate has expired. Import Click Import to open a screen where you can save a certificate to the NXC. Refresh Click Refresh to display the current validity status of the certificates. NXC2500 User’s Guide...
  • Page 246: Add My Certificates

    My Certificates Add screen. Use this screen to have the NXC create a self-signed certificate, enroll a certificate with a certification authority or generate a certification request. Figure 137 Configuration > Object > Certificate > My Certificates > Add NXC2500 User’s Guide...
  • Page 247 Certificate Details screen to view the certification request and copy it to send to the locally for later certification authority. manual enrollment Copy the certification request from the My Certificate Details screen and then send it to the certification authority. NXC2500 User’s Guide...
  • Page 248 My Certificate Create screen. Click Return and check your information in the My Certificate Create screen. Make sure that the certification authority information is correct and that your Internet connection is working properly if you want the NXC to enroll a certificate online. NXC2500 User’s Guide...
  • Page 249: Edit My Certificates

    Click Configuration > Object > Certificate > My Certificates and then the Edit icon to open the My Certificate Edit screen. You can use this screen to view in-depth certificate information and change the certificate’s name. Figure 138 Configuration > Object > Certificate > My Certificates > Edit NXC2500 User’s Guide...
  • Page 250 This field displays general information about the certificate. For example, Subject Type=CA means that this is a certification authority’s certificate and “Path Length Constraint=1” means that there can only be one certification authority in the certificate’s path. This field does not display for a certification request. NXC2500 User’s Guide...
  • Page 251: Import Certificates

    Note: You can import a certificate that matches a corresponding certification request that was generated by the NXC. You can also import a certificate in PKCS#12 format, including the certificate’s public and private keys. The certificate you import replaces the corresponding request in the My Certificates screen. NXC2500 User’s Guide...
  • Page 252: Trusted Certificates

    Click Configuration > Object > Certificate > Trusted Certificates to open the Trusted Certificates screen. This screen displays a summary list of certificates that you have set the NXC to accept as trusted. The NXC also accepts any valid certificate signed by a certificate on this list as NXC2500 User’s Guide...
  • Page 253 Click Import to open a screen where you can save the certificate of a certification authority that you trust, from your computer to the NXC. Refresh Click this button to display the current validity status of the certificates. NXC2500 User’s Guide...
  • Page 254: Edit Trusted Certificates

    NXC to check a certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority. Figure 141 Configuration > Object > Certificate > Trusted Certificates > Edit NXC2500 User’s Guide...
  • Page 255 Common Name (CN), Organizational Unit (OU), Organization (O) and Country (C). Issuer This field displays identifying information about the certificate’s issuing certification authority, such as Common Name, Organizational Unit, Organization and Country. With self-signed certificates, this is the same information as in the Subject Name field. NXC2500 User’s Guide...
  • Page 256: Import Trusted Certificates

    Click Cancel to quit and return to the Trusted Certificates screen. 23.3.2 Import Trusted Certificates Click Configuration > Object > Certificate > Trusted Certificates > Import to open the Trusted Certificates Import screen. Follow the instructions in this screen to save a trusted certificate to the NXC. NXC2500 User’s Guide...
  • Page 257: Technical Reference

    The second is a reduction in network traffic since the NXC only gets information on the certificates that it needs to verify, not a huge list. When the NXC requests certificate status information, the OCSP server returns a “expired”, “current” or “unknown” response. NXC2500 User’s Guide...
  • Page 258 Chapter 23 Certificates NXC2500 User’s Guide...
  • Page 259: System

    • The Auth. Server screen (Section 24.12 on page 292) configures the device to operate as a RADIUS server. • The Language screen (Section 24.13 on page 295) sets the user interface language for the NXC’s Web Configurator screens. NXC2500 User’s Guide...
  • Page 260: Host Name

    Note: Only connect one USB device. It must allow writing (it cannot be read-only) and use the FAT16, FAT32, EXT2, or EXT3 file system. Click Configuration > System > USB Storage to open the screen as shown next. Figure 144 Configuration > System > USB Storage NXC2500 User’s Guide...
  • Page 261: Date And Time

    To change your NXC’s time based on your local time zone and date, click Configuration > System > Date/Time. The screen displays as shown. You can manually set the NXC’s time and date or have the NXC get the date and time from a time server. Figure 145 Configuration > System > Date/Time NXC2500 User’s Guide...
  • Page 262 (1 A.M. GMT or UTC). So in the European Union you would select Last, Sunday, March. The time you type in the at field depends on your time zone. In Germany for instance, you would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). NXC2500 User’s Guide...
  • Page 263: Pre-Defined Ntp Time Servers List

    NTP time servers have been tried. 24.4.2 Time Server Synchronization Click the Synchronize Now button to get the time and date from the time server you specified in the Time Server Address field. NXC2500 User’s Guide...
  • Page 264: Console Speed

    This section shows you how to set the console port speed when you connect to the NXC via the console port using a terminal emulation program. See Table 3 on page 21 for default console port settings. NXC2500 User’s Guide...
  • Page 265: Dns Overview

    Click Configuration > System > DNS to change your NXC’s DNS settings. Use the DNS screen to configure the NXC to use a DNS server to resolve domain names for NXC system features like the time server. You can also configure the NXC to accept or discard DNS queries. Use the Network > NXC2500 User’s Guide...
  • Page 266 Double-click an entry or select it and click Edit to be able to modify the entry’s settings. Remove To remove an entry, select it and click Remove. The NXC confirms you want to remove it before doing so. Note that subsequent entries move up by one when you take this action. NXC2500 User’s Guide...
  • Page 267 This is the object name of the IP address(es) with which the computer is allowed or denied to send DNS queries. Action This displays whether the NXC accepts DNS queries from the computer with the IP address specified above through the specified zone (Accept) or discards them (Deny). NXC2500 User’s Guide...
  • Page 268: Address Record

    Use "*." as a prefix in the FQDN for a wildcard domain name (for example, *.example.com). IP Address Enter the IP address of the host in dotted decimal notation. Click OK to save your customized settings and exit this screen. Cancel Click Cancel to exit this screen without saving NXC2500 User’s Guide...
  • Page 269: Domain Zone Forwarder

    0.0.0.0. Use the Query via field to select the interface through which the NXC sends DNS queries to a DNS server. Click OK to save your customized settings and exit this screen. Cancel Click Cancel to exit this screen without saving. NXC2500 User’s Guide...
  • Page 270: Mx Record

    Click Cancel to exit this screen without saving 24.6.10 Add Service Control Click the Add icon in the Service Control table to add a service control rule. Figure 152 Configuration > System > DNS > Add Service Control Rule NXC2500 User’s Guide...
  • Page 271: Www Overview

    The allowed IP address (address object) in the Service Control table does not match the client IP address (the NXC disallows the session). The IP address (address object) in the Service Control table is not in the allowed zone or the action is set to Deny. NXC2500 User’s Guide...
  • Page 272: System Timeout

    HTTPS connection requests from an SSL-aware web browser go to port 443 (by default) on the NXC’s web server. HTTP connection requests from a web browser go to port 80 (by default) on the NXC’s web server. Figure 154 HTTP/HTTPS Implementation NXC2500 User’s Guide...
  • Page 273: Configuring Www Service Control

    Note: Admin Service Control deals with management access (to the Web Configurator). User Service Control deals with user access to the NXC. Figure 155 Configuration > System > WWW > Service Control NXC2500 User’s Guide...
  • Page 274 IP address(es) in the Service Control table to access the NXC Web Configurator using HTTP connections. Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service to access the NXC. NXC2500 User’s Guide...
  • Page 275: Service Control Rules

    24.7.5 Service Control Rules Click Add or Edit in the Service Control table in a WWW, SSH, TELNET, FTP or SNMP screen to add a service control rule. Figure 156 Configuration > System > Service Control Rule > Add/Edit NXC2500 User’s Guide...
  • Page 276: Https Example

    You see the following Security Alert screen in Internet Explorer. Select Yes to proceed to the Web Configurator login screen; if you select No, then Web Configurator access is blocked. Figure 157 Security Alert Dialog Box (Internet Explorer) NXC2500 User’s Guide...
  • Page 277 The SSL client needs a certificate if Authenticate Client Certificates is selected on the NXC. You must have imported at least one trusted CA to the NXC in order for the Authenticate Client Certificates to be active (see the Certificates chapter for details). NXC2500 User’s Guide...
  • Page 278 24.7.6.5 Installing the CA’s Certificate Double click the CA’s trusted certificate to produce a screen similar to the one shown next. Click Install Certificate and follow the wizard as shown earlier in this appendix. NXC2500 User’s Guide...
  • Page 279 Click Next to begin the wizard. The file name and path of the certificate you double-clicked should automatically appear in the File name text box. Click Browse if you wish to import a different certificate. NXC2500 User’s Guide...
  • Page 280 Chapter 24 System Enter the password given to you by the CA. Have the wizard determine where the certificate should be saved on your computer or select Place all certificates in the following store and choose a different location. NXC2500 User’s Guide...
  • Page 281 You should see the following screen when the certificate is correctly installed on your computer. 24.7.6.7 Using a Certificate When Accessing the NXC To access the NXC via HTTPS: Enter ‘https://NXC IP Address/ in your browser’s web address field. NXC2500 User’s Guide...
  • Page 282: Ssh

    SSH access and from which IP address the access can come. SSH is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network. In the NXC2500 User’s Guide...
  • Page 283: How Ssh Works

    The client automatically saves any new server public keys. In subsequent connections, the server public key is checked against the saved version on the client computer. Encryption Method Once the identification is verified, both the client and server must agree on the type of encryption method to use. NXC2500 User’s Guide...
  • Page 284: Ssh Implementation On The Nxc

    SSH can be used to manage the NXC. You can also specify from which IP addresses the access can come. Note: It is recommended that you disable Telnet and FTP when you configure SSH for secure connections. Figure 162 Configuration > System > SSH NXC2500 User’s Guide...
  • Page 285: Examples Of Secure Telnet Using Ssh

    This section describes how to access the NXC using the Secure Shell Client program. Launch the SSH client and specify the connection information (IP address, port number) for the NXC. Configure the SSH client to accept connection using SSH version 1. NXC2500 User’s Guide...
  • Page 286 The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established. RSA1 key fingerprint is 21:6c:07:25:7e:f4:75:80:ec:af:bd:d4:3d:80:53:d1. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.1' (RSA1) to the list of known hosts. Administrator@192.168.1.1's password: The CLI screen displays next. NXC2500 User’s Guide...
  • Page 287: Telnet

    This is the object name of the IP address(es) with which the computer is allowed or denied to access. Action This displays whether the computer with the IP address specified above can access the NXC zone(s) configured in the Zone field (Accept) or not (Deny). NXC2500 User’s Guide...
  • Page 288: Ftp

    Select the certificate whose corresponding private key is to be used to identify the NXC for Certificate FTP connections. You must have certificates already configured in the My Certificates screen. Service Control This specifies from which computers you can access which NXC zones. NXC2500 User’s Guide...
  • Page 289 This displays whether the computer with the IP address specified above can access the NXC zone(s) configured in the Zone field (Accept) or not (Deny). Apply Click Apply to save your changes back to the NXC. Reset Click Reset to return the screen to its last-saved settings. NXC2500 User’s Guide...
  • Page 290: Snmp

    Get operation, followed by a series of GetNext operations. • Set - Allows the manager to set values for object variables within an agent. • Trap - Used by the agent to inform the manager of some events. NXC2500 User’s Guide...
  • Page 291: Supported Mibs

    Use this screen to configure your SNMP settings, including from which zones SNMP can be used to access the NXC. You can also specify from which IP addresses the access can come. Figure 169 Configuration > System > SNMP NXC2500 User’s Guide...
  • Page 292: Authentication Server

    Click Reset to return the screen to its last-saved settings. 24.12 Authentication Server You can set the NXC to work as a RADIUS server to exchange messages with a RADIUS client, such as an AP for user authentication and authorization. Click Configuration > System > Auth. NXC2500 User’s Guide...
  • Page 293 This is the subnet mask of the RADIUS client. Description This is the description of the RADIUS client. Apply Click Apply to save your changes back to the NXC. Reset Click Reset to return the screen to its last-saved settings. NXC2500 User’s Guide...
  • Page 294: Add/Edit Radius Client

    The key is not sent over the network. This key must be the same on the external authentication server and the NXC. Description Enter the description of each server, if any. You can use up to 60 printable ASCII characters. Click OK to save the changes. Cancel Click Cancel to discard the changes. NXC2500 User’s Guide...
  • Page 295: Language

    Select a display language for the NXC’s Web Configurator screens. You also need to open a new browser session to display the screens in the new language. Apply Click Apply to save your changes back to the NXC. Reset Click Reset to return the screen to its last-saved settings. NXC2500 User’s Guide...
  • Page 296 Chapter 24 System NXC2500 User’s Guide...
  • Page 297: Log And Report

    25.2 Email Daily Report Use this screen to start or stop data collection and view various statistics about traffic passing through your NXC. Note: Data collection may decrease the NXC’s traffic throughput rate. NXC2500 User’s Guide...
  • Page 298 Table 149 Configuration > Log & Report > Email Daily Report LABEL DESCRIPTION Enable Email Select this to send reports by e-mail every day. Daily Report Mail Server Type the name or IP address of the outgoing SMTP server. NXC2500 User’s Guide...
  • Page 299: Log Settings

    Alternatively, if you want to edit what events is included in each log, you can also use the Log Category Settings screen to edit this information for all logs at the same time. NXC2500 User’s Guide...
  • Page 300: Log Settings Summary

    Internal - system log; you can view the log on the View Log tab. VRPT/Syslog - ZyXEL’s Vantage Report, syslog-compatible format. CEF/Syslog - Common Event Format, syslog-compatible format. Summary This field is a summary of the settings for each log. NXC2500 User’s Guide...
  • Page 301 Table 150 Configuration > Log & Report > Log Settings (continued) LABEL DESCRIPTION Log Category Click this button to open the Log Category Settings screen. Settings Apply Click this button to save your changes (activate and deactivate logs) and make them take effect. NXC2500 User’s Guide...
  • Page 302: Edit System Log Settings

    This screen controls the detailed settings for each log in the system log (which includes the e-mail profiles). Go to the Log Settings Summary screen and click the system log Edit icon. Figure 175 Configuration > Log & Report > Log Settings > Edit (System Log) NXC2500 User’s Guide...
  • Page 303 Using the System Log drop-down list to disable all logs overrides your e-mail server 1 settings. enable normal logs (green check mark) - e-mail log messages for all categories to e-mail server 1. enable alert logs (red exclamation point) - e-mail alerts for all categories to e-mail server 1. NXC2500 User’s Guide...
  • Page 304: Edit Usb Storage Log Settings

    25.3.3 Edit USB Storage Log Settings The Edit Log on USB Storage Setting screen controls the detailed settings for saving logs to a connected USB storage device. Go to the Log Settings Summary screen, and click the USB storage Edit icon. NXC2500 User’s Guide...
  • Page 305 This field is a sequential value, and it is not associated with a specific entry. Log Category This field displays each category of messages. The Default category includes debugging messages generated by open source software. NXC2500 User’s Guide...
  • Page 306 (yellow check mark) - log regular information, alerts, and debugging information from this category Click this to save your changes and return to the previous screen. Cancel Click this to return to the previous screen without saving your changes. NXC2500 User’s Guide...
  • Page 307: Edit Remote Server Log Settings

    This screen controls the settings for each log in the remote server (syslog). Go to the Log Settings Summary screen and click a remote server Edit icon. Figure 177 Configuration > Log & Report > Log Settings > Edit (Remote Server) NXC2500 User’s Guide...
  • Page 308: Log Category Settings

    This screen allows you to view and to edit what information is included in the system log, USB storage, e-mail profiles, and remote servers at the same time. It does not let you change other log settings (for example, where and how often log information is e-mailed or remote server names). NXC2500 User’s Guide...
  • Page 309 Figure 178 Configuration > Log & Report > Log Settings > Log Category Settings This screen provides a different view and a different way of indicating which messages are included in each log and each alert. (The Default category includes debugging messages generated by open source software.) NXC2500 User’s Guide...
  • Page 310 Log Category This field displays each category of messages. It is the same value used in the Display and Category fields in the View Log tab. The Default category includes debugging messages generated by open source software. NXC2500 User’s Guide...
  • Page 311 (yellow check mark) - log regular information, alerts, and debugging information from this category Click this to save your changes and return to the previous screen. Cancel Click this to return to the previous screen without saving your changes. NXC2500 User’s Guide...
  • Page 312 Chapter 25 Log and Report NXC2500 User’s Guide...
  • Page 313: File Manager

    When you apply a configuration file, the NXC uses the factory default settings for any features that the configuration file does not include. When you run a shell script, the NXC only applies the commands that it contains. Other settings do not change. NXC2500 User’s Guide...
  • Page 314 Your configuration files or shell scripts can use “exit” or a command line consisting of a single “!” to have the NXC exit sub command mode. Note: “exit” or “!'” must follow sub commands if it is to make the NXC exit sub command mode. NXC2500 User’s Guide...
  • Page 315: Configuration File

    Once your NXC is configured and functioning properly, it is highly recommended that you back up your configuration file before making further configuration changes. The backup configuration file will be useful in case you need to return to your previous settings. NXC2500 User’s Guide...
  • Page 316 The NXC still generates a log for any errors. Figure 180 Maintenance > File Manager > Configuration File Do not turn off the NXC while configuration file upload is in progress. NXC2500 User’s Guide...
  • Page 317 Specify a name for the duplicate configuration file. Use up to 25 characters (including a- zA-Z0-9;‘~!@#$%^&()_+[]{}’,.=-). Click OK to save the duplicate or click Cancel to close the screen without saving a duplicate of the configuration file. NXC2500 User’s Guide...
  • Page 318 The lastgood.conf is the most recently used (valid) configuration file that was saved when the device last restarted. If you upload and apply a configuration file with an error, you can apply lastgood.conf to return to a valid configuration. NXC2500 User’s Guide...
  • Page 319: Firmware Package

    You can upload the firmware package to the NXC with the option enabled, so you only need to clear the Destroy compressed files that could not be decompressed option while you download the firmware package. NXC2500 User’s Guide...
  • Page 320 The NXC automatically restarts causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 183 Network Temporarily Disconnected After five minutes, log in again and check your new firmware version in the Dashboard screen. NXC2500 User’s Guide...
  • Page 321: Shell Script

    Note: You should include write commands in your scripts. If you do not use the write command, the changes will be lost when the NXC restarts. You could use multiple write commands in a long script. Figure 185 Maintenance > File Manager > Shell Script NXC2500 User’s Guide...
  • Page 322 The bottom part of the screen allows you to upload a new or previously saved shell script file Shell Script from your computer to your NXC. File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. NXC2500 User’s Guide...
  • Page 323 Table 158 Maintenance > File Manager > Shell Script (continued) LABEL DESCRIPTION Browse... Click Browse... to find the .zysh file you want to upload. Upload Click Upload to begin the upload process. This process may take up to several minutes. NXC2500 User’s Guide...
  • Page 324 Chapter 26 File Manager NXC2500 User’s Guide...
  • Page 325: Diagnostics

    This screen provides an easy way for you to generate a file containing the NXC’s configuration and diagnostic information. You may need to generate this file and send it to customer support during troubleshooting. Click Maintenance > Diagnostics to open the Diagnostic screen. Figure 186 Maintenance > Diagnostics NXC2500 User’s Guide...
  • Page 326: Diagnostics Files

    File Name This column displays the label that identifies the file. Size This column displays the size (in bytes) of a file. Last Modified This column displays the date and time that the individual files were saved. NXC2500 User’s Guide...
  • Page 327: Packet Capture

    Internet. Select any to capture packets for traffic sent by either IP version. Protocol Type Select the protocol type of traffic for which to capture packets. Select any to capture packets for all types of traffic. NXC2500 User’s Guide...
  • Page 328 Capture (Per Packet) truncates packets that exceed this size. As a result, when you view the packet capture files in a packet analyzer, the actual size of the packets may be larger than the size of captured packets. NXC2500 User’s Guide...
  • Page 329: Packet Capture Files

    Click a file to select it and click Download to save it to your computer. This column displays the number for each packet capture file entry. The total number of packet capture files that you can save depends on the file sizes and the available flash storage space. NXC2500 User’s Guide...
  • Page 330: Example Of Viewing A Packet Capture File

    Use the Core Dump screen to have the NXC save a process’s core dump to an attached USB storage device if the process terminates abnormally (crashes). You may need to send this file to customer support for troubleshooting. NXC2500 User’s Guide...
  • Page 331: Core Dump Files

    NXC or a connected USB storage device. You may need to send these files to customer support for troubleshooting. Figure 192 Maintenance > Diagnostics > Core Dump > Files NXC2500 User’s Guide...
  • Page 332: System Log

    File Name This column displays the label that identifies the file. Size This column displays the size (in bytes) of a file. Last Modified This column displays the date and time that the individual files were saved. NXC2500 User’s Guide...
  • Page 333: Wireless Frame Capture

    Use the arrow buttons to move APs off this list and onto the Captured MON Mode APs list. Capture MON Mode This column displays the monitor-mode configured APs selected to for wireless frame capture. Misc Setting NXC2500 User’s Guide...
  • Page 334: Wireless Frame Capture Files

    NXC has performed. You can download the files to your computer where you can study them using a packet analyzer (also known as a network or protocol analyzer) such as Wireshark. Figure 195 Maintenance > Diagnostics > Wireless Frame Capture > Files NXC2500 User’s Guide...
  • Page 335 This column displays the label that identifies the file. The file name format is interface name- file suffix.cap. Size This column displays the size (in bytes) of a configuration file. Last Modified This column displays the date and time that the individual files were saved. NXC2500 User’s Guide...
  • Page 336 Chapter 27 Diagnostics NXC2500 User’s Guide...
  • Page 337: Packet Flow Explore

    • use policy routes to control 1-1 NAT by using the policy control-virtual-server-rules activate command. Note: Once a packet matches the criteria of a routing rule, the NXC takes the corresponding action and does not perform any further flow checking. NXC2500 User’s Guide...
  • Page 338 Chapter 28 Packet Flow Explore Figure 196 Maintenance > Packet Flow Explore > Routing Status (Direct Route) Figure 197 Maintenance > Packet Flow Explore > Routing Status (Policy Route) Figure 198 Maintenance > Packet Flow Explore > Routing Status (1-1 SNAT) NXC2500 User’s Guide...
  • Page 339 This is the number of an activated policy route. If you have configured a schedule for the route, this screen only displays the route at the scheduled time. Incoming This is the interface on which the packets are received. NXC2500 User’s Guide...
  • Page 340: The Snat Status Screen

    • use policy routes to control 1-1 NAT by using the policy control-virtual-server-rules activate command. Note: Once a packet matches the criteria of an SNAT rule, the NXC takes the corresponding action and does not perform any further flow checking. NXC2500 User’s Guide...
  • Page 341 Figure 200 Maintenance > Packet Flow Explore > SNAT Status (Policy Route SNAT) Figure 201 Maintenance > Packet Flow Explore > SNAT Status (1-1 SNAT) Figure 202 Maintenance > Packet Flow Explore > SNAT Status (Loopback SNAT) NXC2500 User’s Guide...
  • Page 342 The following fields are available if you click Default SNAT in the SNAT Flow section. This field is a sequential value, and it is not associated with any entry. Incoming This indicates internal interface(s) on which the packets are received. NXC2500 User’s Guide...
  • Page 343 This indicates which source IP address the SNAT rule uses finally. For example, Outgoing Interface IP means that the NXC uses the IP address of the outgoing interface as the source IP address for the matched packets it sends out through this rule. NXC2500 User’s Guide...
  • Page 344 Chapter 28 Packet Flow Explore NXC2500 User’s Guide...
  • Page 345: Reboot

    Click the Reboot button to restart the NXC. Wait a few minutes until the login screen appears. If the login screen does not appear, type the IP address of the device in your Web browser. You can also use the CLI command reboot to restart the NXC. NXC2500 User’s Guide...
  • Page 346 Chapter 29 Reboot NXC2500 User’s Guide...
  • Page 347: Shutdown

    Click the Shutdown button to shut down the NXC. Wait for the device to shut down before you manually turn off or remove the power. It does not turn off the power. You can also use the CLI command shutdown to shutdown the NXC. NXC2500 User’s Guide...
  • Page 348 Chapter 30 Shutdown NXC2500 User’s Guide...
  • Page 349: Troubleshooting

    Connect your computer to the CONSOLE port using a console cable. Your computer should have a terminal emulation communications program (such as HyperTerminal) set to VT100 terminal emulation, no parity, 8 data bits, 1 stop bit, no flow control and 115200 bps port speed. NXC2500 User’s Guide...
  • Page 350 It is strongly recommended that you use a more effective security mechanism. Use the strongest security mechanism that all the wireless devices in your network support. WPA2 or WPA2- PSK is recommended. The wireless security is not following the re-authentication timer setting I specified. NXC2500 User’s Guide...
  • Page 351 I cannot get the RADIUS server to authenticate the NXC‘s default admin account. The default admin account is always authenticated locally, regardless of the authentication method setting. The NXC fails to authentication the ext-user user accounts I configured. NXC2500 User’s Guide...
  • Page 352 PKCS #12 file is within a password-encrypted envelope. The file’s password is not connected to your certificate’s public or private passwords. Exporting a PKCS #12 file creates this and you must provide it to decrypt the contents when you import the file into the NXC. NXC2500 User’s Guide...
  • Page 353 • Include write commands in your scripts. Otherwise the changes will be lost when the NXC restarts. You could use multiple write commands in a long script. Note: “exit” or “!'” must follow sub commands if it is to make the NXC exit sub command mode. NXC2500 User’s Guide...
  • Page 354: Wireless

    AP’s configuration is in conflict with the NXC’s settings for the AP. • The wireless client’s MAC address may be on the MAC filtering list. See Section 16.3.3 on page for details on managing the NXC MAC Filter. NXC2500 User’s Guide...
  • Page 355 If Captive Portal is using the external web portal: • Make sure the Captive Portal configuration pointing to it is correct. You must configure the Login URL field. • Check that the external Web server is configured properly. NXC2500 User’s Guide...
  • Page 356: Resetting The Nxc

    Press the RESET button and hold it until the SYS LED begins to blink. (This usually takes about five seconds.) Release the RESET button, and wait for the NXC to restart. You should be able to access the NXC using the default settings. NXC2500 User’s Guide...
  • Page 357: Getting More Troubleshooting Help

    Chapter 31 Troubleshooting 31.3 Getting More Troubleshooting Help Search for support information for your model at www.zyxel.com for more troubleshooting suggestions. NXC2500 User’s Guide...
  • Page 358 Chapter 31 Troubleshooting NXC2500 User’s Guide...
  • Page 359: Appendix A Log Descriptions

    1st:zysh entry name can't retrieve entry: 1st:zysh entry name can't get entry: %s! 1st:zysh entry name can't print entry: %s! 1st:zysh list name %s: cannot retrieve entries from list! 1st:zysh entry index can't get name for entry %d! NXC2500 User’s Guide...
  • Page 360 %s: invalid old/new index! 1st:zysh entry num Unable to move entry #%d! 1st:zysh table name %s: apply failed at initial stage! 1st:zysh table name %s: apply failed at main stage! 1st:zysh table name %s: apply failed at closing stage! NXC2500 User’s Guide...
  • Page 361 The NXC blocked a login because the maximum simultaneous login capacity Failed login attempt to for the administrator or access account has already been reached. EnterpriseWLAN from %s (reach the max. number %s: service name of simultaneous logon) NXC2500 User’s Guide...
  • Page 362 %s:Trial service activation has %s: service name succeeded. The device received an incomplete response from the myZyXEL.com server Trial service and it caused a parsing error for the device. activation has failed. Because of lack must fields. NXC2500 User’s Guide...
  • Page 363 The device failed to change the type of anti-virus engine. %s is the server Change Anti-Virus response error message. engine has failed:%s. The device successfully changed the type of anti-virus engine. Change Anti-Virus engine has succeeded. NXC2500 User’s Guide...
  • Page 364 The device successfully downloaded an IDP signature file. IDP signature download has succeeded. The device successfully downloaded and applied an IDP signature file. IDP signature update has succeeded. The device still cannot download the IDP signature after 3 retries. IDP signature download has failed. NXC2500 User’s Guide...
  • Page 365 The device processes a service expiration day check immediately after it starts System bootup. Do expiration daily- check. The device processes a service expiration day check immediately after device After register. Do registration. expiration daily- check immediately. NXC2500 User’s Guide...
  • Page 366 The file size downloaded for AS is not identical with content-length Download file size is wrong. Device can't parse the HTTP header in a response returned by a server. Maybe Parse HTTP header has some HTTP headers are missing. failed. NXC2500 User’s Guide...
  • Page 367 Policy-route rule %d was modified. %d: the policy route rule number Rule is moved. Policy-route rule %d was moved to %d. 1st %d: the original policy route rule number 2nd %d: the new policy route rule number NXC2500 User’s Guide...
  • Page 368 An administrator changed the port number for TELNET. TELNET port has been changed to port %s. %s is port number assigned by user An administrator changed the port number for TELNET back to the default TELNET port has been (23). changed to default port. NXC2500 User’s Guide...
  • Page 369 An administrator tried to add more than the maximum number of DNS access DNS access control control rules (64). rules have been reached the maximum number. An administrator added a new rule. DNS access control rule %u of DNS has %u is rule number been appended. NXC2500 User’s Guide...
  • Page 370 32. The maximum number of allowable rules has been reached. Access control rules of %s have reached the %s is HTTP/HTTPS/SSH/SNMP/FTP/TELNET. maximum number of %u %u is the maximum number of access control rules. NXC2500 User’s Guide...
  • Page 371 %d%%: mem-threshold-min. When local storage usage drops below threshold-min, %s: partition_name file system drops below the threshold of %d%%: disk-threshold-min. DHCP Server executed with cautious mode enabled. DHCP Server executed with cautious mode enabled NXC2500 User’s Guide...
  • Page 372 NTP update successful, current time is %s %s is the date and time. The device was not able to synchronize with the NTP time server successfully. NTP update failed An administrator restarted the device. Device is rebooted by administrator! NXC2500 User’s Guide...
  • Page 373 Can't load %s module %s: the connectivity module, currently only ICMP available. The connectivity check process can't execute 'isalive' function from module for Can't handle 'isalive' check link-status. function of %s module %s: the connectivity module, currently only ICMP available. NXC2500 User’s Guide...
  • Page 374 FTP ALG has been modified. Default FTP ALG port has been changed. Signal port of FTP ALG has been modified. The H.323 ALG has been turned on or off. %s: Enable or Disable %s H.323 ALG has succeeded. NXC2500 User’s Guide...
  • Page 375 Certificate was not added to the cache. Certificate decoding failed. Certificate was not found (anywhere). Certificate chain looped (did not find trusted root). Certificate contains critical extension that was not handled. Certificate issuer was not valid (CA specific information missing). (Not used) NXC2500 User’s Guide...
  • Page 376 1st %s: interface name, 2nd %s: interface status, 1st %u variable: interface RxPkts=%u,Colli.=%u,T Tx packets, 2nd %u variable: interface Rx packets, 3rd %u: interface packets xB/s=%u, collisions, 4th %u: interface Tx Bytes/s, 5th %u: interface Rx Bytes/s. RxB/s=%u NXC2500 User’s Guide...
  • Page 377 The NXC was not able to configure the wireless device to use WPA. Remove System internal error. the wireless device and reinstall it. Error configuring WPA state! The NXC was not able to enable WPA/IEEE 802.1X. System internal error. Error enabling WPA/ 802.1X! NXC2500 User’s Guide...
  • Page 378 A user changed an ISP account profile’s options. Account %s %s has been changed. 1st %s: profile type, 2nd %s: profile name. A user added a new ISP account profile. Account %s %s has been added. 1st %s: profile type, 2nd %s: profile name. NXC2500 User’s Guide...
  • Page 379 Resetting system... After the system reset, it started to apply the configuration file. System resetted. Now apply %s.. %s is configuration file name. An administrator ran the listed shell script. Running %s... %s is script file name. NXC2500 User’s Guide...
  • Page 380 The NXC could not connect to the SMTP e-mail server (%s). The address Failed to connect to configured for the server may be incorrect or there may be a problem with the mail server %s. NXC’s or the server’s network connection. NXC2500 User’s Guide...
  • Page 381 A Managed AP disconnected from the CAPWAP Server. AP Disconnect. MAC:%02x%02x%02x%02x%02x%02x, 1st %02x ~ 6th %02x: Managed AP MAC Address. Name:%s, Reason:%s in %s 7th %s: Managed AP Description. State,Model:%s 8th %s: Managed AP Disconnect Reason. 9th %s: Managed AP Model Name. NXC2500 User’s Guide...
  • Page 382 Start Send Updating Configuration to an AP in the Managed List. Start Send Updating Configuration to AP. 1st %02x ~ 6th %02x: Managed AP MAC Address. MAC:%02x%02x%02x%02x%02x%02x, 7th %s: Managed AP Description. Name:%s,Model:%s 8th %s: Managed AP Model Name. NXC2500 User’s Guide...
  • Page 383 CAPWAP Client connected to the WLAN Controller. Connect to WLAN Controller. IP:%s 1st %s: WLAN Controller IP Address. CAPWAP Client disconnected from to the WLAN Controller. Disconnect from WLAN Controller. IP:%s 1st %s: WLAN Controller IP Address. NXC2500 User’s Guide...
  • Page 384 Indicates that the specified station was removed from an AP’s wireless kick station network because the AP became overloaded. %02x:%02x:%02x:%02x:%0 2x:%02x Table 191 Rogue AP Logs LOG MESSAGE DESCRIPTION Indicates that rogue AP detection is enabled. rogue ap detection is enabled. NXC2500 User’s Guide...
  • Page 385 7th %s: Source WTP's description. To:%s 8th %s: Destination WTP's description. The number of wireless clients connected to the AP has reached the STA List Full. STA maximium limit. List of AP [%s] is Full 1st %s: Managed AP's description. NXC2500 User’s Guide...
  • Page 386 8th %s: Managed AP Description. An AP rejected a wireless client’s association request. AP Radio MAC=%02x:%02x:%02x:%02 1st %02x~6th%02x: AP’s MAC Address. x:%02x:%02x, Reject 7th %02x~12th%02x: Wireless client’s MAC Address. Station MAC%02x:%02x:%02x:%02x 13th %d: RSSI value :%02x:%02x, RSSI=%d NXC2500 User’s Guide...
  • Page 387: Appendix B Common Services

    File Transfer Program, a program to enable fast transfer of files, including large files that may not be possible by e-mail. H.323 1720 NetMeeting uses this protocol. NXC2500 User’s Guide...
  • Page 388 REXEC Remote Execution Daemon. RLOGIN Remote Login. RTELNET Remote Telnet. RTSP TCP/UDP The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet. SFTP Simple File Transfer Protocol. NXC2500 User’s Guide...
  • Page 389 TFTP Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE 7000 Another videoconferencing solution. NXC2500 User’s Guide...
  • Page 390 Appendix B Common Services NXC2500 User’s Guide...
  • Page 391: Appendix C Importing Certificates

    Note: You can see if you are browsing on a secure website if the URL in your web browser’s address bar begins with https:// or there is a sealed padlock icon ) somewhere in the main browser window (not all browsers show the padlock in the same location.) NXC2500 User’s Guide...
  • Page 392 If your device’s Web Configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error. Click Continue to this website (not recommended). In the Address Bar, click Certificate Error > View certificates. NXC2500 User’s Guide...
  • Page 393 Appendix C Importing Certificates In the Certificate dialog box, click Install Certificate. In the Certificate Import Wizard, click Next. NXC2500 User’s Guide...
  • Page 394 Next again and then go to step 9. Otherwise, select Place all certificates in the following store and then click Browse. In the Select Certificate Store dialog box, choose a location in which to save the certificate and then click OK. NXC2500 User’s Guide...
  • Page 395 Appendix C Importing Certificates In the Completing the Certificate Import Wizard screen, click Finish. 10 If you are presented with another Security Warning, click Yes. 11 Finally, click OK when presented with the successful certificate installation message. NXC2500 User’s Guide...
  • Page 396 Double-click the public key certificate file. In the security warning dialog box, click Open. Refer to steps 4-12 in the Internet Explorer procedure beginning on page 392 to complete the installation process. NXC2500 User’s Guide...
  • Page 397 This section shows you how to remove a public key certificate in Internet Explorer 7 on Windows XP. Open Internet Explorer and click Tools > Internet Options. In the Internet Options dialog box, click Content > Certificates. NXC2500 User’s Guide...
  • Page 398 In the Certificates confirmation, click Yes. In the Root Certificate Store dialog box, click Yes. The next time you go to the web site that issued the public key certificate you just removed, a certification error appears. NXC2500 User’s Guide...
  • Page 399 The certificate is stored and you can now connect securely to the Web Configurator. A sealed padlock appears in the address bar, which you can click to open the Page Info > Security window to view the web page’s security information. NXC2500 User’s Guide...
  • Page 400 Rather than browsing to a ZyXEL Web Configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you. Open Firefox and click Tools > Options. In the Options dialog box, click Advanced > Encryption > View Certificates. NXC2500 User’s Guide...
  • Page 401 Use the Select File dialog box to locate the certificate and then click Open. The next time you visit the web site, click the padlock in the address bar to open the Page Info > Security window to see the web page’s security information. NXC2500 User’s Guide...
  • Page 402 Removing a Certificate in Firefox This section shows you how to remove a public key certificate in Firefox 2. Open Firefox and click Tools > Options. In the Options dialog box, click Advanced > Encryption > View Certificates. NXC2500 User’s Guide...
  • Page 403 Delete. In the Delete Web Site Certificates dialog box, click OK. The next time you go to the web site that issued the public key certificate you just removed, a certification error appears. NXC2500 User’s Guide...
  • Page 404 Appendix C Importing Certificates NXC2500 User’s Guide...
  • Page 405: Appendix D Wireless Lans

    (AP). Intra-BSS traffic is traffic between wireless clients in the BSS. When Intra-BSS is enabled, wireless client A and B can access the wired network and communicate with each other. When Intra-BSS is NXC2500 User’s Guide...
  • Page 406 APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood. NXC2500 User’s Guide...
  • Page 407 AP is using. For example, if your region has 11 channels and an adjacent AP is using channel 1, then you need to select a channel between 6 or 11. NXC2500 User’s Guide...
  • Page 408 RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Note: Enabling the RTS Threshold causes redundant network overhead that could negatively affect the throughput performance instead of providing a remedy. NXC2500 User’s Guide...
  • Page 409 DQPSK (Differential Quadrature Phase Shift Keying) 5.5 / 11 CCK (Complementary Code Keying) 6/9/12/18/24/36/48/54 OFDM (Orthogonal Frequency Division Multiplexing) Wireless Security Overview Wireless security is vital to your network to protect wireless communication between wireless clients, access points and the wired network. NXC2500 User’s Guide...
  • Page 410 • Authentication Determines the identity of the users. • Authorization Determines the network services available to authenticated users once they are connected to the network. • Accounting Keeps track of the client’s network activity. NXC2500 User’s Guide...
  • Page 411 For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner. NXC2500 User’s Guide...
  • Page 412 The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed. NXC2500 User’s Guide...
  • Page 413 Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption than TKIP. TKIP uses 128-bit keys that are dynamically generated and distributed by the authentication server. AES (Advanced Encryption Standard) is a block cipher that uses a 256-bit mathematical algorithm NXC2500 User’s Guide...
  • Page 414 WPA. At the time of writing, the most widely available supplicant is the WPA patch for Windows XP, Funk Software's Odyssey client. The Windows XP patch is a free download that adds WPA capability to Windows XP's built-in "Zero Configuration" wireless client. However, you must run Windows XP to use it. NXC2500 User’s Guide...
  • Page 415 The AP checks each wireless client's password and allows it to join the network only if the password matches. The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over the network, but is derived from the PSK and the SSID. NXC2500 User’s Guide...
  • Page 416 Enable without Dynamic WEP Key Open Enable with Dynamic WEP Key Enable without Dynamic WEP Key Disable Shared Enable with Dynamic WEP Key Enable without Dynamic WEP Key Disable TKIP/AES Enable WPA-PSK TKIP/AES Disable WPA2 TKIP/AES Enable WPA2-PSK TKIP/AES Disable NXC2500 User’s Guide...
  • Page 417: Appendix E Legal Information

    Your use of the NXC is subject to the terms and conditions of any related service providers. Trademarks ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
  • Page 418 Lo smaltimento abusivo del prodotto da parte del detentore comporta l’applicazione delle sanzioni amministrative previste dalla normativa vigente." NXC2500 User’s Guide...
  • Page 419 Naam/titel: Raymond Huang / Quality & Customer Namn/Titel: Raymond Huang / Quality & Customer Service Division / Assistant VP. Service Division / Assistant VP. Service Division / Assistant VP. Data (aaaa/mm/gg): 2013/02/01 Datum(jjjj/mm/dd): 2013/02/01 Datum (åååå/mm/dd): 2013/02/01 NXC2500 User’s Guide...
  • Page 420 Appendix E Legal Information NXC2500 User’s Guide...
  • Page 421: Index

    227, 229, 230, 231, 233, 234 and users directory structure and WWW Distinguished Name, see DN create password Authentication server port 233, 236 RADIUS client search time limit authentication server Authentication, Authorization, Accounting servers, address groups see AAA server NXC2500 User’s Guide...
  • Page 422 SSH system-default.conf and WWW uploading certification path 242, 250, 255 uploading with FTP expired use without restart factory-default file formats connectivity check 108, 120 fingerprints console port 251, 256 importing speed not used for encryption cookies revoked NXC2500 User’s Guide...
  • Page 423 IP address to domain name getting updated Mail eXchange (MX) records uploading 319, 320 pointer (PTR) records uploading with FTP DNS servers 265, 269 flash usage and interfaces FQDN documentation fragmentation threshold related front panel ports domain name NXC2500 User’s Guide...
  • Page 424 Internet Explorer UDP, see UDP HyperText Transfer Protocol over Secure Socket IP static routes, see static routes Layer, see HTTPS IP/MAC binding exempt list monitor static DHCP IBSS ICMP IEEE 802.11g IEEE 802.1q VLAN Java IEEE 802.1x NXC2500 User’s Guide...
  • Page 425 (HOST) logs and ALG descriptions and interfaces e-mail profiles and policy routes e-mailing log messages 82, 303 NAT example formats NBNS log consolidation 109, 119, 123 settings NetBIOS syslog servers Name Server, see NBNS. NXC2500 User’s Guide...
  • Page 426 Relative Distinguished Name (RDN) and address objects 229, 231, 233 and interfaces Remote Authentication Dial-In User Service, see RADIUS and schedules and user groups remote management 129, 130 and users FTP, see FTP 129, 130 NXC2500 User’s Guide...
  • Page 427 Secure Socket Layer, see SSL encryption methods serial number for secure Telnet service control how connection is established and users versions limitations with Linux timeouts with Microsoft Windows service groups and AAA service objects and AD Service Set and LDAP NXC2500 User’s Guide...
  • Page 428 (type) and zones admin, see also admin users with SSH and AAA servers Temporal Key Integrity Protocol (TKIP) and authentication method objects time and LDAP time servers (default) and policy routes 129, 130 and RADIUS trademarks NXC2500 User’s Guide...
  • Page 429 17, 135 warranty and FTP note and interfaces 17, 135 Web Configurator and SNMP 21, 29 access and SSH access users and Telnet requirements and VPN 17, 135 supported browsers and WWW NXC2500 User’s Guide...
  • Page 430 Index default extra-zone traffic inter-zone traffic intra-zone traffic types of traffic NXC2500 User’s Guide...

Table of Contents