Page 1 User’s Guide NXC Series Wireless LAN Controller Default Login Details Version 6.0 Edition 1, 10/2019 LAN IP Address https://192.168.1.1 User Name admin Password 1234 Copyright © 2019 Zyxel Communications Corporation...
Page 2 NXC-managed access points. • Web Configurator Online Help Click the help icon in any screen for help in configuring that screen and supplementary information. • More Information Go to support.zyxel.com to find other information on the NXC NXC Series User’s Guide...
Page 3: Document Conventions
Interface tab to get to that screen. Icons Used in Figures Figures in this guide may use the following generic icons. The NXC icon is not an exact representation of your device. Router Switch Internet Server Desktop Laptop NXC Series User’s Guide...
Page 4: Table Of Contents
Authentication Method ........................313 Certificates ............................316 DHCPv6 ..............................331 System ..............................333 Log and Report ........................... 375 File Manager ............................. 390 Diagnostics ............................401 Packet Flow Explore ........................... 418 Reboot ..............................424 Shutdown ............................. 425 NXC Series User’s Guide...
Page 5 Contents Overview Appendices and Troubleshooting ....................426 Troubleshooting ..........................427 NXC Series User’s Guide...
Page 6: Table Of Contents
2.3 Rack-mounted Installation ......................26 2.3.1 Rack-Mounted Installation Procedure ................26 2.4 Wall-mounting ..........................27 2.5 Front Panel ............................28 2.5.1 NXC2500 ..........................28 2.5.2 NXC5500 ..........................28 2.5.3 Front Panel LEDs ........................30 2.6 Rear Panel ............................31 NXC Series User’s Guide...
Page 7 5.2.6 AP Status ..........................66 5.2.7 Station Traffic ......................... 68 Chapter 6 Monitor ..............................69 6.1 Overview ............................69 6.1.1 What You Can Do in this Chapter ..................69 6.2 What You Need to Know ....................... 70 NXC Series User’s Guide...
Page 8 8.1.2 What You Need to Know ....................119 8.2 Controller ............................120 8.3 AP Management .......................... 120 8.3.1 Mgmt. AP List ........................121 8.3.2 AP Policy ..........................130 8.3.3 AP Group ..........................131 8.3.4 Firmware ..........................138 8.4 Rogue AP ............................140 NXC Series User’s Guide...
Page 9 10.4 Technical Reference ........................184 Chapter 11 Zones ..............................186 11.1 Overview ............................. 186 11.1.1 What You Can Do in this Chapter ................... 186 11.1.2 What You Need to Know ....................186 11.2 Zone ............................. 187 11.2.1 Add/Edit Zone ........................187 NXC Series User’s Guide...
Page 10 15.3.3 External or Uploaded Web Portal Details ............... 213 15.4 Redirect on Controller ........................ 216 15.4.1 Auth. Policy Add/Edit ....................... 217 15.5 Redirect on AP ..........................221 15.5.1 Auth. Policy Group Add/Edit ................... 223 15.5.2 Auth. Policy Add/Edit ....................... 224 NXC Series User’s Guide...
Page 11 19.1.1 What You Can Do in this Chapter ................... 257 19.1.2 What You Need To Know ....................257 19.2 Radio ............................258 19.2.1 Add/Edit Radio Profile ...................... 259 19.3 SSID .............................. 265 19.3.1 SSID List ..........................265 NXC Series User’s Guide...
Page 12 23.1.2 What You Need to Know ....................293 23.2 Service Summary ........................294 23.2.1 Add/Edit Service Rule ...................... 295 23.3 Service Group Summary ......................296 23.3.1 Add/Edit Service Group Rule ..................296 Chapter 24 Schedules ............................298 24.1 Overview ............................. 298 NXC Series User’s Guide...
Page 13 27.3 Trusted Certificates ........................325 27.3.1 Editing Trusted Certificates ....................327 27.3.2 Importing Trusted Certificates ..................329 27.4 Technical Reference ........................330 Chapter 28 DHCPv6 .............................331 28.1 Overview ............................. 331 28.1.1 What You Can Do in this Chapter ................... 331 NXC Series User’s Guide...
Page 14 29.8.3 Requirements for Using SSH ....................362 29.8.4 Configuring SSH ......................... 362 29.8.5 Examples of Secure Telnet Using SSH ................363 29.9 Telnet ............................364 29.10 FTP .............................. 366 29.11 SNMP ............................367 29.11.1 Supported MIBs ....................... 368 NXC Series User’s Guide...
Page 15 32.3.1 Packet Capture on AP ....................408 32.3.2 Packet Capture Files ......................411 32.3.3 Example of Viewing a Packet Capture File ..............412 32.4 Core Dump ..........................413 32.4.1 Core Dump Files ........................ 413 32.5 System Log ..........................414 NXC Series User’s Guide...
Page 16 36.3 Getting More Troubleshooting Help ..................435 Appendix A Log Descriptions......................436 Appendix B Common Services ...................... 463 Appendix C Importing Certificates ....................466 Appendix D Wireless LANs ......................490 Appendix E IPv6..........................502 Appendix F Customer Support ...................... 510 NXC Series User’s Guide...
Page 17 Table of Contents Appendix G Legal Information ...................... 516 Index ..............................521 NXC Series User’s Guide...
Page 18: User's Guide
User’s Guide...
Page 19: Introduction
H A P T E R Introduction 1.1 Overview This User’s Guide covers the following models: NXC2500 and NXC5500. Table 1 NXC Series Comparison Table FEATURES NXC2500 NXC5500 Link Aggregation Group (LAG) Support Two USB Ports Console Port (Serial Port)
Page 20: Interface Types
• The LAN zone contains the ge1~ ge6 interfaces (physical ports P1~P6). By default, all LAN interfaces are put in vlan0. • The console port is not in a zone and can be directly accessed by a computer attached to it using a special console-to-Ethernet adapter. NXC Series User’s Guide...
Page 21: Applications
1.3.3 Captive Portal The NXC can be configured with a captive portal, which intercepts all network traffic, regardless of address or port, until a connecting user authenticates his or her session, through a designated login Web page. NXC Series User’s Guide...
Page 22: Load Balancing
APs and determining what channels are currently being used by other devices not connected to the network. 1.3.6 User-Aware Access Control Set up security policies that restrict access to sensitive information and shared resources based on the user who is trying to access it. NXC Series User’s Guide...
Page 23: Management Overview
If you are in a screen that uses objects, you can also usually select Create new Object to be able to configure a new object. Use the Object Reference screen to see what objects are configured and which configuration settings reference specific objects. NXC Series User’s Guide...
Page 24: Starting And Stopping The Nxc
The NXC does not stop or start the system processes when you apply configuration files or run shell scripts although you may temporarily lose access to network resources. NXC Series User’s Guide...
Page 25: Hardware Installation And Connection
Make sure there is enough space around the NXC to allow the attachment of cables and the power cord and allow sufficient air circulation. Note: Make sure you are using the correct type of Ethernet cable (Category 5e, 6UTP/STP, or better Ethernet cable). NXC Series User’s Guide...
Page 26: Rack-Mounted Installation
This section uses the NXC5500 drawings as an example. Align one bracket with the holes on one side of the NXC and secure it with the included bracket screws (smaller than the rack-mounting screws). Attach the other bracket in a similar fashion. NXC Series User’s Guide...
Page 27: Wall-Mounting
NXC with the connection cables. Use the mounting holes on the NXC to hang the NXC on the screws. Wall-mount the NXC with the Ethernet ports facing down and the ventilation holes on the side. NXC Series User’s Guide...
Page 28: Front Panel
There are LEDs, one reset button, two USB ports and six Ethernet ports on the NXC2500 front panel. Figure 7 Front Panel: NXC2500 2.5.2 NXC5500 There are one reset button, six Ethernet ports, one console port, two USB ports and LEDs on the NXC5500 front panel. NXC Series User’s Guide...
Page 29 Connect the RJ-45 connector of the console cable to the console port of the NXC. Connect the female 9-pin end of the console cable to a serial port (COM1, COM2 or other COM port) of your computer. The following table shows you the wire color codes and pin assignment for the console cable. NXC Series User’s Guide...
Page 30: Front Panel Leds
The NXC is sending or receiving packets to/from an Ethernet network on this port. (Traffic) The NXC is not sending or receiving packets on this port. Orange This port has a successful link to an Ethernet network. There is no connection on this port. (Link) NXC Series User’s Guide...
Page 31: Rear Panel
Figure 10 Rear Panel: NXC5500 Console Port (NXC2500 Only) Connect this port to your computer (using an RS-232 cable) if you want to configure the NXC using the command line interface (CLI) via the console port. NXC Series User’s Guide...
Page 32 • No flow control Connect the male 9-pin end of the RS-232 console cable to the console port of the NXC. Connect the female end to a serial port (COM1, COM2 or other COM port) of your computer. NXC Series User’s Guide...
Page 33: The Web Configurator
Enter the user name (default: “admin”) and password (default: “1234”). Select the language you prefer for the Web Configurator. Click Login. If you logged in using the default user name and password, the Update Admin Info screen appears. Otherwise, the dashboard appears. NXC Series User’s Guide...
Page 34: The Main Screen
3.3 The Main Screen This guide uses the NXC2500 screens as an example. The screens may vary slightly for different models. The Web Configurator’s main screen is divided into these parts: NXC Series User’s Guide...
Page 35: Title Bar
Click this to open the help page for the current screen. About Click this to display basic information about the NXC. Site Map Click this to see an overview of links to the Web Configurator screens. NXC Series User’s Guide...
Page 36 This shows the date (yyyy-mm-dd) and time (hh:mm:ss) when the firmware is released. Click this to close the screen. Site Map Click Site MAP to see an overview of links to the Web Configurator screens. Click a screen’s link to go to that screen. NXC Series User’s Guide...
Page 37 This field is a sequential value, and it is not associated with any entry. Service This is the type of setting that references the selected object. Click a service’s name to display the service’s configuration screen in the main window. NXC Series User’s Guide...
Page 38: Navigation Panel
Use the menu items on the navigation panel to open screens to configure NXC features. Click the arrow in the middle of the right edge of the navigation panel to hide the navigation panel menus or drag it to resize them. The following sections introduce the NXC’s navigation panel menus and their screens. NXC Series User’s Guide...
Page 39 Display packet statistics for each physical port. Interface Status Interface Display general interface information and packet statistics. Summary Traffic Statistics Traffic Statistics Collect and display traffic statistics. Session Monitor Session Monitor Display the status of all current sessions. NXC Series User’s Guide...
Page 40 Rogue/Friendly AP Configure how the NXC monitors for rogue APs. List Auto Healing Auto Healing Enable auto healing to extend the wireless service coverage area of the managed APs when one of the APs fails. Network NXC Series User’s Guide...
Page 41 Create and manage host, range, and network (subnet) addresses. Address Group Create and manage groups of addresses. Service Service Create and manage TCP and UDP services. Service Group Create and manage groups of services. Schedule Schedule Create one-time and recurring schedules. NXC Series User’s Guide...
Page 42 FOLDER OR LINK FUNCTION File Manager Configuration File Manage and upload configuration files for the NXC. Firmware Package View the current firmware version and to upload firmware. Shell Script Manage and run shell script files for the NXC. NXC Series User’s Guide...
Page 43: Warning Messages
The Web Configurator tables and lists are quite flexible and provide several options for how to display their entries. Manipulating Table Display Here are some of the ways you can manipulate the Web Configurator tables. Click a column heading to sort the table’s entries according to that column’s criteria. NXC Series User’s Guide...
Page 44 Select a column heading cell’s right border and drag to re-size the column. Select a column heading and drag and drop it to change the column order. A green check mark displays next to the column’s title when you drag the column to a valid new location. NXC Series User’s Guide...
Page 45 For those types of tables small red triangles display for table entries with changes that you have not yet applied. Remove To remove an entry, select it and click Remove. The NXC confirms you want to remove it before doing so. NXC Series User’s Guide...
Page 46 In some lists you can also use the [Shift] or [Ctrl] key to select multiple entries, and then use the arrow button to move them to the other list. Figure 19 Working with Lists NXC Series User’s Guide...
Page 47: Setup Wizard
Daylight Saving Time starts and ends. The default daylight savings settings vary depending on the time zone you selected. • Offset allows you to specify how much the clock changes when daylight saving begins and ends. Enter a number from 1 to 5.5 (by 0.5 increments). NXC Series User’s Guide...
Page 48: Step 2 Uplink Connection And Management Vlan
• IP Address & Subnet Mask: Configure the IP address, subnet mask, and gateway manually. • DHCP: Select DHCP Server if you want the NXC to assign IP addresses to the connected devices. Select DHCP Relay if you want a DHCP server to do so. NXC Series User’s Guide...
Page 49: Step 3 Vlan Settings
• Member: This field displays the ports that are members of this VLAN. You cannot configure members for VLAN interfaces in the Wizard. The default members are ports 2-6 (ge2-6). • Guest VLAN: This field displays whether this is a guest VLAN and whether the captive portal (web authentication) feature is enabled. NXC Series User’s Guide...
Page 50 • IP Address & Subnet Mask: Configure the IP address, subnet mask, and gateway manually. • DHCP: Select DHCP Server if you want the NXC to assign IP addresses to the connected devices. Select DHCP Relay if you want a DHCP server to do so. NXC Series User’s Guide...
Page 51 To use a graphic, select Picture and upload a graphic. Specify the location and file name of the graphic or click Browse to locate it. You can use the following image file formats: GIF, PNG, or JPG. NXC Series User’s Guide...
Page 52: Step 4 Ssid
Select an SSID profile from the list, and click the On or Off icon to enable or disable the selected SSID profiles of a managed AP by the NXC. To change an SSID profile’s settings, such as the SSID (WiFi network name) and WiFi password, double-click the SSID profile from the list. NXC Series User’s Guide...
Page 53 IP address, port number and shared secret password of the RADIUS server to be used for authentication. This option is not available if you select Guest VLAN. Click OK to proceed. Click Cancel to close the screen without saving. NXC Series User’s Guide...
Page 54: Step 5 Radio
Figure 27 Wizard: SSID: Edit (Pre-Shared Key) 4.2.5 Step 5 Radio Use this screen to configure managed APs’ radio transmitter(s). • Channel Selection: This shows Auto and the managed AP will automatically choose a radio channel that has least interference. NXC Series User’s Guide...
Page 55: Summary
Otherwise, click Prev to return to the previous screen or click Cancel to close the wizard without saving. To configure advanced settings on date/time, the uplink connection, a VLAN interface, and managed APs, go to the configuration screens after you finish setting up the Wizard. NXC Series User’s Guide...
Page 56 Chapter 4 Setup Wizard Figure 29 Wizard: Summary NXC Series User’s Guide...
Page 57: Technical Reference
Technical Reference...
Page 58: Dashboard
(Section 5.2.6 on page 66) displays how many wireless stations are connected to the managed AP(s) and data usage. • The Station > Traffic screen (Section 5.2.7 on page 68) displays data usage of the connected wireless station(s). NXC Series User’s Guide...
Page 59: Dashboard
Dashboard icon in the navigation panel. The Dashboard displays general device information, system status, system resource usage, licensed service status, and interface status in widgets that you can re- arrange to suit your needs. You can also collapse, refresh, and close individual widgets. Figure 30 Dashboard NXC Series User’s Guide...
Page 60 Number of Login This field displays the number of users currently logged in to the NXC. Click the link to pop- Users open a list of the users who are currently logged in to the NXC. NXC Series User’s Guide...
Page 61 This shows a summary of connected wireless Access Points (APs). This displays the number of currently connected managed APs and the number of all managed APs. Click the link to go to the Monitor > Wireless > AP information > AP List screen. NXC Series User’s Guide...
Page 62 This field displays the actual log message. Source This field displays the source address (if any) in the packet that generated the log. Destination This field displays the destination address (if any) in the packet that generated the log. NXC Series User’s Guide...
Page 63: Cpu Usage
Click this to update the information in the window right away. 5.2.2 Memory Usage Use this screen to look at a chart of the NXC’s recent memory (RAM) usage. To access this screen, click Show Memory Usage in the dashboard. Figure 32 Dashboard > Memory Usage NXC Series User’s Guide...
Page 64: Session Usage
Use this screen to look at the IP addresses currently assigned to DHCP clients and the IP addresses reserved for specific MAC addresses. To access this screen, click the link beside DHCP Table in the dashboard. NXC Series User’s Guide...
Page 65 To remove a static DHCP entry, clear this field. Refresh Interval Enter how often you want this screen to be automatically updated. Refresh Now Click this to update the information in the screen right away. Click this to close the screen. NXC Series User’s Guide...
Page 66: Number Of Login Users
You can select a specific 24-hour period to view by selecting a date at the top of the charts. For the station count bar chart, the y-axis shows the number of the connected wireless stations. The x- axis shows the time period over which the number is recorded. NXC Series User’s Guide...
Page 67 The pie chart on the right displays the breakdown of traffic usage and station count by client within the selected time period. The gray area represents other APs not shown in the graph. Figure 36 Dashboard > AP > Status: Top N APs Figure 37 Dashboard > AP > Status: Single AP NXC Series User’s Guide...
Page 68: Station Traffic
The gray area represents other stations not shown in the graph. Figure 38 Dashboard > Station > Traffic: Top N Stations Figure 39 Dashboard > Station > Traffic: Single Station NXC Series User’s Guide...
Page 69: Monitor
• The Station List screen (Section 6.15 on page 107) displays statistics pertaining to the connected stations (or “wireless clients”). • The Detected Device screen (Section 6.16 on page 109) displays the wireless devices passively detected by the NXC. NXC Series User’s Guide...
Page 70: What You Need To Know
NETWORK A ROOM X ROOM Y BEACON 1 BEACON 2 BEACON 3 UUID EBAECFAF-DFE0-4039-BE5A-F030EED4303C Major Minor NXC Series User’s Guide...
Page 71: Port Statistics
This field displays the number of collisions on the physical port since it was last connected. Tx B/s This field displays the transmission speed, in bytes per second, on the physical port in the one- second interval before the screen updated. NXC Series User’s Guide...
Page 72: Port Statistics Graph
Switch to Grid Click this to display the port statistics as a table. View Mbps/Kbps The y-axis represents the speed of transmission or reception. time The x-axis shows the time period over which the transmission or reception occurred NXC Series User’s Guide...
Page 73: Interface Status
Configuration > System > IPv6 screen, you can also view your IPv6 interface status on this screen. Click Monitor > System Status > Interface Status to access this screen. Figure 42 Monitor > System Status > Interface Status NXC Series User’s Guide...
Page 74 IP address, this field displays n/a. Interface This table provides packet statistics for each interface. Statistics Refresh Click this button to update the information in the screen. Name This field displays the name of each interface. NXC Series User’s Guide...
Page 75: Traffic Statistics
You use the Traffic Statistics screen to tell the NXC when to start and when to stop collecting information for these reports. You cannot schedule data collection; you have to start and stop it manually in the Traffic Statistics screen. NXC Series User’s Guide...
Page 76 Click Apply to save your changes back to the NXC. Reset Click Reset to return the screen to its last-saved settings. Statistics Interface Select the interface from which to collect information. You can collect information from Ethernet or VLAN interfaces. NXC Series User’s Guide...
Page 77 These fields are available when the report type is Web Site Hits. This field is the rank of each record. The domain names are sorted by the number of hits. Interface This field displays the interface(s) from which the NXC collects information. NXC Series User’s Guide...
Page 78: Session Monitor
/ service or service group, source address, and/or destination address and view it by user. Click Monitor > System Status > Session Monitor to display the following screen. NXC Series User’s Guide...
Page 79 This button displays when View is set to all sessions. Click this button to update the information on the screen using the filter criteria in the User, Service, Source Address, and Destination Address fields. This field displays the index number of each active session. NXC Series User’s Guide...
Page 80: Ip/Mac Binding Monitor
The following table describes the labels in this screen. Table 30 Monitor > System Status > IP/MAC Binding LABEL DESCRIPTION Monitor Table Interface Select a NXC interface that has IP/MAC binding enabled to show to which devices it has assigned an IP address. NXC Series User’s Guide...
Page 81: Login Users
The default description is “AP-” followed by the AP’s MAC address. A “-” displays if the user is not connecting to the NXC wirelessly. Type This field displays the way the user logged in to the NXC. NXC Series User’s Guide...
Page 82: Dynamic Guest
SSID for a specified time unit. Use this screen to look at a list of dynamic guest user accounts on the NXC’s local database. To access this screen, click Monitor > System Status > Login Users > Dynamic Guest. Figure 47 Monitor > System Status > Login Users > Dynamic Guest NXC Series User’s Guide...
Page 83: Trusted Mac Address List
This screen lists the wireless client which has been authenticated by MAC address and allowed to access the network. To access this screen, click Monitor > System Status > Login Users > Trusted MAC Address. Figure 48 Monitor > System Status > Login Users > Trusted MAC Address List NXC Series User’s Guide...
Page 84: Usb Storage
File System This field displays what file system the USB storage device is formatted with. This field displays Unknown if the file system of the USB storage device is not supported by the NXC, such as NTFS. NXC Series User’s Guide...
Page 85: Ethernet Neighbor
Note: Smart Connect is enabled by default in the NXC. Use this screen to view the NXC’s neighboring devices in one place. To access this screen, click Monitor > System Status > Ethernet Neighbor. Figure 50 Monitor > System Status > Ethernet Neighbor NXC Series User’s Guide...
Page 86: Ap List
Select All to show all kinds of APs that are currently or used to be connected to the NXC. Select NebulaFlexPRO to show the APs that can work in Nebula cloud management mode. Status Select the status of APs you want to display. NXC Series User’s Guide...
Page 87 Select an AP and click this button to run the locator feature. The AP’s Locator LED will start to blink for 10 minutes by default. It will show the actual location of the AP between several devices in the network. NXC Series User’s Guide...
Page 88 A sun icon signifies that the AP’s locator LED is blinking. A circle signifies that the AP’s locator LED is extinguished. Ethernet Uplink This field displays the AP’s uplink port speed and duplex mode (Full or Half). NXC Series User’s Guide...
Page 89 A setting the NXC assigns to this AP does not match the AP’s capability. • Packets sent out on a LAN port of this AP loop back to the AP. This AP is offline and in the process of having its firmware updated. NXC Series User’s Guide...
Page 90: Station Count Of Ap
6.11.1 Station Count of AP Use this screen to look at configuration information, port status and station statistics for the connected AP. To access this screen, select an entry and click the More Information button in the AP List screen. NXC Series User’s Guide...
Page 91 If any of the AP’s configuration conflicts with the NXC’s settings for the AP, this field displays which configuration conflicts. It displays n/a if none of the AP’s configuration conflicts with the NXC’s settings for the AP. NXC Series User’s Guide...
Page 92: Edit Ap List
Use this screen to change the group and radio, VLAN, and port settings of the connected AP. To access this screen, select an entry and click the Edit the selected rule button in the AP List screen. NXC Series User’s Guide...
Page 93 Chapter 6 Monitor Figure 53 Monitor > Wireless > AP Information > AP List > Edit AP List NXC Series User’s Guide...
Page 94 Table 59 on page 135. Each AP can belong to up to two groups. Radio 1/2 Setting Override Group Select this option to overwrite the AP radio settings with the settings you configure here. Radio Setting NXC Series User’s Guide...
Page 95 This section is available only when the AP supports Bluetooth Low Energy (BLE). Edit Click this to edit the selected entry. See Section 6.11.2.1 on page Activate To turn on an entry, select it and click Activate. NXC Series User’s Guide...
Page 96 This shows the port’s PVID. A PVID (Port VLAN ID) is a tag that adds to incoming untagged frames received on a port so that the frames are forwarded to the VLAN group that the tag defines. NXC Series User’s Guide...
Page 97 When the locator LED is off, click the Turn On button to activate the locator function. It will show the actual location of the AP between several devices in the network. If the locator LED is blinking, click the Turn Off button to stop the locator LED from blinking immediately. NXC Series User’s Guide...
Page 98 Enter an integer from 0 to 65535 as the minor value to identify the beacon. Click OK to save your changes back to the AP. Cancel Click Cancel to exit this screen without saving your changes. NXC Series User’s Guide...
Page 99 To access this screen, click Add or select a VLAN and click the Edit button in the VLAN Configuration table of the Monitor > Wireless > AP Information > AP List > Edit AP List or Configuration > Wireless > AP Management > Mgmt. AP List > Edit AP List screen. NXC Series User’s Guide...
Page 100 The AP that supports tri-mode can work as a normal AP, a CAPWAP managed AP controlled by the NXC, or an AP managed by the Zyxel Nebula Control Center (NCC). See the AP’s user’s guide for more information about tri-mode. NXC Series User’s Guide...
Page 101 Enter the IP address of the gateway. The AP sends packets to the gateway when it does not know how to route the packet to its destination. The gateway should be on the same network as the AP. Enter the IP address of the DNS server. NXC Series User’s Guide...
Page 102: Radio List
AP Description This displays the description of the AP to which the radio belongs. Frequency Band This indicates the wireless frequency currently being used by the radio. This shows - when the radio is in monitor mode. NXC Series User’s Guide...
Page 103: Ap Mode Radio Information
This screen allows you to view detailed information about a selected radio’s SSID(s), wireless traffic and wireless clients for the preceding 24 hours. To access this window, select an entry and click the More Information button in the Radio List screen. NXC Series User’s Guide...
Page 104 Chapter 6 Monitor Figure 59 Monitor > Wireless > AP Information > Radio List > AP Mode Radio Information NXC Series User’s Guide...
Page 105: Zymesh Link Info
Use this screen to view the ZyMesh traffic statistics between the managed APs. Click Monitor > Wireless > ZyMesh > ZyMesh Link Info to access this screen. Figure 60 Monitor > Wireless > ZyMesh > ZyMesh Link Info NXC Series User’s Guide...
Page 106: Ssid Info
6.14 SSID Info Use this screen to view the number of wireless clients currently connected to an SSID and the security type used by the SSID. Click Monitor > Wireless > SSID Info to access this screen. NXC Series User’s Guide...
Page 107: Station List
Click this to refresh the items displayed on this page. 6.15 Station List Use this screen to view statistics pertaining to the associated stations (or “wireless clients”). Click Monitor > Wireless > Station Info > Station List to access this screen. NXC Series User’s Guide...
Page 108 Click this to return the search criteria to the factory defaults and display all connected stations without a filter. Disconnect Select one or multiple stations and click this to disconnect the station(s) from the AP. This is the station’s index number in this list. NXC Series User’s Guide...
Page 109: Detected Device
AP List > Edit AP List screen to detect other wireless devices in its vicinity. Or, if this feature is not supported by your AP, you could also set at least one radio of the AP connected to the NXC to monitor mode (in the Configuration > Wireless > AP Management screen). NXC Series User’s Guide...
Page 110 This indicates which group the detected device belongs. Description This displays the detected device’s description. For more on managing friendly and rogue APs, see the Configuration > Wireless > Rogue AP screen (Chapter 8 on page 119). NXC Series User’s Guide...
Page 111: View Log
Events that generate an alert (as well as a log message) display in red. Regular logs display in black. Click a column’s heading cell to sort the table entries by that column’s criteria. Click the heading cell again to reverse the sort order. Figure 64 Monitor > View Log NXC Series User’s Guide...
Page 112 Message field if log consolidation is turned on and multiple entries were aggregated to generate into this one. Source This field displays the source IP address and the port number in the event that generated the log message. NXC Series User’s Guide...
Page 113: View Ap Log
Table 52 Monitor > Log > View AP Log LABEL DESCRIPTION Show/Hide Filter Click this to show or hide the AP log filter. AP Selection Select an AP Select an AP from the list and click Query to view its log messages. NXC Series User’s Guide...
Page 114 This field is a sequential value, and it is not associated with a specific log message. Time This indicates the time that the log messages was created or recorded on the AP. Priority This indicates the selected log message’s priority. NXC Series User’s Guide...
Page 115 This displays content of the selected log message. Source This displays the source IP address of the selected log message. Destination This displays the source IP address of the selected log message. Note This displays any notes associated with the selected log message. NXC Series User’s Guide...
Page 116: Registration
The NXC by default allows up to one ZyMesh root AP, which means only one radio of the managed AP can be set to root AP mode. Buy a ZyMesh license to have more root APs. NXC Series User’s Guide...
Page 117: Registration
This is the entry’s position in the list. Service This lists the services that are available on the NXC. Status This field displays whether this is a default service (Default) or an activated license upgrade (Licensed). NXC Series User’s Guide...
Page 118 This field displays how many managed APs the NXC can support with your current license. This field does not apply to the other services. License Refresh Service License Refresh Click this button to renew service license information (such as the registration status and expiration day). NXC Series User’s Guide...
Page 119: Wireless
Wireless load balancing is the process where you limit the number of connections allowed on an wireless access point (AP) or you limit the amount of wireless traffic transmitted and received on it so the AP does not become overloaded. NXC Series User’s Guide...
Page 120: Controller
Click Apply to save your changes back to the NXC. Reset Click Reset to return the screen to its last-saved settings. 8.3 AP Management Use the AP Management screens to manage all of the APs connected to the NXC. NXC Series User’s Guide...
Page 121: Mgmt. Ap List
Select one or multiple APs and click this button to remove the AP(s) from the manged AP selected rule list. Note: If in the Configuration > Wireless > Controller screen you set the Registration Type to Always Accept, then as soon as you remove an AP from this list it reconnects. NXC Series User’s Guide...
Page 122 ZyMesh profile name for Radio 2. It displays n/a for the AP radio profile for a radio not using an AP radio profile or - for the ZyMesh profile for a radio not using a ZyMesh profile. Version This displays the AP’s current firmware version. NXC Series User’s Guide...
Page 123 Advertising displays if the AP supports Bluetooth, detects a BLE device and advertising is activated, which means the BLE device can broadcasts packets to every device around it. NXC Series User’s Guide...
Page 124 Load Balancing This field displays the load balancing group(s) to which the AP belongs. Group Apply Click Apply to save your changes back to the NXC. Refresh Click Refresh to update the information in this screen. NXC Series User’s Guide...
Page 125 Select an AP and click the Edit the selected rule button or double-click an entry in the Configuration > Wireless > AP Management > Mgmt. AP List table to display this screen. Figure 70 Configuration > Wireless > AP Management > Mgmt. AP List > Edit AP List NXC Series User’s Guide...
Page 126 Table 59 on page 135. Each AP can belong to up to two groups. Radio 1/2 Setting Override Group Select this option to overwrite the AP radio settings with the settings you configure here. Radio Setting NXC Series User’s Guide...
Page 127 Indicates which SSID profile is associated with this radio profile. Bluetooth Advertising Setting This section is available only when the AP supports Bluetooth Low Energy (BLE). Edit Click this to edit the selected entry. See Section 6.11.2.1 on page NXC Series User’s Guide...
Page 128 This shows the port’s PVID. A PVID (Port VLAN ID) is a tag that adds to incoming untagged frames received on a port so that the frames are forwarded to the VLAN group that the tag defines. NXC Series User’s Guide...
Page 129 When the locator LED is off, click the Turn On button to activate the locator function. It will show the actual location of the AP between several devices in the network. If the locator LED is blinking, click the Turn Off button to stop the locator LED from blinking immediately. NXC Series User’s Guide...
Page 130: Ap Policy
Select Auto to have the managed AP(s) automatically send broadcast packets to find any other available AP controllers. Select Manual to replace the AP controller’s IP address configured on the managed AP(s) with the one(s) you specified below. NXC Series User’s Guide...
Page 131: Ap Group
APs in the group. An AP can belong to one AP group at a time. Click Configuration > Wireless > AP Management > AP Group to access this screen. Figure 72 Configuration > Wireless > AP Management > AP Group NXC Series User’s Guide...
Page 132 Member Count This is the total number of APs which belong to this group. Apply Click Apply to save your changes back to the NXC. Reset Click Reset to return the screen to its last-saved settings. NXC Series User’s Guide...
Page 133 Chapter 8 Wireless 8.3.3.1 Add/Edit AP Group Click Add or select an AP group and click the Edit button in the Configuration > Wireless > AP Management > AP Group table to display this screen. NXC Series User’s Guide...
Page 134 Chapter 8 Wireless Figure 73 Configuration > Wireless > AP Management > AP Group > Add/Edit NXC Series User’s Guide...
Page 135 If there is a high density of APs in an area, decrease the output power of the managed AP to reduce interference with other APs. Note: Reducing the output power also reduces the NXC’s effective broadcast radius. NXC Series User’s Guide...
Page 136 This displays whether or not the VLAN is activated. Name This shows the name of the VLAN. This shows the VLAN ID number. Member This field displays the Ethernet port(s) that is a member of this VLAN. Load Balancing Setting NXC Series User’s Guide...
Page 137 AP will be kicked continuously and never be allowed to connect. Rogue AP Detection Setting Enable Rogue AP Select this option to detect Rogue APs in the network. Detection Portal Redirect on AP NXC Series User’s Guide...
Page 138: Firmware
AP firmware from the firmware server. If the NXC does not have enough space for the latest AP firmware, then the NXC will delete an existing firmware that no AP is using before downloading the new AP firmware. NXC Series User’s Guide...
Page 139 Click this to download newer Available Firmware from the firmware server and update the Runtime Firmware version. This is an index number of a managed AP. Model This displays the name of all manageable AP models. NXC Series User’s Guide...
Page 140: Rogue Ap
Click Configuration > Wireless > Rogue AP > Rogue/Friendly AP List to access this screen. Figure 75 Configuration > Wireless > Rogue AP > Rogue/Friendly AP List NXC Series User’s Guide...
Page 141 AP are disconnected automatically. Note: This feature only works when the AP is in monitor mode. Apply Click Apply to save your changes back to the NXC. Reset Click Reset to return the screen to its last-saved settings. NXC Series User’s Guide...
Page 142: Add/Edit Rogue/Friendly List
Use this screen to enable auto healing, which allows you to extend the wireless service coverage area of the managed APs when one of the APs fails. Click Configuration > Wireless > Auto Healing to access this screen. Figure 77 Configuration > Wireless > Auto Healing NXC Series User’s Guide...
Page 143: Technical Reference
In the 2.4 GHz spectrum, each channel from 1 to 13 is broken up into discrete 22 MHz segments that are spaced 5 MHz apart. Channel 1 is centered on 2.412 GHz while channel 13 is centered on 2.472 GHz. Figure 78 An Example Three-Channel Deployment NXC Series User’s Guide...
Page 144: Load Balancing
AP. If he still connects to the AP regardless of the delay, then the AP may boot other people who are already connected in order to associate with the new connection. NXC Series User’s Guide...
Page 145: Disassociating And Delaying Connections
AP with bandwidth to spare. Figure 81 Delaying a Connection The second response your AP can take is to kick the connections that are pushing it over its balanced bandwidth allotment. NXC Series User’s Guide...
Page 146 If no connections are idle, the next criteria the NXC analyzes is signal strength. Devices with the weakest signal strength are kicked first. NXC Series User’s Guide...
Page 147: Interfaces
• An interface belongs to at most one zone. • Many interfaces can belong to the same zone. Types of Interfaces You can create several types of interfaces in the NXC. • Ethernet interfaces are the foundation for defining other interfaces and network policies. NXC Series User’s Guide...
Page 148: Ethernet Summary
However, the routers also generate more network traffic, and some routing protocols require a significant amount of configuration and management. Figure 83 Configuration > Network > Interface > Ethernet NXC Series User’s Guide...
Page 149: Edit Ethernet
NXC automatically updates every rule or setting that uses the object whenever the interface’s IP address settings change. For example, if you change LAN’s IP address, the NXC automatically updates the corresponding interface-based, LAN subnet address object. NXC Series User’s Guide...
Page 150 Chapter 9 Interfaces Figure 84 Configuration > Network > Interface > Ethernet > Edit (general) NXC Series User’s Guide...
Page 151 IP address, subnet mask, and gateway manually. IP Address This field is enabled if you set the Interface Type to internal or you select Use Fixed IP Address. Enter the IP address for this interface. NXC Series User’s Guide...
Page 152 If this interface is a DHCPv6 client, use this section to configure DHCPv6 request settings that Options determine what additional information to get from the DHCPv6 server. Click this to create an entry in this table. See Section 9.2.3 on page 156 for more information. NXC Series User’s Guide...
Page 153 This field only displays when you set the Check Method to tcp. Specify the port number to use for a TCP connectivity check. DHCP Setting These fields appear when you set the Interface Type to Internal or General. NXC Series User’s Guide...
Page 154 This table is available if you selected DHCP server. Options Configure this table if you want to send more information to DHCP clients through DHCP packets. Click this to create an entry in this table. See Section 9.2.4 on page 157. NXC Series User’s Guide...
Page 155 SNAT behavior for an interface with the Interface Type set to Internal or External. Click OK to save your changes back to the NXC. Cancel Click Cancel to exit this screen without saving. NXC Series User’s Guide...
Page 156: Object References
Configuration > Network > Interface > Ethernet > Edit, set DHCPv6 to Client in the DHCPv6 Setting section, and then click Add in the DHCPv6 Request Options table. Select a DHCPv6 request object in the Select one object field and click OK to save it. Click Cancel to exit without saving the setting. NXC Series User’s Guide...
Page 157: Add/Edit Dhcp Extended Options
This is the type of the selected DHCP option. If you selected User Defined in the Option field, select an appropriate type for the value that you will enter in the next field. Only advanced users should configure User Defined. Misconfiguration could result in interface lockout. NXC Series User’s Guide...
Page 158 The option contains one or more IPv4 addresses that the client may use. The current use of this option is for downloading configuration from a VoIP server via TFTP; however, the option may be used for purposes other than contacting a VoIP configuration server. NXC Series User’s Guide...
Page 159: Vlan Interfaces
As a result, the new switch is required to handle traffic inside VLAN 2. Traffic is only broadcast inside each VLAN, not each physical network. • Traffic between VLANs (or between a VLAN and another type of network) is layer-3 communication (network layer, IP addresses). It is handled by the router. NXC Series User’s Guide...
Page 160: Vlan Summary
Use the Configuration section for IPv4 network settings. Use the IPv6 Configuration section for IPv6 Configuration IPv6 network settings if you connect your NXC to an IPv6 network. Both sections have similar fields as described below. Click this to create a new VLAN. NXC Series User’s Guide...
Page 161: Add/Edit Vlan
VLAN interface. To access this screen, click the Add icon at the top of the Add column or click an Edit icon next to a VLAN interface in the VLAN Summary screen. The following screen appears. NXC Series User’s Guide...
Page 162 Chapter 9 Interfaces Figure 91 Configuration > Network > Interface > VLAN > Add/Edit NXC Series User’s Guide...
Page 163 Enter the priority of the gateway (if any) on this interface. The NXC decides which gateway to use based on this priority. The lower the number, the higher the priority. If two or more gateways have the same priority, the NXC uses the one that was configured first. NXC Series User’s Guide...
Page 164 This field displays the IPv6 address that the NXC obtained from an uplink router. Interface Parameters Egress Bandwidth Enter the maximum amount of traffic, in kilobits per second, the NXC can send through the interface to the network. Allowed values are 0 - 1048576. NXC Series User’s Guide...
Page 165 Specify how long each computer can use the information (especially the IP address) before it has to request the information again. Choices are: infinite - select this if IP addresses never expire days, hours, and minutes - select this to enter how long IP addresses are valid. NXC Series User’s Guide...
Page 166 Enter the number of seconds to wait for a response before the attempt is a failure. Check Fail Enter the number of consecutive failures before the NXC stops routing through the Tolerance gateway. Check Default Select this to use the default gateway for the connectivity check. Gateway NXC Series User’s Guide...
Page 167: Lag
Link Aggregation Group (LAG). 9.4.1 LAG Summary Screen This screen lists every LAG created on the NXC. To access this screen, click Configuration > Network > Interface > LAG. Figure 92 Configuration > Network > Interface > LAG NXC Series User’s Guide...
Page 168: Lag Add/Edit
Click Reset to return the screen to its last-saved settings. 9.4.2 LAG Add/Edit This screen lets you configure Interface and LAG parameters for each LAG interface. To access this screen, click the Add or Edit icon in the LAG screen. The following screen appears. NXC Series User’s Guide...
Page 169 Chapter 9 Interfaces Figure 93 Configuration > Network > Interface > LAG > Add NXC Series User’s Guide...
Page 170 This field displays in 802.3ad Mode. This field sets the algorithm for slave selection according to the selected TCP/IP layer. Rate This field displays in 802.3ad Mode. Select the preferred LACPDU packet transmission rate (slow/fast) to request from 802.3ad partner. NXC Series User’s Guide...
Page 171 NXC stops routing to the gateway. The NXC resumes routing to the gateway the first time the gateway passes the connectivity check. Enable Select this to turn on the connection check. Connectivity Check NXC Series User’s Guide...
Page 172 Custom Defined - enter a static IP address. From ISP - select the DNS server that another interface received from its DHCP server. EnterpriseWLAN - the DHCP clients use the IP address of this interface and the NXC works as a DNS relay. NXC Series User’s Guide...
Page 173 Click Policy Route to go to the screen where you can manually configure a policy route to Route associate traffic with this bridge interface. Click OK to save your changes back to the NXC. Cancel Click Cancel to exit this screen without saving. NXC Series User’s Guide...
Page 174: Technical Reference
Each fragment is sent separately, and the original packet is re-assembled later. The smaller the MTU, the more fragments sent, and the more work required to re-assemble packets correctly. At the time of writing, the NXC does not support ingress bandwidth management. NXC Series User’s Guide...
Page 175 DNS servers that other interfaces received from DHCP servers (for example, a DNS server at an ISP). These other interfaces have to be DHCP clients. It is not possible for an interface to be the DHCP server and a DHCP client simultaneously. NXC Series User’s Guide...
Page 176 IP address. In this way WINS is similar to DNS, although WINS does not use a hierarchy (unlike DNS). A network can have more than one WINS server. Samba can also serve as a WINS server. NXC Series User’s Guide...
Page 177: Policy And Static Routes
• Policy routes take priority over static routes. If you need to use a routing policy on the NXC and propagate it to other routers, you could configure a policy route and an equivalent static route. NXC Series User’s Guide...
Page 178: Policy Route
• Routing the packet to a different gateway or outgoing interface. • Limiting the amount of bandwidth available and setting a priority for traffic. IPPR follows the existing packet filtering facility of RAS in style and in implementation. NXC Series User’s Guide...
Page 179 This is the interface on which the packets are received. Source This is the name of the source IP address (group) object. any means all IP addresses. Destination This is the name of the destination IP address (group) object. any means all IP addresses. NXC Series User’s Guide...
Page 180: Add/Edit Policy Route
Click Configuration > Network > Routing to open the Policy Route screen. Then click the Add or Edit icon to open the Policy Route Edit screen. Use this screen to configure or edit a policy route. NXC Series User’s Guide...
Page 181 This field displays only when you set Incoming to Interface. Select an interface from which the member packets are sent. Source Address Select a source IP address object from which the packets are sent. Destination Select a destination IP address object to which the traffic is being sent. Address NXC Series User’s Guide...
Page 182 The “wmm” entries are for QoS. For more information on QoS and WMM categories, see on page 185. User-Defined Use this field to specify a custom DSCP value. DSCP Code Address Use this section to configure NAT for the policy route. Translation NXC Series User’s Guide...
Page 183: Static Route
The gateway is a router or switch on the same segment as your NXC's interface(s). The gateway helps forward packets to their destinations. Metric This is the route’s priority among the NXC’s routes. The smaller the number, the higher priority the route has. NXC Series User’s Guide...
Page 184: Static Route Setting
NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address in a packet in one network to a different IP address in another network. Use SNAT (Source NAT) to change the source IP address in one network to a different IP address in another network. NXC Series User’s Guide...
Page 185 If traffic from an SSID does not have strict throughput requirements, then this access category is recommended. For example, an SSID that only has network printers connected to it. NXC Series User’s Guide...
Page 186: Zones
• Extra-zone traffic is traffic to or from any interface that is not assigned to a zone. • Some zone-based security and policy settings may apply to extra-zone traffic, especially if you can set the zone attribute in them to Any or All. See the specific feature for more information. NXC Series User’s Guide...
Page 187: Zone
This field displays the names of the interfaces that belong to each zone. 11.2.1 Add/Edit Zone This screen allows you to add or edit a zone. To access this screen, go to the Zone screen, and click the Add icon or an Edit icon. NXC Series User’s Guide...
Page 188 Member lists the interfaces that belong to the zone. Select any interfaces that you want to remove from the zone, and click the left arrow button to remove them. Click OK to save your customized settings and exit this screen. Cancel Click Cancel to exit this screen without saving. NXC Series User’s Guide...
Page 189: Nat
NAT rules and edit and delete existing NAT rules. To access this screen, log into the Web Configurator and click Configuration > Network > NAT. The following screen appears, providing a summary of the existing NAT rules. NXC Series User’s Guide...
Page 190: Add/Edit Nat
12.2.1 Add/Edit NAT This screen lets you create new NAT rules and edit existing ones. To open this window, open the NAT summary screen. Then, click on an Add icon or Edit icon to open the following screen. NXC Series User’s Guide...
Page 191 Type in the name of the NAT rule. The name is used to refer to the NAT rule. You may use 1-31 alphanumeric characters, underscores ( ), or dashes (-), but the first character cannot be a number. This value is case-sensitive. Port Mapping Type NXC Series User’s Guide...
Page 192 Ports - this NAT rule supports a range of destination ports. You might use a range of destination ports for unknown services or when one server supports more than one service. This field is read-only and displays any for Many 1:1 NAT. NXC Series User’s Guide...
Page 193: Technical Reference
Suppose a NAT 1:1 rule maps a public IP address to the private IP address of a LAN SMTP e-mail server to give WAN users access. NAT loopback allows other users to also use the rule’s original IP to access the mail server. NXC Series User’s Guide...
Page 194 The LAN SMTP server replies to the NXC’s LAN IP address and the NXC changes the source address to 1.1.1.1 before sending it to the LAN user. The return traffic’s source matches the original destination address (1.1.1.1). If the SMTP server replied directly to the LAN user without the traffic going through NAT, NXC Series User’s Guide...
Page 195 LAN user’s computer to shut down the session. Figure 105 LAN to LAN Return Traffic Source 192.168.1.21 Source 1.1.1.1 SMTP SMTP 192.168.1.89 192.168.1.21 NXC Series User’s Guide...
Page 196: Alg
You must also enable NAT in the NXC to allow sessions initiated from the WAN. 13.2 ALG Click Configuration > Network > ALG to open this screen. Use this screen to turn the ALG off or on, configure the port numbers to which it applies. NXC Series User’s Guide...
Page 197: Technical Reference
File Transfer Protocol (FTP) is an Internet file transfer service that operates on the Internet and over TCP/IP networks. A system running the FTP server accepts commands from a system running an FTP client. The service allows users to send commands to the server for uploading and downloading files. NXC Series User’s Guide...
Page 198: Ip/Mac Binding
IP/MAC binding. 14.1.2 What You Need to Know The following terms and concepts may help as you read this chapter. DHCP IP/MAC address bindings are based on the NXC’s dynamic and static DHCP entries. NXC Series User’s Guide...
Page 199: Ip/Mac Binding Summary
This field displays the interface’s total number of IP/MAC bindings and IP addresses that the Binding interface has assigned by DHCP. Apply Click Apply to save your changes back to the NXC. Reset Click Reset to return the screen to its last-saved settings. NXC Series User’s Guide...
Page 200: Edit Ip/Mac Binding
This is the IP address that the NXC assigns to a device with the entry’s MAC address. MAC Address This is the MAC address of the device to which the NXC assigns the entry’s IP address. Description This helps identify the entry. NXC Series User’s Guide...
Page 201: Add/Edit Static Dhcp Rule
Click Configuration > Network > IP/MAC Binding > Exempt List to open the IP/MAC Binding Exempt List screen. Use this screen to configure ranges of IP addresses to which the NXC does not apply IP/MAC binding. NXC Series User’s Guide...
Page 202 Enter the first IP address in a range of IP addresses for which the NXC does not apply IP/MAC binding. End IP Enter the last IP address in a range of IP addresses for which the NXC does not apply IP/MAC binding. Apply Click Apply to save your changes back to the NXC. NXC Series User’s Guide...
Page 203: Captive Portal
The NXC allows you to use either an internal captive web portal (built into the NXC) or external captive web portal (on an external web server). You can even customize the portal page(s). See Section 15.3.3 on page 213 for portal pages details. NXC Series User’s Guide...
Page 204: What You Can Do In This Chapter
• The Redirect on AP screen (Section 15.5 on page 221) configures the authentication policy rules for traffic from specific SSIDs of the managed APs. 15.2 Captive Portal This screen allows you to enable captive portal and define any exceptional services. NXC Series User’s Guide...
Page 205 Click this to add a new rule. Edit Select an entry and click this to change the rule settings. The new setting applies to the new client’s MAC address if you change the MAC caching time after a rule is created. NXC Series User’s Guide...
Page 206: Add Exceptional Services
Exceptional Services table on the Captive Portal screen to access this screen. Note: If you want 802.1x to work properly, you must set BOOTP_Client and DNS as exceptional services. Figure 114 Configuration > Captive Portal > Add Exceptional Services NXC Series User’s Guide...
Page 207: Custom Captive Portal
LABEL DESCRIPTION Customized Page Click this to add a new customized login page theme. Edit Select an existing theme and click this to modify it. Remove Select an existing theme and click this to delete it. NXC Series User’s Guide...
Page 208: Add Customized Page
Click Reset to return the screen to its last-saved settings. 15.3.1 Add Customized Page This screen allows you to add a customized login page. Click the Add button in the Customized Page table on the Custom Captive Portal screen to access this screen. NXC Series User’s Guide...
Page 209 Chapter 15 Captive Portal Figure 116 Configuration > Captive Portal > Custom Captive Portal > Add Customized Page NXC Series User’s Guide...
Page 210 To use a color, select Color and specify the color. Customized User-logout This section allows you to customize elements on the user logout page. Page Title Enter 1-64 characters for the page title. Spaces are allowed. Message Color Specify the color of the screen’s text. NXC Series User’s Guide...
Page 211: Custom Login And Access
15.3.2 Custom Login and Access Pages The following identify the parts you can customize in the login and access pages. Figure 117 Login Page Customization Logo Title Message Color (color of all text) Background Note Message (last line of text) NXC Series User’s Guide...
Page 212 (last line of text) Background You can specify colors in one of the following ways: • Click Color to display a screen of web-safe colors from which to choose. • Enter the name of the desired color. NXC Series User’s Guide...
Page 213: External Or Uploaded Web Portal Details
You can also configure the look and feel of the web portal page if you use an external web portal or upload a web portal file to the NXC. Here are some examples. Figure 120 External Web Portal Login Page Example Figure 121 External Web Portal Welcome Page Example NXC Series User’s Guide...
Page 214 Chapter 15 Captive Portal Figure 122 External Web Portal Session Page Example Figure 123 External Web Portal Logout Page Example NXC Series User’s Guide...
Page 215 Here are the HTTP parameters the NXC uses with the external URL. Table 96 HTTP Parameters for External URL PARAMETER DESCRIPTION LOGIN WELCOME SESSION LOGOUT ERROR gw_addr NXC IP Address error_num Login error code auth_hour The remaining hours before authentication timeout NXC Series User’s Guide...
Page 216: Redirect On Controller
NXC, go to the Captive Portal > Redirect on AP screen. Click Configuration > Captive Portal > Redirect on Controller to access this screen. Figure 126 Configuration > Captive Portal > Redirect on Controller NXC Series User’s Guide...
Page 217: Auth. Policy Add/Edit
This screen allows you to add authentication policies to captive portal interception. Click the Add or Edit button (for an existing policy) in the Authentication Policy Summary table on the Captive Portal > Redirect on Controller screen to access this screen. NXC Series User’s Guide...
Page 218 Chapter 15 Captive Portal Figure 127 Configuration > Captive Portal > Redirect on Controller: Add/Edit NXC Series User’s Guide...
Page 219 The Internet Information Server (IIS) is the web server on which the web portal files are installed. Logout URL Specify the logout page’s URL; for example, http://IIS server IP Address/logout.html. The Internet Information Server (IIS) is the web server on which the web portal files are installed. NXC Series User’s Guide...
Page 220 Authenticator Select a user account or user group that you created in the Object > User/Group screen to act as an authenticator. The authenticator assists clients in authentication with a QR code. Note: The authenticator must be able to access the IP address of the specified VLAN interface. NXC Series User’s Guide...
Page 221: Redirect On Ap
AP group with which the SSID is associated. Figure 128 Configuration > Captive Portal > Redirect on AP NXC Series User’s Guide...
Page 222 This displays the description of the policy. It has no intrinsic value to the system. Apply Click Apply to save your changes back to the NXC. Reset Click Reset to return the screen to its last-saved settings. NXC Series User’s Guide...
Page 223: Auth. Policy Group Add/Edit
This field displays the name of the authentication policy that is added to this group. You can click the name to make it editable. Click OK to save your changes back to the NXC. Cancel Click Cancel to exit this screen without saving. NXC Series User’s Guide...
Page 224: Auth. Policy Add/Edit
This screen allows you to add or configure authentication policy rules. Click the Add or Edit button (for an existing policy) in the Authentication Policy Rule table on the Captive Portal > Redirect on AP screen to access this screen. Figure 130 Configuration > Captive Portal > Redirect on AP: Auth. Policy Add/Edit NXC Series User’s Guide...
Page 225 The Internet Information Server (IIS) is the web server on which the web portal files are installed. Logout URL Specify the logout page’s URL; for example, http://IIS server IP Address/logout.html. The Internet Information Server (IIS) is the web server on which the web portal files are installed. NXC Series User’s Guide...
Page 226 Internet. Use “http://” followed by up to 262 characters (0-9a-zA-Z;/?:@&=+$\.-_!~*'()%). For example, http://www.example.com or http://172.16.1.35. Click OK to save your changes back to the NXC. Cancel Click Cancel to exit this screen without saving. NXC Series User’s Guide...
Page 227: Rtls
16.1.1 What You Can Do in this Chapter Use the RTLS screen (Section 16.3 on page 228) to use the managed APs as part of an Ekahau RTLS to track the location of Ekahau WiFi tags. NXC Series User’s Guide...
Page 228: Before You Begin
Click Configuration > RTLS to open this screen. Use this screen to turn RTLS (Real Time Location System) on or off and specify the IP address and server port of the Ekahau RTLS Controller. Figure 132 Configuration > RTLS NXC Series User’s Guide...
Page 229 Specify the IP address of the Ekahau RTLS Controller. Server Port Specify the server port number of the Ekahau RTLS Controller. Apply Click Apply to save your changes back to the NXC. Reset Click Reset to return the screen to its last-saved settings. NXC Series User’s Guide...
Page 230: Firewall
LAN to DMZ, and LAN to WLAN traffic is allowed. This also includes traffic to or from interfaces that are not assigned to a zone (extra-zone traffic). To-NXC Rules Rules with EnterpriseWLAN as the To Zone apply to traffic going to the NXC itself. By default: NXC Series User’s Guide...
Page 231 You can have the NXC permit the use of asymmetrical route topology on the network (not reset the connection). However, allowing asymmetrical routes may let traffic from the WAN go directly to the LAN without passing through the NXC. NXC Series User’s Guide...
Page 232: Firewall
Select this check box to have the NXC permit the use of asymmetrical route topology on the network (not reset the connection). Note: Allowing asymmetrical routes may let traffic from the WAN go directly to the LAN without passing through the NXC. NXC Series User’s Guide...
Page 233 This field shows you whether a log (and alert) is created when packets match this rule or not. Apply Click Apply to save your changes back to the NXC. Reset Click Reset to return the screen to its last-saved settings. NXC Series User’s Guide...
Page 234: Add/Edit Firewall Screen
Select a source address or address group for whom this rule applies. Select any if the policy is effective for every source. Destination Select a destination address or address group for whom this rule applies. Select any if the policy is effective for every destination. NXC Series User’s Guide...
Page 235: Session Control
Table 107 Configuration > Firewall > Session Control LABEL DESCRIPTION General Settings UDP Session Time Set how many seconds (from 1 to 300) the NXC will allow a UDP session to remain idle (without UDP traffic) before closing it. Session Limit Settings NXC Series User’s Guide...
Page 236: Add/Edit Session Limit
Click Configuration > Firewall > Session Limit and the Add or Edit icon to display the Firewall Session Limit Edit screen. Use this screen to configure rules that define a session limit for specific users or addresses. NXC Series User’s Guide...
Page 237 For this rule’s users and addresses, this setting overrides the Default Session per Host setting in the general Firewall Session Limit screen. Click OK to save your customized settings and exit this screen. Cancel Click Cancel to exit this screen without saving. NXC Series User’s Guide...
Page 238: User/Group
WWW, TELNET, SSH, FTP, Console limited-admin Look at NXC configuration (web, CLI) WWW, TELNET, SSH, Console Perform basic diagnostics (CLI) Access Users user Access network services Captive Portal, TELNET, SSH Browse user-mode commands (CLI) guest Access network services Captive Portal NXC Series User’s Guide...
Page 239 Use an external server to authenticate wireless clients by MAC address. After authentication the NXC maps the wireless client to a mac-address user account (MAC role). Configure user-aware features to control MAC address user access to network services. NXC Series User’s Guide...
Page 240: User Summary
User role setting in ext-group-user. User role setting in default user (ldap-users, ad-users, radius-users). 18.2 User Summary The User screen provides a summary of all user accounts. To access this screen click Configuration > Object > User/Group. NXC Series User’s Guide...
Page 241: Add/Edit User
This field displays the number of times an object reference is used in a profile. 18.2.1 Add/Edit User The User Add/Edit screen allows you to create a new user account or edit an existing one. 18.2.1.1 Rules for User Names Enter a user name from 1 to 31 characters. NXC Series User’s Guide...
Page 242 • sshd • sync • uucp • zyxel To access this screen, go to the User screen, and click Add or Edit. Figure 138 Configuration > Object > User/Group > User > Add/Edit A User (user) NXC Series User’s Guide...
Page 243 This field is available for a ext-group-user type user account. Select the AAA server to use to AAA Server authenticate this account’s users. Object Description Enter the description of each user, if any. You can use up to 60 printable ASCII characters. Default descriptions are provided. NXC Series User’s Guide...
Page 244: Group Summary
Table 112 Configuration > Object > User/Group > Group LABEL DESCRIPTION Click this to create a new entry. Edit Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings. NXC Series User’s Guide...
Page 245: Add/Edit Group
(-), but the first character cannot be a number. This value is case-sensitive. User group names have to be different than user names. Description Enter the description of the user group, if any. You can use up to 60 characters, punctuation marks, and spaces. NXC Series User’s Guide...
Page 246: Setting
You can also use this screen to specify when users must log in to the NXC before it routes traffic for them. To access this screen, login to the Web Configurator, and click Configuration > Object > User/Group > Setting. NXC Series User’s Guide...
Page 247 Chapter 18 User/Group Figure 142 Configuration > Object > User/Group > Setting NXC Series User’s Guide...
Page 248 This field is effective when Enable user idle detection is checked. Type the number of minutes each access user can be logged in and idle before the NXC automatically logs out the access user. User Logon Settings NXC Series User’s Guide...
Page 249 You can enter up to 1024 ASCII characters. Apply Click Apply to save the changes. Reset Click Reset to return the screen to its last-saved settings. NXC Series User’s Guide...
Page 250: Edit User Authentication Timeout Settings
Unlike Lease Time, the user has no opportunity to renew the session without logging out. Click OK to save your changes back to the NXC. Cancel Click Cancel to exit this screen without saving your changes. NXC Series User’s Guide...
Page 251: Add/Edit Dynamic Guest Group
18.4.3 User Aware Login Example Access users cannot use the Web Configurator to browse the configuration of the NXC. Instead, after access users log into the NXC, the following user aware login screen appears. Figure 145 User Aware Login NXC Series User’s Guide...
Page 252: Guest Manager Login Example
18.4.4 Guest Manager Login Example To create dynamic guest accounts, enter the guest-manager account information in the Web Configurator login screen. After you log in successfully, the following guest manager screen appears. Figure 146 Guest Manager Login NXC Series User’s Guide...
Page 253 Click this icon to create the account(s). Logout Click this icon to exit and go back to the Web Configurator login screen. 18.4.4.1 Guest Account List After you click Apply to create dynamic guest accounts, the following guest account list screen appears. NXC Series User’s Guide...
Page 254 Click this icon to go back to the previous screen. Guest(s) Print Click this icon to print out the account information and the notes you specified in the User/Group > Setting screen for dynamic guests. The following figure shows the dynamic guest account printout example. NXC Series User’s Guide...
Page 255: Mac Address
This field is a sequential value, and it is not associated with a specific entry. MAC Address/ The wireless client MAC address or OUI (Organizationally Unique Identifier). The OUI is the first three octets in a MAC address and uniquely identifies the manufacturer of a network device. NXC Series User’s Guide...
Page 256: Add/Edit Mac Address
NXC authenticate the MAC address or OUI using the local user database. Description Enter the description of the mapping, if any. Click OK to save your changes back to the NXC. Cancel Click Cancel to exit this screen without saving your changes. NXC Series User’s Guide...
Page 257: Ap Profile
• Layer-2 Isolation - This profile can be used to prevent connected wireless clients from communicating with each other in the NXC’s wireless network(s), on which layer-2 isolation is enabled, except the devices in the layer-2 isolation list. NXC Series User’s Guide...
Page 258: Radio
AP (NWA5121-N for example) can use to configure either one of its two radio transmitters. To access this screen click Configuration > Object > AP Profile. Note: You can have a maximum of 32 radio profiles on the NXC. NXC Series User’s Guide...
Page 259: Add/Edit Radio Profile
This screen allows you to create a new radio profile or edit an existing one. To access this screen, click the Add button or select a radio profile from the list and click the Edit button. NXC Series User’s Guide...
Page 260 Chapter 19 AP Profile Figure 152 Configuration > Object > AP Profile > Add/Edit Radio Profile NXC Series User’s Guide...
Page 261 Select 20MHz if you want to lessen radio interference with other wireless devices in your neighborhood or the wireless clients do not support channel bonding. Note: If the environment has poor signal-to-noise ratio (SNR), the AP will switch to a lower bandwidth. NXC Series User’s Guide...
Page 262 1, 4, 7, 11 in this configuration; otherwise, the NXC uses channels 1, 5, 9, 13 in this configuration. Four channel deployment expands your pool of possible channels while keeping the channel interference to a minimum. NXC Series User’s Guide...
Page 263 802.11n headers and wraps them in a 802.11n MAC header. This method is useful for increasing bandwidth throughput in environments that are prone to high error rates. A-MPDU Limit Enter the maximum frame size to be aggregated. NXC Series User’s Guide...
Page 264 Select Fixed Multicast Rate to send wireless multicast traffic at a single data rate. You must know the multicast application’s bandwidth requirements and set it in the following field. NXC Series User’s Guide...
Page 265: Ssid
Table 124 Configuration > Object > AP Profile > SSID List LABEL DESCRIPTION Click this to add a new SSID profile. Edit Click this to edit the selected SSID profile. Remove Click this to remove the selected SSID profile. NXC Series User’s Guide...
Page 266 This screen allows you to create a new SSID profile or edit an existing one. To access this screen, click the Add button or select an SSID profile from the list and click the Edit button. NXC Series User’s Guide...
Page 267 Select a security profile from this list to associate with this SSID. If none exist, you can use the Create new Object menu to create one. Note: It is highly recommended that you create security profiles for all of your SSIDs to enhance your network security. NXC Series User’s Guide...
Page 268 802.11v, the AP disconnects the client after it has been idle longer than 5 seconds. The client then can change to connect to a 5 GHz WiFi network. Otherwise, clear the check box to turn off this feature. NXC Series User’s Guide...
Page 269 When the connected clients request 802.11k neighbor lists, the AP will response with a list of neighbor APs that can be candidates for roaming. When the 802.11v capable clients are using the 2.4 GHz band, the AP can send 802.11v messages to steer clients to the 5 GHz band. NXC Series User’s Guide...
Page 270: Security List
This field is a sequential value, and it is not associated with a specific profile. Profile Name This field indicates the name assigned to the security profile. Security Mode This field indicates this profile’s security mode. NXC Series User’s Guide...
Page 271 This screen allows you to create a new security profile or edit an existing one. To access this screen, click the Add button or select a security profile from the list and click the Edit button. Note: This screen’s options change based on the Security Mode selected. NXC Series User’s Guide...
Page 272 Chapter 19 AP Profile Figure 156 Configuration > Object > AP Profile > SSID > Security Profile > Add/Edit Security Profile NXC Series User’s Guide...
Page 273 If Security Mode is wpa3, enabling this will force Management Frame Protection to be set to Optional. If this is disabled or if the Security Mode is enhanced open, Management Frame Protection will be set to Required. NXC Series User’s Guide...
Page 274 Primary / Secondary Select the check box to enable user accounting through an external authentication server. Accounting Server Activate Accounting Enter the IP address of the external accounting server in dotted decimal notation. Server IP Address NXC Series User’s Guide...
Page 275: Mac Filter List
This screen allows you to create and manage MAC filtering profiles that can be used by your SSIDs. To access this screen click Configuration > Object > AP Profile > SSID > MAC Filter List. Note: You can have a maximum of 32 MAC filtering profiles on the NXC. NXC Series User’s Guide...
Page 276 This screen allows you to create a new MAC filtering profile or edit an existing one. To access this screen, click the Add button or select a MAC filtering profile from the list and click the Edit button. Figure 158 SSID > MAC Filter List > Add/Edit MAC Filter Profile NXC Series User’s Guide...
Page 277: Layer-2 Isolation List
Table 130 Configuration > Object > AP Profile > SSID > Layer-2 Isolation List LABEL DESCRIPTION Layer-2 Isolation List Summary Click this to add a new layer-2 isolation profile. Edit Click this to edit the selected layer-2 isolation profile. Remove Click this to remove the selected layer-2 isolation profile. NXC Series User’s Guide...
Page 278 This field displays a description for the MAC address associated with this profile. You can click the description to make it editable. Enter up to 60 characters, spaces and underscores allowed. Click OK to save your changes back to the NXC. Cancel Click Cancel to exit this screen without saving your changes. NXC Series User’s Guide...
Page 279: Mon Profile
20.2 MON Profile This screen allows you to create monitor mode configurations that can be used by the APs. To access this screen, login to the Web Configurator, and click Configuration > Object > MON Profile. NXC Series User’s Guide...
Page 280: Add/Edit Mon Profile
This screen allows you to create a new monitor mode profile or edit an existing one. To access this screen, click the Add button or select and existing monitor mode profile and click the Edit button. NXC Series User’s Guide...
Page 281 The available channels vary depending on the country you selected. Be sure to select the correct/same country for both radios on an AP and all APs connected to the NXC, in order to prevent roaming failure and interference to other systems. NXC Series User’s Guide...
Page 282: Technical Reference
In the example above, a corporate network’s security is compromised by a rogue AP (RG) set up by an employee at his workstation in order to allow him to connect his notebook computer wirelessly (A). The NXC Series User’s Guide...
Page 283 (those from recognized networks, for example). It is recommended that you export (save) your list of friendly APs often, especially if you have a network with a large number of access points. NXC Series User’s Guide...
Page 284: Zymesh Profile
• Repeater: a managed AP that transmits and/or receives data from the NXC via a wireless connection through a root AP. Note: When managed APs are deployed to form a ZyMesh for the first time, the root AP must be connected to an AP controller (the NXC). NXC Series User’s Guide...
Page 285: What You Can Do In This Chapter
285) creates preset ZyMesh configurations that can be used by the NXC. 21.2 ZyMesh Profile This screen allows you to manage and create ZyMesh profiles that can be used by the APs. To access this screen, click Configuration > Object > ZyMesh Profile. NXC Series User’s Guide...
Page 286 This field is a sequential value, and it is not associated with a specific profile. Profile Name This field indicates the name assigned to the profile. ZyMesh SSID This field shows the SSID specified in this ZyMesh profile. NXC Series User’s Guide...
Page 287: Add/Edit Zymesh Profile
64 hexadecimal characters. The key is used to encrypt the wireless traffic between the APs. Click OK to save your changes back to the NXC. Cancel Click Cancel to exit this screen without saving your changes. NXC Series User’s Guide...
Page 288: Addresses
Click the heading cell again to reverse the sort order. If you enabled IPv6 in the Configuration > System > IPv6 screen, you can also view and configure your IPv6 addresses on this screen. NXC Series User’s Guide...
Page 289: Add/Edit Address
The Add/Edit Address screen allows you to create a new address or edit an existing one. To access this screen, go to the Address screen, and click either the Add icon or an Edit icon. Figure 167 Configuration > Object > Address > Address > Add/Edit NXC Series User’s Guide...
Page 290: Address Group Summary
Click the heading cell again to reverse the sort order. If you enabled IPv6 in the Configuration > System > IPv6 screen, you can also view and configure your IPv6 address groups on this screen. NXC Series User’s Guide...
Page 291: Add/Edit Address Group Rule
The Add/Edit Address Group Rule screen allows you to create a new address group or edit an existing one. To access this screen, go to the Address Group screen and click either the Add icon or an Edit icon. NXC Series User’s Guide...
Page 292 Move any members you do not want included to the Available list. Click OK to save your changes back to the NXC. Cancel Click Cancel to exit this screen without saving your changes. NXC Series User’s Guide...
Page 293: Services
For example, ICMP is used to send the response if a computer cannot be reached. Another use is ping. ICMP does not guarantee delivery, but networks often treat ICMP messages differently, sometimes looking at the message itself to decide where to send it. NXC Series User’s Guide...
Page 294: Service Summary
To access this screen, log in to the Web Configurator, and click Configuration > Object > Service > Service. Click a column’s heading cell to sort the table entries by that column’s criteria. Click the heading cell again to reverse the sort order. Figure 170 Configuration > Object > Service > Service NXC Series User’s Guide...
Page 295: Add/Edit Service Rule
Enter the number of the next-level protocol (IP protocol). Allowed values are 0 - 255. Click OK to save your changes back to the NXC. Cancel Click Cancel to exit this screen without saving your changes. NXC Series User’s Guide...
Page 296: Service Group Summary
The Add/Edit Service Group Rule screen allows you to create a new service group or edit an existing one. To access this screen, go to the Service Group screen and click either the Add icon or an Edit icon. NXC Series User’s Guide...
Page 297 Move any members you do not want included to the Available list. Click OK to save your changes back to the NXC. Cancel Click Cancel to exit this screen without saving your changes. NXC Series User’s Guide...
Page 298: Schedules
Recurring schedules are useful for defining the workday and off- work hours. 24.2 Schedule Summary The Schedule summary screen provides a summary of all schedules in the NXC. To access this screen, click Configuration > Object > Schedule. NXC Series User’s Guide...
Page 299 This field displays the time at which the schedule begins. Stop Time This field displays the time at which the schedule ends. Reference This field displays the number of times an object reference is used in a profile. NXC Series User’s Guide...
Page 300: Add/Edit Schedule One-Time Rule
Specify the hour and minute when the schedule ends. Hour - 0 - 23 Minute - 0 - 59 Click OK to save your changes back to the NXC. Cancel Click Cancel to exit this screen without saving your changes. NXC Series User’s Guide...
Page 301: Add/Edit Schedule Recurring Rule
Minute - 0 - 59 Weekly Week Days Select each day of the week the recurring schedule is effective. Click OK to save your changes back to the NXC. Cancel Click Cancel to exit this screen without saving your changes. NXC Series User’s Guide...
Page 302: Aaa Server
A user logs in with a user name and password pair. The NXC tries to bind (or log in) to the LDAP/AD server. When the binding process is successful, the NXC checks the user information in the directory against the user name and password pair. NXC Series User’s Guide...
Page 303 The following lists the types of authentication server the NXC supports. • Local user database The NXC uses the built-in local user database to authenticate administrative users logging into the NXC’s Web Configurator or network access users logging into the network through the NXC. NXC Series User’s Guide...
Page 304 The leftmost attribute is the Relative Distinguished Name (RDN). This provides a unique name for entries that have the same “parent DN” (“cn=domain1.com, ou=Sales, o=MyCompany” in the following examples). cn=domain1.com, ou = Sales, o=MyCompany, c=US cn=domain1.com, ou = Sales, o=MyCompany, c=JP NXC Series User’s Guide...
Page 305: Active Directory / Ldap
Select an entry and click Object References to open a screen that shows which settings use the References entry. This field displays the index number. Name This is the name that you specified to identify the server. NXC Series User’s Guide...
Page 306: Add/Edit Active Directory / Ldap Server
Note: The Active Directory and LDAP server setup screens are almost identical, so the features for both screens are described in this section. Figure 181 Configuration > Object > AAA Server > Active Directory > Add/Edit NXC Series User’s Guide...
Page 307 This port number should be the same on all AD or LDAP server(s) in this group. Base DN Specify the directory (up to 127 alphanumerical characters). For example, o=Zyxel, c=US Use SSL Select Use SSL to establish a secure connection to the AD or LDAP server(s). NXC Series User’s Guide...
Page 308 If you do not configure this, the NXC uses the format USERNAME@realm to do authentication. Configuration Use a user account from the server specified above to test if the configuration is correct. Enter Validation the account’s user name in the Username field and click Test. NXC Series User’s Guide...
Page 309: Radius
Click Configuration > Object > AAA Server > RADIUS to display the RADIUS screen. Click the Add icon or an Edit icon to display the following screen. Use this screen to create a new entry or edit an existing one. NXC Series User’s Guide...
Page 310 Authentication Server Settings Server Address Enter the address of the RADIUS authentication server. Authentication Specify the port number on the RADIUS server to which the NXC sends authentication Port requests. Enter a number between 1 and 65535. NXC Series User’s Guide...
Page 311 Search timeout occurs when either the user information is not in the RADIUS server or the RADIUS server is down. NAS IP Address If the RADIUS server requires the NXC to provide the Network Access Server IP address attribute with a specific value, enter it here. NXC Series User’s Guide...
Page 312 “management”. Then you could also create a ext-group-user user object for each group. One with “sales” as the group identifier, another for “RD” and a third for “management”. Click OK to save the changes. Cancel Click Cancel to discard the changes. NXC Series User’s Guide...
Page 313: Authentication Method
Configure AAA server objects before you configure authentication method objects. 26.2 Authentication Method Click Configuration > Object > Auth. Method to display this screen. Note: You can create up to 16 authentication method objects. Figure 185 Configuration > Object > Auth. Method NXC Series User’s Guide...
Page 314: Add Authentication Method
Click OK to save the settings or click Cancel to discard all changes and return to the previous screen. NXC Series User’s Guide...
Page 315 NXC does not continue the search on the second authentication server when you enter the username and password that doesn’t match the one on the first authentication server. Click OK to save the changes. Cancel Click Cancel to discard the changes. NXC Series User’s Guide...
Page 316: Certificates
Jenny receives the message and uses Tim’s public key to verify it. Jenny knows that the message is from Tim, and that although other people may have been able to read the message, no-one can have altered it (because they cannot re-sign the message with Tim’s private key). NXC Series User’s Guide...
Page 317 The NXC currently allows the importation of a PKS#7 file that contains a single certificate. • PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses lowercase letters, uppercase letters and numerals to convert a binary PKCS#7 certificate into a printable form. NXC Series User’s Guide...
Page 318: Verifying A Certificate
Use a secure method to verify that the certificate owner has the same information in the Thumbprint Algorithm and Thumbprint fields. The secure method may very based on your situation. Possible examples would be over the telephone or through an HTTPS connection. NXC Series User’s Guide...
Page 319: My Certificates
This field displays identifying information about the certificate’s owner, such as CN (Common Name), OU (Organizational Unit or department), O (Organization or company) and C (Country). It is recommended that each certificate have unique subject information. NXC Series User’s Guide...
Page 320: Adding My Certificates
Certificates Add screen. Use this screen to have the NXC create a self-signed certificate, enroll a certificate with a certification authority or generate a certification request. Figure 187 Configuration > Object > Certificate > My Certificates > Add NXC Series User’s Guide...
Page 321 Certificate Details screen to view the certification request and copy it to send to the locally for later certification authority. manual enrollment Copy the certification request from the My Certificate Details screen and then send it to the certification authority. NXC Series User’s Guide...
Page 322: Editing My Certificates
Click Configuration > Object > Certificate > My Certificates and then the Edit icon to open the My Certificate Edit screen. You can use this screen to view in-depth certificate information and change the certificate’s name. Figure 188 Configuration > Object > Certificate > My Certificates > Edit NXC Series User’s Guide...
Page 323 MD5 Fingerprint This is the certificate’s message digest that the NXC calculated using the MD5 algorithm. SHA1 Fingerprint This is the certificate’s message digest that the NXC calculated using the SHA1 algorithm. NXC Series User’s Guide...
Page 324: Importing Certificates
NXC. You can also import a certificate in PKCS#12 format, including the certificate’s public and private keys. The certificate you import replaces the corresponding request in the My Certificates screen. You must remove any spaces in the certificate’s filename before you can import it. NXC Series User’s Guide...
Page 325: Trusted Certificates
This screen displays a summary list of certificates that you have set the NXC to accept as trusted. The NXC also accepts any valid certificate signed by a certificate on this list as being trustworthy; thus you do not need to import any certificate that is signed by one of these certificates. NXC Series User’s Guide...
Page 326 Click Import to open a screen where you can save the certificate of a certification authority that you trust, from your computer to the NXC. Refresh Click this button to display the current validity status of the certificates. NXC Series User’s Guide...
Page 327: Editing Trusted Certificates
NXC to check a certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority. Figure 191 Configuration > Object > Certificate > Trusted Certificates > Edit NXC Series User’s Guide...
Page 328 Name (CN), Organizational Unit (OU), Organization (O) and Country (C). Issuer This field displays identifying information about the certificate’s issuing certification authority, such as Common Name, Organizational Unit, Organization and Country. With self-signed certificates, this is the same information as in the Subject Name field. NXC Series User’s Guide...
Page 329: Importing Trusted Certificates
Click Configuration > Object > Certificate > Trusted Certificates > Import to open the Trusted Certificates Import screen. Follow the instructions in this screen to save a trusted certificate to the NXC. Note: You must remove any spaces from the certificate’s filename before you can import the certificate. NXC Series User’s Guide...
Page 330: Technical Reference
The second is a reduction in network traffic since the NXC only gets information on the certificates that it needs to verify, not a huge list. When the NXC requests certificate status information, the OCSP server returns a “expired”, “current” or “unknown” response. NXC Series User’s Guide...
Page 331: Dhcpv6
This field is a sequential value, and it is not associated with a specific object. Name This field displays the name of each request object. Type This field displays the request type of each request object. NXC Series User’s Guide...
Page 332: Add/Edit Dhcpv6 Request Object
Select the request type for this request object. You can choose from DNS Server, or NTP Server. Interface Select the interface for this request object. Click OK to save your changes back to the NXC. Cancel Click Cancel to exit this screen without saving your changes. NXC Series User’s Guide...
Page 333: System
374) enables or disables IPv6 support on the NXC. 29.2 Host Name A host name is the unique name by which a device is known on a network. Click Configuration > System > Host Name to open this screen. NXC Series User’s Guide...
Page 334: Usb Storage
Note: Only connect one USB device. It must allow writing (it cannot be read-only) and use the FAT16, FAT32, EXT2, or EXT3 file system. Click Configuration > System > USB Storage to open the screen as shown next. NXC Series User’s Guide...
Page 335: Date And Time
For effective scheduling and logging, the NXC system time must be accurate. The NXC’s Real Time Chip (RTC) keeps track of the time and date. There is also a software mechanism to set the time manually or get the current time and date from an external server. NXC Series User’s Guide...
Page 336 This field displays the last updated date from the time server or the last date configured (yyyy-mm-dd) manually. When you set Time and Date Setup to Manual, enter the new date in this field and then click Apply. NXC Series User’s Guide...
Page 337 For example, if you set this field to 3.5, a log occurred at 6 P.M. in local official time will appear as if it had occurred at 10:30 P.M. Apply Click Apply to save your changes back to the NXC. Reset Click Reset to return the screen to its last-saved settings. NXC Series User’s Guide...
Page 338: Pre-Defined Ntp Time Servers List
Enter the NXC’s date in the New Date field. Under Time Zone Setup, select your Time Zone from the list. As an option you can select the Enable Daylight Saving check box to adjust the NXC clock for daylight savings. NXC Series User’s Guide...
Page 339: Console Speed
The Console Port Speed applies to a console port connection using terminal emulation software and NOT the Console in the NXC Web Configurator Status screen. Apply Click Apply to save your changes back to the NXC. Reset Click Reset to return the screen to its last-saved settings. NXC Series User’s Guide...
Page 340: Dns Overview
NXC to accept or discard DNS queries. Use the Network > Interface screens to configure the DNS server information that the NXC sends to the specified DHCP client devices. Figure 200 Configuration > System > DNS NXC Series User’s Guide...
Page 341 This is the domain name where the mail is destined for. IP/FQDN This is the IP address or Fully-Qualified Domain Name (FQDN) of a mail server that handles the mail for the domain specified in the field above. NXC Series User’s Guide...
Page 342: Address Record
A PTR (pointer) record is also called a reverse record or a reverse lookup record. It is a mapping of an IP address to a domain name. 29.6.5 Adding an Address/PTR Record Click the Add icon in the Address/PTR Record table to add an address/PTR record. NXC Series User’s Guide...
Page 343: Domain Zone Forwarder
29.6.7 Add Domain Zone Forwarder Click the Add icon in the Domain Zone Forwarder table to add a domain zone forwarder record. Figure 202 Configuration > System > DNS > Add Domain Zone Forwarder NXC Series User’s Guide...
Page 344: Mx Record
Enter the domain name where the mail is destined for. IP Address/FQDN Enter the IP address or Fully-Qualified Domain Name (FQDN) of a mail server that handles the mail for the domain specified in the field above. NXC Series User’s Guide...
Page 345: Add Service Control
Click Cancel to exit this screen without saving. 29.7 WWW Overview The following figure shows secure and insecure management of the NXC coming in from the WAN. HTTPS and SSH access are secure. HTTP, and Telnet management access are not secure. NXC Series User’s Guide...
Page 346: Service Access Limitations
(one party can identify the other party) and data integrity (you know if data has been changed). It relies upon certificates, public keys, and private keys (see Chapter 27 on page 316 for more information). NXC Series User’s Guide...
Page 347: Configuring Www Service Control
NXC using HTTP or HTTPS. You can also specify which IP addresses the access can come from. Note: Admin Service Control deals with management access (to the Web Configurator). User Service Control deals with user access to the NXC. NXC Series User’s Guide...
Page 348 Select a certificate the HTTPS server (the NXC) uses to authenticate itself to the HTTPS client. You must have certificates already configured in the My Certificates screen. Redirect HTTP to HTTPS To allow only secure Web Configurator access, select this to redirect all HTTP connection requests to the HTTPS server. NXC Series User’s Guide...
Page 349 To apply other behavior, configure a rule that traffic will match so the NXC will not have to use the default policy. Zone This is the zone on the NXC the user is allowed or denied to access. NXC Series User’s Guide...
Page 350: Service Control Rules
Select Accept to allow the user to access the NXC from the specified computers. Select Deny to block the user’s access to the NXC from the specified computers. Click OK to save your customized settings and exit this screen. Cancel Click Cancel to exit this screen without saving. NXC Series User’s Guide...
Page 351: Https Example
When you attempt to access the NXC HTTPS server, a screen with the message "There is a problem with this website's security certificate." may display. If that is the case, click Continue to this website (not recommended) to proceed to the web configurator login screen. NXC Series User’s Guide...
Page 352: Mozilla Firefox Warning Messages
If that is the case, click I Understand the Risks or Advanced and then the Add Exception... button. Figure 211 Security Alert (Mozilla Firefox 53.0) Confirm the HTTPS server URL matches. Click Confirm Security Exception to proceed to the web configurator login screen. NXC Series User’s Guide...
Page 353: Google Chrome Warning Messages
When you attempt to access the NXC HTTPS server, a Your connection is not private screen may display. If that is the case, click Advanced and then Proceed to x.x.x.x (unsafe) to proceed to the web configurator login screen. NXC Series User’s Guide...
Page 354 29.7.8.2 Login Screen After you accept the certificate, the NXC login screen appears. The lock displayed in the bottom of the browser status bar or next to the website address denotes a secure connection. NXC Series User’s Guide...
Page 355 Apply for a certificate from a Certification Authority (CA) that is trusted by the NXC (see the NXC’s Trusted Certificates Web Configurator screen). Figure 215 Trusted Certificates The CA sends you a package containing the CA’s trusted certificate(s), your personal certificate(s) and a password to install the personal certificate(s). NXC Series User’s Guide...
Page 356 Chapter 29 System 29.7.8.4 Installing the CA’s Certificate Double click the CA’s trusted certificate to produce a screen similar to the one shown next. Click Install Certificate and follow the wizard as shown earlier in this appendix. NXC Series User’s Guide...
Page 357 Click Next to begin the wizard. The file name and path of the certificate you double-clicked should automatically appear in the File name text box. Click Browse if you wish to import a different certificate. NXC Series User’s Guide...
Page 358 Enter the password given to you by the CA. Have the wizard determine where the certificate should be saved on your computer or select Place all certificates in the following store and choose a different location. NXC Series User’s Guide...
Page 359 You should see the following screen when the certificate is correctly installed on your computer. 29.7.8.6 Using a Certificate When Accessing the NXC To access the NXC via HTTPS: Enter ‘https://NXC IP Address/ in your browser’s web address field. NXC Series User’s Guide...
Page 360: Ssh
SSH is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network. In the following figure, computer A on the Internet uses SSH to securely connect to the WAN port of the NXC for a management session. NXC Series User’s Guide...
Page 361: How Ssh Works
After the identification is verified and data encryption activated, a secure tunnel is established between the client and the server. The client then sends its authentication information (user name and password) to the server to log in to the server. NXC Series User’s Guide...
Page 362: Ssh Implementation On The Nxc
Server Certificate Select the certificate whose corresponding private key is to be used to identify the NXC for SSH connections. You must have certificates already configured in the My Certificates screen. NXC Series User’s Guide...
Page 363: Examples Of Secure Telnet Using Ssh
A window displays prompting you to store the host key in you computer. Click Yes to continue. Figure 219 SSH Example 1: Store Host Key Enter the password to log in to the NXC. The CLI screen displays next. NXC Series User’s Guide...
Page 364: Telnet
IP address the access can come. Click Configuration > System > TELNET to configure your NXC for remote Telnet access. Use this screen to specify from which zones Telnet can be used to manage the NXC. You can also specify from which IP addresses the access can come. NXC Series User’s Guide...
Page 365 This displays whether the computer with the IP address specified above can access the NXC zone(s) configured in the Zone field (Accept) or not (Deny). Apply Click Apply to save your changes back to the NXC. Reset Click Reset to return the screen to its last-saved settings. NXC Series User’s Guide...
Page 366: Ftp
To change an entry’s position in the numbered list, select the method and click Move to display a field to type a number for where you want to put it and press [ENTER] to move the rule to the number that you typed. NXC Series User’s Guide...
Page 367: Snmp
(SNMPv1), version two (SNMPv2c) and version three (SNMPv3). The next figure illustrates an SNMP management operation. Figure 224 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. NXC Series User’s Guide...
Page 368: Supported Mibs
This trap is sent when the Ethernet link is down. linkUp 1.3.6.1.6.3.1.1.5.4 This trap is sent when the Ethernet link is up. authenticationFailure 1.3.6.1.6.3.1.1.5.5 This trap is sent when an SNMP request comes from non- authenticated hosts. NXC Series User’s Guide...
Page 369: Configuring Snmp
Type the trap community, which is the password sent with each trap to the SNMP manager. The default is public and allows all requests. Destination Type the IP address of the SNMP manager to which your SNMP traps are sent. NXC Series User’s Guide...
Page 370: Adding Or Editing An Snmpv3 User Profile
This screen allows you to add or edit an SNMPv3 user profile. To access this screen, click the Configuration > System > SNMP screen’s Add button or select a SNMPv3 user profile from the list and click the Edit button. NXC Series User’s Guide...
Page 371: Authentication Server
AP for user authentication and authorization. Click Configuration > System > Auth. Server tab. The screen appears as shown. Use this screen to enable the authentication server feature of the NXC and specify the RADIUS client’s IP address. NXC Series User’s Guide...
Page 372: Add/Edit Trusted Client
Click Configuration > System > Auth. Server to display the Auth. Server screen. Click the Add icon or an Edit icon to display the following screen. Use this screen to create a new entry or edit an existing one. NXC Series User’s Guide...
Page 373: Language
Click Cancel to discard the changes. 29.13 Language Click Configuration > System > Language to open this screen. Use this screen to select a display language for the NXC’s Web Configurator screens. Figure 229 Configuration > System > Language NXC Series User’s Guide...
Page 374: Ipv6
VLAN screens. The NXC discards all IPv6 packets if you clear this check box. Apply Click Apply to save your changes back to the NXC. Reset Click Reset to return the screen to its last-saved settings. NXC Series User’s Guide...
Page 375: Log And Report
Note: Data collection may decrease the NXC’s traffic throughput rate. Click Configuration > Log & Report > Email Daily Report to display the following screen. Configure this screen to have the NXC e-mail you system statistics every day. NXC Series User’s Guide...
Page 376 Chapter 30 Log and Report Figure 231 Configuration > Log & Report > Email Daily Report NXC Series User’s Guide...
Page 377: Log Settings
These screens control log messages and alerts. A log message stores the information for viewing (for example, in the View Log tab) or regular e-mailing later, and an alert is e-mailed immediately. Usually, alerts are used for events that require more serious attention, such as system errors and attacks. NXC Series User’s Guide...
Page 378: Log Settings Summary
Log Category Settings screen to edit this information for all logs at the same time. 30.3.1 Log Settings Summary To access this screen, click Configuration > Log & Report > Log Settings. Figure 232 Configuration > Log & Report > Log Settings NXC Series User’s Guide...
Page 379 This field is a summary of the settings for each log. Log Category Click this button to open the Log Category Settings screen. Settings Apply Click this button to save your changes (activate and deactivate logs) and make them take effect. NXC Series User’s Guide...
Page 380: Editing System Log Settings
This screen controls the detailed settings for each log in the system log (which includes the e-mail profiles). Go to the Log Settings Summary screen and click the system log Edit icon. Figure 233 Configuration > Log & Report > Log Settings > Edit (System Log) NXC Series User’s Guide...
Page 381 NXC will e-mail logs to them. enable normal logs and debug logs (yellow check mark) - create log messages, alerts, and debugging information for all categories. The NXC does not e-mail debugging information, even if this setting is selected. NXC Series User’s Guide...
Page 382 Message field. Click this to save your changes and return to the previous screen. Cancel Click this to return to the previous screen without saving your changes. NXC Series User’s Guide...
Page 383: Editing Usb Storage Log Settings
(yellow check mark) - send the remote server log messages, alerts, and debugging information for all log categories. This field is a sequential value, and it is not associated with a specific entry. NXC Series User’s Guide...
Page 384: Editing Remote Server Log Settings
Click this to return to the previous screen without saving your changes. 30.3.4 Editing Remote Server Log Settings This screen controls the settings for each log in the remote server (syslog). Go to the Log Settings Summary screen and click a remote server Edit icon. NXC Series User’s Guide...
Page 385 Log Settings for Remote Server Active Select this check box to send log information according to the information in this section. You specify what kinds of messages are included in log information in the Active Log section. NXC Series User’s Guide...
Page 386: Log Category Settings
It does not let you change other log settings (for example, where and how often log information is e-mailed or remote server names). To access this screen, go to the Log Settings Summary screen, and click the Log Category Settings button. NXC Series User’s Guide...
Page 387 Figure 236 Configuration > Log & Report > Log Settings > Log Category Settings This screen provides a different view and a different way of indicating which messages are included in each log and each alert. (The Default category includes debugging messages generated by open source software.) NXC Series User’s Guide...
Page 388 Log Category This field displays each category of messages. It is the same value used in the Display and Category fields in the View Log tab. The Default category includes debugging messages generated by open source software. NXC Series User’s Guide...
Page 389 (yellow check mark) - log regular information, alerts, and debugging information from this category. Click this to save your changes and return to the previous screen. Cancel Click this to return to the previous screen without saving your changes. NXC Series User’s Guide...
Page 390: File Manager
When you apply a configuration file, the NXC uses the factory default settings for any features that the configuration file does not include. When you run a shell script, the NXC only applies the commands that it contains. Other settings do not change. NXC Series User’s Guide...
Page 391 Your configuration files or shell scripts can use “exit” or a command line consisting of a single “!” to have the NXC exit sub command mode. Note: “exit” or “!'” must follow sub commands if it is to make the NXC exit sub command mode. NXC Series User’s Guide...
Page 392: Configuration File
• If there is not a startup-config.conf when you restart the NXC (whether through a management interface or by physically turning the power off and back on), the NXC uses the system-default.conf configuration file with the NXC’s default settings. NXC Series User’s Guide...
Page 393 The NXC ignores any errors in the startup-config.conf file and applies all of the valid commands. The NXC still generates a log for any errors. Figure 238 Maintenance > File Manager > Configuration File Do not turn off the NXC while configuration file upload is in progress. NXC Series User’s Guide...
Page 394 Specify a name for the duplicate configuration file. Use up to 25 characters (including a-zA-Z0- 9;‘~!@#$%^&()_+[]{}’,.=-). Click OK to save the duplicate or click Cancel to close the screen without saving a duplicate of the configuration file. NXC Series User’s Guide...
Page 395 If you upload and apply a configuration file with an error, you can apply lastgood.conf to return to a valid configuration. Size This column displays the size (in KB) of a configuration file. NXC Series User’s Guide...
Page 396: Firmware Package
Find the firmware package at www.zyxel.com in a file that (usually) uses the system model name with a .bin extension, for example, “nxc.bin”. The firmware update can take up to five minutes. Do not turn off or reset the NXC while the firmware update is in progress! NXC Series User’s Guide...
Page 397 Date (yyyy-mm-dd) Select or specify the day in year-month-date format to install the firmware. Upload File File Type in the location of the file you want to upload in this field or click Browse ... to find it. NXC Series User’s Guide...
Page 398: Shell Script
Figure 242 Firmware Upload Error 31.4 Shell Script Use shell script files to have the NXC use commands that you specify. Use a text editor to create the shell script files. They must use a “.zysh” filename extension. NXC Series User’s Guide...
Page 399 Cancel to close the screen without deleting the shell script file. Download Click a shell script file’s row to select it and click Download to save the configuration to your computer. NXC Series User’s Guide...
Page 400 Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse... Click Browse... to find the .zysh file you want to upload. Upload Click Upload to begin the upload process. This process may take up to several minutes. NXC Series User’s Guide...
Page 401: Diagnostics
This screen provides an easy way for you to generate a file containing the NXC’s configuration and diagnostic information. You may need to generate this file and send it to customer support during troubleshooting. Click Maintenance > Diagnostics to open the Collect on Controller screen. NXC Series User’s Guide...
Page 402: Diagnostics - Ap Configuration
This screen provides an easy way for you to generate a file containing the selected managed AP’s configuration and diagnostic information. You may need to generate this file and send it to customer support during troubleshooting. Click Maintenance > Diagnostics > Collect on AP to open the Diagnostic screen. NXC Series User’s Guide...
Page 403 This text box lists the managed APs that are connected and available. Select the managed APs that you want the NXC to generate a diagnostic file containing their configuration, and click the right arrow button to add them. NXC Series User’s Guide...
Page 404: Diagnostics Files
NXC has collected and stored on the NXC or a connected USB storage device. You may need to send these files to customer support for troubleshooting. Figure 246 Maintenance > Diagnostics > Files NXC Series User’s Guide...
Page 405: Packet Capture
Click Maintenance > Diagnostics > Packet Capture to open the Capture on Controller screen. Note: New capture files overwrite existing files of the same name. Change the File Suffix field’s setting to avoid this. NXC Series User’s Guide...
Page 406 Misc setting Continuously capture Select this to have the NXC keep capturing traffic and overwriting old packet capture and overwrite old ones entries when the available storage space runs out. NXC Series User’s Guide...
Page 407 Capture (Per Packet) truncates packets that exceed this size. As a result, when you view the packet capture files in a packet analyzer, the actual size of the packets may be larger than the size of captured packets. NXC Series User’s Guide...
Page 408: Packet Capture On Ap
Click Maintenance > Diagnostics > Packet Capture > Capture on AP to open the packet capture screen. Note: New capture files overwrite existing files of the same name. Change the File Suffix field’s setting to avoid this. NXC Series User’s Guide...
Page 409 AP in the screen. Note: You need to use the Query button before packet capturing on an AP if the AP has rebooted or the applied AP profile settings have been changed. NXC Series User’s Guide...
Page 410 Set a time limit in seconds for the capture. The NXC has the AP stop the capture and generate the capture file when either this period of time has passed or the file reaches the size specified in the Captured Packet Files field. 0 means there is no time limit. NXC Series User’s Guide...
Page 411: Packet Capture Files
(also known as a network or protocol analyzer) such as Wireshark. Figure 249 Maintenance > Diagnostics > Packet Capture > Files NXC Series User’s Guide...
Page 412: Example Of Viewing A Packet Capture File
15 on the wire is 1514 bytes while the captured size is only 1500 bytes. The NXC truncated the frame because the capture screen’s Number Of Bytes To Capture (Per Packet) field was set to 1500 bytes. Figure 250 Packet Capture File Example NXC Series User’s Guide...
Page 413: Core Dump
Click Maintenance > Diagnostics > Core Dump > Files to open the core dump files screen. This screen lists the core dump files stored on the NXC or a connected USB storage device. You may need to send these files to customer support for troubleshooting. NXC Series User’s Guide...
Page 414: System Log
USB storage device. The files are in comma separated value (csv) format. You can download them to your computer and open them in a tool like Microsoft’s Excel. NXC Series User’s Guide...
Page 415: Wireless Frame Capture
Use this screen to capture wireless network traffic going through the AP interfaces connected to your NXC. Studying these frame captures may help you identify network problems. Click Maintenance > Diagnostics > Wireless Frame Capture to display this screen. NXC Series User’s Guide...
Page 416 You can modify the prefix to also create new frame capture files each time you perform a frame capture operation. Doing this does no overwrite existing frame capture files. The file format is: [file prefix].cap. For example, “monitor.cap”. NXC Series User’s Guide...
Page 417: Wireless Frame Capture Files
This column displays the label that identifies the file. The file name format is interface name-file suffix.cap. Size This column displays the size (in bytes) of a configuration file. Last Modified This column displays the date and time that the individual files were saved. NXC Series User’s Guide...
Page 418: Packet Flow Explore
• use policy routes to control 1-1 NAT by using the policy control-virtual-server-rules activate command. Note: Once a packet matches the criteria of a routing rule, the NXC takes the corresponding action and does not perform any further flow checking. NXC Series User’s Guide...
Page 419 Figure 256 Maintenance > Packet Flow Explore > Routing Status (Direct Route) Figure 257 Maintenance > Packet Flow Explore > Routing Status (Policy Route) Figure 258 Maintenance > Packet Flow Explore > Routing Status (1-1 SNAT) NXC Series User’s Guide...
Page 420 This is the number of an activated policy route. If you have configured a schedule for the route, this screen only displays the route at the scheduled time. Incoming This is the interface on which the packets are received. Source This is the source IP address(es) from which the packets are sent. NXC Series User’s Guide...
Page 421: The Snat Status Screen
Note: Once a packet matches the criteria of an SNAT rule, the NXC takes the corresponding action and does not perform any further flow checking. Figure 260 Maintenance > Packet Flow Explore > SNAT Status (Policy Route SNAT) NXC Series User’s Guide...
Page 422 Figure 261 Maintenance > Packet Flow Explore > SNAT Status (1-1 SNAT) Figure 262 Maintenance > Packet Flow Explore > SNAT Status (Loopback SNAT) Figure 263 Maintenance > Packet Flow Explore > SNAT Status (Default SNAT) NXC Series User’s Guide...
Page 423 This indicates which source IP address the SNAT rule uses finally. For example, Outgoing Interface IP means that the NXC uses the IP address of the outgoing interface as the source IP address for the matched packets it sends out through this rule. NXC Series User’s Guide...
Page 424: Reboot
Click the Reboot button to restart the NXC. Wait a few minutes until the login screen appears. If the login screen does not appear, type the IP address of the device in your Web browser. You can also use the CLI command reboot to restart the NXC. NXC Series User’s Guide...
Page 425: Shutdown
Click the Shutdown button to shut down the NXC. Wait for the device to shut down before you manually turn off or remove the power. It does not turn off the power. You can also use the CLI command shutdown to shut down the NXC. NXC Series User’s Guide...
Page 426: Part Iii: Appendices And Troubleshooting
Appendices and Troubleshooting...
Page 427: Chapter 36 Troubleshooting
• Check if your computer is connecting to the correct port after you change the default settings of the management VLAN. Go to the Configuration > Interface > VLAN screen to check the members of the management VLAN. NXC Series User’s Guide...
Page 428 It is strongly recommended that you use a more effective security mechanism. Use the strongest security mechanism that all the wireless devices in your network support. WPA2 or WPA2-PSK is recommended. The wireless security is not following the re-authentication timer setting I specified. NXC Series User’s Guide...
Page 429 The NXC fails to authenticate the ext-user user accounts I configured. An external server such as AD, LDAP or RADIUS must authenticate the ext-user accounts. If the NXC tries to use the local database to authenticate an ext-user, the authentication attempt will always fail. NXC Series User’s Guide...
Page 430 Note: Be careful not to convert a binary file to text during the transfer process. It is easy for this to occur since many programs use text files by default. I cannot access the NXC from a computer connected to the Internet. NXC Series User’s Guide...
Page 431 The Web Configurator is the recommended method for uploading firmware. You only need to use the command line interface if you need to recover the firmware. See the CLI Reference Guide for how to determine if you need to recover the firmware and how to recover it. NXC Series User’s Guide...
Page 432: Wireless
Section 19.3.3 on page 275 details on managing the NXC MAC Filter. • Your AP needs to support CAPWAP managed AP mode in order to be managed by the NXC. See the NWA/WAC Series User’s Guide. NXC Series User’s Guide...
Page 433 • Make sure the Captive Portal configuration pointing to it is correct. You must configure the Login URL field. • Check that the external Web server is configured properly. • It is recommended to have the external web server on the same subnet as the login users. NXC Series User’s Guide...
Page 434: Resetting The Nxc
Press the RESET button and hold it until the SYS LED begins to blink. (This usually takes about five seconds.) Release the RESET button, and wait for the NXC to restart. You should be able to access the NXC using the default settings. NXC Series User’s Guide...
Page 435: Getting More Troubleshooting Help
Chapter 36 Troubleshooting 36.3 Getting More Troubleshooting Help Search for support information for your model at www.zyxel.com for more troubleshooting suggestions. NXC Series User’s Guide...
Page 436: Appendix A Log Descriptions
%s! 1st:zysh entry name can't print entry: %s! 1st:zysh list name %s: cannot retrieve entries from list! 1st:zysh entry index can't get name for entry %d! 1st:zysh list name can't get reference count: %s! NXC Series User’s Guide...
Page 437 1st:zysh entry num Unable to move entry #%d! 1st:zysh table name %s: apply failed at initial stage! 1st:zysh table name %s: apply failed at main stage! 1st:zysh table name %s: apply failed at closing stage! NXC Series User’s Guide...
Page 438 The NXC blocked a login because the maximum simultaneous login capacity Failed login attempt to for the administrator or access account has already been reached. EnterpriseWLAN from %s (reach the max. number %s: service name of simultaneous logon) NXC Series User’s Guide...
Page 439 %s:Trial service activation has %s: service name succeeded. The device received an incomplete response from the myZyxel.com server and it Trial service caused a parsing error for the device. activation has failed. Because of lack must fields. NXC Series User’s Guide...
Page 440 FQDN to an IP address through gethostbyname(). failed. Update stop. The device could not process an HTTPS connection because it could not verify the Verify server's myZyxel.com server's certificate. The update has stopped. certificate has failed. Update stop. NXC Series User’s Guide...
Page 441 The device could not connect to the myZyxel.com server. Connect to MyZyxel.com server has failed. Some information was missing in the packets that the device sent to the server. Build query message has failed. NXC Series User’s Guide...
Page 442 Verification of a server’s certificate failed because there is a self-signed certificate Self signed in the server’s certificate chain. certificate in certificate chain. The device verified a server’s certificate while processing an HTTPS connection. Verify peer certificates has succeeded. NXC Series User’s Guide...
Page 443 Allocating policy routing rule fails: insufficient memory. The policy route %d allocates memory fail! %d: the policy route rule number Use an empty object group. The policy route %d uses empty user group! %d: the policy route rule number NXC Series User’s Guide...
Page 444 An administrator changed the port number for HTTPS back to the default (443). HTTPS port has been changed to default port. An administrator changed the port number for HTTP. HTTP port has changed to port %s. %s is port number assigned by user NXC Series User’s Guide...
Page 445 Stand-By When an interface has become the HA master, the DHCP server needs to start DHCP Server on operating. Interface %s will be reapplied due to %s is interface name Device HA status is Active NXC Series User’s Guide...
Page 446 %s is interface name Zone Forwarder adds DNS servers in records. Ping check failed, remove DNS servers from bind. Interface %s ping check is failed. Zone %s is interface name Forwarder removes DNS servers in records. NXC Series User’s Guide...
Page 447 1st %d is the previous index . %s is HTTP/HTTPS/SSH/SNMP/FTP/TELNET. 2nd %d is current previous index. Cannot send a SNMP trap to a remote host due to network error SNMP trap can not be sent successfully NXC Series User’s Guide...
Page 448 Receive an ARP response from an unknown client The device received the specified total number of ARP response packets for the In total, received %d requested IP address. arp response packets for the requested IP address NXC Series User’s Guide...
Page 449 - Server did not respond. The diagnostics scripts were executed successfully. Collect Diagnostic Infomation has succeeded. The specified port has it’s link up. Port %d is up!! The specified port has it’s link down. Port %d is down!! NXC Series User’s Guide...
Page 450 IP The connectivity check process can't get MAC address of interface. Can't get MAC address of %s interface! %s: interface name The connectivity check process can't send ARP request packet. To send ARP REQUEST error! NXC Series User’s Guide...
Page 451 %d: Port number H323 ALG apply additional signal port failed. Register H.323 ALG extra port=%d failed. %d: Port number H323 ALG apply signal port failed. Register H.323 ALG signal port=%d failed. %d: Port number NXC Series User’s Guide...
Page 452 CRL is not currently valid, but in the future. CRL contains duplicate serial numbers. Time interval is not continuous. Time information not available. Database method failed due to timeout. Database method failed. Path was not verified. Maximum path length reached. NXC Series User’s Guide...
Page 453 PAP support PAP). authentication failed. A bridge interface has no member. %s: bridge interface name. Interface %s create failed because has no member. NXC Series User’s Guide...
Page 454 NXC’s local user database while trying to connect to the WPA or WPA2 enterprise specified WLAN interface (first %s). The MAC address of the wireless client is listed internal (second %s). authentication. Interface: %s, MAC: NXC Series User’s Guide...
Page 455 Force user authentication will be turned off because HTTP server was turned off. Force User Authentication will be disabled due to http server is disabled. Force User Authentication may not work properly! NXC Series User’s Guide...
Page 456 Sending ACK to %s an ACK to the client. The DHCP server feature assigned a client the IP address that it requested. The DHCP server assigned DHCP client’s hostname and MAC address are listed. %s to %s(%s) NXC Series User’s Guide...
Page 457 Cannot remove ip-mac The interface the packet came in through, the sender’s IP address and MAC binding from dhcpd: address, are also shown along with the binding type (“s” for static or “d” for %s#%u.%u.%u.%u#%02X:%0 dynamic). 2X:%02X:%02X:%02X:%02X NXC Series User’s Guide...
Page 458 Send configuration to an AP in the managed list, but AP sent back an Update AP Configure Fail. Wrong apply fail response. Configure Apply,MAC:%02x%02x%02x%02x%02x% 1st %02x ~ 6th %02x: Managed AP MAC Address. 02x, Model:%s 7th %s: Managed AP Model Name. NXC Series User’s Guide...
Page 459 A Managed AP's stops broadcasting the SSID due to DTLS (Datagram AP SSID Stop. Transport Layer Security) is disabled. MAC:%02x%02x%02x%02x%02x%02x, Radio:%d, SSID:%s Stop. 1st %02x ~ 6th %02x: Managed AP MAC Address. 7th: %d: Managed AP's Radio Number. 8th: %s: Managed AP Stop SSID Name. NXC Series User’s Guide...
Page 460 1st %s: Complete Update Changed WTP's AC IP. WLAN Controller IP Changed. New Discovery Type:%s, WLAN 1st %s: Discovery type {Static | DHCP | DNS | Broadcast} Controller IP: %s 2nd %s: WLAN Controller IP Address NXC Series User’s Guide...
Page 461 Table 231 DCS Logs LOG MESSAGE DESCRIPTION Indicates that the NXC failed to initialize the dcs daemon. dcs init failed!\n Indicates that the NXC failed to initialize zylog. init zylog fail\n NXC Series User’s Guide...
Page 462 8th %s: Managed AP Description. An AP rejected a wireless client’s association request. AP Radio MAC=%02x:%02x:%02x:%02 1st %02x~6th%02x: AP’s MAC Address. x:%02x:%02x, Reject 7th %02x~12th%02x: Wireless client’s MAC Address. Station MAC%02x:%02x:%02x:%02x 13th %d: RSSI value :%02x:%02x, RSSI=%d NXC Series User’s Guide...
Page 463: Appendix B Common Services
H.323 1720 NetMeeting uses this protocol. HTTP Hyper Text Transfer Protocol - a client/server protocol for the world wide web. HTTPS HTTPS is a secured http session often used in e- commerce. NXC Series User’s Guide...
Page 464 Traps for use with the SNMP (RFC:1215). SQL-NET 1521 Structured Query Language is an interface to access data on many different types of database systems, including mainframes, midrange systems, UNIX systems and network servers. TCP/UDP Secure Shell Remote Login Program. NXC Series User’s Guide...
Page 465 TFTP Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE 7000 Another videoconferencing solution. NXC Series User’s Guide...
Page 466: Appendix C Importing Certificates
Google Chrome The following example uses Google Chrome on Windows 7. You first have to store the certificate in your computer and then install it as a Trusted Root CA, as shown in the following tutorials. NXC Series User’s Guide...
Page 467 Appendix C Importing Certificates Export a Certificate If your device’s Web Configurator is set to use SSL certification, then upon browsing with it for the first time, you are presented with a certification error. NXC Series User’s Guide...
Page 468 Appendix C Importing Certificates Click Advanced > Proceed to x.x.x.x (unsafe). In the Address Bar, click Not Secure > Certificate (Invalid). NXC Series User’s Guide...
Page 469 Appendix C Importing Certificates In the Certificate dialog box, click Details > Copy to File. In the Certificate Export Wizard, click Next. NXC Series User’s Guide...
Page 470 Appendix C Importing Certificates Select the format and settings you want to use and then click Next. Type a filename and specify a folder to save the certificate in. Click Next. NXC Series User’s Guide...
Page 471 Finally, click OK when presented with the successful certificate export message. Import a Certificate After storing the certificate in your computer (see Export a Certificate), you need to install it as a trusted root certification authority using the following steps: NXC Series User’s Guide...
Page 472 Appendix C Importing Certificates Open your web browser, click the menu icon, and click Settings. NXC Series User’s Guide...
Page 473 Appendix C Importing Certificates Scroll down and click Advanced to expand the menu. Under Privacy and security, click Manage certificates. NXC Series User’s Guide...
Page 474 Appendix C Importing Certificates In the Certificates pop-up screen, click Trusted Root Certification Authorities. Click Import to start the Certificate Import Wizard. Click Next when the wizard pops up, and then on the following screen click Browse. NXC Series User’s Guide...
Page 475 Appendix C Importing Certificates Select the certificate file you want to import and click Open. Click Next. NXC Series User’s Guide...
Page 476 Appendix C Importing Certificates Confirm the settings displayed and click Finish. If presented with a security warning, click Yes. NXC Series User’s Guide...
Page 477 Install a Stand-Alone Certificate File Rather than installing a public key certificate using web browser settings, you can install a stand-alone certificate file if one has been issued to you. Double-click the public key certificate file. Click Install Certificate. NXC Series User’s Guide...
Page 478 Appendix C Importing Certificates Click Next on the first wizard screen, click Place all certificates in the following store, and click Browse. Select Trusted Root Certificate Authorities > OK, and then click Next. NXC Series User’s Guide...
Page 479 Appendix C Importing Certificates Confirm the information shown on the final wizard screen and click Finish. If presented with a security warning, click Yes. NXC Series User’s Guide...
Page 480 Finally, click OK when you are notified of the successful import. Remove a Certificate in Google Chrome This section shows you how to remove a public key certificate in Google Chrome on Windows 7. Open your web browser, click the menu icon, and click Settings. NXC Series User’s Guide...
Page 481 Appendix C Importing Certificates Scroll down and click Advanced to expand the menu. Under Privacy and security, click Manage certificates. In the Certificates pop-up screen, click Trusted Root Certification Authorities. NXC Series User’s Guide...
Page 482 Confirm the details displayed in the warning message and click Yes. Firefox The following example uses Mozilla Firefox on Windows 7. You first have to store the certificate in your computer and then install it as a Trusted Root CA, as shown in the following tutorials. NXC Series User’s Guide...
Page 483 Appendix C Importing Certificates Export a Certificate If your device’s Web Configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error. Click Advanced. Click View Certificate. NXC Series User’s Guide...
Page 484 Appendix C Importing Certificates Click Details > Export. Type a filename and click Save. Import a Certificate After storing the certificate in your computer, you need to import it in trusted root certification authorities using the following steps: NXC Series User’s Guide...
Page 485 Appendix C Importing Certificates Open Firefox and click Tools > Options. NXC Series User’s Guide...
Page 486 Appendix C Importing Certificates In the Options page, click Privacy & Security, scroll to the bottom of the page, and then click View Certificates. In the Certificate Manager, click Authorities > Import. NXC Series User’s Guide...
Page 487 Use the Select File dialog box to locate the certificate and then click Open. Select Trust this CA to identify websites and click OK. Removing a Certificate in Firefox This section shows you how to remove a public key certificate in Firefox. NXC Series User’s Guide...
Page 488 Appendix C Importing Certificates Open Firefox and click Tools > Options. In the Options page, click Privacy & Security, scroll to the bottom of the page, and then click View Certificates. NXC Series User’s Guide...
Page 489 In the Certificate Manager, click Authorities and select the certificate you want to remove, Click Delete or Distrust. In the following dialog box, click OK. The next time you go to the web site that issued the public key certificate you just removed, a certification error appears. NXC Series User’s Guide...
Page 490: Appendix D Wireless Lans
Intra-BSS traffic is traffic between wireless clients in the BSS. When Intra-BSS is enabled, wireless clients A and B can access the wired network and communicate with each other. When Intra-BSS is disabled, wireless clients A and B can still access the wired network but cannot communicate with each other. NXC Series User’s Guide...
Page 491 An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless clients within the same ESS must have the same ESSID in order to communicate. NXC Series User’s Guide...
Page 492 AP is using. For example, if your region has 11 channels and an adjacent AP is using channel 1, then you need to select a channel between 6 or 11. NXC Series User’s Guide...
Page 493 If the RTS/CTS value is greater than the Fragmentation Threshold value (see next), then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. NXC Series User’s Guide...
Page 494 The IEEE 802.11g data rate and modulation are as follows: Table 234 IEEE 802.11g DATA RATE (MBPS) MODULATION DBPSK (Differential Binary Phase Shift Keyed) DQPSK (Differential Quadrature Phase Shift Keying) 5.5 / 11 CCK (Complementary Code Keying) 6/9/12/18/24/36/48/54 OFDM (Orthogonal Frequency Division Multiplexing) NXC Series User’s Guide...
Page 495 The access point is the client and the server is the RADIUS server. The RADIUS server handles the following tasks: • Authentication Determines the identity of the users. • Authorization Determines the network services available to authenticated users once they are connected to the network. NXC Series User’s Guide...
Page 496 For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner. NXC Series User’s Guide...
Page 497 If this feature is enabled, it is not necessary to configure a default encryption key in the wireless security configuration screen. You may still configure and store keys, but they will not be used while dynamic WEP is enabled. NXC Series User’s Guide...
Page 498 Rijndael. They both include a per-packet key mixing function, a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. WPA and WPA2 regularly change and rotate the encryption keys so that the same encryption key is never used twice. NXC Series User’s Guide...
Page 499 RADIUS shared secret. A WPA(2) application example with an external RADIUS server looks as follows. "A" is the RADIUS server. "DS" is the distribution system. The AP passes the wireless client's authentication request to the RADIUS server. NXC Series User’s Guide...
Page 500 PSK and the SSID. The AP and wireless clients use the TKIP or AES encryption process, the PMK and information exchanged in a handshake to create temporal encryption keys. They use these keys to encrypt data exchanged between them. NXC Series User’s Guide...
Page 501 Enable without Dynamic WEP Key Open Enable with Dynamic WEP Key Enable without Dynamic WEP Key Disable Shared Enable with Dynamic WEP Key Enable without Dynamic WEP Key Disable TKIP/AES Enable WPA-PSK TKIP/AES Disable WPA2 TKIP/AES Enable WPA2-PSK TKIP/AES Disable NXC Series User’s Guide...
Page 502: Appendix E Ipv6
54 bits 64 bits Global Address A global address uniquely identifies a device on the Internet. It is similar to a “public IP address” in IPv4. A global unicast address starts with a 2 or 3. NXC Series User’s Guide...
Page 503 The following table describes the multicast addresses which are reserved and can not be assigned to a multicast group. Table 240 Reserved Multicast Address MULTICAST ADDRESS FF00:0:0:0:0:0:0:0 FF01:0:0:0:0:0:0:0 FF02:0:0:0:0:0:0:0 FF03:0:0:0:0:0:0:0 FF04:0:0:0:0:0:0:0 FF05:0:0:0:0:0:0:0 FF06:0:0:0:0:0:0:0 FF07:0:0:0:0:0:0:0 FF08:0:0:0:0:0:0:0 FF09:0:0:0:0:0:0:0 FF0A:0:0:0:0:0:0:0 FF0B:0:0:0:0:0:0:0 FF0C:0:0:0:0:0:0:0 FF0D:0:0:0:0:0:0:0 FF0E:0:0:0:0:0:0:0 FF0F:0:0:0:0:0:0:0 NXC Series User’s Guide...
Page 504 DHCP server to assign and pass IPv6 network addresses, prefixes and other configuration information to DHCP clients. DHCPv6 servers and clients exchange DHCP messages using UDP. In IPv6, all network interfaces can be associated with several addresses. NXC Series User’s Guide...
Page 505 LAN IP address. Through sending Router Advertisements (RAs) regularly by multicast, the NXC passes the IPv6 prefix information to its LAN hosts. The hosts then can use the prefix to generate their IPv6 addresses. NXC Series User’s Guide...
Page 506 MLDv1 is equivalent to IGMPv2 and MLDv2 is equivalent to IGMPv3. MLD allows an IPv6 switch or router to discover the presence of MLD listeners who wish to receive multicast packets and the IP addresses of multicast groups the hosts want to join on its network. NXC Series User’s Guide...
Page 507 Router Advertisement for IPv6 address assignment in your network, ignore this section.) This example uses Dibbler as the DHCPv6 client. To enable DHCPv6 client on your computer: Install Dibbler and select the DHCPv6 client option on your computer. NXC Series User’s Guide...
Page 508 Windows 7 supports IPv6 by default. DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer. To enable IPv6 in Windows 7: Select Control Panel > Network and Sharing Center > Local Area Connection. NXC Series User’s Guide...
Page 509 IPv4 Address... : 172.16.100.61 Subnet Mask ... : 255.255.255.0 Default Gateway ..: fe80::213:49ff:feaa:7125%11 172.16.100.254 NXC Series User’s Guide...
Page 510: Appendix F Customer Support
• Brief description of the problem and the steps you took to solve it. Corporate Headquarters (Worldwide) Taiwan • Zyxel Communications Corporation • http://www.zyxel.com Asia China • Zyxel Communications (Shanghai) Corp. Zyxel Communications (Beijing) Corp. Zyxel Communications (Tianjin) Corp. • https://www.zyxel.com/cn/zh/ India • Zyxel Technology India Pvt Ltd • https://www.zyxel.com/in/en/ Kazakhstan •...
Page 511 • Zyxel Singapore Pte Ltd. • http://www.zyxel.com.sg Taiwan • Zyxel Communications Corporation • https://www.zyxel.com/tw/zh/ Thailand • Zyxel Thailand Co., Ltd • https://www.zyxel.com/th/th/ Vietnam • Zyxel Communications Corporation-Vietnam Office • https://www.zyxel.com/vn/vi Europe Belarus • Zyxel BY • https://www.zyxel.by Belgium • Zyxel Communications B.V. • https://www.zyxel.com/be/nl/...
Page 512 Appendix F Customer Support • https://www.zyxel.com/be/fr/ Bulgaria • Zyxel България • https://www.zyxel.com/bg/bg/ Czech Republic • Zyxel Communications Czech s.r.o • https://www.zyxel.com/cz/cs/ Denmark • Zyxel Communications A/S • https://www.zyxel.com/dk/da/ Estonia • Zyxel Estonia • https://www.zyxel.com/ee/et/ Finland • Zyxel Communications • https://www.zyxel.com/fi/fi/ France •...
Page 513 • Zyxel Communications Poland • https://www.zyxel.com/pl/pl/ Romania • Zyxel Romania • https://www.zyxel.com/ro/ro Russia • Zyxel Russia • https://www.zyxel.com/ru/ru/ Slovakia • Zyxel Communications Czech s.r.o. organizacna zlozka • https://www.zyxel.com/sk/sk/ Spain • Zyxel Communications ES Ltd • https://www.zyxel.com/es/es/ Sweden • Zyxel Communications • https://www.zyxel.com/se/sv/ Switzerland •...
Page 514 Appendix F Customer Support Turkey • Zyxel Turkey A.S. • https://www.zyxel.com/tr/tr/ • Zyxel Communications UK Ltd. • https://www.zyxel.com/uk/en/ Ukraine • Zyxel Ukraine • http://www.ua.zyxel.com South America Argentina • Zyxel Communications Corporation • https://www.zyxel.com/co/es/ Brazil • Zyxel Communications Brasil Ltda. • https://www.zyxel.com/br/pt/ Colombia •...
Page 515 Appendix F Customer Support Middle East • Zyxel Communications Corporation • https://www.zyxel.com/me/en/ North America • Zyxel Communications, Inc. - North America Headquarters • https://www.zyxel.com/us/en/ Oceania Australia • Zyxel Communications Corporation • https://www.zyxel.com/au/en/ Africa South Africa • Nology (Pty) Ltd. • https://www.zyxel.com/za/en/...
Page 516 The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of Zyxel Communications Corporation. Published by Zyxel Communications Corporation. All rights reserved.
Page 517 Fuse Warning! Replace a fuse only with a fuse of the same type and rating. • The POE (Power over Ethernet) devices that supply or receive power and their connected Ethernet cables must all be completely indoors. NXC Series User’s Guide...
Page 518 Cuando este producto alcance el final de su vida útil, llévelo a un punto limpio. Cuando llegue el momento de desechar el producto, la recogida por separado éste y/o su batería ayudará a salvar los recursos naturales y a proteger la salud humana y medioambiental. NXC Series User’s Guide...
Page 519 Various symbols are used in this product to ensure correct usage, to prevent danger to the user and others, and to prevent property damage. The meaning of these symbols are described below. It is important that you read these descriptions thoroughly and fully understand the contents. NXC Series User’s Guide...
Page 520 You can download the latest firmware at www.zyxel.com. If you cannot find it there, contact your vendor or Zyxel Technical Support at support@zyxel.com.tw. To obtain the source code covered under those Licenses, please contact your vendor or Zyxel Technical Support at support@zyxel.com.tw. NXC Series User’s Guide...
Page 521 302, 304, 305, 306, 307, 308 allowing through the firewall directory structure authentication Distinguished Name, see DN LDAP/AD password server port 307, 310, 311 authentication method objects search time limit and users and WWW address groups create and firewall Authentication server NXC Series User’s Guide...
Page 522 Certificate Revocation List (CRL) downloading with FTP vs OCSP editing certificates how applied advantages of lastgood.conf 393, 395 and CA managing and FTP startup-config.conf and HTTPS startup-config-bad.conf and SSH syntax and WWW system-default.conf certification path 317, 323, 328 uploading NXC Series User’s Guide...
Page 523 304, 306, 307 actions 304, 306, 307 and address groups and address objects address records and NAT domain name forwarders and schedules domain name to IP address and service groups IP address to domain name NXC Series User’s Guide...
Page 524 Gigabit Ethernet and zones 19, 147 ports as DHCP relays Guide as DHCP servers 175, 334 CLI Reference bandwidth management default configuration DHCP clients Ethernet, see also Ethernet interfaces. gateway general characteristics hidden node IP address NXC Series User’s Guide...
Page 525 112, 381 formats log consolidation settings syslog servers system Java types of permissions JavaScripts MAC address and VLAN key pairs Ethernet interface range MAC authentication NXC Series User’s Guide...
Page 526 Name Server, see NBNS. benefits NetBIOS name criteria Netscape Navigator pop-up windows Network Address Translation, see NAT port mapping Network Time Protocol (NTP) ports power off power on PPP interfaces subnet mask object-based configuration NXC Series User’s Guide...
Page 527 231, 235 daily e-mail sessions specifications sessions usage traffic statistics shell scripts reset downloading vs reboot editing RESET button 24, 434 how applied NXC Series User’s Guide...
Page 528 Transmission Control Protocol, see TCP missing at restart present at restart Transport Layer Security (TLS) startup-config-bad.conf triangle routes allowing through the firewall static DHCP troubleshooting static routes 401, 413, 427 and interfaces Trusted Certificates, see also certificates metric NXC Series User’s Guide...
Page 529 Wi-Fi Protected Access 248, 250 258, 498 default reauthentication time 248, 250 Windows Internet Naming Service, see WINS default type for Ext-User Windows Internet Naming Service, see WINS. ext-group-user (type) WINS 154, 165, 173, 176 NXC Series User’s Guide...
Page 530 HTTP, HTTPS zones 19, 186 and firewall 230, 233 and FTP and interfaces 19, 186 and SNMP and SSH and Telnet and VPN and WWW block intra-zone traffic 188, 232 NXC Series User’s Guide...

This manual is also suitable for:

Nxc5500 Nxc2500

ZyXEL Communications NXC Series User Manual

Document Conventions

Contents Overview

Table of Contents

User's Guide

Part I: User's Guide

Chapter 1 Introduction

Chapter 2 Hardware Installation and Connection

Chapter 3 The Web Configurator

Chapter 4 Setup Wizard

Technical Reference

Part II: Technical Reference

Chapter 5 Dashboard

Chapter 6 Monitor

Chapter 7 Registration

Chapter 8 Wireless

Chapter 9 Interfaces

Chapter 10 Policy and Static Routes

Chapter 11 Zones

Chapter 12 NAT

Chapter 13 ALG

Chapter 14 IP/MAC Binding

Chapter 15 Captive Portal

Chapter 16 RTLS

Chapter 17 Firewall

Chapter 18 User/Group

Chapter 19 AP Profile

Chapter 20 MON Profile

Chapter 21 Zymesh Profile

Chapter 22 Addresses

Chapter 23 Services

Chapter 24 Schedules

Chapter 25 AAA Server

Chapter 26 Authentication Method

Chapter 27 Certificates

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications NXC Series

Summary of Contents for ZyXEL Communications NXC Series