Page 1 NWA-3160 Series IEEE 802.11a/b/g Business WLAN Access Point IEEE 802.11b/g Business WLAN Access Point User’s Guide Version 3.60 7/2007 Edition 1 DEFAULT LOGIN IP Address http://192.168.1.2 Password 1234 www.zyxel.com...
Page 3: About This User's Guide
Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. E-mail: techwriters@zyxel.com.tw ZyXEL NWA-3160 Series User’s Guide About This User's Guide...
Page 4: Document Conventions
“k” for kilo may denote “1000” or “1024”, “M” for mega may denote “1000000” or “1048576” and so on. • “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”. ZyXEL NWA-3160 Series User’s Guide...
Page 5 Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Server Telephone ZyXEL NWA-3160 Series User’s Guide Computer Notebook computer DSLAM Firewall Switch...
Page 6: Safety Warnings
• If you wall mount your device, make sure that no electrical lines, gas or water pipes will be damaged. • The PoE (Power over Ethernet) devices that supply or receive power and their connected Ethernet cables must all be completely indoors. This product is recyclable. Dispose of it properly. Safety Warnings ZyXEL NWA-3160 Series User’s Guide...
Page 7 Safety Warnings ZyXEL NWA-3160 Series User’s Guide...
Page 8 Safety Warnings ZyXEL NWA-3160 Series User’s Guide...
Page 9: Table Of Contents
System Password ... 221 System Information and Diagnosis ... 223 Firmware and Configuration File Maintenance ... 229 System Maintenance and Information ... 235 Troubleshooting ... 243 Appendices and Index ... 249 ZyXEL NWA-3160 Series User’s Guide Contents Overview Contents Overview...
Page 10 Contents Overview ZyXEL NWA-3160 Series User’s Guide...
Page 11: Table Of Contents
2.1 Accessing the Web Configurator ... 41 2.2 Resetting the ZyXEL Device ... 42 2.2.1 Methods of Restoring Factory-Defaults ... 43 2.3 Navigating the Web Configurator ... 43 Chapter 3 Status Screens ... 45 ZyXEL NWA-3160 Series User’s Guide Table of Contents Table of Contents...
Page 12 4.4.6.2 Testing the Configuration ...73 Part II: The Web Configurator ... 75 Chapter 5 System Screens ... 77 5.1 System Overview ... 77 5.2 Configuring General Setup ... 77 5.3 Administrator Authentication on RADIUS ... 78 ZyXEL NWA-3160 Series User’s Guide...
Page 13 7.1 Wireless Security Overview ... 99 7.1.1 Encryption ... 99 7.1.2 Restricted Access ... 99 7.1.3 Hide Identity ... 99 7.1.4 WEP Encryption ... 99 7.2 802.1x Overview ... 100 7.3 EAP Authentication Overview ... 100 ZyXEL NWA-3160 Series User’s Guide Table of Contents...
Page 14 9.3.1.1 Layer-2 Isolation Example 1 ...127 9.3.1.2 Layer-2 Isolation Example 2 ...127 9.4 The MAC Filter Screen ... 128 9.4.1 Configuring MAC Filtering ... 129 9.5 Configuring Roaming ... 130 9.5.1 Requirements for Roaming ... 131 ZyXEL NWA-3160 Series User’s Guide...
Page 15 13.3 Trusted AP Overview ... 153 13.4 Configuring Trusted AP ... 154 13.5 Configuring Trusted Users ... 155 Chapter 14 Certificates ... 157 14.1 Certificates Overview ... 157 14.1.1 Advantages of Certificates ... 158 ZyXEL NWA-3160 Series User’s Guide Table of Contents...
Page 16 16.2.5 Second Rx VLAN ID Example ... 196 16.2.5.1 Second Rx VLAN Setup Example ...196 Chapter 17 Maintenance ... 199 17.1 Maintenance Overview ... 199 17.2 System Status Screen ... 199 17.2.1 System Statistics ... 200 ZyXEL NWA-3160 Series User’s Guide...
Page 17 20.1 LAN Setup ... 217 20.2 TCP/IP Ethernet Setup ... 217 Chapter 21 SNMP Configuration ... 219 21.1 SNMP Configuration ... 219 Chapter 22 System Password ... 221 22.1 System Password ... 221 ZyXEL NWA-3160 Series User’s Guide Table of Contents...
Page 18 25.3.2 FTP ... 239 25.3.3 Web ... 239 25.3.4 Remote Management Setup ... 239 25.3.5 Remote Management Limitations ... 241 25.4 System Timeout ... 241 Chapter 26 Troubleshooting... 243 26.1 Power, Hardware Connections, and LEDs ... 243 ZyXEL NWA-3160 Series User’s Guide...
Page 19 Appendix D Pop-up Windows, JavaScripts and Java Permissions ... 283 Appendix E IP Addresses and Subnetting ... 289 Appendix F Text File Based Auto Configuration... 297 Appendix G Legal Information... 305 Appendix H Customer Support... 309 Index... 315 ZyXEL NWA-3160 Series User’s Guide Table of Contents...
Page 20 Table of Contents ZyXEL NWA-3160 Series User’s Guide...
Page 21: List Of Figures
Figure 34 Tutorial: Log Settings ... 66 Figure 35 Tutorial: Example Network ... 68 Figure 36 Tutorial: SSID Profile ... 70 Figure 37 Tutorial: SSID Edit ... 71 Figure 38 Tutorial: Layer-2 Isolation Edit ... 71 ZyXEL NWA-3160 Series User’s Guide...
Page 22 Figure 76 MAC Address Filter ... 129 Figure 77 Roaming Example ... 131 Figure 78 Roaming ... 132 Figure 79 IP Setup ... 134 Figure 80 Rogue AP: Example ... 136 Figure 81 “Honeypot” Attack ... 137 ZyXEL NWA-3160 Series User’s Guide...
Page 23 Figure 120 Encryption Tab Settings ... 192 Figure 121 Connection Attributes Screen ... 193 Figure 122 RADIUS Attribute Screen ... 193 Figure 123 802 Attribute Setting for Tunnel-Medium-Type ... 194 Figure 124 VLAN ID Attribute Setting for Tunnel-Pvt-Group-ID ... 194 ZyXEL NWA-3160 Series User’s Guide...
Page 24 Figure 164 Valid CI Commands ... 236 Figure 165 Menu 24.10 System Maintenance: Time and Date Setting ... 237 Figure 166 Telnet Configuration on a TCP/IP Network ... 239 Figure 167 Menu 24.11 Remote Management Control ... 240 ZyXEL NWA-3160 Series User’s Guide...
Page 25 Figure 202 WEP Configuration File Example ... 300 Figure 203 802.1X Configuration File Example ... 301 Figure 204 WPA-PSK Configuration File Example ... 301 Figure 205 WPA Configuration File Example ... 302 Figure 206 Wlan Configuration File Example ... 303 ZyXEL NWA-3160 Series User’s Guide...
Page 26 List of Figures ZyXEL NWA-3160 Series User’s Guide...
Page 27: List Of Tables
Table 33 Security: WPA-PSK, WPA2-PSK or WPA2-PSK-MIX ...111 Table 34 RADIUS ...112 Table 35 Wireless: Multiple BSS ...117 Table 36 SSID ...119 Table 37 Configuring SSID ... 120 Table 38 WIRELESS > Layer-2 Isolation ... 125 ZyXEL NWA-3160 Series User’s Guide...
Page 28 Table 76 Channel Usage ... 202 Table 77 Firmware Upload ... 202 Table 78 Restore Configuration ... 205 Table 79 SMT Menus Overview ... 212 Table 80 Main Menu Commands ... 213 Table 81 Main Menu Summary ... 214 ZyXEL NWA-3160 Series User’s Guide...
Page 29 Table 118 Manual Configuration ... 298 Table 119 Configuration via SNMP ... 298 Table 120 Displaying the File Version ... 299 Table 121 Displaying the File Version ... 299 Table 122 Displaying the Auto Configuration Status ... 300 ZyXEL NWA-3160 Series User’s Guide...
Page 30 List of Tables ZyXEL NWA-3160 Series User’s Guide...
Page 31: Introduction
Introduction Introducing the ZyXEL Device (33) Introducing the Web Configurator (41) Status Screens (45) Tutorial (49)
Page 33: Introducing The Zyxel Device
1.2 Applications for the ZyXEL Device The ZyXEL Device can be configured to use the following WLAN operating modes 1 AP 2 Bridge/Repeater 3 AP+Bridge 4 MBSSID Applications for each operating mode are shown below. ZyXEL NWA-3160 Series User’s Guide...
Page 34: Access Point
Once the security settings of peer sides match one another, the connection between devices is made. At the time of writing, WDS security is compatible with other ZyXEL access points only. Refer to your other access point’s documentation for details. Section 6.7.2 on page 92 ZyXEL NWA-3160 Series User’s Guide...
Page 35: Ap + Bridge
Figure 2 Bridge Application Figure 3 Repeater Application 1.2.3 AP + Bridge In AP+Bridge mode, the ZyXEL Device supports both AP and bridge connection at the same time. ZyXEL NWA-3160 Series User’s Guide Chapter 1 Introducing the ZyXEL Device...
Page 36: Mbssid
To the wireless clients in the network, each SSID appears to be a different access point. As in any wireless network, clients can associate only with the SSIDs for which they have the correct security settings. Section 6.7.3 on page 96 ZyXEL NWA-3160 Series User’s Guide...
Page 37: Pre-Configured Ssid Profiles
Layer 2 isolation is enabled (see Section 9.1 on page also enabled (see ZyXEL NWA-3160 Series User’s Guide Chapter 1 Introducing the ZyXEL Device 123), and QoS is set to NONE. Intra-BSS traffic blocking is Section 6.1.1 on page 83).
Page 38: Ways To Manage The Zyxel Device
If you backed up an earlier configuration file, you won’t have to totally re-configure the ZyXEL Device; you can simply restore your last configuration. 1.5 Hardware Connections See your Quick Start Guide for information on making hardware connections. ZyXEL NWA-3160 Series User’s Guide...
Page 39: Leds
Table 2 LEDs LABEL COLOR Green WLAN Green ZyXEL NWA-3160 Series User’s Guide Chapter 1 Introducing the ZyXEL Device STATUS DESCRIPTION The ZyXEL Device is in AP+Bridge or Bridge/Repeater mode, and has successfully established a Wireless Distribution System (WDS) connection.
Page 40 • If the LED blinks during the boot up process, the system is starting up. • If the LED blinks after the boot up process, the system has failed. The ZyXEL Device successfully boots up. ZyXEL NWA-3160 Series User’s Guide...
Page 41: Introducing The Web Configurator
Type a new password (and retype it to confirm) then click Apply. Alternatively, click Ignore. If you do not change the password, the following screen appears every time you login. ZyXEL NWA-3160 Series User’s Guide Introducing the Web Configurator...
Page 42: Resetting The Zyxel Device
RESET button. This replaces the current configuration file with the factory-default configuration file. This means that you will lose all the settings you previously configured. The password will be reset to 1234. Chapter 2 on page 41 for details about the Status ZyXEL NWA-3160 Series User’s Guide...
Page 43: Methods Of Restoring Factory-Defaults
REMOTE MGNT (Telnet, FTP, WWW and SNMP), AUTH. SERVER (Setting, Trusted AP, Trusted Users), CERTIFICATES (My Certificates, Trusted CAs), LOGS (View Logs and Log Settings) and VLAN (Wireless VLAN and RADIUS VLAN). ZyXEL NWA-3160 Series User’s Guide Chapter 2 Introducing the Web Configurator Chapter 17 on page...
Page 44 Chapter 2 Introducing the Web Configurator Click MAINTENANCE to view information about your ZyXEL Device or upgrade configuration and firmware files. Maintenance features include Status (Statistics), Association List, Channel Usage, F/W (firmware) Upload, Configuration (Backup, Restore and Default) and Restart. ZyXEL NWA-3160 Series User’s Guide...
Page 45: Status Screens
Automatic Refresh Interval Refresh System Information System Name ZyXEL NWA-3160 Series User’s Guide Status Screens DESCRIPTION Enter how often you want the ZyXEL Device to update this screen. Click this to update this screen immediately. This field displays the ZyXEL Device system name. It is used for identification.
Page 46 N/A if the interface is not in use. This field displays the SSID(s) currently used by the wireless module. This field displays the MAC address of the wireless adaptor. This field displays the type of wireless security used by each SSID. ZyXEL NWA-3160 Series User’s Guide...
Page 47 Association List Channel Usage Logs Rogue AP List ZyXEL NWA-3160 Series User’s Guide DESCRIPTION This field displays the VLAN ID of each SSID in use, or Disabled if the SSID does not use VLAN. Click this link to view port status and packet specific statistics. See 17.2.1 on page...
Page 48 Chapter 3 Status Screens ZyXEL NWA-3160 Series User’s Guide...
Page 49: Tutorial
Use the Web Configurator to set up your ZyXEL Device’s wireless network (see your Quick Start Guide for information on setting up your ZyXEL Device and accessing the Web Configurator). ZyXEL NWA-3160 Series User’s Guide for links to more information on each step. for details.
Page 50: Figure 11 Configuring Wireless Lan
Configure RADIUS authentication (optional). Configure internal AUTH. SERVER (optional). Configure Layer 2 Isolation (optional). Configure MAC Filter (optional). Check your settings and test. ZyXEL NWA-3160 Series User’s Guide MBSSID Mode. Select 802.11 Mode and Channel ID. Select SSID Profiles Configure each SSID Profile.
Page 51: Further Reading
The following figure shows the multiple networks you want to set up. Your ZyXEL Device is marked Z, the main network router is marked A, and your network printer is marked B. ZyXEL NWA-3160 Series User’s Guide Section 6.7.1 on page Section 6.7.1 on page...
Page 52: Change The Operating Mode
Wireless screen appears. In this example, the ZyXEL Device is using Access Point operating mode, and is currently set to use the SSID04 profile. 00:AA:00:AA:00:AA AA:00:AA:00:AA:00 Section 2.1 on page 41). Click WIRELESS > Wireless. The ZyXEL NWA-3160 Series User’s Guide Chapter 6 on page...
Page 53: Figure 13 Tutorial: Wireless Lan: Before
This Select SSID Profile table allows you to activate or deactivate SSID profiles. Your wireless network was previously using the SSID04 profile, so select SSID04 in one of the Profile list boxes (number 3 in this example). ZyXEL NWA-3160 Series User’s Guide...
Page 54: Configure The Voip Network
VoIP_SSID and Guest_SSID profiles you will need to set different security profiles. Figure 15 Tutorial: WIRELESS > SSID The Voice over IP (VoIP) network will use the pre-configured SSID profile, so select VoIP_SSID’s radio button and click Edit. The following screen displays. ZyXEL NWA-3160 Series User’s Guide...
Page 55: Set Up Security For The Voip Profile
• Leave all the other fields at their defaults and click Apply. 4.2.2.1 Set Up Security for the VoIP Profile Now you need to configure the security settings to use on the VoIP wireless network. Click the Security tab. ZyXEL NWA-3160 Series User’s Guide Chapter 4 Tutorial...
Page 56: Figure 17 Tutorial: Voip Security
(PSK). Enter the PSK you want to use in your network in the Pre Shared Key field. In this example, the PSK is “ThisismyWPA2-PSKpre-sharedkey”. ZyXEL NWA-3160 Series User’s Guide...
Page 57: Activate The Voip Profile
83). Click WIRELESS > SSID. Select Guest_SSID’s entry in the list and click Edit. The following screen appears. ZyXEL NWA-3160 Series User’s Guide Section 9.1 on page 123), and “intra-BSS traffic blocking” means Chapter 4 Tutorial Section 6.1.1 on...
Page 58: Set Up Security For The Guest Profile
You already chose to use the security03 profile for this network, so select security03’s entry in the list and click Edit. The following screen appears. Figure 22 Tutorial: Guest Security Profile Edit • Change the Name field to “Guest_Security” to make it easier to remember and identify. ZyXEL NWA-3160 Series User’s Guide...
Page 59: Set Up Layer 2 Isolation
Click WIRELESS > Layer-2 Isolation. The following screen appears. Figure 24 Tutorial: Layer 2 Isolation The Guest_SSID network uses the l2isolation01 profile by default, so select its entry and click Edit. The following screen displays. ZyXEL NWA-3160 Series User’s Guide Chapter 4 Tutorial...
Page 60: Activate The Guest Profile
Guest_SSID network, but not the VoIP_SSID network. If you can see the VoIP_SSID network, go to its SSID Edit screen and make sure Hide Name (SSID) is set to Enable. Whether or not you see the standard network’s SSID (SSID04) depends on whether “hide SSID” is enabled. ZyXEL NWA-3160 Series User’s Guide...
Page 61: How To Set Up And Use Rogue Ap Detection
A, B, C and D. You also have a network mail/file server, marked E, and a computer, marked F, connected to the wired network. The coffee shop’s access point is marked 1. ZyXEL NWA-3160 Series User’s Guide Chapter 4 Tutorial...
Page 62: Figure 27 Tutorial: Wireless Network Example
Access Point A Access Point B Access Point C Access Point D File / Mail Server E Access Point 1 IP ADDRESS MAC ADDRESS 192.168.1.1 00:AA:00:AA:00:AA 192.168.1.2 AA:00:AA:00:AA:00 192.168.1.3 A0:0A:A0:0A:A0:0A 192.168.1.4 0A:A0:0A:A0:0A:A0 192.168.1.25 UNKNOWN AF:AF:AF:FA:FA:FA ZyXEL NWA-3160 Series User’s Guide...
Page 63: Set Up And Save A Friendly Ap List
Table 6 Tutorial: Friendly AP Information MAC ADDRESS 00:AA:00:AA:00:AA AA:00:AA:00:AA:00 A0:0A:A0:0A:A0:0A 0A:A0:0A:A0:0A:A0 AF:AF:AF:FA:FA:FA ZyXEL NWA-3160 Series User’s Guide DESCRIPTION My Access Point _A_ My Access Point _B_ My Access Point _C_ My Access Point _D_ Coffee Shop Access Point _1_...
Page 64: Figure 29 Tutorial: Friendly Ap (After Data Entry)
3 Next, you will save the list of friendly APs in order to provide a backup and upload it to your other access points. Click the Configuration tab.The following screen appears. Figure 30 Tutorial: Configuration 4 Click Export. If a window similar to the following appears, click Save. ZyXEL NWA-3160 Series User’s Guide...
Page 65: Activate Periodic Rogue Ap Detection
Take the following steps to activate rogue AP detection on the first of your ZyXEL Devices. 1 In the ROGUE AP > Configuration screen, select Yes from the Activate Rogue AP Period Detection field. Figure 33 Tutorial: Periodic Rogue AP Detection ZyXEL NWA-3160 Series User’s Guide Chapter 4 Tutorial Figure 27 on page...
Page 66: Set Up E-Mail Logs
• Enter a subject line for the alert e-mails in the Mail Subject field. Choose a subject that is eye-catching and identifies the access point - in this example, “ALERT_Access_Point_A”. • Enter the email address to which you want alerts to be sent (myname@myfirm.com, in this example). ZyXEL NWA-3160 Series User’s Guide...
Page 67: Configure Your Other Access Points
• Check your e-mail. You should have received at least one e-mail alert (your other ZyXEL Devices may also have sent alerts, depending on their proximity and the output power of your “rogue” AP). ZyXEL NWA-3160 Series User’s Guide Table 5 on page 62 for the example IP addresses.
Page 68: Using Multiple Mac Filters And L-2 Isolation Profiles
115). It uses two SSID profiles simultaneously. You have configured each SSID profile as shown in the following table. Table 7 Tutorial: SSID Profile Security Settings SSID Profile Name SSID SERVER_1 SERVER_2 SSID_S1 SSID_S2 ZyXEL NWA-3160 Series User’s Guide Chapter 8...
Page 69: Configure The Server_1 Network
Take the following steps to configure the SERVER_1 network. 1 Log into the ZyXEL Device’s Web Configurator and click WIRELESS > SSID. The following screen displays, showing the SSID profiles you already configured. ZyXEL NWA-3160 Series User’s Guide Security Profile security04: WPA2-PSK...
Page 70: Figure 36 Tutorial: Ssid Profile
Select l2Isolation03 in the L2 Isolation field, and select macfilter03 in the MAC Filtering field. Click Apply. 3 Click the Layer-2 Isolation tab. When the Layer-2 Isolation screen appears, select L2Isolation03’s entry and click Edit. The following screen displays. ZyXEL NWA-3160 Series User’s Guide...
Page 71: Figure 38 Tutorial: Layer-2 Isolation Edit
Association from the Filter Action field and click Apply. Figure 39 Tutorial: MAC Filter Edit (SERVER_1) You have restricted access to the SERVER_1 network to only the networking device whose MAC address you entered. The SERVER_1 network is now configured. ZyXEL NWA-3160 Series User’s Guide Chapter 4 Tutorial...
Page 72: Configure The Server_2 Network
SSID profiles are selected and activated, as shown in the following figure. Section 4.4.4 on page 69, substituting the following SERVER_2 L2Isolation04 macfilter04 L-2-ISO_SERVER-2 MAC Address: 77:66:55:44:33:22 Description: NET_ROUTER MAC Address: 99:88:77:66:55:44 Description: SERVER_2 MAC Address: 66:55:44:33:22:11 Description: GATEWAY MacFilter_SERVER_2 MAC Address: 22:33:44:55:66:77 Description: Bob ZyXEL NWA-3160 Series User’s Guide...
Page 73: Testing The Configuration
• Using Alice’s computer and wireless client, and incorrect security settings, attempt to associate with the SERVER_1 network. You should be unable to do so. If you can do so, security is misconfigured. ZyXEL NWA-3160 Series User’s Guide Chapter 4 Tutorial...
Page 74 If you cannot do something that you should be able to do, check the settings as described in Section 4.4.6.1 on page profiles for the relevant network. If this does not help, see the Troubleshooting chapter in this User’s Guide. 73, and in the individual Security, layer-2 isolation and MAC filter ZyXEL NWA-3160 Series User’s Guide...
Page 75: The Web Configurator
The Web Configurator System Screens (77) Wireless Configuration (83) Wireless Security Configuration (99) MBSSID and SSID (115) Other Wireless Configuration (123) IP Screen (133) Rogue AP (135) Remote Management Screens (141) Internal RADIUS Server (151) Certificates (157) Log Screens (175) VLAN (181) Maintenance (199)
Page 77: System Screens
Very long idle timeouts may have security risks. A value of "0" means a management session never times out, no matter how long it has been left idle (not recommended). System DNS Servers ZyXEL NWA-3160 Series User’s Guide System Screens...
Page 78: Administrator Authentication On Radius
DNS server, you must know the IP address of a machine in order to access it. The default setting is None. Click Apply to save your changes. Click Reset to reload the previous configuration for this screen. ZyXEL NWA-3160 Series User’s Guide...
Page 79: Figure 43 System > Password
RADIUS Use old setting Use new setting User Name Password ZyXEL NWA-3160 Series User’s Guide DESCRIPTIONS the device. Select this to have the ZyXEL Device use the local management password already configured on the device (“1234” is the default). Select this if you want to change the local management password.
Page 80: Configuring Time Setting
You must already have a RADIUS profile configured for the RADIUS server (see Section 7.11 on page 112). • The server must be set to Active in the profile. Click Apply to save your changes. Click Reset to reload the previous configuration for this screen. ZyXEL NWA-3160 Series User’s Guide...
Page 81: Table 13 System > Time Setting
Time Zone Daylight Savings Start Date End Date ZyXEL NWA-3160 Series User’s Guide DESCRIPTION This field displays the time of your ZyXEL Device. Each time you reload this page, the ZyXEL Device synchronizes the time with the time server (if configured).
Page 82: Pre-Defined Ntp Time Servers List
Device goes through the rest of the list in order from the first one tried until either it is successful or all the pre-defined NTP time servers have been tried. DESCRIPTION Click Apply to save your changes. Click Reset to reload the previous configuration for this screen. ZyXEL NWA-3160 Series User’s Guide...
Page 83: Wireless Configuration
A and B can access the wired network and communicate with each other. When Intra-BSS traffic blocking is enabled, wireless station A and B can still access the wired network but cannot communicate with each other. Figure 45 Basic Service set ZyXEL NWA-3160 Series User’s Guide...
Page 84: Ess
See the Wireless LANs Appendix for information on the following: • Wireless LAN Topologies • Channel • RTS/CTS • Fragmentation Threshold • IEEE 802.1x • RADIUS • Types of Authentication • WPA • Security Parameters Summary ZyXEL NWA-3160 Series User’s Guide...
Page 85: Quality Of Service
Voice over IP or Internet gaming, and those for which jitter alone is a problem such as Internet radio or streaming video. ZyXEL NWA-3160 Series User’s Guide DESCRIPTION Typically used for traffic that is especially sensitive to jitter. Use this priority to reduce latency for improved voice quality.
Page 86: Atc+Wmm
TYPICAL PACKET SIZE SENSITIVITY (BYTES) High < 250 High 60 ~ 90 Medium 300 ~ 600 1500 ATC PRIORITY ATC_High ATC_Medium ATC_Low for details of how to configure ATC+WMM. Section 6.3.3.1 on page 87). ZyXEL NWA-3160 Series User’s Guide 86).
Page 87: Atc+Wmm From Wlan To Lan
IP header. The DS field contains a 2-bit unused field and a 6-bit DSCP field which can define up to 64 service levels. The following figure illustrates the DS field. Figure 47 DiffServ: Differentiated Service Field DSCP (6-bit) ZyXEL NWA-3160 Series User’s Guide Chapter 6 Wireless Configuration ATC VALUE WMM VALUE ATC_High...
Page 88: Tos (Type Of Service) And Wmm Qos
Using RSTP topology change information does not have to propagate to the root bridge and unwanted learned addresses are flushed from the filtering database. In RSTP, the port states are Discarding, Learning, and Forwarding. WMM QOS PRIORITY LEVEL voice video besteffort background ZyXEL NWA-3160 Series User’s Guide...
Page 89: Stp Terminology
BPDU after a predefined interval (Max Age), the bridge assumes that the link to the root bridge is down. This bridge then initiates negotiations with other bridges to reconfigure the network to re-establish a valid network topology. ZyXEL NWA-3160 Series User’s Guide Chapter 6 Wireless Configuration RECOMMENDED...
Page 90: Stp Port States
ZyXEL Device from communicating with other wireless clients, APs, computers or routers in a network. 6 Use the MAC Filter screen to allow or restrict access to your wireless network based on a client’s MAC address. ZyXEL NWA-3160 Series User’s Guide...
Page 91: Configuring Wireless Settings
To have the ZyXEL Device automatically select a channel, click Scan instead. Scan Click this button to have the ZyXEL Device automatically scan for and select the channel with the least interference. ZyXEL NWA-3160 Series User’s Guide Chapter 6 Wireless Configuration...
Page 92: Bridge/Repeater Mode
Apply to confirm. You must then change the wireless settings of your computer to match the ZyXEL Device’s new settings. must have the same SSID to allow roaming. ZyXEL NWA-3160 Series User’s Guide Section 8.2 on page 118...
Page 93: Figure 49 Bridging Example
Figure 50 Bridge Loop: Two Bridges Connected to Hub • If your ZyXEL Device (in bridge mode) is connected to a wired LAN while communicating with another wireless bridge that is also connected to the same wired LAN. ZyXEL NWA-3160 Series User’s Guide Chapter 6 Wireless Configuration...
Page 94: Figure 51 Bridge Loop: Bridge Connected To Wired Lan
Device is not set to bridge mode while connected to both wired and wireless segments of the same LAN. To have the ZyXEL Device act as a wireless bridge only, click WIRELESS > Wireless and select Bridge/Repeater as the Operating Mode. Figure 52 Wireless: Bridge/Repeater ZyXEL NWA-3160 Series User’s Guide...
Page 95: Table 24 Wireless: Bridge/Repeater
Threshold Output Power Enable WDS Security Select this to turn on security for the ZyXEL Device’s Wireless Distribution ZyXEL NWA-3160 Series User’s Guide DESCRIPTIONS Select Bridge/Repeater in this field. Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to associate with the ZyXEL Device.
Page 96: Ap+Bridge Mode
(including spaces and symbols). You must also set the peer device to use the same pre-shared key. Each peer device can use a different pre-shared key. for information on the other labels in this screen. ZyXEL NWA-3160 Series User’s Guide...
Page 97: Mbssid Mode
6.7.4 MBSSID Mode Select MBSSID as the Operating Mode to display the screen. Refer to for configuration and detailed information. See settings. ZyXEL NWA-3160 Series User’s Guide Chapter 6 Wireless Configuration Chapter 8 on page 115 Chapter 7 on page 99...
Page 98 Chapter 6 Wireless Configuration ZyXEL NWA-3160 Series User’s Guide...
Page 99: Wireless Security Configuration
WEP encryption scrambles the data transmitted between the wireless stations and the access points to keep network communications private. It encrypts unicast and multicast communications in a network. Both the wireless stations and the access points must use the same WEP key. ZyXEL NWA-3160 Series User’s Guide...
Page 100: Overview
7.4 Introduction to WPA Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. Key differences between WPA and WEP are user authentication and improved data encryption. ZyXEL NWA-3160 Series User’s Guide...
Page 101: User Authentication
(PSK) must consist of between 8 and 63 ASCII characters (including spaces and symbols). 2 The AP checks each wireless client's password and allows it to join the network only if the password matches. ZyXEL NWA-3160 Series User’s Guide Chapter 7 Wireless Security Configuration...
Page 102: Wpa(2) With External Radius Application Example
AP and the wireless clients. ZyXEL NWA-3160 Series User’s Guide...
Page 103: Security Modes
802.1x-Static128 WPA-PSK WPA2 WPA2-MIX WPA2-PSK WPA2-PSK-MIX ZyXEL NWA-3160 Series User’s Guide Chapter 7 Wireless Security Configuration DESCRIPTION Select this to have no data encryption. Select this to use WEP encryption. Select this to use 802.1x authentication with no data encryption.
Page 104: Wireless Client Wpa Supplicants
Use the Security screen to create secure profiles. A security profile is a group of configuration settings which can be assigned to an SSID profile in the SSID configuration screen. You can configure up to 16 security profiles. To change your ZyXEL Device’s wireless security settings, click WIRELESS > Security. ZyXEL NWA-3160 Series User’s Guide...
Page 105: Security: Wep
Select an entry from the list and click Edit to configure security settings for that profile. The next screen varies according to the Security Mode you select. 7.9.1 Security: WEP Select WEP in the Security Mode field to display the following screen. ZyXEL NWA-3160 Series User’s Guide Chapter 7 Wireless Security Configuration...
Page 106: Security: 802.1X Only
You must configure all four keys, but only one key can be activated at any one time. The default key is key 1. Click Apply to save your changes. Click Reset to begin configuring this screen afresh. ZyXEL NWA-3160 Series User’s Guide...
Page 107: Security: 802.1X Static 64-Bit, 802.1X Static 128-Bit
7.9.3 Security: 802.1x Static 64-bit, 802.1x Static 128-bit Select 802.1x Static 64 or 802.1x Static 128 in the Security Mode field to display the following screen. ZyXEL NWA-3160 Series User’s Guide Chapter 7 Wireless Security Configuration RADIUS server, the reauthentication timer on the...
Page 108: Figure 60 Security: 802.1X Static 64-Bit, 802.1X Static 128-Bit
The default time interval is 3600 seconds (or 1 hour). Click Apply to save your changes. Click Reset to begin configuring this screen afresh. ZyXEL NWA-3160 Series User’s Guide...
Page 109: Security: Wpa
Click Reset to begin configuring this screen afresh. 7.9.5 Security: WPA2 or WPA2-MIX Select WPA2 or WPA2-MIX in the Security Mode field to display the following screen. ZyXEL NWA-3160 Series User’s Guide Chapter 7 Wireless Security Configuration RADIUS server, the reauthentication timer on the...
Page 110: Figure 62 Security:wpa2 Or Wpa2-Mix
AP from the one to which it is currently connected, before moving into the new AP’s coverage area. This speeds up roaming. Select Enable to allow pre- authentication, or Disable to switch it off. Click Apply to save your changes. Click Reset to begin configuring this screen afresh. ZyXEL NWA-3160 Series User’s Guide...
Page 111: Security: Wpa-Psk, Wpa2-Psk, Wpa2-Psk-Mix
The ZyXEL Device’s default is 1800 seconds (30 minutes). Apply Click Apply to save your changes. Reset Click Reset to begin configuring this screen afresh. ZyXEL NWA-3160 Series User’s Guide Chapter 7 Wireless Security Configuration RADIUS server, the reauthentication timer on the RADIUS server has priority.
Page 112: Introduction To Radius
Select the RADIUS profile you want to configure from the drop-down list box. Type a name for the RADIUS profile associated with the Index number above. Configure the fields below to set up user authentication and accounting. ZyXEL NWA-3160 Series User’s Guide Section 13.1 on page...
Page 113 Port Share Secret Apply Reset ZyXEL NWA-3160 Series User’s Guide Chapter 7 Wireless Security Configuration DESCRIPTION If the ZyXEL Device cannot communicate with the Primary accounting server, you can have the ZyXEL Device use a Backup RADIUS server. Make sure the Active check boxes are selected if you want to use backup servers.
Page 114 Chapter 7 Wireless Security Configuration ZyXEL NWA-3160 Series User’s Guide...
Page 115: Mbssid And Ssid
1 and similarly users in BSS2 may only access resources on LAN 2. VLAN 2 is the management VLAN. The switch adds PVID (Port VLAN IDentity) tags to incoming frames that don’t already have tags (on switch ports where PVID is enabled). ZyXEL NWA-3160 Series User’s Guide MBSSID and SSID...
Page 116: Configuring Multiple Bsss
Figure 65 Multiple BSS with VLAN Example 8.1.5 Configuring Multiple BSSs Click WIRELESS > Wireless and select MBSSID in the Operating Mode drop-down list box to display the screen as shown. Figure 66 Wireless: Multiple BSS ZyXEL NWA-3160 Series User’s Guide...
Page 117: Table 35 Wireless: Multiple Bss
Threshold Output Power Select SSID Profile Index ZyXEL NWA-3160 Series User’s Guide DESCRIPTION Select MBSSID in this field to display the screen as shown Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to associate with the ZyXEL Device.
Page 118: Ssid
Note: All APs on the same subnet and the wireless stations must have the same SSID to allow roaming. Click Apply to save your changes. Click Reset to begin configuring this screen afresh. ZyXEL NWA-3160 Series User’s Guide Section 6.6 on page...
Page 119: Configuring Ssid
Edit 8.2.2 Configuring SSID Each SSID profile references the settings configured in the following screens: ZyXEL NWA-3160 Series User’s Guide DESCRIPTION This field displays the index number of each SSID profile. This field displays the identification name of each SSID profile on the ZyXEL Device.
Page 120: Figure 68 Configuring Ssid
Select a RADIUS profile from the drop-down list box, if you have a RADIUS server configured. If you do not need to use RADIUS authentication, ignore this field. See Section 7.11 on page 112 ZyXEL NWA-3160 Series User’s Guide Section 7.9 on page for more information.
Page 121 Intra-BSS Traffic blocking MAC Filtering Apply Reset ZyXEL NWA-3160 Series User’s Guide DESCRIPTION Select the Quality of Service priority for this BSS’s traffic. • In the pre-configured VoIP_SSID profile, the QoS setting is VoIP. This is not user-configurable. The VoIP setting is available only on the VoIP_SSID profile, and provides the highest level of QoS.
Page 122 Chapter 8 MBSSID and SSID ZyXEL NWA-3160 Series User’s Guide...
Page 123: Other Wireless Configuration
Internet (C) and the network printer (D) while preventing the client from accessing other computers and servers on the network. The client can communicate with other wireless clients only if Intra-BSS Traffic blocking is disabled. Intra-BSS Traffic Blocking is activated when you enable layer-2 isolation. ZyXEL NWA-3160 Series User’s Guide...
Page 124: The Layer-2 Isolation Screen
AP. Intra-BSS Traffic allows wireless clients associated with the same AP to communicate with each other. 9.2 The Layer-2 Isolation Screen Click WIRELESS > Layer-2 Isolation. The screen appears as shown next. ZyXEL NWA-3160 Series User’s Guide...
Page 125: Configuring Layer-2 Isolation
If layer-2 isolation is enabled, you need to know the MAC address of each wireless client, AP, computer or router that you want to allow to communicate with the ZyXEL Device's wireless clients. ZyXEL NWA-3160 Series User’s Guide Chapter 9 Other Wireless Configuration...
Page 126: Layer-2 Isolation Examples
Type the MAC address in a valid MAC address format (six hexadecimal character pairs, for example 12:34:56:78:9a:bc). Type a name to identify this device. Click Apply to save your changes. Click Reset to begin configuring this screen afresh. ZyXEL NWA-3160 Series User’s Guide...
Page 127: Layer-2 Isolation Example 1
• Enter the server’s and your ZyXEL Device’s MAC addresses in the MAC Address fields. Enter “File Server C” in C’s Description field, and enter “Access Point B” in B’s Description field. ZyXEL NWA-3160 Series User’s Guide Chapter 9 Other Wireless Configuration 00:00:c5:00:00:66...
Page 128: The Mac Filter Screen
MAC filter profile. The ZyXEL Device provides 16 MAC Filter profiles, each of which can hold up to 32 MAC addresses. Click WIRELESS > MAC Filter. The screen displays as shown. Figure 75 WIRELESS > MAC Filter ZyXEL NWA-3160 Series User’s Guide...
Page 129: Configuring Mac Filtering
Select an entry from the list and click Edit to configure settings for that profile. 9.4.1 Configuring MAC Filtering To change your ZyXEL Device’s MAC filter settings, click WIRELESS > MAC Filter > Edit. The screen appears as shown. Figure 76 MAC Address Filter ZyXEL NWA-3160 Series User’s Guide Chapter 9 Other Wireless Configuration...
Page 130: Configuring Roaming
ZyXEL Device. Type a name to identify this wireless station. Click Apply to save your changes. Click Reset to begin configuring this screen afresh. ZyXEL NWA-3160 Series User’s Guide Figure 77 on page 131.
Page 131: Requirements For Roaming
5 The access points must be connected to the Ethernet and be able to get IP addresses from a DHCP server if using dynamic IP address assignment. To enable roaming on your ZyXEL Device, click WIRELESS > Wireless. The screen appears as shown. ZyXEL NWA-3160 Series User’s Guide Chapter 9 Other Wireless Configuration...
Page 132: Figure 78 Roaming
Chapter 9 Other Wireless Configuration Figure 78 Roaming Select the Roaming Active check box and click Apply. ZyXEL NWA-3160 Series User’s Guide...
Page 133: Ip Screen
ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses. ZyXEL NWA-3160 Series User’s Guide 10.255.255.255 172.31.255.255 192.168.255.255...
Page 134: Configuring Ip
LAN, the gateway must be a router on the same segment as your ZyXEL Device; over the WAN, the gateway must be the IP address of one of the remote nodes. Click Apply to save your changes. Click Reset to begin configuring this screen afresh. ZyXEL NWA-3160 Series User’s Guide...
Page 135: Rogue Ap
AP uses inferior security that is easily broken by an attacker (X) running readily available encryption-cracking software. In this example, the attacker now has access to the company network, including sensitive data stored on the file server (C). ZyXEL NWA-3160 Series User’s Guide Rogue AP...
Page 136: Honeypot" Attack
This scenario can also be part of a wireless denial of service (DoS) attack, in which associated wireless clients are deprived of network access. Other opportunities for the attacker include the introduction of malware (malicious software) into the network. ZyXEL NWA-3160 Series User’s Guide...
Page 137: Configuring Rogue Ap Detection
You can also set the ZyXEL Device to email you immediately when a rogue AP is detected (see Chapter 15 on page 175 11.3.1 Rogue AP: Configuration Click ROGUE AP > Configuration. The following screen appears. ZyXEL NWA-3160 Series User’s Guide for information on how to set up email logs). Chapter 11 Rogue AP...
Page 138: Rogue Ap: Friendly Ap
Click this button to upload the previously-saved list of friendly APs displayed in the File Path field to the ZyXEL Device. Click Apply to save your settings. Click Reset to return all fields in this screen to their previously-saved values. ZyXEL NWA-3160 Series User’s Guide...
Page 139: Rogue Ap List
You can set how often you want the ZyXEL Device to scan for rogue APs in the ROGUE AP > Configuration screen (see Click ROGUE AP > Rogue AP. The following screen displays. ZyXEL NWA-3160 Series User’s Guide DESCRIPTION Use this section to manually add a wireless access point to the list. You must know the device’s MAC address.
Page 140: Figure 84 Rogue Ap > Rogue Ap
138). When the ZyXEL Device next scans for rogue APs, the selected AP does not appear in the rogue AP list. Click Reset to return all fields in this screen to their default values. ZyXEL NWA-3160 Series User’s Guide Section 11.3.2 on page 138)
Page 141: Remote Management Screens
The ZyXEL Device automatically logs you out if the management session remains idle for longer than this timeout period. The management session does not time out when a statistics screen is polling. You can change the timeout period in the System screen ZyXEL NWA-3160 Series User’s Guide • ALL (LAN and WLAN) •...
Page 142: Configuring Telnet
Select All to allow any computer to access the ZyXEL Device using this service. Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service. DESCRIPTION ZyXEL NWA-3160 Series User’s Guide...
Page 143: Configuring Ftp
Server Access Select the interface(s) through which a computer may access the ZyXEL Device using this service. ZyXEL NWA-3160 Series User’s Guide Chapter 12 Remote Management Screens DESCRIPTION...
Page 144: Configuring Www
Select All to allow any computer to access the ZyXEL Device using this service. Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service. HTTPS ZyXEL NWA-3160 Series User’s Guide...
Page 145: Snmp
Device supports SNMP version one (SNMPv1) and version two (SNMPv2c). The next figure illustrates an SNMP management operation. SNMP is only available if TCP/IP is configured. SNMP is only available if TCP/IP is configured. ZyXEL NWA-3160 Series User’s Guide Chapter 12 Remote Management Screens...
Page 146: Supported Mibs
The ZyXEL Device supports MIB II that is defined in RFC-1213 and RFC-1215 as well as the proprietary ZyXEL private MIB. The purpose of the MIBs is to let administrators collect statistical data and monitor status and performance. ZyXEL NWA-3160 Series User’s Guide...
Page 147: Snmp Traps
Virtual enet3 ~ enet9 enet10 ~ enet16 enet17 ~ enet21 enet22 ~ enet26 ZyXEL NWA-3160 Series User’s Guide Chapter 12 Remote Management Screens OBJECT IDENTIFIER # DESCRIPTION (OID) 1.3.6.1.6.3.1.1.5.1 This trap is sent after booting (power on). This trap is defined in RFC-1215.
Page 148: Configuring Snmp
Select All to allow any computer to access the ZyXEL Device using this service. Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service. ZyXEL NWA-3160 Series User’s Guide...
Page 149 Table 53 Remote Management: SNMP LABEL DESCRIPTION Apply Click Apply to save your customized settings and exit this screen. Reset Click Reset to begin configuring this screen afresh. ZyXEL NWA-3160 Series User’s Guide Chapter 12 Remote Management Screens...
Page 150 Chapter 12 Remote Management Screens ZyXEL NWA-3160 Series User’s Guide...
Page 151: Internal Radius Server
A password and user name on the utility must match the Trusted Users list so that the RADIUS server can be authenticated. ZyXEL NWA-3160 Series User’s Guide Section 7.10 on page...
Page 152: Figure 91 Internal Radius Server Setting Screen
Note: It is recommended that you replace the factory default certificate with one that uses your ZyXEL Device's MAC address. Do this when you first log in to the ZyXEL Device or in the CERTIFICATES > My Certificates screen. ZyXEL NWA-3160 Series User’s Guide...
Page 153: Trusted Ap Overview
Each wireless client must have a user name and password configured in the AUTH. SERVER > Trusted Users screen. The following figure shows how this is done in two phases. ZyXEL NWA-3160 Series User’s Guide Chapter 13 Internal RADIUS Server...
Page 154: Configuring Trusted Ap
The wireless clients can then be authenticated by the ZyXEL Device’s internal RADIUS server. 13.4 Configuring Trusted AP To specify trusted APs, click the AUTH SERVER link under ADVANCED and then the Trusted AP tab. The screen appears as shown. Trusted APs Wireless clients ZyXEL NWA-3160 Series User’s Guide...
Page 155: Configuring Trusted Users
13.5 Configuring Trusted Users A trusted user entry consists of a wireless client user name and password. To configure trusted user entries, click AUTH SERVER > Trusted Users. The screen appears as shown. ZyXEL NWA-3160 Series User’s Guide Chapter 13 Internal RADIUS Server...
Page 156: Figure 94 Trusted Users Screen
The password on the wireless client’s utility must be the same as this password. Note: If you are using PEAP authentication, this password field Apply Click Apply to save your changes. Reset Click Reset to begin configuring this screen afresh. is limited to 14 ASCII characters in length. ZyXEL NWA-3160 Series User’s Guide...
Page 157: Certificates
A certification path is the hierarchy of certification authority certificates that validate a certificate. The ZyXEL Device does not trust a certificate if any certificate on its path has expired or been revoked. ZyXEL NWA-3160 Series User’s Guide Certificates...
Page 158: Advantages Of Certificates
2 Make sure that the certificate has a “.cer” or “.crt” file name extension. Figure 95 Certificates on Your Computer 3 Double-click the certificate’s icon to open the Certificate window. Click the Details tab and scroll down to the Thumbprint Algorithm and Thumbprint fields. ZyXEL NWA-3160 Series User’s Guide...
Page 159: Configuration Summary
14.5 My Certificates Click CERTIFICATES > My Certificates to open the ZyXEL Device’s summary list of certificates and certification requests. Certificates display in black and certification requests display in gray. See the following figure. ZyXEL NWA-3160 Series User’s Guide Chapter 14 Certificates...
Page 160: Figure 97 My Certificates
This field displays identifying information about the certificate’s issuing certification authority, such as a common name, organizational unit or department, organization or company and country. With self-signed certificates, this is the same information as in the Subject field. ZyXEL NWA-3160 Series User’s Guide...
Page 161: Certificate File Formats
PKS#7 file that contains a single certificate. • PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses 64 ASCII characters to convert a binary PKCS#7 certificate into a printable form. ZyXEL NWA-3160 Series User’s Guide Chapter 14 Certificates...
Page 162: Importing A Certificate
DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it. Browse Click Browse to find the certificate file you want to upload. ZyXEL NWA-3160 Series User’s Guide...
Page 163: Creating A Certificate
Table 59 My Certificate Create LABEL Certificate Name Subject Information ZyXEL NWA-3160 Series User’s Guide DESCRIPTION Type up to 31 ASCII characters (not including spaces) to identify this certificate. Use these fields to record information that identifies the owner of the certificate.
Page 164 You must have the certification authority’s certificate already imported in the Trusted CAs screen. Click Trusted CAs to go to the Trusted CAs screen where you can view (and manage) the ZyXEL Device's list of certificates of trusted certification authorities. ZyXEL NWA-3160 Series User’s Guide (Section...
Page 165: My Certificate Details
ZyXEL Device uses to sign the trusted remote host certificates that you import to the ZyXEL Device. ZyXEL NWA-3160 Series User’s Guide DESCRIPTION When you select Create a certification request and enroll for a certificate...
Page 166: Figure 100 My Certificate Details
This automatically clears the check box in the details screen of the certificate that was previously set to sign the imported trusted remote host certificates. ZyXEL NWA-3160 Series User’s Guide...
Page 167 “Path Length Constraint=1” means that there can only be one certification authority in the certificate’s path. MD5 Fingerprint This is the certificate’s message digest that the ZyXEL Device calculated using the MD5 algorithm. ZyXEL NWA-3160 Series User’s Guide Chapter 14 Certificates...
Page 168: Trusted Cas
Click Cancel to quit and return to the My Certificates screen. ZyXEL NWA-3160 Series User’s Guide...
Page 169: Importing A Trusted Ca's Certificate
Click CERTIFICATES >Trusted CAs to open the Trusted CAs screen and then click Import to open the Trusted CA Import screen. Follow the instructions in this screen to save a trusted certification authority’s certificate to the ZyXEL Device, see the following figure. ZyXEL NWA-3160 Series User’s Guide Chapter 14 Certificates...
Page 170: Trusted Ca Certificate Details
ZyXEL Device to check a certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority. ZyXEL NWA-3160 Series User’s Guide...
Page 171: Figure 103 Trusted Ca Details
The ZyXEL Device does not trust the end entity’s certificate and displays “Not trusted” in this field if any certificate on the path has expired or been revoked. Refresh Click Refresh to display the certification path. ZyXEL NWA-3160 Series User’s Guide Chapter 14 Certificates...
Page 172 See Section 14.3 on page 158 certificate before you import it into the ZyXEL Device. ZyXEL NWA-3160 Series User’s Guide for how to verify a remote host’s...
Page 173 Cancel Click Cancel to quit and return to the Trusted CAs screen. ZyXEL NWA-3160 Series User’s Guide Section 14.3 on page 158 for how to verify a remote host’s Chapter 14 Certificates...
Page 174 Chapter 14 Certificates ZyXEL NWA-3160 Series User’s Guide...
Page 175: Log Screens
This field lists the source IP address and the port number of the incoming packet. Destination This field lists the destination IP address and the port number of the incoming packet. ZyXEL NWA-3160 Series User’s Guide Log Screens Figure 105 on page 176). Options include logs about...
Page 176: Configuring Log Settings
This field displays additional information about the log entry. Click Email Log Now to send the log screen to the e-mail address specified in the Log Settings page. Click Refresh to renew the log screen. Click Clear Log to clear all the logs. ZyXEL NWA-3160 Series User’s Guide...
Page 177: Table 65 Log Settings
Send Immediate Alert Apply Reset ZyXEL NWA-3160 Series User’s Guide DESCRIPTION Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and alert messages will not be sent via e-mail.
Page 178: Example Log Messages
Someone has logged on to the router via telnet. Someone has failed to log on to the router via telnet. Someone has logged on to the router via FTP. Someone has failed to log on to the router via FTP. ZyXEL NWA-3160 Series User’s Guide...
Page 179: Log Commands
Use the sys logs save command to store the settings in the ZyXEL Device (you must do this in order to record logs). ZyXEL NWA-3160 Series User’s Guide DESCRIPTION This message is sent by the "RAS" when this syslog is generated.
Page 180: Displaying Logs
3 ras> sys logs save ras> sys logs display access time | 11/11/2002 15:10:12 | 172.22.3.80:137 source destination 172.22.255.255:137 ZyXEL NWA-3160 Series User’s Guide notes message ACCESS BLOCK...
Page 181: Vlan
You must connect the ZyXEL Device to a VLAN-aware device that is a member of the management VLAN in order to perform management. See the Configuring Management VLAN example BEFORE you configure the VLAN screens. ZyXEL NWA-3160 Series User’s Guide VLAN...
Page 182: Configuring Vlan
To use RADIUS VLAN, you must first select Enable VIRTUAL LAN and configure the Management VLAN ID in the VLAN > WIRELESS VLAN screen. 16.2.1 Wireless VLAN Click VLAN > WIRELESS VLAN. The following screen appears. Section 16.2.4 on page ZyXEL NWA-3160 Series User’s Guide...
Page 183: Figure 106 Wireless Vlan
VLAN Mapping Table Index Name SSID ZyXEL NWA-3160 Series User’s Guide DESCRIPTION Select this box to enable VLAN tagging. Enter a number from 1 to 4094 to define this VLAN group. At least one device in your network must belong to this VLAN group in order to manage the ZyXEL Device.
Page 184: Radius Vlan
SSIDs with this VLAN ID configured in the VLAN ID or Second Rx VLAN ID fields. See Section 16.2.5 on page 196 more information. Click this to save your changes to the ZyXEL Device. Click this to return this screen to its last-saved settings. ZyXEL NWA-3160 Series User’s Guide...
Page 185: Configuring Management Vlan Example
ZyXEL Device. The following figure has the ZyXEL Device connected to port 2 of the switch and your computer connected to port 1. The management VLAN ID is ten. ZyXEL NWA-3160 Series User’s Guide DESCRIPTION Select this to have the ZyXEL Device forbid access to wireless clients when the VLAN attributes sent from the RADIUS server do not match a configured Name field.
Page 186: Figure 108 Management Vlan Configuration Example
7 Under Control, select Fixed to set the port as a member of the VLAN. Figure 109 VLAN-Aware Switch - Static VLAN 8 Click Apply. The following screen displays. Figure 110 VLAN-Aware Switch 9 Click VLAN Status to display the following screen. ZyXEL NWA-3160 Series User’s Guide...
Page 187: Figure 111 Vlan-Aware Switch - Vlan Status
If you do not connect the ZyXEL Device to a correctly configured VLAN-aware device, you will lock yourself out of the ZyXEL Device. If this happens, you must reset the ZyXEL Device to access it again. ZyXEL NWA-3160 Series User’s Guide 186. Chapter 16 VLAN...
Page 188: Configuring Microsoft's Ias Server Example
VALUE 13 (decimal) – VLAN 6 (decimal) – 802 <vlan-name> (string) – either the Name you enter in the ZyXEL Device’s VLAN > RADIUS VLAN screen or the number. See Figure 124 on page 194. ZyXEL NWA-3160 Series User’s Guide...
Page 189: Configuring Remote Access Policies
For example, if the Day-And-Time Restriction policy is still present, it should be moved to the bottom or deleted to allow the VLAN Group policies to take precedence. • Right click Remote Access Policy and select New Remote Access Policy. ZyXEL NWA-3160 Series User’s Guide Chapter 16 VLAN...
Page 190: Figure 115 New Remote Access Policy For Vlan Group
4 The Select Groups window displays. Select a remote access policy and click the Add button. The policy is added to the field below. Only one VLAN Group should be associated with each policy. 5 Click OK and Next in the next few screens to accept the group value. ZyXEL NWA-3160 Series User’s Guide...
Page 191: Figure 117 Adding Vlan Group
Extensible Authentication Protocol check box. • Select an EAP type depending on your authentication needs from the drop-down list box. • Clear the check boxes for all other authentication types listed below the drop-down list box. ZyXEL NWA-3160 Series User’s Guide Chapter 16 VLAN...
Page 192: Figure 119 Authentication Tab Settings
10 Click the Advanced tab. The current default parameters returned to the ZyXEL Device should be Service-Type and Framed-Protocol. • Click the Add button to add an additional three RADIUS VLAN attributes required for 802.1X Dynamic VLAN Assignment. ZyXEL NWA-3160 Series User’s Guide...
Page 193: Figure 121 Connection Attributes Screen
• Select Tunnel-Medium-Type • Click the Add button. Figure 122 RADIUS Attribute Screen 12 The Enumerable Attribute Information screen displays. Select the 802 value from the Attribute value drop-down list box. • Click OK. ZyXEL NWA-3160 Series User’s Guide Chapter 16 VLAN...
Page 194: Figure 123 802 Attribute Setting For Tunnel-Medium-Type
• Click Add. 16 The Enumerable Attribute Information screen displays. • Select Virtual LANs (VLAN) from the attribute value drop-down list box. • Click OK. Figure 122 on page 193. Figure 122 on page 193. ZyXEL NWA-3160 Series User’s Guide...
Page 195: Figure 125 Vlan Attribute Setting For Tunnel-Type
Group defined in the Active Directory. Remember to place the most general Remote Access Policies at the bottom of the list and the most specific at the top of the list. ZyXEL NWA-3160 Series User’s Guide Chapter 16 VLAN Figure 122 on page...
Page 196: Second Rx Vlan Id Example
ZyXEL Device and you will have to restore the default configuration file. 4 Select the SSID profile you want to configure (SSID03 in this example), and enter the VLAN ID number (between 1 and 4094). Section 16.2.3 on page 185). ZyXEL NWA-3160 Series User’s Guide...
Page 197: Figure 128 Configuring Ssid: Second Rx Vlan Id Example
6 Click Apply to save these settings. Outgoing packets from clients in SSID03 are tagged with a VLAN ID of 3, and incoming packets with a VLAN ID of 3 or 4 are forwarded to SSID03. ZyXEL NWA-3160 Series User’s Guide Chapter 16 VLAN...
Page 198 Chapter 16 VLAN ZyXEL NWA-3160 Series User’s Guide...
Page 199: Maintenance
This is the Ethernet port DHCP role - Client or None. Show Statistics Click Show Statistics to see router performance statistics such as number of packets sent and number of packets received for each port. ZyXEL NWA-3160 Series User’s Guide Maintenance...
Page 200: System Statistics
This is total amount of time the line has been up. Enter the time interval for refreshing statistics. Click this button to apply the new poll interval you entered above. Click this button to stop refreshing statistics. ZyXEL NWA-3160 Series User’s Guide...
Page 201: Channel Usage
Click MAINTENANCE > Channel Usage to display the screen shown next. Wait a moment while the ZyXEL Device compiles the information. Figure 132 Channel Usage ZyXEL NWA-3160 Series User’s Guide DESCRIPTION This is the index number of an associated wireless station.
Page 202: F/W Upload Screen
Wireless LAN chapter) and security setup. Click Refresh to reload the screen. DESCRIPTION Type in the location of the file you want to upload in this field or click Browse ... to find it. ZyXEL NWA-3160 Series User’s Guide...
Page 203: Figure 134 Firmware Upload In Process
After two minutes, log in again and check your new firmware version in the System Status screen. If the upload was not successful, the following screen will appear. Click Return to go back to the F/W Upload screen. ZyXEL NWA-3160 Series User’s Guide Chapter 17 Maintenance...
Page 204: Configuration Screen
The backup configuration file will be useful in case you need to return to your previous settings. Click Backup to save the ZyXEL Device’s current configuration to your computer. for information on how to transfer configuration files using FTP/ ZyXEL NWA-3160 Series User’s Guide...
Page 205: Restore Configuration
(192.168.1.2). See your Quick Start Guide for details on how to set up your computer’s IP address. If the upload was not successful, the following screen will appear. Click Return to go back to the Configuration screen. ZyXEL NWA-3160 Series User’s Guide Chapter 17 Maintenance...
Page 206: Back To Factory Defaults
System restart allows you to reboot the ZyXEL Device without turning the power off. Click MAINTENANCE > Restart. Click Restart to have the ZyXEL Device reboot. This does not affect the ZyXEL Device's configuration. Figure 142 Restart Screen for more information. ZyXEL NWA-3160 Series User’s Guide...
Page 207: Smt And Troubleshooting
SMT and Troubleshooting Introducing the SMT (209) General Setup (215) LAN Setup (217) SNMP Configuration (219) System Password (221) System Information and Diagnosis (223) Firmware and Configuration File Maintenance (229) System Maintenance and Information (235) Troubleshooting (243)
Page 209: Introducing The Smt
• No parity, 8 data bits, 1 stop bit, flow control set to none. 18.2.1 Initial Screen When you turn on your ZyXEL Device, it performs several internal tests. After the tests, the ZyXEL Device asks you to press [ENTER] to continue, as shown next. ZyXEL NWA-3160 Series User’s Guide Introducing the SMT...
Page 210: Entering The Password
FLASH: AMD 32M ZyNOS Version: V3.60(AAL.0)b1 | 04/13/2007 19:40:56 Press any key to enter debug mode within 3 seconds. Copyright (c) 1994 - 2007 ZyXEL Communications Corp. initialize ch =0, ethernet address: 00:13:49:DF:42:A8 initialize ch =1, ethernet address: 00:13:49:DF:42:A8 initialize ch =2, ethernet address: 00:13:49:DF:42:A9...
Page 211: Connect To Your Zyxel Device Using Telnet
Change the ZyXEL Device’s default password by following the steps shown next. 1 From the main menu, enter “23” to display Menu 23 – System Password. 2 Type your existing system password in the Old Password field, and press [ENTER]. ZyXEL NWA-3160 Series User’s Guide Chapter 18 Introducing the SMT...
Page 212: Smt Menu Overview Example
3.2 TCP/IP Setup 24.2 System Information and Console Port Speed 24.3 Log and Trace 24.4 Diagnostic 24.8 Command Interpreter Mode 24.10 Time and Date Setting 24.11 Remote Management Setup ZyXEL NWA-3160 Series User’s Guide 24.2.1 System Information 24.2.2 Console Port Speed...
Page 213: Figure 147 Smt Main Menu
Type “99”, then press [ENTER]. After you enter the password, the SMT displays the main menu, as shown next. Figure 147 SMT Main Menu Copyright (c) 1994 - 2007 ZyXEL Communications Corp. Getting Started 1. General Setup 3. LAN Setup ZyXEL NWA-3160 Series User’s Guide...
Page 214: System Management Terminal Interface Summary
Use this menu to set up your LAN and WLAN connection. Use this menu to set up SNMP related parameters. Use this menu to change your password. This menu provides system status, diagnostics, software upload, etc. Use this to exit the SMT. ZyXEL NWA-3160 Series User’s Guide...
Page 215: General Setup
Press [SPACE BAR] to select From DHCP, User Defined or None and press System DNS Server [ENTER]. These fields are not available on all models. ZyXEL NWA-3160 Series User’s Guide General Setup Menu 1 - General Setup System Name= NWA-Series...
Page 216 Enter the IP addresses of the DNS servers. This field is available when you select User-Defined in the field above. ENTER ] at the prompt “Press ENTER to Confirm…” to ] at any time to cancel. ZyXEL NWA-3160 Series User’s Guide...
Page 217: Lan Setup
To edit menu 3.2, enter “3” from the main menu to display Menu 3-LAN Setup. When menu 3 appears, type “2” and press [ENTER] to display Menu 3.2-TCP/IP Setup, as shown next Figure 150 Menu 3.2 TCP/IP Setup ZyXEL NWA-3160 Series User’s Guide LAN Setup Menu 3 - LAN Setup Enter Menu Selection Number: Menu 3.2 - TCP/IP Setup...
Page 218: Table 83 Menu 3.2 Tcp/Ip Setup
ZyXEL Device. When you have completed this menu, press [ save your configuration, or press [ ENTER ] at the prompt “Press ENTER to Confirm…” to ] at any time to cancel. ZyXEL NWA-3160 Series User’s Guide...
Page 219: Snmp Configuration
A blank (default) field means your ZyXEL Device will respond to all SNMP messages it receives, regardless of source. Trap: Community Type the trap community, which is the password sent with each trap to the SNMP manager. ZyXEL NWA-3160 Series User’s Guide SNMP Configuration...
Page 220 When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen. ZyXEL NWA-3160 Series User’s Guide...
Page 221: System Password
Enter here to CONFIRM or ESC to CANCEL: You should change the default password. If you forget your password you have to restore the default configuration file. Refer to ZyXEL NWA-3160 Series User’s Guide System Password Section 18.4 on page Menu 23 –...
Page 222 Chapter 22 System Password ZyXEL NWA-3160 Series User’s Guide...
Page 223: System Information And Diagnosis
[ESC] takes you back to the previous screen. The following table describes the fields present in Menu 24.1 – System Maintenance – Status which are read-only and meant for diagnostic purposes. ZyXEL NWA-3160 Series User’s Guide Diagnosis Menu 24 - System Maintenance...
Page 224: Figure 154 Menu 24.1 System Maintenance: Status
This is the time the ZyXEL Device is up and running from the last reboot. ZyNOS F/W Version Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. Name This displays the device name.
Page 225: System Information
The following table describes the fields in this menu. Table 86 Menu 24.2.1 System Maintenance: Information FIELD Name Routing ZyXEL NWA-3160 Series User’s Guide Chapter 23 System Information and Diagnosis Please enter selection: DESCRIPTION Displays the system name of your ZyXEL Device. This information can be changed in Menu 1 –...
Page 226: Console Port Speed
Trace. DESCRIPTION Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. Refers to the country code of the firmware. Refers to the Ethernet MAC (Media Access Control) of your ZyXEL Device.
Page 227: Diagnostic
1 From the main menu, type “24” to open Menu 24 – System Maintenance. 2 From this menu, type “4” to open Menu 24.4 – System Maintenance – Diagnostic. ZyXEL NWA-3160 Series User’s Guide Chapter 23 System Information and Diagnosis 1.
Page 228: Table 87 Menu 24.4 System Maintenance Menu: Diagnostic
Release the IP address assigned by the DHCP server. Get a new IP address from the DHCP server. Reboot the ZyXEL Device. If you typed “1” to Ping Host, now type the address of the computer you want to ping. ZyXEL NWA-3160 Series User’s Guide...
Page 229: Firmware And Configuration File Maintenance
If your [T]FTP client does not allow you to have a destination filename different than the source, you will need to rename them as the ZyXEL Device only recognizes “rom-0” and “ras”. Be sure you keep unaltered copies of both files for later use. ZyXEL NWA-3160 Series User’s Guide Maintenance...
Page 230: Backup Configuration
ROM file system, including your ZyXEL Device configurations, system-related data (including the default password), the error log and the trace log. *.bin This is the generic name for the ZyNOS firmware on the ZyXEL Device. ZyXEL NWA-3160 Series User’s Guide...
Page 231: Backup Configuration Using Tftp
(default) when the file transfer is complete. 4 Launch the TFTP client on your computer and connect to the ZyXEL Device. Set the transfer mode to binary before starting data transfer. ZyXEL NWA-3160 Series User’s Guide Chapter 24 Firmware and Configuration File Maintenance...
Page 232: Example: Tftp Command
(*.rom extension) on your computer. This is the filename on the ZyXEL Device. The filename for the firmware is “ras” and for the configuration file, is “rom-0”. Transfer the file in binary mode. Stop transfer of the file. ZyXEL NWA-3160 Series User’s Guide...
Page 233: Tftp File Upload
5 Use the TFTP client (see the example below) to transfer files between the ZyXEL Device and the computer. The file name for the firmware is “ras” and the configuration file is “rom-0” (rom-zero, not capital o). ZyXEL NWA-3160 Series User’s Guide Chapter 24 Firmware and Configuration File Maintenance...
Page 234: Example: Tftp Command
(firmware.bin – name of the firmware on the computer) to the file destination on the remote host (ras - name of the firmware on the ZyXEL Device). Commands that you may see in third party TFTP clients are listed earlier in this chapter. ZyXEL NWA-3160 Series User’s Guide...
Page 235: System Maintenance And Information
Type “exit” to return to the SMT main menu when finished. Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable. Figure 163 Menu 24 System Maintenance ZyXEL NWA-3160 Series User’s Guide Information Menu 24 - System Maintenance System Status...
Page 236: Command Syntax
Chapter 25 System Maintenance and Information Figure 164 Valid CI Commands Copyright (c) 1994 - 2007 ZyXEL Communications Corp. NWA-3160> help or ? Valid commands are: radius rogueAP NWA-3160> 25.1.1 Command Syntax • The command keywords are in courier new font.
Page 237: Time And Date Setting
Time Protocol Time Server Address Current Time New Time Current Date New Date ZyXEL NWA-3160 Series User’s Guide Chapter 25 System Maintenance and Information Jan. - 1st Jan. - 1st Press ENTER to Confirm or ESC to Cancel: DESCRIPTION Enter the time service protocol that your time server sends when you turn on the ZyXEL Device.
Page 238: Resetting The Time
Union you would select Oct., Last, Sun. The time you type in the hr field depends on your time zone. In Germany for instance, you would type 02 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). ZyXEL NWA-3160 Series User’s Guide...
Page 239: Ftp
If you enable remote management of a service, but have applied a filter to block the service, then you will not be able to remotely manage the service. Enter “11” from menu 24, to display Menu 24.11 - Remote Management Control (shown next) ZyXEL NWA-3160 Series User’s Guide Chapter 25 System Maintenance and Information...
Page 240: Figure 167 Menu 24.11 Remote Management Control
Select Yes by pressing [SPACE BAR]. The internal RADIUS server uses one of the certificates listed in the My Certificates screen to authenticate each wireless client. The exact certificate used depends on the certificate information configured on the wireless client. ZyXEL NWA-3160 Series User’s Guide Chapter 2 Chapter...
Page 241: Remote Management Limitations
ZyXEL Device will automatically log you out if you do nothing in this timeout period, except when it is continuously updating the status in menu 24.1 or when sys stdio has been changed on the command line. ZyXEL NWA-3160 Series User’s Guide Chapter 25 System Maintenance and Information...
Page 242 Chapter 25 System Maintenance and Information ZyXEL NWA-3160 Series User’s Guide...
Page 243: Troubleshooting
3 Inspect your cables for damage. Contact the vendor to replace any damaged cables. 4 Disconnect and re-connect the power adaptor to the ZyXEL Device. 5 If the problem continues, contact the vendor. ZyXEL NWA-3160 Series User’s Guide Troubleshooting Section 1.6 on page...
Page 244: Zyxel Device Access And Login
6 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. (Section 10.3 on page I forgot the IP address for the ZyXEL Device. Section 1.6 on page Section 26.1 on page 243. ZyXEL NWA-3160 Series User’s Guide Section 2.2 Section 2.2 134), use the new IP address.
Page 245 See the troubleshooting suggestions for configurator. Ignore the suggestions about your browser. ZyXEL NWA-3160 Series User’s Guide Chapter 26 Troubleshooting I cannot see or access the Login screen in the web I cannot see or access the Login screen in the web...
Page 246: Internet Access
• Check the settings for QoS. If it is disabled, you might consider activating it. If it is enabled, you might consider raising or lowering the priority for some applications. Section 26.1 on page 243. Section 1.6 on page ZyXEL NWA-3160 Series User’s Guide Section 1.6...
Page 247: Wireless Router/Ap Troubleshooting
6 Make sure traffic between the WLAN and the LAN is not blocked by the firewall on the ZyXEL Device. 7 Make sure you allow the ZyXEL Device to be remotely accessed through the WLAN interface. Check your remote management settings. ZyXEL NWA-3160 Series User’s Guide Chapter 26 Troubleshooting...
Page 248 Chapter 26 Troubleshooting ZyXEL NWA-3160 Series User’s Guide...
Page 249: Appendices And Index
Appendices and Index Product Specifications (251) Power over Ethernet (PoE) Specifications (259) Power Adaptor Specifications (261) Setting up Your Computer’s IP Address (263) Wireless LANs (269) Pop-up Windows, JavaScripts and Java Permissions (283) IP Addresses and Subnetting (289) Text File Based Auto Configuration (297) Legal Information (305) Customer Support (309) Index (315)
Page 251: Appendix A Product Specifications
Console Port Antenna Specifications Output Power Operating Environment Storage Environment ZyXEL NWA-3160 Series User’s Guide DESCRIPTION 190x 135 x 40 mm 420g 12V DC, 1.5 A max. (There is no tolerance for the DC input voltage.) Auto-negotiating: 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode.
Page 252: Table 95 Firmware Specifications
The ZyXEL Device can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. Certificates provide a way to exchange public keys for use in authentication. ZyXEL NWA-3160 Series User’s Guide 254.
Page 253 3 Do not insert the screws all the way into the wall. Leave a small gap of about 0.5 cm between the heads of the screws and the wall. ZyXEL NWA-3160 Series User’s Guide Appendix A Product Specifications SSL (Secure Sockets Layer) uses a public key to encrypt data that's transmitted over an SSL connection.
Page 254: Figure 168 Wall-Mounting Example
ZyXEL Device on the screws. Figure 168 Wall-mounting Example The following are dimensions of an M4 tap screw and masonry plug used for wall mounting. All measurements are in millimeters (mm). Figure 169 Masonry Plug and M4 Tap Screw ZyXEL NWA-3160 Series User’s Guide...
Page 255: Table 96 North American Plug Standards
You can use a power over Ethernet injector to power this device. The injector must comply to IEEE 802.3af. Table 100 Power over Ethernet Injector Specifications Power Output Power Current ZyXEL NWA-3160 Series User’s Guide Appendix A Product Specifications ADS6818-1812-W 1215 100~240 Volts AC, 50~60 Hz, 0.5 A 12 Volts DC, 1.5A, 18W 6 W Max UL, CUL (UL60950 Third Edition, CSA C22.2 No.
Page 256: Table 101 Power Over Ethernet Injector Rj-45 Port Pin Assignments
PIN NO 1 2 3 4 5 6 7 8 RJ-45 SIGNAL ASSIGNMENT Output Transmit Data + Output Transmit Data - Receive Data + Power + Power + Receive Data - Power - Power - ZyXEL NWA-3160 Series User’s Guide...
Page 257: Appendix B Setting Up Your Computer's Ip Address
IP addresses that place them in the same subnet as the ZyXEL Device’s LAN port. Windows 95/98/Me Click Start, Settings, Control Panel and double-click the Network icon to open the Network window ZyXEL NWA-3160 Series User’s Guide Address...
Page 258: Figure 170 Windows 95/98/Me: Network: Configuration
2 Select Client and then click Add. 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. ZyXEL NWA-3160 Series User’s Guide...
Page 259: Figure 171 Windows 95/98/Me: Tcp/Ip Properties: Ip Address
• If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in). ZyXEL NWA-3160 Series User’s Guide Appendix B Setting up Your Computer’s IP Address...
Page 260: Figure 172 Windows 95/98/Me: Tcp/Ip Properties: Dns Configuration
3 Select your network adapter. You should see your computer's IP address, subnet mask and default gateway. Windows 2000/NT/XP 1 For Windows XP, click start, Control Panel. In Windows 2000/NT, click Start, Settings, Control Panel. ZyXEL NWA-3160 Series User’s Guide...
Page 261: Figure 173 Windows Xp: Start Menu
2 For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Figure 174 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. ZyXEL NWA-3160 Series User’s Guide Appendix B Setting up Your Computer’s IP Address...
Page 262: Figure 175 Windows Xp: Control Panel: Network Connections: Properties
• If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. Click Advanced. ZyXEL NWA-3160 Series User’s Guide...
Page 263: Figure 177 Windows Xp: Advanced Tcp/Ip Settings
• If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. ZyXEL NWA-3160 Series User’s Guide Appendix B Setting up Your Computer’s IP Address...
Page 264: Figure 178 Windows Xp: Internet Protocol (Tcp/Ip) Properties
Network Connections, right-click a network connection, click Status and then click the Support tab. Macintosh OS 8/9 1 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. ZyXEL NWA-3160 Series User’s Guide...
Page 265: Figure 179 Macintosh Os 8/9: Apple Menu
3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: • From the Configure box, select Manually. ZyXEL NWA-3160 Series User’s Guide Appendix B Setting up Your Computer’s IP Address...
Page 266: Figure 181 Macintosh Os X: Apple Menu
2 Click Network in the icon bar. • Select Automatic from the Location list. • Select Built-in Ethernet from the Show list. • Click the TCP/IP tab. 3 For dynamically assigned settings, select Using DHCP from the Configure list. ZyXEL NWA-3160 Series User’s Guide...
Page 267: Figure 182 Macintosh Os X: Network
5 Click Apply Now and close the window. 6 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the Network window. ZyXEL NWA-3160 Series User’s Guide Appendix B Setting up Your Computer’s IP Address...
Page 268 Appendix B Setting up Your Computer’s IP Address ZyXEL NWA-3160 Series User’s Guide...
Page 269: Appendix C Wireless Lans
A and B can access the wired network and communicate with each other. When Intra-BSS is disabled, wireless client A and B can still access the wired network but cannot communicate with each other. ZyXEL NWA-3160 Series User’s Guide Wireless LANs...
Page 270: Figure 184 Basic Service Set
An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless clients within the same ESS must have the same ESSID in order to communicate. ZyXEL NWA-3160 Series User’s Guide...
Page 271: Figure 185 Infrastructure Wlan
(AP) or wireless gateway, but out-of-range of each other, so they cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other. ZyXEL NWA-3160 Series User’s Guide Appendix C Wireless LANs...
Page 272: Figure 186 Rts/Cts
AP will fragment the packet into smaller data frames. A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. ZyXEL NWA-3160 Series User’s Guide...
Page 273: Table 102 Ieee 802.11G
Wireless Security Overview Wireless security is vital to your network to protect wireless communication between wireless clients, access points and the wired network. ZyXEL NWA-3160 Series User’s Guide MODULATION DBPSK (Differential Binary Phase Shift Keyed) DQPSK (Differential Quadrature Phase Shift Keying)
Page 274: Table 103 Wireless Security Levels
RADIUS is based on a client-server model that supports authentication, authorization and accounting. The access point is the client and the server is the RADIUS server. The RADIUS server handles the following tasks: • Authentication Determines the identity of the users. • Authorization ZyXEL NWA-3160 Series User’s Guide...
Page 275: Types Of Radius Messages
EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication. The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that supports IEEE 802.1x. . ZyXEL NWA-3160 Series User’s Guide Appendix C Wireless LANs...
Page 276 However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco. LEAP LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x. ZyXEL NWA-3160 Series User’s Guide...
Page 277: Table 104 Comparison Of Eap Authentication Types
RADIUS server or not. Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure than WPA or WPA2. ZyXEL NWA-3160 Series User’s Guide EAP-MD5 EAP-TLS...
Page 278 AP and does not need to go with the authentication process again. Pre-authentication enables fast roaming by allowing the wireless client (already connecting to an AP) to perform IEEE 802.1x authentication with another AP before connecting to it. ZyXEL NWA-3160 Series User’s Guide...
Page 279: Figure 187 Wpa(2) With Radius Application Example
2 The AP checks each wireless client's password and (only) allows it to join the network if the password matches. 3 The AP and wireless clients use the pre-shared key to generate a common PMK (Pairwise Master Key). ZyXEL NWA-3160 Series User’s Guide Appendix C Wireless LANs...
Page 280: Figure 188 Wpa(2)-Psk Authentication
Enable without Dynamic WEP Key Enable with Dynamic WEP Key Enable without Dynamic WEP Key Disable Enable with Dynamic WEP Key Enable without Dynamic WEP Key Disable TKIP/AES Enable TKIP/AES Disable TKIP/AES Enable TKIP/AES Disable ZyXEL NWA-3160 Series User’s Guide...
Page 281: Antenna Characteristics
In general, antennas should be mounted as high as practically possible and free of obstructions. In point-to–point application, position both antennas at the same height and in a direct line of sight to each other to attain the best performance. ZyXEL NWA-3160 Series User’s Guide Appendix C Wireless LANs...
Page 282 For a single AP application, place omni-directional antennas as close to the center of the coverage area as possible. For directional antennas, point the antenna in the direction of the desired coverage area. ZyXEL NWA-3160 Series User’s Guide...
Page 283: Appendix D Pop-Up Windows, Javascripts And Java Permissions
1 In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker. Figure 189 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. 1 In Internet Explorer, select Tools, Internet Options, Privacy. ZyXEL NWA-3160 Series User’s Guide...
Page 284: Figure 190 Internet Options: Privacy
Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen. ZyXEL NWA-3160 Series User’s Guide...
Page 285: Figure 191 Internet Options: Privacy
3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 192 Pop-up Blocker Settings ZyXEL NWA-3160 Series User’s Guide Appendix D Pop-up Windows, JavaScripts and Java Permissions...
Page 286: Figure 193 Internet Options: Security
3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window. ZyXEL NWA-3160 Series User’s Guide...
Page 287: Figure 194 Security Settings - Java Scripting
3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window. Figure 195 Security Settings - Java ZyXEL NWA-3160 Series User’s Guide Appendix D Pop-up Windows, JavaScripts and Java Permissions...
Page 288: Figure 196 Java (Sun)
1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Figure 196 Java (Sun) ZyXEL NWA-3160 Series User’s Guide...
Page 289: Appendix E Ip Addresses And Subnetting
Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal. The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. ZyXEL NWA-3160 Series User’s Guide...
Page 290: Figure 197 Network Number And Host Id
For example, an “8-bit mask” means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes. 1ST OCTET: OCTET: OCTET: (192) (168) 11000000 10101000 00000001 11111111 11111111 11111111 11000000 10101000 00000001 ZyXEL NWA-3160 Series User’s Guide 4TH OCTET 00000010 00000000 00000010...
Page 291: Table 107 Subnet Masks
The following table shows some possible subnet masks using both notations. Table 109 Alternative Subnet Mask Notation ALTERNATIVE SUBNET MASK NOTATION 255.255.255.0 255.255.255.128 ZyXEL NWA-3160 Series User’s Guide Appendix E IP Addresses and Subnetting 4TH OCTET OCTET OCTET 00000000 00000000...
Page 292: Figure 198 Subnetting Example: Before Subnetting
The following figure shows the company network after subnetting. There are now two sub- networks, A and B. ALTERNATIVE LAST OCTET NOTATION (BINARY) 1100 0000 1110 0000 1111 0000 1111 1000 1111 1100 LAST OCTET (DECIMAL) ZyXEL NWA-3160 Series User’s Guide...
Page 293: Figure 199 Subnetting Example: After Subnetting
IP Address (Binary) Subnet Mask (Binary) Subnet Address: 192.168.1.0 Broadcast Address: 192.168.1.63 ZyXEL NWA-3160 Series User’s Guide Appendix E IP Addresses and Subnetting - 2 or 62 hosts for each subnet (a host ID of all NETWORK NUMBER 192.168.1. 11000000.10101000.00000001.
Page 294: Table 111 Subnet 2
Highest Host ID: 192.168.1.190 NETWORK NUMBER 192.168.1. 11000000.10101000.00000001. 11111111.11111111.11111111. Lowest Host ID: 192.168.1.193 Highest Host ID: 192.168.1.254 LAST FIRST ADDRESS ADDRESS ZyXEL NWA-3160 Series User’s Guide LAST OCTET BIT VALUE 01000000 11000000 LAST OCTET BIT VALUE 10000000 11000000 LAST OCTET BIT...
Page 295: Table 115 24-Bit Network Number Subnet Planning
The following table is a summary for subnet planning on a network with a 16-bit network number. Table 116 16-bit Network Number Subnet Planning NO. “BORROWED” HOST BITS ZyXEL NWA-3160 Series User’s Guide Appendix E IP Addresses and Subnetting LAST FIRST ADDRESS ADDRESS SUBNET MASK NO.
Page 296: Private Ip Addresses
For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space. SUBNET MASK NO. SUBNETS 255.255.255.252 (/30) 16384 255.255.255.254 (/31) 32768 ZyXEL NWA-3160 Series User’s Guide NO. HOSTS PER SUBNET...
Page 297: Appendix F Text File Based Auto Configuration
You can have a different configuration file for each AP. You can also have multiple APs use the same configuration file. ZyXEL NWA-3160 Series User’s Guide Text File Based Auto Configuration...
Page 298: Table 117 Auto Configuration By Dhcp
Specify the TFTP server IP address and file name from which the AP is to download a configuration file whenever the AP starts up. VALUE Set the IP address of the TFTP server. Set the file name, for example, g3000hcfg.txt. ZyXEL NWA-3160 Series User’s Guide...
Page 299: Figure 201 Configuration File Format
ZyNOS commands but continues to check the next command. The AP ignores any improperly formatted commands and continues to check the next line. ZyXEL NWA-3160 Series User’s Guide Appendix F Text File Based Auto Configuration VALUE Set to 3 (text configuration file).
Page 300: Figure 202 Wep Configuration File Example
1 name ssid-wep wcfg ssid 1 security Test-wep wcfg ssid 1 l2iolation disable wcfg ssid 1 macfilter disable wcfg ssid save OBJECT ID DESCRIPTION 1.3.6.1.4.1.890.1.9.1.9 Auto configuration status message string command to configure security and SSID wcfg ZyXEL NWA-3160 Series User’s Guide...
Page 301: Figure 203 802.1X Configuration File Example
3 name ssid-wpapsk wcfg ssid 3 security Test-wpapsk wcfg ssid 3 qos 4 wcfg ssid 3 l2siolation disable wcfg ssid 3 macfilter disable wcfg ssid save ZyXEL NWA-3160 Series User’s Guide Appendix F Text File Based Auto Configuration 8021x-static128...
Page 302: Figure 205 Wpa Configuration File Example
SSID profiles before the commands that tell the AP to use those profiles. command to configure the AP to use the wlan command configuration file examples and general wcfg ZyXEL NWA-3160 Series User’s Guide...
Page 303: Figure 206 Wlan Configuration File Example
!change operating mode -> MBSSID mode, !then select ssid-wpapsk, ssid-wpa2psk as running WLAN profiles wlan opmode 3 wlan ssidprofile ssid-wpapsk ssid-wpa2psk ! set output power level to 50% wlan output power 2 ZyXEL NWA-3160 Series User’s Guide...
Page 304 Appendix F Text File Based Auto Configuration ZyXEL NWA-3160 Series User’s Guide...
Page 306 This device has been designed for the WLAN 2.4 GHz and 5 GHz networks throughout the EC region and Switzerland, with restrictions in France. This Class B digital apparatus complies with Canadian ICES-003. Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada. ZyXEL NWA-3160 Series User’s Guide...
Page 307: Zyxel Limited Warranty
Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products. ZyXEL NWA-3160 Series User’s Guide Appendix G Legal Information...
Page 308 Appendix G Legal Information ZyXEL NWA-3160 Series User’s Guide...
Page 309: Appendix H Customer Support
• Sales E-mail: sales@zyxel.com.tw • Telephone: +886-3-578-3942 • Fax: +886-3-578-2439 • Web: www.zyxel.com, www.europe.zyxel.com • FTP: ftp.zyxel.com, ftp.europe.zyxel.com • Regular Mail: ZyXEL Communications Corp., 6 Innovation Road II, Science Park, Hsinchu 300, Taiwan Costa Rica • Support E-mail: soporte@zyxel.co.cr • Sales E-mail: sales@zyxel.co.cr •...
Page 310 Appendix H Customer Support • Regular Mail: ZyXEL Communications, Czech s.r.o., Modranská 621, 143 01 Praha 4 - Modrany, Ceská Republika Denmark • Support E-mail: support@zyxel.dk • Sales E-mail: sales@zyxel.dk • Telephone: +45-39-55-07-00 • Fax: +45-39-55-07-07 • Web: www.zyxel.dk • Regular Mail: ZyXEL Communications A/S, Columbusvej, 2860 Soeborg, Denmark Finland •...
Page 311 Puchong Jaya, 47100 Puchong, Selangor Darul Ehsan, Malaysia North America • Support E-mail: support@zyxel.com • Sales E-mail: sales@zyxel.com • Telephone: +1-800-255-4101, +1-714-632-0882 • Fax: +1-714-632-0858 • Web: www.us.zyxel.com • FTP: ftp.us.zyxel.com ZyXEL NWA-3160 Series User’s Guide Appendix H Customer Support...
Page 312 Appendix H Customer Support • Regular Mail: ZyXEL Communications Inc., 1130 N. Miller St., Anaheim, CA 92806- 2001, U.S.A. Norway • Support E-mail: support@zyxel.no • Sales E-mail: sales@zyxel.no • Telephone: +47-22-80-61-80 • Fax: +47-22-80-61-81 • Web: www.zyxel.no • Regular Mail: ZyXEL Communications A/S, Nils Hansens vei 13, 0667 Oslo, Norway Poland •...
Page 313 • Telephone: +44-1344-303044, 08707-555779 (UK only) • Fax: +44-1344-303034 • Web: www.zyxel.co.uk • FTP: ftp.zyxel.co.uk • Regular Mail: ZyXEL Communications UK Ltd., 11 The Courtyard, Eastern Road, Bracknell, Berkshire RG12 2XB, United Kingdom (UK) ZyXEL NWA-3160 Series User’s Guide Appendix H Customer Support...
Page 314 Appendix H Customer Support ZyXEL NWA-3160 Series User’s Guide...
Page 315: Index
Basic Service Set see BSS bridge 34, 35 Bridge Protocol Data Units (BPDUs) Bridge/Repeater 33, 34 36, 83, 269 BSSID ZyXEL NWA-3160 Series User’s Guide Certificate Authority See CA. certificates thumbprint algorithms thumbprints verifying fingerprints certifications notices viewing channel...
Page 316 Internet security gateway Internet telephony IP address IPSec VPN capability isolation layer-2 isolation LEDs link type log and trace log descriptions login screen logs MAC address 133, 134, 218, 226, 228, 252 33, 37 33, 128 ZyXEL NWA-3160 Series User’s Guide...
Page 317 Pairwise Master Key (PMK) 278, 279 password 78, 210, 211, 219, 252 path cost Per-Hop Behavior PHB (Per-Hop Behavior) ping ZyXEL NWA-3160 Series User’s Guide power specification power specifications preamble mode pre-configured profiles priorities prioritization private IP address product registration...
Page 318 Type of Service user authentication Virtual Local Area Network VLAN VoIP 33, 37, 121 VoIP SSID VT100 warranty note wcfg command 34, 36, 92 238, 239 253, 297 ZyXEL NWA-3160 Series User’s Guide...
Page 319 WPA with RADIUS application WPA2 33, 277 user authentication vs WPA2-PSK wireless client supplicant with RADIUS application example WPA2-Pre-Shared Key WPA2-PSK 277, 278 application example WPA-PSK 277, 278 application example ZyNOS ZyNOS F/W version ZyXEL NWA-3160 Series User’s Guide Index...
Page 320 Index ZyXEL NWA-3160 Series User’s Guide...

This manual is also suitable for:

Nwa-3163 Nwa-3165

ZyXEL Communications NWA-3160 Series User Manual

Chapter 1 Introducing the Zyxel Device

Chapter 2 Introducing the Web Configurator

Chapter 3 Status Screens

Chapter 4 Tutorial

Chapter 5 System Screens

Chapter 6 Wireless Configuration

Chapter 7 Wireless Security Configuration

Chapter 8 MBSSID and SSID

Chapter 9 Other Wireless Configuration

Chapter 10 IP Screen

Chapter 11 Rogue AP

Chapter 12 Remote Management Screens

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications NWA-3160 Series

Summary of Contents for ZyXEL Communications NWA-3160 Series