ZyXEL Communications ZyXEL ZyAIR B-1000 User Manual
ZyXEL Communications ZyXEL ZyAIR B-1000 User Manual

ZyXEL Communications ZyXEL ZyAIR B-1000 User Manual

Access point series
Hide thumbs Also See for ZyXEL ZyAIR B-1000:
Table of Contents

Advertisement

ZyAIR
Access Point Series
User's Guide
Version 3.50
October 2003

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the ZyXEL ZyAIR B-1000 and is the answer not in the manual?

Questions and answers

Summary of Contents for ZyXEL Communications ZyXEL ZyAIR B-1000

  • Page 1 ZyAIR Access Point Series User's Guide Version 3.50 October 2003...
  • Page 2 Trademarks ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
  • Page 3: Federal Communications Commission (Fcc) Interference Statement

    Federal Communications Commission This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.
  • Page 4: Safety Warnings

    ZyAIR Access Point Series User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or...
  • Page 5: Customer Support

    +45-3955-0700 www.zyxel.dk +45-3955-0707 ftp.zyxel.dk +49-2405-6909-0 www.zyxel.de +49-2405-6909-99 REGULAR MAIL ZyXEL Communications Corp., 6 Innovation Road II, Science- Based Industrial Park, Hsinchu 300, Taiwan. ZyXEL Communications A/S, Columbusvej 5, 2860 Soeborg, Denmark. ZyXEL Deutschland GmbH. Adenauerstr. 20/A2 D-52146 Wuerselen, Germany...
  • Page 6: Table Of Contents

    Copyright... ii Federal Communications Commission (FCC) Interference Statement...iii ZyXEL Limited Warranty ... iv Customer Support... v List of Figures ... xi List of Tables ... xv Preface ... xvii OVERVIEW...I Chapter 1 Getting to Know Your ZyAIR...1-1 Introducing the ZyAIR Access Point Series ...1-1 ZyAIR Features...1-1 Applications for the ZyAIR ...1-6 1.3.1...
  • Page 7 5.1.2 BSS...5-1 5.1.3 ESS...5-2 Wireless LAN Basics ...5-3 5.2.1 RTS/CTS ...5-3 5.2.2 Fragmentation Threshold ...5-4 Configuring Wireless ...5-5 Configuring Bridge ...5-7 Configuring Roaming...5-10 5.5.1 Requirements for Roaming ...5-11 Chapter 6 Wireless Security ...6-1 Wireless Security Overview...6-1 WEP Overview...6-1 6.2.1 Data Encryption ...6-1 6.2.2 Authentication ...6-2 Configuring WEP Encryption ...6-3...
  • Page 8 Configuring IP ...8-2 LOGS ...III Chapter 9 Logs Screens ...9-1 Configuring View Log...9-1 Configuring Log Settings...9-2 MAINTENANCE...IV Chapter 10 Maintenance ...10-1 10.1 Maintenance Overview ...10-1 10.2 System Status Screen ...10-1 10.2.1 System Statistics ...10-2 10.3 Wireless Screen...10-3 10.3.1 Association List ...10-3 10.3.2 Channel Usage ...10-4 10.4 F/W Upload Screen...10-7...
  • Page 9 16.1 About SNMP...16-1 16.2 Supported MIBs ...16-2 16.3 SNMP Configuration ...16-2 16.4 SNMP Traps...16-3 Chapter 17 System Security ...17-1 17.1 System Security...17-1 17.1.1 System Password...17-1 17.1.2 Configuring External RADIUS Server...17-1 17.1.3 802.1x...17-3 Chapter 18 System Information and Diagnosis...18-1 18.1 System Status ...18-1 18.2 System Information...18-3 18.2.1 System Information ...18-3...
  • Page 10 ZyAIR Access Point Series User’s Guide Appendix F Types of EAP Authentication ... F-1 Appendix G Power over Ethernet Specifications ...G-1 Appendix H Antenna Selection and Positioning Recommendation...H-1 Appendix I PPPoE ... I-1 Appendix J PPTP...J-1 Appendix K IP Subnetting ...K-1 Appendix L Command Interpreter ...
  • Page 11: List Of Figures

    ZyAIR Access Point Series User’s Guide List of Figures Figure 1-1 PoE Installation Example ... 1-3 Figure 1-2 WDS Functionality Example... 1-5 Figure 1-3 Internet Access Application... 1-7 Figure 1-4 Corporation Network Application ... 1-7 Figure 2-1 Change Password Screen... 2-1 Figure 2-2 The MAIN MENU Screen of the Web Configurator...
  • Page 12 ZyAIR Access Point Series User’s Guide Figure 9-2 Log Settings ...9-3 Figure 10-1 System Status ...10-1 Figure 10-2 System Status: Show Statistics...10-2 Figure 10-3 Association List...10-4 Figure 10-4 Channel Usage (ZyAIR B-1000)...10-5 Figure 10-5 Channel Usage ...10-6 Figure 10-6 Firmware Upload ...10-7 Figure 10-7 Firmware Upload In Process ...10-8 Figure 10-8 Network Temporarily Disconnected...10-8 Figure 10-9 Firmware Upload Error ...10-9...
  • Page 13 ZyAIR Access Point Series User’s Guide Figure 17-3 Menu 23.2 System Security : RADIUS Server ... 17-2 Figure 17-4 Menu 23 System Security... 17-3 Figure 17-5 Menu 23.4 System Security : IEEE802.1x ... 17-4 Figure 18-1 Menu 24 System Maintenance ... 18-1 Figure 18-2 Menu 24.1 System Maintenance : Status...
  • Page 15: List Of Tables

    ZyAIR Access Point Series User’s Guide List of Tables Table 1-1 Model Specific Features... 1-1 Table 3-1 Wizard 1 : General Setup ... 3-3 Table 3-2 Wizard 2 : Wireless LAN Setup ... 3-4 Table 3-3 Private IP Address Ranges ... 3-5 Table 3-4 Wizard 3 : IP Address Assignment ...
  • Page 16 ZyAIR Access Point Series User’s Guide Table 13-6 Menu 3.5.3.1 ESS x Configuration...13-10 Table 13-7 Menu 3.5.4 Bridge Link Configuration ...13-12 Table 14-1 Menu 14.1- Edit Dial-in User ...14-2 Table 15-1 Menu 16 VLAN Setup...15-1 Table 16-1 Menu 22 SNMP Configuration ...16-3 Table 16-2 SNMP Traps...16-4 Table 16-3 Ports and Interface Types...16-4 Table 17-1 Menu 23.2 System Security : RADIUS Server...17-2...
  • Page 17: Preface

    Congratulations on your purchase from the ZyAIR Access Point (AP) series. An AP acts as a bridge between the wireless and wired networks, extending your existing wired network without any additional wiring. Some features are not available in every model. Refer to the Model Specific Features table in Chapter 1 of this user’s guide to see what features are specific to This User’s Guide is designed to guide you through the configuration of your ZyAIR using the web configurator or the SMT.
  • Page 18 Help us help you. E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you.
  • Page 19: Overview

    Overview OVERVIEW This part introduces the main features and applications of ZyAIR and shows how to access the web configurator and use the Wizard to configure for Internet Access.
  • Page 21: Chapter 1 Getting To Know Your Zyair

    Introducing the ZyAIR Access Point Series The ZyAIR Access Point extends the range of your existing wired network without any additional wiring efforts. The ZyAIR provides easy network access to mobile users. The ZyAIR offers highly secured wireless connectivity to your wired network with IEEE 802.1x, WEP data encryption and MAC address filtering. The ZyAIR is easy to install and configure.
  • Page 22: Reset Button

    FEATURES Power over Ethernet Bridge/Repeater AP & WDS (Wireless Distribution System) Support Concurrently Table Key: An “O” in a model’s column shows that the model has the specified feature. A number specific to an individual model may alternately be displayed. The information in this table was correct at the time of writing, although it may be subject to change.
  • Page 23: Power Over Ethernet (Poe)

    Bridge/Repeater A Bridge/Repeater link LED turns steady on green when your ZyAIR acts as a bridge, establishing a wireless link to another AP. It turns steady on orange when your ZyAIR acts as a repeater, establishing wireless links to two or more APs. Power over Ethernet (PoE) Power over Ethernet (PoE) is the ability to provide power to your ZyAIR via an 8-pin CAT 5 Ethernet cable, eliminating the need for a nearby power source.
  • Page 24: Limit The Number Of Client Connections

    ZyAIR Access Point Series User’s Guide The ZyAIR may be prone to RF (Radio Frequency) interference from other 2.4 GHz devices such as microwave ovens, wireless phones, Bluetooth enabled devices, and other wireless LANs. Output Power Management Output Power Management is the ability to set the level of output power. There may be interference or difficulty with channel assignment when there is a high density of APs within a coverage area.
  • Page 25: Figure 1-2 Wds Functionality Example

    ZyAIR Access Point Series User’s Guide Wireless LAN MAC Address Filtering Your ZyAIR checks the MAC address of the wireless station against a list of allowed or denied MAC addresses. IEEE 802.1x Network Security The ZyAIR supports the IEEE 802.1x standard to enhance user authentication. Use the built-in user profile database to authenticate up to 32 users using MD5 encryption.
  • Page 26: Applications For The Zyair

    (System Management Terminal) interface. The SMT is a menu-driven interface that you can access from a terminal emulator over a telnet connection. Logging and Tracing ♦ Built-in message logging and packet tracing. ♦ Unix syslog facility support. Embedded FTP and TFTP Servers The ZyAIR’s embedded FTP and TFTP servers enable fast firmware upgrades as well as configuration file backups and restoration.
  • Page 27: Corporation Network Application

    ZyAIR Access Point Series User’s Guide Figure 1-3 Internet Access Application 1.3.2 Corporation Network Application In situations where users are always on the move in the coverage area but still need access to corporate network access, the ZyAIR is an ideal solution for wireless stations to connect to the corporate network without expensive network cabling.
  • Page 29: Chapter 2 Introducing The Web Configurator

    Introducing the Web Configurator This chapter describes how to access the ZyAIR web configurator and provides an overview of its Accessing the ZyAIR Web Configurator Step 1. Make sure your ZyAIR hardware is properly connected (refer to the Quick Installation Guide). Step 2.
  • Page 30: Resetting The Zyair

    The ZyAIR automatically times out after five minutes of inactivity. Simply log back Resetting the ZyAIR If you forget your password or cannot access the ZyAIR, you will need to reload the factory-default configuration file or use the RESET button on the top panel of the ZyAIR. Uploading this configuration file replaces the current configuration file with the factory-default configuration file.
  • Page 31: Navigating The Zyair Web Configurator

    Navigating the ZyAIR Web Configurator We use the ZyAIR B-3000 web configurator in this guide as an example. The web configurator screens for your model may vary slightly for different ZyAIR models. The following summarizes how to navigate the web configurator from the MAIN MENU screen. Follow the instructions you see in the MAIN MENU screen or click the (located in the top right corner of most screens) to view online help.
  • Page 33: Chapter 3 Wizard Setup

    ZyAIR Access Point Series User’s Guide Chapter 3 Wizard Setup This chapter provides information on the Wizard Setup screens in the web configurator. Wizard Setup Overview The web configurator’s setup wizard helps you configure your ZyAIR for wireless stations to access your wired LAN.
  • Page 34: Wizard Setup: General Setup

    ZyAIR Access Point Series User’s Guide Wizard Setup: General Setup General Setup contains administrative and system-related information. Figure 3-1 Wizard 1 : General Setup The following table describes the labels in this screen. Wizard Setup...
  • Page 35: Wizard Setup: Wireless Lan

    LABEL System Name It is recommended you type your computer's "Computer name". In Windows 95/98 click Start, Settings, Control Panel, Network. Click the Identification tab, note the entry for the Computer Name field and enter it as the System Name. In Windows 2000, click Start, Settings, Control Panel and then double-click System.
  • Page 36: Figure 3-2 Wizard 2 : Wireless Lan Setup

    The following table describes the labels in this screen. LABEL Wireless LAN Setup ESSID Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN. If you change this field on the ZyAIR, make sure all wireless stations use the same ESSID in order to access the network.
  • Page 37: Wizard Setup: Ip Address

    Table 3-2 Wizard 2 : Wireless LAN Setup LABEL WEP Encryption Select Disable allows all wireless computers to communicate with the access points without any data encryption. Select 64-bit WEP or 128-bit WEP to allow data encryption. ASCII Select this option in order to enter ASCII characters as the WEP keys. Select this option to enter hexadecimal characters as the WEP keys.
  • Page 38: Ip Address And Subnet Mask

    ZyAIR Access Point Series User’s Guide You can obtain your IP address from the IANA, from an ISP or have it assigned by a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks.
  • Page 39: Figure 3-3 Wizard 3 : Ip Address Assignment

    Figure 3-3 Wizard 3 : IP Address Assignment The following table describes the labels in this screen. Table 3-4 Wizard 3 : IP Address Assignment LABEL IP Address Assignment Get automatically Select this option if your ZyAIR is using a dynamically assigned IP address from a DHCP server each time.
  • Page 40: Basic Setup Complete

    Table 3-4 Wizard 3 : IP Address Assignment LABEL Gateway IP Address Type the IP address of the gateway. The gateway is an immediate neighbor of your ZyAIR that will forward the packet to the destination. On the LAN, the gateway must be a router on the same segment as your ZyAIR;...
  • Page 41 ZyAIR Access Point Series User’s Guide Well done! You have successfully set up your ZyAIR to operate on your network and access the Internet. Wizard Setup...
  • Page 43: System, Wireless, Vlan And Ip

    System, Wireless, VLAN and IP Part II: SYSTEM, WIRELESS, VLAN AND IP This part covers the information and web configurator screens of System, Wireless, VLAN and IP.
  • Page 45: Chapter 4 System Screens

    System Overview This section provides information on general system setup. Configuring General Setup Click ADVANCED and then SYSTEM to open the General screen. The following table describes the labels in this screen. System Screens ZyAIR Access Point Series User’s Guide This chapter provides information on the System screens.
  • Page 46: Configuring Password

    LABEL System Name Type a descriptive name to identify the ZyAIR in the Ethernet network. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes "-" and underscores "_" are accepted. Domain Name This is not a required field. Leave this field blank or enter the domain name here if you know it.
  • Page 47: Configuring Time Setting

    The following table describes the labels in this screen. LABEL Old Password Type in your existing system password (1234 is the default password). New Password Type your new system password (up to 31 characters). Note that as you type a password, the screen displays an asterisk (*) for each character you type.
  • Page 48: Figure 4-3 Time Setting

    The following table describes the labels in this screen. LABEL Time Protocol Select the time service protocol that your time server sends when you turn on the ZyAIR. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.
  • Page 49 LABEL Time Server Enter the IP address or the URL of your time server. Check with your ISP/network Address administrator if you are unsure of this information. Current Time This field displays the time of your ZyAIR. (hh:mm:ss) Each time you reload this page, the ZyAIR synchronizes the time with the time server.
  • Page 51: Chapter 5 Wireless Configuration And Roaming

    ZyAIR Access Point Series User’s Guide Chapter 5 Wireless Configuration and Roaming This chapter discusses how to configure Wireless and Roaming screens on the ZyAIR. Some features such as Multiple-ESS are not available on all models. Wireless LAN Overview This section introduces the wireless LAN (WLAN) and some basic scenarios. 5.1.1 IBSS An Independent Basic Service Set (IBSS), also called an Ad-hoc network, is the simplest WLAN configuration.
  • Page 52: Ess

    ZyAIR Access Point Series User’s Guide Figure 5-2 Basic Service set 5.1.3 ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS).
  • Page 53: Wireless Lan Basics

    ZyAIR Access Point Series User’s Guide Figure 5-3 Extended Service Set Wireless LAN Basics Refer also to the Wizard Setup chapter for more background information on Wireless LAN features, such as channels. 5.2.1 RTS/CTS A hidden node occurs when two stations are within range of the same access point, but are not within range of each other.
  • Page 54: Fragmentation Threshold

    ZyAIR Access Point Series User’s Guide Figure 5-4 RTS/CTS When station A sends data to the ZyAIR, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
  • Page 55: Configuring Wireless

    ZyAIR Access Point Series User’s Guide A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.
  • Page 56: Table 5-1 Wireless

    The following table describes the general wireless LAN labels in this screen. LABEL Operating Mode Select the operating mode from the drop-down list. Options are Access Point, Multiple ESS and Bridge. The screen changes when you select Multiple ESS or Bridge in this field. Refer to the Multiple ESS and VLAN chapter for more information on multiple ESS.
  • Page 57: Configuring Bridge

    Configuring Bridge The ZyAIR can function as a wireless network bridge allowing you to wirelessly connect two wired network segments. You need to know the MAC address of the peer device, which also must be in bridge mode. In the example below, Computers B and C will be able to communicate with Computer A through the ZyAIR bridges, forming a Wireless Distribution System (WDS).
  • Page 58: Figure 5-8 Bridge Loop: Bridge Connected To Wired Lan

    ZyAIR Access Point Series User’s Guide Figure 5-8 Bridge Loop: Bridge Connected to Wired LAN To prevent bridge loops, ensure that your ZyAIR is not set to bridge mode while connected to both wired and wireless segments of the same LAN. Click ADVANCED and WIRELESS.
  • Page 59: Figure 5-9 Wireless : Bridge

    The following table describes the bridge labels in this screen. LABEL Operating Mode Select Bridge in this field to display the screen as shown in Figure 5-9. Peer Bridge Type the MAC address of the peer device in a valid MAC address format, that is, six MAC Address hexadecimal character pairs, for example, 12:34:56:78:9a:bc.
  • Page 60: Configuring Roaming

    ZyAIR Access Point Series User’s Guide Configuring Roaming A wireless station is a device with an IEEE 802.11b compliant wireless adapters. An access point (AP) acts as a bridge between the wireless and wired networks. An AP creates its own wireless coverage area. A wireless station can associate with a particular access point only if it is within the access point’s coverage area.
  • Page 61: Requirements For Roaming

    The steps below describe the roaming process. Step 1. As wireless station Y moves from the coverage area of access point AP 1 to that of access point AP 2, it scans and uses the signal of access point AP 2. Step 2.
  • Page 62: Table 5-3 Roaming

    LABEL Active Select Yes from the drop-down list box to enable roaming on the ZyAIR if you have two or more ZyAIRs on the same subnet. All APs on the same subnet and the wireless stations must have the Port # Enter the port number to communicate roaming information between access points.
  • Page 63: Chapter 6 Wireless Security

    This chapter describes how to use the MAC Filter, 802.1x, Local User Database and RADIUS to Wireless Security Overview Wireless security is vital to your network to protect wireless communication between wireless stations, access points and the wired network. The figure below shows the possible wireless security levels on your ZyAIR. The highest security level relies on EAP (Extensible Authentication Protocol) for authentication and utilizes dynamic WEP key exchange.
  • Page 64: Authentication

    6.2.2 Authentication Three different methods can be used to authenticate wireless stations to the network: Open System, Shared Key, and Auto. The following figure illustrates the steps involved. Wireless Station Open System Authentication Open System Request Shared Key Authentication Shared Key Request Encrypted Challenge Text Open system authentication involves an unencrypted two-message procedure.
  • Page 65: Configuring Wep Encryption

    ZyAIR Access Point Series User’s Guide When your ZyAIR's authentication method is set to open system, it will only accept open system authentication requests. The same is true for shared key authentication. However, when it is set to auto authentication, the ZyAIR will accept either type of authentication request and the ZyAIR will fall back to use open authentication if the shared key does not match.
  • Page 66: Table 6-1 Wireless

    The following table describes the wireless LAN security labels in this screen. LABEL Select Disable to allow wireless stations to communicate with the access points without Encryption any data encryption. Select 64-bit WEP or 128-bit WEP to enable data encryption. Authentication Select Auto, Open System or Shared Key from the drop-down list box.
  • Page 67: Mac Filter

    ZyAIR Access Point Series User’s Guide Table 6-1 Wireless LABEL DESCRIPTION Reset Click Reset to begin configuring this screen afresh. MAC Filter The MAC filter screen allows you to configure the ZyAIR to give exclusive access to up to 32 devices (Allow Association) or exclude up to 32 devices from accessing the ZyAIR (Deny Association).
  • Page 68: Figure 6-4 Mac Address Filter

    ZyAIR Access Point Series User’s Guide Figure 6-4 MAC Address Filter The following table describes the labels in this screen. Table 6-2 MAC Address Filter LABEL DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering. Wireless Security...
  • Page 69: Types Of Radius Messages

    LABEL Filter Action Define the filter action for the list of MAC addresses in the MAC address filter table. Select Deny Association to block access to the router, MAC addresses not listed will be allowed to access the router. Select Allow Association to permit access to the router, MAC addresses not listed will be denied access to the router.
  • Page 70: Eap Authentication Overview

    • Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access. • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access-Request message. The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting: •...
  • Page 71: Dynamic Wep Key Exchange

    Wireless Station The details below provide a general description of how IEEE 802.1x EAP authentication works. For an example list of EAP-MD5 authentication steps, see the IEEE 802.1x appendix. • The wireless station sends a “start” message to the ZyAIR. •...
  • Page 72: Introduction To Local User Database

    Introduction to Local User Database By storing user profiles locally on the ZyAIR, your ZyAIR is able to authenticate wireless users without interacting with a network RADIUS server. However, there is a limit on the number of users you may authenticate in this way.
  • Page 73: Table 6-3 802.1X Authentication

    LABEL Wireless Port To control wireless stations access to the wired network, select a control method from Control the drop-down list box. Choose from No Authentication Required, Authentication Required and No Access Allowed. No Authentication Required allows all wireless stations access to the wired network without entering usernames and passwords.
  • Page 74 LABEL Authentication This field is activated only when you select Authentication Required in the Wireless Databases Port Control field. The authentication database contains wireless station login information. The local user database is the built-in database on the ZyAIR. The RADIUS is an external server.
  • Page 75: Configuring Local User Database

    ZyAIR Access Point Series User’s Guide 6.10 Configuring Local User Database To change your ZyAIR’s local user database, click ADVANCED, WIRELESS and then the Local User Database tab. The screen appears as shown. Figure 6-7 Local User Database Wireless Security 6-13...
  • Page 76: Configuring Radius

    The following table describes the labels in this screen. LABEL Active Select this check box to activate the user profile. User Name Enter the username (up to 31 characters) for this user profile. Password Type a password (up to 31 characters) for this user profile. Note that as you type a password, the screen displays a (*) for each character you type.
  • Page 77: Table 6-5 Radius

    The following table describes the labels in this screen. LABEL Authentication Server Active Select Yes from the drop-down list box to enable user authentication through an external authentication server. Select No to enable user authentication using the local user profile on the ZyAIR. Server IP Address Enter the IP address of the external authentication server in dotted decimal notation.
  • Page 79: Chapter 7 Multiple Ess And Vlan

    Wireless LAN Infrastructures See the Wizard Setup and Wireless Configuration chapters for some basic WLAN scenarios and terminology. 7.1.1 Multiple ESS Traditionally, you needed different APs to configure different ESSs. As well as the cost of buying extra APs, there was also the possibility of channel interference. The ZyAIR’s Multiple ESS (Multi-ESS) function allows multiple ESSs to be configured on just one access point (the ZyAIR).
  • Page 80: Vlan

    ZyAIR Access Point Series User’s Guide Station 1 relays communications via the ZyAIR within the Multi-ESS coverage area and with AP X if it moves to the RD ESS coverage area. Similarly, station 2 relays communications via the ZyAIR within the Multi-ESS coverage area and with AP Y if it moves to the Sales ESS coverage area.
  • Page 81: Multi-Ess With Vlan Example

    ZyAIR Access Point Series User’s Guide If no devices are in the management VLAN, then no one will be able to access the ZyAIR and you will have to restore the default configuration file. 7.2.2 Multi-ESS with VLAN Example In this example, VLAN 2 is the management VLAN and includes the computers in ESS1 and LAN 1. Computers in ESS2 and LAN 2 belong to VLAN 2.
  • Page 82: Figure 7-3 Wireless : Multiple Ess

    ZyAIR Access Point Series User’s Guide Figure 7-3 Wireless : Multiple ESS The following table describes the labels in this screen. Multiple ESS and VLAN...
  • Page 83: Edit Ess

    LABEL Operating Mode Select Multiple ESS in this field to display the screen as shown in Figure 7-3. Choose Channel ID Set the operating frequency/channel depending on your particular region. To manually set the ZyAIR to use a channel, select a channel from the drop- down list box.
  • Page 84: Figure 7-4 Wireless : Edit Ess

    The following table describes the labels in this screen. LABEL ESSID Enter a descriptive name (up to 32 alphanumeric characters) for identification purposes. This name is case sensitive. Active Select this check box to activate this ESS. VLAN ID Enter a number from 1 to 255. ASCII Select this option to enter ASCII characters as the WEP keys.
  • Page 85: Mac Filter Summary

    LABEL Unicast WEP key Key 1 or Key 2 Key 1 or key 2 is used to encrypt unicast transmissions. If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F"). If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal characters ("0-9", "A-F").
  • Page 86: Configuring Vlan

    The following table describes the labels in this screen. LABEL This is the index number of each ESS. ESSID This is the identification name of each ESS. Status This field displays Disable if the MAC filter is inactive, Association Allowed if the MAC filter is active and filter action is allowed or Association Denied if the MAC filter is active but filter action is denied.
  • Page 87: Figure 7-6 Vlan

    The following table describes the labels in this screen. LABEL Enable VLAN Tagging Select this check box to turn on VLAN tagging. Management VLAN ID Enter a number from 1 to 255 to define this VLAN group. At least one device in your network must belong to this VLAN group in order to manage the ZyAIR.
  • Page 89: Chapter 8 Ip Screen

    Factory Ethernet Defaults The Ethernet parameters of the ZyAIR are preset in the factory with the following values: • IP address of 192.168.1.2 • Subnet mask of 255.255.255.0 (24 bits) These parameters should work for the majority of installations. TCP/IP Parameters 8.2.1 IP Address and Subnet Mask Refer to the IP Address and Subnet Mask section in the Wizard Setup chapter for this information.
  • Page 90: Zyair Access Point Series User's Guide

    ZyAIR Access Point Series User’s Guide Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space.
  • Page 91 LABEL Get automatically Select this option if your ZyAIR is using a dynamically assigned IP address from a DHCP server each time. Use fixed IP address Select this option if your ZyAIR is using a static IP address. When you select this option, fill in the fields below.
  • Page 93: Logs

    Logs Part III: LOGS This part provides information and configuration instructions for the logs.
  • Page 94: Chapter 9 Logs Screens

    ZyAIR Access Point Series User’s Guide Chapter 9 Logs Screens This chapter contains information about configuring general log settings and viewing the ZyAIR’s logs. Refer to the appendix for example log message explanations. Configuring View Log The web configurator allows you to look at all of the ZyAIR’s logs in one location. Click ADVANCED and then LOGS to open the View Log screen.
  • Page 95: Configuring Log Settings

    The following table describes the labels in this screen. LABEL Display Select a log category from the drop down list box to display logs within the selected category. To view all logs, select All Logs. The number of categories shown in the drop down list box depends on the selection in the Log Settings page.
  • Page 96: Figure 9-2 Log Settings

    ZyAIR Access Point Series User’s Guide Figure 9-2 Log Settings The following table describes the labels in this screen. Table 9-2 Log Settings LABEL DESCRIPTION Address Info Logs Screens...
  • Page 97 ZyAIR Access Point Series User’s Guide LABEL Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and alert messages will not be sent via e-mail.
  • Page 98 LABEL Send Immediate Alert Select the categories of alerts for which you want the ZyAIR to immediately send e-mail alerts. Apply Click Apply to save your customized settings and exit this screen. Reset Click Reset to reconfigure all the fields in this screen. Logs Screens ZyAIR Access Point Series User’s Guide Table 9-2 Log Settings...
  • Page 99: Maintenance

    Maintenance Part IV: MAINTENANCE This part describes the Maintenance web configurator screens.
  • Page 101: Chapter 10 Maintenance

    This chapter displays system information such as ZyNOS firmware, port IP addresses and port 10.1 Maintenance Overview The maintenance screens can help you view system information, upload new firmware, manage configuration and restart your ZyAIR. 10.2 System Status Screen Click MAINTENANCE to open the System Status screen, where you can use to monitor your ZyAIR. Note that these labels are READ-ONLY and are meant to be used for diagnostic purposes.
  • Page 102: System Statistics

    LABEL ZyNOS Firmware This is the ZyNOS Firmware version and the date created. ZyNOS is ZyXEL's Version proprietary Network Operating System design. Routing Protocols This shows the routing protocol – BRIDGE for which the ZyAIR is configured. IP Address This is the Ethernet port IP address. IP Subnet Mask This is the Ethernet port subnet mask.
  • Page 103: Wireless Screen

    Table 10-2 System Status: Show Statistics LABEL Status This shows the port speed and duplex setting if you are using Ethernet encapsulation for the Ethernet port. This shows the transmission speed only for wireless port. TxPkts This is the number of transmitted packets on this port. RxPkts This is the number of received packets on this port.
  • Page 104: Channel Usage

    The following table describes the labels in this screen. LABEL This is the index number of an associated wireless station. MAC Address This field displays the MAC address of an associated wireless station. Association Time This field displays the time a wireless station first associated with the ZyAIR. This field displays the ESS identification name to which the wireless station is associated.
  • Page 105: Table 10-4 Channel Usage (Zyair B-1000)

    Figure 10-4 Channel Usage (ZyAIR B-1000) The following table describes the labels in this screen. Table 10-4 Channel Usage (ZyAIR B-1000) LABEL This is the index number of the channel currently used by the associated AP in an Channel Infrastructure wireless network or wireless station in an Ad-Hoc wireless network. This field display Yes if the channel is used by another AP or Ad-hoc network within the Activity ZyAIR’s transmission range.
  • Page 106: Figure 10-5 Channel Usage

    The following table describes the labels in this screen. LABEL This is the Service Set IDentification name of the AP in an Infrastructure wireless network or wireless station in an Ad-Hoc wireless network. For our purposes, we define an Infrastructure network as a wireless network that uses an AP and an Ad-Hoc network SSID (also known as Independent Basic Service Set (IBSS)) as one that doesn’t.
  • Page 107: F/W Upload Screen

    LABEL “Network mode” in this screen refers to your wireless LAN infrastructure (refer to the Wireless LAN chapter) and WEP setup. Network Mode Network modes are: Infrastructure (same as an extended service set ESS)), Infrastructure with WEP (WEP encryption is enabled), Ad-Hoc (same as an independent basic service set IBSS)), or Ad-Hoc with WEP.
  • Page 108: Figure 10-7 Firmware Upload In Process

    LABEL File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Click Browse... to find the .bin file you want to upload. Remember that you must decompress Browse...
  • Page 109: Configuration Screen

    ZyAIR Access Point Series User’s Guide If the upload was not successful, the following screen will appear. Click Return to go back to the F/W Upload screen. Figure 10-9 Firmware Upload Error 10.5 Configuration Screen The web configurator uses TFTP to transfer files. See the Firmware and Configuration File Maintenance chapter for transferring configuration files using FTP/TFTP commands.
  • Page 110: Restore Configuration

    ZyAIR Access Point Series User’s Guide Figure 10-10 Backup Configuration 10.5.2 Restore Configuration Restore configuration replaces your ZyAIR's current configuration with a previously saved configuration. Restore files (usually) have a .ROM extension, e.g., "zyair.rom". The system reboots automatically after the file transfer is complete and uses the configured values in the file.
  • Page 111: Figure 10-12 Configuration Upload Successful

    LABEL Type in the location of the file you want to upload in this field or click Browse ... to find it. File Path Click Browse... to find the file you want to upload. Remember that you must decompress Browse... compressed (.ZIP) files before you can upload them.
  • Page 112: Back To Factory Defaults

    ZyAIR Access Point Series User’s Guide If the upload was not successful, the following screen will appear. Click Return to go back to the Configuration screen. Figure 10-14 Configuration Upload Error 10.5.3 Back to Factory Defaults Clicking the Reset button in this section clears all user-entered configuration information and returns the ZyAIR to its factory defaults as shown on the screen.
  • Page 113: Figure 10-16 Reset Warning Message

    ZyAIR Access Point Series User’s Guide Figure 10-16 Reset Warning Message You can also press the RESET button on the rear panel to reset the factory defaults of your ZyAIR. Refer to the Resetting the ZyAIR section for more information on the RESET button. Maintenance 10-13...
  • Page 115: Smt Configuration

    SMT Configuration Part V: SMT CONFIGURATION This part contains SMT (System Management Terminal) configuration and background information for features only configurable by SMT. See the web configurator parts of this guide for background information on features configurable by web configurator and SMT.
  • Page 117: Chapter 11 Introducing The Smt

    This chapter describes how to access the SMT and provides an overview of its menus 11.1 Connect to your ZyAIR Using Telnet The following procedure details how to telnet into your ZyAIR. Step 1. In Windows, click Start (usually in the bottom left corner), Run and then type “telnet 192.168.1.2”...
  • Page 118: Zyair Smt Menu Overview Example

    ZyAIR Access Point Series User’s Guide Figure 11-2 Menu 23.1 System Security : Change Password Step 4. Type your new system password in the New Password field (up to 30 characters), and press [ENTER]. Step 5. Re-type your new system password in the Retype to confirm field for confirmation and press [ENTER].
  • Page 119: Figure 11-3 Zyair B-3000 Smt Menu Overview Example

    ZyAIR B-3000 Main Menu Menu 1 Menu 3 General Setup LAN Setup Menu 3.2 TCP/IP Setup Menu 3.5 Menu 3.5.1 Wireless LAN WLAN MAC Setup Address Filter Menu 3.5.3 Menu 3.5.3.1 ESS x Multiple ESS Configuration Configuration Menu 3.5.4 Bridge Link Configuration Menu 24.5 Menu 24.4...
  • Page 120: Navigating The Smt Interface

    ZyAIR Access Point Series User’s Guide 11.4 Navigating the SMT Interface The SMT (System Management Terminal) is the interface that you use to configure your ZyAIR. Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below.
  • Page 121: System Management Terminal Interface Summary

    Copyright (c) 1994 - 2003 ZyXEL Communications Corp. Getting Started 1. General Setup 3. LAN Setup Advanced Applications 14. Dial-in User Setup 16. VLAN Setup Figure 11-4 ZyAIR B-3000 SMT Main Menu 11.4.1 System Management Terminal Interface Summary MENU TITLE...
  • Page 123: Chapter 12 General Setup

    12.1 General Setup Menu 1 – General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. It is recommended you type your computer's "Computer name". The Domain Name entry is what is propagated to the DHCP clients on the LAN. While you must enter the host name (System Name) on each individual computer, the domain name can be assigned from the ZyAIR via DHCP.
  • Page 124: Table 12-1 Menu 1 General Setup

    ZyAIR Access Point Series User’s Guide FIELD System Name Choose a descriptive name for identification purposes. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes “-” and underscores "_" are accepted. Domain Name This is not a required field.
  • Page 125: Chapter 13 Lan Setup

    13.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 – LAN Setup. From the main menu, enter 3 to display menu 3. Detailed explanation about the LAN Setup menu is given in the next chapter. 13.2 TCP/IP Ethernet Setup Use menu 3.2 to configure your ZyAIR for TCP/IP.
  • Page 126: Wireless Lan Setup

    ZyAIR Access Point Series User’s Guide Follow the instructions in the following table on how to configure the fields in this menu. FIELD IP Address Press [SPACE BAR] and then [ENTER] to select Dynamic to have the Assignment ZyAIR obtain an IP address from a DHCP server. You must know the IP address assigned to the ZyAIR (by the DHCP server) to access the ZyAIR again.
  • Page 127: Figure 13-3 Menu 3.5 Wireless Lan Setup

    Operating Mode= Access Point ESSID= Wireless Hide ESSID= No Channel ID= CH01 2412MHz RTS Threshold= 2432 Frag. Threshold= 2432 WEP Encryption= Disable Default Key= N/A Key1= N/A Key2= N/A Key3= N/A Key4= N/A Authen. Method= N/A Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this menu.
  • Page 128 ZyAIR Access Point Series User’s Guide FIELD Select Disable to allow wireless stations to communicate with the access Encryption points without any data encryption. Select 64-bit WEP or 128-bit WEP to enable data encryption. Default Key Enter the key number (1 to 4) in this field. Only one key can be enabled at any one time.
  • Page 129: Configuring Mac Address Filter

    13.3.1 Configuring MAC Address Filter Your ZyAIR checks the MAC address of the wireless station device against a list of allowed or denied MAC addresses. However, intruders could fake allowed MAC addresses so MAC-based authentication is less secure than EAP authentication. Follow the steps below to create the MAC address table on your ZyAIR.
  • Page 130: Figure 13-5 Menu 3.5.1 Wlan Mac Address Filter

    ZyAIR Access Point Series User’s Guide ------------------------------------------------------------------------------ 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 ------------------------------------------------------------------------------ Figure 13-5 Menu 3.5.1 WLAN MAC Address Filter The following table describes the fields in this menu. Table 13-3 Menu 3.5.1 WLAN MAC Address Filter FIELD Active To enable MAC address filtering, press [SPACE BAR] to select Yes and press [ENTER].
  • Page 131: Configuring Roaming

    13.3.2 Configuring Roaming Enable the roaming feature if you have two or more ZyAIRs on the same subnet. Follow the steps below to allow roaming on your ZyAIR. Step 1. From the main menu, enter 3 to display Menu 3 – LAN Setup. Step 2.
  • Page 132: Configuring Multiple Ess (For Zyair B-3000 Only)

    ZyAIR Access Point Series User’s Guide Table 13-4 Menu 3.5.2 Roaming Configuration FIELD Active Press [SPACE BAR] and then [ENTER] to select Yes to enable roaming on the ZyAIR if you have two or more ZyAIRs on the same subnet. Port # Type the port number to communicate roaming information between access points.
  • Page 133: Figure 13-9 Menu 3.5.3 Multiple Ess Configuration

    Number ------------------------------------------------------------------------------ Wireless CSOB1000 ------------------------------------------------------------------------------ WEP= 64-bit WEP Action= Edit ESS= 0 Figure 13-9 Menu 3.5.3 Multiple ESS Configuration The following table describes the fields in this menu. Table 13-5 Menu 3.5.3 Multiple ESS Configuration FIELD Press [SPACE BAR] to select 64-bit WEP or 128-bit WEP. Action Press [SPACE BAR] to select Edit or Delete.
  • Page 134: Figure 13-10 Menu 3.5.3.1 Ess X Configuration

    ZyAIR Access Point Series User’s Guide Figure 13-10 Menu 3.5.3.1 ESS x Configuration The following table describes the fields in this menu. Table 13-6 Menu 3.5.3.1 ESS x Configuration FIELD ESSID Enter the descriptive name up to 32 alphanumeric characters for identification. This field is case sensitive.
  • Page 135: Configuring Bridge Link (For Zyair B-3000 Only)

    Table 13-6 Menu 3.5.3.1 ESS x Configuration FIELD Edit MAC Address Each service set has its own MAC address filter. Refer to MAC Address Filter section Filter for details. When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel”...
  • Page 136: Figure 13-12 Menu 3.5.4 Bridge Link Configuration

    ZyAIR Access Point Series User’s Guide ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ Figure 13-12 Menu 3.5.4 Bridge Link Configuration The following table describes the fields in this menu. Table 13-7 Menu 3.5.4 Bridge Link Configuration FIELD Active Press [SPACE BAR] to select Yes or No and press [ENTER]. Peer Type the MAC address of peer device in valid MAC address format, that is, Address...
  • Page 137: Chapter 14 Dial-In User Setup

    14.1 Dial-in User Setup By storing user profiles locally, your ZyAIR is able to authenticate wireless users without interacting with a network RADIUS server. Follow the steps below to set up user profiles on your ZyAIR. Step 1. From the main menu, enter 14 to display Menu 14 - Dial-in User Setup. 1.
  • Page 138: Table 14-1 Menu 14.1- Edit Dial-In User

    ZyAIR Access Point Series User’s Guide FIELD User Name Enter a username up to 31 alphanumeric characters long for this user profile. This field is case sensitive. Active Press [SPACE BAR] to select Yes and press [ENTER] to enable the user profile. Password Enter a password up to 31 characters long for this user profile.
  • Page 139: Chapter 15 Vlan Setup

    This chapter explains VLAN Setup menu 16. Refer to the Multiple-ESS and VLAN chapter for background information on VLAN. This chapter is not available on all models. 15.1 VLAN Setup To setup VLAN, select option 16 from the main menu to open Menu 16 – VLAN Setup as shown next. The following table describes the fields in this menu.
  • Page 141: Chapter 16 Snmp Configuration

    ZyAIR Access Point Series User’s Guide Chapter 16 SNMP Configuration This chapter explains SNMP Configuration menu 22. 16.1 About SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your ZyAIR supports SNMP agent functionality, which allows a manager station to manage and monitor the ZyAIR through the network.
  • Page 142: Supported Mibs

    ZyAIR Access Point Series User’s Guide An agent is a management software module that resides in a managed device (the ZyAIR). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions. It executes applications that control and monitor managed devices.
  • Page 143: Snmp Traps

    Figure 16-2 Menu 22 SNMP Configuration The following table describes the SNMP configuration parameters. FIELD SNMP: Type the Get Community, which is the password for the incoming Get Community Get- and GetNext requests from the management station. Set Community Type the Set Community, which is the password for incoming Set requests from the management station.
  • Page 144: Table 16-2 Snmp Traps

    ZyAIR Access Point Series User’s Guide TRAP # TRAP NAME coldStart (defined in RFC-1215) warmStart (defined in RFC-1215) linkUp (defined in RFC-1215) authenticationFailure (defined in RFC-1215) linkDown (defined in RFC-1215) The following table maps the physical port and encapsulation to the interface type. PHYSICAL PORT/ENCAP LAN port(s) Wireless port...
  • Page 145: Chapter 17 System Security

    This chapter describes how to configure the system security on the ZyAIR. 17.1 System Security You can configure the system password, an external RADIUS server and 802.1x in this menu. 17.1.1 System Password You should change the default password. If you forget your password you have to restore the default configuration file.
  • Page 146: Figure 17-3 Menu 23.2 System Security : Radius Server

    ZyAIR Access Point Series User’s Guide Figure 17-3 Menu 23.2 System Security : RADIUS Server The following table describes the fields in this menu. Table 17-1 Menu 23.2 System Security : RADIUS Server FIELD Authentication Server Press [SPACE BAR] to select Yes and press [ENTER] to enable Active user authentication through an external authentication server.
  • Page 147: Figure 17-4 Menu 23 System Security

    Table 17-1 Menu 23.2 System Security : RADIUS Server FIELD Port The default port of the RADIUS server for accounting is 1813. You need not change this value unless your network administrator instructs you to do so with additional information. Shared Secret Specify a password (up to 31 alphanumeric characters) as the key to be shared between the external accounting server and the...
  • Page 148: Figure 17-5 Menu 23.4 System Security : Ieee802.1X

    ZyAIR Access Point Series User’s Guide Wireless Port Control= Authentication Required ReAuthentication Timer (in second)= 1800 Idle Timeout (in second)= 3600 Authentication Databases= RADIUS Only Dynamic WEP Key Exchange= Disable Figure 17-5 Menu 23.4 System Security : IEEE802.1x The following table describes the fields in this menu. Table 17-2 Menu 23.4 System Security : IEEE802.1x FIELD Wireless Port...
  • Page 149 Table 17-2 Menu 23.4 System Security : IEEE802.1x FIELD Authentication This field is activated only when you select Authentication Required in the Wireless Port Control field. Databases The authentication database contains wireless station login information. The local user database is the built-in database on the ZyAIR. The RADIUS is an external server. Use this field to decide which database the ZyAIR should use (first) to authenticate a wireless station.
  • Page 151: Chapter 18 System Information And Diagnosis

    System Information and Diagnosis This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software. This chapter describes how to use these tools in detail. Type 24 in the main menu and press [ENTER] to open Menu 24 following figure.
  • Page 152: Figure 18-2 Menu 24.1 System Maintenance : Status

    ZyAIR Access Point Series User’s Guide Port Status 100M/Full WLAN Port Ethernet Address 00:A0:C5:01:23:45 WLAN 00:A0:C5:01:23:45 System up Time: Name: B-3000 ZyNOS F/W Version: V3.50(HC.0)b3 | 06/23/2003 Figure 18-2 Menu 24.1 System Maintenance : Status The following table describes the fields present in this menu. Table 18-1 Menu 24.1 System Maintenance : Status FIELD Port...
  • Page 153: System Information

    Table 18-1 Menu 24.1 System Maintenance : Status FIELD System Up Time This is the time the ZyAIR is up and running from the last reboot. 18.2 System Information To get to the System Information: Step 1. Enter 24 to display Menu 24 – System Maintenance. Step 2.
  • Page 154: Console Port Speed

    Refers to the routing protocol used. ZyNOS F/W Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. Version ZyNOS is a registered trademark of ZyXEL Communications Corporation. Country Code Refers to the country code of the firmware. Ethernet Address Refers to the Ethernet MAC (Media Access Control) of your ZyAIR.
  • Page 155: Log And Trace

    18.3 Log and Trace Your ZyAIR provides the error logs and trace records that are stored locally. 18.3.1 Viewing Error Log The first place you should look for clues when something goes wrong is the error log. Follow the procedures to view the local error/trace log: Step 1.
  • Page 156: Figure 18-8 Menu 24.4 System Maintenance : Diagnostic

    ZyAIR Access Point Series User’s Guide Figure 18-8 Menu 24.4 System Maintenance : Diagnostic Follow the procedure next to get to display this menu: Step 1. From the main menu, type 24 to open Menu 24 – System Maintenance. Step 2. From this menu, type 4.
  • Page 157: Chapter 19 Firmware And Configuration File Maintenance

    ZyAIR Access Point Series User’s Guide Chapter 19 Firmware and Configuration File Maintenance This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files using the SMT screens. 19.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password and TCP/IP Setup, etc.
  • Page 158: Backup Configuration

    ZyAIR Access Point Series User’s Guide FILE TYPE INTERNAL NAME Configuration File Rom-0 Firmware 19.2 Backup Configuration Option 5 from Menu 24 – System Maintenance allows you to backup the current ZyAIR configuration to your computer. Backup is highly recommended once your ZyAIR is functioning properly. FTP is the preferred method, although TFTP can also be used.
  • Page 159: Using The Ftp Command From The Dos Prompt

    19.2.2 Using the FTP command from the DOS Prompt Step 1. Launch the FTP client on your computer. Step 2. Enter “open” and the IP address of your ZyAIR. Step 3. Press [ENTER] when prompted for a username. Step 4. Enter “root”...
  • Page 160: Backup Configuration Using Tftp

    ZyAIR Access Point Series User’s Guide Table 19-2 General Commands for Third Party FTP Clients COMMAND Initial Remote Specify the default remote directory (path). Directory Initial Local Specify the default local directory (path). Directory 19.2.3 Backup Configuration Using TFTP The ZyAIR supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN.
  • Page 161: Restore Configuration

    where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the ZyAIR IP address, “get” transfers the file source on the ZyAIR (rom-0 name of the configuration file on the ZyAIR) to the file destination on the computer and renames it config.rom. The following table describes some of the fields that you may see in third party TFTP clients.
  • Page 162: Uploading Firmware And Configuration Files

    ZyAIR Access Point Series User’s Guide To transfer the firmware and the configuration file, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your router. Then type "root" and SMT password as requested.
  • Page 163: Firmware Upload

    19.4.1 Firmware Upload FTP is the preferred method for uploading the firmware and configuration. To use this feature, your computer must have an FTP client. When you telnet into the ZyAIR, you will see the following screens for uploading firmware and the configuration file using FTP.
  • Page 164: Using The Ftp Command From The Dos Prompt Example

    ZyAIR Access Point Series User’s Guide Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload the system configuration file, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your system. Then type "root" and SMT password as requested.
  • Page 165: Tftp File Upload

    331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> put firmware.bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 327680 bytes sent in 1.10Seconds 297.89Kbytes/sec. ftp>...
  • Page 166: Example: Tftp Command

    ZyAIR Access Point Series User’s Guide 19.4.5 Example: TFTP Command The following is an example TFTP command: TFTP [-i] host put firmware.bin ras where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the ZyAIR’s IP address, “put”...
  • Page 167: Chapter 20 System Maintenance And Information

    ? at the command prompt. Type “exit” to return to the SMT main menu when finished. Menu 24 – System Maintenance 10. Time and Date Setting Enter Menu Selection Number: Figure 20-1 Menu 24 System Maintenance Copyright (c) 1994 - 2003 ZyXEL Communications Corp. B-3000> ? Valid commands are: exit config wlan...
  • Page 168: Time And Date Setting

    ZyAIR Access Point Series User’s Guide 20.2 Time and Date Setting The ZyAIR keeps track of the time and date. There is also a software mechanism to set the time manually or get the current time and date from an external server when you turn on your ZyAIR. Menu 24.10 allows you to update the time and date settings of your ZyAIR.
  • Page 169: Resetting The Time

    Table 20-1 Menu 24.10 System Maintenance : Time and Date Setting FIELD Use Time Server Enter the time service protocol that your time server sends when you turn on the when Bootup ZyAIR. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.
  • Page 171: Appendices

    Appendices Part VI: APPENDICES This part provides troubleshooting and background information about setting up your computer’s IP address, wireless LAN, 802.1x, PPPoE, PPTP and IP subnetting. It also provides information on the antenna, PoE, command interpreter interface, NetBIOS commands and logs.
  • Page 173: Problems Starting Up The Zyair

    This appendix covers potential problems and possible remedies. After each problem description, some instructions are provided to help you to diagnose and to solve the problem. Problems Starting Up the ZyAIR Chart A-1 Troubleshooting the Start-Up of Your ZyAIR PROBLEM None of the LEDs Make sure you are using the supplied power adaptor and that it is plugged in to an turn on when I...
  • Page 174: Problems With The Password

    ZyAIR Access Point Series User’s Guide Chart A-2 Troubleshooting the Ethernet Interface PROBLEM I cannot ping any If the ETHN LED on the front panel is off, check the Ethernet cable connections computer on the between your ZyAIR and the Ethernet device. LAN.
  • Page 175: Problems With The Wlan Interface

    Problems with the WLAN Interface Chart A-5 Troubleshooting the WLAN Interface PROBLEM Cannot access the Make sure the wireless card is properly inserted in the ZyAIR and the link LED is on. ZyAIR from the Make sure the wireless adapter on the wireless station is working properly. WLAN.
  • Page 177: Appendix B Brute-Force Password Guessing Protection

    Brute-Force Password Guessing The following describes the commands for enabling, disabling and configuring the brute-force password guessing protection mechanism for the password. See the Command Interpreter appendix for information on the command structure. Chart B-1 Brute-Force Password Guessing Protection Commands COMMAND sys pwderrtm This command displays the brute-force guessing password protection settings.
  • Page 179: Appendix C Setting Up Your Computer's Ip Address

    ZyAIR Access Point Series User’s Guide Appendix C Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer.
  • Page 180 ZyAIR Access Point Series User’s Guide If you need the adapter: In the Network window, click Add. Select Adapter and then click Add. Select the manufacturer and model of your network adapter and then click OK. If you need TCP/IP: In the Network window, click Add.
  • Page 181 Click the IP Address tab. -If your IP address is dynamic, select Obtain an IP address automatically. -If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields. Click the DNS Configuration tab.
  • Page 182: Verifying Your Computer's Ip Address

    ZyAIR Access Point Series User’s Guide Click the Gateway tab. -If you do not know your gateway’s IP address, remove previously installed gateways. -If you have a gateway IP address, type it in the New gateway field and click Add. Click OK to save and close the TCP/IP Properties window.
  • Page 183 For Windows XP, click start, Control Panel. In Windows 2000/NT, click Start, Settings, Control Panel. For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Setting Up Your Computer’s IP Address ZyAIR Access Point Series User’s Guide Right-click Local Area Connection and then click Properties.
  • Page 184 ZyAIR Access Point Series User’s Guide Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). -If you have a dynamic IP address click Obtain an IP address automatically.
  • Page 185 ZyAIR Access Point Series User’s Guide -If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: -In the IP Settings tab, in IP addresses, click Add.
  • Page 186 ZyAIR Access Point Series User’s Guide In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): -Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). -If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
  • Page 187 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. Select Ethernet built-in from the Connect via list. For dynamically assigned settings, select Using DHCP Server from the Configure: list. Setting Up Your Computer’s IP Address ZyAIR Access Point Series User’s Guide...
  • Page 188: Macintosh Os X

    ZyAIR Access Point Series User’s Guide For statically assigned settings, do the following: -From the Configure box, select Manually. -Type your IP address in the IP Address box. -Type your subnet mask in the Subnet mask box. -Type the IP address of your ZyAIR in the Router address box. Close the TCP/IP Control Panel.
  • Page 189 Click Network in the icon bar. - Select Automatic from the Location list. - Select Built-in Ethernet from the Show list. - Click the TCP/IP tab. For dynamically assigned settings, select Using DHCP from the Configure list. For statically assigned settings, do the following: -From the Configure box, select Manually.
  • Page 191: Benefits Of A Wireless Lan

    Wireless LAN and IEEE 802.11 A wireless LAN (WLAN) provides a flexible data communications system that you can use to access various services (navigating the Internet, email, printer services, etc.) without the use of a cabled connection. In effect a wireless LAN environment provides you the freedom to stay connected to the network while roaming around in the coverage area.
  • Page 192: Ad-Hoc Wireless Lan Configuration

    ZyAIR Access Point Series User’s Guide unlicensed ISM (Industrial, Scientific and Medical) band. The third method is infrared technology, using very high frequencies, just below visible light in the electromagnetic spectrum to carry data. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless nodes or stations (STA), which is called a Basic Service Set (BSS).
  • Page 193 ZyAIR Access Point Series User’s Guide The Extended Service Set (ESS) shown in the next figure consists of a series of overlapping BSSs (each containing an Access Point) connected together by means of a Distribution System (DS). Although the DS could be any type of network, it is almost invariably an Ethernet LAN.
  • Page 195: Appendix E Wireless Lan With Ieee 802.1X

    Wireless LAN With IEEE 802.1x As wireless networks become popular for both portable computing and corporate networks, security is now a priority. Security Flaws with IEEE 802.11 Wireless networks based on the original IEEE 802.11 have a poor reputation for safety. The IEEE 802.11b wireless access standard, first published in 1999, was based on the MAC address.
  • Page 196 ZyAIR Access Point Series User’s Guide The following figure depicts a typical wireless network with a remote RADIUS server for user authentication using EAPOL (EAP Over LAN). Diagram E-1 Sequences for EAP MD5–Challenge Authentication RADIUS Server Authentication Sequence Client computer access authorized.
  • Page 197: Appendix F Types Of Eap Authentication

    ZyAIR Access Point Series User’s Guide Appendix F Types of EAP Authentication This appendix discusses the four popular EAP authentication types: EAP-MD5, EAP-TLS, EAP-TTLS and PEAP. The type of authentication you use depends on the RADIUS server or the AP. Consult your network administrator for more information.
  • Page 198: Comparison Of Eap Authentication Types

    ZyAIR Access Point Series User’s Guide hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5 and EAP- MSCHAPv2, for client authentication. For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, simple user name and password pair is more practical.
  • Page 199: Appendix G Power Over Ethernet Specifications

    Power over Ethernet Specifications You can use a power over Ethernet injector to power this device. The injector must comply to IEEE 802.3af. Chart 1 Power over Ethernet Injector Specifications Power Output Power Current Chart G-2 Power over Ethernet Injector RJ-45 Port Pin Assignments 1 2 3 4 5 6 7 8 Power over Ethernet Specifications ZyAIR Access Point Series User’s Guide...
  • Page 201: Antenna Characteristics

    Antenna Selection and Positioning An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air.
  • Page 202: Connector Type

    ZyAIR Access Point Series User’s Guide environment. With a wide coverage area, it is possible to make circular overlapping coverage areas with multiple access points. • Directional antennas concentrate the RF signal in a beam, like a flashlight. The angle of the beam width determines the direction of the coverage pattern;...
  • Page 203: Pppoe In Action

    PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your PC to an ATM PVC (Permanent Virtual Circuit), which connects to a DSL Access Concentrator where the PPP session terminates (see the next figure). One PVC can support any number of PPP sessions from your LAN. PPPoE provides access control and billing functionality in a manner similar to dial-up services using PPP.
  • Page 204: How Pppoe Works

    ZyAIR Access Point Series User’s Guide How PPPoE Works The PPPoE driver makes the Ethernet appear as a serial link to the PC and the PC runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC). Between the AC and an ISP, the AC is acting as a L2TP (Layer 2 Tunneling Protocol) LAC (L2TP Access Concentrator) and tunnels the PPP frames to the ISP.
  • Page 205: Appendix Jpptp

    ZyAIR Access Point Series User’s Guide Appendix J PPTP What is PPTP? PPTP (Point-to-Point Tunneling Protocol) is a Microsoft proprietary protocol (RFC 2637 for PPTP is informational only) to tunnel PPP frames. How can we transport PPP frames from a PC to a broadband modem over Ethernet? A solution is to build PPTP into the ANT (ADSL Network Termination) where PPTP is used only over the short haul between the PC and the modem over Ethernet.
  • Page 206: Pptp Protocol Overview

    ZyAIR Access Point Series User’s Guide PPTP Protocol Overview PPTP is very similar to L2TP, since L2TP is based on both PPTP and L2F (Cisco’s Layer 2 Forwarding). Conceptually, there are three parties in PPTP, namely the PNS (PPTP Network Server), the PAC (PPTP Access Concentrator) and the PPTP user.
  • Page 207: Ppp Data Connection

    ZyAIR Access Point Series User’s Guide Diagram J-3 Example Message Exchange between PC and an ANT PPP Data Connection The PPP frames are tunneled between the PNS and PAC over GRE (General Routing Encapsulation, RFC 1701, 1702). The individual calls within a tunnel are distinguished using the Call ID field in the GRE header.
  • Page 209: Appendix K Ip Subnetting

    IP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1.
  • Page 210: Subnet Masks

    ZyAIR Access Point Series User’s Guide A class “A” address (24 host bits) can have 2 Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127. Similarly the first octet of a class “B”...
  • Page 211: Example: Two Subnets

    sequence of ones beginning from the left most bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits. Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet.
  • Page 212 ZyAIR Access Point Series User’s Guide Divide the network 192.168.1.0 into two separate subnets by converting one of the host ID bits of the IP address to a network number bit. The “borrowed” host ID bit can be either “0” or “1” thus giving two subnets;...
  • Page 213: Example: Four Subnets

    to an actual host for the first subnet is 192.168.1.1 and the highest is 192.168.1.126. Similarly the host ID range for the second subnet is 192.168.1.129 to 192.168.1.254. Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide a class “C” address space into two subnets.
  • Page 214: Example Eight Subnets

    ZyAIR Access Point Series User’s Guide Subnet Mask (Binary) Subnet Address: 192.168.1.128 Broadcast Address: 192.168.1.191 IP Address IP Address (Binary) Subnet Mask (Binary) Subnet Address: 192.168.1.192 Broadcast Address: 192.168.1.255 Example Eight Subnets Similarly use a 27-bit mask to create 8 subnets (001, 010, 011, 100, 101, 110). The following table shows class C IP address last octet values for each subnet.
  • Page 215: Subnetting With Class A And Class B Networks

    The following table is a summary for class “C” subnet planning. NO. “BORROWED” HOST BITS Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID.
  • Page 216 ZyAIR Access Point Series User’s Guide NO. “BORROWED” HOST BITS Chart K-13 Class B Subnet Planning SUBNET MASK NO. SUBNETS 255.255.255.128 (/25) 255.255.255.192 (/26) 255.255.255.224 (/27) 255.255.255.240 (/28) 255.255.255.248 (/29) 255.255.255.252 (/30) 255.255.255.254 (/31) NO. HOSTS PER SUBNET 1024 2048 4096 8192 16384...
  • Page 217: Command Syntax

    ZyAIR Access Point Series User’s Guide Appendix L Command Interpreter The following describes how to use the command interpreter. Enter 24 in the main menu to bring up the system maintenance menu. Enter 8 to go to Menu 24.8 - Command Interpreter Mode. See the included disk or zyxel.com for more detailed information on these commands.
  • Page 219: Display Netbios Filter Settings

    The following describes the NetBIOS packet filter commands. See the Command Interpreter appendix for information on the command structure. Introduction NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls.
  • Page 220: Netbios Filter Configuration

    ZyAIR Access Point Series User’s Guide NAME WAN to LAN This field displays whether NetBIOS packets are blocked or forwarded from the WAN to the LAN. IPSec This field displays whether NetBIOS packets sent through a VPN Packets connection are blocked or forwarded. Trigger dial This field displays whether NetBIOS packets are allowed to initiate calls.
  • Page 221: Appendix N Log Descriptions

    LOG MESSAGE %s exceeds the max. number of session per host! LOG MESSAGE Time calibration is successful Time calibration failed DHCP client gets %s DHCP client IP expired DHCP server assigns SMT Login Successfully SMT Login Fail WEB Login Successfully WEB Login Fail TELNET Login Successfully...
  • Page 222 ZyAIR Access Point Series User’s Guide FTP Login Successfully FTP Login Fail NAT Session Table is Full! TYPE CODE Echo Reply Echo reply message Destination Unreachable Net unreachable Host unreachable Protocol unreachable Port unreachable A packet that needed fragmentation was dropped because it was set to Don't Fragment (DF) Source route failed Source Quench...
  • Page 223: Log Commands

    TYPE CODE Echo Echo message Time Exceeded Time to live exceeded in transit Fragment reassembly time exceeded Parameter Problem Pointer indicates the error Timestamp Timestamp request message Timestamp Reply Timestamp reply message Information Request Information request message Information Reply Information reply message LOG MESSAGE Mon dd hr:mm:ss hostname src="<srcIP:srcPort>"...
  • Page 224: Log Command Example

    ZyAIR Access Point Series User’s Guide Configuring What You Want the ZyAIR to Log Use the sys logs load command to load the log setting buffer that allows you to configure which logs the ZyAIR is to record. Use sys logs category followed by a log category and a parameter to decide what to record Chart N-5 Log Categories and Available Settings LOG CATEGORIES error...
  • Page 225 ZyAIR Access Point Series User’s Guide message 0|11/11/2002 15:10:12 |172.22.3.80:137 |172.22.255.255:137 |ACCESS BLOCK Log Description...
  • Page 227: Appendix O Power Adaptor Specifications

    Power Adaptor Specifications AC Power Adaptor Model Input Power Output Power Power Consumption Safety Standards AC Power Adaptor Model Input Power Output Power Power Consumption Safety Standards AC Power Adaptor Model Input Power Output Power Power Consumption Safety Standards AC Power Adaptor Model Input Power Output Power Power Consumption...
  • Page 228 ZyAIR Access Point Series User’s Guide AC Power Adaptor Model Input Power Output Power Power Consumption Safety Standards AUSTRALIA AND NEW ZEALAND PLUG STANDARDS AC Power Adaptor Model Input Power Output Power Power Consumption Safety Standards JAPAN PLUG STANDARDS JOD-48-1124 AC100Volts/ 50/60Hz/ 27VA DC12Volts/1.2A 10 W...
  • Page 229: Appendix P Index

    Address Assignment...3-5, 8-1 Ad-hoc Configuration... D-2 Alternative Subnet Mask Notation ... K-3 Antenna Directional ... G-2 Omni-directional ... G-1 Types... G-1 Antenna gain ... G-1 Applications ...1-6 auto-negotiation...1-2 backup ...19-2 Backup...10-9 Basic Service Set ... D-2 BSS... See Basic Service Set CA ...F-1 Certificate Authority...
  • Page 230 ZyAIR Access Point Series User’s Guide Hidden Menus...11-4 Host ...4-3 Host IDs...K-1 IBSS... See Independent Basic Service Set IEEE 802.11 ...D-1 Deployment Issues ... E-1 Security Flaws... E-1 IEEE 802.1x ...E-1, 1-5 Advantages... E-1 Independent Basic Service Set... D-2, 5-1, 10-6 Infrastructure Configuration ...D-3 Internet access...13-1 Internet Access ...1-7...
  • Page 231 Trap...16-2 Traps ...16-3, 16-4 Trusted Host...16-3 Subnet Mask... 3-6, 8-1, 13-2, 18-4 Subnet Masks ... K-2 Subnetting ... K-3 Supporting Disk... xvii System Console Port Speed Diagnostic Log and Trace System Information...18-3 System Status...18-1 Time and Date...20-2 System Information ...18-3 System Information &...

This manual is also suitable for:

ZyairZyair b-1000 v.2Zyair b-3000

Table of Contents