Page 1 User’s Guide NWA1000 Series 802.11 a/b/g/n/ac Hybrid Access Points Default Login Details Version 5.46 Edition 1, 04/2019 LAN IP Address http://192.168.1.2 DHCP-assigned User Name admin Password 1234 Copyright © 2019 Zyxel Communications Corporation...
Page 2 Related Documentation • Quick Start Guide The Quick Start Guide shows how to connect the NWA1000 Series and access the Web Configurator. • CLI Reference Guide The CLI Reference Guide explains how to use the Command-Line Interface (CLI) and CLI commands to configure the NWA1000 Series.
Page 3: Document Conventions
IP Setting tab to get to that screen. Icons Used in Figures Figures in this guide may use the following generic icons. The NWA1000 Series icon is not an exact representation of your device. NWA1000 Series...
Page 4: Table Of Contents
LEDs ..............................183 Antenna Switch ..........................186 Reboot ..............................188 Shutdown ............................. 189 Local Management in Cloud Mode .....................190 Cloud Mode ............................191 The Web Configurator ........................193 Dashboard ............................197 Network ............................... 199 Troubleshooting ..........................203 NWA1000 Series User’s Guide...
Page 5: Table Of Contents
3.1.4 NWA1302-AC ........................23 3.2 Cloud Mode LEDs ........................... 24 3.2.1 NWA1123-AC PRO ........................ 24 3.2.2 NWA1123-ACv2 ........................26 3.2.3 NWA1123-AC HD ........................26 3.2.4 NWA1302-AC ......................... 28 Part I: Standalone Configuration ..............30 Chapter 4 Standalone Mode ..........................31 NWA1000 Series User’s Guide...
Page 6 Table of Contents 4.1 Overview ............................31 4.2 Ways to Manage the NWA1000 Series ..................31 4.3 Good Habits for Managing the NWA1000 Series ................ 32 4.4 Starting and Stopping the NWA1000 Series ................. 32 Chapter 5 The Web Configurator........................34 5.1 Overview ............................
Page 7 12.1 Overview ............................98 12.1.1 What You Can Do in this Chapter ..................98 12.1.2 What You Need To Know ....................98 12.2 Radio .............................. 99 12.2.1 Add/Edit Radio Profile ...................... 100 12.3 SSID .............................. 105 NWA1000 Series User’s Guide...
Page 8 15.3 Date and Time ........................... 136 15.3.1 Pre-defined NTP Time Servers List ..................139 15.3.2 Time Server Synchronization .................... 139 15.4 WWW Overview .......................... 140 15.4.1 Service Access Limitations ....................140 15.4.2 System Timeout ........................140 15.4.3 HTTPS ........................... 141 NWA1000 Series User’s Guide...
Page 9 15.4.5 HTTPS Example ........................142 15.5 SSH ............................... 148 15.5.1 How SSH Works ........................149 15.5.2 SSH Implementation on the NWA1000 Series ..............150 15.5.3 Requirements for Using SSH ....................150 15.5.4 Configuring SSH ......................... 150 15.5.5 Examples of Secure Telnet Using SSH ................151 15.6 Telnet ............................
Page 10 Chapter 23 Cloud Mode .............................191 23.1 Overview ............................ 191 23.2 Ways to Manage the NWA1000 Series ..................191 23.3 Good Habits for Managing the NWA1000 Series ..............192 Chapter 24 The Web Configurator........................193 24.1 Overview ............................. 193 24.2 Access ............................193 24.3 Navigating the Web Configurator ...................
Page 11 Chapter 27 Troubleshooting..........................203 27.1 Overview ............................. 203 27.2 Power, Hardware Connections, and LED ................203 27.3 NWA1000 Series Access and Login ..................204 27.4 Internet Access ........................... 206 27.5 Wireless Connections ......................... 207 27.6 Resetting the NWA1000 Series ....................210 27.7 Getting More Troubleshooting Help ..................
Page 12: Introduction
512 event logs and 1024 debug logs messages You can set the NWA1000 Series to operate in either standalone or cloud mode. Cloud mode means the device is managed over the Internet using Nebula Control Center (NCC), as discussed in...
Page 13: Applications
The Service Set IDentifier (SSID) is the name of a BSS. In Multiple BSS (MBSSID) mode, the NWA1000 Series provides multiple virtual APs, each forming its own BSS and using its own individual SSID profile.
Page 14: Dual-Radio
Figure 1 Multiple BSSs 1.2.2 Dual-Radio Some of the NWA1000 Series models are equipped with dual wireless radios. This means you can configure two different wireless networks to operate simultaneously. Note: A different channel should be configured for each WLAN interface to reduce the effects of radio interference.
Page 15 Chapter 1 Introduction Figure 2 Dual-Radio Application NWA1000 Series User’s Guide...
Page 16: Management Modes
H A P T E R Management Modes 2.1 Management Mode The NWA1000 Series is a hybrid access point, which means it can work either in standalone mode or in Nebula Cloud Management Mode (cloud mode). Standalone By default, the NWA1000 Series serves as a normal AP and is to be configured using its built-in web...
Page 17: Standalone Ap Roles
2.2.1 Root AP The NWA1000 Series (Z) can act as the root AP in a wireless network and also allow repeaters (X and Y) to extend the range of its wireless network at the same time. In the figure below, both clients A, B and C can access the wired network through the root AP.
Page 18: Repeater
Using Repeater mode, your NWA1000 Series can extend the range of the WLAN. In the figure below, the NWA1000 Series in Repeater mode (Z) has a wireless connection to the NWA1000 Series in Root AP mode (X) which is connected to a wired network and also has a wireless connection to another NWA1000 Series in Repeater mode (Y) at the same time.
Page 19: Hardware
See your Quick Start Guide for information on making hardware connections. 3.1 Standalone Mode LEDs The LEDs of your NWA1000 Series can be controlled by using the Suppression feature such that the LEDs stay lit (ON) or OFF after the device is ready.
Page 20 Green The NWA1000 Series is ready for use. There is system error and the NWA1000 Series cannot boot up, or the NWA1000 Series suffered a system failure. Fast Blinking (On for 50 The NWA1000 Series is doing firmware upgrade. ms, Off for 50 ms) Slow Blinking (Blink for 3 The Uplink port is disconnected.
Page 21: Nwa1123-Acv2
Green 1 second alternatively. Green Steady On The NWA1000 Series is ready for use and its wireless interface is activated. Slow Blinking (On for 1 The wireless module of the NWA1000 Series is disabled or failed. sec, Off for 1 sec) Steady On The NWA1000 Series failed to boot up or is experience system failure.
Page 22 1 second alternatively. Green Green Slow Blinking (On for 1 The wireless module of the NWA1000 Series is disabled or fails, second, Off for 1 second) the NWA1000 Series is using default wireless settings. Green Steady On The NWA1000 Series is ready for use, the NWA1000 Series’s...
Page 23: Nwa1302-Ac
Green Green The NWA1000 Series is ready for use. Slow Blinking (On for 1 The wireless module of the NWA1000 Series is disabled or sec, Off for 1 sec) failed. There is system error and the NWA1000 Series cannot boot up, or the NWA1000 Series suffered a system failure.
Page 24: Cloud Mode Leds
The LAN port is not connected. 3.2 Cloud Mode LEDs Following are LED descriptions for the NWA1000 Series series models in cloud mode. 3.2.1 NWA1123-AC PRO The LEDs will stay ON when the NWA1123-AC PRO is ready. You can change this setting through the NCC (Nebula Control Center).
Page 25 The wireless module of the NWA1000 Series is disabled or sec, Off for 1 sec) failed. There is a system error and the NWA1000 Series cannot boot up, or the NWA1000 Series suffered a system failure. Fast Blinking (On for 50 The NWA1000 Series is undergoing firmware upgrade.
Page 26: Nwa1123-Acv2
3 seconds. Green The NWA1000 Series is ready for use and its wireless interface is activated. Slow Blinking (On for 1 The wireless module of the NWA1000 Series is disabled or failed, or sec, Off for 1 sec) the NWA1000 Series is connected to the NCC, but not registered.
Page 27 3 seconds. Green Slow Blinking (On for 1 The wireless module of the NWA1000 Series is disabled or fails, second, Off for 1 second) the NWA1000 Series is in cloud mode but not registered with the NCC.
Page 28: Nwa1302-Ac
Green Green The NWA1000 Series is ready for use. Slow Blinking (On for 1 The wireless module of the NWA1000 Series is disabled or sec, Off for 1 sec) failed. There is a system error and the NWA1000 Series cannot boot up, or the NWA1000 Series suffered a system failure.
Page 29 Amber - The port is operating as a 10/100-Mbps Green connection. Green - The port is operating as a Gigabit connection (1000 Mbps). Blinking The LAN port is sending/receiving data through the port. The LAN port is not connected. NWA1000 Series User’s Guide...
Page 30: Standalone Configuration
Standalone Configuration...
Page 31: Standalone Mode
4.1 Overview The NWA1000 Series operates in standalone mode by default. Use the web configurator to manage and configure it directly. As shown in the following figure, wireless clients can connect to the NWA1000 Series (A) to access network resources.
Page 32: Good Habits For Managing The Nwa1000 Series
If you forget your password, you will have to reset the NWA1000 Series to its factory default settings. If you backed up an earlier configuration file, you won’t have to totally re-configure the NWA1000 Series; you can simply restore your last configuration.
Page 33 It does not stop the system processes or write cached data to local storage. The NWA1000 Series does not stop or start the system processes when you apply configuration files or run shell scripts although you may temporarily lose access to network resources.
Page 34: The Web Configurator
13) and hardware is properly connected. See the Quick Start Guide. If the NWA1000 Series and your computer are not connected to a DHCP server, make sure your computer’s IP address is in the range between "192.168.1.3" and "192.168.1.254". Browse to the NWA1000 Series’s DHCP-assigned IP address or http://192.168.1.2. The Login screen appears.
Page 35 Click the Visit button if you want to open the Zyxel Nebula Control Center (NCC) login page in a new tab or window. The NCC is a cloud-based network management system that allows you to remotely manage and monitor the NWA1000 Series in cloud mode (see Section 1.2.1 on page 13).
Page 36: Navigating The Web Configurator
Each time you log into the web configurator, a Message center screen will pop up showing the QR code of the NWA1000 Series. Use the Zyxel Nebula Mobile app to scan the QR code. The NWA1000 Series will be registered and assigned to an existing site/organization in the NCC automatically. Click OK to close the screen.
Page 37: Title Bar
Help Click this to open the help page for the current screen. About Click this to display basic information about the NWA1000 Series. Site Map Click this to see an overview of links to the Web Configurator screens. Object...
Page 38 Click this to open the NCC web site login page in a new tab or window. About Click About to display basic information about the NWA1000 Series. Figure 15 About The following table describes labels that can appear in this screen.
Page 39 This field is a sequential value, and it is not associated with any entry. Service This is the type of setting that references the selected object. Click a service’s name to display the service’s configuration screen in the main window. NWA1000 Series User’s Guide...
Page 40: Navigation Panel
Note: See the Command Reference Guide for information about the commands. 5.3.2 Navigation Panel Use the menu items on the navigation panel to open screens to configure NWA1000 Series features. Click the arrow in the middle of the right edge of the navigation panel to hide the navigation panel menus or drag it to resize them.
Page 41 Display information about suspected rogue APs. Device View Log Display log entries for the NWA1000 Series. Configuration Menu Use the configuration menu screens to configure the NWA1000 Series’s features. Table 15 Configuration Menu Screens Summary FOLDER OR LINK FUNCTION Network IP Setting Configure the IP address for the NWA1000 Series Ethernet interface.
Page 42 Trusted Certificates Import and manage certificates from trusted sources. System Host Name Host Name Configure the system and domain name for the NWA1000 Series. Date/Time Date/Time Configure the current date, time, and time zone in the NWA1000 Series. Service Control Configure HTTP, HTTPS, and general authentication.
Page 43: Warning Messages
Table 16 Maintenance Menu Screens Summary (continued) FOLDER OR LINK FUNCTION LEDs Suppression Enable this feature to keep the LEDs off after the NWA1000 Series starts. Locator Enable this feature to see the actual location of the NWA1000 Series between several devices in the network.
Page 44 Use the icons and fields at the bottom of the table to navigate to different pages of entries and control how many entries display at a time. NWA1000 Series User’s Guide...
Page 45 For those types of tables small red triangles display for table entries with changes that you have not yet applied. Remove To remove an entry, select it and click Remove. The NWA1000 Series confirms you want to remove it before doing so. Activate To turn on an entry, select it and click Activate.
Page 46: Setup Wizard
Setup Wizard 6.1 Accessing the Wizard When you log into the Web Configurator for the first time or when you reset the NWA1000 Series to its default configuration, the wizard screen displays. Note: If you have already configured the wizard screens and want to open it again, click the Wizard icon on the upper right corner of any Web Configurator screen.
Page 47: Step 2 Password And Uplink Connection
Uplink Connection: Select Auto (DHCP) if the NWA1000 Series is connected to a router with the DHCP server enabled. You then need to check the router for the IP address assigned to the NWA1000 Series in order to access the NWA1000 Series’s web configurator again.
Page 48: Step 3 Radio
2.4GHz or 5GHz wireless LAN. The options vary depending on the frequency band and the country you are in. • Maximum Output Power: Enter the maximum output power of the NWA1000 Series. If there is a high density of APs in an area, decrease the output power of the NWA1000 Series to reduce interference with other APs.
Page 49: Step 4 Ssid
Section 6.2.4.1 on page 49 for more information. Note: You cannot add or remove an SSID profile after running the setup wizard. Figure 24 Wizard: SSID 6.2.4.1 Edit SSID Profile Use this screen to configure an SSID profile. NWA1000 Series User’s Guide...
Page 50 • Status - Select Activate to enable the SSID profile. Otherwise, select Inactive to disable the profile. • VLAN ID: Enter a VLAN ID for the NWA1000 Series to use to tag traffic originating from this SSID. • Band Mode: Select the wireless band which this profile should use. 2.4 GHz is the frequency used by IEEE 802.11b/g/n wireless clients.
Page 51: Summary
Use this screen to check whether what you have configured is correct. Click Save to apply your settings and complete the wizard setup. Otherwise, click Prev to return to the previous screen or click Cancel to close the wizard without saving. Figure 27 Wizard: Summary NWA1000 Series User’s Guide...
Page 52: Dashboard
7.2 Dashboard This screen is the first thing you see when you log into the NWA1000 Series. It also appears every time you click the Dashboard icon in the navigation panel. The Dashboard displays general device information, system status, system resource usage, and interface status in widgets that you can re-arrange to suit your needs.
Page 53 This field displays the MAC address of the discovered device. WDS (Wireless Distribution System) Uplink/Downlink Status MAC Address This field displays the MAC address of the root AP or repeater to which the NWA1000 Series is connected using WDS. Radio This field displays the radio number on the root AP or repeater to which the NWA1000 Series is connected using WDS.
Page 54 WDS. System Status System Uptime This field displays how long the NWA1000 Series has been running since it last restarted or was turned on. Current Date/ This field displays the current date and time in the NWA1000 Series. The format is yyyy-mm- Time dd hh:mm:ss.
Page 55: Cpu Usage
This displays the number of detected friendly APs. 7.2.1 CPU Usage Use this screen to look at a chart of the NWA1000 Series’s recent CPU usage. To access this screen, click CPU Usage in the dashboard. NWA1000 Series User’s Guide...
Page 56: Memory Usage
Click this to update the information in the window right away. 7.2.2 Memory Usage Use this screen to look at a chart of the NWA1000 Series’s recent memory (RAM) usage. To access this screen, click Memory Usage in the dashboard.
Page 57 The x-axis shows the time period over which the RAM usage occurred Refresh Interval Enter how often you want this window to be automatically updated. Refresh Now Click this to update the information in the window right away. NWA1000 Series User’s Guide...
Page 58: Monitor
65) displays statistics pertaining to the associated stations. • The WDS Link Info screen (Section 8.6 on page 66) displays statistics about the NWA1000 Series’s WDS (Wireless Distribution System) connections. • The Detected Device screen (Section 8.7 on page 67) displays information about suspected rogue APs.
Page 59: Network Status
Use this screen to look at general Ethernet interface information and packet statistics. To access this screen, click Monitor > Network Status. The screen varies depending on whether the NWA1000 Series has an extra Ethernet port (except the uplink port).
Page 60 Use the Interface Summary section for IPv4 network settings. Use the IPv6 Interface Summary Summary section for IPv6 network settings if you connect your NWA1000 Series to an IPv6 network. Both sections have similar fields as described below. IPv6 Interface...
Page 61: Port Statistics Graph
Use the port statistics graph to look at a line graph of packet statistics for the Ethernet port. To view, click Monitor > Network Status and then the Switch to Graphic View button. This screen is NOT available on the NWA1000 Series that has an extra Ethernet port (except the uplink port).
Page 62: Radio List
Figure 34 Monitor > Wireless > AP Information > Radio List (for NWA1000 Series that supports WDS) Figure 35 Monitor > Wireless > AP Information > Radio List (for NWA1000 Series that doesn’t support WDS) The following table describes the labels in this screen.
Page 63: Ap Mode Radio Information
DESCRIPTION Loading This indicates the AP’s load balance status (UnderLoad or OverLoad) when load balancing is enabled on the NWA1000 Series. Otherwise, it shows - when load balancing is disabled or the radio is in monitor mode. MAC Address This displays the MAC address of the radio.
Page 64 This list shows information about all the wireless clients that have connected to the specified radio over the preceding 24 hours. This is the items sequential number in the list. It has no bearing on the actual data in this list. NWA1000 Series User’s Guide...
Page 65: Station List
MAC Address This is the station’s MAC address. Radio This is the radio number on the NWA1000 Series to which the station is connected. Capability This displays the supported standard currently being used by the station or the standards supported by the station.
Page 66: Wds Link Info
Click this to refresh the items displayed on this page. 8.6 WDS Link Info Use this screen to view the WDS traffic statistics between the NWA1000 Series and a root AP or repeaters. Click Monitor > Wireless > WDS Link Info to access this screen.
Page 67: Detected Device
LABEL DESCRIPTION MAC Address This is the MAC address of the root AP or repeater to which the NWA1000 Series is connected using WDS. Radio This is the radio number on the root AP or repeater to which the NWA1000 Series is connected using WDS.
Page 68 Un-classified AP This shows how many devices are detected, but have not been classified by the NWA1000 Series. Detect Now Click this button for the NWA1000 Series to scan for APs in the network. Detected Device NWA1000 Series User’s Guide...
Page 69: View Log
Configuration > Wireless > Rogue AP screen (Section 10.3 on page 82). Last Seen This indicates the last time the device was detected by the NWA1000 Series. Refresh Click this to refresh the items displayed on this page. 8.8 View Log Log messages are stored in two separate logs, one for regular log messages and one for debugging messages.
Page 70 This field is read-only if the Category is Debug Log. Source Address This displays when you show the filter. Type the source IP address of the incoming packet that generated the log message. Do not include the port in this filter. NWA1000 Series User’s Guide...
Page 71 This field displays the service protocol in the event that generated the log message. Note This field displays any additional information about the log message. The Web Configurator saves the filter settings if you leave the View Log screen and return to it later. NWA1000 Series User’s Guide...
Page 72: Network
192.168.1.1 and the managed IP address of the NWA1000 Series is 192.168.1.2 (default), but if the NWA1000 Series is assigned an IP address by a DHCP server, the default (192.168.1.2) will not be used. The gateway and the NWA1000 Series must belong in the same IP subnet to be able to communicate with each other.
Page 73 IP address is the same for all computers in the network. Gateway Enter the IP address of the gateway. The NWA1000 Series sends packets to the gateway when it does not know how to route the packet to its destination. The gateway should be on the same network as the interface.
Page 74: Vlan
Figure 43 Management VLAN Setup In the figure above, to access and manage the NWA1000 Series from computer A, the NWA1000 Series and switch B’s ports to which computer A and the NWA1000 Series are connected should be in the same VLAN.
Page 75 The VLAN ID associates a frame with a specific VLAN and provides the information that devices need to process the frame across the network. Use this screen to configure the VLAN settings for your NWA1000 Series. To access this screen, click Configuration > Network > VLAN.
Page 76 Enter a VLAN ID for the NWA1000 Series. VLAN ID As Native VLAN Select this option to treat this VLAN ID as a VLAN created on the NWA1000 Series and not one assigned to it from outside the network. LAN Setting...
Page 77: Ncc Discovery
Click Reset to return the screen to its last-saved settings. 9.4 NCC Discovery You can manage the NWA1000 Series through the Zyxel Nebula Control Center (NCC). Use this screen to configure the proxy server settings if the NWA1000 Series is behind a proxy server.
Page 78: Wireless
H A P T E R Wireless 10.1 Overview This chapter discusses how to configure the wireless network settings in your NWA1000 Series. The following figure provides an example of a wireless network. Figure 47 Example of a Wireless Network The wireless network is the part in the blue circle.
Page 79: What You Need To Know
(AP) or you limit the amount of wireless traffic transmitted and received on it so the AP does not become overloaded. 10.2 AP Management Use this screen to manage the NWA1000 Series’s general wireless settings. Click Configuration > Wireless > AP Management to access this screen. NWA1000 Series User’s Guide...
Page 80 Each field is described in the following table. Table 33 Configuration > Wireless > AP Management LABEL DESCRIPTION Radio 1 Setting Radio 1 Activate Select the check box to enable the NWA1000 Series’s first (default) radio. NWA1000 Series User’s Guide...
Page 81 MAC address specified in the Radio 1 Uplink MAC Address field. Max Output Power Enter the maximum output power (between 0 to 30 dBm) of the NWA1000 Series in this field. If there is a high density of APs in an area, decrease the output power of the NWA1000 Series to reduce interference with other APs.
Page 82: Rogue Ap
MAC address specified in the Radio 2 Uplink MAC Address field. Max Output Power Enter the maximum output power (between 0 to 30 dBm) of the NWA1000 Series in this field. If there is a high density of APs in an area, decrease the output power of the NWA1000 Series to reduce interference with other APs.
Page 83 Click the check boxes (Weak Security (Open, WEP, WPA-PSK), Hidden SSID, SSID Classification Rule Keyword) of the characteristics an AP should have for the NWA1000 Series to rule it as a Rogue AP. Click this to add an SSID Keyword.
Page 84: Add/Edit Rogue/Friendly List
Exporting Click this button to export the current list of either rogue APs or friendly APS. Apply Click Apply to save your changes back to the NWA1000 Series. Reset Click Reset to return the screen to its last-saved settings. 10.3.1 Add/Edit Rogue/Friendly List Click Add or select an AP and click the Edit button in the Configuration >...
Page 85: Load Balancing
This allows the station to automatically attempt to connect to another, less burdened AP if one is available. Max Station Enter the threshold number of stations at which the NWA1000 Series begins load balancing Number its connections. Traffic Level Select the threshold traffic level at which the NWA1000 Series begins load balancing its connections (Low, Medium, High).
Page 86: Disassociating And Delaying Connections
If you do not enable this option, then the AP simply delays the connection until it can afford the bandwidth it requires, or it transfers the connection to another AP within its broadcast radius. The disassociation priority is determined automatically by the NWA1000 Series and is as follows: •...
Page 87: Dcs
Figure 53 Kicking a Connection Connections are kicked based on either idle timeout or signal strength. The NWA1000 Series first looks to see which devices have been idle the longest, then starts kicking them in order of highest idle time. If no connections are idle, the next criteria the NWA1000 Series analyzes is signal strength.
Page 88: Technical Reference
Table 37 Configuration > Wireless > DCS (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the NWA1000 Series. Reset Click Reset to return the screen to its last-saved settings. 10.6 Technical Reference The following section contains additional technical information about the features described in this chapter.
Page 89 AP instead limits the incoming connections as a means to maintain bandwidth integrity. There are three kinds of wireless load balancing available on the NWA1000 Series: Load balancing by station number limits the number of devices allowed to connect to your AP. If you know exactly how many stations you want to let connect, choose this option.
Page 90 AP has the bandwidth to spare. If too many people connect and the AP hits its bandwidth cap then all new connections must basically wait for their turn or get shunted to the nearest identical AP. NWA1000 Series User’s Guide...
Page 91: User
The following terms and concepts may help as you read this chapter. User Account A user account defines the privileges of a user logged into the NWA1000 Series. User accounts are used in controlling access to configuration and services in the NWA1000 Series.
Page 92: User Summary
Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings. Remove To remove an entry, select it and click Remove. The NWA1000 Series confirms you want to remove it before doing so. Object Reference Select an entry and click Object Reference to open a screen that shows which settings use the entry.
Page 93 • admin - this user can look at and change the configuration of the NWA1000 Series • limited-admin - this user can look at the configuration of the NWA1000 Series but not to change it • user - this is used for embedded RADIUS server and SNMPv3 user access Password Enter the password of this user account.
Page 94: Setting
This field is not available if the user type is user. Time Type the number of minutes this user can be logged into the NWA1000 Series in one session before the user has to log in again. You can specify 1 to 1440 minutes. You can enter 0 to make the number of minutes unlimited.
Page 95 This is the default reauthentication time in minutes for each type of user account. It defines the number of minutes the user can be logged into the NWA1000 Series in one session before having to log in again. Unlike Lease Time, the user has no opportunity to renew the session without logging out.
Page 96: Edit User Authentication Timeout Settings
To access this screen, go to the Configuration > Object > User > Setting screen, select one of the Default Authentication Timeout Settings entry and click the Edit icon. Figure 61 User > Setting > Edit User Authentication Timeout Settings NWA1000 Series User’s Guide...
Page 97 • admin - this user can look at and change the configuration of the NWA1000 Series. • limited-admin - this user can look at the configuration of the NWA1000 Series but not to change it. Lease Time Enter the number of minutes this type of user account has to renew the current session before the user is logged out.
Page 98: Ap Profile
The following terms and concepts may help as you read this chapter. Wireless Profiles At the heart of all wireless AP configurations on the NWA1000 Series are profiles. A profile represents a group of saved settings that you can use across any number of connected APs. You can set up the following wireless profile types: •...
Page 99: Radio
Authentication is done using an external RADIUS server. 12.2 Radio This screen allows you to create radio profiles for the NWA1000 Series. A radio profile is a list of settings that an NWA1000 Series can use to configure its radio transmitter(s). To access this screen click Configuration >...
Page 100: Add/Edit Radio Profile
Frequency Band This field indicates the frequency band which this radio profile is configured to use. Apply Click Apply to save your changes back to the NWA1000 Series. Reset Click Reset to return the screen to its last-saved settings. 12.2.1 Add/Edit Radio Profile This screen allows you to create a new radio profile or edit an existing one.
Page 101 Table 44 Configuration > Object > AP Profile > Add/Edit Profile LABEL DESCRIPTION Hide / Show Click this to hide or show the Advanced Settings in this window. Advanced Settings General Settings Activate Select this option to make this profile active. NWA1000 Series User’s Guide...
Page 102 If there is a client connected, the NWA1000 Series will not switch channels but generate a log. The NWA1000 Series tries to scan and switch channels again at the end of the specified time interval or at the scheduled time.
Page 103 Select this option to have the NWA1000 Series survey the other APs within its broadcast radius at a specific time on selected days of the week. Start Time Specify the time of the day (in 24-hour format) to have the NWA1000 Series use DCS to automatically scan and find a less-used channel. Week Days Select each day of the week to have the NWA1000 Series use DCS to automatically scan and find a less-used channel.
Page 104 Set a minimum kick-off signal strength. When a wireless client’s signal strength is lower than Station Threshold the specified threshold, the NWA1000 Series disconnects the wireless client from the AP. -20 dBm is the strongest signal you can require and -90 is the weakest.
Page 105: Ssid
If you set Transmission Mode to Fixed Multicast Rate, select a data rate at which the Rate(Mbps) NWA1000 Series transmits multicast packets to wireless clients. For example, to deploy 4 Mbps video, select a fixed multicast rate higher than 4 Mbps.
Page 106: Add/Edit Ssid Profile
Table 45 Configuration > Object > AP Profile > SSID List LABEL DESCRIPTION Click this to add a new SSID profile. This button is not available after you configure the NWA1000 Series using the wizard. Edit Click this to edit the selected SSID profile. Remove Click this to remove the selected SSID profile.
Page 107 MAC filtering allows you to limit the wireless clients connecting to your network through a particular SSID by wireless client MAC addresses. Any clients that have MAC addresses not in the MAC filtering profile of allowed addresses are denied connections. The disable setting means no MAC filtering is used. NWA1000 Series User’s Guide...
Page 108 VLAN ID Enter a VLAN ID for the NWA1000 Series to use to tag traffic originating from this SSID. Hidden SSID Select this if you want to “hide” your SSID from wireless clients. This tells any wireless clients in the vicinity of the AP using this SSID profile not to display its SSID name as a potential connection.
Page 109: Security List
To access this screen click Configuration > Object > AP Profile > SSID > Security List. Note: You can have a maximum of 32 security profiles on the NWA1000 Series. Figure 67 Configuration > Object > AP Profile > SSID > Security List The following table describes the labels in this screen.
Page 110 Chapter 12 AP Profile Note: This screen’s options change based on the Security Mode selected. Only the default screen is displayed here. Figure 68 Configuration > Object > AP Profile > SSID > Security List > Add/Edit Security Profile NWA1000 Series User’s Guide...
Page 111 Select this to have the NWA1000 Series send subscriber status updates to the accounting server at the interval you specify. Interim Update Specify the time interval for how often the NWA1000 Series is to send a subscriber status Interval update to the accounting server.
Page 112 Select Optional if you do not require the wireless clients to support MFP. Management frames will be encrypted if the clients support MFP. Select Required and wireless clients must support MFP in order to join the NWA1000 Series’s wireless network.
Page 113: Mac Filter List
Configuration > Object > AP Profile > SSID > MAC Filter List. Note: You can have a maximum of 32 MAC filtering profiles on the NWA1000 Series. Figure 69 Configuration > Object > AP Profile > SSID > MAC Filter List The following table describes the labels in this screen.
Page 114: Layer-2 Isolation List
APs, computers or routers in a network. In the following example, layer-2 isolation is enabled on the NWA1000 Series to allow a guest wireless client (A) to access the main network router (B). The router provides access to the Internet and the network printer (C) while preventing the client from accessing other computers and servers on the network.
Page 115 MAC addresses that are not listed in the layer-2 isolation table are blocked from communicating with the NWA1000 Series’s wireless clients except for broadcast packets. Layer-2 isolation does not check the traffic between wireless clients that are associated with the same AP. Intra-BSS traffic allows wireless clients associated with the same AP to communicate with each other.
Page 116: Add/Edit Layer-2 Isolation Profile
Note: You need to know the MAC address of each wireless client, AP, computer or router that you want to allow to communicate with the NWA1000 Series's wireless clients. Figure 73 Configuration > Object > AP Profile > SSID > Layer-2 Isolation List > Add/Edit Layer-2 Isolation Profile The following table describes the labels in this screen.
Page 117: Wds Profile
(Section 13.2 on page 117) creates preset WDS configurations that can be used by the NWA1000 Series. 13.2 WDS Profile This screen allows you to manage and create WDS profiles that can be used by the APs. To access this screen, click Configuration >...
Page 118: Add/Edit Wds Profile
Profile Name Enter up to 31 alphanumeric characters for the profile name. WDS SSID Enter the SSID with which you want the NWA1000 Series to connect to a root AP or repeater to form a WDS. Pre-Shared Key Enter a pre-shared key of between 8 and 63 case-sensitive ASCII characters (including spaces and symbols) or 64 hexadecimal characters.
Page 119: Certificates
129) save CA certificates and trusted remote host certificates to the NWA1000 Series. The NWA1000 Series trusts any valid certificate that you have imported as a trusted certificate. It also trusts any valid certificate signed by any of the certificates that you have imported as a trusted certificate.
Page 120 A certification path is the hierarchy of certification authority certificates that validate a certificate. The NWA1000 Series does not trust a certificate if any certificate on its path has expired or been revoked. Certification authorities maintain directory servers with databases of valid and revoked certificates. A directory of certificates that have been revoked before the scheduled expiration is called a CRL (Certificate Revocation List).
Page 121: Verifying A Certificate
14.1.3 Verifying a Certificate Before you import a trusted certificate into the NWA1000 Series, you should verify that you have the correct certificate. You can do this using the certificate’s fingerprint. A certificate’s fingerprint is a message digest calculated using the MD5 or SHA1 algorithm.
Page 122: My Certificates
When the storage space is almost full, you should consider deleting expired or unnecessary certificates before adding more certificates. Click this to go to the screen where you can have the NWA1000 Series generate a certificate or a certification request.
Page 123: Add My Certificates
This field displays the date that the certificate expires. The text displays in red and includes an Expired! message if the certificate has expired. Import Click Import to open a screen where you can save a certificate to the NWA1000 Series. Refresh Click Refresh to display the current validity status of the certificates.
Page 124 Create a certification Select this to have the NWA1000 Series generate and store a request for a certificate. Use request and save it the My Certificate Edit screen to view the certification request and copy it to send to the locally for later certification authority.
Page 125: Edit My Certificates
Click Cancel to quit and return to the My Certificates screen. If you configured the Add My Certificates screen to have the NWA1000 Series enroll a certificate and the certificate enrollment is not successful, you see a screen with a Return button that takes you back to the Add My Certificates screen.
Page 126 Chapter 14 Certificates Figure 78 Configuration > Object > Certificate > My Certificates > Edit NWA1000 Series User’s Guide...
Page 127 Key Algorithm This field displays the type of algorithm that was used to generate the certificate’s key pair (the NWA1000 Series uses RSA encryption) and the length of the key set in bits (1024 bits for example). Subject Alternative This field displays the certificate owner‘s IP address (IP), domain name (DNS) or e-mail...
Page 128: Import Certificates
Click Save in the File Download screen. The Save As screen opens, browse to the location that you want to use and click Save. Click OK to save your changes back to the NWA1000 Series. You can only change the name.
Page 129: Trusted Certificates
Click Configuration > Object > Certificate > Trusted Certificates to open the Trusted Certificates screen. This screen displays a summary list of certificates that you have set the NWA1000 Series to accept as trusted. The NWA1000 Series also accepts any valid certificate signed by a certificate on this list as being trustworthy;...
Page 130: Edit Trusted Certificates
Click Configuration > Object > Certificate > Trusted Certificates and then a certificate’s Edit icon to open the Trusted Certificates Edit screen. Use this screen to view in-depth information about the certificate, change the certificate’s name and set whether or not you want the NWA1000 Series to check a NWA1000 Series User’s Guide...
Page 131 Chapter 14 Certificates certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority. Figure 81 Configuration > Object > Certificate > Trusted Certificates > Edit NWA1000 Series User’s Guide...
Page 132 (along with the end entity’s own certificate). The NWA1000 Series does not trust the end entity’s certificate and displays “Not trusted” in this field if any certificate on the path has expired or been revoked.
Page 133: Import Trusted Certificates
Expiring! or Expired! message if the certificate is about to expire or has already expired. Key Algorithm This field displays the type of algorithm that was used to generate the certificate’s key pair (the NWA1000 Series uses RSA encryption) and the length of the key set in bits (1024 bits for example). Subject Alternative This field displays the certificate’s owner‘s IP address (IP), domain name (DNS) or e-mail...
Page 134: Technical Reference
The second is a reduction in network traffic since the NWA1000 Series only gets information on the certificates that it needs to verify, not a huge list. When the NWA1000 Series requests certificate status information, the OCSP server returns a “expired”, “current” or “unknown”...
Page 135: System
• The FTP screen (Section 15.7 on page 153) specifies FTP server settings. You can upload and download the NWA1000 Series’s firmware and configuration files using FTP. Please also see Chapter 17 on page 170 for more information about firmware and configuration files.
Page 136: Date And Time
(.) are accepted. System Location Specify the name of the place where the NWA1000 Series is located. You can enter up to 60 alphanumeric and '()’ ,:;?! +-*/= #$%@ characters. Spaces and underscores are allowed. The name should start with a letter.
Page 137 When you enter the time settings manually, the NWA1000 Series uses the new setting once you click Apply. New Time...
Page 138 Sync. Now Click this button to have the NWA1000 Series get the time and date from a time server (see the Time Server Address field). This also saves your changes (except the daylight saving settings).
Page 139: Pre-Defined Ntp Time Servers List
15.3.1 Pre-defined NTP Time Servers List When you turn on the NWA1000 Series for the first time, the date and time start at 2003-01-01 00:00:00. The NWA1000 Series then attempts to synchronize with one of the following pre-defined list of Network Time Protocol (NTP) time servers.
Page 140: Www Overview
WAN. HTTPS and SSH access are secure. HTTP, Telnet, and FTP management access are not secure. Figure 86 Secure and Insecure Service Access From the WAN 15.4.1 Service Access Limitations A service cannot be used to access the NWA1000 Series when you have disabled that service in the corresponding screen. 15.4.2 System Timeout There is a lease timeout for administrators.
Page 141: Https
HTTPS on the NWA1000 Series is used so that you can securely access the NWA1000 Series using the Web Configurator. The SSL protocol specifies that the HTTPS server (the NWA1000 Series) must always authenticate itself to the HTTPS client (the computer which requests the HTTPS connection with the NWA1000 Series), whereas the HTTPS client only should authenticate itself when the HTTPS server requires it to do so (select Authenticate Client Certificates in the WWW screen).
Page 142: Https Example
Click Reset to return the screen to its last-saved settings. 15.4.5 HTTPS Example If you haven’t changed the default HTTPS port on the NWA1000 Series, then in your browser enter “https://NWA1000 Series IP Address/” as the web site address where “NWA1000 Series IP Address” is the IP address or domain name of the NWA1000 Series you wish to access.
Page 143 Chapter 15 System 15.4.5.1 Google Chrome Warning Messages When you attempt to access the NWA1000 Series HTTPS server, you will see the error message shown in the following screen. Figure 89 Security Alert Dialog Box (Google Chrome) Select Advanced > Proceed to 192.168.1.2 (unsafe) to proceed to the Web Configurator login screen.
Page 144 The SSL client needs a certificate if Authenticate Client Certificates is selected on the NWA1000 Series. You must have imported at least one trusted CA to the NWA1000 Series in order for the Authenticate Client Certificates to be active (see the Certificates chapter for details).
Page 145 You need a password in advance. The CA may issue the password or you may have to specify it during the enrollment. Double-click the personal certificate given to you by the CA to produce a screen similar to the one shown next. Click Next to begin the wizard. NWA1000 Series User’s Guide...
Page 146 The file name and path of the certificate you double-clicked should automatically appear in the File name text box. Click Browse if you wish to import a different certificate. Enter the password given to you by the CA. NWA1000 Series User’s Guide...
Page 147 Click Finish to complete the wizard and begin the import process. You should see the following screen when the certificate is correctly installed on your computer. NWA1000 Series User’s Guide...
Page 148: Ssh
When Authenticate Client Certificates is selected on the NWA1000 Series, the following screen asks you to select a personal certificate to send to the NWA1000 Series. This screen displays even if you only have a single certificate as in the example.
Page 149: How Ssh Works
The client encrypts a randomly generated session key with the host key and server key and sends the result back to the server. The client automatically saves any new server public keys. In subsequent connections, the server public key is checked against the saved version on the client computer. NWA1000 Series User’s Guide...
Page 150: Ssh Implementation On The Nwa1000 Series
15.5.2 SSH Implementation on the NWA1000 Series Your NWA1000 Series supports SSH versions 1 and 2 using RSA authentication and four encryption methods (AES, 3DES, Archfour, and Blowfish). The SSH server is implemented on the NWA1000 Series for management using port 22 (by default).
Page 151: Examples Of Secure Telnet Using Ssh
Enter the password to log in to the NWA1000 Series. The CLI screen displays next. 15.5.5.2 Example 2: Linux This section describes how to access the NWA1000 Series using the OpenSSH client program that comes with most Linux distributions. NWA1000 Series User’s Guide...
Page 152: Telnet
Enter “ssh –2 192.168.1.2”. This command forces your computer to connect to the NWA1000 Series using SSH version 1. If this is the first time you are connecting to the NWA1000 Series using SSH, a message displays prompting you to save the host information of the NWA1000 Series. Type “yes” and press [ENTER].
Page 153: Ftp
Click Reset to return the screen to its last-saved settings. 15.7 FTP You can upload and download the NWA1000 Series’s firmware and configuration files using FTP. To use this feature, your computer must have an FTP client. See Chapter 17 on page 170 for more information about firmware and configuration files.
Page 154: Snmp
An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the NWA1000 Series). An agent translates the local management information from the managed device into a form compatible with SNMP.
Page 155: Supported Mibs
You can download the NWA1000 Series’s MIBs from www.zyxel.com. 15.8.2 SNMP Traps The NWA1000 Series will send traps to the SNMP manager when any one of the following events occurs. Table 69 SNMP Traps OBJECT LABEL...
Page 156: Adding Or Editing An Snmpv3 User Profile
Type the IP address of the station to send your SNMP traps to. Trap Wireless Select this to have the NWA1000 Series send a trap to the SNMP manager when a wireless Event client is connected to or disconnected from the NWA1000 Series.
Page 157 Select the user name of the user account for which this SNMPv3 user profile is configured. Authentication Select the type of authentication the SNMPv3 user must use to connect to the NWA1000 Series using this SNMPv3 user profile. Select MD5 to require the SNMPv3 user’s password be encrypted by MD5 for authentication.
Page 158: Log And Report
Note: Data collection may decrease the NWA1000 Series’s traffic throughput rate. Click Configuration > Log & Report > Email Daily Report to display the following screen. Configure this screen to have the NWA1000 Series e-mail you system statistics every day. NWA1000 Series User’s Guide...
Page 159 Table 72 Configuration > Log & Report > Email Daily Report LABEL DESCRIPTION Enable Email Select this to send reports by e-mail every day. Daily Report Mail Server Type the name or IP address of the outgoing SMTP server. NWA1000 Series User’s Guide...
Page 160: Log Setting
Usually, alerts are used for events that require more serious attention, such as system errors and attacks. The NWA1000 Series provides a system log and supports e-mail profiles and remote syslog servers. The system log is available on the View Log screen, the e-mail profiles are used to mail log messages to the specified destinations, and the other four logs are stored on specified syslog servers.
Page 161: Log Setting Screen
This field is a sequential value, and it is not associated with a specific log. Status This field shows whether the log is active or not. Name This field displays the name of the log (system log or one of the remote servers). NWA1000 Series User’s Guide...
Page 162: Edit System Log Settings
16.3.2 Edit System Log Settings This screen controls the detailed settings for each log in the system log (which includes the e-mail profiles). Select a system log entry in the Log Setting screen and click the Edit icon. NWA1000 Series User’s Guide...
Page 163 Chapter 16 Log and Report Figure 105 Configuration > Log & Report > Log Setting > Edit System Log Setting NWA1000 Series User’s Guide...
Page 164 Mail Subject Type the subject line for the outgoing e-mail. Select Append system name to add the NWA1000 Series’s system name to the subject. Select Append date time to add the NWA1000 Series’s system date and time to the subject.
Page 165 Select whether each category of events should be included in the log messages when it is e-mailed (green check mark) and/or in alerts (red exclamation point) for the e-mail settings specified in E-Mail Server 1. The NWA1000 Series does not e-mail debugging information, even if it is recorded in the System log.
Page 166: Edit Remote Server
This screen controls the settings for each log in the remote server (syslog). Select a remote server entry in the Log Setting screen and click the Edit icon. Figure 106 Configuration > Log & Report > Log Setting > Edit Remote Server NWA1000 Series User’s Guide...
Page 167: Active Log Summary
It does not let you change other log settings (for example, where and how often log information is e-mailed or remote server names). To access this screen, go to the Log Setting screen, and click the Active Log Summary button. NWA1000 Series User’s Guide...
Page 168 1 or 2. enable normal logs (green check mark) - create log messages and alerts for all categories for the system log. If e-mail server 1 or 2 also has normal logs enabled, the NWA1000 Series will e- mail logs to them.
Page 169 (green check mark) and/or in alerts (red exclamation point) for the e-mail settings specified in E-Mail Server 1. The NWA1000 Series does not e-mail debugging information, even if it is recorded in the System log. E-mail Server 2 E-...
Page 170: File Manager
Configuration files define the NWA1000 Series’s settings. Shell scripts are files of commands that you can store on the NWA1000 Series and run when you need them. You can apply a configuration file or run a shell script without the NWA1000 Series restarting. You can store multiple configuration files and shell script files on the NWA1000 Series.
Page 171: Configuration File
When you apply a configuration file or run a shell script, the NWA1000 Series processes the file line-by- line. The NWA1000 Series checks the first line and applies the line if no errors are detected. Then it continues with the next line. If the NWA1000 Series finds an error, it stops applying the configuration file or shell script and generates a log.
Page 172 NWA1000 Series’s default settings. • If there is a startup-config.conf, the NWA1000 Series checks it for errors and applies it. If there are no errors, the NWA1000 Series uses it and copies it to the lastgood.conf configuration file as a back up file.
Page 173 LABEL DESCRIPTION Rename Use this button to change the label of a configuration file on the NWA1000 Series. You can only rename manually saved configuration files. You cannot rename the lastgood.conf, system- default.conf and startup-config.conf files. You cannot rename a configuration file to the name of another configuration file in the NWA1000 Series.
Page 174 Use this button to have the NWA1000 Series use a specific configuration file. Click a configuration file’s row to select it and click Apply to have the NWA1000 Series use that configuration file. The NWA1000 Series does not have to restart in order to use a different configuration file, although you will need to wait for a few minutes while the system reconfigures.
Page 175: Example Of Configuration File Download Using Ftp
Connect your computer to the NWA1000 Series. The FTP server IP address of the NWA1000 Series in standalone mode is 192.168.1.2, so set your computer to use a static IP address from 192.168.1.3 ~192.168.1.254.
Page 176: Firmware Package
Click Maintenance > File Manager > Firmware Package to open this screen. Use the Firmware Package screen to check your current firmware version and upload firmware to the NWA1000 Series. Note: The Web Configurator is the recommended method for uploading firmware. You only need to use the command line interface if you need to recover the firmware.
Page 177: Example Of Firmware Upload Using Ftp
The following table describes the labels in this screen. Table 79 Maintenance > File Manager > Firmware Package LABEL DESCRIPTION Boot This is the version of the boot module that is currently on the NWA1000 Series. Module Current This is the firmware version and the date created. Version Released This is the date that the version of the firmware was created.
Page 178: Shell Script
10 Enter “quit” to exit the ftp prompt. 17.4 Shell Script Use shell script files to have the NWA1000 Series use commands that you specify. Use a text editor to create the shell script files. They must use a “.zysh” filename extension.
Page 179 Use this button to have the NWA1000 Series use a specific shell script file. Click a shell script file’s row to select it and click Apply to have the NWA1000 Series use that shell script file. You may need to wait awhile for the NWA1000 Series to finish applying the commands.
Page 180 Table 80 Maintenance > File Manager > Shell Script (continued) LABEL DESCRIPTION Browse... Click Browse... to find the .zysh file you want to upload. Upload Click Upload to begin the upload process. This process may take up to several minutes. NWA1000 Series User’s Guide...
Page 181: Diagnostics
18.2 Diagnostics This screen provides an easy way for you to generate a file containing the NWA1000 Series’s configuration and diagnostic information. You may need to generate this file and send it to customer support during troubleshooting.
Page 182 Maintenance > File Manager > Shell Script screen. Collect Now Click this to have the NWA1000 Series create a new diagnostic file. Download Click this to save the most recent diagnostic file to a computer.
Page 183: Leds
19.1 Overview The LEDs of your NWA1000 Series can be controlled such that they stay lit (ON) or OFF after the NWA1000 Series is ready. There are two features that control the LEDs of your NWA1000 Series - Locator and Suppression.
Page 184: Locator Screen
DESCRIPTION Suppression On If the Suppression On check box is checked, the LEDs of your NWA1000 Series will turn off after it’s ready. If the check box is unchecked, the LEDs will stay lit after the NWA1000 Series is ready.
Page 185 DESCRIPTION Turn On Click Turn On button to activate the locator. The Locator function will show the actual location of the NWA1000 Series between several devices in the network. Turn Off Otherwise, click Turn Off to disable the locator feature.
Page 186: Antenna Switch
Positioning the antennas properly increases the range and coverage area of a wireless LAN. On the NWA1000 Series that comes with internal antennas and also has an antenna switch, you can adjust coverage depending on the orientation of the antenna for the NWA1000 Series radios using the web configurator, the command line interface (CLI) or a physical switch.
Page 187 Select Wall if you mount the NWA1000 Series to a wall. Select Ceiling if the NWA1000 Series is mounted on a ceiling. You can switch from Wall to Ceiling if there are still wireless dead zones, and vice versa.
Page 188: Reboot
Figure 118 Maintenance > Reboot Click the Reboot button to restart the NWA1000 Series. Wait a few minutes until the login screen appears. If the login screen does not appear, type the IP address of the device in your Web browser.
Page 189: Shutdown
To access this screen, click Maintenance > Shutdown. Figure 119 Maintenance > Shutdown Click the Shutdown button to shut down the NWA1000 Series. Wait for the device to shut down before you manually turn off or remove the power. It does not turn off the power.
Page 190: Local Management In Cloud Mode
Local Management in Cloud Mode...
Page 191: Cloud Mode
23.2 Ways to Manage the NWA1000 Series You can use the following ways to manage the NWA1000 Series. If you need to change the NWA1000 Series’s VLAN setting or manually set its IP address before connecting it to the Internet, use its built-in Web Configurator.
Page 192: Good Habits For Managing The Nwa1000 Series
See the NCC User’s Guide for more information. 23.3 Good Habits for Managing the NWA1000 Series Do the following things regularly to make the NWA1000 Series more secure and to manage it more effectively. • Change the system password through the NCC often. Use a password that’s not easy to guess and that consists of different types of characters, such as numbers and letters.
Page 193: The Web Configurator
24.2 Access Make sure your NWA1000 Series hardware is properly connected. See the Quick Start Guide. Make sure your computer’s IP address is in the same subnet as the NWA1000 Series’s IP address. Browse to http://(NWA1000 Series’s IP address). See Section 23.1 on page 191...
Page 194: Navigating The Web Configurator
Help Click this to open the help page for the current screen. About Click this to display basic information about the NWA1000 Series. nebula Click this to open the NCC web site login page in a new tab or window.
Page 195: Navigation Panel
Click this to close the screen. 24.3.2 Navigation Panel Use the menu items on the navigation panel to open screens to configure NWA1000 Series features. Click the arrow in the middle of the right edge of the navigation panel to hide the navigation panel menus or drag it to resize them.
Page 196: Warning Messages
For details on the Dashboard’s features, see Chapter 25 on page 197. Configuration Menu Use the configuration menu screens to configure the NWA1000 Series’s features. Table 86 Configuration Menu Screens Summary FOLDER OR LINK FUNCTION Network IP Setting Configure the IP address for the NWA1000 Series Ethernet interface.
Page 197: Dashboard
25.2 Dashboard This screen is the first thing you see when you log into the NWA1000 Series. It also appears every time you click the Dashboard icon in the navigation panel. The Dashboard displays general AP information, and client information in widgets that you can re-arrange to suit your needs.
Page 198 This field displays the model name of the NWA1000 Series. 2.4G Channel This field displays the channel number the NWA1000 Series is using and its output power in Information the 2.4 GHz spectrum. This shows Not activated if the wireless LAN is disabled.
Page 199: Network
192.168.1.1 and the managed IP address of the NWA1000 Series is 192.168.1.2 (default), but if the NWA1000 Series is assigned an IP address by a DHCP server, the default (192.168.1.2) will not be used. The gateway and the NWA1000 Series must belong in the same IP subnet to be able to communicate with each other.
Page 200 Enter the IP address of the DNS server. Address Use Proxy to Access If the NWA1000 Series is behind a proxy server, you need to select this option and configure Internet the proxy server settings so that the NWA1000 Series can access the NCC through the proxy server.
Page 201: Vlan
Figure 128 Management VLAN Setup In the figure above, to access and manage the NWA1000 Series from computer A, the NWA1000 Series and switch B’s ports to which computer A and the NWA1000 Series are connected should be in the same VLAN.
Page 202 Management Enter a VLAN ID for the NWA1000 Series. VLAN ID Untagged/ Set whether the NWA1000 Series adds the VLAN ID to outbound traffic transmitted through Tagged its Ethernet port. Apply Click Apply to save your changes back to the NWA1000 Series.
Page 203: Troubleshooting
27.2 Power, Hardware Connections, and LED The NWA1000 Series does not turn on. The LED is not on. Make sure you are using the power adaptor included with the NWA1000 Series or a PoE power injector/ switch. Make sure the power adaptor or PoE power injector/switch is connected to the NWA1000 Series and plugged in to an appropriate power source.
Page 204: Nwa1000 Series Access And Login
Section 27.6 on page 210. If your NWA1000 Series is a DHCP client, you can find your IP address from the DHCP server. This information is only available from the DHCP server which allocates IP addresses on your network. Find this information directly from the DHCP server or contact your system administrator for more information.
Page 205 You cannot log in to the web configurator while someone is using Telnet to access the NWA1000 Series. Log out of the NWA1000 Series in the other session, or ask the person who is logged in to log out. Disconnect and re-connect the power adaptor or PoE power injector to the NWA1000 Series.
Page 206: Internet Access
Internet, especially peer-to-peer applications. Check the signal strength. If the signal is weak, try moving the NWA1000 Series closer to the NWA1000 Series (if possible), and look around to see if there are any devices that might be interfering with the wireless network (microwaves, other wireless networks, and so on).
Page 207: Wireless Connections
Make sure the wireless LAN (wireless radio) is enabled on the NWA1000 Series. Make sure the radio or at least one of the NWA1000 Series’s radios is operating in AP mode. Make sure the wireless adapter (installed on your computer) is working properly.
Page 208 • Include write commands in your scripts. Otherwise the changes will be lost when the NWA1000 Series restarts. You could use multiple write commands in a long script. Note: “exit” or “!'” must follow sub commands if it is to make the NWA1000 Series exit sub command mode.
Page 209 How do I remove the NWA1123-AC PRO indoor AP from its mounting bracket? • Find the down arrow close to the Ethernet ports, then use a thin flat tool (for example, a flat screw driver) to lift up a clip beneath 5GHz LED. NWA1000 Series User’s Guide...
Page 210: Resetting The Nwa1000 Series
27.6 Resetting the NWA1000 Series If you cannot access the NWA1000 Series by any method, try restarting it by turning the power off and then on again. If you still cannot access the NWA1000 Series by any method or you forget the administrator password(s), you can reset the NWA1000 Series to its factory-default settings.
Page 211: Getting More Troubleshooting Help
Release the RESET button, and wait for the NWA1000 Series to restart. You should be able to access the NWA1000 Series using the default settings. 27.7 Getting More Troubleshooting Help Search for support information for your model at www.zyxel.com for more troubleshooting suggestions.
Page 212: Appendix A Importing Certificates
Many Zyxel products, such as the NWA1000 Series, issue their own public key certificates. These can be used by web browsers on a LAN or WAN to verify that they are in fact connecting to the legitimate device and not one masquerading as it.
Page 213 Appendix A Importing Certificates Export a Certificate If your device’s Web Configurator is set to use SSL certification, then the first time you browse to it, you are presented with a certification error. NWA1000 Series User’s Guide...
Page 214 Appendix A Importing Certificates Click Advanced > Proceed to x.x.x.x (unsafe). In the Address Bar, click Not Secure > Certificate (Invalid). NWA1000 Series User’s Guide...
Page 215 Appendix A Importing Certificates In the Certificate dialog box, click Details > Copy to File. In the Certificate Export Wizard, click Next. NWA1000 Series User’s Guide...
Page 216 Appendix A Importing Certificates Select the format and settings you want to use and then click Next. Type a filename and specify a folder to save the certificate in. Click Next. NWA1000 Series User’s Guide...
Page 217 In the Completing the Certificate Export Wizard screen, click Finish. Finally, click OK when presented with the successful certificate export message. Import a Certificate After storing the certificate in your computer, you need to import it in trusted root certification authorities using the following steps: NWA1000 Series User’s Guide...
Page 218 Appendix A Importing Certificates Open your browser, click the menu icon, and click Settings. Scroll down and click Advanced to expand the menu. Under Privacy and security, click Manage certificates. NWA1000 Series User’s Guide...
Page 219 Appendix A Importing Certificates In the Certificates pop-up screen, click Trusted Root Certification Authorities. Click Import to start the Certificate Import Wizard. Click Next, and then click Browse. NWA1000 Series User’s Guide...
Page 220 Appendix A Importing Certificates Select the certificate file you want to import and click Open. Click Next. NWA1000 Series User’s Guide...
Page 221 Appendix A Importing Certificates Confirm the settings displayed and click Finish. If presented with a security warning, click Yes. NWA1000 Series User’s Guide...
Page 222 Install a Stand-Alone Certificate File Rather than installing a public key certificate using browser settings, you can install a stand-alone certificate file if one has been issued to you. Double-click the public key certificate file. Click Install Certificate. NWA1000 Series User’s Guide...
Page 223 Appendix A Importing Certificates Click Next on the first wizard screen, click Place all certificates in the following store, and click Browse. Select Trusted Root Certificate Authorities > OK, and then click Next. NWA1000 Series User’s Guide...
Page 224 Appendix A Importing Certificates Confirm the information shown on the final wizard screen and click Finish. If presented with a security warning, click Yes. NWA1000 Series User’s Guide...
Page 225 Finally, click OK when you are notified of the successful import. Remove a Certificate in Google Chrome This section shows you how to remove a public key certificate in Google Chrome on Windows 7. Open your browser, click the menu icon, and click Settings. NWA1000 Series User’s Guide...
Page 226 Appendix A Importing Certificates Scroll down and click Advanced to expand the menu. Under Privacy and security, click Manage certificates. In the Certificates pop-up screen, click Trusted Root Certification Authorities. NWA1000 Series User’s Guide...
Page 227 Confirm the details displayed in the warning message and click Yes. Firefox The following example uses Mozilla Firefox on Windows 7. You first have to store the certificate in your computer and then install it as a Trusted Root CA, as shown in the following tutorials. NWA1000 Series User’s Guide...
Page 228 Appendix A Importing Certificates Export a Certificate If your device’s Web Configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error. Click Advanced. Click View Certificate. NWA1000 Series User’s Guide...
Page 229 Appendix A Importing Certificates Click Details > Export. Type a filename and click Save. Import a Certificate After storing the certificate in your computer, you need to import it in trusted root certification authorities using the following steps: NWA1000 Series User’s Guide...
Page 230 Appendix A Importing Certificates Open Firefox and click Tools > Options. In the Options page, click Privacy and Security, scroll to the bottom of the page, and then click View Certificates. NWA1000 Series User’s Guide...
Page 231 Appendix A Importing Certificates In the Certificate Manager, click Authorities > Import. Use the Select File dialog box to locate the certificate and then click Open. NWA1000 Series User’s Guide...
Page 232 Appendix A Importing Certificates Select Trust this CA to identify websites and click OK. Removing a Certificate in Firefox This section shows you how to remove a public key certificate in Firefox. Open Firefox and click Tools > Options. NWA1000 Series User’s Guide...
Page 233 In the Options page, click Privacy and Security, scroll to the bottom of the page, and then click View Certificates. In the Certificate Manager, click Authorities and select the certificate you want to remove, Click Delete or Distrust.. NWA1000 Series User’s Guide...
Page 234 Appendix A Importing Certificates In the following dialog box, click OK. The next time you go to the web site that issued the public key certificate you just removed, a certification error appears. NWA1000 Series User’s Guide...
Page 235: Appendix B Ipv6
54 bits 64 bits Global Address A global address uniquely identifies a device on the Internet. It is similar to a “public IP address” in IPv4. A global unicast address starts with a 2 or 3. NWA1000 Series User’s Guide...
Page 236 The following table describes the multicast addresses which are reserved and can not be assigned to a multicast group. Table 92 Reserved Multicast Address MULTICAST ADDRESS FF00:0:0:0:0:0:0:0 FF01:0:0:0:0:0:0:0 FF02:0:0:0:0:0:0:0 FF03:0:0:0:0:0:0:0 FF04:0:0:0:0:0:0:0 FF05:0:0:0:0:0:0:0 FF06:0:0:0:0:0:0:0 FF07:0:0:0:0:0:0:0 FF08:0:0:0:0:0:0:0 FF09:0:0:0:0:0:0:0 FF0A:0:0:0:0:0:0:0 FF0B:0:0:0:0:0:0:0 FF0C:0:0:0:0:0:0:0 FF0D:0:0:0:0:0:0:0 FF0E:0:0:0:0:0:0:0 FF0F:0:0:0:0:0:0:0 NWA1000 Series User’s Guide...
Page 237 When IPv6 is enabled on a device, its interface automatically generates a link-local address (beginning with fe80). When the interface is connected to a network with a router and the NWA1000 Series is set to automatically obtain an IPv6 network prefix from the router for the interface, it generates another address which combines its interface ID and global and subnet information advertised from the router.
Page 238 LAN. The NWA1000 Series uses the received IPv6 prefix (for example, 2001:db2::/48) to generate its LAN IP address. Through sending Router Advertisements (RAs) regularly by multicast, the NWA1000 Series passes the IPv6 prefix information to its LAN hosts. The hosts then can use the prefix to generate their IPv6 addresses.
Page 239 When the NWA1000 Series needs to send a packet, it first consults the destination cache to determine the next hop. If there is no matching entry in the destination cache, the NWA1000 Series uses the prefix list to determine whether the destination address is on-link and can be reached directly without passing through a router.
Page 240 DHCPv6 client software on your Windows XP. (Note: If you use static IP addresses or Router Advertisement for IPv6 address assignment in your network, ignore this section.) This example uses Dibbler as the DHCPv6 client. To enable DHCPv6 client on your computer: NWA1000 Series User’s Guide...
Page 241 Now your computer can obtain an IPv6 address from a DHCPv6 server. Example - Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default. DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer. To enable IPv6 in Windows 7: NWA1000 Series User’s Guide...
Page 242 IPv4 Address... : 172.16.100.61 Subnet Mask ... : 255.255.255.0 Default Gateway ..: fe80::213:49ff:feaa:7125%11 172.16.100.254 NWA1000 Series User’s Guide...
Page 243: Appendix C Customer Support
• Brief description of the problem and the steps you took to solve it. Corporate Headquarters (Worldwide) Taiwan • Zyxel Communications Corporation • https://www.zyxel.com Asia China • Zyxel Communications (Shanghai) Corp. Zyxel Communications (Beijing) Corp. Zyxel Communications (Tianjin) Corp. • https://www.zyxel.com/cn/zh/ India • Zyxel Technology India Pvt Ltd • https://www.zyxel.com/in/en/ Kazakhstan •...
Page 244 • Zyxel Singapore Pte Ltd. • http://www.zyxel.com.sg Taiwan • Zyxel Communications Corporation • https://www.zyxel.com/tw/zh/ Thailand • Zyxel Thailand Co., Ltd • https://www.zyxel.com/th/th/ Vietnam • Zyxel Communications Corporation-Vietnam Office • https://www.zyxel.com/vn/vi Europe Belarus • Zyxel BY • https://www.zyxel.by Belgium • Zyxel Communications B.V. • https://www.zyxel.com/be/nl/...
Page 245 Appendix C Customer Support • https://www.zyxel.com/be/fr/ Bulgaria • Zyxel България • https://www.zyxel.com/bg/bg/ Czech Republic • Zyxel Communications Czech s.r.o • https://www.zyxel.com/cz/cs/ Denmark • Zyxel Communications A/S • https://www.zyxel.com/dk/da/ Estonia • Zyxel Estonia • https://www.zyxel.com/ee/et/ Finland • Zyxel Communications • https://www.zyxel.com/fi/fi/ France •...
Page 246 • Zyxel Communications Poland • https://www.zyxel.com/pl/pl/ Romania • Zyxel Romania • https://www.zyxel.com/ro/ro Russia • Zyxel Russia • https://www.zyxel.com/ru/ru/ Slovakia • Zyxel Communications Czech s.r.o. organizacna zlozka • https://www.zyxel.com/sk/sk/ Spain • Zyxel Communications ES Ltd • https://www.zyxel.com/es/es/ Sweden • Zyxel Communications • https://www.zyxel.com/se/sv/ Switzerland •...
Page 247 Appendix C Customer Support Turkey • Zyxel Turkey A.S. • https://www.zyxel.com/tr/tr/ • Zyxel Communications UK Ltd. • https://www.zyxel.com/uk/en/ Ukraine • Zyxel Ukraine • http://www.ua.zyxel.com South America Argentina • Zyxel Communications Corporation • https://www.zyxel.com/co/es/ Brazil • Zyxel Communications Brasil Ltda. • https://www.zyxel.com/br/pt/ Colombia •...
Page 248 Appendix C Customer Support Middle East • Zyxel Communications Corporation • https://www.zyxel.com/me/en/ North America • Zyxel Communications, Inc. - North America Headquarters • https://www.zyxel.com/us/en/ Oceania Australia • Zyxel Communications Corporation • https://www.zyxel.com/au/en/ Africa South Africa • Nology (Pty) Ltd. • https://www.zyxel.com/za/en/...
Page 249: Appendix D Legal Information
Zyxel further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice. Your use of the NWA1000 Series is subject to the terms and conditions of any related service providers. Trademarks Trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
Page 250 énumérés ci-dessous et ayant un gain admissible maximal et l'impédance requise pour chaque type d'antenne. Les types d'antenne non inclus dans cette liste, ou dont le gain est supérieur au gain maximal indiqué, sont strictement interdits pour l'exploitation de l'émetteur. NWA1000 Series User’s Guide...
Page 251 (iii) le gain maximal d’antenne permis (pour les dispositifs utilisant la bande 5725-5825 MHz) doit se conformer à la limite de p.i.r.e. spécifiée pour l’exploitation point à point et non point à point, selon le cas. NWA1000 Series User’s Guide...
Page 252 Por medio de la presente Zyxel declara que el equipo cumple con los requisitos esenciales y cualesquiera otras (Spanish) disposiciones aplicables o exigibles de la Directiva 2014/53/UE.. Čeština Zyxel tímto prohlašuje, že tento zařízení je ve shodě se základními požadavky a dalšími příslušnými ustanoveními směrnice (Czech) 2014/53/EU. NWA1000 Series User’s Guide...
Page 253 Erklærer herved Zyxel at dette utstyret er I samsvar med de grunnleggende kravene og andre relevante bestemmelser I (Norwegian) direktiv 2014/53/EU. Notes: 1. Although Norway, Switzerland and Liechtenstein are not EU member states, the EU Directive 2014/53/EU has also been implemented in those countries. NWA1000 Series User’s Guide...
Page 254 Network standby power consumption < 8W, and/or Off mode power consumption < 0.5W, and/or Standby mode power consumption < 0.5W. For wireless setting, please refer to Chapter 10 on page 78 chapter for more detail. NWA1000 Series User’s Guide...
Page 255 電磁波曝露量 MPE 標準值 1mW/cm2，送測產品 (NWA1123-AC HD) 實測值為：0.685 mW/cm2 本產品使用時建議應距離人體 20 cm 電磁波曝露量 MPE 標準值 1mW/cm2，送測產品 (NWA1302-AC) 實測值為：0.109 mW/cm2 本產品使用時建議應距離人體 20 cm 無線資訊傳輸設備忍受合法通信之干擾且不得干擾合法通信；如造成干擾，應立即停用，俟無干擾之虞，始得繼續使用。無線資訊傳輸設備的製造廠商應確保頻率穩定性，如依製造廠商使用手冊上所述正常操作，發射的信號應維持於操作頻帶中。無線資訊傳輸設備必須具備安全功能，以保護未經授權之一方任意更改軟體進而避免發射機操作於非經認證之頻率、輸出功率、調變形式或其他射頻參數設定。使用無線產品時，應避免影響附近雷達系統之操作。若使用高增益指向性天線，該產品僅應用於固定式點對點系統。安全警告為了您的安全，請先閱讀以下警告及指示 : • 請勿將此產品接近水、火焰或放置在高溫的環境。 • 避免設備接觸任何液體 - 切勿讓設備接觸水、雨水、高濕度、污水腐蝕性的液體或其他水份。 • 灰塵及污物 - 切勿接觸灰塵、污物、沙土、食物或其他不合適的材料。 NWA1000 Series User’s Guide...
Page 256 To obtain the services of this warranty, contact your vendor. You may also refer to the warranty policy for the region in which you bought the device at http://www.zyxel.com/web/support_warranty_info.php. Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com. NWA1000 Series User’s Guide...
Page 257 You can download the latest firmware at www.zyxel.com. If you cannot find it there, contact your vendor or Zyxel Technical Support at support@zyxel.com.tw. To obtain the source code covered under those Licenses, please contact your vendor or Zyxel Technical Support at support@zyxel.com.tw. NWA1000 Series User’s Guide...
Page 258: Index
Web Configurator Common Event Format (CEF) and certificates 162, 167 comparison table CA (Certificate Authority), see certificates configuration CEF (Common Event Format) 162, 167 information Certificate Authority (CA) configuration files see certificates NWA1000 Series User’s Guide...
Page 259 HTTPS dual radios vs HTTPS dual-radio application HTTPS dynamic channel selection and certificates authenticating clients avoiding warning messages example vs HTTP with Internet Explorer e-mail with Netscape Navigator daily statistics report encryption NWA1000 Series User’s Guide...
Page 260 34, 193 Management Information Base (MIB) JavaScripts 154, 155 34, 193 management mode managing the device good habits 32, 192 using FTP. See FTP. MBSSID key pairs memory usage 53, 56 message bar 43, 196 messages NWA1000 Series User’s Guide...
Page 261 Service Set Identifier see SSID shell scripts downloading editing how applied radio managing reboot 32, 188 syntax vs reset uploading Reference Guide, CLI shutdown 33, 189 registration vs reset product Simple Certificate Enrollment Protocol (SCEP) remote management NWA1000 Series User’s Guide...
Page 262 95, 97 syslog 162, 167 default reauthentication time 95, 97 syslog servers, see also logs lease time limited-admin (type) system log, see logs lockout system name 53, 136 reauthentication time system uptime types of NWA1000 Series User’s Guide...
Page 263 Wireless Distribution System (WDS) wireless LAN Wireless network overview wireless network example wireless profile layer-2 isolation MAC filtering radio security SSID wireless repeater wireless security 13, 207 wireless station Wizard Setup WLAN interface NWA1000 Series User’s Guide...

This manual is also suitable for:

Nwa1123-acv2 Nwa1123-ac pro Nwa1123-ac hd Nwa1302-ac

ZyXEL Communications NWA1000 Series User Manual

Chapter 1 Introduction

Chapter 2 Management Modes

Chapter 3 Hardware

Chapter 4 Standalone Mode

Chapter 6 Setup Wizard

Chapter 7 Dashboard

Chapter 8 Monitor

Chapter 9 Network

Chapter 10 Wireless

Chapter 11 User

Chapter 12 AP Profile

Chapter 13 WDS Profile

Chapter 14 Certificates

Chapter 16 Log and Report

Chapter 17 File Manager

Chapter 18 Diagnostics

Chapter 19 Leds

Chapter 20 Antenna Switch

Chapter 21 Reboot

Chapter 22 Shutdown

Chapter 23 Cloud Mode

Chapter 24 The Web Configurator

Chapter 25 Dashboard

Chapter 26 Network

Chapter 27 Troubleshooting

Appendix A Importing Certificates

Appendix B Ipv6

Appendix C Customer Support

Appendix D Legal Information

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications NWA1000 Series

Summary of Contents for ZyXEL Communications NWA1000 Series