ZyXEL Communications G-3000 User Manual

ZyXEL Communications G-3000 User Manual

802.11b/g wireless access point
Hide thumbs Also See for G-3000:
Table of Contents

Advertisement

G-3000 Series
802.11b/g Wireless Access Point
User's Guide
Version 3.60
10/2006
Edition 1
www.zyxel.com

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the G-3000 and is the answer not in the manual?

Questions and answers

Summary of Contents for ZyXEL Communications G-3000

  • Page 1 G-3000 Series 802.11b/g Wireless Access Point User’s Guide Version 3.60 10/2006 Edition 1 www.zyxel.com...
  • Page 3: About This User's Guide

    About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the ZyXEL Device using the web configurator. A basic knowledge of TCP/IP networking concepts and topology will be helpful but is not necessary.
  • Page 4: Document Conventions

    Syntax Conventions • The G-3000 or G-3000H may be referred to as the “ZyXEL Device”, the “device”, the “product” or the “system” in this User’s Guide. • Product labels, screen names, field labels and field choices are all in bold font.
  • Page 5 Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Computer Notebook computer Server DSLAM Firewall Telephone Switch Router...
  • Page 6: Safety Warnings

    • If you wall mount your device, make sure that no electrical lines, gas or water pipes will be damaged. • The PoE (Power over Ethernet) devices that supply or receive power and their connected Ethernet cables must all be completely indoors. This product is recyclable. Dispose of it properly. G-3000 Series User’s Guide...
  • Page 7 Safety Warnings G-3000 Series User’s Guide...
  • Page 8 Safety Warnings G-3000 Series User’s Guide...
  • Page 9: Table Of Contents

    Contents Overview Contents Overview Introduction ..........................33 Introducing the ZyXEL Device ....................35 Introducing the Web Configurator ....................41 Wizard Setup ..........................45 Tutorial ............................53 The Web Configurator ......................65 System Screens ........................67 Wireless Configuration ......................73 Wireless Security Configuration ....................87 MESSID and SSID ........................
  • Page 10 Contents Overview G-3000 Series User’s Guide...
  • Page 11: Table Of Contents

    1.2.3 AP + Bridge ........................ 37 1.2.4 MESSID (Multiple Extended Service Set IDentifier) ........... 38 1.3 Ways to Manage the ZyXEL Device ..................39 1.4 Good Habits for Managing the ZyXEL Device ..............40 Chapter 2 Introducing the Web Configurator ..................41 2.1 Web Configurator Overview ....................
  • Page 12 5.4 Configuring Password ......................68 5.5 Configuring Time Setting ..................... 70 5.5.1 Resetting the Time ..................... 71 Chapter 6 Wireless Configuration......................73 6.1 Wireless LAN Overview ....................... 73 6.1.1 BSS ..........................73 6.1.2 ESS ..........................74 G-3000 Series User’s Guide...
  • Page 13 7.7 Security Modes and Wireless Client Compatibility .............. 92 7.8 Wireless Client WPA Supplicants ..................92 7.9 Wireless Security Effectiveness ................... 93 7.10 Configuring Security ......................93 7.10.1 Security: None ......................94 7.10.2 Security: No-Access ....................95 7.10.3 Security: WEP ......................96 G-3000 Series User’s Guide...
  • Page 14 10.1 Factory Ethernet Defaults ....................123 10.2 TCP/IP Parameters ......................123 10.2.1 WAN IP Address Assignment ................. 123 10.3 Configuring IP ........................124 Chapter 11 Remote Management Screens..................... 127 11.1 Remote Management Overview ..................127 11.1.1 Remote Management Limitations ................127 G-3000 Series User’s Guide...
  • Page 15 13.8 Creating a Certificate ....................... 153 13.9 My Certificate Details ....................... 156 13.10 Trusted CAs ........................159 13.11 Importing a Trusted CA’s Certificate ................161 13.12 Trusted CA Certificate Details ..................162 Chapter 14 Log Screens .......................... 165 G-3000 Series User’s Guide...
  • Page 16 14.2 Configuring Log Settings ....................167 14.3 Example Log Messages ....................169 14.4 Log Commands ....................... 170 14.4.1 Configuring What You Want the ZyXEL Device to Log .......... 170 14.4.2 Displaying Logs ...................... 171 14.5 Log Command Example ....................171 Chapter 15 VLAN ............................
  • Page 17 Table of Contents 17.1.1 Initial Screen ......................201 17.2 Connect to your ZyXEL Device Using Telnet ..............202 17.3 Entering the Password ....................202 17.4 Changing the System Password ..................202 17.5 Navigating the SMT Interface ..................203 17.5.1 SMT Main Menu Summary ..................204 17.6 SMT Menus Overview ....................
  • Page 18 26.1.3 Brute-Force Password Guessing Protection ............250 26.1.3.1 Configuring Brute-Force Password Guessing Protection: Example ..... 250 26.2 Time and Date Setting ..................... 251 26.3 Remote Management Setup .................... 252 26.3.1 Telnet ........................252 26.3.2 FTP ........................252 26.3.3 Web ........................252 G-3000 Series User’s Guide...
  • Page 19 26.4 System Timeout ....................... 254 Chapter 27 Troubleshooting........................255 27.1 Power, Hardware Connections, and LEDs ..............255 27.2 ZyXEL Device Access and Login ..................255 27.3 Internet Access ........................ 257 Part IV: Appendices and Index ............259 Appendix A Product Specifications..................261 Appendix B Setting up Your Computer’s IP Address............
  • Page 20 Table of Contents G-3000 Series User’s Guide...
  • Page 21: List Of Figures

    Figure 34 Bridging Example ........................81 Figure 35 Bridge Loop: Two Bridges Connected to Switch ..............82 Figure 36 Bridge Loop: Bridge Connected to Wired LAN ............... 82 Figure 37 Wireless: Bridge/Repeater ..................... 83 Figure 38 Wireless: AP+Bridge ......................84 G-3000 Series User’s Guide...
  • Page 22 Figure 77 Common ZyXEL Device Certificate ..................136 Figure 78 SNMP Management Model ....................137 Figure 79 Remote Management: SNMP ....................140 Figure 80 ZyXEL Device Authenticates Wireless Stations ..............141 Figure 81 ZyXEL Device Authenticates other AP’s ................142 G-3000 Series User’s Guide...
  • Page 23 Figure 119 System Status: Show Statistics ................... 190 Figure 120 Association List ........................191 Figure 121 Channel Usage ........................192 Figure 122 Firmware Upload ........................ 193 Figure 123 Firmware Upload In Process ....................194 Figure 124 Network Temporarily Disconnected ..................194 G-3000 Series User’s Guide...
  • Page 24 Figure 163 Sample Error and Information Messages ................235 Figure 164 Menu 24.4 System Maintenance: Diagnostic ..............235 Figure 165 Menu 24.5 Backup Configuration ..................238 Figure 166 FTP Session Example ......................239 Figure 167 System Maintenance: Backup Configuration ..............241 G-3000 Series User’s Guide...
  • Page 25 ................. 281 Figure 207 Red Hat 9.0: Checking TCP/IP Properties ............... 282 Figure 208 Network Number and Host ID .................... 284 Figure 209 Subnetting Example: Before Subnetting ................286 Figure 210 Subnetting Example: After Subnetting ................287 G-3000 Series User’s Guide...
  • Page 26 Figure 243 Personal Certificate Import Wizard 5 .................. 323 Figure 244 Personal Certificate Import Wizard 6 .................. 323 Figure 245 Access the ZyXEL Device Via HTTPS ................324 Figure 246 SSL Client Authentication ....................324 Figure 247 ZyXEL Device Secure Login Screen .................. 324 Figure 248 Text File Based Auto Configuration ..................
  • Page 27 Figure 272 Accessing the Discovery/Polling Agents Screen ..............344 Figure 273 Discovery/Polling Agents Screen ..................344 Figure 274 Device Icon ......................... 345 Figure 275 MAP Object Properties: Access ..................345 Figure 276 WLM EMS Screen ......................346 G-3000 Series User’s Guide...
  • Page 28 List of Figures G-3000 Series User’s Guide...
  • Page 29: List Of Tables

    Table 13 Wireless: Access Point ......................79 Table 14 Wireless: Bridge/Repeater ...................... 83 Table 15 Security Modes ........................91 Table 16 Security Modes for ZyXEL Device and Windows XP Wireless Client ........92 Table 17 Wireless Security Levels ......................93 Table 18 Security ........................... 94 Table 19 Security: No-Access ........................
  • Page 30 Table 77 Menu 3.5.6 - SSID Profile Edit ....................220 Table 78 Menu 14.1- Edit Dial-in User ....................222 Table 79 Menu 16 VLAN Setup ......................224 Table 80 Menu 22 SNMP Configuration ....................225 Table 81 Menu 3.5.6 - SSID Profile Edit ....................228 G-3000 Series User’s Guide...
  • Page 31 Table 96 G-3000 United Kingdom PLUG STANDARDS ..............264 Table 97 G-3000 Japan PLUG STANDARDS ..................264 Table 98 G-3000 Australia and New Zealand plug standards ............. 264 Table 99 G-3000H North American Plug Standards ................264 Table 100 G-3000H European Plug Standards ................... 264 Table 101 G-3000H United Kingdom Plug Standards .................
  • Page 32 List of Tables Table 125 Displaying the Auto Configuration Status ................330 Table 126 Proprietary MIBs ......................... 341 G-3000 Series User’s Guide...
  • Page 33: Introduction

    Introduction Introducing the ZyXEL Device (35) Introducing the Web Configurator (41) Tutorial (53)
  • Page 35: Introducing The Zyxel Device

    4 MESSID Applications for each operating mode are shown below. The G-3000 also has an extension slot where you can add a second WLAN card. With two WLAN cards, the G-3000 can be set up with two different wireless configurations. For example, one card could function as a bridge/repeater and the other card could be in MESSID mode to support up to eight ESSIDs.
  • Page 36: Access Point

    1.2.1 Access Point The ZyXEL Device is an ideal access solution for wireless Internet connection. A typical Internet access application for your ZyXEL Device is shown as follows. Stations A, B and C can access the wired network through the ZyXEL Devices.
  • Page 37: Ap + Bridge

    Chapter 1 Introducing the ZyXEL Device Figure 2 Bridge Application Figure 3 Repeater Application 1.2.3 AP + Bridge In AP+Bridge mode, the ZyXEL Device supports both AP and bridge connection at the same time. G-3000 Series User’s Guide...
  • Page 38: Messid (Multiple Extended Service Set Identifier)

    In the figure below, A and B use X as an AP to access the wired network, while X and Y communicate in bridge mode. When the ZyXEL Device is in AP+Bridge mode, you must use security for both the AP and bridge functions, or for neither. However, the security the ZyXEL Device uses between APs (the Wireless Distribution System or WDS) is different from the security between the wireless stations and the AP.
  • Page 39: Ways To Manage The Zyxel Device

    1.3 Ways to Manage the ZyXEL Device Use any of the following methods to manage the ZyXEL Device. • Web Configurator. This is recommended for everyday management of the ZyXEL Device using a (supported) web browser. • Command Line Interface. Line commands are mostly used for troubleshooting by service engineers.
  • Page 40: Good Habits For Managing The Zyxel Device

    User’s Guide. 1.4 Good Habits for Managing the ZyXEL Device Do the following things regularly to make the ZyXEL Device more secure and to manage it more effectively. • Change the password often. Use a password that’s not easy to guess and that consists of different types of characters, such as numbers and letters.
  • Page 41: Introducing The Web Configurator

    H A P T E R Introducing the Web Configurator This chapter describes how to access the ZyXEL Device’s web configurator and provides an overview of its screens. 2.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy ZyXEL Device setup and management via Internet browser.
  • Page 42: Figure 6 Change Password Screen

    If you do not change the password, the following screen appears every time you login. Figure 6 Change Password Screen 6 Click Apply in the Replace Certificate screen to create a certificate using your ZyXEL Device’s MAC address that will be specific to this device. Figure 7 Replace Certificate Screen You should now see the MAIN MENU screen.
  • Page 43: Resetting The Zyxel Device

    Use the web configurator to restore defaults (refer to Chapter 16 on page 189). Transfer the configuration file to your ZyXEL Device using FTP. See the section on SMT configuration for more information. 2.4 Navigating the Web Configurator The following summarizes how to navigate the web configurator from the MAIN MENU screen.
  • Page 44 (Settings, Trusted AP and Trusted User), CERTIFICATES (My Certificates, Trusted CAs), LOGS (View Log and Log Settings) and VLAN. Click MAINTENANCE to view information about your ZyXEL Device or upgrade configuration/firmware files. Maintenance includes Status (Statistics), Association List, Channel Usage, F/W (firmware) Upload, Configuration (Backup, Restore and Default) and Restart.
  • Page 45: Wizard Setup

    The web configurator’s setup wizard helps you configure your ZyXEL Device for wireless stations to access your wired LAN. The wizard applies configuration settings to the ZyXEL Device’s built-in wireless card by default, even if you have installed another card.
  • Page 46: Wizard Setup: General Setup

    In Windows XP, click Start, My Computer, View system information and then click the Computer Name tab. Note the entry in the Full computer name field and enter it as the ZyXEL Device System Name. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes "-"...
  • Page 47: Figure 10 Wizard 2 : Wireless Lan Setup

    Name (SSID) in order to access the network. Choose Channel ID To manually set the ZyXEL Device to use a channel, select a channel from the drop-down list box. Open the Channel Usage screen to make sure the channel is not already used by another AP or independent peer-to-peer wireless network.
  • Page 48: Wizard Setup: Ip Address

    Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask. G-3000 Series User’s Guide...
  • Page 49: Figure 11 Wizard 3 : Ip Address Assignment

    Once you have decided on the network number, pick an IP address that is easy to remember, for instance, 192.168.1.2, for your ZyXEL Device, but make sure that no other device on your network is using that IP address.
  • Page 50: Basic Setup Complete

    Click OK to close the window and log in to the web configurator again using the new IP address if you change the default IP address (192.168.1.2). You have successfully set up the ZyXEL Device. A screen displays prompting you to close the web browser.
  • Page 51: Figure 12 Wizard 4 : Setup Complete

    Chapter 3 Wizard Setup Figure 12 Wizard 4 : Setup Complete Well done! You have successfully set up your ZyXEL Device to operate on your network and access the Internet. G-3000 Series User’s Guide...
  • Page 52 Chapter 3 Wizard Setup G-3000 Series User’s Guide...
  • Page 53: Tutorial

    The ZyXEL Device is a repeater when it has no Ethernet connection and allows other APs to communicate with one another through the ZyXEL Device. • Use AP+Bridge operating mode if you want to use the ZyXEL Device as an access point (see above) while also communicating with other access points. See Section 1.2.3 on page...
  • Page 54: How To Configure Multiple Wireless Networks

    4.2 How to Configure Multiple Wireless Networks In this example, you have been using your ZyXEL Device as an access point for your office network (See your Quick Start Guide for information on how to set up your ZyXEL Device in Access Point mode).
  • Page 55: Change The Operating Mode

    Log in to the ZyXEL Device (see Section 2.2 on page 41). Click WIRELESS > Wireless. The Wireless screen appears. In this example, the ZyXEL Device is set to Access Point operating mode, and is currently using the SSID04 profile. Figure 14 Tutorial: Wireless LAN: Before Select MESSID from the Operating Mode drop-down list box.
  • Page 56: Configure The Voip Network

    You cannot change this security profile without changing the security parameters for every SSID (including SSID4, the standard network), so you will use different security profiles for the different SSIDs. G-3000 Series User’s Guide...
  • Page 57: Figure 16 Tutorial: Wireless > Ssid

    Chapter 4 Tutorial Figure 16 Tutorial: WIRELESS > SSID You will use the first SSID for the Voice over IP (VoIP) network, so select SSID1’s radio button and click Edit. The following screen displays. G-3000 Series User’s Guide...
  • Page 58: Set Up Security For The Voip Profile

    • Leave all the other fields at their defaults and click Apply. 4.2.2.1 Set Up Security for the VoIP Profile Now you need to configure the security settings to use on the VoIP wireless network. Click the Security tab. G-3000 Series User’s Guide...
  • Page 59: Figure 18 Tutorial: Voip Security

    You already chose to use the security02 profile for this network, so select the radio button for security02 and click Edit. The following screen appears. Figure 19 Tutorial: VoIP Security Profile Edit • Change the Name field to “VoIP_Security” to make it easier to remember and identify. G-3000 Series User’s Guide...
  • Page 60: Activate The Voip Profile

    Internet). For this reason, you will enable layer-2 isolation for the Guest_SSID profile. “Layer-2 isolation” means that a client accessing the network via the Guest_SSID profile can access only certain pre-defined devices on the network (see Section 9.1 on page 115). G-3000 Series User’s Guide...
  • Page 61: Set Up Security For The Guest Profile

    Now you need to configure the security settings to use on the guest wireless network. Click the Security tab. You already chose to use the security03 profile for this network, so select security03’s entry in the list and click Edit. The following screen appears. G-3000 Series User’s Guide...
  • Page 62: Set Up Layer-2 Isolation

    Figure 24 Tutorial: Guest Security: Updated 4.2.3.2 Set up Layer-2 Isolation Configure layer-2 isolation to control the specific devices you want the users on your guest network to access. Click WIRELESS > Layer-2 Isolation. The following screen appears. G-3000 Series User’s Guide...
  • Page 63: Activate The Guest Profile

    Select SSID Profile table, select the check box for the second index entry and select the Guest_SSID profile. Click Apply. Figure 26 Tutorial: Activate Guest Profile Your Guest wireless network is now ready to use. G-3000 Series User’s Guide...
  • Page 64: Testing The Wireless Networks

    2 isolation list). If you receive a reply, check the settings in the WIRELESS > Layer-2 Isolation screen, and ensure that layer 2 isolation is enabled in the Guest_SSID profile screen. G-3000 Series User’s Guide...
  • Page 65: The Web Configurator

    The Web Configurator System Screens (67) Wireless Configuration (73) Wireless Security Configuration (87) MESSID and SSID (105) Other Wireless Configuration (115) IP Screen (123) Remote Management Screens (127) Auth Server (141) Certificates (147) Log Screens (165) Maintenance (189)
  • Page 67: System Screens

    DESCRIPTION General Setup System Name Type a descriptive name to identify the ZyXEL Device in the Ethernet network. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes "-" and underscores "_" are accepted.
  • Page 68: Administrator Authentication On Radius

    5.3 Administrator Authentication on RADIUS The administrator authentication on RADIUS feature lets a (external or internal) RADIUS server authenticate management logins to the ZyXEL Device. This is useful if you need to regularly change a password that you use to manage several ZyXEL Devices.
  • Page 69: Figure 28 Password

    RADIUS Select the RADIUS server profile of the RADIUS server that is to authenticate management logins to the ZyXEL Device. The ZyXEL Device tests the user name and password against the RADIUS server when you apply your settings. • The user name and password must already be configured in the RADIUS server.
  • Page 70: Configuring Time Setting

    5.5 Configuring Time Setting To change your ZyXEL Device’s time and date, click SYSTEM > Time Setting. The screen appears as shown. Use this screen to configure the ZyXEL Device’s time based on your local time zone. Figure 29 Time Setting...
  • Page 71: Resetting The Time

    Select the time service protocol that your time server sends when you turn on the ZyXEL Device. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.
  • Page 72 Chapter 5 System Screens G-3000 Series User’s Guide...
  • Page 73: Wireless Configuration

    H A P T E R Wireless Configuration This chapter discusses how to configure the Wireless screens on the ZyXEL Device. 6.1 Wireless LAN Overview This section introduces the wireless LAN (WLAN) and some basic scenarios. 6.1.1 BSS A Basic Service Set (BSS) exists when all communications between wireless stations or between a wireless station and a wired network client go through one access point (AP).
  • Page 74: Ess

    See the Wireless LANs Appendix for information on the following: • Wireless LAN Topologies • Channel • RTS/CTS • Fragmentation Threshold • Preamble Type • IEEE 802.1x • RADIUS • Types of Authentication • WPA • Security Parameters Summary G-3000 Series User’s Guide...
  • Page 75: Quality Of Service

    Network traffic can be classified by setting the ToS (Type Of Service) values at the data source (for example, at the ZyXEL Device) so a server can decide the best method of delivery, that is the least cost, fastest route and so on.
  • Page 76: Tos (Type Of Service) And Wmm Qos

    DSCP value in order to make the best use of WMM QoS. A Voice over IP (VoIP) device for example may allow you to define the DSCP value. The following table lists which WMM QoS priority level the ZyXEL Device uses for specific DSCP values.
  • Page 77: How Stp Works

    Table 12 STP Port States PORT STATES DESCRIPTIONS Disabled STP is disabled (default). Blocking Only configuration and management BPDUs are received and processed. Listening All BPDUs are received and processed. G-3000 Series User’s Guide...
  • Page 78: Wireless Screen Overview

    All BPDUs are received and processed. All information frames are received and forwarded. 6.5 Wireless Screen Overview The following is a list of the screens you can configure on the ZyXEL Device. 1 Configure the ZyXEL Device to operate in AP, AP+Bridge, Bridge/Repeater or MESSID mode in the Wireless screen (see Chapter 8 on page 105 for MESSID).
  • Page 79: Figure 33 Wireless: Access Point

    Set the operating frequency/channel depending on your particular region. Channel ID To manually set the ZyXEL Device to use a channel, select a channel from the drop-down list box. Click MAINTENANCE and then the Channel Usage tab to open the Channel Usage screen to make sure the channel is not already used by another AP or independent peer-to-peer wireless network.
  • Page 80 Device. Output Power Set the output power of the ZyXEL Device in this field. If there is a high density of APs in an area, decrease the output power of the ZyXEL Device to reduce interference with other APs. Select from 100% (Full Power), 50%, 25% and 12.5%.
  • Page 81: Bridge/Repeater Mode

    Click Reset to begin configuring this screen afresh. 6.6.2 Bridge/Repeater Mode The ZyXEL Device can act as a wireless network bridge and establish wireless links with other APs. You need to know the MAC address of the peer device, which also must be in bridge mode.
  • Page 82: Figure 35 Bridge Loop: Two Bridges Connected To Switch

    The following examples show two network topologies that can lead to this problem: • If two or more ZyXEL Devices (in bridge mode) are connected to the same switch (as shown next). Figure 35 Bridge Loop: Two Bridges Connected to Switch •...
  • Page 83: Figure 37 Wireless: Bridge/Repeater

    APs. Select the check box to encrypt the traffic between the APs. When you select the check box, need to configure a Pre-Shared Key (PSK) for each peer device. The ZyXEL Device uses TKIP to encrypt traffic on the WDS between APs.
  • Page 84: Ap+Bridge Mode

    6.6.3 AP+Bridge Mode Select AP+Bridge as the Operating Mode in the WIRELESS > Wireless screen to have the ZyXEL Device function as a bridge and access point simultaneously. See the section on applications for more information. Figure 38 Wireless: AP+Bridge See the tables describing the fields in the Access Point and Bridge/Repeater operating modes for descriptions of the fields in this screen.
  • Page 85: Messid Mode

    6.6.4 MESSID Mode Select MESSID as the Operating Mode to display the screen. Refer to Chapter 8 on page 105 for configuration and detailed information. See Chapter 7 on page 87 for details on the security settings. G-3000 Series User’s Guide...
  • Page 86 Chapter 6 Wireless Configuration G-3000 Series User’s Guide...
  • Page 87: Wireless Security Configuration

    Wireless security is vital to your network to protect wireless communication between wireless stations, access points and the wired network. Wireless security methods available on the ZyXEL Device are data encryption, wireless client authentication, restricting access by MAC address and hiding the ZyXEL Device’s identity.
  • Page 88: Hide Identity

    Chapter 7 Wireless Security Configuration 7.1.4 Hide Identity If you hide the SSID, then the ZyXEL Device cannot be seen when a wireless client scans for local APs. The trade-off for the extra security of “hiding” the ZyXEL Device may be inconvenience for some valid WLAN clients.
  • Page 89: Introduction To Wpa

    Chapter 7 Wireless Security Configuration 2 The ZyXEL Device sends a “request identity” message to the wireless station for identity information. 3 The wireless station replies with identity information, including username and password. 4 The RADIUS server checks the user information against its user profile database and determines whether or not to authenticate the wireless station.
  • Page 90: Wpa(2)-Psk Application Example

    3 The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients. G-3000 Series User’s Guide...
  • Page 91: Security Modes

    Select this to use WPA with a pre-shared key. WPA2 Select this to use WPA2. WPA2-MIX Select this to use either WPA2 or WPA depending on which security mode the wireless client uses. WPA2-PSK Select this to use WPA2 with a pre-shared key. G-3000 Series User’s Guide...
  • Page 92: Security Modes And Wireless Client Compatibility

    The following table shows combinations of security modes between a Windows XP wireless client and the ZyXEL Device. Combinations of security modes not marked with a “O” or not listed may not be able to make a connection using the SSID.
  • Page 93: Wireless Security Effectiveness

    Wi-Fi Protected Access (WPA) Most Secure WPA2 If you do not enable any wireless security on your ZyXEL Device, your network is accessible to any wireless networking device within range. 7.10 Configuring Security The following screens are configurable only in Access Point, AP+Bridge and MESSID operating modes only.
  • Page 94: Security: None

    Select an entry from the list and click Edit to configure security settings for that profile. The next screen varies according to the Security Mode you select. 7.10.1 Security: None Select None in the Security Mode field to allow all wireless clients access to the ZyXEL Device. G-3000 Series User’s Guide...
  • Page 95: Security: No-Access

    Reset Click Reset to begin configuring this screen afresh. 7.10.2 Security: No-Access Select No-Access in the Security Mode field to block all wireless access to the ZyXEL Device. Figure 44 Security: No-Access The following table describes the labels in this screen.
  • Page 96: Security: Wep

    Select Auto, Open System or Shared Key from the drop-down list box. Method The default setting is Auto. ASCII Select this option to enter ASCII characters as the WEP keys. Select this option to enter hexadecimal characters as the WEP keys. The preceding “0x” is entered automatically. G-3000 Series User’s Guide...
  • Page 97: Security: 802.1X Only, 802.1X Static 64-Bit, 802.1X Static 128-Bit

    LABEL DESCRIPTION Key 1 to The WEP keys are used to encrypt data. Both the ZyXEL Device and the wireless stations must use the same WEP key for data transmission. Key 4 If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F").
  • Page 98: Security: 802.1X Dynamic 64-Bit Or 802.1X Dynamic 128-Bit

    RADIUS server has priority. Idle Timeout The ZyXEL Device automatically disconnects a wireless station from the wireless network after a period of inactivity. The wireless station needs to send the username and password again before it can use the wireless network again.
  • Page 99: Security: Wpa, Wpa2, Wpa-Mix Or Wpa2-Mix

    Idle Timeout The ZyXEL Device automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the user name and password again before access to the wired network is allowed.
  • Page 100: Security: Wpa-Psk, Wpa2-Psk, Wpa2-Psk-Mix

    RADIUS server has priority. Idle Timeout The ZyXEL Device automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the username and password again before access to the wired network is allowed.
  • Page 101: Figure 49 Security: Wpa-Psk, Wpa2-Psk Or Wpa2-Psk-Mix

    RADIUS server has priority. Idle Timeout The ZyXEL Device automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the username and password again before access to the wired network is allowed.
  • Page 102: Introduction To Radius

    These profiles can be assigned to an SSID profile in the SSID configuration screen To set up your ZyXEL Device’s RADIUS server settings, click WIRELESS > RADIUS. The screen appears as shown. Figure 50 RADIUS...
  • Page 103: Table 26 Radius

    Enter a password (up to 128 alphanumeric characters) as the key to be shared between the accounting server and the ZyXEL Device. The key must be the same on the accounting server and your ZyXEL Device. The key is not sent over the network.
  • Page 104: Configuring Local User Database

    Chapter 7 Wireless Security Configuration 7.13 Configuring Local User Database To change your ZyXEL Device’s trusted users, click WIRELESS > Local User Database. The screen appears as shown. Figure 51 Local User Database The following table describes the labels in this screen.
  • Page 105: Messid And Ssid

    H A P T E R MESSID and SSID This chapter describes how to configure and use your ZyXEL Device’s MESSID mode and configure SSID profiles. 8.1 Wireless LAN Infrastructures See the Wireless LAN chapter for some basic WLAN scenarios and terminology.
  • Page 106: Multiple Ess With Vlan Example

    (on switch ports where PVID is enabled). Figure 52 Multiple ESS with VLAN Example 8.1.5 Configuring Multiple ESSs Click WIRELESS > Wireless and select MESSID in the Operating Mode drop-down list box to display the screen as shown. G-3000 Series User’s Guide...
  • Page 107: Figure 53 Wireless: Multiple Ess

    Table 28 Wireless: Multiple ESS LABEL DESCRIPTION WLAN Adapter This field only appears when you have a compatible WLAN card in the ZyXEL Device’s extension card slot. Note: Contact your distributor for information on compatible WLAN cards. Select Built-in to configure settings for the ZyXEL Device’s the internal WLAN card.
  • Page 108 The blue ZyAIR LED is on when the ZyXEL Device is on and blinks (or breathes) when data is being transmitted to/from its wireless stations. Clear the check box to turn this LED off even when the ZyXEL Device is on and data is being transmitted/received.
  • Page 109: Ssid

    ZyXEL Device. Output Power Set the output power of the ZyXEL Device in this field. If there is a high density of APs in an area, decrease the output power of the ZyXEL Device to reduce interference with other APs. Select from 100% (Full Power), 50%, 25% and 12.5%.
  • Page 110: Figure 54 Ssid

    Index This field displays the index number of each SSID profile. Name This field displays the identification name of each SSID profile on the ZyXEL Device. SSID This field displays the name of the wireless profile on the network. When a wireless client scans for an AP to associate with, this is the name that is broadcast and seen in the wireless client utility.
  • Page 111: Configuring Ssid

    Enter a name (up to 32 ASCII characters) to identify this profile. Spaces are allowed. SSID When a wireless client scans for an AP to associate with, this is the name that is broadcast and seen in the wireless client utility. G-3000 Series User’s Guide...
  • Page 112 Enter a VLAN ID number from 1 to 4094. Packets coming from the WLAN using this SSID profile are tagged with this VLAN ID number by the ZyXEL Device. Different SSID profiles can use the same or different VLAN IDs. This allows you to split wireless stations into groups using similar VLAN IDs.
  • Page 113: Second Rx Vlan Id

    3 You can enter a Second Rx VLAN ID in the following screen. The following screen shows VLAN 1 tagged with VLAN ID 1. Incoming packets (Second Rx VLAN ID) with a VLAN ID 3 are matched to VLAN 1. G-3000 Series User’s Guide...
  • Page 114: Figure 57 Configuring Ssid: Second Rx Vlan Id Example

    Chapter 8 MESSID and SSID Figure 57 Configuring SSID: Second Rx VLAN ID Example 4 Click Apply to save these settings to the ZyAIR. G-3000 Series User’s Guide...
  • Page 115: Other Wireless Configuration

    MAC addresses that you list in the layer-2 isolation table. In the following example, layer-2 isolation is enabled on the ZyXEL Device (Z, in the figure) to allow a guest wireless client (A) to access the main network router (B), the router providing Internet access (C), and the network printer (D) while preventing the client from accessing other computers and servers on the network.
  • Page 116: Configuring Layer-2 Isolation

    9.2 Configuring Layer-2 Isolation If layer-2 isolation is enabled, you need to know the MAC addresses of the wireless clients, APs, computers or routers that you want to allow to communicate with the ZyXEL Device's wireless clients. To configure layer-2 isolation, click WIRELESS > Layer-2 Isolation. The screen appears as shown next.
  • Page 117: Layer-2 Isolation Examples

    Reset Click Reset to begin configuring this screen afresh. 9.2.1 Layer-2 Isolation Examples The following section shows you example layer-2 isolation configurations on the ZyXEL Device (A). When configuring, remember to enable layer-2 isolation in the WIRELESS > SSID > Edit screen of the relevant SSID profile.
  • Page 118: Layer-2 Isolation Example 2

    In the following example wireless clients 1 and 2 can communicate with B and C but not 3. • Configure more than one MAC address. Enter the server’s and your ZyXEL Device’s MAC addresses in the Allow devices with these MAC addresses fields.
  • Page 119: Configuring Mac Filter

    Figure 62 Layer-2 Isolation Example 2 9.3 Configuring MAC Filter The MAC filter screen allows you to configure the ZyXEL Device to give exclusive access to up to 32 devices (Allow Association) or exclude up to 32 devices from accessing the ZyXEL Device (Deny Association).
  • Page 120: Figure 63 Mac Address Filter

    Select Allow Association to permit access to the router. MAC addresses not listed will be denied access to the router. MAC Address Enter the MAC addresses (in XX:XX:XX:XX:XX:XX format) of the wireless station to be allowed or denied access to the ZyXEL Device. Apply Click Apply to save your changes. Reset Click Reset to begin configuring this screen afresh.
  • Page 121: Configuring Roaming

    (bridge tables are updated) and maximum AP efficiency. The AP deletes records of wireless stations that associate with other APs (Non-ZyXEL APs may not be able to perform this). 802.1x authentication information is not exchanged (at the time of writing).
  • Page 122: Requirements For Roaming

    DESCRIPTION Active Select Yes from the drop-down list box to enable roaming on the ZyXEL Device. This is useful if you have two or more APs on the same subnet. Note: All APs on the same subnet and the wireless stations must have the same SSID to allow roaming.
  • Page 123: Ip Screen

    IP Screen This chapter discusses how to configure IP on the ZyXEL Device. 10.1 Factory Ethernet Defaults The Ethernet parameters of the ZyXEL Device are preset in the factory with the following values: 1 IP address of 192.168.1.2 2 Subnet mask of 255.255.255.0 (24 bits) These parameters should work for the majority of installations.
  • Page 124: Configuring Ip

    Device (by the DHCP server) to access the ZyXEL Device again. Use fixed IP address Select this option if your ZyXEL Device is using a static IP address. When you select this option, fill in the fields below. IP Address Enter the IP address of your ZyXEL Device in dotted decimal notation.
  • Page 125 Type the IP address of the gateway. The gateway is an immediate neighbor of your ZyXEL Device that will forward the packet to the destination. On the LAN, the gateway must be a router on the same segment as your ZyXEL Device;...
  • Page 126 Chapter 10 IP Screen G-3000 Series User’s Guide...
  • Page 127: Remote Management Screens

    • Neither (Disable). You can disable a service on the ZyXEL Device by not allowing access for the service/ protocol through any of the ZyXEL Device interfaces. You may only have one management session running at a time. The ZyXEL Device automatically disconnects a management session of lower priority when another management session of higher priority starts.
  • Page 128: System Timeout

    67). 11.2 Configuring Telnet You can configure your ZyXEL Device for remote Telnet access. Use this screen to specify which interfaces allow Telnet access and from which IP address the access can come. Click REMOTE MGNT and the TELNET tab to display the screen as shown.
  • Page 129: Configuring Ftp

    Click Reset to begin configuring this screen afresh. 11.4 WWW (HTTP and HTTPS) You can set the ZyXEL Device to use HTTP or HTTPS (HTTPS adds security) for web configurator sessions. Specify which interfaces allow web configurator access and from which IP address the access can come.
  • Page 130: Configuring Www

    REMOTE MGMT > WWW screen). Authenticate Client Certificates is optional and if selected means the SSL-client must send the ZyXEL Device a certificate. You must apply for a certificate for the browser from a CA that is a trusted CA on the ZyXEL Device. Please refer to the following figure.
  • Page 131: Figure 70 Remote Management: Www

    ZyXEL Device by sending the ZyXEL Device a certificate. To do that the SSL client must have a CA-signed certificate from a CA that has been imported as a trusted CA on the ZyXEL Device (see the appendix on importing certificates for details).
  • Page 132: Https Example

    Click Reset to begin configuring this screen afresh. 11.6 HTTPS Example If you have not changed the default HTTPS port on the ZyXEL Device, then in your browser enter “https://ZyXEL Device IP Address/” as the web site address where “ZyXEL Device IP Address”...
  • Page 133: Netscape Navigator Warning Messages

    Chapter 11 Remote Management Screens 11.6.2 Netscape Navigator Warning Messages When you attempt to access the ZyXEL Device HTTPS server, a Website Certified by an Unknown Authority screen pops up asking if you trust the server certificate. Click Examine Certificate if you want to verify that the certificate is from the ZyXEL Device.
  • Page 134: Avoiding The Browser Warning Messages

    Appendix G on page 457 for details. • The actual IP address of the HTTPS server (the IP address of the ZyXEL Device’s port that you are trying to access) does not match the common name specified in the ZyXEL Device’s HTTPS server certificate that your browser received.
  • Page 135: Figure 74 Example: Lock Denoting A Secure Connection)

    Figure 74 Example: Lock Denoting a Secure Connection) Click Login and you then see the next screen. The factory default certificate is a common default certificate for all ZyXEL Device models. Figure 75 Replace Certificate Click Apply in the Replace Certificate screen to create a certificate using your ZyXEL Device’s MAC address that will be specific to this device.
  • Page 136: Figure 76 Device-Specific Certificate

    Chapter 11 Remote Management Screens Figure 76 Device-specific Certificate Click Ignore in the Replace Certificate screen to use the common ZyXEL Device certificate. You will then see this information in the My Certificates screen. Figure 77 Common ZyXEL Device Certificate...
  • Page 137: Snmp

    An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the ZyXEL Device). An agent translates the local management information from the managed device into a form compatible with SNMP.
  • Page 138: Supported Mibs

    • Trap - Used by the agent to inform the manager of some events. 11.7.1 Supported MIBs The ZyXEL Device supports MIB II that is defined in RFC-1213 and RFC-1215 as well as the proprietary ZyXEL private MIB. The purpose of the MIBs is to let administrators collect statistical data and monitor status and performance.
  • Page 139: Snmp Traps

    Table 41 SNMP Interface Index to Physical Port Mapping INTERFACE TYPE PHYSICAL PORT enet0 WLAN enet1 Ethernet port 11.8.1 Configuring SNMP To change your ZyXEL Device’s SNMP settings, click REMOTE MGMT, then the SNMP tab. The screen appears as shown. G-3000 Series User’s Guide...
  • Page 140: Figure 79 Remote Management: Snmp

    Address ZyXEL Device using this service. Select All to allow any computer to access the ZyXEL Device using this service. Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service.
  • Page 141: Auth Server

    The ZyXEL Device has a built-in RADIUS server that can authenticate wireless clients or other AP’s in other wireless networks. The ZyXEL Device can function as an AP and as a RADIUS server at the same time. PEAP (Protected EAP) and MD5 authentication is implemented on the internal RADIUS server using simple username and password methods over a secure TLS connection.
  • Page 142: Internal Radius Server Setting

    RADIUS server can be authenticated. ZyXEL recommends that you replace the factory default certificate with one that uses your ZyXEL Device's MAC address. This can be done when you first log in to the ZyXEL Device or in the Advanced web configurator Certificates screen.
  • Page 143: Figure 82 Internal Radius Server Setting Screen

    LABEL DESCRIPTION Active Select the Active check box to have the ZyXEL Device use its internal RADIUS server to authenticate wireless clients or other AP’s. This field displays the certificate index number. The certificates are listed in alphabetical order. Certificates can be added or removed in the Advanced Certificate screens.
  • Page 144: Trusted Ap Overview

    Click Reset to start configuring this screen afresh. 12.3 Trusted AP Overview A trusted AP is an AP that uses the ZyXEL Device’s internal RADIUS server to authenticate it’s wireless clients. The following shows how this is done in two phases.
  • Page 145: Figure 84 Trusted Ap Screen

    They are grayed out and therefore cannot be configured. The shared secret must be the same on the trusted AP and your ZyXEL Device. The shared secret is not sent over the network. The shared secret is used to encrypt messages from and to the ZyXEL Device.
  • Page 146: Trusted Users Overview

    Chapter 12 Auth Server 12.5 Trusted Users Overview A trusted user is a wireless client within the ZyXEL Device’s wireless network. See Section on page 122 to change your ZyXEL Device’s trusted users. G-3000 Series User’s Guide...
  • Page 147: Certificates

    A certification path is the hierarchy of certification authority certificates that validate a certificate. The ZyXEL Device does not trust a certificate if any certificate on its path has expired or been revoked.
  • Page 148: Advantages Of Certificates

    13.2 Self-signed Certificates You can have the ZyXEL Device act as a certification authority and sign its own certificates. 13.3 Verifying a Certificate Before you import a trusted CA certificate into the ZyXEL Device, you should verify that you have the actual certificate.
  • Page 149: Configuration Summary

    Use the My Certificate screens to generate and export self-signed certificates or certification requests and import the ZyXEL Devices’ CA-signed certificates. Use the Trusted CA screens to save CA certificates to the ZyXEL Device. 13.5 My Certificates Click CERTIFICATES > My Certificates to open the ZyXEL Device’s summary list of certificates and certification requests.
  • Page 150: Figure 87 My Certificates

    LABEL DESCRIPTION PKI Storage This bar displays the percentage of the ZyXEL Device’s PKI storage space that is Space in Use currently in use. The bar turns from green to red when the maximum is being approached. When the bar is red, you should consider deleting expired or unnecessary certificates before adding more certificates.
  • Page 151: Certificate File Formats

    Note that subsequent certificates move up by one when you take this action Create Click Create to go to the screen where you can have the ZyXEL Device generate a certificate or a certification request. Import Click Import to open a screen where you can save the certificate that you have enrolled from a certification authority from your computer to the ZyXEL Device.
  • Page 152: Importing A Certificate

    Chapter 13 Certificates • Binary PKCS#7: This is a standard that defines the general syntax for data (including digital signatures) that may be encrypted. The ZyXEL Device currently allows the importation of a PKS#7 file that contains a single certificate.
  • Page 153: Creating A Certificate

    Click CERTIFICATES > My Certificates and then Create to open the My Certificate Create screen. Use this screen to have the ZyXEL Device create a self-signed certificate, enroll a certificate with a certification authority or generate a certification request, see the following figure.
  • Page 154: Figure 89 My Certificate Create

    Organizational Unit Type up to 127 characters to identify the organizational unit or department to which the certificate owner belongs. You may use any character, including spaces, but the ZyXEL Device drops trailing spaces. G-3000 Series User’s Guide...
  • Page 155 Select Create a certification request and save it locally for later manual request and save it enrollment to have the ZyXEL Device generate and store a request for a locally for later certificate. Use the My Certificate Details screen to view the certification manual enrollment request and copy it to send to the certification authority.
  • Page 156: My Certificate Details

    In the case of a self-signed certificate, you can set it to be the one that the ZyXEL Device uses to sign the trusted remote host certificates that you import to the ZyXEL Device.
  • Page 157: Figure 90 My Certificate Details

    Chapter 13 Certificates Figure 90 My Certificate Details G-3000 Series User’s Guide...
  • Page 158: Table 49 My Certificate Details

    If the certificate is a self-signed certificate, the certificate itself is the only one in the list. The ZyXEL Device does not trust the certificate and displays “Not trusted” in this field if any certificate on the path has expired or been revoked.
  • Page 159: Trusted Cas

    Click CERTIFICATES, Trusted CAs to open the Trusted CAs screen. This screen displays a summary list of certificates of the certification authorities that you have set the ZyXEL Device to accept as trusted. The ZyXEL Device accepts any valid certificate signed by a certification authority on this list as being trustworthy;...
  • Page 160: Figure 91 Trusted Cas

    LABEL DESCRIPTION PKI Storage This bar displays the percentage of the ZyXEL Device’s PKI storage space that is Space in Use currently in use. The bar turns from green to red when the maximum is being approached. When the bar is red, you should consider deleting expired or unnecessary certificates before adding more certificates.
  • Page 161: Importing A Trusted Ca's Certificate

    Import to open the Trusted CA Import screen. Follow the instructions in this screen to save a trusted certification authority’s certificate to the ZyXEL Device, see the following figure. You must remove any spaces from the certificate’s filename before you can import the certificate.
  • Page 162: Trusted Ca Certificate Details

    Trusted CA Details screen. Use this screen to view in-depth information about the certification authority’s certificate, change the certificate’s name and set whether or not you want the ZyXEL Device to check a certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority.
  • Page 163: Table 52 Trusted Ca Details

    31 characters to identify this key certificate. You may use any character (not including spaces). Property Select this check box to have the ZyXEL Device check incoming certificates that Check incoming are issued by this certification authority against a Certificate Revocation List certificates issued (CRL).
  • Page 164 Apply Click Apply to save your changes back to the ZyXEL Device. You can only change the name and/or set whether or not you want the ZyXEL Device to check the CRL that the certification authority issues before trusting a certificate issued by the certification authority.
  • Page 165: Log Screens

    14.1 Configuring View Log The web configurator allows you to look at all of the ZyXEL Device’s logs in one location. Click LOGS > View Log. Use the View Log screen to see the logs for the categories that you...
  • Page 166: Figure 94 View Log

    Click Email Log Now to send the log screen to the e-mail address specified in the Log Settings page. Refresh Click Refresh to renew the log screen. Clear Log Click Clear Log to clear all the logs. G-3000 Series User’s Guide...
  • Page 167: Configuring Log Settings

    To change your ZyXEL Device’s log settings, click LOGS > Log Settings. The screen appears as shown. Use the Log Settings screen to configure to where and when the ZyXEL Device is to send the logs and which logs and/or immediate alerts it is to send.
  • Page 168: Table 54 Log Settings

    Select the categories of logs that you want to record. Send Immediate Select the categories of alerts for which you want the ZyXEL Device to Alert immediately send e-mail alerts. Apply Click Apply to save your customized settings and exit this screen.
  • Page 169: Example Log Messages

    Redirect Redirect datagrams for the Network Redirect datagrams for the Host Redirect datagrams for the Type of Service and Network Redirect datagrams for the Type of Service and Host G-3000 Series User’s Guide...
  • Page 170: Log Commands

    Use the sys logs save command to store the settings in the ZyXEL Device (you must do this in order to record logs). G-3000 Series User’s Guide...
  • Page 171: Displaying Logs

    Use the sys logs clear command to erase all of the ZyXEL Device’s logs. 14.5 Log Command Example This example shows how to set the ZyXEL Device to record the error logs and alerts and then view the results. ras> sys logs load ras>...
  • Page 172 Chapter 14 Log Screens G-3000 Series User’s Guide...
  • Page 173: Vlan

    The Management VLAN ID identifies the “management VLAN”. A device must be a member of this “management VLAN” in order to access and manage the ZyXEL Device. If a device is not a member of this VLAN, then that device cannot manage the ZyXEL Device.
  • Page 174: Configuring Vlan

    The ZyXEL Device allows you to configure VLAN based on SSID profile (wireless VLAN), and / or based on your RADIUS server (RADIUS VLAN). • When you use wireless VLAN, the ZyXEL Device tags all packets from an SSID with the VLAN ID you set in the WIRELESS > SSID > Edit screen.
  • Page 175: Figure 96 Vlan

    Enter a number from 1 to 4094 to define this VLAN group. At least one device in your network must belong to this VLAN group in order to manage the ZyXEL Device. Note: Mail and FTP servers must have the same management VLAN ID to communicate with the ZyXEL Device.
  • Page 176: Configuring Management Vlan Example

    This section shows you how to create a VLAN on an Ethernet switch. By default, the port on the ZyXEL Device is a member of the management VLAN (VLAN ID 1). The following procedure shows you how to configure a tagged VLAN.
  • Page 177: Figure 98 Vlan-Aware Switch - Static Vlan

    5 Type a VLAN Group ID. This should be the same as the management VLAN ID on the ZyXEL Device. 6 Enable Tx Tagging on the port which you want to connect to the ZyXEL Device. Disable Tx Tagging on the port you are using to connect to your computer.
  • Page 178: Configuring Microsoft's Ias Server Example

    3 Click Apply. Figure 101 VLAN Setup 4 The ZyXEL Device attempts to connect with a VLAN-aware device. You can now access and mange the ZyXEL Device though the Ethernet switch. If you do not connect the ZyXEL Device to a correctly configured VLAN-aware device, you will lock yourself out of the ZyXEL Device.
  • Page 179: Configuring Vlan Groups

    ID (Name:string) is between 1 and 4094. 4c If a or b are not matched, the ZyXEL Device uses the VLAN ID configured in the WIRELESS VLAN screen and the wireless station. This VLAN ID is independent and hence different to the ID in the VLAN screen.
  • Page 180: Configuring Remote Access Policies

    • Right click Remote Access Policy and select New Remote Access Policy. • Enter a Policy friendly name that describes the policy. Each Remote Access Policy will be matched to one VLAN Group. An example may be, Allow - VLAN 10 Policy. • Click Next. G-3000 Series User’s Guide...
  • Page 181: Figure 104 New Remote Access Policy For Vlan Group

    The policy is added to the field below. Only one VLAN Group should be associated with each policy. 5 Click OK and Next in the next few screens to accept the group value. Figure 106 Adding VLAN Group G-3000 Series User’s Guide...
  • Page 182: Figure 107 Granting Permissions And User Profile Screens

    • Clear the check boxes for all other authentication types listed below the drop-down list box. Figure 108 Authentication Tab Settings 8 Click the Encryption tab. Select the Strongest encryption option. This step is not required for EAP-MD5, but is performed as a safeguard. G-3000 Series User’s Guide...
  • Page 183: Figure 109 Encryption Tab Settings

    9 Click the IP tab and select the Client may request an IP address check box for DHCP support. 10 Click the Advanced tab. The current default parameters returned to the ZyXEL Device should be Service-Type and Framed-Protocol. • Click the Add button to add an additional three RADIUS VLAN attributes required for 802.1X Dynamic VLAN Assignment.
  • Page 184: Figure 111 Radius Attribute Screen

    4094 or a Name for this policy. This Name should match a name in the VLAN mapping table on the ZyXEL Device. Wireless stations belonging to the VLAN Group specified in this policy will be given a VLAN ID specified in the ZyXEL Device VLAN table. • Click OK.
  • Page 185: Figure 113 Vlan Id Attribute Setting For Tunnel-Pvt-Group-Id

    Figure 114 VLAN Attribute Setting for Tunnel-Type 17 Return to the RADIUS Attribute Screen shown as Figure 111 on page 184. • Click the Close button. • The completed Advanced tab configuration should resemble the following screen. G-3000 Series User’s Guide...
  • Page 186: Second Rx Vlan Id Example

    15.2.4 Second Rx VLAN ID Example In this example, the ZyXEL Device is configured to tag packets from SSID01 with VLAN ID 1 and tag packets from SSID02 with VLAN ID 2. VLAN 1 and VLAN 2 have access to a server, S, and the Internet, as shown in the following figure.
  • Page 187: Second Rx Vlan Setup Example

    SSID (SSID03) on the ZyXEL Device. This example has the ZyXEL Device tag outgoing packets from clients in SSID03 with a VLAN ID of 3, and forward incoming packets with a VLAN ID of 3 or 4 to SSID03.
  • Page 188: Figure 117 Configuring Ssid: Second Rx Vlan Id Example

    173). If no devices are in the management VLAN, then you will not be able to access the ZyXEL Device through the network. If the ZyXEL Device has no console port, you will have to restore the default configuration file.
  • Page 189: Maintenance

    16.2 System Status Screen Click MAINTENANCE to open the System Status screen, where you can use to monitor your ZyXEL Device. Note that these labels are READ-ONLY and are meant to be used for diagnostic purposes. Figure 118 System Status The following table describes the labels in this screen.
  • Page 190: System Statistics

    The Ethernet port must use the same speed or duplex mode setting as the peer Ethernet port in order to connect. This shows the transmission speed only for the wireless port. G-3000 Series User’s Guide...
  • Page 191: Association List

    Click this button to stop refreshing statistics. 16.3 Association List View the wireless stations that are currently associated with the ZyXEL Device in the Association List screen. Click MAINTENANCE and then the Association List tab to display the screen as shown next.
  • Page 192: Channel Usage

    MAC Address This field displays the MAC address of an associated wireless station. Association Time This field displays the time a wireless station first associated with the ZyXEL Device. Name (SSID) This field displays the SSID to which the wireless station is associated.
  • Page 193: F/W Upload Screen

    Click Refresh to reload the screen. 16.5 F/W Upload Screen Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a "*.bin" extension. The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot. See the Firmware and Configuration File Maintenance chapter for upgrading firmware using FTP/TFTP commands.
  • Page 194: Figure 123 Firmware Upload In Process

    Click Upload to begin the upload process. This process may take up to two minutes. Do not turn off the ZyXEL Device while firmware upload is in progress! After you see the Firmware Upload in Process screen, wait two minutes before logging into the ZyXEL Device again.
  • Page 195: Configuration Screen

    Chapter 25 on page 237 for information on how to transfer configuration files using FTP/ TFTP commands. Click MAINTENANCE > Configuration. Information related to factory defaults, backup configuration, and restoring configuration appears as shown next. Figure 126 Configuration G-3000 Series User’s Guide...
  • Page 196: Backup Configuration

    Backup configuration allows you to back up (save) the ZyXEL Device’s current configuration to a file on your computer. Once your ZyXEL Device is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes.
  • Page 197: Back To Factory Defaults

    If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default ZyXEL Device IP address (192.168.1.2). See your Quick Start Guide for details on how to set up your computer’s IP address.
  • Page 198: Figure 131 Restart Screen

    Chapter 16 Maintenance Figure 131 Restart Screen G-3000 Series User’s Guide...
  • Page 199: Smt And Troubleshooting

    SMT and Troubleshooting Introducing the SMT (201) General Setup (207) LAN Setup (209) SNMP Configuration (225) System Security (227) System Information and Diagnosis (231) Firmware and Configuration File Maintenance (237) System Maintenance and Information (249) Troubleshooting (255)
  • Page 201: Introducing The Smt

    • No parity, 8 data bits, 1 stop bit, flow control set to none. 17.1.1 Initial Screen When you turn on your ZyXEL Device, it performs several internal tests as well as line initialization. After the tests, the ZyXEL Device asks you to press [ENTER] to continue, as shown next.
  • Page 202: Connect To Your Zyxel Device Using Telnet

    Please note that if there is no activity for longer than five minutes (default timeout period) after you log in, your ZyXEL Device will automatically log you out. You will then have to log into the ZyXEL Device again. You can use the web configurator or the CI commands to change the inactivity time out period.
  • Page 203: Navigating The Smt Interface

    Note that as you type a password, the screen displays an asterisk “*” for each character you type. 17.5 Navigating the SMT Interface You can use the SMT to configure and monitor your ZyXEL Device. Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below.
  • Page 204: Smt Main Menu Summary

    LAN Setup Use this menu to set up your LAN and WLAN connection. Dial-in User Setup Use this menu to set up local user profiles on the ZyXEL Device. VLAN Setup Use this menu to set up your VLAN ID.
  • Page 205: Smt Menus Overview

    Chapter 17 Introducing the SMT 17.6 SMT Menus Overview The following table gives you an overview of your ZyXEL Device’s various SMT menus. Table 69 SMT Menus Overview MENUS SUB MENUS 1 General Setup 1.1 Configure Dynamic DNS 3 LAN Setup 3.2 TCP/IP Setup...
  • Page 206 Chapter 17 Introducing the SMT G-3000 Series User’s Guide...
  • Page 207: General Setup

    The Domain Name entry is what is propagated to the DHCP clients on the LAN. While you must enter the host name (System Name) on each individual computer, the domain name can be assigned from the ZyXEL Device via DHCP. 18.1.1 Procedure To Configure Menu 1 Enter 1 in the Main Menu to open Menu 1 –...
  • Page 208 User-Defined in the field above. ENTER When you have completed this menu, press [ ] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ ] at any time to cancel. G-3000 Series User’s Guide...
  • Page 209: Lan Setup

    H A P T E R LAN Setup This chapter shows you how to configure the LAN on your ZyXEL Device. 19.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 – LAN Setup. From the main menu, enter 3 to display menu 3.
  • Page 210: Wireless Lan Setup

    19.3 Wireless LAN Setup Use menu 3.5 to set up your ZyXEL Device as the wireless access point. To edit menu 3.5, enter 3 from the main menu to display Menu 3 – LAN Setup. When menu 3 appears, press 5 and then press [ENTER] to display Menu 3.5 –...
  • Page 211: Table 72 Menu 3.5 Wireless Lan Setup

    Select SSID Profile This field is available when you select AP or AP+bridge as the operating mode. Press [SPACE BAR] to select a SSID for the ZyXEL Device to use. Edit Bridge Link Use [SPACE BAR] to choose Yes and press [ENTER] to go to Menu 3.5.4 - Configuration Bridge Link Configuration.
  • Page 212: Configuring Mac Address Filter

    No if you want to allow intra-BSS traffic. Output Power Set the output power of the ZyXEL Device in this field. If there is a high density of APs within an area, decrease the output power of the ZyXEL Device to reduce interference with other APs.The options are 17dBm (50mW), 15dBm...
  • Page 213: Figure 141 Menu 3.5 Wireless Lan Setup

    00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 ---------------------------------------------------------------------------- Enter here to CONFIRM or ESC to CANCEL: G-3000 Series User’s Guide...
  • Page 214: Configuring Roaming

    Define the filter action for the list of MAC addresses in the MAC address filter table. To deny access to the ZyXEL Device, press [SPACE BAR] to select Deny Association and press [ENTER]. MAC addresses not listed will be allowed to access the router.
  • Page 215: Configuring Bridge Link

    [ESC] to cancel and go back to the previous screen. 19.3.3 Configuring Bridge Link Follow the steps below to configure bridge link on your ZyXEL Device. 1 From the main menu, enter 3 to open Menu 3 – LAN Setup.
  • Page 216: Figure 145 Menu 3.5 Wireless Lan Setup

    Enable Link 4= No Peer MAC Address= 0b:16:21:2c:37:3f PSK= ******** Enable Link 5= Yes Peer MAC Address= 0b:16:21:2c:37:40 PSK= ******** Enable WDS Security= Yes Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle. G-3000 Series User’s Guide...
  • Page 217: Configuring Layer-2 Isolation

    System (WDS) is a wireless connection between two or more APs. When you select Yes, you are prompted to type a Pre-Shared Key (PSK) in the PSK fields of each bridge link you want to configure. The ZyXEL Device uses TKIP to encrypt traffic on the WDS between AP’s.
  • Page 218: Configuring Ssid Profiles

    [ESC] to cancel and go back to the previous screen. 19.3.5 Configuring SSID Profiles When the ZyXEL Device is set to MESSID mode, you need to choose the SSID profile(s) you want to use in your wireless network (see Section 6.6 on page 78...
  • Page 219: Figure 149 Menu 3.5 Wireless Lan Setup

    Active= No Active= No 2 SSID01 6 SSID01 Active= No Active= No 3 SSID01 7 SSID01 Active= No Active= No 4 SSID01 8 SSID01 Active= No Active= No Press ENTER to Confirm or ESC to Cancel: G-3000 Series User’s Guide...
  • Page 220: Table 77 Menu 3.5.6 - Ssid Profile Edit

    FIELD DESCRIPTION An SSID profile is the set of parameters relating to one of the ZyXEL Device’s ESSs. The SSID (Service Set IDentifier) identifies the Service Set with which a wireless station is associated. Wireless stations associating with the access point (AP) must have the same SSID.
  • Page 221: Dial-In User Setup

    This chapter shows you how to create user accounts on the ZyXEL Device. 20.1 Dial-in User Setup By storing user profiles locally, your ZyXEL Device is able to authenticate wireless users without interacting with a network RADIUS server. Follow the steps below to set up user profiles on your ZyXEL Device.
  • Page 222: Table 78 Menu 14.1- Edit Dial-In User

    Enter a password up to 31 characters long for this user profile. When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen. G-3000 Series User’s Guide...
  • Page 223: Vlan Setup

    VLAN. 21.1 VLAN Setup When VLAN is enabled, you must connect the ZyXEL Device to a VLAN-aware device that is a member of the management VLAN in order to manage it through the network. See the example of configuring a management VLAN Section 15.2.2 on page 176...
  • Page 224: Figure 153 Menu 16 Vlan Setup

    Enter a number from 1 to 4094 to define this VLAN group. Name Type a name to have the ZyXEL Device check for specific VLAN attributes on incoming messages from the RADIUS server. Access-accept packets sent by the RADIUS server contain VLAN related attributes. The configured Name fields are checked against these attributes.
  • Page 225: Snmp Configuration

    Trusted Host If you enter a trusted host, your ZyXEL Device will only respond to SNMP messages from this address. A blank (default) field means your ZyXEL Device will respond to all SNMP messages it receives, regardless of source.
  • Page 226 Type the IP address of the station to send your SNMP traps to. When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen. G-3000 Series User’s Guide...
  • Page 227: System Security

    H A P T E R System Security This chapter describes how to configure the ZyXEL Device’s system password and wireless LAN security profiles. 23.1 System Password Section 17.4 on page 202 for how to change the system password. 23.2 Configuring Wireless Security Profiles The following screens are configurable only in Access Point, AP+Bridge and MESSID operating modes only.
  • Page 228: Figure 156 Menu 23.5 - Security Profile Edit

    Authentication Press [SPACE BAR] and then [ENTER] to select which authentication Databases databases the ZyXEL Device uses and in what order. Select Local User Database Only to have the system use the internal user account database. Select RADIUS Only to have the system use an external RADIUS server.
  • Page 229 Timer(in second) keying process is the WPA equivalent of automatically changing the group key for an AP and all stations in a WLAN on a periodic basis. The ZyXEL Device default is 1800 seconds (30 minutes). WPA-PSK and WPA2-PSK use a simple common password (called a pre- shared key or PSK), instead of user-specific credentials.
  • Page 230 Chapter 23 System Security G-3000 Series User’s Guide...
  • Page 231: System Information And Diagnosis

    The first selection, System Status gives you information on the status and statistics of the ports, as shown next. System Status is a tool that can be used to monitor your ZyXEL Device. Specifically, it gives you information on your Ethernet and Wireless LAN status, and the number of packets sent and received.
  • Page 232: Figure 158 Menu 24.1 System Maintenance: Status

    Table 82 Menu 24.1 System Maintenance: Status FIELD DESCRIPTION Port This is the port, either Ethernet or wireless. For the G-3000, the built-in wireless adapter is WLAN1 and the removable wireless adapter is WLAN 2. Status This shows the status of the port’s connection.
  • Page 233: System Information

    2. Console Port Speed Please enter selection: If you ZyXEL Device does not have an external console port, these settings are for an internal console port for support personnel only. Do not open the ZyXEL Device as it will void your warranty.
  • Page 234: Console Port Speed

    Console Port Speed: 9600 Press ENTER to Confirm or ESC to Cancel: After you changed your ZyXEL Device’s console port speed, you must also make the same change to the console port speed parameter of your communication software. 24.3 Log and Trace Your ZyXEL Device provides error logs and trace records that are stored locally.
  • Page 235: Diagnostic

    3 Enter 1 from Menu 24.3 – System Maintenance – Log and Trace and press [ENTER] twice to display the error log in the system. After the ZyXEL Device finishes displaying the error log, you will have the option to clear it. Samples of typical error and information messages are presented in the next figure.
  • Page 236: Table 84 Menu 24.4 System Maintenance Menu: Diagnostic

    2 From this menu, type 4. Diagnostic to open Menu 24.4 – System Maintenance – Diagnostic. The following table describes the diagnostic tests available in menu 24.4 for your ZyXEL Device and the connections. Table 84 Menu 24.4 System Maintenance Menu: Diagnostic...
  • Page 237: Firmware And Configuration File Maintenance

    The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password and TCP/IP Setup, etc. It arrives from ZyXEL with a rom filename extension. Once you have customized the ZyXEL Device's settings, they can be saved back to your computer under a filename of your choosing.
  • Page 238: Backup Configuration

    The following table is a summary. Please note that the internal filename refers to the filename on the ZyXEL Device and the external filename refers to the filename not on the ZyXEL Device, that is, on your computer, local network or FTP site and so the name (but not the extension) will vary.
  • Page 239: Using The Ftp Command From The Dos Prompt

    4 Enter your management password as requested. The default is 1234. 5 Enter “bin” to set transfer mode to binary. 6 Use “get” to transfer files from the ZyXEL Device to the computer, for example, “get rom-0 config.rom” transfers the configuration file on the ZyXEL Device to your computer and renames it “config.rom”.
  • Page 240: Backup Configuration Using Tftp

    To use TFTP, your computer must have both telnet and TFTP clients. To backup the configuration file, follow the procedure shown next: 1 Use telnet from your computer to connect to the ZyXEL Device and log in. Because TFTP does not have any security checks, the ZyXEL Device records the IP address of the telnet client and accepts TFTP requests only from this address.
  • Page 241: Backup Via Console Port

    4 After a successful backup you will see the following screen. Press any key to return to the SMT menu. Figure 170 Successful Backup Confirmation Screen ** Backup Configuration completed. OK. ### Hit any key to continue.### G-3000 Series User’s Guide...
  • Page 242: Restore Configuration

    Menu 24.6 –- System Maintenance – Restore Configuration allows you to restore the configuration via FTP or TFTP to your ZyXEL Device. The preferred method is FTP. Note that this function erases the current configuration before restoring the previous backup configuration;...
  • Page 243: Firmware Upload

    FTP is the preferred method for uploading the firmware and configuration. To use this feature, your computer must have an FTP client. When you telnet into the ZyXEL Device, you will see the following screens for uploading firmware and the configuration file using FTP.
  • Page 244: Using The Ftp Command From The Dos Prompt Example

    4 Enter your management password as requested. The default is 1234. 5 Enter “bin” to set transfer mode to binary. 6 Use “put” to transfer files from the computer to the ZyXEL Device for example “put firmware.bin ras” transfers the firmware on your computer (firmware.bin) to the ZyXEL Device and renames it “ras”.
  • Page 245: Tftp File Upload

    1 Use telnet from your computer to connect to the ZyXEL Device and log in. Because TFTP does not have any security checks, the ZyXEL Device records the IP address of the telnet client and accepts TFTP requests only from this address.
  • Page 246: Example: Tftp Command

    “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the ZyXEL Device’s IP address, “put” transfers the file source on the computer (firmware.bin – name of the firmware on the computer) to the file destination on the remote host (ras - name of the firmware on the ZyXEL Device).
  • Page 247: Uploading Configuration File Via Console Port

    Choose the Xmodem protocol. Then click Send. After the firmware upload process has completed, the ZyXEL Device will automatically restart. 25.4.9 Uploading Configuration File Via Console Port The console port does not apply to all models. 1 Select 2 from Menu 24.7 – System Maintenance – Upload Firmware to display Menu 24.7.2 –...
  • Page 248: Example Xmodem Configuration Upload Using Hyperterminal

    Figure 179 Example Xmodem Upload Type the configuration file’s location, or click Browse to search for it. Choose the Xmodem protocol. Then click Send. After the configuration upload process has completed, restart the ZyXEL Device by entering “atgo” G-3000 Series User’s Guide...
  • Page 249: System Maintenance And Information

    Enter the CI from the SMT by selecting menu 24.8. See the included disk or the zyxel.com web site for more detailed information on CI commands. Enter 8 from Menu 24 – System Maintenance. A list of valid commands can be found by typing help or ? at the command prompt.
  • Page 250: Command Syntax

    Chapter 26 System Maintenance and Information Figure 181 Valid CI Commands Copyright (c) 1994 - 2005 ZyXEL Communications Corp. ras> ? Valid commands are: exit ether wlan bridge certificates 8021x radserv wcfg ras> 26.1.1 Command Syntax • The command keywords are in courier new font.
  • Page 251: Time And Date Setting

    26.2 Time and Date Setting The ZyXEL Device keeps track of the time and date. There is also a software mechanism to set the time manually or get the current time and date from an external server when you turn on your ZyXEL Device.
  • Page 252: Remote Management Setup

    You can configure your ZyXEL Device for remote Telnet access as shown next. Figure 183 Telnet Configuration on a TCP/IP Network 26.3.2 FTP You can upload and download ZyXEL Device firmware and configuration files using FTP. To use this feature, your computer must have an FTP client. 26.3.3 Web You can use the ZyXEL Device’s embedded web configurator for configuration and file...
  • Page 253: Remote Management Setup

    IP address to enhance security and flexibility. You can manage your ZyXEL Device from a remote location via: Internet (WLAN only), the LAN only, All (LAN and WLAN) or Disable (neither).
  • Page 254: Remote Management Limitations

    There is a system timeout of five minutes (300 seconds) for Telnet/web/FTP connections. Your ZyXEL Device will automatically log you out if you do nothing in this timeout period, except when it is continuously updating the status in menu 24.1 or when sys stdio has been changed on the command line.
  • Page 255: Troubleshooting

    1 Make sure you are using the power adaptor or cord included with the ZyXEL Device. 2 Make sure the power adaptor or cord is connected to the ZyXEL Device and plugged in to an appropriate power source. Make sure the power source is turned on.
  • Page 256 Section 27.1 on page 255. 4 Make sure your computer is in the same subnet as the ZyXEL Device. (If you know that there are routers between your computer and the ZyXEL Device, skip this step.) • If there is no DHCP server on your network, make sure your computer’s IP address is in the same subnet as the ZyXEL Device.
  • Page 257: Internet Access

    2 You cannot log in to the web configurator while someone is using the SMT or Telnet to access the ZyXEL Device. Log out of the ZyXEL Device in the other session, or ask the person who is logged in to log out.
  • Page 258 The Internet connection is slow or intermittent. 1 There might be a lot of traffic on the network. Look at the LEDs. If the ZyXEL Device is sending or receiving a lot of information, try closing some programs that use the Internet, especially peer-to-peer applications.
  • Page 259: Appendices And Index

    Appendices and Index Product Specifications (261) Setting up Your Computer’s IP Address (267) IP Addresses and Subnetting (283) IP Address Assignment Conflicts (291) Wireless LANs (295) Pop-up Windows, JavaScripts and Java Permissions (309) Importing Certificates (315) Text File Based Auto Configuration (327) Legal Information (349) Customer Support (353) Index (357)
  • Page 261: Appendix A Product Specifications

    External Antenna Two 2dBi (Max) Dual detachable antennas with reverse SMA connectors. When you face the front of the ZyXEL Device, the antenna on the right is the main antenna. The main antenna can both transmit and receive. The antenna on the left only receives.
  • Page 262: Table 92 Firmware Specifications

    Internal RADIUS Server The G-3000 has a built-in RADIUS server that can authenticate wireless clients or other AP’s in other wireless networks. The G-3000 can function as an AP and as a RADIUS server at the same time. Layer 2 isolation...
  • Page 263: Table 93 G-3000 North American Plug Standards

    SNMP (Simple Network Management Protocol) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your ZyXEL Device supports SNMP agent functionality, which allows a manger station to manage and monitor the ZyXEL Device through the network.
  • Page 264: Table 96 G-3000 United Kingdom Plug Standards

    Input Power AC100Volts/ 50/60Hz/ 27VA Output Power DC12Volts/1.2A Power Consumption 10 W Safety Standards T-Mark (Japan Dentori) Table 98 G-3000 Australia and New Zealand plug standards AC Power Adaptor Model AD-1201200DS or AD-121200DS Input Power AC240Volts/50Hz/0.2A Output Power DC12Volts/1.2A Power Consumption...
  • Page 265: Table 102 G-3000H Australia And New Zealand Plug Standards

    Table 104 Power over Ethernet Injector RJ-45 Port Pin Assignments RJ-45 SIGNAL PIN NO ASSIGNMENT Output Transmit Data + Output Transmit Data - 1 2 3 4 5 6 7 8 Receive Data + Power + Power + Receive Data - Power - Power - G-3000 Series User’s Guide...
  • Page 266 Appendix A Product Specifications G-3000 Series User’s Guide...
  • Page 267: Appendix B Setting Up Your Computer's Ip Address

    After the appropriate TCP/IP components are installed, configure the TCP/IP settings in order to "communicate" with your network. If you manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the ZyXEL Device’s LAN port. Windows 95/98/Me Click Start, Settings, Control Panel and double-click the Network icon to open the Network window.
  • Page 268: Figure 185 Windows 95/98/Me: Network: Configuration

    2 Select Client and then click Add. 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. G-3000 Series User’s Guide...
  • Page 269: Figure 186 Windows 95/98/Me: Tcp/Ip Properties: Ip Address

    • If you do not know your DNS information, select Disable DNS. • If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in). G-3000 Series User’s Guide...
  • Page 270: Figure 187 Windows 95/98/Me: Tcp/Ip Properties: Dns Configuration

    5 Click OK to save and close the TCP/IP Properties window. 6 Click OK to close the Network window. Insert the Windows CD if prompted. 7 Turn on your ZyXEL Device and restart your computer when prompted. Verifying Settings 1 Click Start and then Run.
  • Page 271: Figure 188 Windows Xp: Start Menu

    Figure 188 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 189 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. G-3000 Series User’s Guide...
  • Page 272: Figure 190 Windows Xp: Control Panel: Network Connections: Properties

    • If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. • Click Advanced. G-3000 Series User’s Guide...
  • Page 273: Figure 192 Windows Xp: Internet Protocol (Tcp/Ip) Properties

    To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. • Click OK when finished. G-3000 Series User’s Guide...
  • Page 274: Figure 193 Windows Xp: Advanced Tcp/Ip Properties

    • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. G-3000 Series User’s Guide...
  • Page 275: Figure 194 Windows Xp: Internet Protocol (Tcp/Ip) Properties

    Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT). 11 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings 1 Click Start, All Programs, Accessories and then Command Prompt. 2 In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab.
  • Page 276: Figure 195 Macintosh Os 8/9: Apple Menu

    2 Select Ethernet built-in from the Connect via list. Figure 196 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: • From the Configure box, select Manually. G-3000 Series User’s Guide...
  • Page 277: Figure 197 Macintosh Os X: Apple Menu

    • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. 5 Close the TCP/IP Control Panel.
  • Page 278: Figure 198 Macintosh Os X: Network

    • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. 5 Click Apply Now and close the window.
  • Page 279: Figure 199 Red Hat 9.0: Kde: Network Configuration: Devices

    Figure 199 Red Hat 9.0: KDE: Network Configuration: Devices 2 Double-click on the profile of the network card you wish to configure. The Ethernet Device General screen displays as shown. Figure 200 Red Hat 9.0: KDE: Ethernet Device: General G-3000 Series User’s Guide...
  • Page 280: Figure 201 Red Hat 9.0: Kde: Network Configuration: Dns

    Ethernet card). Open the eth0 eth0 configuration file with any plain text editor. • If you have a dynamic IP address, enter in the field. The dhcp BOOTPROTO= following figure shows an example. G-3000 Series User’s Guide...
  • Page 281: Figure 203 Red Hat 9.0: Dynamic Ip Address Setting In Ifconfig-Eth0

    Figure 206 Red Hat 9.0: Restart Ethernet Card [root@localhost init.d]# network restart Shutting down interface eth0: [OK] Shutting down loopback interface: [OK] Setting network parameters: [OK] Bringing up loopback interface: [OK] Bringing up interface eth0: [OK] G-3000 Series User’s Guide...
  • Page 282: Figure 207 Red Hat 9.0: Checking Tcp/Ip Properties

    Bcast:172.23.19.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:717 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:730412 (713.2 Kb) TX bytes:1570 (1.5 Kb) Interrupt:10 Base address:0x1000 [root@localhost]# G-3000 Series User’s Guide...
  • Page 283: Appendix C Ip Addresses And Subnetting

    Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal. The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. G-3000 Series User’s Guide...
  • Page 284: Figure 208 Network Number And Host Id

    Subnet masks can be referred to by the size of the network number part (the bits with a “1” value). For example, an “8-bit mask” means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes. G-3000 Series User’s Guide...
  • Page 285: Table 106 Subnet Masks

    For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with subnet mask 255.255.255.128. The following table shows some possible subnet masks using both notations. Table 108 Alternative Subnet Mask Notation ALTERNATIVE LAST OCTET LAST OCTET SUBNET MASK NOTATION (BINARY) (DECIMAL) 255.255.255.0 0000 0000 255.255.255.128 1000 0000 G-3000 Series User’s Guide...
  • Page 286: Figure 209 Subnetting Example: Before Subnetting

    The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. The following figure shows the company network after subnetting. There are now two sub- networks, A and B. G-3000 Series User’s Guide...
  • Page 287: Figure 210 Subnetting Example: After Subnetting

    LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE IP Address (Decimal) 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 00000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.1 192.168.1.0 Broadcast Address: Highest Host ID: 192.168.1.62 192.168.1.63 G-3000 Series User’s Guide...
  • Page 288: Table 110 Subnet 2

    Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet. Table 113 Eight Subnets SUBNET LAST BROADCAST SUBNET FIRST ADDRESS ADDRESS ADDRESS ADDRESS G-3000 Series User’s Guide...
  • Page 289: Table 114 24-Bit Network Number Subnet Planning

    255.255.128.0 (/17) 32766 255.255.192.0 (/18) 16382 255.255.224.0 (/19) 8190 255.255.240.0 (/20) 4094 255.255.248.0 (/21) 2046 255.255.252.0 (/22) 1022 255.255.254.0 (/23) 255.255.255.0 (/24) 255.255.255.128 (/25) 255.255.255.192 (/26) 1024 255.255.255.224 (/27) 2048 255.255.255.240 (/28) 4096 255.255.255.248 (/29) 8192 G-3000 Series User’s Guide...
  • Page 290: Private Ip Addresses

    You must also enable Network Address Translation (NAT) on the ZyXEL Device. Once you have decided on the network number, pick an IP address for your ZyXEL Device that is easy to remember (for instance, 192.168.1.1) but make sure that no other device on your network is using that IP address.
  • Page 291: Appendix D Ip Address Assignment Conflicts

    You must set the ZyXEL Device to use different LAN and WAN IP addresses on different subnets if you enable DHCP server on the ZyXEL Device. For example, you set the WAN IP address to 192.59.1.1 and the LAN IP address to 10.59.1.1. Otherwise, It is recommended the ZyXEL Device use a public WAN IP address.
  • Page 292: Figure 212 Ip Address Conflicts: Case B

    Appendix D IP Address Assignment Conflicts Figure 212 IP Address Conflicts: Case B To solve this problem, make sure the ZyXEL Device LAN IP address is not in the DHCP IP address pool. Case C: The Subscriber IP address is the same as the IP...
  • Page 293: Figure 214 Ip Address Conflicts: Case D

    Appendix D IP Address Assignment Conflicts Figure 214 IP Address Conflicts: Case D This problem can be solved by adding a VLAN-enabled switch or set the computers to obtain IP addresses dynamically. G-3000 Series User’s Guide...
  • Page 294 Appendix D IP Address Assignment Conflicts G-3000 Series User’s Guide...
  • Page 295: Appendix E Wireless Lans

    A and B can access the wired network and communicate with each other. When Intra-BSS is disabled, wireless client A and B can still access the wired network but cannot communicate with each other. G-3000 Series User’s Guide...
  • Page 296: Figure 216 Basic Service Set

    An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless clients within the same ESS must have the same ESSID in order to communicate. G-3000 Series User’s Guide...
  • Page 297: Figure 217 Infrastructure Wlan

    (AP) or wireless gateway, but out-of-range of each other, so they cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other. G-3000 Series User’s Guide...
  • Page 298: Figure 218 Rts/Cts

    AP will fragment the packet into smaller data frames. A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. G-3000 Series User’s Guide...
  • Page 299: Table 116 Ieee 802.11G

    5.5 / 11 CCK (Complementary Code Keying) 6/9/12/18/24/36/48/54 OFDM (Orthogonal Frequency Division Multiplexing) Wireless Security Overview Wireless security is vital to your network to protect wireless communication between wireless clients, access points and the wired network. G-3000 Series User’s Guide...
  • Page 300: Table 117 Wireless Security Levels

    Appendix E Wireless LANs Wireless security methods available on the ZyXEL Device are data encryption, wireless client authentication, restricting access by device MAC address and hiding the ZyXEL Device identity. The following figure shows the relative effectiveness of these wireless security methods available on your ZyXEL Device.
  • Page 301: Types Of Radius Messages

    EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication. The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that supports IEEE 802.1x. . G-3000 Series User’s Guide...
  • Page 302 However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco. LEAP LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x. G-3000 Series User’s Guide...
  • Page 303: Table 118 Comparison Of Eap Authentication Types

    If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not. Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure than WPA or WPA2. G-3000 Series User’s Guide...
  • Page 304 AP and does not need to go with the authentication process again. Pre-authentication enables fast roaming by allowing the wireless client (already connecting to an AP) to perform IEEE 802.1x authentication with another AP before connecting to it. G-3000 Series User’s Guide...
  • Page 305: Figure 219 Wpa(2) With Radius Application Example

    2 The AP checks each wireless client's password and (only) allows it to join the network if the password matches. 3 The AP and wireless clients use the pre-shared key to generate a common PMK (Pairwise Master Key). G-3000 Series User’s Guide...
  • Page 306: Figure 220 Wpa(2)-Psk Authentication

    An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air. G-3000 Series User’s Guide...
  • Page 307: Antenna Characteristics

    In general, antennas should be mounted as high as practically possible and free of obstructions. In point-to–point application, position both antennas at the same height and in a direct line of sight to each other to attain the best performance. G-3000 Series User’s Guide...
  • Page 308 For a single AP application, place omni-directional antennas as close to the center of the coverage area as possible. For directional antennas, point the antenna in the direction of the desired coverage area. G-3000 Series User’s Guide...
  • Page 309: Appendix F Pop-Up Windows, Javascripts And Java Permissions

    1 In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker. Figure 221 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. 1 In Internet Explorer, select Tools, Internet Options, Privacy. G-3000 Series User’s Guide...
  • Page 310: Figure 222 Internet Options: Privacy

    Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen. G-3000 Series User’s Guide...
  • Page 311: Figure 223 Internet Options: Privacy

    3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 224 Pop-up Blocker Settings G-3000 Series User’s Guide...
  • Page 312: Figure 225 Internet Options: Security

    3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window. G-3000 Series User’s Guide...
  • Page 313: Figure 226 Security Settings - Java Scripting

    2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window. Figure 227 Security Settings - Java G-3000 Series User’s Guide...
  • Page 314: Figure 228 Java (Sun)

    1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Figure 228 Java (Sun) G-3000 Series User’s Guide...
  • Page 315: Appendix G Importing Certificates

    Importing the ZyXEL Device’s Certificate into Internet Explorer For Internet Explorer to trust a self-signed certificate from the ZyXEL Device, simply import the self-signed certificate into your operating system as a trusted certification authority. To have Internet Explorer trust a ZyXEL Device certificate issued by a certificate authority, import the certificate authority’s certificate into your operating system as a trusted...
  • Page 316: Figure 230 Login Screen

    1 In Internet Explorer, double click the lock shown in the following screen. Figure 230 Login Screen 2 Click Install Certificate to open the Install Certificate wizard. Figure 231 Certificate General Information before Import 3 Click Next to begin the Install Certificate wizard. G-3000 Series User’s Guide...
  • Page 317: Figure 232 Certificate Import Wizard 1

    Appendix G Importing Certificates Figure 232 Certificate Import Wizard 1 4 Select where you would like to store the certificate and then click Next. Figure 233 Certificate Import Wizard 2 5 Click Finish to complete the Import Certificate wizard. G-3000 Series User’s Guide...
  • Page 318: Figure 234 Certificate Import Wizard 3

    Appendix G Importing Certificates Figure 234 Certificate Import Wizard 3 6 Click Yes to add the ZyXEL Device certificate to the root store. Figure 235 Root Certificate Store G-3000 Series User’s Guide...
  • Page 319: Figure 236 Certificate General Information After Import

    The SSL client needs a certificate if Authenticate Client Certificates is selected on the ZyXEL Device. You must have imported at least one trusted CA to the ZyXEL Device in order for the Authenticate Client Certificates to be active (see the Certificates chapter for details).
  • Page 320: Figure 237 Zyxel Device Trusted Ca Screen

    Appendix G Importing Certificates Figure 237 ZyXEL Device Trusted CA Screen The CA sends you a package containing the CA’s trusted certificate(s), your personal certificate(s) and a password to install the personal certificate(s). Installing the CA’s Certificate 1 Double click the CA’s trusted certificate to produce a screen similar to the one shown next.
  • Page 321: Figure 238 Ca Certificate Example

    Double-click the personal certificate given to you by the CA to produce a screen similar to the one shown next 1 Click Next to begin the wizard. Figure 239 Personal Certificate Import Wizard 1 G-3000 Series User’s Guide...
  • Page 322: Figure 240 Personal Certificate Import Wizard 2

    3 Enter the password given to you by the CA. Figure 241 Personal Certificate Import Wizard 3 4 Have the wizard determine where the certificate should be saved on your computer or select Place all certificates in the following store and choose a different location. G-3000 Series User’s Guide...
  • Page 323: Figure 242 Personal Certificate Import Wizard 4

    5 Click Finish to complete the wizard and begin the import process. Figure 243 Personal Certificate Import Wizard 5 6 You should see the following screen when the certificate is correctly installed on your computer. Figure 244 Personal Certificate Import Wizard 6 G-3000 Series User’s Guide...
  • Page 324: Figure 245 Access The Zyxel Device Via Https

    2 When Authenticate Client Certificates is selected on the ZyXEL Device, the following screen asks you to select a personal certificate to send to the ZyXEL Device. This screen displays even if you only have a single certificate as in the example.
  • Page 325 Appendix G Importing Certificates G-3000 Series User’s Guide...
  • Page 326 Appendix G Importing Certificates G-3000 Series User’s Guide...
  • Page 327: Appendix H Text File Based Auto Configuration

    You can have a different configuration file for each AP. You can also have multiple APs use the same configuration file. G-3000 Series User’s Guide...
  • Page 328: Table 120 Auto Configuration By Dhcp

    Specify the TFTP server IP address and file name from wcfg autocfg server [IP] which the AP is to download a configuration file whenever [filename] the AP starts up. Configuration Via SNMP You can configure and trigger the auto configuration remotely via SNMP. G-3000 Series User’s Guide...
  • Page 329: Figure 249 Configuration File Format

    If the version of the downloaded file is the same or smaller (older), the AP ignores the file. If the version of the downloaded file is larger (newer), the AP uses the file. G-3000 Series User’s Guide...
  • Page 330: Figure 250 Wep Configuration File Example

    1 wep key4 defgh wcfg security 1 wep keyindex 1 wcfg security save wcfg ssid 1 name ssid-wep wcfg ssid 1 security Test-wep wcfg ssid 1 l2iolation disable wcfg ssid 1 macfilter disable wcfg ssid save G-3000 Series User’s Guide...
  • Page 331: Figure 251 802.1X Configuration File Example

    3 groupkeytime 1800 wcfg security save wcfg ssid 3 name ssid-wpapsk wcfg ssid 3 security Test-wpapsk wcfg ssid 3 qos 4 wcfg ssid 3 l2siolation disable wcfg ssid 3 macfilter disable wcfg ssid save G-3000 Series User’s Guide...
  • Page 332: Figure 253 Wpa Configuration File Example

    Remember that the commands are applied in order. So for example, you would place the commands that create security and SSID profiles before the commands that tell the AP to use those profiles. G-3000 Series User’s Guide...
  • Page 333: Figure 254 Wlan Configuration File Example

    0 wlan ssidprofile ssid-wep !change operating mode -> MESSID mode, !then select ssid-wpapsk, ssid-wpa2psk as running WLAN profiles wlan opmode 3 wlan ssidprofile ssid-wpapsk ssid-wpa2psk ! set output power level to 50% wlan output power 2 G-3000 Series User’s Guide...
  • Page 334 Appendix H Text File Based Auto Configuration G-3000 Series User’s Guide...
  • Page 335: Appendix I Wireless Lan Manager

    SNMPc management software. The Wireless LAN Manager is referred to here as the EMS. The EMS uses ZyXEL’s proprietary Management Information Base (MIB). The proprietary MIB file is included on the CD with the EMS. You can also find it in the zipped file that contains the current firmware file.
  • Page 336: Figure 255 Ems Installation Wizard: Welcome Screen

    4 You must select the same directory where you installed SNMPc. Click Browse if it’s different from the destination folder shown. Click Next to continue. Figure 256 EMS Installation Wizard: Choose Destination Screen 5 When the installation process is complete, a screen displays as shown. Click Finish. G-3000 Series User’s Guide...
  • Page 337: Figure 257 Ems Installation Wizard: Complete Screen

    SNMPc Network Manager Startup Use the following steps to set whether or not SNMPc starts automatically each time you turn on your computer. 1 Click Start, Programs, SNMPc Network Manager, Startup System to manually start the SNMPc network manager. G-3000 Series User’s Guide...
  • Page 338: Figure 258 Starting The Snmpc Network Manager

    2 Click Config, System Startup..Figure 259 Accessing the SNMPc Startup Settings 3 Select Auto Startup check box if you want SNMPc to automatically start each time you turn on your computer, otherwise clear it. Click Close. G-3000 Series User’s Guide...
  • Page 339: Figure 260 Snmpc Task Setup Screen

    (such as the AP) that the standard MIB does not include. 1 From the SNMPc Network Manager main screen, click Config, Mib Database. Figure 261 Accessing the Compile Mibs Screen 2 In the Compile Mibs screen that displays, click Add. G-3000 Series User’s Guide...
  • Page 340: Figure 262 Compile Mibs Screen

    Appendix I Wireless LAN Manager Figure 262 Compile Mibs Screen 3 The Add Mib files... screen opens. Select zyxel-prowireless.mib in the list box and click OK. Figure 263 Add Mib files Screen 4 In the Compile Mibs screen, click Compile.
  • Page 341: Figure 265 Compile Mibs Confirm Screen

    6 This screen appears after the compiling finishes. Click OK. Figure 266 Compile Mib OK Screen 7 Finally click Done in the Compile Mibs screen. Proprietary MIBs The following objects are contained in the zyxel-prowireless.mib. Table 126 Proprietary MIBs ITEMS OBJECT ID (OID)
  • Page 342: Figure 267 Selecting The Root Subnet

    Figure 268 Accessing the MAP Object Properties Screen 3 In the MAP Object Properties screen, enter a descriptive device name and IP address for the device. Figure 269 MAP Object Properties: General 4 Click the Access tab. G-3000 Series User’s Guide...
  • Page 343: Figure 270 Map Object Properties: Access

    For security purposes, it is strongly recommended to change the Read Community and Read/Write Community on your AP. Write down this information and keep in a safe place so you will not forget it later. 6 An icon displays for the device. Figure 271 Device Icon G-3000 Series User’s Guide...
  • Page 344: Figure 272 Accessing The Discovery/Polling Agents Screen

    Figure 273 Discovery/Polling Agents Screen 3 After the device has been found, an icon and label appear in the network manager view window. Right-click the device icon and select Properties. Auto-discovery may take hours for a large and complex network. G-3000 Series User’s Guide...
  • Page 345: Figure 274 Device Icon

    AP. Then click OK. For security purposes, it is strongly recommended to change the Read Community and Read/Write Community on your AP. Write down this information and keep in a safe place so you will not forget it later. G-3000 Series User’s Guide...
  • Page 346: Figure 276 Wlm Ems Screen

    • Make sure that the computer you have installed the EMS on, is connected to the network where the device is located. • Make sure your computer’s Ethernet card is working properly. • Make sure that the device you want to manage is connected to the network and operating properly. G-3000 Series User’s Guide...
  • Page 347 Appendix I Wireless LAN Manager • If the problem still persists, uninstall and re-install the EMS software. G-3000 Series User’s Guide...
  • Page 348 Appendix I Wireless LAN Manager G-3000 Series User’s Guide...
  • Page 349: Appendix J Legal Information

    Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others.
  • Page 350 Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada. Viewing Certifications 1 Go to http://www.zyxel.com. 2 Select your product on the ZyXEL home page to go to that product's page. G-3000 Series User’s Guide...
  • Page 351: Zyxel Limited Warranty

    Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.
  • Page 352 Appendix J Legal Information G-3000 Series User’s Guide...
  • Page 353: Appendix K Customer Support

    • Telephone: +506-2017878 • Fax: +506-2015098 • Web Site: www.zyxel.co.cr • FTP Site: ftp.zyxel.co.cr • Regular Mail: ZyXEL Costa Rica, Plaza Roble Escazú, Etapa El Patio, Tercer Piso, San José, Costa Rica Czech Republic • E-mail: info@cz.zyxel.com • Telephone: +420-241-091-350 •...
  • Page 354 • E-mail: info@zyxel.fr • Telephone: +33-4-72-52-97-97 • Fax: +33-4-72-52-19-20 • Web Site: www.zyxel.fr • Regular Mail: ZyXEL France, 1 rue des Vergers, Bat. 1 / C, 69760 Limonest, France Germany • Support E-mail: support@zyxel.de • Sales E-mail: sales@zyxel.de • Telephone: +49-2405-6909-0 •...
  • Page 355 • Sales E-mail: sales@zyxel.com • Telephone: +1-800-255-4101, +1-714-632-0882 • Fax: +1-714-632-0858 • Web Site: www.us.zyxel.com • FTP Site: ftp.us.zyxel.com • Regular Mail: ZyXEL Communications Inc., 1130 N. Miller St., Anaheim, CA 92806- 2001, U.S.A. Norway • Support E-mail: support@zyxel.no • Sales E-mail: sales@zyxel.no •...
  • Page 356 Appendix K Customer Support • Web Site: www.zyxel.es • Regular Mail: ZyXEL Communications, Arte, 21 5ª planta, 28033 Madrid, Spain Sweden • Support E-mail: support@zyxel.se • Sales E-mail: sales@zyxel.se • Telephone: +46-31-744-7700 • Fax: +46-31-744-7701 • Web Site: www.zyxel.se • Regular Mail: ZyXEL Communications A/S, Sjöporten 4, 41764 Göteborg, Sweden Ukraine •...
  • Page 357: Index

    TFTP using web configuration file examples format rules backup 196, 238 configuration restore using FTP backup configuration using TFTP using console port using web using TFTP using web console port access Basic Service Set G-3000 Series User’s Guide...
  • Page 358 67, 207 guest SSID profile 87, 88 EAP Authentication Element Manager System. See EMS. hardware specifications hidden menus accessing hidden node installation HTML-based management system requirements troubleshooting HTTPS example encryption 89, 304 humidity error log G-3000 Series User’s Guide...
  • Page 359 MSDU (MAC Service Data Unit) 80, 108 multiple wireless networks layer-2 isolation 62, 115, 217 link type local user database log and trace log descriptions login Netscape Navigator version console port Network Address Translation telnet See NAT. web configurator logs G-3000 Series User’s Guide...
  • Page 360 See SSID. Quick Start Guide initial screen login screen menu overview password SNMP 137, 263 community RADIUS 60, 300 configuration Message Types manager Messages MIBs Shared Secret Key traps Rapid STP trusted host SNMPc Network Manager startup G-3000 Series User’s Guide...
  • Page 361 TFTP user profiles restore configuration System Management Terminal See SMT. system password system requirements for EMS system timeout 128, 254 Virtual Local Area Network see VLAN VLAN configuring management VLAN RADIUS G-3000 Series User’s Guide...
  • Page 362 WPA-PSK wireless client supplicant with RADIUS application with RADIUS application example WPA2 user authentication vs WPA2-PSK wireless client supplicant with RADIUS application example WPA2-Pre-Shared Key WPA2-PSK 60, 303, 304 application example G-3000 Series User’s Guide...

This manual is also suitable for:

G-3000hG-3000 series

Table of Contents