About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the ZyXEL Device using the web configurator. A basic knowledge of TCP/IP networking concepts and topology will be helpful but is not necessary.
Syntax Conventions • The G-3000 or G-3000H may be referred to as the “ZyXEL Device”, the “device”, the “product” or the “system” in this User’s Guide. • Product labels, screen names, field labels and field choices are all in bold font.
Page 5
Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Computer Notebook computer Server DSLAM Firewall Telephone Switch Router...
• If you wall mount your device, make sure that no electrical lines, gas or water pipes will be damaged. • The PoE (Power over Ethernet) devices that supply or receive power and their connected Ethernet cables must all be completely indoors. This product is recyclable. Dispose of it properly. G-3000 Series User’s Guide...
Page 7
Safety Warnings G-3000 Series User’s Guide...
Page 8
Safety Warnings G-3000 Series User’s Guide...
1.2.3 AP + Bridge ........................ 37 1.2.4 MESSID (Multiple Extended Service Set IDentifier) ........... 38 1.3 Ways to Manage the ZyXEL Device ..................39 1.4 Good Habits for Managing the ZyXEL Device ..............40 Chapter 2 Introducing the Web Configurator ..................41 2.1 Web Configurator Overview ....................
Page 12
5.4 Configuring Password ......................68 5.5 Configuring Time Setting ..................... 70 5.5.1 Resetting the Time ..................... 71 Chapter 6 Wireless Configuration......................73 6.1 Wireless LAN Overview ....................... 73 6.1.1 BSS ..........................73 6.1.2 ESS ..........................74 G-3000 Series User’s Guide...
Page 15
13.8 Creating a Certificate ....................... 153 13.9 My Certificate Details ....................... 156 13.10 Trusted CAs ........................159 13.11 Importing a Trusted CA’s Certificate ................161 13.12 Trusted CA Certificate Details ..................162 Chapter 14 Log Screens .......................... 165 G-3000 Series User’s Guide...
Page 16
14.2 Configuring Log Settings ....................167 14.3 Example Log Messages ....................169 14.4 Log Commands ....................... 170 14.4.1 Configuring What You Want the ZyXEL Device to Log .......... 170 14.4.2 Displaying Logs ...................... 171 14.5 Log Command Example ....................171 Chapter 15 VLAN ............................
Page 17
Table of Contents 17.1.1 Initial Screen ......................201 17.2 Connect to your ZyXEL Device Using Telnet ..............202 17.3 Entering the Password ....................202 17.4 Changing the System Password ..................202 17.5 Navigating the SMT Interface ..................203 17.5.1 SMT Main Menu Summary ..................204 17.6 SMT Menus Overview ....................
Page 18
26.1.3 Brute-Force Password Guessing Protection ............250 26.1.3.1 Configuring Brute-Force Password Guessing Protection: Example ..... 250 26.2 Time and Date Setting ..................... 251 26.3 Remote Management Setup .................... 252 26.3.1 Telnet ........................252 26.3.2 FTP ........................252 26.3.3 Web ........................252 G-3000 Series User’s Guide...
Page 19
26.4 System Timeout ....................... 254 Chapter 27 Troubleshooting........................255 27.1 Power, Hardware Connections, and LEDs ..............255 27.2 ZyXEL Device Access and Login ..................255 27.3 Internet Access ........................ 257 Part IV: Appendices and Index ............259 Appendix A Product Specifications..................261 Appendix B Setting up Your Computer’s IP Address............
Page 20
Table of Contents G-3000 Series User’s Guide...
Table 13 Wireless: Access Point ......................79 Table 14 Wireless: Bridge/Repeater ...................... 83 Table 15 Security Modes ........................91 Table 16 Security Modes for ZyXEL Device and Windows XP Wireless Client ........92 Table 17 Wireless Security Levels ......................93 Table 18 Security ........................... 94 Table 19 Security: No-Access ........................
Page 30
Table 77 Menu 3.5.6 - SSID Profile Edit ....................220 Table 78 Menu 14.1- Edit Dial-in User ....................222 Table 79 Menu 16 VLAN Setup ......................224 Table 80 Menu 22 SNMP Configuration ....................225 Table 81 Menu 3.5.6 - SSID Profile Edit ....................228 G-3000 Series User’s Guide...
Page 31
Table 96 G-3000 United Kingdom PLUG STANDARDS ..............264 Table 97 G-3000 Japan PLUG STANDARDS ..................264 Table 98 G-3000 Australia and New Zealand plug standards ............. 264 Table 99 G-3000H North American Plug Standards ................264 Table 100 G-3000H European Plug Standards ................... 264 Table 101 G-3000H United Kingdom Plug Standards .................
Page 32
List of Tables Table 125 Displaying the Auto Configuration Status ................330 Table 126 Proprietary MIBs ......................... 341 G-3000 Series User’s Guide...
4 MESSID Applications for each operating mode are shown below. The G-3000 also has an extension slot where you can add a second WLAN card. With two WLAN cards, the G-3000 can be set up with two different wireless configurations. For example, one card could function as a bridge/repeater and the other card could be in MESSID mode to support up to eight ESSIDs.
1.2.1 Access Point The ZyXEL Device is an ideal access solution for wireless Internet connection. A typical Internet access application for your ZyXEL Device is shown as follows. Stations A, B and C can access the wired network through the ZyXEL Devices.
Chapter 1 Introducing the ZyXEL Device Figure 2 Bridge Application Figure 3 Repeater Application 1.2.3 AP + Bridge In AP+Bridge mode, the ZyXEL Device supports both AP and bridge connection at the same time. G-3000 Series User’s Guide...
In the figure below, A and B use X as an AP to access the wired network, while X and Y communicate in bridge mode. When the ZyXEL Device is in AP+Bridge mode, you must use security for both the AP and bridge functions, or for neither. However, the security the ZyXEL Device uses between APs (the Wireless Distribution System or WDS) is different from the security between the wireless stations and the AP.
1.3 Ways to Manage the ZyXEL Device Use any of the following methods to manage the ZyXEL Device. • Web Configurator. This is recommended for everyday management of the ZyXEL Device using a (supported) web browser. • Command Line Interface. Line commands are mostly used for troubleshooting by service engineers.
User’s Guide. 1.4 Good Habits for Managing the ZyXEL Device Do the following things regularly to make the ZyXEL Device more secure and to manage it more effectively. • Change the password often. Use a password that’s not easy to guess and that consists of different types of characters, such as numbers and letters.
H A P T E R Introducing the Web Configurator This chapter describes how to access the ZyXEL Device’s web configurator and provides an overview of its screens. 2.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy ZyXEL Device setup and management via Internet browser.
If you do not change the password, the following screen appears every time you login. Figure 6 Change Password Screen 6 Click Apply in the Replace Certificate screen to create a certificate using your ZyXEL Device’s MAC address that will be specific to this device. Figure 7 Replace Certificate Screen You should now see the MAIN MENU screen.
Use the web configurator to restore defaults (refer to Chapter 16 on page 189). Transfer the configuration file to your ZyXEL Device using FTP. See the section on SMT configuration for more information. 2.4 Navigating the Web Configurator The following summarizes how to navigate the web configurator from the MAIN MENU screen.
Page 44
(Settings, Trusted AP and Trusted User), CERTIFICATES (My Certificates, Trusted CAs), LOGS (View Log and Log Settings) and VLAN. Click MAINTENANCE to view information about your ZyXEL Device or upgrade configuration/firmware files. Maintenance includes Status (Statistics), Association List, Channel Usage, F/W (firmware) Upload, Configuration (Backup, Restore and Default) and Restart.
The web configurator’s setup wizard helps you configure your ZyXEL Device for wireless stations to access your wired LAN. The wizard applies configuration settings to the ZyXEL Device’s built-in wireless card by default, even if you have installed another card.
In Windows XP, click Start, My Computer, View system information and then click the Computer Name tab. Note the entry in the Full computer name field and enter it as the ZyXEL Device System Name. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes "-"...
Name (SSID) in order to access the network. Choose Channel ID To manually set the ZyXEL Device to use a channel, select a channel from the drop-down list box. Open the Channel Usage screen to make sure the channel is not already used by another AP or independent peer-to-peer wireless network.
Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask. G-3000 Series User’s Guide...
Once you have decided on the network number, pick an IP address that is easy to remember, for instance, 192.168.1.2, for your ZyXEL Device, but make sure that no other device on your network is using that IP address.
Click OK to close the window and log in to the web configurator again using the new IP address if you change the default IP address (192.168.1.2). You have successfully set up the ZyXEL Device. A screen displays prompting you to close the web browser.
Chapter 3 Wizard Setup Figure 12 Wizard 4 : Setup Complete Well done! You have successfully set up your ZyXEL Device to operate on your network and access the Internet. G-3000 Series User’s Guide...
Page 52
Chapter 3 Wizard Setup G-3000 Series User’s Guide...
The ZyXEL Device is a repeater when it has no Ethernet connection and allows other APs to communicate with one another through the ZyXEL Device. • Use AP+Bridge operating mode if you want to use the ZyXEL Device as an access point (see above) while also communicating with other access points. See Section 1.2.3 on page...
4.2 How to Configure Multiple Wireless Networks In this example, you have been using your ZyXEL Device as an access point for your office network (See your Quick Start Guide for information on how to set up your ZyXEL Device in Access Point mode).
Log in to the ZyXEL Device (see Section 2.2 on page 41). Click WIRELESS > Wireless. The Wireless screen appears. In this example, the ZyXEL Device is set to Access Point operating mode, and is currently using the SSID04 profile. Figure 14 Tutorial: Wireless LAN: Before Select MESSID from the Operating Mode drop-down list box.
You cannot change this security profile without changing the security parameters for every SSID (including SSID4, the standard network), so you will use different security profiles for the different SSIDs. G-3000 Series User’s Guide...
Chapter 4 Tutorial Figure 16 Tutorial: WIRELESS > SSID You will use the first SSID for the Voice over IP (VoIP) network, so select SSID1’s radio button and click Edit. The following screen displays. G-3000 Series User’s Guide...
• Leave all the other fields at their defaults and click Apply. 4.2.2.1 Set Up Security for the VoIP Profile Now you need to configure the security settings to use on the VoIP wireless network. Click the Security tab. G-3000 Series User’s Guide...
You already chose to use the security02 profile for this network, so select the radio button for security02 and click Edit. The following screen appears. Figure 19 Tutorial: VoIP Security Profile Edit • Change the Name field to “VoIP_Security” to make it easier to remember and identify. G-3000 Series User’s Guide...
Internet). For this reason, you will enable layer-2 isolation for the Guest_SSID profile. “Layer-2 isolation” means that a client accessing the network via the Guest_SSID profile can access only certain pre-defined devices on the network (see Section 9.1 on page 115). G-3000 Series User’s Guide...
Now you need to configure the security settings to use on the guest wireless network. Click the Security tab. You already chose to use the security03 profile for this network, so select security03’s entry in the list and click Edit. The following screen appears. G-3000 Series User’s Guide...
Figure 24 Tutorial: Guest Security: Updated 4.2.3.2 Set up Layer-2 Isolation Configure layer-2 isolation to control the specific devices you want the users on your guest network to access. Click WIRELESS > Layer-2 Isolation. The following screen appears. G-3000 Series User’s Guide...
Select SSID Profile table, select the check box for the second index entry and select the Guest_SSID profile. Click Apply. Figure 26 Tutorial: Activate Guest Profile Your Guest wireless network is now ready to use. G-3000 Series User’s Guide...
2 isolation list). If you receive a reply, check the settings in the WIRELESS > Layer-2 Isolation screen, and ensure that layer 2 isolation is enabled in the Guest_SSID profile screen. G-3000 Series User’s Guide...
DESCRIPTION General Setup System Name Type a descriptive name to identify the ZyXEL Device in the Ethernet network. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes "-" and underscores "_" are accepted.
5.3 Administrator Authentication on RADIUS The administrator authentication on RADIUS feature lets a (external or internal) RADIUS server authenticate management logins to the ZyXEL Device. This is useful if you need to regularly change a password that you use to manage several ZyXEL Devices.
RADIUS Select the RADIUS server profile of the RADIUS server that is to authenticate management logins to the ZyXEL Device. The ZyXEL Device tests the user name and password against the RADIUS server when you apply your settings. • The user name and password must already be configured in the RADIUS server.
5.5 Configuring Time Setting To change your ZyXEL Device’s time and date, click SYSTEM > Time Setting. The screen appears as shown. Use this screen to configure the ZyXEL Device’s time based on your local time zone. Figure 29 Time Setting...
Select the time service protocol that your time server sends when you turn on the ZyXEL Device. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.
Page 72
Chapter 5 System Screens G-3000 Series User’s Guide...
H A P T E R Wireless Configuration This chapter discusses how to configure the Wireless screens on the ZyXEL Device. 6.1 Wireless LAN Overview This section introduces the wireless LAN (WLAN) and some basic scenarios. 6.1.1 BSS A Basic Service Set (BSS) exists when all communications between wireless stations or between a wireless station and a wired network client go through one access point (AP).
See the Wireless LANs Appendix for information on the following: • Wireless LAN Topologies • Channel • RTS/CTS • Fragmentation Threshold • Preamble Type • IEEE 802.1x • RADIUS • Types of Authentication • WPA • Security Parameters Summary G-3000 Series User’s Guide...
Network traffic can be classified by setting the ToS (Type Of Service) values at the data source (for example, at the ZyXEL Device) so a server can decide the best method of delivery, that is the least cost, fastest route and so on.
DSCP value in order to make the best use of WMM QoS. A Voice over IP (VoIP) device for example may allow you to define the DSCP value. The following table lists which WMM QoS priority level the ZyXEL Device uses for specific DSCP values.
Table 12 STP Port States PORT STATES DESCRIPTIONS Disabled STP is disabled (default). Blocking Only configuration and management BPDUs are received and processed. Listening All BPDUs are received and processed. G-3000 Series User’s Guide...
All BPDUs are received and processed. All information frames are received and forwarded. 6.5 Wireless Screen Overview The following is a list of the screens you can configure on the ZyXEL Device. 1 Configure the ZyXEL Device to operate in AP, AP+Bridge, Bridge/Repeater or MESSID mode in the Wireless screen (see Chapter 8 on page 105 for MESSID).
Set the operating frequency/channel depending on your particular region. Channel ID To manually set the ZyXEL Device to use a channel, select a channel from the drop-down list box. Click MAINTENANCE and then the Channel Usage tab to open the Channel Usage screen to make sure the channel is not already used by another AP or independent peer-to-peer wireless network.
Page 80
Device. Output Power Set the output power of the ZyXEL Device in this field. If there is a high density of APs in an area, decrease the output power of the ZyXEL Device to reduce interference with other APs. Select from 100% (Full Power), 50%, 25% and 12.5%.
Click Reset to begin configuring this screen afresh. 6.6.2 Bridge/Repeater Mode The ZyXEL Device can act as a wireless network bridge and establish wireless links with other APs. You need to know the MAC address of the peer device, which also must be in bridge mode.
The following examples show two network topologies that can lead to this problem: • If two or more ZyXEL Devices (in bridge mode) are connected to the same switch (as shown next). Figure 35 Bridge Loop: Two Bridges Connected to Switch •...
APs. Select the check box to encrypt the traffic between the APs. When you select the check box, need to configure a Pre-Shared Key (PSK) for each peer device. The ZyXEL Device uses TKIP to encrypt traffic on the WDS between APs.
6.6.3 AP+Bridge Mode Select AP+Bridge as the Operating Mode in the WIRELESS > Wireless screen to have the ZyXEL Device function as a bridge and access point simultaneously. See the section on applications for more information. Figure 38 Wireless: AP+Bridge See the tables describing the fields in the Access Point and Bridge/Repeater operating modes for descriptions of the fields in this screen.
6.6.4 MESSID Mode Select MESSID as the Operating Mode to display the screen. Refer to Chapter 8 on page 105 for configuration and detailed information. See Chapter 7 on page 87 for details on the security settings. G-3000 Series User’s Guide...
Page 86
Chapter 6 Wireless Configuration G-3000 Series User’s Guide...
Wireless security is vital to your network to protect wireless communication between wireless stations, access points and the wired network. Wireless security methods available on the ZyXEL Device are data encryption, wireless client authentication, restricting access by MAC address and hiding the ZyXEL Device’s identity.
Chapter 7 Wireless Security Configuration 7.1.4 Hide Identity If you hide the SSID, then the ZyXEL Device cannot be seen when a wireless client scans for local APs. The trade-off for the extra security of “hiding” the ZyXEL Device may be inconvenience for some valid WLAN clients.
Chapter 7 Wireless Security Configuration 2 The ZyXEL Device sends a “request identity” message to the wireless station for identity information. 3 The wireless station replies with identity information, including username and password. 4 The RADIUS server checks the user information against its user profile database and determines whether or not to authenticate the wireless station.
3 The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients. G-3000 Series User’s Guide...
Select this to use WPA with a pre-shared key. WPA2 Select this to use WPA2. WPA2-MIX Select this to use either WPA2 or WPA depending on which security mode the wireless client uses. WPA2-PSK Select this to use WPA2 with a pre-shared key. G-3000 Series User’s Guide...
The following table shows combinations of security modes between a Windows XP wireless client and the ZyXEL Device. Combinations of security modes not marked with a “O” or not listed may not be able to make a connection using the SSID.
Wi-Fi Protected Access (WPA) Most Secure WPA2 If you do not enable any wireless security on your ZyXEL Device, your network is accessible to any wireless networking device within range. 7.10 Configuring Security The following screens are configurable only in Access Point, AP+Bridge and MESSID operating modes only.
Select an entry from the list and click Edit to configure security settings for that profile. The next screen varies according to the Security Mode you select. 7.10.1 Security: None Select None in the Security Mode field to allow all wireless clients access to the ZyXEL Device. G-3000 Series User’s Guide...
Reset Click Reset to begin configuring this screen afresh. 7.10.2 Security: No-Access Select No-Access in the Security Mode field to block all wireless access to the ZyXEL Device. Figure 44 Security: No-Access The following table describes the labels in this screen.
Select Auto, Open System or Shared Key from the drop-down list box. Method The default setting is Auto. ASCII Select this option to enter ASCII characters as the WEP keys. Select this option to enter hexadecimal characters as the WEP keys. The preceding “0x” is entered automatically. G-3000 Series User’s Guide...
LABEL DESCRIPTION Key 1 to The WEP keys are used to encrypt data. Both the ZyXEL Device and the wireless stations must use the same WEP key for data transmission. Key 4 If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F").
RADIUS server has priority. Idle Timeout The ZyXEL Device automatically disconnects a wireless station from the wireless network after a period of inactivity. The wireless station needs to send the username and password again before it can use the wireless network again.
Idle Timeout The ZyXEL Device automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the user name and password again before access to the wired network is allowed.
RADIUS server has priority. Idle Timeout The ZyXEL Device automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the username and password again before access to the wired network is allowed.
RADIUS server has priority. Idle Timeout The ZyXEL Device automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the username and password again before access to the wired network is allowed.
These profiles can be assigned to an SSID profile in the SSID configuration screen To set up your ZyXEL Device’s RADIUS server settings, click WIRELESS > RADIUS. The screen appears as shown. Figure 50 RADIUS...
Enter a password (up to 128 alphanumeric characters) as the key to be shared between the accounting server and the ZyXEL Device. The key must be the same on the accounting server and your ZyXEL Device. The key is not sent over the network.
Chapter 7 Wireless Security Configuration 7.13 Configuring Local User Database To change your ZyXEL Device’s trusted users, click WIRELESS > Local User Database. The screen appears as shown. Figure 51 Local User Database The following table describes the labels in this screen.
H A P T E R MESSID and SSID This chapter describes how to configure and use your ZyXEL Device’s MESSID mode and configure SSID profiles. 8.1 Wireless LAN Infrastructures See the Wireless LAN chapter for some basic WLAN scenarios and terminology.
(on switch ports where PVID is enabled). Figure 52 Multiple ESS with VLAN Example 8.1.5 Configuring Multiple ESSs Click WIRELESS > Wireless and select MESSID in the Operating Mode drop-down list box to display the screen as shown. G-3000 Series User’s Guide...
Table 28 Wireless: Multiple ESS LABEL DESCRIPTION WLAN Adapter This field only appears when you have a compatible WLAN card in the ZyXEL Device’s extension card slot. Note: Contact your distributor for information on compatible WLAN cards. Select Built-in to configure settings for the ZyXEL Device’s the internal WLAN card.
Page 108
The blue ZyAIR LED is on when the ZyXEL Device is on and blinks (or breathes) when data is being transmitted to/from its wireless stations. Clear the check box to turn this LED off even when the ZyXEL Device is on and data is being transmitted/received.
ZyXEL Device. Output Power Set the output power of the ZyXEL Device in this field. If there is a high density of APs in an area, decrease the output power of the ZyXEL Device to reduce interference with other APs. Select from 100% (Full Power), 50%, 25% and 12.5%.
Index This field displays the index number of each SSID profile. Name This field displays the identification name of each SSID profile on the ZyXEL Device. SSID This field displays the name of the wireless profile on the network. When a wireless client scans for an AP to associate with, this is the name that is broadcast and seen in the wireless client utility.
Enter a name (up to 32 ASCII characters) to identify this profile. Spaces are allowed. SSID When a wireless client scans for an AP to associate with, this is the name that is broadcast and seen in the wireless client utility. G-3000 Series User’s Guide...
Page 112
Enter a VLAN ID number from 1 to 4094. Packets coming from the WLAN using this SSID profile are tagged with this VLAN ID number by the ZyXEL Device. Different SSID profiles can use the same or different VLAN IDs. This allows you to split wireless stations into groups using similar VLAN IDs.
3 You can enter a Second Rx VLAN ID in the following screen. The following screen shows VLAN 1 tagged with VLAN ID 1. Incoming packets (Second Rx VLAN ID) with a VLAN ID 3 are matched to VLAN 1. G-3000 Series User’s Guide...
Chapter 8 MESSID and SSID Figure 57 Configuring SSID: Second Rx VLAN ID Example 4 Click Apply to save these settings to the ZyAIR. G-3000 Series User’s Guide...
MAC addresses that you list in the layer-2 isolation table. In the following example, layer-2 isolation is enabled on the ZyXEL Device (Z, in the figure) to allow a guest wireless client (A) to access the main network router (B), the router providing Internet access (C), and the network printer (D) while preventing the client from accessing other computers and servers on the network.
9.2 Configuring Layer-2 Isolation If layer-2 isolation is enabled, you need to know the MAC addresses of the wireless clients, APs, computers or routers that you want to allow to communicate with the ZyXEL Device's wireless clients. To configure layer-2 isolation, click WIRELESS > Layer-2 Isolation. The screen appears as shown next.
Reset Click Reset to begin configuring this screen afresh. 9.2.1 Layer-2 Isolation Examples The following section shows you example layer-2 isolation configurations on the ZyXEL Device (A). When configuring, remember to enable layer-2 isolation in the WIRELESS > SSID > Edit screen of the relevant SSID profile.
In the following example wireless clients 1 and 2 can communicate with B and C but not 3. • Configure more than one MAC address. Enter the server’s and your ZyXEL Device’s MAC addresses in the Allow devices with these MAC addresses fields.
Figure 62 Layer-2 Isolation Example 2 9.3 Configuring MAC Filter The MAC filter screen allows you to configure the ZyXEL Device to give exclusive access to up to 32 devices (Allow Association) or exclude up to 32 devices from accessing the ZyXEL Device (Deny Association).
Select Allow Association to permit access to the router. MAC addresses not listed will be denied access to the router. MAC Address Enter the MAC addresses (in XX:XX:XX:XX:XX:XX format) of the wireless station to be allowed or denied access to the ZyXEL Device. Apply Click Apply to save your changes. Reset Click Reset to begin configuring this screen afresh.
(bridge tables are updated) and maximum AP efficiency. The AP deletes records of wireless stations that associate with other APs (Non-ZyXEL APs may not be able to perform this). 802.1x authentication information is not exchanged (at the time of writing).
DESCRIPTION Active Select Yes from the drop-down list box to enable roaming on the ZyXEL Device. This is useful if you have two or more APs on the same subnet. Note: All APs on the same subnet and the wireless stations must have the same SSID to allow roaming.
IP Screen This chapter discusses how to configure IP on the ZyXEL Device. 10.1 Factory Ethernet Defaults The Ethernet parameters of the ZyXEL Device are preset in the factory with the following values: 1 IP address of 192.168.1.2 2 Subnet mask of 255.255.255.0 (24 bits) These parameters should work for the majority of installations.
Device (by the DHCP server) to access the ZyXEL Device again. Use fixed IP address Select this option if your ZyXEL Device is using a static IP address. When you select this option, fill in the fields below. IP Address Enter the IP address of your ZyXEL Device in dotted decimal notation.
Page 125
Type the IP address of the gateway. The gateway is an immediate neighbor of your ZyXEL Device that will forward the packet to the destination. On the LAN, the gateway must be a router on the same segment as your ZyXEL Device;...
Page 126
Chapter 10 IP Screen G-3000 Series User’s Guide...
• Neither (Disable). You can disable a service on the ZyXEL Device by not allowing access for the service/ protocol through any of the ZyXEL Device interfaces. You may only have one management session running at a time. The ZyXEL Device automatically disconnects a management session of lower priority when another management session of higher priority starts.
67). 11.2 Configuring Telnet You can configure your ZyXEL Device for remote Telnet access. Use this screen to specify which interfaces allow Telnet access and from which IP address the access can come. Click REMOTE MGNT and the TELNET tab to display the screen as shown.
Click Reset to begin configuring this screen afresh. 11.4 WWW (HTTP and HTTPS) You can set the ZyXEL Device to use HTTP or HTTPS (HTTPS adds security) for web configurator sessions. Specify which interfaces allow web configurator access and from which IP address the access can come.
REMOTE MGMT > WWW screen). Authenticate Client Certificates is optional and if selected means the SSL-client must send the ZyXEL Device a certificate. You must apply for a certificate for the browser from a CA that is a trusted CA on the ZyXEL Device. Please refer to the following figure.
ZyXEL Device by sending the ZyXEL Device a certificate. To do that the SSL client must have a CA-signed certificate from a CA that has been imported as a trusted CA on the ZyXEL Device (see the appendix on importing certificates for details).
Click Reset to begin configuring this screen afresh. 11.6 HTTPS Example If you have not changed the default HTTPS port on the ZyXEL Device, then in your browser enter “https://ZyXEL Device IP Address/” as the web site address where “ZyXEL Device IP Address”...
Chapter 11 Remote Management Screens 11.6.2 Netscape Navigator Warning Messages When you attempt to access the ZyXEL Device HTTPS server, a Website Certified by an Unknown Authority screen pops up asking if you trust the server certificate. Click Examine Certificate if you want to verify that the certificate is from the ZyXEL Device.
Appendix G on page 457 for details. • The actual IP address of the HTTPS server (the IP address of the ZyXEL Device’s port that you are trying to access) does not match the common name specified in the ZyXEL Device’s HTTPS server certificate that your browser received.
Figure 74 Example: Lock Denoting a Secure Connection) Click Login and you then see the next screen. The factory default certificate is a common default certificate for all ZyXEL Device models. Figure 75 Replace Certificate Click Apply in the Replace Certificate screen to create a certificate using your ZyXEL Device’s MAC address that will be specific to this device.
Chapter 11 Remote Management Screens Figure 76 Device-specific Certificate Click Ignore in the Replace Certificate screen to use the common ZyXEL Device certificate. You will then see this information in the My Certificates screen. Figure 77 Common ZyXEL Device Certificate...
An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the ZyXEL Device). An agent translates the local management information from the managed device into a form compatible with SNMP.
• Trap - Used by the agent to inform the manager of some events. 11.7.1 Supported MIBs The ZyXEL Device supports MIB II that is defined in RFC-1213 and RFC-1215 as well as the proprietary ZyXEL private MIB. The purpose of the MIBs is to let administrators collect statistical data and monitor status and performance.
Table 41 SNMP Interface Index to Physical Port Mapping INTERFACE TYPE PHYSICAL PORT enet0 WLAN enet1 Ethernet port 11.8.1 Configuring SNMP To change your ZyXEL Device’s SNMP settings, click REMOTE MGMT, then the SNMP tab. The screen appears as shown. G-3000 Series User’s Guide...
Address ZyXEL Device using this service. Select All to allow any computer to access the ZyXEL Device using this service. Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service.
The ZyXEL Device has a built-in RADIUS server that can authenticate wireless clients or other AP’s in other wireless networks. The ZyXEL Device can function as an AP and as a RADIUS server at the same time. PEAP (Protected EAP) and MD5 authentication is implemented on the internal RADIUS server using simple username and password methods over a secure TLS connection.
RADIUS server can be authenticated. ZyXEL recommends that you replace the factory default certificate with one that uses your ZyXEL Device's MAC address. This can be done when you first log in to the ZyXEL Device or in the Advanced web configurator Certificates screen.
LABEL DESCRIPTION Active Select the Active check box to have the ZyXEL Device use its internal RADIUS server to authenticate wireless clients or other AP’s. This field displays the certificate index number. The certificates are listed in alphabetical order. Certificates can be added or removed in the Advanced Certificate screens.
Click Reset to start configuring this screen afresh. 12.3 Trusted AP Overview A trusted AP is an AP that uses the ZyXEL Device’s internal RADIUS server to authenticate it’s wireless clients. The following shows how this is done in two phases.
They are grayed out and therefore cannot be configured. The shared secret must be the same on the trusted AP and your ZyXEL Device. The shared secret is not sent over the network. The shared secret is used to encrypt messages from and to the ZyXEL Device.
Chapter 12 Auth Server 12.5 Trusted Users Overview A trusted user is a wireless client within the ZyXEL Device’s wireless network. See Section on page 122 to change your ZyXEL Device’s trusted users. G-3000 Series User’s Guide...
A certification path is the hierarchy of certification authority certificates that validate a certificate. The ZyXEL Device does not trust a certificate if any certificate on its path has expired or been revoked.
13.2 Self-signed Certificates You can have the ZyXEL Device act as a certification authority and sign its own certificates. 13.3 Verifying a Certificate Before you import a trusted CA certificate into the ZyXEL Device, you should verify that you have the actual certificate.
Use the My Certificate screens to generate and export self-signed certificates or certification requests and import the ZyXEL Devices’ CA-signed certificates. Use the Trusted CA screens to save CA certificates to the ZyXEL Device. 13.5 My Certificates Click CERTIFICATES > My Certificates to open the ZyXEL Device’s summary list of certificates and certification requests.
LABEL DESCRIPTION PKI Storage This bar displays the percentage of the ZyXEL Device’s PKI storage space that is Space in Use currently in use. The bar turns from green to red when the maximum is being approached. When the bar is red, you should consider deleting expired or unnecessary certificates before adding more certificates.
Note that subsequent certificates move up by one when you take this action Create Click Create to go to the screen where you can have the ZyXEL Device generate a certificate or a certification request. Import Click Import to open a screen where you can save the certificate that you have enrolled from a certification authority from your computer to the ZyXEL Device.
Chapter 13 Certificates • Binary PKCS#7: This is a standard that defines the general syntax for data (including digital signatures) that may be encrypted. The ZyXEL Device currently allows the importation of a PKS#7 file that contains a single certificate.
Click CERTIFICATES > My Certificates and then Create to open the My Certificate Create screen. Use this screen to have the ZyXEL Device create a self-signed certificate, enroll a certificate with a certification authority or generate a certification request, see the following figure.
Organizational Unit Type up to 127 characters to identify the organizational unit or department to which the certificate owner belongs. You may use any character, including spaces, but the ZyXEL Device drops trailing spaces. G-3000 Series User’s Guide...
Page 155
Select Create a certification request and save it locally for later manual request and save it enrollment to have the ZyXEL Device generate and store a request for a locally for later certificate. Use the My Certificate Details screen to view the certification manual enrollment request and copy it to send to the certification authority.
In the case of a self-signed certificate, you can set it to be the one that the ZyXEL Device uses to sign the trusted remote host certificates that you import to the ZyXEL Device.
If the certificate is a self-signed certificate, the certificate itself is the only one in the list. The ZyXEL Device does not trust the certificate and displays “Not trusted” in this field if any certificate on the path has expired or been revoked.
Click CERTIFICATES, Trusted CAs to open the Trusted CAs screen. This screen displays a summary list of certificates of the certification authorities that you have set the ZyXEL Device to accept as trusted. The ZyXEL Device accepts any valid certificate signed by a certification authority on this list as being trustworthy;...
LABEL DESCRIPTION PKI Storage This bar displays the percentage of the ZyXEL Device’s PKI storage space that is Space in Use currently in use. The bar turns from green to red when the maximum is being approached. When the bar is red, you should consider deleting expired or unnecessary certificates before adding more certificates.
Import to open the Trusted CA Import screen. Follow the instructions in this screen to save a trusted certification authority’s certificate to the ZyXEL Device, see the following figure. You must remove any spaces from the certificate’s filename before you can import the certificate.
Trusted CA Details screen. Use this screen to view in-depth information about the certification authority’s certificate, change the certificate’s name and set whether or not you want the ZyXEL Device to check a certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority.
31 characters to identify this key certificate. You may use any character (not including spaces). Property Select this check box to have the ZyXEL Device check incoming certificates that Check incoming are issued by this certification authority against a Certificate Revocation List certificates issued (CRL).
Page 164
Apply Click Apply to save your changes back to the ZyXEL Device. You can only change the name and/or set whether or not you want the ZyXEL Device to check the CRL that the certification authority issues before trusting a certificate issued by the certification authority.
14.1 Configuring View Log The web configurator allows you to look at all of the ZyXEL Device’s logs in one location. Click LOGS > View Log. Use the View Log screen to see the logs for the categories that you...
Click Email Log Now to send the log screen to the e-mail address specified in the Log Settings page. Refresh Click Refresh to renew the log screen. Clear Log Click Clear Log to clear all the logs. G-3000 Series User’s Guide...
To change your ZyXEL Device’s log settings, click LOGS > Log Settings. The screen appears as shown. Use the Log Settings screen to configure to where and when the ZyXEL Device is to send the logs and which logs and/or immediate alerts it is to send.
Select the categories of logs that you want to record. Send Immediate Select the categories of alerts for which you want the ZyXEL Device to Alert immediately send e-mail alerts. Apply Click Apply to save your customized settings and exit this screen.
Redirect Redirect datagrams for the Network Redirect datagrams for the Host Redirect datagrams for the Type of Service and Network Redirect datagrams for the Type of Service and Host G-3000 Series User’s Guide...
Use the sys logs clear command to erase all of the ZyXEL Device’s logs. 14.5 Log Command Example This example shows how to set the ZyXEL Device to record the error logs and alerts and then view the results. ras> sys logs load ras>...
Page 172
Chapter 14 Log Screens G-3000 Series User’s Guide...
The Management VLAN ID identifies the “management VLAN”. A device must be a member of this “management VLAN” in order to access and manage the ZyXEL Device. If a device is not a member of this VLAN, then that device cannot manage the ZyXEL Device.
The ZyXEL Device allows you to configure VLAN based on SSID profile (wireless VLAN), and / or based on your RADIUS server (RADIUS VLAN). • When you use wireless VLAN, the ZyXEL Device tags all packets from an SSID with the VLAN ID you set in the WIRELESS > SSID > Edit screen.
Enter a number from 1 to 4094 to define this VLAN group. At least one device in your network must belong to this VLAN group in order to manage the ZyXEL Device. Note: Mail and FTP servers must have the same management VLAN ID to communicate with the ZyXEL Device.
This section shows you how to create a VLAN on an Ethernet switch. By default, the port on the ZyXEL Device is a member of the management VLAN (VLAN ID 1). The following procedure shows you how to configure a tagged VLAN.
5 Type a VLAN Group ID. This should be the same as the management VLAN ID on the ZyXEL Device. 6 Enable Tx Tagging on the port which you want to connect to the ZyXEL Device. Disable Tx Tagging on the port you are using to connect to your computer.
3 Click Apply. Figure 101 VLAN Setup 4 The ZyXEL Device attempts to connect with a VLAN-aware device. You can now access and mange the ZyXEL Device though the Ethernet switch. If you do not connect the ZyXEL Device to a correctly configured VLAN-aware device, you will lock yourself out of the ZyXEL Device.
ID (Name:string) is between 1 and 4094. 4c If a or b are not matched, the ZyXEL Device uses the VLAN ID configured in the WIRELESS VLAN screen and the wireless station. This VLAN ID is independent and hence different to the ID in the VLAN screen.
• Right click Remote Access Policy and select New Remote Access Policy. • Enter a Policy friendly name that describes the policy. Each Remote Access Policy will be matched to one VLAN Group. An example may be, Allow - VLAN 10 Policy. • Click Next. G-3000 Series User’s Guide...
The policy is added to the field below. Only one VLAN Group should be associated with each policy. 5 Click OK and Next in the next few screens to accept the group value. Figure 106 Adding VLAN Group G-3000 Series User’s Guide...
• Clear the check boxes for all other authentication types listed below the drop-down list box. Figure 108 Authentication Tab Settings 8 Click the Encryption tab. Select the Strongest encryption option. This step is not required for EAP-MD5, but is performed as a safeguard. G-3000 Series User’s Guide...
9 Click the IP tab and select the Client may request an IP address check box for DHCP support. 10 Click the Advanced tab. The current default parameters returned to the ZyXEL Device should be Service-Type and Framed-Protocol. • Click the Add button to add an additional three RADIUS VLAN attributes required for 802.1X Dynamic VLAN Assignment.
4094 or a Name for this policy. This Name should match a name in the VLAN mapping table on the ZyXEL Device. Wireless stations belonging to the VLAN Group specified in this policy will be given a VLAN ID specified in the ZyXEL Device VLAN table. • Click OK.
Figure 114 VLAN Attribute Setting for Tunnel-Type 17 Return to the RADIUS Attribute Screen shown as Figure 111 on page 184. • Click the Close button. • The completed Advanced tab configuration should resemble the following screen. G-3000 Series User’s Guide...
15.2.4 Second Rx VLAN ID Example In this example, the ZyXEL Device is configured to tag packets from SSID01 with VLAN ID 1 and tag packets from SSID02 with VLAN ID 2. VLAN 1 and VLAN 2 have access to a server, S, and the Internet, as shown in the following figure.
SSID (SSID03) on the ZyXEL Device. This example has the ZyXEL Device tag outgoing packets from clients in SSID03 with a VLAN ID of 3, and forward incoming packets with a VLAN ID of 3 or 4 to SSID03.
173). If no devices are in the management VLAN, then you will not be able to access the ZyXEL Device through the network. If the ZyXEL Device has no console port, you will have to restore the default configuration file.
16.2 System Status Screen Click MAINTENANCE to open the System Status screen, where you can use to monitor your ZyXEL Device. Note that these labels are READ-ONLY and are meant to be used for diagnostic purposes. Figure 118 System Status The following table describes the labels in this screen.
The Ethernet port must use the same speed or duplex mode setting as the peer Ethernet port in order to connect. This shows the transmission speed only for the wireless port. G-3000 Series User’s Guide...
Click this button to stop refreshing statistics. 16.3 Association List View the wireless stations that are currently associated with the ZyXEL Device in the Association List screen. Click MAINTENANCE and then the Association List tab to display the screen as shown next.
MAC Address This field displays the MAC address of an associated wireless station. Association Time This field displays the time a wireless station first associated with the ZyXEL Device. Name (SSID) This field displays the SSID to which the wireless station is associated.
Click Refresh to reload the screen. 16.5 F/W Upload Screen Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a "*.bin" extension. The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot. See the Firmware and Configuration File Maintenance chapter for upgrading firmware using FTP/TFTP commands.
Click Upload to begin the upload process. This process may take up to two minutes. Do not turn off the ZyXEL Device while firmware upload is in progress! After you see the Firmware Upload in Process screen, wait two minutes before logging into the ZyXEL Device again.
Chapter 25 on page 237 for information on how to transfer configuration files using FTP/ TFTP commands. Click MAINTENANCE > Configuration. Information related to factory defaults, backup configuration, and restoring configuration appears as shown next. Figure 126 Configuration G-3000 Series User’s Guide...
Backup configuration allows you to back up (save) the ZyXEL Device’s current configuration to a file on your computer. Once your ZyXEL Device is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes.
If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default ZyXEL Device IP address (192.168.1.2). See your Quick Start Guide for details on how to set up your computer’s IP address.
SMT and Troubleshooting Introducing the SMT (201) General Setup (207) LAN Setup (209) SNMP Configuration (225) System Security (227) System Information and Diagnosis (231) Firmware and Configuration File Maintenance (237) System Maintenance and Information (249) Troubleshooting (255)
• No parity, 8 data bits, 1 stop bit, flow control set to none. 17.1.1 Initial Screen When you turn on your ZyXEL Device, it performs several internal tests as well as line initialization. After the tests, the ZyXEL Device asks you to press [ENTER] to continue, as shown next.
Please note that if there is no activity for longer than five minutes (default timeout period) after you log in, your ZyXEL Device will automatically log you out. You will then have to log into the ZyXEL Device again. You can use the web configurator or the CI commands to change the inactivity time out period.
Note that as you type a password, the screen displays an asterisk “*” for each character you type. 17.5 Navigating the SMT Interface You can use the SMT to configure and monitor your ZyXEL Device. Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below.
LAN Setup Use this menu to set up your LAN and WLAN connection. Dial-in User Setup Use this menu to set up local user profiles on the ZyXEL Device. VLAN Setup Use this menu to set up your VLAN ID.
Chapter 17 Introducing the SMT 17.6 SMT Menus Overview The following table gives you an overview of your ZyXEL Device’s various SMT menus. Table 69 SMT Menus Overview MENUS SUB MENUS 1 General Setup 1.1 Configure Dynamic DNS 3 LAN Setup 3.2 TCP/IP Setup...
Page 206
Chapter 17 Introducing the SMT G-3000 Series User’s Guide...
The Domain Name entry is what is propagated to the DHCP clients on the LAN. While you must enter the host name (System Name) on each individual computer, the domain name can be assigned from the ZyXEL Device via DHCP. 18.1.1 Procedure To Configure Menu 1 Enter 1 in the Main Menu to open Menu 1 –...
Page 208
User-Defined in the field above. ENTER When you have completed this menu, press [ ] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ ] at any time to cancel. G-3000 Series User’s Guide...
H A P T E R LAN Setup This chapter shows you how to configure the LAN on your ZyXEL Device. 19.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 – LAN Setup. From the main menu, enter 3 to display menu 3.
19.3 Wireless LAN Setup Use menu 3.5 to set up your ZyXEL Device as the wireless access point. To edit menu 3.5, enter 3 from the main menu to display Menu 3 – LAN Setup. When menu 3 appears, press 5 and then press [ENTER] to display Menu 3.5 –...
Select SSID Profile This field is available when you select AP or AP+bridge as the operating mode. Press [SPACE BAR] to select a SSID for the ZyXEL Device to use. Edit Bridge Link Use [SPACE BAR] to choose Yes and press [ENTER] to go to Menu 3.5.4 - Configuration Bridge Link Configuration.
No if you want to allow intra-BSS traffic. Output Power Set the output power of the ZyXEL Device in this field. If there is a high density of APs within an area, decrease the output power of the ZyXEL Device to reduce interference with other APs.The options are 17dBm (50mW), 15dBm...
Define the filter action for the list of MAC addresses in the MAC address filter table. To deny access to the ZyXEL Device, press [SPACE BAR] to select Deny Association and press [ENTER]. MAC addresses not listed will be allowed to access the router.
[ESC] to cancel and go back to the previous screen. 19.3.3 Configuring Bridge Link Follow the steps below to configure bridge link on your ZyXEL Device. 1 From the main menu, enter 3 to open Menu 3 – LAN Setup.
Enable Link 4= No Peer MAC Address= 0b:16:21:2c:37:3f PSK= ******** Enable Link 5= Yes Peer MAC Address= 0b:16:21:2c:37:40 PSK= ******** Enable WDS Security= Yes Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle. G-3000 Series User’s Guide...
System (WDS) is a wireless connection between two or more APs. When you select Yes, you are prompted to type a Pre-Shared Key (PSK) in the PSK fields of each bridge link you want to configure. The ZyXEL Device uses TKIP to encrypt traffic on the WDS between AP’s.
[ESC] to cancel and go back to the previous screen. 19.3.5 Configuring SSID Profiles When the ZyXEL Device is set to MESSID mode, you need to choose the SSID profile(s) you want to use in your wireless network (see Section 6.6 on page 78...
Active= No Active= No 2 SSID01 6 SSID01 Active= No Active= No 3 SSID01 7 SSID01 Active= No Active= No 4 SSID01 8 SSID01 Active= No Active= No Press ENTER to Confirm or ESC to Cancel: G-3000 Series User’s Guide...
FIELD DESCRIPTION An SSID profile is the set of parameters relating to one of the ZyXEL Device’s ESSs. The SSID (Service Set IDentifier) identifies the Service Set with which a wireless station is associated. Wireless stations associating with the access point (AP) must have the same SSID.
This chapter shows you how to create user accounts on the ZyXEL Device. 20.1 Dial-in User Setup By storing user profiles locally, your ZyXEL Device is able to authenticate wireless users without interacting with a network RADIUS server. Follow the steps below to set up user profiles on your ZyXEL Device.
Enter a password up to 31 characters long for this user profile. When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen. G-3000 Series User’s Guide...
VLAN. 21.1 VLAN Setup When VLAN is enabled, you must connect the ZyXEL Device to a VLAN-aware device that is a member of the management VLAN in order to manage it through the network. See the example of configuring a management VLAN Section 15.2.2 on page 176...
Enter a number from 1 to 4094 to define this VLAN group. Name Type a name to have the ZyXEL Device check for specific VLAN attributes on incoming messages from the RADIUS server. Access-accept packets sent by the RADIUS server contain VLAN related attributes. The configured Name fields are checked against these attributes.
Trusted Host If you enter a trusted host, your ZyXEL Device will only respond to SNMP messages from this address. A blank (default) field means your ZyXEL Device will respond to all SNMP messages it receives, regardless of source.
Page 226
Type the IP address of the station to send your SNMP traps to. When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen. G-3000 Series User’s Guide...
H A P T E R System Security This chapter describes how to configure the ZyXEL Device’s system password and wireless LAN security profiles. 23.1 System Password Section 17.4 on page 202 for how to change the system password. 23.2 Configuring Wireless Security Profiles The following screens are configurable only in Access Point, AP+Bridge and MESSID operating modes only.
Authentication Press [SPACE BAR] and then [ENTER] to select which authentication Databases databases the ZyXEL Device uses and in what order. Select Local User Database Only to have the system use the internal user account database. Select RADIUS Only to have the system use an external RADIUS server.
Page 229
Timer(in second) keying process is the WPA equivalent of automatically changing the group key for an AP and all stations in a WLAN on a periodic basis. The ZyXEL Device default is 1800 seconds (30 minutes). WPA-PSK and WPA2-PSK use a simple common password (called a pre- shared key or PSK), instead of user-specific credentials.
Page 230
Chapter 23 System Security G-3000 Series User’s Guide...
The first selection, System Status gives you information on the status and statistics of the ports, as shown next. System Status is a tool that can be used to monitor your ZyXEL Device. Specifically, it gives you information on your Ethernet and Wireless LAN status, and the number of packets sent and received.
Table 82 Menu 24.1 System Maintenance: Status FIELD DESCRIPTION Port This is the port, either Ethernet or wireless. For the G-3000, the built-in wireless adapter is WLAN1 and the removable wireless adapter is WLAN 2. Status This shows the status of the port’s connection.
2. Console Port Speed Please enter selection: If you ZyXEL Device does not have an external console port, these settings are for an internal console port for support personnel only. Do not open the ZyXEL Device as it will void your warranty.
Console Port Speed: 9600 Press ENTER to Confirm or ESC to Cancel: After you changed your ZyXEL Device’s console port speed, you must also make the same change to the console port speed parameter of your communication software. 24.3 Log and Trace Your ZyXEL Device provides error logs and trace records that are stored locally.
3 Enter 1 from Menu 24.3 – System Maintenance – Log and Trace and press [ENTER] twice to display the error log in the system. After the ZyXEL Device finishes displaying the error log, you will have the option to clear it. Samples of typical error and information messages are presented in the next figure.
2 From this menu, type 4. Diagnostic to open Menu 24.4 – System Maintenance – Diagnostic. The following table describes the diagnostic tests available in menu 24.4 for your ZyXEL Device and the connections. Table 84 Menu 24.4 System Maintenance Menu: Diagnostic...
The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password and TCP/IP Setup, etc. It arrives from ZyXEL with a rom filename extension. Once you have customized the ZyXEL Device's settings, they can be saved back to your computer under a filename of your choosing.
The following table is a summary. Please note that the internal filename refers to the filename on the ZyXEL Device and the external filename refers to the filename not on the ZyXEL Device, that is, on your computer, local network or FTP site and so the name (but not the extension) will vary.
4 Enter your management password as requested. The default is 1234. 5 Enter “bin” to set transfer mode to binary. 6 Use “get” to transfer files from the ZyXEL Device to the computer, for example, “get rom-0 config.rom” transfers the configuration file on the ZyXEL Device to your computer and renames it “config.rom”.
To use TFTP, your computer must have both telnet and TFTP clients. To backup the configuration file, follow the procedure shown next: 1 Use telnet from your computer to connect to the ZyXEL Device and log in. Because TFTP does not have any security checks, the ZyXEL Device records the IP address of the telnet client and accepts TFTP requests only from this address.
4 After a successful backup you will see the following screen. Press any key to return to the SMT menu. Figure 170 Successful Backup Confirmation Screen ** Backup Configuration completed. OK. ### Hit any key to continue.### G-3000 Series User’s Guide...
Menu 24.6 –- System Maintenance – Restore Configuration allows you to restore the configuration via FTP or TFTP to your ZyXEL Device. The preferred method is FTP. Note that this function erases the current configuration before restoring the previous backup configuration;...
FTP is the preferred method for uploading the firmware and configuration. To use this feature, your computer must have an FTP client. When you telnet into the ZyXEL Device, you will see the following screens for uploading firmware and the configuration file using FTP.
4 Enter your management password as requested. The default is 1234. 5 Enter “bin” to set transfer mode to binary. 6 Use “put” to transfer files from the computer to the ZyXEL Device for example “put firmware.bin ras” transfers the firmware on your computer (firmware.bin) to the ZyXEL Device and renames it “ras”.
1 Use telnet from your computer to connect to the ZyXEL Device and log in. Because TFTP does not have any security checks, the ZyXEL Device records the IP address of the telnet client and accepts TFTP requests only from this address.
“i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the ZyXEL Device’s IP address, “put” transfers the file source on the computer (firmware.bin – name of the firmware on the computer) to the file destination on the remote host (ras - name of the firmware on the ZyXEL Device).
Choose the Xmodem protocol. Then click Send. After the firmware upload process has completed, the ZyXEL Device will automatically restart. 25.4.9 Uploading Configuration File Via Console Port The console port does not apply to all models. 1 Select 2 from Menu 24.7 – System Maintenance – Upload Firmware to display Menu 24.7.2 –...
Figure 179 Example Xmodem Upload Type the configuration file’s location, or click Browse to search for it. Choose the Xmodem protocol. Then click Send. After the configuration upload process has completed, restart the ZyXEL Device by entering “atgo” G-3000 Series User’s Guide...
Enter the CI from the SMT by selecting menu 24.8. See the included disk or the zyxel.com web site for more detailed information on CI commands. Enter 8 from Menu 24 – System Maintenance. A list of valid commands can be found by typing help or ? at the command prompt.
26.2 Time and Date Setting The ZyXEL Device keeps track of the time and date. There is also a software mechanism to set the time manually or get the current time and date from an external server when you turn on your ZyXEL Device.
You can configure your ZyXEL Device for remote Telnet access as shown next. Figure 183 Telnet Configuration on a TCP/IP Network 26.3.2 FTP You can upload and download ZyXEL Device firmware and configuration files using FTP. To use this feature, your computer must have an FTP client. 26.3.3 Web You can use the ZyXEL Device’s embedded web configurator for configuration and file...
IP address to enhance security and flexibility. You can manage your ZyXEL Device from a remote location via: Internet (WLAN only), the LAN only, All (LAN and WLAN) or Disable (neither).
There is a system timeout of five minutes (300 seconds) for Telnet/web/FTP connections. Your ZyXEL Device will automatically log you out if you do nothing in this timeout period, except when it is continuously updating the status in menu 24.1 or when sys stdio has been changed on the command line.
1 Make sure you are using the power adaptor or cord included with the ZyXEL Device. 2 Make sure the power adaptor or cord is connected to the ZyXEL Device and plugged in to an appropriate power source. Make sure the power source is turned on.
Page 256
Section 27.1 on page 255. 4 Make sure your computer is in the same subnet as the ZyXEL Device. (If you know that there are routers between your computer and the ZyXEL Device, skip this step.) • If there is no DHCP server on your network, make sure your computer’s IP address is in the same subnet as the ZyXEL Device.
2 You cannot log in to the web configurator while someone is using the SMT or Telnet to access the ZyXEL Device. Log out of the ZyXEL Device in the other session, or ask the person who is logged in to log out.
Page 258
The Internet connection is slow or intermittent. 1 There might be a lot of traffic on the network. Look at the LEDs. If the ZyXEL Device is sending or receiving a lot of information, try closing some programs that use the Internet, especially peer-to-peer applications.
Appendices and Index Product Specifications (261) Setting up Your Computer’s IP Address (267) IP Addresses and Subnetting (283) IP Address Assignment Conflicts (291) Wireless LANs (295) Pop-up Windows, JavaScripts and Java Permissions (309) Importing Certificates (315) Text File Based Auto Configuration (327) Legal Information (349) Customer Support (353) Index (357)
External Antenna Two 2dBi (Max) Dual detachable antennas with reverse SMA connectors. When you face the front of the ZyXEL Device, the antenna on the right is the main antenna. The main antenna can both transmit and receive. The antenna on the left only receives.
Internal RADIUS Server The G-3000 has a built-in RADIUS server that can authenticate wireless clients or other AP’s in other wireless networks. The G-3000 can function as an AP and as a RADIUS server at the same time. Layer 2 isolation...
SNMP (Simple Network Management Protocol) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your ZyXEL Device supports SNMP agent functionality, which allows a manger station to manage and monitor the ZyXEL Device through the network.
Input Power AC100Volts/ 50/60Hz/ 27VA Output Power DC12Volts/1.2A Power Consumption 10 W Safety Standards T-Mark (Japan Dentori) Table 98 G-3000 Australia and New Zealand plug standards AC Power Adaptor Model AD-1201200DS or AD-121200DS Input Power AC240Volts/50Hz/0.2A Output Power DC12Volts/1.2A Power Consumption...
Table 104 Power over Ethernet Injector RJ-45 Port Pin Assignments RJ-45 SIGNAL PIN NO ASSIGNMENT Output Transmit Data + Output Transmit Data - 1 2 3 4 5 6 7 8 Receive Data + Power + Power + Receive Data - Power - Power - G-3000 Series User’s Guide...
Page 266
Appendix A Product Specifications G-3000 Series User’s Guide...
After the appropriate TCP/IP components are installed, configure the TCP/IP settings in order to "communicate" with your network. If you manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the ZyXEL Device’s LAN port. Windows 95/98/Me Click Start, Settings, Control Panel and double-click the Network icon to open the Network window.
2 Select Client and then click Add. 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. G-3000 Series User’s Guide...
• If you do not know your DNS information, select Disable DNS. • If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in). G-3000 Series User’s Guide...
5 Click OK to save and close the TCP/IP Properties window. 6 Click OK to close the Network window. Insert the Windows CD if prompted. 7 Turn on your ZyXEL Device and restart your computer when prompted. Verifying Settings 1 Click Start and then Run.
Figure 188 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 189 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. G-3000 Series User’s Guide...
• If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. • Click Advanced. G-3000 Series User’s Guide...
To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. • Click OK when finished. G-3000 Series User’s Guide...
• If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. G-3000 Series User’s Guide...
Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT). 11 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings 1 Click Start, All Programs, Accessories and then Command Prompt. 2 In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab.
2 Select Ethernet built-in from the Connect via list. Figure 196 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: • From the Configure box, select Manually. G-3000 Series User’s Guide...
• Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. 5 Close the TCP/IP Control Panel.
• Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. 5 Click Apply Now and close the window.
Figure 199 Red Hat 9.0: KDE: Network Configuration: Devices 2 Double-click on the profile of the network card you wish to configure. The Ethernet Device General screen displays as shown. Figure 200 Red Hat 9.0: KDE: Ethernet Device: General G-3000 Series User’s Guide...
Ethernet card). Open the eth0 eth0 configuration file with any plain text editor. • If you have a dynamic IP address, enter in the field. The dhcp BOOTPROTO= following figure shows an example. G-3000 Series User’s Guide...
Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal. The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. G-3000 Series User’s Guide...
Subnet masks can be referred to by the size of the network number part (the bits with a “1” value). For example, an “8-bit mask” means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes. G-3000 Series User’s Guide...
For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with subnet mask 255.255.255.128. The following table shows some possible subnet masks using both notations. Table 108 Alternative Subnet Mask Notation ALTERNATIVE LAST OCTET LAST OCTET SUBNET MASK NOTATION (BINARY) (DECIMAL) 255.255.255.0 0000 0000 255.255.255.128 1000 0000 G-3000 Series User’s Guide...
The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. The following figure shows the company network after subnetting. There are now two sub- networks, A and B. G-3000 Series User’s Guide...
Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet. Table 113 Eight Subnets SUBNET LAST BROADCAST SUBNET FIRST ADDRESS ADDRESS ADDRESS ADDRESS G-3000 Series User’s Guide...
You must also enable Network Address Translation (NAT) on the ZyXEL Device. Once you have decided on the network number, pick an IP address for your ZyXEL Device that is easy to remember (for instance, 192.168.1.1) but make sure that no other device on your network is using that IP address.
You must set the ZyXEL Device to use different LAN and WAN IP addresses on different subnets if you enable DHCP server on the ZyXEL Device. For example, you set the WAN IP address to 192.59.1.1 and the LAN IP address to 10.59.1.1. Otherwise, It is recommended the ZyXEL Device use a public WAN IP address.
Appendix D IP Address Assignment Conflicts Figure 212 IP Address Conflicts: Case B To solve this problem, make sure the ZyXEL Device LAN IP address is not in the DHCP IP address pool. Case C: The Subscriber IP address is the same as the IP...
Appendix D IP Address Assignment Conflicts Figure 214 IP Address Conflicts: Case D This problem can be solved by adding a VLAN-enabled switch or set the computers to obtain IP addresses dynamically. G-3000 Series User’s Guide...
Page 294
Appendix D IP Address Assignment Conflicts G-3000 Series User’s Guide...
A and B can access the wired network and communicate with each other. When Intra-BSS is disabled, wireless client A and B can still access the wired network but cannot communicate with each other. G-3000 Series User’s Guide...
An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless clients within the same ESS must have the same ESSID in order to communicate. G-3000 Series User’s Guide...
(AP) or wireless gateway, but out-of-range of each other, so they cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other. G-3000 Series User’s Guide...
AP will fragment the packet into smaller data frames. A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. G-3000 Series User’s Guide...
5.5 / 11 CCK (Complementary Code Keying) 6/9/12/18/24/36/48/54 OFDM (Orthogonal Frequency Division Multiplexing) Wireless Security Overview Wireless security is vital to your network to protect wireless communication between wireless clients, access points and the wired network. G-3000 Series User’s Guide...
Appendix E Wireless LANs Wireless security methods available on the ZyXEL Device are data encryption, wireless client authentication, restricting access by device MAC address and hiding the ZyXEL Device identity. The following figure shows the relative effectiveness of these wireless security methods available on your ZyXEL Device.
EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication. The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that supports IEEE 802.1x. . G-3000 Series User’s Guide...
Page 302
However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco. LEAP LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x. G-3000 Series User’s Guide...
If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not. Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure than WPA or WPA2. G-3000 Series User’s Guide...
Page 304
AP and does not need to go with the authentication process again. Pre-authentication enables fast roaming by allowing the wireless client (already connecting to an AP) to perform IEEE 802.1x authentication with another AP before connecting to it. G-3000 Series User’s Guide...
2 The AP checks each wireless client's password and (only) allows it to join the network if the password matches. 3 The AP and wireless clients use the pre-shared key to generate a common PMK (Pairwise Master Key). G-3000 Series User’s Guide...
An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air. G-3000 Series User’s Guide...
In general, antennas should be mounted as high as practically possible and free of obstructions. In point-to–point application, position both antennas at the same height and in a direct line of sight to each other to attain the best performance. G-3000 Series User’s Guide...
Page 308
For a single AP application, place omni-directional antennas as close to the center of the coverage area as possible. For directional antennas, point the antenna in the direction of the desired coverage area. G-3000 Series User’s Guide...
1 In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker. Figure 221 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. 1 In Internet Explorer, select Tools, Internet Options, Privacy. G-3000 Series User’s Guide...
Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen. G-3000 Series User’s Guide...
3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 224 Pop-up Blocker Settings G-3000 Series User’s Guide...
3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window. G-3000 Series User’s Guide...
2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window. Figure 227 Security Settings - Java G-3000 Series User’s Guide...
1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Figure 228 Java (Sun) G-3000 Series User’s Guide...
Importing the ZyXEL Device’s Certificate into Internet Explorer For Internet Explorer to trust a self-signed certificate from the ZyXEL Device, simply import the self-signed certificate into your operating system as a trusted certification authority. To have Internet Explorer trust a ZyXEL Device certificate issued by a certificate authority, import the certificate authority’s certificate into your operating system as a trusted...
1 In Internet Explorer, double click the lock shown in the following screen. Figure 230 Login Screen 2 Click Install Certificate to open the Install Certificate wizard. Figure 231 Certificate General Information before Import 3 Click Next to begin the Install Certificate wizard. G-3000 Series User’s Guide...
Appendix G Importing Certificates Figure 232 Certificate Import Wizard 1 4 Select where you would like to store the certificate and then click Next. Figure 233 Certificate Import Wizard 2 5 Click Finish to complete the Import Certificate wizard. G-3000 Series User’s Guide...
Appendix G Importing Certificates Figure 234 Certificate Import Wizard 3 6 Click Yes to add the ZyXEL Device certificate to the root store. Figure 235 Root Certificate Store G-3000 Series User’s Guide...
The SSL client needs a certificate if Authenticate Client Certificates is selected on the ZyXEL Device. You must have imported at least one trusted CA to the ZyXEL Device in order for the Authenticate Client Certificates to be active (see the Certificates chapter for details).
Appendix G Importing Certificates Figure 237 ZyXEL Device Trusted CA Screen The CA sends you a package containing the CA’s trusted certificate(s), your personal certificate(s) and a password to install the personal certificate(s). Installing the CA’s Certificate 1 Double click the CA’s trusted certificate to produce a screen similar to the one shown next.
Double-click the personal certificate given to you by the CA to produce a screen similar to the one shown next 1 Click Next to begin the wizard. Figure 239 Personal Certificate Import Wizard 1 G-3000 Series User’s Guide...
3 Enter the password given to you by the CA. Figure 241 Personal Certificate Import Wizard 3 4 Have the wizard determine where the certificate should be saved on your computer or select Place all certificates in the following store and choose a different location. G-3000 Series User’s Guide...
5 Click Finish to complete the wizard and begin the import process. Figure 243 Personal Certificate Import Wizard 5 6 You should see the following screen when the certificate is correctly installed on your computer. Figure 244 Personal Certificate Import Wizard 6 G-3000 Series User’s Guide...
2 When Authenticate Client Certificates is selected on the ZyXEL Device, the following screen asks you to select a personal certificate to send to the ZyXEL Device. This screen displays even if you only have a single certificate as in the example.
Page 325
Appendix G Importing Certificates G-3000 Series User’s Guide...
Page 326
Appendix G Importing Certificates G-3000 Series User’s Guide...
Specify the TFTP server IP address and file name from wcfg autocfg server [IP] which the AP is to download a configuration file whenever [filename] the AP starts up. Configuration Via SNMP You can configure and trigger the auto configuration remotely via SNMP. G-3000 Series User’s Guide...
If the version of the downloaded file is the same or smaller (older), the AP ignores the file. If the version of the downloaded file is larger (newer), the AP uses the file. G-3000 Series User’s Guide...
Remember that the commands are applied in order. So for example, you would place the commands that create security and SSID profiles before the commands that tell the AP to use those profiles. G-3000 Series User’s Guide...
SNMPc management software. The Wireless LAN Manager is referred to here as the EMS. The EMS uses ZyXEL’s proprietary Management Information Base (MIB). The proprietary MIB file is included on the CD with the EMS. You can also find it in the zipped file that contains the current firmware file.
4 You must select the same directory where you installed SNMPc. Click Browse if it’s different from the destination folder shown. Click Next to continue. Figure 256 EMS Installation Wizard: Choose Destination Screen 5 When the installation process is complete, a screen displays as shown. Click Finish. G-3000 Series User’s Guide...
SNMPc Network Manager Startup Use the following steps to set whether or not SNMPc starts automatically each time you turn on your computer. 1 Click Start, Programs, SNMPc Network Manager, Startup System to manually start the SNMPc network manager. G-3000 Series User’s Guide...
2 Click Config, System Startup..Figure 259 Accessing the SNMPc Startup Settings 3 Select Auto Startup check box if you want SNMPc to automatically start each time you turn on your computer, otherwise clear it. Click Close. G-3000 Series User’s Guide...
(such as the AP) that the standard MIB does not include. 1 From the SNMPc Network Manager main screen, click Config, Mib Database. Figure 261 Accessing the Compile Mibs Screen 2 In the Compile Mibs screen that displays, click Add. G-3000 Series User’s Guide...
Appendix I Wireless LAN Manager Figure 262 Compile Mibs Screen 3 The Add Mib files... screen opens. Select zyxel-prowireless.mib in the list box and click OK. Figure 263 Add Mib files Screen 4 In the Compile Mibs screen, click Compile.
6 This screen appears after the compiling finishes. Click OK. Figure 266 Compile Mib OK Screen 7 Finally click Done in the Compile Mibs screen. Proprietary MIBs The following objects are contained in the zyxel-prowireless.mib. Table 126 Proprietary MIBs ITEMS OBJECT ID (OID)
Figure 268 Accessing the MAP Object Properties Screen 3 In the MAP Object Properties screen, enter a descriptive device name and IP address for the device. Figure 269 MAP Object Properties: General 4 Click the Access tab. G-3000 Series User’s Guide...
For security purposes, it is strongly recommended to change the Read Community and Read/Write Community on your AP. Write down this information and keep in a safe place so you will not forget it later. 6 An icon displays for the device. Figure 271 Device Icon G-3000 Series User’s Guide...
Figure 273 Discovery/Polling Agents Screen 3 After the device has been found, an icon and label appear in the network manager view window. Right-click the device icon and select Properties. Auto-discovery may take hours for a large and complex network. G-3000 Series User’s Guide...
AP. Then click OK. For security purposes, it is strongly recommended to change the Read Community and Read/Write Community on your AP. Write down this information and keep in a safe place so you will not forget it later. G-3000 Series User’s Guide...
• Make sure that the computer you have installed the EMS on, is connected to the network where the device is located. • Make sure your computer’s Ethernet card is working properly. • Make sure that the device you want to manage is connected to the network and operating properly. G-3000 Series User’s Guide...
Page 347
Appendix I Wireless LAN Manager • If the problem still persists, uninstall and re-install the EMS software. G-3000 Series User’s Guide...
Page 348
Appendix I Wireless LAN Manager G-3000 Series User’s Guide...
Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others.
Page 350
Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada. Viewing Certifications 1 Go to http://www.zyxel.com. 2 Select your product on the ZyXEL home page to go to that product's page. G-3000 Series User’s Guide...
Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.
Page 352
Appendix J Legal Information G-3000 Series User’s Guide...
TFTP using web configuration file examples format rules backup 196, 238 configuration restore using FTP backup configuration using TFTP using console port using web using TFTP using web console port access Basic Service Set G-3000 Series User’s Guide...
Page 358
67, 207 guest SSID profile 87, 88 EAP Authentication Element Manager System. See EMS. hardware specifications hidden menus accessing hidden node installation HTML-based management system requirements troubleshooting HTTPS example encryption 89, 304 humidity error log G-3000 Series User’s Guide...
Page 359
MSDU (MAC Service Data Unit) 80, 108 multiple wireless networks layer-2 isolation 62, 115, 217 link type local user database log and trace log descriptions login Netscape Navigator version console port Network Address Translation telnet See NAT. web configurator logs G-3000 Series User’s Guide...
Page 361
TFTP user profiles restore configuration System Management Terminal See SMT. system password system requirements for EMS system timeout 128, 254 Virtual Local Area Network see VLAN VLAN configuring management VLAN RADIUS G-3000 Series User’s Guide...
Page 362
WPA-PSK wireless client supplicant with RADIUS application with RADIUS application example WPA2 user authentication vs WPA2-PSK wireless client supplicant with RADIUS application example WPA2-Pre-Shared Key WPA2-PSK 60, 303, 304 application example G-3000 Series User’s Guide...
Need help?
Do you have a question about the G-3000 and is the answer not in the manual?
Questions and answers