Page 1 NWA3000-N Series Wireless N Business WLAN 3000 Series Access Point NWA3560-N: 802.11 a/b/g/n Dual-Radio Business Access Point (Indoor) NWA3160-N: 802.11 a/b/g/n Business Access Point (Indoor) NWA3550-N: 802.11 a/b/g/n Dual-Radio Outdoor Business Access Point (Outdoor) Default Login Details IP Address https://192.168.1.2...
Page 3: About This User's Guide
• Support Disc Refer to the included CD for support documents. • ZyXEL Web Site Please refer to www.zyxel.com for additional support documentation and product certifications. User Guide Feedback Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead.
Page 4: Document Conventions
“1000” or “1024”, “M” for mega may denote “1000000” or “1048576” and so • “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”. • Screens reproduced here for demonstration purposes may not exactly match the screens on your device. NWA3000-N Series User’s Guide...
Page 5 Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The device icon is not an exact representation of your device. device Computer Notebook computer Server Printer Firewall Telephone Switch Router NWA3000-N Series User’s Guide...
Page 6: Safety Warnings
• The PoE (Power over Ethernet) devices that supply or receive power and their connected Ethernet cables must all be completely indoors. • The indoors versions of this product are for indoor use only (utilisation intérieure exclusivement). This product is recyclable. Dispose of it properly. NWA3000-N Series User’s Guide...
Page 7: Table Of Contents
Wireless ...........................101 Device HA ..........................117 User ............................127 AP Profile ..........................135 MON Profile ..........................151 Certificates ..........................157 System ............................175 Log and Report ........................205 File Manager ...........................219 Diagnostics ..........................229 Reboot ............................237 Shutdown ..........................239 Troubleshooting ........................241 Product Specifications ......................251 NWA3000-N Series User’s Guide...
Page 8 Contents Overview NWA3000-N Series User’s Guide...
Page 9: Table Of Contents
2.2 Access ..........................27 2.3 The Main Screen ........................29 2.3.1 Title Bar ........................29 2.3.2 Navigation Panel ......................30 2.3.3 Warning Messages .....................33 2.3.4 Site Map ........................33 2.3.5 Object Reference ......................33 2.3.6 Tables and Lists ......................39 Chapter 3 Configuration Basics......................43 NWA3000-N Series User’s Guide...
Page 10 4.4 Dynamic Channel Selection ....................64 Part II: Technical Reference..............67 Chapter 5 Dashboard ..........................69 5.1 Overview ..........................69 5.1.1 What You Can Do in this Chapter ................69 5.2 Dashboard ..........................69 5.2.1 CPU Usage .........................73 5.2.2 Memory Usage ......................74 NWA3000-N Series User’s Guide...
Page 11 8.2.1 Add or Edit a DNS Setting ..................100 Chapter 9 Wireless ..........................101 9.1 Overview ..........................101 9.1.1 What You Can Do in this Chapter ................101 9.1.2 What You Need to Know ...................101 9.2 Controller ..........................102 9.3 AP Management ........................102 NWA3000-N Series User’s Guide...
Page 12 12.1.2 What You Need To Know ..................135 12.2 Radio ..........................136 12.2.1 Add/Edit Radio Profile ....................138 12.3 SSID ..........................142 12.3.1 SSID List .........................142 12.3.2 Security List ......................144 12.3.3 MAC Filter List ......................147 Chapter 13 MON Profile .......................... 151 NWA3000-N Series User’s Guide...
Page 13 15.5.5 HTTPS Example .....................183 15.6 SSH ..........................190 15.6.1 How SSH Works .....................191 15.6.2 SSH Implementation on the device ................192 15.6.3 Requirements for Using SSH ..................192 15.6.4 Configuring SSH .....................192 15.6.5 Examples of Secure Telnet Using SSH ..............193 NWA3000-N Series User’s Guide...
Page 14 18.1.1 What You Can Do in this Chapter ................229 18.2 Diagnostics ........................229 18.3 Packet Capture .......................230 18.3.1 Packet Capture Files .....................232 18.3.2 Example of Viewing a Packet Capture File .............232 18.4 Wireless Frame Capture ....................233 18.4.1 Wireless Frame Capture Files ................235 NWA3000-N Series User’s Guide...
Page 15 Product Specifications ......................251 22.1 Wall-Mounting Instructions ....................253 Appendix A Log Descriptions....................255 Appendix B Importing Certificates ..................273 Appendix C Wireless LANs....................287 Appendix D Open Software Announcements ..............299 Appendix E Legal Information....................343 Index ............................351 NWA3000-N Series User’s Guide...
Page 16 Table of Contents NWA3000-N Series User’s Guide...
Page 17: User's Guide
User’s Guide...
Page 19: Introduction
WLAN and security settings for various virtual and managed APs. Your device is easy to install, configure and use. The embedded Web-based configurator enables simple, straightforward management and maintenance. See the Quick Start Guide for how to make hardware connections. NWA3000-N Series User’s Guide...
Page 20: Applications For The Device
When the device is in AP + Bridge mode, security between APs (WDS) is independent of the security between the wireless stations and the AP. If you do not enable WDS security, traffic between APs is not encrypted. When WDS security is enabled, both APs must use the same pre- shared key. NWA3000-N Series User’s Guide...
Page 21: Mbssid
To the wireless clients in the network, each SSID appears to be a different access point. As in any wireless network, clients can associate only with the SSIDs for which they have the correct security settings. Section 4.1 on page 49 for an example of using MBSS. NWA3000-N Series User’s Guide...
Page 22: Management Mode
AP (C), which then automatically updates the configurations of the managed APs (M1 ~ M4). Figure 2 CAPWAP Network Example 1.4 Ways to Manage the device You can use the following ways to manage the device. Not all of these models were available at the time of writing. NWA3000-N Series User’s Guide...
Page 23: Good Habits For Managing The Device
• Change the password often. Use a password that’s not easy to guess and that consists of different types of characters, such as numbers and letters. • Write down the password and put it in a safe place. NWA3000-N Series User’s Guide...
Page 24: Hardware Connections
If you backed up an earlier configuration file, you won’t have to totally re-configure the device; you can simply restore your last configuration. 1.6 Hardware Connections See your Quick Start Guide for information on making hardware connections. NWA3000-N Series User’s Guide...
Page 25: Leds
Yellow The device has a 1000 Mbps Ethernet connection. Blinking The device has a 1000 Mbps Ethernet connection and is sending/receiving data. The device does not have an Ethernet connection. NWA3000-N Series User’s Guide...
Page 26: Starting And Stopping The Device
It does not stop the system processes or write cached data to local storage. The device does not stop or start the system processes when you apply configuration files or run shell scripts although you may temporarily lose access to network resources. NWA3000-N Series User’s Guide...
Page 27: The Web Configurator
The recommended screen resolution is 1024 x 768 pixels and higher. 2.2 Access Make sure your device hardware is properly connected. See the Quick Start Guide. Browse to https://192.168.1.2. The Login screen appears. Enter the user name (default: “admin”) and password (default: “1234”). NWA3000-N Series User’s Guide...
Page 28 Otherwise, the dashboard appears. This screen appears every time you log in using the default user name and default password. If you change the password for the default user account, this screen does not appear anymore. NWA3000-N Series User’s Guide...
Page 29: The Main Screen
• C - Main Window 2.3.1 Title Bar The title bar provides some useful links that always appear over the screens below, regardless of how deep into the Web Configurator you navigate. Figure 5 Title Bar NWA3000-N Series User’s Guide...
Page 30: Navigation Panel
2.3.2.1 Dashboard The dashboard displays general device information, system status, system resource usage, and interface status in widgets that you can re-arrange to suit your needs. For details on the Dashboard’s features, see Chapter 5 on page NWA3000-N Series User’s Guide...
Page 31: Configuration Menu
Active-Passive Configure active-passive mode device HA. Mode Object Users User Create and manage users. Setting Manage default settings for all users, general settings for user sessions, and rules to force user authentication. NWA3000-N Series User’s Guide...
Page 32 Manage and run shell script files for the device. Diagnostics Diagnostic Collect diagnostic information. Packet Capture Capture packets for analysis. Wireless Frame Capture wireless frames from APs for analysis. Capture Reboot Restart the device. Shutdown Turn off the device. NWA3000-N Series User’s Guide...
Page 33: Warning Messages
Figure 8 Site Map 2.3.5 Object Reference Click Object Reference to open the Object Reference screen. Select the type of object and the individual object and click Refresh to show which configuration settings reference the object. The NWA3000-N Series User’s Guide...
Page 34 This field identifies the configuration item that references the object. Description If the referencing configuration item has a description configured, it displays here. Refresh Click this to update the information in this screen. Cancel Click Cancel to close the screen. NWA3000-N Series User’s Guide...
Page 35 In addition to logging in directly to the device’s CLI, you can also log into other devices on the network through this Console. It uses SSH to establish a connection. NWA3000-N Series User’s Guide...
Page 36 This displays the username of the account currently logged into the device through the Console Window. Note: You can log into the Web Configurator with a different account than used to log into the device through the Console. NWA3000-N Series User’s Guide...
Page 37 • You are using the latest version of the Java program (http://www.java.com). To login in through the Console: Click the Console button on the Web Configurator title bar. Enter the IP address of the device and click OK. NWA3000-N Series User’s Guide...
Page 38 You may be prompted to authenticate your account password, depending on the type of device that you are logging into. Enter the password and click OK. If your login is successful, the command line appears and the status bar at the bottom of the Console updates to reflect your connection state. NWA3000-N Series User’s Guide...
Page 39: Tables And Lists
• Sort in descending (reverse) alphabetical order • Select which columns to display • Group entries by field • Show entries in groups • Filter by mathematical operators (<, >, or =) or searching for text. NWA3000-N Series User’s Guide...
Page 40 2.3.6.2 Working with Table Entries The tables have icons for working with table entries. A sample is shown next. You can often use the [Shift] or [Ctrl] key to select multiple entries to remove, activate, or deactivate. NWA3000-N Series User’s Guide...
Page 41 In some lists you can also use the [Shift] or [Ctrl] key to select multiple entries, and then use the arrow button to move them to the other list. Figure 12 Working with Lists NWA3000-N Series User’s Guide...
Page 42 Chapter 2 The Web Configurator NWA3000-N Series User’s Guide...
Page 43: Configuration Basics
This shows you the sequence of menu items and tabs you should click to find the main screen(s) for this feature. See the web help or the related User’s MENU ITEM(S) Guide chapter for information about each screen. NWA3000-N Series User’s Guide...
Page 44: Mgnt Mode
To increase network reliability, device HA lets a backup device automatically take over if a master device fails. Device HA is available when the device is in controller mode. Configuration > Device HA MENU ITEM(S) Interfaces (with a static IP address), to-device firewall PREREQUISITES NWA3000-N Series User’s Guide...
Page 45: Objects
Create radio profiles for the APs on your network. SSID Create SSID profiles for the APs on your network. Security Create security profiles for the APs on your network. MAC Filtering Create MAC filtering profiles for the APs on your network. NWA3000-N Series User’s Guide...
Page 46: Mon Profile
• Shell scripts. Use shell scripts to run a series of CLI commands. These are useful for large, repetitive configuration changes and for troubleshooting. You can edit configuration files and shell scripts in any text editor. Maintenance > File Manager MENU ITEM(S) NWA3000-N Series User’s Guide...
Page 47: Diagnostics
Always use Maintenance > Shutdown > Shutdown or the shutdown command before you turn off the device or remove the power. Not doing so can cause the firmware to become corrupt. Maintenance > Shutdown MENU ITEM(S) NWA3000-N Series User’s Guide...
Page 48 Chapter 3 Configuration Basics NWA3000-N Series User’s Guide...
Page 49: Tutorials
Requirements: A DHCP server (A) with Option 138, an AD server, a switch (B) that supports 802.1q, a Layer-3 routing device and a firewall (C). Note: In this topology the firewall, such as a ZyWALL, controls what services traffic from different VLANs can use. NWA3000-N Series User’s Guide...
Page 50: Set The Management Modes
In this example, the guest VLAN (102) can only access the Internet while the staff VLAN (101) has access to all aspects of the network. 4.1.1 Set the Management Modes Use this section to set the management modes for the controller and managed APs. NWA3000-N Series User’s Guide...
Page 51: Set The Lan Ip Address And Management Vlan (Vlan99)
4.1.2 Set the LAN IP Address and Management VLAN (vlan99) This section shows you how to set up the LAN IP address and the VLAN for managing the controller. This is only for network administrators to manage the controller. NWA3000-N Series User’s Guide...
Page 52: Set Up Wireless User Authentication
Note: If you did not replace the factory default certificate with one that uses your device's MAC address when you first logged into the device, do it now in the Object > Certificate > My Certificates screen. NWA3000-N Series User’s Guide...
Page 53 Open the Configuration > System > Auth. Server screen. Turn on the authentication server and select the certificate to use. Click Apply. Open the Configuration > Object > User > User screen and click Add. The Add A User window opens. NWA3000-N Series User’s Guide...
Page 54: Create The Ap Profiles (Staff, Guest)
Finally, you will associate them with a radio profile which is applied to your AP’s radio transmitter. Open the Configuration > Object > AP Profile > SSID > Security List screen and then click the Add button. NWA3000-N Series User’s Guide...
Page 55 Security Mode: Select wpa2 from the list of available wireless security encryption methods. Under Security Mode, select 802.1X then set the Radius Server Type to Internal. Click OK. Next, open the Configuration > Object > AP Profile > SSID > SSID List screen and click the Add button. NWA3000-N Series User’s Guide...
Page 56 SSID profile with the same settings except ‘guest’ as the profile name and SSID and 102 for the VLAN ID. Open the Configuration > Object> AP Profile > Radio screen and then double-click the default entry. NWA3000-N Series User’s Guide...
Page 57: Rogue Ap Detection
AP. • High security areas. An AP set to Monitor mode will let you see if anyone sets up an unauthorized AP that could potentially compromise your security. NWA3000-N Series User’s Guide...
Page 58 In this example, an employee illicitly connects his own AP (RG) to the network that the device manages. While not necessarily a malicious act, it can nonetheless have severe security consequences on the network. Figure 15 Rogue AP Example A NWA3000-N Series User’s Guide...
Page 59 Figure 16 Rogue AP Example B This tutorial shows you how to detect rogue APs on your network: Click Configuration > Object > MON Profile to open the MON Profile screen and click the Add button. NWA3000-N Series User’s Guide...
Page 60 AP scans each channel before moving on to the next. Scan Channel Mode: Set this to auto to automatically scan channels in the area. Click OK to save your changes. Next, click Configuration > Wireless > AP Management. NWA3000-N Series User’s Guide...
Page 61: Rogue Ap Containment
AP is connected directly to the network (such as plugged into a switch downstream of the device), then the network administrator must manually disconnect it. The device does not allow the isolation of a rogue AP connected directly to the network. NWA3000-N Series User’s Guide...
Page 62 Figure 17 Containing a Rogue AP This tutorial shows you how to quarantine a rogue AP on your network: Click Configuration > Wireless > MON Mode. NWA3000-N Series User’s Guide...
Page 63: Load Balancing
AP allows it to connect regardless.) The second response is to kick the connections until the AP is no longer considered overloaded. Both of these tactics are known as ‘load balancing’. This tutorial shows you how to configure the device’s load balancing feature. NWA3000-N Series User’s Guide...
Page 64: Dynamic Channel Selection
AP is using (or at least a channel that has a lower level of interference) in order to give the connected stations a minimum degree of channel interference. NWA3000-N Series User’s Guide...
Page 65 Select a 2.4 GHz Channel Deployment scheme. Choose Three-Channel Deployment to have the device rotate through 3 channels. Choose Four-Channel Deployment to have the device rotate through 4 channels, if allowed. Click Apply to save your changes. See also: Chapter 9 on page 101. NWA3000-N Series User’s Guide...
Page 66 Chapter 4 Tutorials NWA3000-N Series User’s Guide...
Page 67: Technical Reference
Technical Reference...
Page 69: Dashboard
5.2 Dashboard This screen is the first thing you see when you log into the device. It also appears every time you click the Dashboard icon in the navigation panel. The Dashboard displays general device NWA3000-N Series User’s Guide...
Page 70 Ethernet LAN port, the second MAC address is assigned to the first radio, and so on. Firmware This field displays the version number and date of the firmware the device is Version currently running. Click the icon to open the screen where you can upload firmware. NWA3000-N Series User’s Guide...
Page 71 This field displays the current date and time in the device. The format is yyyy- Time mm-dd hh:mm:ss. Current Login This field displays the user name used to log in to the current session, the User amount of reauthentication time remaining, and the amount of lease time remaining. NWA3000-N Series User’s Guide...
Page 72 (if it is the master) or the management IP address (if it is a backup). IP Assignment This field displays how the interface gets its IP address. Static - This interface has a static IP address. DHCP Client - This interface gets its IP address from a DHCP server. NWA3000-N Series User’s Guide...
Page 73: Cpu Usage
This displays the number of wireless clients connected to the device. 5.2.1 CPU Usage Use this screen to look at a chart of the device’s recent CPU usage. To access this screen, click CPU Usage in the dashboard. Figure 19 Dashboard > CPU Usage NWA3000-N Series User’s Guide...
Page 74: Memory Usage
The x-axis shows the time period over which the RAM usage occurred Refresh Interval Enter how often you want this window to be automatically updated. Refresh Now Click this to update the information in the window right away. NWA3000-N Series User’s Guide...
Page 75: Monitor
Friendly APs are other wireless access points that are detected in your network, as well as any others that you know are not a threat (those from neighboring networks, for example). See Chapter 13 on page 151 for details. NWA3000-N Series User’s Guide...
Page 76: Lan Status
Fault - This VRRP group is not functioning in the virtual router right now. For example, this might happen if the interface is down. n/a - Device HA is not active on the interface. This field displays the VLAN ID to which the interface belongs. NWA3000-N Series User’s Guide...
Page 77 Up Time This field displays how long the physical port has been connected. System Up Time This field displays how long the device has been running since it last restarted or was turned on. NWA3000-N Series User’s Guide...
Page 78: Lan Status Graph
This line represents the traffic received by the device on the physical port since it was last connected. Last Update This field displays the date and time the information in the window was last updated. NWA3000-N Series User’s Guide...
Page 79: Ap List
This is an AP that is on the management list and which is online. This is an AP that is in the process of having its firmware updated. This is an AP that is both on the management list and which is offline. NWA3000-N Series User’s Guide...
Page 80: Station Count Of Ap
The y-axis represents the number of connected stations. Time The x-axis shows the time over which a station was connected. Last Update This field displays the date and time the information in the window was last updated. NWA3000-N Series User’s Guide...
Page 81: Radio List
This displays the total number of packets transmitted by the radio. Rx FCS Error This indicates the number of received packet errors accrued by the radio. Count Tx Retry Count This indicates the number of times the radio has attempted to re-transmit packets. NWA3000-N Series User’s Guide...
Page 82: Ap Mode Radio Information
24 hours. To access this window, click the More Information button in the Radio List Statistics screen. Figure 26 Monitor > Wireless > AP Information > Radio List > More Information NWA3000-N Series User’s Guide...
Page 83 The x-axis shows the time over which a station was connected. Last Update This field displays the date and time the information in the window was last updated. Click this to close this window. Cancel Click this to close this window. NWA3000-N Series User’s Guide...
Page 84: Station List
Click this to refresh the items displayed on this page. 6.7 Rogue AP Use this screen to view information about suspected rogue APs. Click Monitor > Wireless > Rogue AP > Detected Device to access this screen. NWA3000-N Series User’s Guide...
Page 85: Legacy Device Info
When the device is in controller mode you can use this screen to configure and maintain a list of compatible legacy (NWA-3000 series) APs. Use the list to link to their Web Configurators. Click Monitor > Wireless > Rogue AP > Legacy Device Info to access this screen. Compatible legacy APs: NWA3000-N Series User’s Guide...
Page 86: Legacy Device Info Add Or Edit
Device Info and then click the Add button or select a radio profile from the list and click the Edit button to access this screen. Figure 30 Monitor > Wireless > Legacy Device Info > Add NWA3000-N Series User’s Guide...
Page 87: View Log
• For individual log descriptions, see Appendix A on page 255. • For the maximum number of log messages in the device, see Chapter 22 on page 251. NWA3000-N Series User’s Guide...
Page 88 Do not include the port in this filter. Destination This displays when you show the filter. Type the IP address of the destination of Address the incoming packet when the log message was generated. Do not include the port in this filter. NWA3000-N Series User’s Guide...
Page 89 This field displays the destination IP address and the port number of the event that generated the log message. Note This field displays any additional information about the log message. The Web Configurator saves the filter settings if you leave the View Log screen and return to it later. NWA3000-N Series User’s Guide...
Page 90: View Ap Log
This displays the MAC address for the selected AP. Log File Status This indicates the status of the AP’s log messages. Last Log Query This indicates the last time the AP was queried for its log messages. Time NWA3000-N Series User’s Guide...
Page 91 This displays content of the selected log message. Source This displays the source IP address of the selected log message. Destination This displays the source IP address of the selected log message. Note This displays any notes associated with the selected log message. NWA3000-N Series User’s Guide...
Page 92 Chapter 6 Monitor NWA3000-N Series User’s Guide...
Page 93: Management Mode
Access Points (CAPWAP) network. 7.2 About CAPWAP The device supports CAPWAP. This is ZyXEL’s implementation of the CAPWAP protocol (RFC 5415). The CAPWAP dataflow is protected by Datagram Transport Layer Security (DTLS). The following figure illustrates a CAPWAP wireless network. You (U) configure the AP controller (C), which then automatically updates the configurations of the managed APs (M1 ~ M4).
Page 94: Managed Ap Finds The Controller
• Activate DHCP. Your network’s DHCP server must support option 138 defined in RFC 5415. • Configure DHCP option 138 with the IP address of the CAPWAP AP controller on your network. NWA3000-N Series User’s Guide...
Page 95: Notes On Capwap
MANAGED 7.2.4 Notes on CAPWAP This section lists some additional features of ZyXEL’s implementation of the CAPWAP protocol. • When the AP controller uses its internal Remote Authentication Dial In User Service (RADIUS) server, managed APs also use the AP controller’s authentication server to authenticate wireless clients.
Page 96 If you changed the mode to Managed AP, you cannot log in as the web configurator is disabled; you must manage the device through the controller AP on your network. Reset Click this to return this screen to its previously-saved settings. NWA3000-N Series User’s Guide...
Page 97: Lan Setting
• If your ISP dynamically assigns the DNS server IP addresses (along with the device’s WAN IP address), set the DNS server fields to get the DNS server address from the ISP. • You can manually enter the IP addresses of other DNS servers. NWA3000-N Series User’s Guide...
Page 98: Lan Setting
Chapter 8 LAN Setting 8.2 LAN Setting This screen lists every Ethernet interface. To access this screen, click Configuration > LAN Setting. Figure 36 Configuration > LAN Setting NWA3000-N Series User’s Guide...
Page 99 Select this option to treat this VLAN ID as a VLAN created on the device and not one assigned to it from outside the network. Apply Click Apply to save your changes back to the device. Reset Click Reset to return the screen to its last-saved settings. NWA3000-N Series User’s Guide...
Page 100: Add Or Edit A Dns Setting
This appears when you set the Type to User-Defined. Enter the IP address of a DNS server. Click OK to save your customized settings and exit this screen. Cancel Click Cancel to exit this screen without saving NWA3000-N Series User’s Guide...
Page 101: Wireless
Wireless load balancing is the process where you limit the number of connections allowed on an wireless access point (AP) or you limit the amount of wireless traffic transmitted and received on it so the AP does not become overloaded. NWA3000-N Series User’s Guide...
Page 102: Controller
Click Reset to return the screen to its last-saved settings. 9.3 AP Management Use this screen to manage all of the APs connected to the device. Click Configuration > Wireless > AP Management to access this screen. This screen manages the device’s general wireless NWA3000-N Series User’s Guide...
Page 103 This field displays the ID of the AP’s management VLAN. Description This field displays the AP’s description, which you can configure by selecting the AP and clicking the Edit button. Figure 40 Configuration > Wireless > AP Management (Standalone Mode) NWA3000-N Series User’s Guide...
Page 104: Edit Ap List
This field displays the AP’s hardware model information. It displays “N/A” (not applicable) only when the AP disconnects from the device and the information is unavailable as a result. Description Enter a description for this AP. You can use up to 31 characters, spaces and underscores allowed. NWA3000-N Series User’s Guide...
Page 105: Mon Mode
Use this screen to assign APs either to the rogue AP list or the friendly AP list. A rogue AP is a wireless access point operating in a network’s coverage area that is not under the control of the network administrator, and which can potentially open up holes in a network’s security. NWA3000-N Series User’s Guide...
Page 106 To change the AP’s role, click the Edit button. MAC Address This field indicates the AP’s radio MAC address. Description This field displays the AP’s description. You can modify this by clicking the Edit button. NWA3000-N Series User’s Guide...
Page 107: Add/Edit Rogue/Friendly List
Enter up to 60 characters for the AP’s description. Spaces and underscores are allowed. Role Select either Rogue AP or Friendly AP for the AP’s role. Click OK to save your changes back to the device. Cancel Click Cancel to close the window with changes unsaved. NWA3000-N Series User’s Guide...
Page 108: Load Balancing
Note: If you enable this function, you should ensure that there are multiple APs within the broadcast radius that can accept any rejected or kicked wireless clients; otherwise, a wireless client attempting to connect to an overloaded AP will be kicked continuously and never be allowed to connect. NWA3000-N Series User’s Guide...
Page 109: Disassociating And Delaying Connections
AP over its allotment, say to 7 Mbps, then the AP delays the red laptop’s connection until it can afford the bandwidth or the laptop is picked up by a different AP with bandwidth to spare. Figure 45 Delaying a Connection NWA3000-N Series User’s Guide...
Page 110 If no connections are idle, the next criteria the device analyzes is signal strength. Devices with the weakest signal strength are kicked first. NWA3000-N Series User’s Guide...
Page 111: Dcs
APs within its broadcast radius. If the channel on which it is currently broadcasting suddenly comes into use by another AP, the device will then dynamically select the next available clean channel or a channel with lower interference. NWA3000-N Series User’s Guide...
Page 112 This allows the device to downgrade its frequency to below 5 GHz in the event a RADAR signal is detected, thus preventing it from interfering with that signal. Enabling this forces the AP to select a non-DFS channel. NWA3000-N Series User’s Guide...
Page 113: Technical Reference
In the 2.4 GHz spectrum, each channel from 1 to 13 is broken up into discrete 22 MHz segments that are spaced 5 MHz apart. Channel 1 is centered on 2.412 GHz while channel 13 is centered on 2.472 GHz. Figure 48 An Example Three-Channel Deployment NWA3000-N Series User’s Guide...
Page 114 AP. If he still connects to the AP regardless of the delay, then the AP may boot other people who are already connected in order to associate with the new connection. NWA3000-N Series User’s Guide...
Page 115 AP has the bandwidth to spare. If too many people connect and the AP hits its bandwidth cap then all new connections must basically wait for their turn or get shunted to the nearest identical AP. NWA3000-N Series User’s Guide...
Page 116 Chapter 9 Wireless NWA3000-N Series User’s Guide...
Page 117: Device Ha
You can configure a separate management IP address for each interface. You can use it to access the device for management whether the device is the master or a backup. The management IP address should be in the same subnet as the interface IP address. NWA3000-N Series User’s Guide...
Page 118: Before You Begin
This table shows the status of the interfaces that you selected for monitoring in Interface the other device HA screens. Summary This is the entry’s index number in the list. Interface These are the names of the interfaces that are monitored by device HA. NWA3000-N Series User’s Guide...
Page 119 Apply Click Apply to save your changes back to the device. Reset Click Reset to return the screen to its last-saved settings. NWA3000-N Series User’s Guide...
Page 120: Active-Passive Mode
HA settings, view and manage the list of monitored interfaces, and synchronize backup devices. To access this screen, click Configuration > Device HA > Active-Passive Mode. Figure 53 Configuration > Device HA > Active-Passive Mode NWA3000-N Series User’s Guide...
Page 121 Interface This field identifies the interface. At the time of writing, Ethernet and bridge interfaces can be included in the active-passive mode virtual router. The member interfaces of any bridge interfaces do not display separately. NWA3000-N Series User’s Guide...
Page 122 Apply This appears when the device is currently using active-passive mode device HA. Click Apply to save your changes back to the device. Reset Click Reset to return the screen to its last-saved settings. NWA3000-N Series User’s Guide...
Page 123: Edit Monitored Interface
Click OK to save your changes back to the device. Cancel Click Cancel to exit this screen without saving your changes. 10.4 Technical Reference The following section contains additional technical information about the features described in this chapter. NWA3000-N Series User’s Guide...
Page 124 Enable monitoring for the same interfaces on the master and backup devices. Each monitored interface must have a static IP address and be connected to the same subnet as the corresponding interface on the backup or master device. NWA3000-N Series User’s Guide...
Page 125 For example, device B takes over A’s 192.168.1.2 LAN interface IP address. This is a virtual router IP address. device A keeps it’s LAN management IP address of 192.168.1.5 and device B has its own LAN management IP address of 192.168.1.6. These do not change when device B becomes the master. NWA3000-N Series User’s Guide...
Page 126 Chapter 10 Device HA NWA3000-N Series User’s Guide...
Page 127: User
Perform basic diagnostics (CLI) Access Users user Used for the embedded RADIUS server and SNMPv3 user access Browse user-mode commands (CLI) Note: The default admin account is always authenticated locally, regardless of the authentication method setting. NWA3000-N Series User’s Guide...
Page 128: User Summary
The User Add/Edit screen allows you to create a new user account or edit an existing one. 11.2.1.1 Rules for User Names Enter a user name from 1 to 31 characters. The user name can only contain the following characters: • Alphanumeric A-z 0-9 (there is no unicode support) NWA3000-N Series User’s Guide...
Page 129 • shutdown • sshd • sync • uucp • zyxel To access this screen, go to the User screen, and click Add or Edit. Figure 58 Configuration > User > User > Add/Edit A User NWA3000-N Series User’s Guide...
Page 130: Setting
This screen controls default settings, login settings, lockout settings, and other user settings for the device. You can also use this screen to specify when users must log in to the device before it routes traffic for them. NWA3000-N Series User’s Guide...
Page 131 Edit Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings. This field is a sequential value, and it is not associated with a specific entry. NWA3000-N Series User’s Guide...
Page 132: Edit User Authentication Timeout Settings
This screen allows you to set the default authentication timeout settings for the selected type of user account. These default authentication timeout settings also control the settings for any existing user accounts that are set to use the default settings. You can still manually configure any user account’s authentication timeout settings. NWA3000-N Series User’s Guide...
Page 133 Unlike Lease Time, the user has no opportunity to renew the session without logging out. Click OK to save your changes back to the device. Cancel Click Cancel to exit this screen without saving your changes. NWA3000-N Series User’s Guide...
Page 134 Chapter 11 User NWA3000-N Series User’s Guide...
Page 135: Ap Profile
The SSID (Service Set IDentifier) is the name that identifies the Service Set with which a wireless station is associated. Wireless stations associating to the access point (AP) must have the same SSID. In other words, it is the name of the wireless network that clients use to connect to it. NWA3000-N Series User’s Guide...
Page 136: Radio
AP can use to configure either one of its two radio transmitters. To access this screen click Configuration > Object > AP Profile. Note: You can have a maximum of 32 radio profiles on the device. Figure 61 Configuration > Object > AP Profile > Radio NWA3000-N Series User’s Guide...
Page 137 This field indicates the name assigned to the radio profile. Frequency Band This field indicates the frequency band which this radio profile is configured to use. Channel ID This field indicates the broadcast channel which this radio profile is configured to use. NWA3000-N Series User’s Guide...
Page 138: Add/Edit Radio Profile
Click this to hide or show the Advanced Settings in this window. Advanced Settings Create New Object Select an item from this menu to create a new object of that type. Any objects created in this way are automatically linked to this radio profile. General Settings NWA3000-N Series User’s Guide...
Page 139 802.11n MAC header. This method is useful for increasing bandwidth throughput. It is also more efficient than A-MPDU except in environments that are prone to high error rates. A-MSDU Limit Enter the maximum frame size to be aggregated. NWA3000-N Series User’s Guide...
Page 140 • Basic Rate (Mbps) - Set the basic rate configuration in Mbps. • Support Rate (Mbps) - Set the support rate configuration in Mbps. • MCS Rate - Set the MCS rate configuration. NWA3000-N Series User’s Guide...
Page 141 WDS. AES provides superior security to TKIP. Use AES if the other access points on your network support it for the WDS. Note: At the time of writing, this option is compatible with other ZyXEL NWA access points only. When you enable WDS security, for each access point in your WDS enter the AP’s MAC address and a pre-shared key.
Page 142: Ssid
This field indicates the QoS type associated with the SSID profile. MAC Filtering This field indicates which (if any) MAC Filter Profile is associated with the SSID Profile profile. VLAN ID This field indicates the VLAN ID associated with the SSID profile. NWA3000-N Series User’s Guide...
Page 143 SSID by wireless client MAC addresses. Any clients that have MAC addresses not in the MAC filtering profile of allowed addresses are denied connections. The disable setting means no MAC filtering is used. NWA3000-N Series User’s Guide...
Page 144: Security List
This screen allows you to manage wireless security configurations that can be used by your SSIDs. Wireless security is implemented strictly between the AP broadcasting the SSID and the stations that are connected to it. To access this screen click Configuration > Object > AP Profile > SSID > Security List. NWA3000-N Series User’s Guide...
Page 145 Add button or select a security profile from the list and click the Edit button. Note: This screen’s options change based on the Security Mode selected. Only the default screen is displayed here. Figure 66 SSID > Security Profile > Add/Edit Security Profile NWA3000-N Series User’s Guide...
Page 146 Enter the idle interval (in seconds) that a client can be idle before authentication is discontinued. Authentication Type Select a WEP authentication method. Choices are Open or Share key. Share key is only available if you are not using 802.1x. NWA3000-N Series User’s Guide...
Page 147: Mac Filter List
12.3.3 MAC Filter List This screen allows you to create and manage security configurations that can be used by your SSIDs. To access this screen click Configuration > Object > AP Profile > SSID > MAC Filter List. NWA3000-N Series User’s Guide...
Page 148 This screen allows you to create a new MAC filtering profile or edit an existing one. To access this screen, click the Add button or select a MAC filter profile from the list and click the Edit button. NWA3000-N Series User’s Guide...
Page 149 This field specifies a MAC address associated with this profile. Description This field displays a description for the MAC address associated with this profile. You can click the description to make it editable. Enter up to 60 characters, spaces and underscores allowed. NWA3000-N Series User’s Guide...
Page 150 Chapter 12 AP Profile NWA3000-N Series User’s Guide...
Page 151: Mon Profile
802.11 frequencies by sending probe request frames. Passive Scan A passive scan is performed when an 802.11-compatible monitoring device is set to periodically listen to a specified channel or number of channels for other wireless devices broadcasting on the 802.11 frequencies. NWA3000-N Series User’s Guide...
Page 152: Mon Profile
This field is a sequential value, and it is not associated with a specific profile. Status This field shows whether or not the entry is activated. Profile Name This field indicates the name assigned to the monitor profile. NWA3000-N Series User’s Guide...
Page 153: Add/Edit Mon Profile
Select auto to have the AP switch to the next sequential channel once the Channel dwell time expires. Select manual to set specific channels through which to cycle sequentially when the Channel dwell time expires. Selecting this options makes the Scan Channel List options available. NWA3000-N Series User’s Guide...
Page 154: Technical Reference
(A). The company’s legitimate wireless network (the dashed ellipse B) is well-secured, but the rogue AP uses inferior security that is easily broken by an attacker (X) running readily available NWA3000-N Series User’s Guide...
Page 155 (those from recognized networks, for example). It is recommended that you export (save) your list of friendly APs often, especially if you have a network with a large number of access points. NWA3000-N Series User’s Guide...
Page 156 Chapter 13 MON Profile NWA3000-N Series User’s Guide...
Page 157: Certificates
Jenny receives the message and uses Tim’s public key to verify it. Jenny knows that the message is from Tim, and that although other people may have been able to read the message, no-one can have altered it (because they cannot re-sign the message with Tim’s private key). NWA3000-N Series User’s Guide...
Page 158 The device currently allows the importation of a PKS#7 file that contains a single certificate. • PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses lowercase letters, uppercase letters and numerals to convert a binary PKCS#7 certificate into a printable form. NWA3000-N Series User’s Guide...
Page 159: Verifying A Certificate
Use a secure method to verify that the certificate owner has the same information in the Thumbprint Algorithm and Thumbprint fields. The secure method may very based on your situation. Possible examples would be over the telephone or through an HTTPS connection. NWA3000-N Series User’s Guide...
Page 160: My Certificates
This field displays the certificate index number. The certificates are listed in alphabetical order. Name This field displays the name used to identify this certificate. It is recommended that you give each certificate a unique name. NWA3000-N Series User’s Guide...
Page 161 Expired! message if the certificate has expired. Import Click Import to open a screen where you can save a certificate to the device. Refresh Click Refresh to display the current validity status of the certificates. NWA3000-N Series User’s Guide...
Page 162: Add My Certificates
My Certificates Add screen. Use this screen to have the device create a self-signed certificate, enroll a certificate with a certification authority or generate a certification request. Figure 73 Configuration > Object > Certificate > My Certificates > Add NWA3000-N Series User’s Guide...
Page 163 Use the My Certificate Details screen to view the certification request and locally for later copy it to send to the certification authority. manual enrollment Copy the certification request from the My Certificate Details screen and then send it to the certification authority. NWA3000-N Series User’s Guide...
Page 164 My Certificate Create screen. Click Return and check your information in the My Certificate Create screen. Make sure that the certification authority information is correct and that your Internet connection is working properly if you want the device to enroll a certificate online. NWA3000-N Series User’s Guide...
Page 165: Edit My Certificates
Click Configuration > Object > Certificate > My Certificates and then the Edit icon to open the My Certificate Edit screen. You can use this screen to view in-depth certificate information and change the certificate’s name. Figure 74 Configuration > Object > Certificate > My Certificates > Edit NWA3000-N Series User’s Guide...
Page 166 (the device uses RSA encryption) and the length of the key set in bits (1024 bits for example). Subject Alternative This field displays the certificate owner‘s IP address (IP), domain name (DNS) Name or e-mail address (EMAIL). NWA3000-N Series User’s Guide...
Page 167: Import Certificates
Note: You can import a certificate that matches a corresponding certification request that was generated by the device. You can also import a certificate in PKCS#12 format, including the certificate’s public and private keys. NWA3000-N Series User’s Guide...
Page 168: Trusted Certificates
Click Configuration > Object > Certificate > Trusted Certificates to open the Trusted Certificates screen. This screen displays a summary list of certificates that you have set the device to accept as trusted. The device also accepts any valid certificate signed by a certificate on this list NWA3000-N Series User’s Guide...
Page 169 Click Import to open a screen where you can save the certificate of a certification authority that you trust, from your computer to the device. Refresh Click this button to display the current validity status of the certificates. NWA3000-N Series User’s Guide...
Page 170: Edit Trusted Certificates
Figure 77 Configuration > Object > Certificate > Trusted Certificates > Edit NWA3000-N Series User’s Guide...
Page 171 This field displays the certificate’s identification number given by the certification authority. Subject This field displays information that identifies the owner of the certificate, such as Common Name (CN), Organizational Unit (OU), Organization (O) and Country (C). NWA3000-N Series User’s Guide...
Page 172 Save. Click OK to save your changes back to the device. You can only change the name. Cancel Click Cancel to quit and return to the Trusted Certificates screen. NWA3000-N Series User’s Guide...
Page 173: Import Trusted Certificates
The second is a reduction in network traffic since the device only gets information on the certificates that it needs to verify, not a huge list. When the device requests certificate status information, the OCSP server returns a “expired”, “current” or “unknown” response. NWA3000-N Series User’s Guide...
Page 174 Chapter 14 Certificates NWA3000-N Series User’s Guide...
Page 175: System
(Section 15.9 on page 196) configure the device’s SNMP settings, including profiles that define allowed SNMPv3 access. • The Auth. Server screens (Section 15.10 on page 200) configure settings for the device’s built- in authentication server. NWA3000-N Series User’s Guide...
Page 176: Host Name
15.3 Date and Time For effective scheduling and logging, the device system time must be accurate. The device has a software mechanism to set the time manually or get the current time and date from an external server. NWA3000-N Series User’s Guide...
Page 177 This field displays the last updated date from the time server or the last date (yyyy-mm-dd) configured manually. When you set Time and Date Setup to Manual, enter the new date in this field and then click Apply. NWA3000-N Series User’s Guide...
Page 178 For example, if you set this field to 3.5, a log occurred at 6 P.M. in local official time will appear as if it had occurred at 10:30 P.M. Apply Click Apply to save your changes back to the device. Reset Click Reset to return the screen to its last-saved settings. NWA3000-N Series User’s Guide...
Page 179: Pre-Defined Ntp Time Servers List
Enter the device’s date in the New Date field. Under Time Zone Setup, select your Time Zone from the list. As an option you can select the Enable Daylight Saving check box to adjust the device clock for daylight savings. Click Apply. NWA3000-N Series User’s Guide...
Page 180: Console Speed
The Console Port Speed applies to a console port connection using terminal emulation software and NOT the Console in the device Web Configurator Status screen. Apply Click Apply to save your changes back to the device. Reset Click Reset to return the screen to its last-saved settings. NWA3000-N Series User’s Guide...
Page 181: Www Overview
HTTPS on the device is used so that you can securely access the device using the Web Configurator. The SSL protocol specifies that the HTTPS server (the device) must always authenticate itself to the HTTPS client (the computer which requests the HTTPS connection with the device), whereas the NWA3000-N Series User’s Guide...
Page 182: Configuring Www Service Control
15.5.4 Configuring WWW Service Control Click Configuration > System > WWW to open the WWW screen. Use this screen to specify HTTP or HTTPS settings. Figure 85 Configuration > System > WWW > Service Control NWA3000-N Series User’s Guide...
Page 183: Https Example
When you attempt to access the device HTTPS server, a Windows dialog box pops up asking if you trust the server certificate. Click View Certificate if you want to verify that the certificate is from the device. NWA3000-N Series User’s Guide...
Page 184 • To have the browser trust the certificates issued by a certificate authority, import the certificate authority’s certificate into your operating system as a trusted certificate. Refer to Appendix B on page 273 for details. NWA3000-N Series User’s Guide...
Page 185 Apply for a certificate from a Certification Authority (CA) that is trusted by the device (see the device’s Trusted CA Web Configurator screen). Figure 88 Trusted Certificates The CA sends you a package containing the CA’s trusted certificate(s), your personal certificate(s) and a password to install the personal certificate(s). NWA3000-N Series User’s Guide...
Page 186 You need a password in advance. The CA may issue the password or you may have to specify it during the enrollment. Double-click the personal certificate given to you by the CA to produce a screen similar to the one shown next NWA3000-N Series User’s Guide...
Page 187 Chapter 15 System Click Next to begin the wizard. The file name and path of the certificate you double-clicked should automatically appear in the File name text box. Click Browse if you wish to import a different certificate. NWA3000-N Series User’s Guide...
Page 188 Enter the password given to you by the CA. Have the wizard determine where the certificate should be saved on your computer or select Place all certificates in the following store and choose a different location. NWA3000-N Series User’s Guide...
Page 189 You should see the following screen when the certificate is correctly installed on your computer. 15.5.5.7 Using a Certificate When Accessing the device To access the device via HTTPS: Enter ‘https://device IP Address/ in your browser’s web address field. NWA3000-N Series User’s Guide...
Page 190: Ssh
You can use SSH (Secure SHell) to securely access the device’s command line interface. SSH is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network. In the NWA3000-N Series User’s Guide...
Page 191: How Ssh Works
The client automatically saves any new server public keys. In subsequent connections, the server public key is checked against the saved version on the client computer. Encryption Method Once the identification is verified, both the client and server must agree on the type of encryption method to use. NWA3000-N Series User’s Guide...
Page 192: Ssh Implementation On The Device
15.6.4 Configuring SSH Click Configuration > System > SSH to open the following screen. Use this screen to configure your NWA3000-N series AP’s Secure Shell settings. Note: It is recommended that you disable Telnet and FTP when you configure SSH for secure connections.
Page 193: Examples Of Secure Telnet Using Ssh
A window displays prompting you to store the host key in you computer. Click Yes to continue. Figure 92 SSH Example 1: Store Host Key Enter the password to log in to the device. The CLI screen displays next. NWA3000-N Series User’s Guide...
Page 194 The authenticity of host '192.168.1.2 (192.168.1.2)' can't be established. RSA1 key fingerprint is 21:6c:07:25:7e:f4:75:80:ec:af:bd:d4:3d:80:53:d1. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.2' (RSA1) to the list of known hosts. Administrator@192.168.1.2's password: The CLI screen displays next. NWA3000-N Series User’s Guide...
Page 195: Telnet
You can upload and download the device’s firmware and configuration files using FTP. To use this feature, your computer must have an FTP client. See Chapter 17 on page 219 for more information about firmware and configuration files. NWA3000-N Series User’s Guide...
Page 196: Snmp
Simple Network Management Protocol is a protocol used for exchanging management information between network devices. Your device supports SNMP agent functionality, which allows a manager station to manage and monitor the device through the network. The device supports SNMP version NWA3000-N Series User’s Guide...
Page 197 Get operation, followed by a series of GetNext operations. • Set - Allows the manager to set values for object variables within an agent. • Trap - Used by the agent to inform the manager of some events. NWA3000-N Series User’s Guide...
Page 198: Supported Mibs
15.9.1 Supported MIBs The device supports MIB II that is defined in RFC-1213 and RFC-1215. The device also supports private MIBs (ZYXEL-ES-CAPWAP.MIB, ZYXEL-ES-COMMON.MIB, ZYXEL-ES-HYBRIDAP.MIB, ZYXEL- ES-PROWLAN.MIB, ZYXEL-ES-RFMGMT.MIB, ZYXEL-ES-SMI.MIB, and ZYXEL-ES-WIRELESS.MIB) to collect information about CPU and memory usage and VPN total throughput. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance.
Page 199 This field displays whether the SNMPv3 user can have read-only or read and write access to the device using this SNMPv3 user profile. Apply Click Apply to save your changes back to the device. Reset Click Reset to return the screen to its last-saved settings. NWA3000-N Series User’s Guide...
Page 200: Adding Or Editing An Snmpv3 User Profile
The device can use its internal Remote Authentication Dial In User Service (RADIUS) server to authenticate the wireless clients of trusted APs. RADIUS is a protocol that enables you to control access to a network by authenticating user credentials. NWA3000-N Series User’s Guide...
Page 201: Configuring The Internal Radius Server
APs. A trusted AP is an AP that uses the device’s internal RADIUS server to authenticate its wireless clients. Each wireless client must have a user name and password configured in the Object > Users screen. NWA3000-N Series User’s Guide...
Page 202 This field indicates the subnet mask of the trusted AP in dotted decimal notation. The subnet mask indicates what part of the IP address is the same for all computers in the network. Description This field shows the information listed to help identify the trusted AP profile. NWA3000-N Series User’s Guide...
Page 203: Adding Or Editing A Trusted Ap Profile
“external RADIUS” server fields of the trusted AP. Description Type some information to help identify the trusted AP. Click OK to save your changes back to the device. Cancel Click Cancel to exit this screen without saving your changes. NWA3000-N Series User’s Guide...
Page 204: Technical Reference
CHAPv2 settings, clear the Use Windows logon name and password check box. When authentication begins, a pop-up dialog box requests you to type a Name, Password and Domain of the RADIUS server. Specify a name and password only, do not specify a domain. NWA3000-N Series User’s Guide...
Page 205: Log And Report
16.2 Email Daily Report Use this screen to start or stop data collection and view various statistics about traffic passing through your device. Note: Data collection may decrease the device’s traffic throughput rate. NWA3000-N Series User’s Guide...
Page 206 Click Configuration > Log & Report > Email Daily Report to display the following screen. Configure this screen to have the device e-mail you system statistics every day. Figure 103 Configuration > Log & Report > Email Daily Report (Standalone Mode) NWA3000-N Series User’s Guide...
Page 207: Log Setting
The Log Setting tab also controls what information is saved in each log. For the system log, you can also specify which log messages are e-mailed, where they are e-mailed, and how often they are e-mailed. For alerts, the Log Settings tab controls which events generate alerts and where alerts are e- mailed. NWA3000-N Series User’s Guide...
Page 208: Log Setting Summary
To turn off an entry, select it and click Inactivate. This field is a sequential value, and it is not associated with a specific log. Name This field displays the name of the log (system log or one of the remote servers). NWA3000-N Series User’s Guide...
Page 209 Log Format This field displays the format of the log. Internal - system log; you can view the log on the View Log tab. VRPT/Syslog - ZyXEL’s Vantage Report, syslog-compatible format. CEF/Syslog - Common Event Format, syslog-compatible format. Summary This field is a summary of the settings for each log.
Page 210: Edit Log Settings
Select this to send log messages and alerts according to the information in this section. You specify what kinds of log messages are included in log information and what kinds of log messages are included in alerts in the Active Log and Alert section. NWA3000-N Series User’s Guide...
Page 211 2 settings. enable normal logs (green check mark) - e-mail log messages for all categories to e-mail server 2. enable alert logs (red exclamation point) - e-mail alerts for all categories to e-mail server 2. NWA3000-N Series User’s Guide...
Page 212 “[count=x]”, where x is the number of original log messages, appended at the end of the Message field. Click this to save your changes and return to the previous screen. Cancel Click this to return to the previous screen without saving your changes. NWA3000-N Series User’s Guide...
Page 213: Edit Remote Server
This screen controls the settings for each log in the remote server (syslog). Go to the Log Settings Summary screen and click a remote server Edit icon. Figure 106 Configuration > Log & Report > Log Setting > Edit Remote Server NWA3000-N Series User’s Guide...
Page 214: Active Log Summary
Active Log section. Log Format This field displays the format of the log information. It is read-only. VRPT/Syslog - ZyXEL’s Vantage Report, syslog-compatible format. CEF/Syslog - Common Event Format, syslog-compatible format. Server Type the server name or the IP address of the syslog server to which to send log Address information.
Page 215 Figure 107 Active Log Summary This screen provides a different view and a different way of indicating which messages are included in each log and each alert. (The Default category includes debugging messages generated by open source software.) NWA3000-N Series User’s Guide...
Page 216 Log Category This field displays each category of messages. It is the same value used in the Display and Category fields in the View Log tab. The Default category includes debugging messages generated by open source software. NWA3000-N Series User’s Guide...
Page 217 (yellow check mark) - log regular information, alerts, and debugging information from this category Click this to save your changes and return to the previous screen. Cancel Click this to return to the previous screen without saving your changes. NWA3000-N Series User’s Guide...
Page 218 Chapter 16 Log and Report NWA3000-N Series User’s Guide...
Page 219: File Manager
# enter configuration mode configure terminal # change administrator password username admin password 4321 user-type admin #configure default radio profile, change 2GHz channel to 11 & Tx output power # to wlan-radio-profile default 2g-channel 11 output-power 50% exit write NWA3000-N Series User’s Guide...
Page 220: Configuration File
The device still generates a log for any errors. 17.2 Configuration File Click Maintenance > File Manager > Configuration File to open this screen. Use the Configuration File screen to store, run, and name configuration files. You can also download NWA3000-N Series User’s Guide...
Page 221 The device still generates a log for any errors. Figure 108 Maintenance > File Manager > Configuration File Do not turn off the device while configuration file upload is in progress. NWA3000-N Series User’s Guide...
Page 222 Specify a name for the duplicate configuration file. Use up to 25 characters (including a-zA-Z0-9;‘~!@#$%^&()_+[]{}’,.=-). Click OK to save the duplicate or click Cancel to close the screen without saving a duplicate of the configuration file. NWA3000-N Series User’s Guide...
Page 223 This column displays the number for each configuration file entry. This field is a sequential value, and it is not associated with a specific address. The total number of configuration files that you can save depends on the sizes of the configuration files and the available flash storage space. NWA3000-N Series User’s Guide...
Page 224: Firmware Package
See the CLI Reference Guide for how to determine if you need to recover the firmware and how to recover it. Find the firmware package at www.zyxel.com in a file that (usually) uses a .bin extension. NWA3000-N Series User’s Guide...
Page 225 The device automatically restarts causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 110 Network Temporarily Disconnected After five minutes, log in again and check your new firmware version in the Dashboard screen. NWA3000-N Series User’s Guide...
Page 226: Shell Script
Specify a name for the duplicate file. Use up to 25 characters (including a-zA-Z0- 9;‘~!@#$%^&()_+[]{}’,.=-). Click OK to save the duplicate or click Cancel to close the screen without saving a duplicate of the configuration file. NWA3000-N Series User’s Guide...
Page 227 Type in the location of the file you want to upload in this field or click Browse ... to find Browse... Click Browse... to find the .zysh file you want to upload. Upload Click Upload to begin the upload process. This process may take up to several minutes. NWA3000-N Series User’s Guide...
Page 228 Chapter 17 File Manager NWA3000-N Series User’s Guide...
Page 229: Diagnostics
This screen provides an easy way for you to generate a file containing the device’s configuration and diagnostic information. You may need to generate this file and send it to customer support during troubleshooting. Click Maintenance > Diagnostics to open the Diagnostic screen. Figure 112 Maintenance > Diagnostics NWA3000-N Series User’s Guide...
Page 230: Packet Capture
Click Maintenance > Diagnostics > Packet Capture to open the packet capture screen. Note: New capture files overwrite existing files of the same name. Change the File Suffix field’s setting to avoid this. Figure 113 Maintenance > Diagnostics > Packet Capture > Capture NWA3000-N Series User’s Guide...
Page 231 Once the flash storage space is full, adding more packet captures will fail. Stop Click this button to stop a currently running packet capture and generate a separate capture file for each selected interface. Reset Click this button to return the screen to its last-saved settings. NWA3000-N Series User’s Guide...
Page 232: Packet Capture Files
Here is an example of a packet capture file viewed in the Wireshark packet analyzer. Notice that the size of frame 15 on the wire is 1514 bytes while the captured size is only 1500 bytes. The device NWA3000-N Series User’s Guide...
Page 233: Wireless Frame Capture
Use this screen to capture wireless network traffic going through the AP interfaces connected to your device. Studying these frame captures may help you identify network problems. Click Maintenance > Diagnostics > Wireless Frame Capture to display this screen. NWA3000-N Series User’s Guide...
Page 234 The valid range is 1 to 50000. The device stops the capture and generates the capture file when either the file reaches this size or the time period specified in the Duration field expires. NWA3000-N Series User’s Guide...
Page 235: Wireless Frame Capture Files
Click a file to select it and click Download to save it to your computer. This column displays the number for each packet capture file entry. The total number of packet capture files that you can save depends on the file sizes and the available flash storage space. NWA3000-N Series User’s Guide...
Page 236 This column displays the label that identifies the file. The file name format is interface name-file suffix.cap. Size This column displays the size (in bytes) of a configuration file. Last Modified This column displays the date and time that the individual files were saved. NWA3000-N Series User’s Guide...
Page 237: Reboot
Click the Reboot button to restart the device. Wait a few minutes until the login screen appears. If the login screen does not appear, type the IP address of the device in your Web browser. You can also use the CLI command reboot to restart the device. NWA3000-N Series User’s Guide...
Page 238 Chapter 19 Reboot NWA3000-N Series User’s Guide...
Page 239: Shutdown
Click the Shutdown button to shut down the device. Wait for the device to shut down before you manually turn off or remove the power. It does not turn off the power. You can also use the CLI command shutdown to shutdown the device. NWA3000-N Series User’s Guide...
Page 240 Chapter 20 Shutdown NWA3000-N Series User’s Guide...
Page 241: Troubleshooting
Section 1.7 on page Check the hardware connections. See the Quick Start Guide. Inspect your cables for damage. Contact the vendor to replace any damaged cables. Disconnect and re-connect the power adaptor or PoE power injector to the device. NWA3000-N Series User’s Guide...
Page 242: Device Access And Login
Reset the device to its factory defaults, and try to access the device with the default IP address. See your Quick Start Guide. If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions NWA3000-N Series User’s Guide...
Page 243 VT100 terminal emulation. 115200 bps is the default speed on leaving the factory. Try other speeds in case the speed has been changed. No parity, 8 data bits, 1 stop bit, data flow set to none. NWA3000-N Series User’s Guide...
Page 244: Internet Access
There might be a lot of traffic on the network. Look at the LEDs, and check Section 1.7 on page If the device is sending or receiving a lot of information, try closing some programs that use the Internet, especially peer-to-peer applications. NWA3000-N Series User’s Guide...
Page 245: Wireless Ap Troubleshooting
It is strongly recommended that you use a more effective security mechanism. Use the strongest security mechanism that all the wireless devices in your network support. WPA2 or WPA2- PSK is recommended. The wireless security is not following the re-authentication timer setting I specified. NWA3000-N Series User’s Guide...
Page 246 • Binary X.509: This is an ITU-T recommendation that defines the formats for X.509 certificates. • PEM (Base-64) encoded X.509: This Privacy Enhanced Mail format uses lowercase letters, uppercase letters and numerals to convert a binary X.509 certificate into a printable form. NWA3000-N Series User’s Guide...
Page 247 My packet capture captured less than I wanted or failed. The packet capture screen’s File Size sets a maximum size limit for the total combined size of all the capture files on the device, including any existing capture files and any new capture files you NWA3000-N Series User’s Guide...
Page 248 • The CAPWAP daemon may be down. Use the device’s built-in diagnostic tools and CLI console to get CAPWAP debug messages which can later be sent to customer service for analysis. NWA3000-N Series User’s Guide...
Page 249: Resetting The Device
Release the RESET button, and wait for the device to restart. You should be able to access the device using the default settings. 21.7 Getting More Troubleshooting Help Search for support information for your model at www.zyxel.com for more troubleshooting suggestions. NWA3000-N Series User’s Guide...
Page 250 Chapter 21 Troubleshooting NWA3000-N Series User’s Guide...
Page 251: Product Specifications
IEEE 802.11an: HT20 / HT40 5250 - 5850 Using single antenna: 13.5 dBm Using three antennas: 18 dBm Theft Prevention Kengsinton slot Operating Temperature 0 ~ 40 º C Storage Temperature -30 ~ 70 º C Operating Humidity 10 ~ 90 % (non-condensing) NWA3000-N Series User’s Guide...
Page 252 AP Load Balancing The device can balance wireless network traffic between the APs on your network by station quantity or by traffic volume. Wireless Intrusion Rogue AP detection, classification, and suppression Prevention VLAN 802.1Q VLAN tagging NWA3000-N Series User’s Guide...
Page 253: Wall-Mounting Instructions
Select a position free of obstructions on a sturdy wall. Drill two holes for the screws. Be careful to avoid damaging pipes or cables located inside the wall when drilling holes for the screws. NWA3000-N Series User’s Guide...
Page 254 Align the holes on the back of the device with the screws on the wall. Hang the device on the screws. Figure 120 Wall-mounting Example The following are dimensions of an M4 tap screw and masonry plug used for wall mounting. All measurements are in millimeters (mm). Figure 121 Masonry Plug and M4 Tap Screw NWA3000-N Series User’s Guide...
Page 255: Appendix A Log Descriptions
1st:zysh entry name can't retrieve entry: 1st:zysh entry name can't get entry: %s! 1st:zysh entry name can't print entry: %s! 1st:zysh list name %s: cannot retrieve entries from list! 1st:zysh entry index can't get name for entry %d! NWA3000-N Series User’s Guide...
Page 256 1st:zysh entry num Unable to move entry #%d! 1st:zysh table name %s: apply failed at initial stage! 1st:zysh table name %s: apply failed at main stage! 1st:zysh table name %s: apply failed at closing stage! NWA3000-N Series User’s Guide...
Page 257 %u.%u.%u.%u: the source address of the user’s login attempt address) The device blocked a login because the maximum login capacity for Failed login attempt to the particular service has already been reached. EnterpriseWLAN from %s (reach the max. number %s: service name of user) NWA3000-N Series User’s Guide...
Page 258 An administrator changed the port number for SSH back to the SSH port has been default (22). changed to default port. An administrator assigned a nonexistent certificate to SSH. SSH certificate:%s does not exist. SSH %s is certificate name assigned by user service will not work. NWA3000-N Series User’s Guide...
Page 259 Zone Forwarder have reached the maximum number of 128 DNS servers. Ping check ok, add DNS servers in bind. Interface %s ping check is successful. %s is interface name Zone Forwarder adds DNS servers in records. NWA3000-N Series User’s Guide...
Page 260 A packet was received but it is not an ARP response packet. Received packet is not an ARP response packet The device received an ARP response. Receive an ARP response The device received an ARP response from the listed source. Receive ARP response from %s (%s) NWA3000-N Series User’s Guide...
Page 261 Device is rebooted by administrator! There was an error and the diagnostics were not completed. Collect Diagnostic Information has failed - Server did not respond. The diagnostics scripts were executed successfully. Collect Diagnostic Infomation has succeeded. NWA3000-N Series User’s Guide...
Page 262 Synchronization failed because the Backup could not connect to the Sync Failed: Cannot Master. The object to be synchronized, 2ed %s: The feature name for connect to Master when the object to be synchronized. syncing %s for %s. NWA3000-N Series User’s Guide...
Page 263 Recovery succeeded when an update for the specified object failed. Recovering to Backup original state for %s has succeeded. %s: IP or FQDN of Master One of VRRP groups has became avtive. Device HA Sync has aborted from Master %s. NWA3000-N Series User’s Guide...
Page 264 Certificate issuer was not valid (CA specific information missing). (Not used) CRL is too old. CRL is not valid. CRL signature was not verified correctly. CRL was not found (anywhere). CRL was not added to the cache. NWA3000-N Series User’s Guide...
Page 265 There was an EAP timeout for a wireless client connected to the WPA or WPA2 enterprise specified WLAN interface (first %s). The MAC address of the wireless EAP timeout. client is listed (second %s). Interface: %s, MAC: NWA3000-N Series User’s Guide...
Page 266 Account %s %s has been changed. 1st %s: profile type, 2nd %s: profile name. A user added a new ISP account profile. Account %s %s has been added. 1st %s: profile type, 2nd %s: profile name. NWA3000-N Series User’s Guide...
Page 267 Sending ACK to %s is sending an ACK to the client. The DHCP server feature assigned a client the IP address that it DHCP server assigned requested. The DHCP client’s hostname and MAC address are listed. %s to %s(%s) NWA3000-N Series User’s Guide...
Page 268 10th %s: Managed AP State. The specified AP from un-managed list was added to managed list. Add a Managed AP. MACAddr:%02x%02x%02x%0 1st %02x ~ 6th %02x: Managed AP MAC Address. 2x%02x%02x, Model:%s 7th %s: Managed AP Model Name. NWA3000-N Series User’s Guide...
Page 269 Start Send Updating AP on the Managed List. Configuration to Managed AP. 1st %02x ~ 6th %02x: Managed AP MAC Address. MACAddr:%02x%02x%02x%0 7th %s: Managed AP Model Name. 2x%02x%02x, Model:%s, Name:%s 8th %s: Managed AP Description. NWA3000-N Series User’s Guide...
Page 270 The CAPWAP Client connected to the WLAN Controller. Connect to WLAN Controller. WLAN 1st %s: WLAN Controller IP Address." Controller:%s The CAPWAP Client was disconnected from the WLAN Controller. Disconnect to WLAN Controller. WLAN 1st %s: WLAN Controller IP Address." Controller:%s NWA3000-N Series User’s Guide...
Page 271 2x:%02x:%02x, From=%s, To=%s 8th %s: Destination AP's description. STA List Full. STA List of The number of stations connecting to the specified AP has reached its Managed AP [%s] is Full upper limit. 1st %s: WTP's description. NWA3000-N Series User’s Guide...
Page 272 DCS has changed the wireless interface %s channel from %d to channel changed: %s %d channel %d. -> %d\n 1st %s: interface name 1st %d: current channel 2nd %d: new channel DCS was terminated for an unknown reason. dcs is terminated! NWA3000-N Series User’s Guide...
Page 273: Appendix B Importing Certificates
Many ZyXEL products, such as the NSA-2401, issue their own public key certificates. These can be used by web browsers on a LAN or WAN to verify that they are in fact connecting to the legitimate device and not one masquerading as it.
Page 274 If your device’s Web Configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error. Click Continue to this website (not recommended). In the Address Bar, click Certificate Error > View certificates. NWA3000-N Series User’s Guide...
Page 275 Appendix B Importing Certificates In the Certificate dialog box, click Install Certificate. In the Certificate Import Wizard, click Next. NWA3000-N Series User’s Guide...
Page 276 Next again and then go to step 9. Otherwise, select Place all certificates in the following store and then click Browse. In the Select Certificate Store dialog box, choose a location in which to save the certificate and then click OK. NWA3000-N Series User’s Guide...
Page 277 Appendix B Importing Certificates In the Completing the Certificate Import Wizard screen, click Finish. 10 If you are presented with another Security Warning, click Yes. 11 Finally, click OK when presented with the successful certificate installation message. NWA3000-N Series User’s Guide...
Page 278 Appendix B Importing Certificates 12 The next time you start Internet Explorer and go to a ZyXEL Web Configurator page, a sealed padlock icon appears in the address bar. Click it to view the page’s Website Identification information. Installing a Stand-Alone Certificate File in Internet Explorer Rather than browsing to a ZyXEL Web Configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you.
Page 279 This section shows you how to remove a public key certificate in Internet Explorer 7 on Windows XP. Open Internet Explorer and click Tools > Internet Options. In the Internet Options dialog box, click Content > Certificates. NWA3000-N Series User’s Guide...
Page 280 In the Certificates confirmation, click Yes. In the Root Certificate Store dialog box, click Yes. The next time you go to the web site that issued the public key certificate you just removed, a certification error appears. NWA3000-N Series User’s Guide...
Page 281 The certificate is stored and you can now connect securely to the Web Configurator. A sealed padlock appears in the address bar, which you can click to open the Page Info > Security window to view the web page’s security information. NWA3000-N Series User’s Guide...
Page 282 Appendix B Importing Certificates Installing a Stand-Alone Certificate File in Firefox Rather than browsing to a ZyXEL Web Configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you.
Page 283 The next time you visit the web site, click the padlock in the address bar to open the Page Info > Security window to see the web page’s security information. Removing a Certificate in Firefox This section shows you how to remove a public key certificate in Firefox 2. NWA3000-N Series User’s Guide...
Page 284 Appendix B Importing Certificates Open Firefox and click Tools > Options. In the Options dialog box, click Advanced > Encryption > View Certificates. NWA3000-N Series User’s Guide...
Page 285 Delete. In the Delete Web Site Certificates dialog box, click OK. The next time you go to the web site that issued the public key certificate you just removed, a certification error appears. NWA3000-N Series User’s Guide...
Page 286 Appendix B Importing Certificates NWA3000-N Series User’s Guide...
Page 287: Appendix C Wireless Lans
(AP). Intra-BSS traffic is traffic between wireless clients in the BSS. When Intra-BSS is enabled, wireless client A and B can access the wired network and communicate with each other. When Intra-BSS is NWA3000-N Series User’s Guide...
Page 288 APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood. NWA3000-N Series User’s Guide...
Page 289 A hidden node occurs when two stations are within range of the same access point, but are not within range of each other. The following figure illustrates a hidden node. Both stations (STA) are within range of the access point (AP) or wireless gateway, but out-of-range of each other, so they NWA3000-N Series User’s Guide...
Page 290 AP will fragment the packet into smaller data frames. A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. NWA3000-N Series User’s Guide...
Page 291 Wireless security is vital to your network to protect wireless communication between wireless clients, access points and the wired network. Wireless security methods available on the device are data encryption, wireless client authentication, restricting access by device MAC address and hiding the device identity. NWA3000-N Series User’s Guide...
Page 292 • Authentication Determines the identity of the users. • Authorization Determines the network services available to authenticated users once they are connected to the network. • Accounting Keeps track of the client’s network activity. NWA3000-N Series User’s Guide...
Page 293 For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner. NWA3000-N Series User’s Guide...
Page 294 The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed. NWA3000-N Series User’s Guide...
Page 295 Cipher block chaining Message authentication code Protocol (CCMP). TKIP uses 128-bit keys that are dynamically generated and distributed by the authentication server. AES (Advanced Encryption Standard) is a block cipher that uses a 256-bit mathematical algorithm NWA3000-N Series User’s Guide...
Page 296 Windows XP, Funk Software's Odyssey client. The Windows XP patch is a free download that adds WPA capability to Windows XP's built-in "Zero Configuration" wireless client. However, you must run Windows XP to use it. NWA3000-N Series User’s Guide...
Page 297 The AP checks each wireless client's password and allows it to join the network only if the password matches. The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over the network, but is derived from the PSK and the SSID. NWA3000-N Series User’s Guide...
Page 298: Security Parameters Summary
Enable without Dynamic WEP Key Open Enable with Dynamic WEP Key Enable without Dynamic WEP Key Disable Shared Enable with Dynamic WEP Key Enable without Dynamic WEP Key Disable TKIP/AES Enable WPA-PSK TKIP/AES Disable WPA2 TKIP/AES Enable WPA2-PSK TKIP/AES Disable NWA3000-N Series User’s Guide...
Page 299: Appendix D Open Software Announcements
Software and Documentation solely for archival, back-up or disaster recovery purposes. You shall not exceed the scope of the license granted hereunder. Any rights not expressly granted by ZyXEL to you are reserved by ZyXEL, and all implied licenses are disclaimed.
Page 300 All rights not granted to you herein are expressly reserved by ZyXEL. You may not remove any proprietary notice of ZyXEL or any of its licensors from any copy of the Software or Documentation.
Page 301 Documentation in your possession or under your control. ZyXEL may terminate this License Agreement for any reason, including, but not limited to, if ZyXEL finds that you have violated any of the terms of this License Agreement. Upon notification of termination, you agree to destroy or return to ZyXEL all copies of the Software and Documentation and to certify in writing that all known copies, including backup copies, have been destroyed.
Page 302 (3) years from the date of distribution of the applicable product or software, we will give to anyone who contacts us at the ZyXEL Technical Support (support@zyxel.com.tw), for a charge of no more than our cost of physically performing source code distribution, a complete machine-readable copy of the complete corresponding source code for the version of the Programs that we distributed to you if we are in possession of such.
Page 303 Software, and to permit persons to whom the Software is furnished to do so, subject the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. NWA3000-N Series User’s Guide...
Page 304 * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright NWA3000-N Series User’s Guide...
Page 305 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, NWA3000-N Series User’s Guide...
Page 306 * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions NWA3000-N Series User’s Guide...
Page 307 The word 'cryptographic' can be left out if the rouines from the library being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: NWA3000-N Series User’s Guide...
Page 308 This is the BSD license without the obnoxious advertising clause. It's also known as the "modified BSD license." Note that the University of California now prefers this license to the BSD license with advertising clause, and now allows BSD itself to be used under the three-clause license. ________________________________________ NWA3000-N Series User’s Guide...
Page 309 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This Product includes bind and dhcp software under the ISC License NWA3000-N Series User’s Guide...
Page 310 (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. NWA3000-N Series User’s Guide...
Page 311 (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; NWA3000-N Series User’s Guide...
Page 312 Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. NWA3000-N Series User’s Guide...
Page 313 Software Foundation. For more information on the Apache Software Foundation, please see <http:/ /www.apache.org/>. Portions of this software are based upon public domain software originally written at the National Center for Supercomputing Applications, University of Illinois, Urbana-Champaign. NWA3000-N Series User’s Guide...
Page 314 If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights. NWA3000-N Series User’s Guide...
Page 315 "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run. GNU LESSER GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION NWA3000-N Series User’s Guide...
Page 316 Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library. In addition, mere aggregation of another work not based on NWA3000-N Series User’s Guide...
Page 317 Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things: a) Accompany the work with the complete corresponding NWA3000-N Series User’s Guide...
Page 318 10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the NWA3000-N Series User’s Guide...
Page 319 WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR NWA3000-N Series User’s Guide...
Page 320 (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. NWA3000-N Series User’s Guide...
Page 321 You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. NWA3000-N Series User’s Guide...
Page 322 License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. NWA3000-N Series User’s Guide...
Page 323 Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY NWA3000-N Series User’s Guide...
Page 324 Neither the name of the University nor of the Laboratory may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED NWA3000-N Series User’s Guide...
Page 325 CMU and The Regents of the University of California not be used in advertising or publicity pertaining to distribution of the software without specific written permission. NWA3000-N Series User’s Guide...
Page 326 * Neither the name of the Networks Associates Technology, Inc nor the names of its contributors may be used to endorse or promote NWA3000-N Series User’s Guide...
Page 327 * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the NWA3000-N Series User’s Guide...
Page 328 ---- Part 4: Sun Microsystems, Inc. copyright notice (BSD) ----- Copyright © 2003 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A. All rights reserved. Use is subject to license terms below. This distribution may include materials developed by third parties. NWA3000-N Series User’s Guide...
Page 329 PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF NWA3000-N Series User’s Guide...
Page 330 PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; NWA3000-N Series User’s Guide...
Page 331 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, NWA3000-N Series User’s Guide...
Page 332 * The name of Fabasoft R&D Software GmbH & Co KG or any of its subsidiaries, brand or product names may not be used to endorse or promote products NWA3000-N Series User’s Guide...
Page 333 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. NWA3000-N Series User’s Guide...
Page 334 Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. NWA3000-N Series User’s Guide...
Page 335 The MIT License Copyright (c) <year> <copyright holders> Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, NWA3000-N Series User’s Guide...
Page 336 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S) OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT NWA3000-N Series User’s Guide...
Page 337 This code is released under the libpng license. libpng versions 1.2.6, August 15, 2004, through 1.4.1, February 25, 2010, are Copyright (c) 2004, 2006-2007 Glenn Randers-Pehrson, and are distributed according to the same disclaimer and license as libpng-1.2.5 NWA3000-N Series User’s Guide...
Page 338 0.97, January 1998, through 1.0.6, March 20, 2000, are Copyright (c) 1998, 1999 Glenn Randers-Pehrson, and are distributed according to the same disclaimer and license as libpng-0.96, with the following individuals added to the list of Contributing Authors: Tom Lane NWA3000-N Series User’s Guide...
Page 339 For the purposes of this copyright and license, "Contributing Authors" is defined as the following set of individuals: Andreas Dilger Dave Martindale Guy Eric Schalnat Paul Schmidt Tim Wegner The PNG Reference Library is supplied "AS IS". The Contributing Authors NWA3000-N Series User’s Guide...
Page 340 PNG file format in commercial products. If you use this source code in a product, acknowledgment is not required but would be appreciated. A "png_get_copyright" function is available, for convenient use in "about" boxes and the like: NWA3000-N Series User’s Guide...
Page 341 2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software. NWA3000-N Series User’s Guide...
Page 342 Appendix D Open Software Announcements 3. This notice may not be removed or altered from any source distribution. NWA3000-N Series User’s Guide...
Page 343: Appendix E Legal Information
Published by ZyXEL Communications Corporation. All rights reserved. Disclaimers ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others.
Page 344 CE Mark Warning: This is a class A product. In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures. NWA3000-N Series User’s Guide...
Page 345 Européenne. En France métropolitaine, suivant les décisions n°03-908 et 03-909 de l’ARCEP, la puissance d’émission ne devra pas dépasser 10 mW (10 dB) dans le cadre d’une installation WiFi en extérieur pour les fréquences comprises entre 2454 MHz et 2483,5 MHz. Viewing Certifications Go to http://www.zyxel.com. NWA3000-N Series User’s Guide...
Page 346 ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.
Page 347 Hereby, ZyXEL declares that this equipment is in compliance with the essential requirements and other relevant provisions of Directive 1999/5/EC. [Spanish] Por medio de la presente ZyXEL declara que el equipo cumple con los requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la Directiva 1999/5/CE.
Page 348 съществените изисквания и другите приложими разпоредбите на Директива 1999/5/ЕC. [Icelandic] Hér með lýsir, ZyXEL því yfir að þessi búnaður er í samræmi við grunnkröfur og önnur viðeigandi ákvæði tilskipunar 1999/5/EC. [Norwegian] Erklærer herved ZyXEL at dette utstyret er I samsvar med de grunnleggende kravene og andre relevante bestemmelser I direktiv 1999/5/EF.
Page 349 The requirements for any country may evolve. ZyXEL recommends that you check with the local authorities for the latest status of their national regulations for both the 2,4- and 5-GHz wireless LANs.
Page 350 2. The regulatory limits for maximum output power are specified in EIRP. The EIRP level (in dBm) of a device can be calculated by adding the gain of the antenna used(specified in dBi) to the output power available at the connector (specified in dBm). NWA3000-N Series User’s Guide...
Page 351: Index
160, 169 thumbprint algorithms Basic Service Set thumbprints see BSS used for authentication Basic Service Set, See BSS verifying fingerprints boot module where used bridge certification requests 163, 164 Bridge/Repeater certifications NWA3000-N Series User’s Guide...
Page 352 DTLS See CAPWAP dynamic WEP key exchange cookies copyright CPU usage 71, 73 CTS (Clear to Send) current date/time 71, 176 EAP Authentication daylight savings setting manually e-mail time server daily statistics report encryption 20, 295 NWA3000-N Series User’s Guide...
Page 353 JavaScripts hidden node HTTP over SSL, see HTTPS redirect to HTTPS vs HTTPS key pairs HTTPS and certificates authenticating clients avoiding warning messages example vs HTTP lastgood.conf 221, 224 with Internet Explorer LEDs humidity log messages NWA3000-N Series User’s Guide...
Page 354 MBSSID 20, 21 power on memory usage 71, 74 power specifications message bar preamble mode Message Integrity Check (MIC) product registration messages warning Public-Key Infrastructure (PKI) mobile access public-private key pairs mode model name NWA3000-N Series User’s Guide...
Page 355 SCEP (Simple Certificate Enrollment Protocol) missing at restart screen resolution present at restart screws startup-config-bad.conf Secure Socket Layer, see SSL statistics serial number daily e-mail report service control NWA3000-N Series User’s Guide...
Page 356 Trusted Certificates, see also certificates VRPT (Vantage Report) 209, 214 upgrading warm start firmware warning message popup uploading warranty configuration files note firmware shell scripts Web Configurator 23, 27 usage access 71, 73 requirements flash supported browsers NWA3000-N Series User’s Guide...
Page 357 RADIUS application example WPA2 136, 295 user authentication vs WPA2-PSK wireless client supplicant with RADIUS application example WPA2-Pre-Shared Key WPA2-PSK 295, 296 application example WPA-PSK 295, 296 application example and certificates see also HTTP, HTTPS NWA3000-N Series User’s Guide...
Page 358 Index NWA3000-N Series User’s Guide...

This manual is also suitable for:

Nwa3560-n Nwa3160-n Nwa3550-n

ZyXEL Communications NWA3000-N User Manual

About this User's Guide

Document Conventions

Safety Warnings

Contents Overview

Table of Contents

User's Guide

PART I User's Guide

Chapter 1 Introduction

Chapter 2 The Web Configurator

Chapter 3

Configuration Basics

Chapter 4 Tutorials

Technical Reference

Part II: Technical Reference

Chapter 5 Dashboard

Chapter 6 Monitor

Chapter 7 Management Mode

Chapter 8 LAN Setting

Chapter 9 Wireless

Chapter 10 Device HA

Chapter 11 User

Chapter 12 AP Profile

Chapter 13 MON Profile

Chapter 14 Certificates

Chapter 15 System

Chapter 16 Log and Report

Chapter 17 File Manager

Chapter 18 Diagnostics

Chapter 19 Reboot

Chapter 20 Shutdown

Chapter 21 Troubleshooting

Chapter 22 Product Specifications

Appendix A Log Descriptions

Appendix B Importing Certificates

Appendix C Wireless Lans

Appendix D Open Software Announcements

Appendix E Legal Information

Index

Quick Links

Troubleshooting

Need help?

Questions and answers

Related Manuals for ZyXEL Communications NWA3000-N

Summary of Contents for ZyXEL Communications NWA3000-N