Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others.
Certifications Go to www.zyxel.com 1 Select your product from the drop-down list box on the ZyXEL home page to go to that product's page. 2 Select the certification you wish to view from this page Federal Communications Commission (FCC) Interference Statement...
Any replacement will consist of a new or re-manufactured functionally equivalent product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.
ZyAIR G-5100 User’s Guide Customer Support Please have the following information ready when you contact customer support. • Product model and serial number. • Warranty Information. • Date that you received your device. • Brief description of the problem and the steps you took to solve it.
ZyAIR G-5100 User’s Guide Table of Contents Copyright ........................2 Federal Communications Commission (FCC) Interference Statement ....3 ZyXEL Limited Warranty..................4 Customer Support....................5 Preface ........................22 Chapter 1 Getting to Know Your ZyAIR ................. 26 1.1 Introducing the ZyAIR ..................26 1.2 ZyAIR Features ....................26...
Page 7
ZyAIR G-5100 User’s Guide Chapter 4 System Screens ..................... 48 4.1 System Overview ....................48 4.2 Configuring General Setup .................48 4.3 Configuring Password ..................49 4.4 Configuring Time Setting ...................50 Chapter 5 Wireless Configuration and Roaming ..............54 5.1 Wireless LAN Overview ..................54 5.1.1 IBSS ......................54...
Page 8
ZyAIR G-5100 User’s Guide 6.10.1 User Authentication ................81 6.10.2 Encryption ....................81 6.11 WPA-PSK Application Example ................81 6.12 WPA with RADIUS Application Example ............82 6.13 Security Parameters Summary ................83 6.14 Wireless Client WPA Supplicants ..............84 6.15 Configuring 802.1x and WPA ................84 6.16 Authentication Required: 802.1x ..............85...
Page 9
ZyAIR G-5100 User’s Guide Chapter 10 Log Screens......................120 10.1 Configuring View Log ..................120 10.2 Configuring Log Settings ................122 Chapter 11 Maintenance ......................126 11.1 Maintenance Overview ...................126 11.2 System Status Screen ..................126 11.2.1 System Statistics ...................127 11.3 Association List ....................128 11.4 Channel Usage ....................129...
Page 10
ZyAIR G-5100 User’s Guide 14.3.3 Configuring Bridge Link ................154 Chapter 15 Dial-in User Setup ....................158 15.1 Dial-in User Setup ..................158 Chapter 16 SNMP Configuration .................... 160 16.1 About SNMP ....................160 16.2 Supported MIBs ....................161 16.3 SNMP Configuration ..................161 16.4 SNMP Traps ....................162 Chapter 17 System Security ....................
Page 11
ZyAIR G-5100 User’s Guide 19.4.2 Configuration File Upload ..............183 19.4.3 Using the FTP command from the DOS Prompt Example ....183 19.4.4 TFTP File Upload ..................184 19.4.5 Example: TFTP Command ..............185 19.4.6 Uploading Via Console Port ..............185 19.4.7 Uploading Firmware File Via Console Port ...........185 19.4.8 Example Xmodem Firmware Upload Using HyperTerminal ....186...
Page 12
ZyAIR G-5100 User’s Guide Appendix H Types of EAP Authentication ................232 Appendix I Outdoor Site Planning ..................234 Appendix J Outdoor Installation Recommendations ............240 Appendix K Command Interpreter................... 244 Appendix L Brute-Force Password Guessing Protection............. 246 Appendix M Log Descriptions....................
Page 13
ZyAIR G-5100 User’s Guide Table of Contents...
Page 14
ZyAIR G-5100 User’s Guide List of Figures Figure 1 PoE Installation Example ..................27 Figure 2 WDS Functionality Example ................. 27 Figure 3 Access Point Application ..................31 Figure 4 AP+Bridge Application ..................32 Figure 5 Bridge Application ....................33 Figure 6 Repeater Application .....................
Page 16
ZyAIR G-5100 User’s Guide Figure 80 Menu 3.5 Wireless LAN Setup ................153 Figure 81 Menu 3.5.2 - Roaming Configuration ..............154 Figure 82 Menu 3.5 Wireless LAN Setup ................155 Figure 83 Menu 3.5.4 - Bridge Link Configuration .............. 156 Figure 84 Menu 14- Dial-in User Setup ................
Page 17
ZyAIR G-5100 User’s Guide Figure 123 Windows XP: Start Menu .................. 210 Figure 124 Windows XP: Control Panel ................210 Figure 125 Windows XP: Control Panel: Network Connections: Properties ....... 211 Figure 126 Windows XP: Local Area Connection Properties ..........211 Figure 127 Windows XP: Internet Protocol (TCP/IP) Properties .........
Page 18
ZyAIR G-5100 User’s Guide List of Tables Table 1 IEEE 802.11g ......................28 Table 2 IEEE 802.11b ......................28 Table 3 Screens Summary ....................37 Table 4 Wizard 1: General Setup ..................41 Table 5 Wizard 2: Wireless LAN Setup ................42 Table 6 Private IP Address Ranges ...................
Page 19
ZyAIR G-5100 User’s Guide Table 37 System Status ...................... 126 Table 38 System Status: Show Statistics ................127 Table 39 Association List ....................129 Table 40 Channel Usage ....................130 Table 41 Firmware Upload ....................131 Table 42 Restore Configuration ..................134 Table 43 Main Menu Commands ..................
Page 20
ZyAIR G-5100 User’s Guide Table 80 Power over Ethernet Injector Specifications ............204 Table 81 Power over Ethernet Injector RJ-45 Port Pin Assignments ......... 204 Table 82 Classes of IP Addresses ..................218 Table 83 Allowed IP Address Range By Class ..............219 Table 84 “Natural”...
Page 21
ZyAIR G-5100 User’s Guide List of Tables...
ZyAIR G-5100 User’s Guide Preface Congratulations on your purchase of the ZyAIR G-5100 Outdoor 802.11g Business Access Point/Bridge/Repeater. The ZyAIR is an AP through which wireless stations can communicate and/or access a wired network. The ZyAIR can also function as a wireless network bridge/repeater and establish up to six wireless links with other APs.
• For brevity’s sake, we will use “e.g.,” as a shorthand for “for instance”, and “i.e.,” for “that is” or “in other words” throughout this manual. • The ZyAIR G-5100 may be referred to simply as the ZyAIR in the user’s guide. Preface...
Power over Ethernet (PoE) is the ability to provide power to your ZyAIR via an 8-pin CAT 5 Ethernet cable, eliminating the need for a nearby power source. The ZyAIR G-5100 includes a special high current power injector that allows the ZyAIR to be located farther away. This feature allows increased flexibility in the locating of your ZyAIR.
ZyAIR G-5100 User’s Guide Figure 1 PoE Installation Example Wi-Fi Protected Access Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft. Key differences between WPA and WEP are user authentication and improved data encryption. WDS Functionality A Distribution System (DS) is a wired connection between two or more APs, while a Wireless Distribution System (WDS) is a wireless connection.
ZyAIR G-5100 User’s Guide IEEE 802.11g Wireless LAN Standard The ZyAIR complies with the IEEE 802.11g wireless standard. IEEE 802.11g has several intermediate rate steps between the maximum and minimum data rates. The IEEE 802.11g data rate and modulation are as follows. The modulation technique defines how bits are encoded onto radio waves.
ZyAIR G-5100 User’s Guide SSL Passthrough SSL (Secure Sockets Layer) uses a public key to encrypt data that's transmitted over an SSL connection. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with “https”...
ZyAIR G-5100 User’s Guide SNMP SNMP (Simple Network Management Protocol) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your ZyAIR supports SNMP agent functionality, which allows a manger station to manage and monitor the ZyAIR through the network.
ZyAIR G-5100 User’s Guide 3 Bridge/Repeater Applications for each operating mode are shown below. 1.3.1 Access Point The ZyAIR is an ideal access solution for wireless Internet connection. A typical Internet access application for your ZyAIR is shown as follows. Stations A, B and C can access the wired network through the ZyAIRs.
ZyAIR G-5100 User’s Guide Figure 4 AP+Bridge Application 1.3.3 Bridge / Repeater The ZyAIR can act as a wireless network bridge and establish wireless links with other APs. In bridge mode, the ZyAIRs (see A and B in Figure 5 on page 33) are connected to independent wired networks and have a bridge (A can communicate with B) connection at the same time.
ZyAIR G-5100 User’s Guide H A P T E R Introducing the Web Configurator This chapter describes how to access the ZyAIR web configurator and provides an overview of its screens. The default IP address of the ZyAIR is 192.168.1.2.
ZyAIR G-5100 User’s Guide Figure 8 Replace Certificate Screen. 8 You should now see the MAIN MENU screen (see Figure 10 on page 37). Note: The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes).
ZyAIR G-5100 User’s Guide Figure 9 Example Xmodem Upload Type the configuration file’s location, or click Browse to search for it. Choose the Xmodem protocol. Then click Send. 4 After a successful configuration file upload, type “atgo” to restart the ZyAIR.
ZyAIR G-5100 User’s Guide Figure 10 The MAIN MENU Screen of the Web Configurator Use submenus to configure ZyAIR features. Click LOGOUT at any time to exit the web configurator. The following table describes the sub-menus. Table 3 Screens Summary...
Page 38
ZyAIR G-5100 User’s Guide Table 3 Screens Summary (continued) LINK FUNCTION AUTH. SERVER Setting Configure this screen to use the internal server to authenticate wireless users. Trusted AP Configure this screen to allow specified AP’s to communicate with the ZyAIR.
Page 39
ZyAIR G-5100 User’s Guide Chapter 2 Introducing the Web Configurator...
ZyAIR G-5100 User’s Guide H A P T E R Wizard Setup This chapter provides information on the Wizard Setup screens in the web configurator. 3.1 Wizard Setup Overview The web configurator’s setup wizard helps you configure your ZyAIR for wireless stations to access your wired LAN.
ZyAIR G-5100 User’s Guide 3.2 Wizard Setup: General Setup General Setup contains administrative and system-related information. The Domain Name entry is what is propagated to the DHCP clients on the LAN. If you leave this blank, the domain name obtained by DHCP from the ISP is used. While you must enter the host name (System Name) on each individual computer, the domain name can be assigned from the ZyAIR via DHCP.
ZyAIR G-5100 User’s Guide 3.3 Wizard Setup: Wireless LAN Use the second wizard screen to set up the wireless LAN. Figure 12 Wizard 2: Wireless LAN Setup The following table describes the labels in this screen. Table 5 Wizard 2: Wireless LAN Setup...
ZyAIR G-5100 User’s Guide Table 5 Wizard 2: Wireless LAN Setup (continued) LABEL DESCRIPTION Key 1 to Key 4 The WEP keys are used to encrypt data. Both the ZyAIR and the wireless stations must use the same WEP key for data transmission.
ZyAIR G-5100 User’s Guide 3.4.2 IP Address and Subnet Mask Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number. Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
ZyAIR G-5100 User’s Guide Figure 13 Wizard 3: IP Address Assignment The following table describes the labels in this screen. Table 7 Wizard 3: IP Address Assignment LABEL DESCRIPTION IP Address Assignment Get automatically from Select this option if your ZyAIR is using a dynamically assigned IP address DHCP from a DHCP server each time.
ZyAIR G-5100 User’s Guide 3.5 Basic Setup Complete When you click Finish in the Wizard 3 IP Address Assignment screen, a warning window display as shown. Click OK to close the window and log in to the web configurator again using the new IP address if you changed from the default IP address (192.168.1.2).
ZyAIR G-5100 User’s Guide H A P T E R System Screens 4.1 System Overview This section provides information on general system setup. 4.2 Configuring General Setup Click the SYSTEM link under ADVANCED to open the General screen. Figure 15 System General The following table describes the labels in this screen.
ZyAIR G-5100 User’s Guide Table 8 System General Setup (continued) LABEL DESCRIPTION Domain Name This is not a required field. Leave this field blank or enter the domain name here if you know it. Administrator Type how many minutes a management session (either via the web Inactivity Timer configurator or SMT) can be left idle before the session times out.
ZyAIR G-5100 User’s Guide Figure 16 Password. The following table describes the labels in this screen. Table 9 Password LABEL DESCRIPTIONS Old Password Type in your existing system password (1234 is the default password). New Password Type your new system password (up to 31 characters). Note that as you type a password, the screen displays an asterisk (*) for each character you type.
ZyAIR G-5100 User’s Guide Figure 17 Time Setting The following table describes the labels in this screen. Table 10 Time Setting LABEL DESCRIPTION Time Protocol Select the time service protocol that your time server sends when you turn on the ZyAIR. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.
Page 52
ZyAIR G-5100 User’s Guide Table 10 Time Setting (continued) LABEL DESCRIPTION New Time (hh:mm:ss) This field displays the last updated time from the time server. When you select None in the Time Protocol field, enter the new time in this field and then click Apply.
Page 53
ZyAIR G-5100 User’s Guide Chapter 4 System Screens...
ZyAIR G-5100 User’s Guide H A P T E R Wireless Configuration and Roaming This chapter discusses how to configure the Wireless and Roaming screens. 5.1 Wireless LAN Overview This section introduces the wireless LAN (WLAN) and some basic scenarios.
ZyAIR G-5100 User’s Guide Intra-BSS traffic is traffic between wireless stations in the BSS. When Intra-BSS is enabled, wireless station A and B can access the wired network and communicate with each other. When Intra-BSS is disabled, wireless station A and B can still access the wired network but cannot communicate with each other.
ZyAIR G-5100 User’s Guide Figure 20 Extended Service Set 5.2 Wireless LAN Basics Refer also to Chapter 3 on page 40 for more background information on Wireless LAN features, such as channels. 5.2.1 RTS/CTS A hidden node occurs when two stations are within range of the same access point, but are not within range of each other.
ZyAIR G-5100 User’s Guide Figure 21 RTS/CTS When station A sends data to the ZyAIR, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
ZyAIR G-5100 User’s Guide A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.
ZyAIR G-5100 User’s Guide For each LAN segment, a designated bridge is selected. This bridge has the lowest cost to the root among the bridges connected to the LAN. 5.3.3 How STP Works After a bridge determines the lowest cost-spanning tree with STP, it enables the root port and the ports that are the designated ports for connected LANs, and disables all other ports that participate in STP.
ZyAIR G-5100 User’s Guide 5.4.1 Access Point Mode Select Access Point in the Operating Mode drop-down list box to display the screen as shown next. Figure 22 Wireless: Access Point The following table describes the general wireless LAN labels in this screen.
ZyAIR G-5100 User’s Guide Table 13 Wireless: Access Point LABEL DESCRIPTION Operating Mode Select the operating mode from the drop-down list. The options are Access Point, Bridge/Repeater and AP+Bridge. Name (SSID) (Service Set IDentity) The SSID identifies the Service Set with which a wireless station is associated.
ZyAIR G-5100 User’s Guide Table 13 Wireless: Access Point (continued) LABEL DESCRIPTION Enable Intra- Select this check box to allow wireless stations connected to the ZyAIR to BSS Traffic communicate with each other. Disable Intra-BSS traffic to only allow wireless stations to communicate with the wired network, not with each other.
ZyAIR G-5100 User’s Guide In the example below, when both ZyAIRs are in Bridge/Repeater mode, they form a WDS (Wireless Distribution System) allowing the computers in LAN 1 to connect to the computers in LAN 2. Figure 23 Bridging Example Be careful to avoid bridge loops when you enable bridging in the ZyAIR.
ZyAIR G-5100 User’s Guide Figure 25 Bridge Loop: Bridge Connected to Wired LAN To prevent bridge loops, ensure that you enable STP in the Wireless screen or your ZyAIR is not set to bridge mode while connected to both wired and wireless segments of the same LAN.
ZyAIR G-5100 User’s Guide Figure 26 Wireless: Bridge/Repeater The following table describes the labels in this screen that are specific to bridge/repeater mode. Table 14 Wireless: Bridge/Repeater LABEL DESCRIPTIONS Operating Mode Select Bridge/Repeater in this field to display the screen shown above.
ZyAIR G-5100 User’s Guide Table 14 Wireless: Bridge/Repeater (continued) LABEL DESCRIPTIONS Type a pre-shared key from 8 to 63 case-sensitive ASCII characters (including spaces and symbols). When the ZyAIR is in Bridge/Repeater mode, you don’t have to enter a pre- shared key, but the traffic between devices won’t be encrypted if you don’t.
ZyAIR G-5100 User’s Guide Figure 27 Wireless: AP+Bridge Table 13 on page 61 Table 14 on page 65 descriptions of the fields in the Access Point and Bridge/Repeater operating modes for descriptions of the fields in this screen. Chapter 5 Wireless Configuration and Roaming...
(bridge tables are updated) and maximum AP efficiency. The AP deletes records of wireless stations that associate with other APs (Non-ZyXEL APs may not be able to perform this). IEEE 802.1x authentication information is not exchanged (at the time of writing).
ZyAIR G-5100 User’s Guide Figure 28 Roaming Example The steps below describe the roaming process. 1 As wireless station Y moves from the coverage area of access point AP 1 to that of access point 2 AP 2, it scans and uses the signal of access point AP 2.
ZyAIR G-5100 User’s Guide To enable roaming on your ZyAIR, click the WIRELESS link under ADVANCED and then the Roaming tab. The screen appears as shown. Figure 29 Roaming The following table describes the labels in this screen. Table 15 Roaming...
ZyAIR G-5100 User’s Guide H A P T E R Wireless Security This chapter describes how to configure security for your ZyAIR’s wireless connections. 6.1 Wireless Security Overview Wireless security is vital to your network to protect wireless communication between wireless stations, access points and the wired network.
ZyAIR G-5100 User’s Guide 6.2.1 Data Encryption WEP provides a mechanism for encrypting data using encryption keys. Both the AP and the wireless stations must use the same WEP key to encrypt and decrypt data. Your ZyAIR allows you to configure up to four 64-bit or 128-bit WEP keys, but only one key can be enabled at any one time.
ZyAIR G-5100 User’s Guide When your ZyAIR's authentication method is set to open system, it will only accept open system authentication requests. The same is true for shared key authentication. However, when it is set to auto authentication, the ZyAIR will accept either type of authentication request and the ZyAIR will fall back to use open authentication if the shared key does not match.
ZyAIR G-5100 User’s Guide Figure 32 Wireless: WEP The following table describes the wireless LAN security labels in this screen. Table 16 Wireless: WEP LABEL DESCRIPTION WEP Encryption Select Disable to allow wireless stations to communicate with the access points without any data encryption.
ZyAIR G-5100 User’s Guide Table 16 Wireless: WEP (continued) LABEL DESCRIPTION Key 1 to The WEP keys are used to encrypt data. Both the ZyAIR and the wireless stations must use the same WEP key for data transmission. Key 4 If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F").
ZyAIR G-5100 User’s Guide Figure 33 MAC Address Filter The following table describes the labels in this screen. Table 17 MAC Address Filter LABEL DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering. Filter Action Define the filter action for the list of MAC addresses in the MAC address filter table.
ZyAIR G-5100 User’s Guide Table 17 MAC Address Filter (continued) LABEL DESCRIPTION MAC Address Enter the MAC addresses (in XX:XX:XX:XX:XX:XX format) of the wireless station that are allowed or denied access to the ZyAIR in these address fields. Apply Click Apply to save your changes back to the ZyAIR.
ZyAIR G-5100 User’s Guide • Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access. • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access- Request message.
ZyAIR G-5100 User’s Guide Figure 34 EAP Authentication The details below provide a general description of how IEEE 802.1x EAP authentication works. For an example list of EAP-MD5 authentication steps, see the IEEE 802.1x appendix. 1 The wireless station sends a “start” message to the ZyAIR.
ZyAIR G-5100 User’s Guide 6.10 Introduction to WPA Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft. Key differences between WPA and WEP are user authentication and improved data encryption. 6.10.1 User Authentication WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients using a RADIUS database.
ZyAIR G-5100 User’s Guide 1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters (including spaces and symbols). 2 The AP checks each client’s password and (only) allows it to join the network if it matches its password.
ZyAIR G-5100 User’s Guide Figure 36 WPA with RADIUS Application Example 6.13 Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. You enter manual keys by first selecting 64-bit WEP or 128-bit WEP from the WEP Encryption field and then typing the keys (in ASCII or hexadecimal format) in the key text boxes.
ZyAIR G-5100 User’s Guide Table 18 Wireless Security Relational Matrix AUTHENTICATION METHOD/ KEY ENCRYPTION ENTER MANUAL IEEE 802.1X MANAGEMENT METHOD PROTOCOL TKIP Enable WPA-PSK Enable WPA-PSK TKIP Enable 6.14 Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA.
ZyAIR G-5100 User’s Guide Figure 37 Wireless LAN: 802.1x/WPA The following table describes the labels in this screen. Table 19 Wireless LAN: 802.1x/WPA LABEL DESCRIPTION Wireless Port To control wireless stations access to the wired network, select a control method Control from the drop-down list box.
ZyAIR G-5100 User’s Guide The following table describes the labels in this screen. Table 20 Wireless LAN: 802.1x/WPA for 802.1x Protocol LABEL DESCRIPTION Wireless Port To control wireless stations access to the wired network, select a control method Control from the drop-down list box. Choose from No Authentication Required, Authentication Required and No Access Allowed.
Page 88
ZyAIR G-5100 User’s Guide Table 20 Wireless LAN: 802.1x/WPA for 802.1x Protocol (continued) LABEL DESCRIPTION Authentication The authentication database contains wireless station login information. The local Databases user database is the built-in database on the ZyAIR. The RADIUS is an external server.
ZyAIR G-5100 User’s Guide Table 20 Wireless LAN: 802.1x/WPA for 802.1x Protocol (continued) LABEL DESCRIPTION Port Number Enter the port number of the external accounting server. The default port number is 1813. You need not change this value unless your network administrator instructs you to do so with additional information.
ZyAIR G-5100 User’s Guide Figure 39 Wireless LAN: 802.1x/WPA for WPA Protocol The following table describes the labels not previously discussed. Chapter 6 Wireless Security...
ZyAIR G-5100 User’s Guide Table 21 Wireless LAN: 802.1x/WPA for WPA Protocol LABEL DESCRIPTIONS Key Management Choose WPA in this field. Protocol WPA Mixed Mode The ZyAIR can operate in WPA Mixed Mode, which supports both clients running WPA and clients running dynamic WEP key exchange with 802.1x in the same Wi- Fi network.
ZyAIR G-5100 User’s Guide Figure 40 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol The following table describes the labels not previously discussed Table 22 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol LABEL DESCRIPTION Key Management Choose WPA-PSK in this field. Protocol Pre-Shared Key The encryption mechanisms used for WPA and WPA-PSK are the same.
ZyAIR G-5100 User’s Guide H A P T E R IP Screen This chapter discusses how to configure IP on the ZyAIR 7.1 Factory Ethernet Defaults The Ethernet parameters of the ZyAIR are preset in the factory with the following values: 1 IP address of 192.168.1.2...
ZyAIR G-5100 User’s Guide You can obtain your IP address from the IANA, from an ISP or have it assigned by a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks.
Page 96
ZyAIR G-5100 User’s Guide Table 24 IP Setup (continued) LABEL DESCRIPTION IP Address Enter the IP address of your ZyAIR in dotted decimal notation. Note: If you change the ZyAIR's IP address, you must use the new IP address if you want to access the web configurator again.
Page 97
ZyAIR G-5100 User’s Guide Chapter 7 IP Screen...
ZyAIR G-5100 User’s Guide H A P T E R Authentication Server 8.1 Authentication Server Overview The ZyAIR can use its internal RADIUS server to authenticate users or APs. See Chapter 6 on page 72 for background information on RADIUS and EAP.
ZyAIR G-5100 User’s Guide Table 25 AUTH. SERVER: Setting LABEL DESCRIPTION Active Enable the authentication server to perform user authentication through an external authentication server. Disable the authentication server to enable user authentication using the local user profile on the ZyAIR.
ZyAIR G-5100 User’s Guide Figure 43 AUTH. SERVER: Trusted AP The following table describes the labels in this screen. Table 26 AUTH. SERVER: Trusted AP LABEL DESCRIPTION Active Activate an entry to allow that AP to communicate with the ZyAIR.
ZyAIR G-5100 User’s Guide Figure 44 AUTH. SERVER: Trusted Users The following table describes the labels in this screen. Table 27 AUTH. SERVER: Trusted Users LABEL DESCRIPTION Active Select this check box to activate the user profile. User Name Enter the username (up to 31 characters) for this user profile.
ZyAIR G-5100 User’s Guide H A P T E R Certificates This chapter gives background information about public-key certificates and explains how to use them. 9.1 Certificates Overview The ZyAIR can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs.
ZyAIR G-5100 User’s Guide 9.1.1 Advantages of Certificates Certificates offer the following benefits. • The ZyAIR only has to store the certificates of the certification authorities that you decide to trust, no matter how many devices you need to authenticate.
Replace This button displays when the ZyAIR has the factory default certificate. The factory default certificate is common to all ZyAIRs that use certificates. ZyXEL recommends that you use this button to replace the factory default certificate with one that uses your ZyAIR's MAC address.
ZyAIR G-5100 User’s Guide Table 28 My Certificates (continued) LABEL DESCRIPTION Type This field displays what kind of certificate this is. REQ represents a certification request and is not yet a valid certificate. Send a certification request to a certification authority, which then issues a certificate. Use the My Certificate Import screen to import the certificate and replace the request.
ZyAIR G-5100 User’s Guide • Binary X.509: This is an ITU-T recommendation that defines the formats for X.509 certificates. • PEM (Base-64) encoded X.509: This Privacy Enhanced Mail format uses 64 ASCII characters to convert a binary X.509 certificate into a printable form.
ZyAIR G-5100 User’s Guide Figure 47 My Certificate Import The following table describes the labels in this screen. Table 29 My Certificate Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it.
ZyAIR G-5100 User’s Guide Figure 48 My Certificate Create The following table describes the labels in this screen. Table 30 My Certificate Create LABEL DESCRIPTION Certificate Name Type up to 31 ASCII characters (not including spaces) to identify this certificate.
Page 109
ZyAIR G-5100 User’s Guide Table 30 My Certificate Create (continued) LABEL DESCRIPTION Organizational Unit Type up to 127 characters to identify the organizational unit or department to which the certificate owner belongs. You may use any character, including spaces, but the ZyAIR drops trailing spaces.
ZyAIR G-5100 User’s Guide Table 30 My Certificate Create (continued) LABEL DESCRIPTION Type the key that the certification authority gave you. Apply Click Apply to begin certificate or certification request generation. Cancel Click Cancel to quit and return to the My Certificates screen.
ZyAIR G-5100 User’s Guide The following table describes the labels in this screen. Table 31 My Certificate Details LABEL DESCRIPTION Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this certificate. You may use any character (not including spaces).
ZyAIR G-5100 User’s Guide Table 31 My Certificate Details (continued) LABEL DESCRIPTION Subject Alternative This field displays the certificate owner‘s IP address (IP), domain name (DNS) or Name e-mail address (EMAIL). Key Usage This field displays for what functions the certificate’s key can be used. For example, “DigitalSignature”...
ZyAIR G-5100 User’s Guide Figure 50 Trusted CAs The following table describes the labels in this screen. Table 32 Trusted CAs LABEL DESCRIPTION PKI Storage This bar displays the percentage of the ZyAIR’s PKI storage space that is currently Space in Use in use.
ZyAIR G-5100 User’s Guide Table 32 Trusted CAs (continued) LABEL DESCRIPTION CRL Issuer This field displays Yes if the certification authority issues Certificate Revocation Lists for the certificates that it has issued and you have selected the Issues certificate revocation lists (CRL) check box in the certificate’s details screen to have the ZyAIR check the CRL before trusting any certificates issued by the certification authority.
ZyAIR G-5100 User’s Guide The following table describes the labels in this screen. Table 33 Trusted CA Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it.
ZyAIR G-5100 User’s Guide The following table describes the labels in this screen. Table 34 Trusted CA Details LABEL DESCRIPTION Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this key certificate. You may use any character (not including spaces).
Page 119
ZyAIR G-5100 User’s Guide Table 34 Trusted CA Details (continued) LABEL DESCRIPTION Subject Alternative This field displays the certificate’s owner‘s IP address (IP), domain name (DNS) Name or e-mail address (EMAIL). Key Usage This field displays for what functions the certificate’s key can be used. For example, “DigitalSignature”...
ZyAIR G-5100 User’s Guide H A P T E R Log Screens This chapter contains information about configuring general log settings and viewing the ZyAIR’s logs. Refer to Appendix M on page 248 for example log message explanations. 10.1 Configuring View Log The web configurator allows you to look at all of the ZyAIR’s logs in one location.
ZyAIR G-5100 User’s Guide Figure 53 View Log The following table describes the labels in this screen. Table 35 View Log LABEL DESCRIPTION Display Select a log category from the drop down list box to display logs within the selected category. To view all logs, select All Logs.
ZyAIR G-5100 User’s Guide Table 35 View Log (continued) LABEL DESCRIPTION Destination This field lists the destination IP address and the port number of the incoming packet. Notes This field displays additional information about the log entry. 10.2 Configuring Log Settings To change your ZyAIR’s log settings, click LOGS and then Log Settings.
ZyAIR G-5100 User’s Guide Figure 54 Log Settings The following table describes the labels in this screen. Table 36 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
Page 124
ZyAIR G-5100 User’s Guide Table 36 Log Settings (continued) LABEL DESCRIPTION Send Log to Logs are sent to the e-mail address specified in this field. If this field is left blank, logs will not be sent via e-mail. Send Alerts to Enter the e-mail address where the alert messages will be sent.
This is the System Name you enter in the first Internet Access Wizard screen. It is for identification purposes ZyNOS Firmware This is the ZyNOS Firmware version and the date created. ZyNOS is ZyXEL's Version proprietary Network Operating System design.
ZyAIR G-5100 User’s Guide Table 37 System Status (continued) LABEL DESCRIPTION IP Address This is the Ethernet port IP address. IP Subnet Mask This is the Ethernet port subnet mask. DHCP This is the Ethernet port DHCP role - Client or None.
ZyAIR G-5100 User’s Guide Table 38 System Status: Show Statistics (continued) LABEL DESCRIPTION Collisions This is the number of collisions on this port. Tx B/s This shows the transmission speed in bytes per second on this port. Rx B/s This shows the reception speed in bytes per second on this port.
ZyAIR G-5100 User’s Guide Figure 57 Association List The following table describes the labels in this screen. Table 39 Association List LABEL DESCRIPTION This is the index number of an associated wireless station. MAC Address This field displays the MAC address of an associated wireless station.
Click Refresh to reload the screen. 11.5 F/W Upload Screen Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a "*.bin" extension, e.g., "zyair.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot.
ZyAIR G-5100 User’s Guide Click MAINTENANCE and then F/W Upload. Follow the instructions in this screen to upload firmware to your ZyAIR. Figure 59 Firmware Upload The following table describes the labels in this screen. Table 41 Firmware Upload LABEL...
ZyAIR G-5100 User’s Guide Figure 60 Firmware Upload In Process The ZyAIR automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 61 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the System Status screen.
ZyAIR G-5100 User’s Guide Click MAINTENANCE, and then the Configuration tab. Information related to backing up configuration, restoring configuration and restoring factory defaults appears as shown next. Figure 63 Configuration 11.6.1 Backup Configuration Backup configuration allows you to back up (save) the ZyAIR’s current configuration to a file on your computer.
ZyAIR G-5100 User’s Guide 11.6.2 Restore Configuration Restore configuration allows you to upload a new or previously saved configuration file from your computer to your ZyAIR. Table 42 Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ...
ZyAIR G-5100 User’s Guide Figure 66 Configuration Upload Error 11.6.3 Back to Factory Defaults Click the Reset button in this section to clear all user-entered configuration information and returns the ZyAIR to its factory defaults as shown on the screen. The following warning screen will appear.
ZyAIR G-5100 User’s Guide H A P T E R Introducing the SMT This chapter describes how to access the SMT and provides an overview of its menus 12.1 Introduction to the SMT The ZyAIR’s SMT (System Management Terminal) is a menu-driven interface that you can access from a terminal emulator through the console port or over a telnet connection.
ZyAIR G-5100 User’s Guide Figure 70 Login Screen Password : xxxx 3 After entering the password you will see the main menu. Please note that if there is no activity for longer than five minutes (default timeout period) after you log in, your ZyAIR will automatically log you out. You will then have to telnet into the ZyAIR again.
SMT interface. After you enter the password, the SMT displays the main menu, as shown next. Figure 71 SMT Main Menu Copyright (c) 1994 - 2004 ZyXEL Communications Corp. ZyAIR G-5100 Main Menu Getting Started Advanced Management 1. General Setup 22.
ZyAIR G-5100 User’s Guide Figure 72 SMT Menu Overview Example 12.5 Changing the System Password Change the ZyAIR default password by following the steps shown next. 1 From the main menu, enter 23 to display Menu 23 – System Security.
ZyAIR G-5100 User’s Guide Figure 73 Menu 23.1 System Security: Change Password Menu 23.1 – System Security – Change Password Old Password= **** New Password= ? Retype to confirm= ? Enter here to CONFIRM or ESC to CANCEL: 4 Type your new system password in the New Password field (up to 30 characters), and press [ENTER].
ZyAIR G-5100 User’s Guide H A P T E R General Setup The chapter shows you the information on general setup. 13.1 General Setup Menu 1 – General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. It is recommended you type your computer's "Computer name".
ZyAIR G-5100 User’s Guide Figure 74 Menu 1 General Setup Menu 1 - General Setup System Name= G-5100 Domain Name= First System DNS Server= From DHCP IP Address= N/A Second System DNS Server= None IP Address= N/A Third System DNS Server= None IP Address= N/A Fill in the required fields.
ZyAIR G-5100 User’s Guide H A P T E R LAN Setup This chapter shows you how to configure the LAN on your ZyAIR. 14.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 – LAN Setup. From the main menu, enter 3 to display menu 3.
ZyAIR G-5100 User’s Guide Figure 76 Menu 3.2 TCP/IP Setup Menu 3.2 - TCP/IP Setup IP Address Assignment= Static IP Address= 192.168.1.2 IP Subnet Mask= 255.255.255.0 Gateway IP Address= 0.0.0.0 Follow the instructions in the following table on how to configure the fields in this menu.
ZyAIR G-5100 User’s Guide Figure 77 Menu 3.5 Wireless LAN Setup Menu 3.5 - Wireless LAN Setup Operating Mode= Access Point Name (SSID)= ZyXEL Hide Name (SSID)= No Edit MAC Address Filter= No Channel ID= CH06 2437MHz Edit Roaming Configuration= No...
Page 149
ZyAIR G-5100 User’s Guide Table 47 Menu 3.5 Wireless LAN Setup (continued) FIELD DESCRIPTION Key 1 to Key 4 The WEP keys are used to encrypt data. Both the ZyAIR and the wireless stations must use the same WEP key for data transmission.
ZyAIR G-5100 User’s Guide Table 47 Menu 3.5 Wireless LAN Setup (continued) FIELD DESCRIPTION Output Power Level Press [SPACE BAR] to select the amount of power you want the ZyAIR to use for the wireless signal. Use more power for greater range (larger coverage area).
ZyAIR G-5100 User’s Guide Figure 78 Menu 3.5 Wireless LAN Setup Menu 3.5 - Wireless LAN Setup Operating Mode= Access Point Name (SSID)= ZyXEL Hide Name (SSID)= No Edit MAC Address Filter= Yes Channel ID= CH06 2437MHz Edit Roaming Configuration= No...
ZyAIR G-5100 User’s Guide The following table describes the fields in this menu. Table 48 Menu 3.5.1 WLAN MAC Address Filter FIELD DESCRIPTION Active To enable MAC address filtering, press [SPACE BAR] to select Yes and press [ENTER]. Filter Action Define the filter action for the list of MAC addresses in the MAC address filter table.
ZyAIR G-5100 User’s Guide Figure 80 Menu 3.5 Wireless LAN Setup Menu 3.5 - Wireless LAN Setup Operating Mode= Access Point Name (SSID)= ZyXEL Hide Name (SSID)= No Edit MAC Address Filter= No Channel ID= CH06 2437MHz Edit Roaming Configuration= No...
ZyAIR G-5100 User’s Guide Figure 81 Menu 3.5.2 - Roaming Configuration Menu 3.5.2 - Roaming Configuration Active= No Port #= N/A The following table describes the fields in this menu. Table 49 Menu 3.5.2 - Roaming Configuration FIELD DESCRIPTION Active Press [SPACE BAR] to select Yes from the drop-down list box to enable roaming on the ZyAIR if you have two or more ZyAIRs on the same subnet.
ZyAIR G-5100 User’s Guide Figure 83 Menu 3.5.4 - Bridge Link Configuration Menu 3.5.4 - Bridge Link Configuration Enable Link 1= No Peer MAC Address= 00:00:00:00:00:00 PSK= N/A Enable Link 2= No Peer MAC Address= 00:00:00:00:00:00 PSK= N/A Enable Link 3= No...
Page 157
ZyAIR G-5100 User’s Guide Chapter 14 LAN Setup...
ZyAIR G-5100 User’s Guide H A P T E R Dial-in User Setup This chapter shows you how to create user accounts on the ZyAIR. 15.1 Dial-in User Setup By storing user profiles locally, your ZyAIR is able to authenticate wireless users without interacting with a network RADIUS server.
ZyAIR G-5100 User’s Guide Figure 85 Menu 14.1- Edit Dial-in User Menu 14.1 - Edit Dial-in User User Name= test Active= Yes Password= ******** Press ENTER to Confirm or ESC to Cancel: Leave name field blank to delete profile The following table describes the fields in this screen.
ZyAIR G-5100 User’s Guide H A P T E R SNMP Configuration This chapter explains SNMP Configuration menu 22. 16.1 About SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your ZyAIR supports SNMP agent functionality, which allows a manager station to manage and monitor the ZyAIR through the network.
ZyAIR G-5100 User’s Guide The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include the number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects.
ZyAIR G-5100 User’s Guide Figure 87 Menu 22 SNMP Configuration Menu 22 - SNMP Configuration SNMP: Get Community= public Set Community= public Trusted Host= 0.0.0.0 Trap: Community= public Destination= 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: The following table describes the SNMP configuration parameters.
ZyAIR G-5100 User’s Guide Table 53 SNMP Traps (continued) TRAP # TRAP NAME DESCRIPTION authenticationFailure (defined in A trap is sent to the manager when receiving any SNMP RFC-1215) get or set requirements with wrong community (password). linkDown (defined in RFC-1215) A trap is sent when the port is down.
ZyAIR G-5100 User’s Guide H A P T E R System Security This chapter describes how to configure the system security on the ZyAIR. 17.1 System Security You can configure the system password, an external RADIUS server and 802.1x in this menu.
ZyAIR G-5100 User’s Guide Figure 89 Menu 23 System Security Menu 23 - System Security 1. Change Password 2. RADIUS Server 4. IEEE802.1x Enter Menu Selection Number: From Menu 23- System Security, enter 2 to display Menu 23.2 – System Security –...
ZyAIR G-5100 User’s Guide Table 55 Menu 23.2 System Security: RADIUS Server (continued) FIELD DESCRIPTION Active Press [SPACE BAR] to select Yes and press [ENTER] to enable user authentication through an external accounting server. Server Address Enter the IP address of the external accounting server in dotted decimal notation.
ZyAIR G-5100 User’s Guide Figure 92 Menu 23.4 System Security: IEEE802.1x Menu 23.4 - System Security - IEEE802.1x Wireless Port Control= Authentication Required ReAuthentication Timer (in second)= 1800 Idle Timeout (in second)= 3600 Key Management Protocol= 802.1x Dynamic WEP Key Exchange= 128-bit WEP...
Page 168
ZyAIR G-5100 User’s Guide Table 56 Menu 23.4 System Security: IEEE802.1x (continued) FIELD DESCRIPTION Dynamic WEP Key This field is activated only when you select Authentication Required in the Exchange Wireless Port Control field. Also set the Authentication Databases field to RADIUS Only.
Page 169
ZyAIR G-5100 User’s Guide Once you enable user authentication, you need to specify an external RADIUS server or create local user accounts on the ZyAIR for authentication Chapter 17 System Security...
ZyAIR G-5100 User’s Guide H A P T E R System Information and Diagnosis This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software.
System Up Time This is the time the ZyAIR is up and running from the last reboot. ZyNOS F/W Version Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. Name This displays the device name.
ZyAIR G-5100 User’s Guide 18.2 System Information To get to the System Information: 1 Enter 24 to display Menu 24 – System Maintenance. 2 Enter 2 to display Menu 24.2 – System Information and Console Port Speed. 3 From this menu you have two choices as shown in the next figure: Figure 95 Menu 24.2 System Information and Console Port Speed...
Menu 1 – General Setup. Routing Refers to the routing protocol used. ZyNOS F/W Version Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. Country Code Refers to the country code of the firmware.
ZyAIR G-5100 User’s Guide 18.3.1 Viewing Error Log The first place you should look for clues when something goes wrong is the error log. Follow the procedures to view the local error/trace log: 1 Type 24 in the main menu to display Menu 24 – System Maintenance.
ZyAIR G-5100 User’s Guide Figure 100 Menu 24.4 System Maintenance: Diagnostic Menu 24.4 - System Maintenance - Diagnostic TCP/IP 1. Ping Host 2. DHCP Release 3. DHCP Renewal System 11. Reboot System Enter Menu Selection Number: Host IP Address= N/A Follow the procedure next to get to display this menu: 1 From the main menu, type 24 to open Menu 24 –...
The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password and TCP/IP Setup, etc. It arrives from ZyXEL with a rom filename extension. Once you have customized the ZyAIR's settings, they can be saved back to your computer under a filename of your choosing.
ZyAIR G-5100 User’s Guide The following table is a summary. Please note that the internal filename refers to the filename on the ZyAIR and the external filename refers to the filename not on the ZyAIR, that is, on your computer, local network or FTP site and so the name (but not the extension) will vary.
ZyAIR G-5100 User’s Guide 19.2.2 Using the FTP command from the DOS Prompt 1 Launch the FTP client on your computer. 2 Enter “open” and the IP address of your ZyAIR. 3 Press [ENTER] when prompted for a username. 4 Enter your password as requested. The default is 1234.
ZyAIR G-5100 User’s Guide 19.2.3 Backup Configuration Using TFTP The ZyAIR supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended.
ZyAIR G-5100 User’s Guide Table 62 General Commands for Third Party TFTP Clients (continued) COMMAND DESCRIPTION Local File Enter the path and name of the firmware file (*.bin extension) or configuration file (*.rom extension) on your computer. Remote File This is the filename on the ZyAIR. The filename for the firmware is “ras” and for the configuration file, is “rom-0”.
ZyAIR G-5100 User’s Guide Figure 106 Successful Backup Confirmation Screen ** Backup Configuration completed. OK. ### Hit any key to continue.### 19.3 Restore Configuration Menu 24.6 –- System Maintenance – Restore Configuration allows you to restore the configuration via FTP or TFTP to your ZyAIR. The preferred method is FTP. Note that this function erases the current configuration before restoring the previous backup configuration;...
ZyAIR G-5100 User’s Guide 19.4 Uploading Firmware and Configuration Files Menu 24.7 – System Maintenance – Upload Firmware allows you to upgrade the firmware and the configuration file. Note: WARNING! PLEASE WAIT A FEW MINUTES FOR THE ZYAIR TO RESTART AFTER FIRMWARE OR CONFIGURATION FILE UPLOAD.
ZyAIR G-5100 User’s Guide Figure 109 Menu 24.7.1 System Maintenance: Upload System Firmware Menu 24.7.1 - System Maintenance - Upload System Firmware To upload the system firmware, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your system. Then type "root" and SMT password as requested.
ZyAIR G-5100 User’s Guide 4 Enter your password as requested. The default is 1234. 5 Enter “bin” to set transfer mode to binary. 6 Use “put” to transfer files from the computer to the ZyAIR, e.g., put firmware.bin ras transfers the firmware on your computer (firmware.bin) to the ZyAIR and renames it “ras”.
ZyAIR G-5100 User’s Guide 5 Use the TFTP client (see the example below) to transfer files between the ZyAIR and the computer. The file name for the firmware is “ras” and the configuration file is “rom-0” (rom-zero, not capital o).
ZyAIR G-5100 User’s Guide Figure 112 Menu 24.7.1 as Seen Using the Console Port Menu 24.7.1 - System Maintenance - Upload System Firmware To upload system firmware: 1. Enter "y" at the prompt below to go into debug mode. 2. Enter "atur" after "Enter Debug Mode" message.
ZyAIR G-5100 User’s Guide Figure 114 Menu 24.7.2 as Seen Using the Console Port Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload system configuration file: 1. Enter "y" at the prompt below to go into debug mode.
Enter the CI from the SMT by selecting menu 24.8. See the included disk or the zyxel.com web site for more detailed information on CI commands. Enter 8 from Menu 24 – System Maintenance. A list of valid commands can be found by typing help or ? at the command prompt.
ZyAIR G-5100 User’s Guide Figure 118 Menu 24.10 System Maintenance: Time and Date Setting Menu 24.10 - System Maintenance - Time and Date Setting Time Protocol= Manual Time Server Address= N/A Current Time: 00 : 57 : 07 New Time (hh:mm:ss):...
ZyAIR G-5100 User’s Guide 20.2.1 Resetting the Time The ZyAIR resets the time in three instances: 1 On leaving menu 24.10 after making changes. 2 When the ZyAIR starts up, if there is a timeserver configured in menu 24.10. 3 24-hour intervals after starting.
ZyAIR G-5100 User’s Guide H A P T E R Troubleshooting This appendix covers potential problems and possible remedies. After each problem description, some instructions are provided to help you to diagnose and to solve the problem. 21.1 Problems Starting Up the ZyAIR...
ZyAIR G-5100 User’s Guide 21.3 Problems with the Ethernet Interface Table 66 Troubleshooting the Ethernet Interface PROBLEM CORRECTIVE ACTION Cannot access If all of the LEDs on the inline power injector are on, check the Ethernet cable the ZyAIR from connection between your ZyAIR and the computer connected to the DATA IN port the LAN.
ZyAIR G-5100 User’s Guide 21.6 Problems with the WLAN Interface Table 69 Troubleshooting the WLAN Interface PROBLEM CORRECTIVE ACTION I cannot ping any Make sure the wireless adapter on the wireless station is working properly. computer on the Check that both the ZyAIR and wireless station(s) are using the same SSID, WLAN.
ZyAIR G-5100 User’s Guide Table 72 Hardware Specifications (continued) Compatibility Fully interoperable with IEEE802.11g and IEEE802.11b compliant products Power Supply (for Inline 100 ~ 240VAC 50/60Hz800mA at -48VDC (PoE) Power Injector) Radio Specifications Table 73 Radio Specifications FREQUENCY BAND 2.4 ~ 2.4835 (GHZ)
ZyAIR G-5100 User’s Guide Figure 119 Inspection Cosmetic and Function TEST ITEM TEST CONDITION CRITERIA High Temp. +70 Deg. C No Damage In Temperature Cosmetics or Error In Storage 24 hours Operation Function Test Operation mode in the chamber Spec.
Page 200
ZyAIR G-5100 User’s Guide Table 78 Approvals North America FCC Part 15 Class B European Union (CE mark) EN55022 Class BEN61000-3- 2EN61000-3-3 European Union (CE mark) EN61000-4-2 ELECTROSTATIC DISCHARGE EN61000-4-3 RADIO-FREQUENCY ELECTROMAGNETIC FIELD EN61000-4-4 EFT/BURST EN61000-4-5 SURGE EN61000-4-6 CONDUCTED SUSCEPTIBILITY...
Page 201
ZyAIR G-5100 User’s Guide Appendix A Specifications...
ZyAIR G-5100 User’s Guide Appendix C Power over Ethernet Specifications You can use a power over Ethernet injector to power this device. The injector must comply to IEEE 802.3af.-7 Table 80 Power over Ethernet Injector Specifications Power Output 15.4 Watts maximum...
Page 205
ZyAIR G-5100 User’s Guide Appendix C Power over Ethernet Specifications...
ZyAIR G-5100 User’s Guide Appendix D Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer.
ZyAIR G-5100 User’s Guide Figure 120 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
ZyAIR G-5100 User’s Guide 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab.
ZyAIR G-5100 User’s Guide Figure 122 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add.
ZyAIR G-5100 User’s Guide Figure 123 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 124 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties.
ZyAIR G-5100 User’s Guide Figure 125 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 126 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
ZyAIR G-5100 User’s Guide • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. • Click Advanced. Figure 127 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK.
ZyAIR G-5100 User’s Guide Figure 128 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
ZyAIR G-5100 User’s Guide Figure 129 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT).
ZyAIR G-5100 User’s Guide Figure 130 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 131 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. Appendix D Setting up Your Computer’s IP Address...
ZyAIR G-5100 User’s Guide 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. •...
ZyAIR G-5100 User’s Guide Figure 133 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box.
ZyAIR G-5100 User’s Guide Appendix E IP Subnetting IP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1.
ZyAIR G-5100 User’s Guide Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127. Similarly the first octet of a class “B” must begin with “10”, therefore the first octet of a class “B”...
ZyAIR G-5100 User’s Guide Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/”...
ZyAIR G-5100 User’s Guide Divide the network 192.168.1.0 into two separate subnets by converting one of the host ID bits of the IP address to a network number bit. The “borrowed” host ID bit can be either “0” or “1”...
ZyAIR G-5100 User’s Guide Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow” two host ID bits to give four possible combinations of 00, 01, 10 and 11. The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192.
ZyAIR G-5100 User’s Guide Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID.
Page 225
ZyAIR G-5100 User’s Guide Appendix E IP Subnetting...
ZyAIR G-5100 User’s Guide Appendix F Wireless LAN and IEEE 802.11 A wireless LAN (WLAN) provides a flexible data communications system that you can use to access various services (navigating the Internet, email, printer services, etc.) without the use of a cabled connection.
ZyAIR G-5100 User’s Guide Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless nodes or stations (STA), which is called a Basic Service Set (BSS). In the most basic form, a wireless LAN connects a set of computers with wireless adapters. Any...
ZyAIR G-5100 User’s Guide Appendix G Wireless LAN With IEEE 802.1x As wireless networks become popular for both portable computing and corporate networks, security is now a priority. Security Flaws with IEEE 802.11 Wireless networks based on the original IEEE 802.11 have a poor reputation for safety. The IEEE 802.11b wireless access standard, first published in 1999, was based on the MAC...
ZyAIR G-5100 User’s Guide RADIUS Server Authentication Sequence The following figure depicts a typical wireless network with a remote RADIUS server for user authentication using EAPOL (EAP Over LAN). Figure 136 Sequences for EAP MD5–Challenge Authentication Appendix G Wireless LAN With IEEE 802.1x...
ZyAIR G-5100 User’s Guide Appendix H Types of EAP Authentication This appendix discusses the five popular EAP authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and LEAP. The type of authentication you use depends on the RADIUS server or the AP. Consult your network administrator for more information.
ZyAIR G-5100 User’s Guide PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication.
ZyAIR G-5100 User’s Guide Appendix I Outdoor Site Planning This appendix provides information on site planning requirements for the installation of your outdoor wireless device. Introduction The installation of a wireless network requires some additional planning over a wired network.
Page 235
ZyAIR G-5100 User’s Guide Weather It is important to research any unusual weather conditions that are common to the site location. These conditions include extreme • Rainfall • Fog • Wind • Temperature Ranges. If extreme conditions exist that may affect the integrity of the radio link, the effects of these conditions should be considered early in the planning process.
ZyAIR G-5100 User’s Guide Temperature Ranges Temperature can adversely affect the radio link when phenomena such as temperature inversion or very still air accompanied by stratification occur See the section on Fog for further detail. Lightning The potential for lightning damage to radio equipment should always be considered when planning a wireless link.
ZyAIR G-5100 User’s Guide Antenna placement and polarization, is the most effective method of reducing this type of interference. Antennas Antennas play a key role in reducing the potential for interference. They come in a variety of configurations that have different performance characteristics in the areas of gain and direction.
ZyAIR G-5100 User’s Guide • Omni-directional antennas send the RF signal out in all directions on a horizontal plane. The coverage area is torus-shaped (like a donut) which makes these antennas ideal for a room environment. With a wide coverage area, it is possible to make circular overlapping coverage areas with multiple access points.
Page 239
ZyAIR G-5100 User’s Guide • Availability represents the quality of a link. It is the ratio of the time that the link is available to the total time. This serves as a guide to the service that you can expect, on average, over a period of one year.
ZyAIR G-5100 User’s Guide Appendix J Outdoor Installation Recommendations This appendix provides information on site requirements for the installation of your outdoor wireless device See the Quick Start Guide for more information on site installation. Mounting An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air.
ZyAIR G-5100 User’s Guide Direct grounding of the antenna mast and outdoor wireless device. The outdoor wireless device should be connected to the same grounding system as the antenna mast and the AC wall outlet. The grounding system must comply with the National Electrical Code and safety standards that apply in your country.
Page 242
ZyAIR G-5100 User’s Guide For omni-directional antennas mounted on a table, desk, and so on, point the antenna up. For omni-directional antennas mounted on a wall or ceiling, point the antenna down. For a single AP application, place omni-directional antennas as close to the center of the coverage area as possible.
Enter 8 to go to Menu 24.8 - Command Interpreter Mode. See the included disk or zyxel.com for more detailed information on these commands. Note: Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable.
Page 245
ZyAIR G-5100 User’s Guide Appendix K Command Interpreter...
ZyAIR G-5100 User’s Guide Appendix L Brute-Force Password Guessing Protection The following describes the commands for enabling, disabling and configuring the brute-force password guessing protection mechanism for the password. See Appendix K on page 244 information on the command structure.
ZyAIR G-5100 User’s Guide Appendix M Log Descriptions This appendix provides descriptions of example log messages. Table 98 System Maintenance Logs LOG MESSAGE DESCRIPTION The router has adjusted its time based on information from the time server. Time calibration is successful The router failed to get information from the time server.
ZyAIR G-5100 User’s Guide Table 99 ICMP Notes (continued) TYPE CODE DESCRIPTION Redirect datagrams for the Host Redirect datagrams for the Type of Service and Network Redirect datagrams for the Type of Service and Host Echo Echo message Time Exceeded...
ZyAIR G-5100 User’s Guide Use sys logs category followed by a log category and a parameter to decide what to record Table 101 Log Categories and Available Settings LOG CATEGORIES AVAILABLE PARAMETERS error 0, 1, 2, 3 mten 0, 1...
Page 251
ZyAIR G-5100 User’s Guide Appendix M Log Descriptions...