Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Troubleshooting
Related Manuals for ZyXEL Communications 100-NH
Summary of Contents for ZyXEL Communications 100-NH
- Page 1 NWA 1100-NH / 1121-NI / 1123-NI / 1123-AC WLAN PoE Access Points Version 2.00 Edition 1, 06/2014 Quick Start Guide User’s Guide Default Login Details LAN IP Address http://192.168.1.2 User Name admin Password 1234 www.zyxel.com Copyright © 2014 ZyXEL Communications Corporation...
- Page 2 IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. This is a User’s Guide for a series of products. Not all products support all firmware features. Screenshots and graphics in this book may differ slightly from your product due to differences in your product firmware or your computer operating system.
-
Page 3: Table Of Contents
Contents Overview Contents Overview User’s Guide ............................8 Introducing the NWA ..........................9 Introducing the Web Configurator ......................18 Dashboard ...............................24 Tutorial ..............................28 Technical Reference ..........................45 Monitor ..............................46 Wireless LAN ............................51 LAN and VLAN ............................87 System ..............................92 Log Settings ............................105 Maintenance ............................109 Troubleshooting ............................ 117 NWA1000 Series User’s Guide... -
Page 4: Table Of Contents
Table of Contents Table of Contents Contents Overview ..........................3 Table of Contents ..........................4 Part I: User’s Guide ................... 8 Chapter 1 Introducing the NWA ..........................9 1.1 Introducing the NWA ...........................9 1.1.1 Dual-Band ..........................9 1.2 Wireless Modes ..........................10 1.2.1 MBSSID ...........................10 1.2.2 Wireless Client ......................... - Page 5 Table of Contents Chapter 4 Tutorial ..............................28 4.1 How to Configure the Wireless LAN ....................28 4.1.1 Choosing the Wireless Mode ....................28 4.1.2 Further Reading ........................28 4.2 How to Configure Multiple Wireless Networks ..................28 4.2.1 Configure the SSID Profiles .....................30 4.2.2 Configure the Standard Network .....................32 4.2.3 Configure the VoIP Network ....................33 4.2.4 Configure the Guest Network ....................35 4.2.5 Testing the Wireless Networks ....................37...
- Page 6 Table of Contents 6.6 Wireless Security Screen ........................72 6.6.1 Security: WEP .........................74 6.6.2 Security: WPA2, WPA2-MIX ....................75 6.6.3 Security: WPA2-PSK, WPA2-PSK-MIX ...................77 6.7 RADIUS Screen ..........................78 6.8 Layer-2 Isolation ..........................80 6.8.1 Layer-2 Isolation Screen ......................81 6.9 MAC Filter Screen ..........................82 6.10 Technical Reference ........................84 6.10.1 Additional Wireless Terms .....................84 6.10.2 WMM QoS ..........................85...
- Page 7 Table of Contents 9.3 What You Need To Know ........................106 9.4 Log Settings Screen ........................106 Chapter 10 Maintenance ............................109 10.1 Overview ............................109 10.2 What You Can Do in this Chapter ....................109 10.3 What You Need To Know ......................110 10.4 General Screen ..........................110 10.5 Password Screen ..........................
-
Page 8: User's Guide
User’s Guide... -
Page 9: Introducing The Nwa
H A PT ER Introducing the NWA This chapter introduces the main applications and features of the NWA. It also discusses the ways you can manage your NWA. 1.1 Introducing the NWA This User’s Guide covers the following models: NWA1100-NH, NWA1121-NI, NWA1123-NI and NWA1123-AC. -
Page 10: Wireless Modes
Chapter 1 Introducing the NWA downloading while using the 5 GHz band for time sensitive traffic like high-definition video, music, and gaming. Figure 1 Dual-Band Application 1.2 Wireless Modes The NWA can be configured to use the following WLAN operating modes: NUMBER OF OPERATING MODE REPEATER FUNCTION... -
Page 11: Wireless Client
Chapter 1 Introducing the NWA To the wireless clients in the network, each SSID appears to be a different access point. As in any wireless network, clients can associate only with the SSIDs for which they have the correct security settings. - Page 12 Chapter 1 Introducing the NWA In the figure below, the printer can receive requests from the wired computer clients A and B via the NWA in Client mode (Z) using only the 2.4 GHz band. Figure 3 Wireless Client Application NWA1000 Series User’s Guide...
-
Page 13: Root Ap
Chapter 1 Introducing the NWA 1.2.3 Root AP In Root AP mode, the NWA (Z) can act as the root AP in a wireless network and also allow repeaters (X and Y) to extend the range of its wireless network at the same time. In the figure below, both clients A, B and C can access the wired network through the root AP. -
Page 14: Ways To Manage The Nwa
Chapter 1 Introducing the NWA clients and the wired LAN. Clients A and B access the AP and the wired network behind the AP through repeaters Z and Y. Figure 5 Repeater Application When the NWA is in Repeater mode, repeater security between the NWA and other repeater is independent of the security between the wireless clients and the AP or repeater. -
Page 15: Configuring Your Nwa's Security Features
Chapter 1 Introducing the NWA 1.4 Configuring Your NWA’s Security Features Your NWA comes with a variety of security features. This section summarizes these features and provides links to sections in the User’s Guide to configure security settings on your NWA. Follow the suggestions below to improve security on your NWA and network. -
Page 16: Hardware Connections
Chapter 1 Introducing the NWA • Back up the configuration (and make sure you know how to restore it). Restoring an earlier working configuration may be useful if the device becomes unstable or even crashes. If you forget your password, you will have to reset the NWA to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the NWA. - Page 17 Chapter 1 Introducing the NWA Table 2 LED (continued) COLOR STATUS DESCRIPTION WLAN Green The WLAN is active. Blinking The WLAN is transmitting or receiving data. The WLAN is not active. UPLINK Green The port is connected. Blinking The NWA is sending/receiving data through the port. The port is not connected.
-
Page 18: Introducing The Web Configurator
H A PT ER Introducing the Web Configurator This chapter describes how to access the NWA’s web configurator and provides an overview of its screens. 2.1 Overview The NWA Web Configurator allows easy management using an Internet browser. In order to use the Web Configurator, you must: •... - Page 19 Chapter 2 Introducing the Web Configurator Type “192.168.1.2” as the URL (default). The login screen appears. Figure 7 The Login Screen Type “admin” as the (default) username and “1234” as the (default) password. Click Login. You should see a screen asking you to change your password (highly recommended) as shown next.
-
Page 20: Resetting The Nwa
Chapter 2 Introducing the Web Configurator 2.3 Resetting the NWA If you forget your password or cannot access the web configurator, you will need to use the RESET button at the rear panel of the NWA. This replaces the current configuration file with the factory- default configuration file. -
Page 21: Navigating The Web Configurator
Chapter 2 Introducing the Web Configurator 2.4 Navigating the Web Configurator The following summarizes how to navigate the web configurator from the Dashboard screen. This guide uses the NWA1100-NH screens as an example. The screens may vary slightly for different models. -
Page 22: Navigation Panel
Chapter 2 Introducing the Web Configurator 2.4.2 Navigation Panel Use the menu items on the navigation panel to open screens to configure NWA features. The following tables describe each menu item. Table 3 Navigation Panel Summary LINK FUNCTION Dashboard This screen shows the NWA’s general device and network status information. -
Page 23: Main Window
Chapter 2 Introducing the Web Configurator Table 3 Navigation Panel Summary LINK FUNCTION Configuration File Use this screen to backup and restore your device’s configuration (settings) or reset the factory default settings. Restart Use this screen to reboot the NWA without turning the power off. 2.4.3 Main Window The main window displays information and configuration fields. -
Page 24: Dashboard
H A PT ER Dashboard The Dashboard screens display when you log into the NWA, or click Dashboard in the navigation menu. Use the Dashboard screen to look at the current status of the device, system resources, and interfaces. The Dashboard screens also provide detailed information about system statistics, associated wireless clients, and logs. - Page 25 Chapter 3 Dashboard Click Dashboard. The following screen displays. Figure 11 The Dashboard Screen (NWA1100-NH) Figure 12 The Dashboard Screen (NWA1123-NI or NWA1123-AC) NWA1000 Series User’s Guide...
- Page 26 Chapter 3 Dashboard The following table describes the labels in this screen. Table 4 The Dashboard Screen LABEL DESCRIPTION Refresh Interval Select how often you want the NWA to update this screen. Refresh Now Click this to update this screen immediately. System Information System Name This field displays the NWA system name.
- Page 27 Chapter 3 Dashboard Table 4 The Dashboard Screen (continued) LABEL DESCRIPTION View Log Click this to see a list of logs produced by the NWA. See Section 5.3 on page System Status System Up Time This field displays the elapsed time since the NWA was turned on. Current Date/Time This field displays the date and time configured on the NWA.
-
Page 28: Tutorial
H A PT ER Tutorial This chapter first provides an overview of how to configure the wireless LAN on your NWA, and then gives step-by-step guidelines showing how to configure your NWA for some example scenarios. 4.1 How to Configure the Wireless LAN This section illustrates how to choose which wireless operating mode to use on the NWA and how to set up the wireless LAN in each wireless mode. - Page 29 Chapter 4 Tutorial page 67) to provide multiple wireless networks. Each wireless network will cater to a different type of user. You want to make three wireless networks: one standard office wireless network with all the same settings you already have, another wireless network with high priority QoS settings for Voice over IP (VoIP) users, and a guest network that allows visitors to access only the Internet and the network printer.
-
Page 30: Configure The Ssid Profiles
Chapter 4 Tutorial To configure these settings, you need to know the Media Access Control (MAC) addresses of the devices you want to allow users of the guest network to access. The following table shows the addresses used in this example. Table 5 Tutorial: Example Information Network router (A) MAC address 00:AA:00:AA:00:AA... - Page 31 Chapter 4 Tutorial 4.2.1.1 MBSSID Go to Wireless LAN > Wireless Settings. Select MBSSID from the Operation Mode drop-down list box. SSID01 is the standard network, so select SSID01 as the first profile. It is always active. Select VoIP_SSID as the second profile, and Guest_SSID as the third profile. Select the corresponding Active check-boxes.
-
Page 32: Configure The Standard Network
Chapter 4 Tutorial 4.2.2 Configure the Standard Network Click Wireless LAN > SSID. Click the Edit icon next to SSID01. Select SecProfile1 as SSID01’s security profile. Select the Hidden SSID checkbox as you want only authorized company employees to use this network, so there is no need to broadcast the SSID to wireless clients scanning the area. -
Page 33: Configure The Voip Network
Chapter 4 Tutorial Next, click Wireless LAN > Security. Click the Edit icon next to SecProfile1. Since SSID01 is the standard network that has access to all resources, assign a more secure security mode. Select WPA2-PSK-MIX as the Security Mode, and enter the Pre-Shared Key. In this example, use ThisisSSID01PreSharedKey. - Page 34 Chapter 4 Tutorial Select WMM_VOICE in the QoS field to give VoIP the highest priority in the wireless network. Click Apply. Next, click Wireless LAN > Security. Click the Edit icon next to SecProfile2. NWA1000 Series User’s Guide...
-
Page 35: Configure The Guest Network
Chapter 4 Tutorial Select WPA2-PSK as the Security Mode, and enter the Pre-Shared Key. In this example, use ThisisVoIPPreSharedKey. Click Apply. Your VoIP wireless network is now ready to use. Any traffic using the VoIP_SSID profile will be given the highest priority across the wireless network. 4.2.4 Configure the Guest Network When you are setting up the wireless network for guests to your office, your primary concern is to keep your network secure while allowing access to certain resources (such as a network printer, or... - Page 36 Chapter 4 Tutorial Select the check-box of Intra-BSS Traffic blocking Enabled. Click Apply. Next, click Wireless LAN > Security. Click the Edit icon next to SecProfile3. Select WPA2-PSK in the Security Mode field. WPA2-PSK provides strong security that is supported by most wireless clients. Even though your Guest_SSID clients do not have access to sensitive information on the network, you should not leave the network without security.
-
Page 37: Testing The Wireless Networks
Chapter 4 Tutorial Enter the PSK you want to use in your network in the Pre Shared Key field. In this example, the PSK is ThisismyGuestWPA2pre-sharedkey. Click Apply. Your guest wireless network is now ready to use. 4.2.5 Testing the Wireless Networks To make sure that the three networks are correctly configured, do the following. -
Page 38: Configuring The Nwa In Mbssid Or Root Ap Mode
Chapter 4 Tutorial wireless traffic between B and wireless clients connected to A (W, Y and Z). Other wireless devices (X) must not be able to connect to the FTP server. Figure 13 FTP Server Connected to a Wireless Client 4.3.2 Configuring the NWA in MBSSID or Root AP Mode Before setting up the NWA as a wireless client (B), you need to make sure there is an access point to connect to. - Page 39 Chapter 4 Tutorial Log into the Web Configurator on NWA (A) and go to the Wireless LAN > Wireless Settings screen. Set the Operation Mode to Root AP. Select the Wireless Mode. In this example, select 802.11b/g/n. Select Profile1 as the SSID Profile. Choose the Channel you want NWA (A) to use.
- Page 40 Chapter 4 Tutorial Go to Wireless LAN > SSID. Click the Edit icon next to Profile1. Change the SSID to AP-A. Select SecProfile1 in the Security field. Select the check-box for Intra-BSS Traffic blocking Enabled so the client cannot access other clients on the same wireless network.
-
Page 41: Configuring The Nwa In Wireless Client Mode
Chapter 4 Tutorial 11 Go to Wireless LAN > Security. Click the Edit icon next to SecProfile1. 12 Configure WPA2-PSK as the Security Mode and enter ThisisMyPreSharedKey in the Pre- Shared Key field. 13 Click Apply to finish configuration for NWA (A). 4.3.3 Configuring the NWA in Wireless Client Mode The NWA (B) should have a wired connection before it can be set to wireless client operating mode. - Page 42 Chapter 4 Tutorial Select Client as Operation Mode. Click Apply. Site Survey button appears next to the drop-down list. Click on the Site Survey button. A window should pop up which contains a list of all available wireless devices within your NWA’s range. Find and select NWA (A)’s SSID: AP-A.
-
Page 43: Mac Filter Setup
Chapter 4 Tutorial Go to Wireless LAN > Security to configure the NWA to use the same security mode and Pre- Shared Key as NWA (A): WPA2-PSK/ThisisMyPreSharedKey. Click Apply. Figure 14 4.3.4 MAC Filter Setup One way to ensure that only specified wireless clients can access the FTP server is by enabling MAC filtering on NWA (B) (See Section 6.9 on page 82 for more information on MAC Filter). -
Page 44: Testing The Connection And Troubleshooting
Chapter 4 Tutorial 4.3.5 Testing the Connection and Troubleshooting This section discusses how you can check if you have correctly configured your network setup as described in this tutorial. • Try accessing the FTP server from wireless clients W, Y or Z. Test if you can send or retrieve a file. -
Page 45: Technical Reference
Technical Reference The appendices provide general information. Some details may not apply to your NWA. -
Page 46: Monitor
H A PT ER Monitor 5.1 Overview This chapter discusses read-only information related to the device state of the NWA. Note: To access the Monitor screens, you can also click the links in the Summary table of the Dashboard screen to view the wireless packets sent/received as well as the status of clients connected to the NWA. -
Page 47: Statistics
Chapter 5 Monitor Click Monitor > Logs. Figure 15 Logs The following table describes the labels in this screen. Table 6 Logs LABEL DESCRIPTION Display Select a category of logs to view. Select All Log to view logs from all of the log categories that you selected in the Configuration >... -
Page 48: Association List
Chapter 5 Monitor Click Monitor > Statistics. The following screen pops up. Figure 16 Statistics The following table describes the labels in this screen. Table 7 Statistics LABEL DESCRIPTION Description This is the wireless interface on the NWA. 802.11 Mode This field shows which 802.11 mode the NWA is using. -
Page 49: Channel Usage
Chapter 5 Monitor Click Monitor > Association List to display the screen as shown next. Figure 17 Association List The following table describes the labels in this screen. Table 8 Association List LABEL DESCRIPTION This is the index number of an associated wireless device. MAC Address This field displays the MAC address of an associated wireless device. - Page 50 Chapter 5 Monitor Wait a moment while the NWA compiles the information. Figure 18 Channel Usage The following table describes the labels in this screen. Table 9 Channel Usage LABEL DESCRIPTION SSID This is the Service Set IDentification (SSID) name of the AP in an Infrastructure wireless network or wireless station in an Ad-Hoc wireless network.
-
Page 51: Wireless Lan
H A PT ER Wireless LAN 6.1 Overview This chapter discusses the steps to configure the Wireless Settings screen on the NWA. It also introduces the wireless LAN (WLAN) and some basic scenarios. Figure 19 Wireless Mode In the figure above, the NWA allows access to another bridge device (A) and a notebook computer (B) upon verifying their settings and credentials. -
Page 52: What You Need To Know
Chapter 6 Wireless LAN • Use the MAC Filter screen to specify which wireless station is allowed or denied access to the NWA (see Section 6.9 on page 82). 6.3 What You Need To Know A Basic Service Set (BSS) exists when all communications between wireless clients or between a wireless client and a wired network client go through one access point (AP). - Page 53 Chapter 6 Wireless LAN Channel A channel is the radio frequency(ies) used by wireless devices. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference. Wireless Mode The IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional accounting and control features.
- Page 54 Chapter 6 Wireless LAN The NWA secure communications via data encryption, wireless client authentication and MAC address filtering. It can also hide its identity in the network. User Authentication Authentication is the process of verifying whether a wireless device is allowed to use the wireless network.
- Page 55 Chapter 6 Wireless LAN Passphrase A passphrase functions like a password. In WEP security mode, it is further converted by the NWA into a complicated string that is referred to as the “key”. This key is requested from all devices wishing to connect to a wireless network.
-
Page 56: Wireless Settings Screen
Chapter 6 Wireless LAN In the figure above, wireless clients A and B are trying to access the Internet via the NWA. The NWA in turn queries the RADIUS server if the identity of clients A and U are allowed access to the Internet. -
Page 57: Root Ap Mode
Chapter 6 Wireless LAN 6.4.1 Root AP Mode Use this screen to use your NWA as an access point. Select Root AP as the Operation Mode. The following screen displays. Figure 22 Wireless LAN > Wireless Settings: Root AP The following table describes the general wireless LAN labels in this screen. Table 11 Wireless LAN >... - Page 58 Chapter 6 Wireless LAN Table 11 Wireless LAN > Wireless Settings: Root AP (continued) LABEL DESCRIPTION Wireless Mode If you are in the Wireless LAN > Wireless Settings or Wireless LAN > Wireless Settings- 2.4G screen, you can select from the following: •...
- Page 59 Chapter 6 Wireless LAN Table 11 Wireless LAN > Wireless Settings: Root AP (continued) LABEL DESCRIPTION Repeater SSID Select the SSID profile you want to use for repeater connections. Profile Note: You can only configure None, or WPA2-PSK security mode for the SSID used by a repeater connection.
- Page 60 Chapter 6 Wireless LAN Table 11 Wireless LAN > Wireless Settings: Root AP (continued) LABEL DESCRIPTION MCS Rate The MCS Rate table is available only when 802.11n, 802.11b/g/n, 802.11a/n or 802.11a/n/ac is selected in the Wireless Mode field. IEEE 802.11n supports many different data rates which are called MCS rates. MCS stands for Modulation and Coding Scheme.
-
Page 61: Repeater Mode
Chapter 6 Wireless LAN 6.4.2 Repeater Mode Use this screen to have the NWA act as a wireless repeater. You need to know the MAC address of the peer device, which also must be in Repeater or Root AP mode. Figure 23 Wireless LAN >... - Page 62 Chapter 6 Wireless LAN Table 12 Wireless LAN > Wireless Settings: Repeater (continued) LABEL DESCRIPTION Wireless Mode If you are in the Wireless LAN > Wireless Settings or Wireless LAN > Wireless Settings- 2.4G screen, you can select from the following: •...
- Page 63 Chapter 6 Wireless LAN Table 12 Wireless LAN > Wireless Settings: Repeater (continued) LABEL DESCRIPTION DTIM Interval Delivery Traffic Indication Message (DTIM) is the time period after which broadcast and multicast packets are transmitted to mobile clients in the Active Power Management mode.
-
Page 64: Wireless Client Mode
Chapter 6 Wireless LAN 6.4.3 Wireless Client Mode Use this screen to turn your NWA into a wireless client. Select Client as the Operation Mode. The following screen displays. Figure 24 Wireless LAN > Wireless Settings: Wireless Client The following table describes the general wireless LAN labels in this screen. Table 13 Wireless LAN >... - Page 65 Chapter 6 Wireless LAN Table 13 Wireless LAN > Wireless Settings: Wireless Client (continued) LABEL DESCRIPTION SSID Profile The SSID (Service Set IDentifier) identifies the Service Set with which a wireless station is associated. Wireless stations associating to the access point (AP) must have the same SSID.
- Page 66 Chapter 6 Wireless LAN Table 13 Wireless LAN > Wireless Settings: Wireless Client (continued) LABEL DESCRIPTION Short GI This field is not available in the NWA1100-NH and NWA1123-NI. Select Enabled to use Short GI (Guard Interval). The guard interval is the gap introduced between data transmission from users in order to reduce interference.
-
Page 67: Mbssid Mode
Chapter 6 Wireless LAN 6.4.4 MBSSID Mode Use this screen to have the NWA function in MBSSID mode. Select MBSSID as the Operation Mode. The following screen diplays. Figure 25 Wireless LAN > Wireless Settings: MBSSID The following table describes the labels in this screen. Table 14 Wireless LAN >... - Page 68 Chapter 6 Wireless LAN Table 14 Wireless LAN > Wireless Settings: MBSSID (continued) LABEL DESCRIPTION Wireless Mode If you are in the Wireless LAN > Wireless Settings or Wireless LAN > Wireless Settings- 2.4G screen, you can select from the following: •...
- Page 69 Chapter 6 Wireless LAN Table 14 Wireless LAN > Wireless Settings: MBSSID (continued) LABEL DESCRIPTION Preamble Type Select Dynamic to have the AP automatically use short preamble when wireless adapters support it, otherwise the AP uses long preamble. Select Long if you are unsure what preamble mode the wireless adapters support, and to provide more reliable communications in busy wireless networks.
-
Page 70: Ssid Screen
Chapter 6 Wireless LAN 6.5 SSID Screen Use this screen to view and modify the settings of the SSID profiles on the NWA. Click Wireless LAN > SSID to display the screen as shown. Figure 26 Wireless LAN > SSID The following table describes the labels in this screen. -
Page 71: Configuring Ssid
Chapter 6 Wireless LAN 6.5.1 Configuring SSID Use this screen to configure an SSID profile. In the Wireless LAN > SSID screen, click Edit next to the SSID profile you want to configure to display the following screen. Figure 27 SSID: Edit The following table describes the labels in this screen. -
Page 72: Wireless Security Screen
Chapter 6 Wireless LAN Table 16 SSID: Edit (continued) LABEL DESCRIPTION Select the Quality of Service priority for this BSS’s traffic. • If you select WMM from the QoS list, the priority of a data packet depends on the packet’s IEEE 802.1q or DSCP header. If a packet has no WMM value assigned to it, it is assigned the default priority. - Page 73 Chapter 6 Wireless LAN Click Wireless LAN > Security. Select the profile that you want to configure and click Edit. Figure 28 Wireless > Security The Security Settings screen varies depending upon the security mode you select. Figure 29 Security: None Note that some screens display differently depending on the operating mode selected in the Wireless LAN >...
-
Page 74: Security: Wep
Chapter 6 Wireless LAN 6.6.1 Security: WEP Use this screen to use WEP as the security mode for your NWA. Select WEP in the Security Mode field to display the following screen. Figure 30 Security: WEP The following table describes the labels in this screen. Table 17 Security: WEP LABEL DESCRIPTION... -
Page 75: Security: Wpa2, Wpa2-Mix
Chapter 6 Wireless LAN Table 17 Security: WEP (continued) LABEL DESCRIPTION Key 1 to The WEP keys are used to encrypt data. Both the NWA and the wireless stations must use the same WEP key for data transmission. Key 4 If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F"). - Page 76 Chapter 6 Wireless LAN Table 18 Security: WPA2-MIX for Access Point (continued) LABEL DESCRIPTION Reauthentication Specify how often wireless stations have to resend user names and passwords in order to Time stay connected. Enter a time interval between 0 and 3600 seconds. Enter “0” to turn reauthentication off. Note: If wireless station authentication is done using a RADIUS server, the reauthentication timer on the RADIUS server has priority.
-
Page 77: Security: Wpa2-Psk, Wpa2-Psk-Mix
Chapter 6 Wireless LAN Table 19 Security: WPA2 for Wireless Client (continued) LABEL DESCRIPTION Security Mode Choose the same security mode used by the AP. Rekey Option Reauthentication Specify how often wireless stations have to resend user names and passwords in order to Time stay connected. -
Page 78: Radius Screen
Chapter 6 Wireless LAN Table 20 Security: WPA2-PSK or WPA2-PSK-MIX (continued) LABEL DESCRIPTION Back Click Back to return to the previous screen. Apply Click Apply to save your changes. Cancel Click Cancel to begin configuring this screen afresh. 6.7 RADIUS Screen Use this screen to set up your NWA’s RADIUS server settings. - Page 79 Chapter 6 Wireless LAN Select a profile you want to configure and click Edit. Figure 35 Wireless LAN > RADIUS The following table describes the labels in this screen. Table 21 Wireless LAN > RADIUS LABEL DESCRIPTION Profile Name This is the name that identifying this RADIUS profile. Primary RADIUS Select the check box to enable user authentication through an external authentication Server...
-
Page 80: Layer-2 Isolation
Chapter 6 Wireless LAN Table 21 Wireless LAN > RADIUS (continued) LABEL DESCRIPTION Backup RADIUS If the NWA cannot communicate with the primary RADIUS server, you can have the Server NWA use a backup RADIUS server. Make sure the check box is selected if you want to use the backup server. -
Page 81: Layer-2 Isolation Screen
Chapter 6 Wireless LAN network. The client can communicate with other wireless clients only if Intra-BSS Traffic blocking is disabled. Note: Intra-BSS Traffic Blocking is activated when you enable layer-2 isolation. Figure 36 Layer-2 Isolation Application MAC addresses that are not listed in the layer-2 isolation table are blocked from communicating with the NWA’s wireless clients except for broadcast packets. -
Page 82: Mac Filter Screen
Chapter 6 Wireless LAN Note: You need to know the MAC address of each wireless client, AP, computer or router that you want to allow to communicate with the NWA's wireless clients. Figure 37 Wireless LAN > Layer-2 Isolation The following table describes the labels in this screen. Table 22 Wireless LAN >... - Page 83 Chapter 6 Wireless LAN The MAC filter function allows you to configure the NWA to grant access to the NWA from other wireless devices (Allow Association) or exclude devices from accessing the NWA (Deny Association). Figure 38 MAC Filtering In the figure above, wireless client U is able to connect to the Internet because its MAC address is in the allowed association list specified in the NWA.
-
Page 84: Technical Reference
Chapter 6 Wireless LAN The following table describes the labels in this screen. Table 23 Wireless LAN > MAC Filter LABEL DESCRIPTION Profile Name This is the name that identifying this profile. Access Control Mode Select Disabled if you do not want to use this feature. Select Allow to permit access to the NWA. -
Page 85: Wmm Qos
Chapter 6 Wireless LAN TERM DESCRIPTION Roaming If you have two or more NWAs (or other wireless access points) on your wireless network, you can enable this option so that wireless devices can change locations without having to log in again. This is useful for devices, such as notebooks, that move around a lot. -
Page 86: Security Mode Guideline
Chapter 6 Wireless LAN 6.10.3 Security Mode Guideline The following is a general guideline in choosing the security mode for your NWA. • Use WPA2-PSK if you have WPA2-aware wireless clients but no RADIUS server. • Use WPA2 security if you have WPA2-aware wireless clients and a RADIUS server. WPA2 has user authentication and improved data encryption over WEP. -
Page 87: Lan And Vlan
H A PT ER LAN and VLAN 7.1 LAN Overview This chapter describes how you can configure the IP address of your NWA. The Internet Protocol (IP) address identifies a device on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. - Page 88 Chapter 7 LAN and VLAN IPv6 IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 10 addresses.
-
Page 89: Vlan Overview
Chapter 7 LAN and VLAN 7.4 VLAN Overview This section discusses how to configure the NWA’s VLAN settings. Figure 42 Management VLAN Setup In the figure above, to access and manage the NWA from computer A, the NWA and switch B’s ports to which computer A and the NWA are connected should be in the same VLAN. -
Page 90: Lan Ip Screen
Chapter 7 LAN and VLAN 7.6 LAN IP Screen Use this screen to configure the IP address for your NWA. Click Network > LAN to display the following screen. Figure 43 LAN IP The following table describes the labels in this screen. Table 27 LAN IP LABEL DESCRIPTION... - Page 91 Chapter 7 LAN and VLAN Table 27 LAN IP (continued) LABEL DESCRIPTION IPv6 Address Assignment Enable Stateful Select this to turn on IPv6 stateful auto-configuration to have the NWA obtain an Address Auto- IPv6 global address from a DHCPv6 server in your network. configuration IPv6 Address/Prefix Enter your IPv6 address and prefix manually.
-
Page 92: System
H A PT ER System 8.1 Overview This chapter shows you how to enable remote management of your NWA. It provides information on determining which services or protocols can access which of the NWA’s interfaces. Remote Management allows a user to administrate the device over the network. You can manage your NWA from a remote location via the following interfaces: •... -
Page 93: What You Need To Know
Chapter 8 System • Use the SNMP screen to configure through which interface(s) and from which IP address(es) a network systems manager can access the NWA (see Section 8.7 on page 99). • Use the FTP screen to configure through which interface(s) and from which IP address(es) you can use File Transfer Protocol (FTP) to manage the NWA. - Page 94 Chapter 8 System The next figure illustrates an SNMP management operation. Figure 45 SNMP Management Mode A SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the NWA). An agent translates the local management information from the managed device into a form compatible with SNMP.
-
Page 95: Www Screen
Chapter 8 System Telnet HTTP Certificate A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication. Figure 46 Certificates Example In the figure above, the NWA (Z) checks the identity of the notebook (A) using a certificate before granting access to the network. -
Page 96: Certificates Screen
Chapter 8 System To change your NWA’s WWW settings, click System > WWW. The following screen shows. Figure 47 System > WWW The following table describes the labels in this screen. Table 28 System > WWW LABEL DESCRIPTION HTTP Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. -
Page 97: Telnet Screen
Chapter 8 System Click System > Certificates. The following screen shows. Figure 48 System > Certificates The following table describes the labels in this screen. Table 29 System > Certificates LABEL DESCRIPTION Import Certificate Import Enter the location of a previously-saved certificate to upload to the NWA. Alternatively, Certificate click the Browse button to locate a list. - Page 98 Chapter 8 System The following table describes the labels in this screen. Table 30 System > Telnet LABEL DESCRIPTION TELNET Port You can change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Secure Access Select the interface(s) through which a computer may access the NWA using Telnet and Control...
-
Page 99: Snmp Screen
Chapter 8 System 8.7 SNMP Screen Use this screen to have a manager station administrate your NWA over the network and configure SNMP accounts on the SNMP v3 manager. A SNMP administrator/user is a SNMP manager. To change your NWA’s SNMP settings, click System > SNMP. The following screen displays. Figure 50 System >... - Page 100 Chapter 8 System The following table describes the labels in this screen. Table 31 System > SNMP LABEL DESCRIPTION SNMP Port You can change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Secure Access Select the interface(s) through which a computer may access the NWA using SNMP and Control...
-
Page 101: Ftp Screen
Chapter 8 System Table 31 System > SNMP (continued) LABEL DESCRIPTION Privacy Protocol Specify the encryption method used for SNMP communication with the SNMP administrator. DES - Data Encryption Standard is a widely used (but breakable) method of data encryption. It applies a 56-bit key to each 64-bit block of data. AES - Advanced Encryption Standard is another method for data encryption that also uses a secret key. -
Page 102: Technical Reference
Chapter 8 System To change your NWA’s FTP settings, click System > FTP. The following screen displays. Figure 51 System > FTP The following table describes the labels in this screen. Table 32 System > FTP LABEL DESCRIPTION Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. -
Page 103: Supported Mibs
Chapter 8 System as number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects.SNMP itself is a simple request/response protocol based on the manager/agent model. The manager issues a request and the agent returns responses using the following protocol operations: •... -
Page 104: Checking The Fingerprint Of A Certificate On Your Computer
Chapter 8 System certification authorities. You can use the NWA to generate certification requests that contain identifying information and public keys and then send the certification requests to a certification authority. 8.9.5 Checking the Fingerprint of a Certificate on Your Computer A certificate’s fingerprints are message digests calculated using the MD5 or SHA1 algorithms. -
Page 105: Log Settings
H A PT ER Log Settings 9.1 Overview This chapter provides information on viewing and generating logs on your NWA. Logs are files that contain recorded network activity over a set period. They are used by administrators to monitor the health of the system(s) they are managing. Logs enable administrators to effectively monitor events, errors, progress, etc. -
Page 106: What You Need To Know
Chapter 9 Log Settings 9.3 What You Need To Know Alerts and Logs An alert is a type of log that warrants more serious attention. Some categories such as System Error consist of both logs and alerts. You can differentiate them by their color in the Monitor > Logs screen. - Page 107 Chapter 9 Log Settings To change your NWA’s log settings, click Configuration > Log Settings. The screen appears as shown. Figure 55 Log Settings The following table describes the labels in this screen. Table 33 Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
- Page 108 Chapter 9 Log Settings Table 33 Log Settings (continued) LABEL DESCRIPTION SMTP Authentication SMTP (Simple Mail Transfer Protocol) is the message-exchange standard for the Internet. Select the check box to activate SMTP authentication. If mail server authentication is needed but this feature is disabled, you will not receive the e-mail logs.
-
Page 109: Maintenance
HAPTER Maintenance 10.1 Overview This chapter describes the maintenance screens. It discusses how you can upload new firmware, manage configuration and restart your NWA without turning it off and on. This chapter provides information and instructions on how to identify and manage your NWA over the network. -
Page 110: What You Need To Know
Chapter 10 Maintenance 10.3 What You Need To Know You can find the firmware for your device at www.zyxel.com. It is a file that uses the system project code with a "*.bin" extension, for example "V100AAEO0.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. -
Page 111: Password Screen
Chapter 10 Maintenance 10.5 Password Screen Use this screen to control access to your NWA by assigning a password to it. Click Maintenance > Password. The following screen displays. Figure 58 Maintenance > Password The following table describes the labels in this screen. Table 35 Maintenance >... -
Page 112: Time Screen
Chapter 10 Maintenance 10.6 Time Screen Use this screen to change your NWA’s time and date, click Maintenance > Time. The following screen displays. Figure 59 Maintenance > Time The following table describes the labels in this screen. Table 36 Maintenance > Time LABEL DESCRIPTION Current Time and Date... -
Page 113: Firmware Upgrade Screen
Chapter 10 Maintenance Table 36 Maintenance > Time (continued) LABEL DESCRIPTION Time Zone Choose the time zone of your location. This will set the time difference between your time zone and Greenwich Mean Time (GMT). Adjust for Daylight Daylight saving is a period from late spring to early fall when many countries set Saving Time their clocks ahead of normal local time by one hour to give more daytime light in the evening. -
Page 114: Configuration File Screen
Chapter 10 Maintenance The following table describes the labels in this screen. Table 37 Maintenance > Firmware Upgrade LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse... to find Browse... -
Page 115: Backup Configuration
Chapter 10 Maintenance Click Maintenance > Configuration File. The screen appears as shown next. Figure 63 Maintenance > Configuration File 10.8.1 Backup Configuration Backup configuration allows you to back up (save) the NWA’s current configuration to a file on your computer. -
Page 116: Back To Factory Defaults
Chapter 10 Maintenance The NWA automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 64 Network Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default NWA IP address (192.168.1.2). -
Page 117: Troubleshooting
HAPTER Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • NWA Access and Login • Internet Access • Wireless LAN 11.1 Power, Hardware Connections, and LEDs The NWA does not turn on. -
Page 118: Nwa Access And Login
Chapter 11 Troubleshooting 11.2 NWA Access and Login I forgot the IP address for the NWA. The default IP address is 192.168.1.2. If the NWA is working as a DHCP client and receives an IP address from a DHCP server, check the DHCP server for the NWA’s IP address. -
Page 119: Internet Access
Chapter 11 Troubleshooting Advanced Suggestions • Try to access the NWA using another service, such as Telnet. If you can access the NWA, check the remote management settings to find out why the NWA does not respond to HTTP. • If your computer is connected wirelessly, use a computer that is connected to a LAN/Ethernet port. -
Page 120: Wireless Lan
Chapter 11 Troubleshooting I cannot access the Internet anymore. I had access to the Internet (with the NWA), but my Internet connection is not available anymore. Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.7 on page Reboot the NWA. - Page 121 Chapter 11 Troubleshooting Check that both the NWA and your wireless client are using the same wireless and wireless security settings. NWA1000 Series User’s Guide...
-
Page 122: Appendix A Setting Up Your Computer's Ip Address
PP EN D I X Setting Up Your Computer’s IP Address Note: Your specific NWA may not support all of the operating systems described in this appendix. See the product specifications for more information about which operating systems are supported. This appendix shows you how to configure the IP settings on your computer in order for it to be able to communicate with the other devices on your network. - Page 123 Appendix A Setting Up Your Computer’s IP Address Click Start > Control Panel. In the Control Panel, click the Network Connections icon. Right-click Local Area Connection and then select Properties. NWA1000 Series User’s Guide...
- Page 124 Appendix A Setting Up Your Computer’s IP Address On the General tab, select Internet Protocol (TCP/IP) and then click Properties. NWA1000 Series User’s Guide...
- Page 125 Appendix A Setting Up Your Computer’s IP Address The Internet Protocol TCP/IP Properties window opens. Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically. Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP.
- Page 126 Appendix A Setting Up Your Computer’s IP Address Windows Vista This section shows screens from Windows Vista Professional. Click Start > Control Panel. In the Control Panel, click the Network and Internet icon. Click the Network and Sharing Center icon. NWA1000 Series User’s Guide...
- Page 127 Appendix A Setting Up Your Computer’s IP Address Click Manage network connections. Right-click Local Area Connection and then select Properties. Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. NWA1000 Series User’s Guide...
- Page 128 Appendix A Setting Up Your Computer’s IP Address Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties. NWA1000 Series User’s Guide...
- Page 129 Appendix A Setting Up Your Computer’s IP Address The Internet Protocol Version 4 (TCP/IPv4) Properties window opens. Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically. Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP.
- Page 130 Appendix A Setting Up Your Computer’s IP Address Windows 7 This section shows screens from Windows 7 Enterprise. Click Start > Control Panel. In the Control Panel, click View network status and tasks under the Network and Internet category. Click Change adapter settings. NWA1000 Series User’s Guide...
- Page 131 Appendix A Setting Up Your Computer’s IP Address Double click Local Area Connection and then select Properties. Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. NWA1000 Series User’s Guide...
- Page 132 Appendix A Setting Up Your Computer’s IP Address Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties. NWA1000 Series User’s Guide...
- Page 133 Appendix A Setting Up Your Computer’s IP Address The Internet Protocol Version 4 (TCP/IPv4) Properties window opens. Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically. Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP.
- Page 134 Appendix A Setting Up Your Computer’s IP Address The IP settings are displayed as follows. Mac OS X: 10.3 and 10.4 The screens in this section are from Mac OS X 10.4 but can also apply to 10.3. Click Apple > System Preferences. NWA1000 Series User’s Guide...
- Page 135 Appendix A Setting Up Your Computer’s IP Address In the System Preferences window, click the Network icon. When the Network preferences pane opens, select Built-in Ethernet from the network connection type list, and then click Configure. NWA1000 Series User’s Guide...
- Page 136 Appendix A Setting Up Your Computer’s IP Address For dynamically assigned settings, select Using DHCP from the Configure IPv4 list in the TCP/IP tab. For statically assigned settings, do the following: • From the Configure IPv4 list, select Manually. • In the IP Address field, type your IP address. •...
- Page 137 Appendix A Setting Up Your Computer’s IP Address Verifying Settings Check your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then selecting the appropriate Network Interface from the Info tab. Figure 67 Mac OS X 10.4: Network Utility Mac OS X: 10.5 and 10.6 The screens in this section are from Mac OS X 10.5 but can also apply to 10.6.
- Page 138 Appendix A Setting Up Your Computer’s IP Address In System Preferences, click the Network icon. When the Network preferences pane opens, select Ethernet from the list of available connection types. From the Configure list, select Using DHCP for dynamically assigned settings. For statically assigned settings, do the following: NWA1000 Series User’s Guide...
- Page 139 Appendix A Setting Up Your Computer’s IP Address • From the Configure list, select Manually. • In the IP Address field, enter your IP address. • In the Subnet Mask field, enter your subnet mask. • In the Router field, enter the IP address of your NWA. Click Apply and close the window.
- Page 140 Appendix A Setting Up Your Computer’s IP Address Verifying Settings Check your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then selecting the appropriate Network interface from the Info tab. Figure 68 Mac OS X 10.5: Network Utility Linux: Ubuntu 8 (GNOME) This section shows you how to configure your computer’s TCP/IP settings in the GNU Object Model Environment (GNOME) using the Ubuntu 8 Linux distribution.
- Page 141 Appendix A Setting Up Your Computer’s IP Address When the Network Settings window opens, click Unlock to open the Authenticate window. (By default, the Unlock button is greyed out until clicked.) You cannot make changes to your configuration unless you first enter your admin password. In the Authenticate window, enter your admin account name and password then click the Authenticate button.
- Page 142 Appendix A Setting Up Your Computer’s IP Address In the Network Settings window, select the connection that you want to configure, then click Properties. The Properties dialog box opens. • In the Configuration list, select Automatic Configuration (DHCP) if you have a dynamic IP address.
- Page 143 Appendix A Setting Up Your Computer’s IP Address If you know your DNS server IP address(es), click the DNS tab in the Network Settings window and then enter the DNS server information in the fields provided. Click the Close button to apply the changes. NWA1000 Series User’s Guide...
- Page 144 Appendix A Setting Up Your Computer’s IP Address Verifying Settings Check your TCP/IP properties by clicking System > Administration > Network Tools, and then selecting the appropriate Network device from the Devices tab. The Interface Statistics column shows data if your connection is working properly. Figure 69 Ubuntu 8: Network Tools Linux: openSUSE 10.3 (KDE) This section shows you how to configure your computer’s TCP/IP settings in the K Desktop...
- Page 145 Appendix A Setting Up Your Computer’s IP Address Click K Menu > Computer > Administrator Settings (YaST). When the Run as Root - KDE su dialog opens, enter the admin password and click OK. NWA1000 Series User’s Guide...
- Page 146 Appendix A Setting Up Your Computer’s IP Address When the YaST Control Center window opens, select Network Devices and then click the Network Card icon. When the Network Settings window opens, click the Overview tab, select the appropriate connection Name from the list, and then click the Configure button. NWA1000 Series User’s Guide...
- Page 147 Appendix A Setting Up Your Computer’s IP Address When the Network Card Setup window opens, click the Address tab Figure 70 openSUSE 10.3: Network Card Setup Select Dynamic Address (DHCP) if you have a dynamic IP address. Select Statically assigned IP Address if you have a static IP address. Fill in the IP address, Subnet mask, and Hostname fields.
- Page 148 Appendix A Setting Up Your Computer’s IP Address If you know your DNS server IP address(es), click the Hostname/DNS tab in Network Settings and then enter the DNS server information in the fields provided. Click Finish to save your settings and close the window. Verifying Settings Click the KNetwork Manager icon on the Task bar to check your TCP/IP properties.
- Page 149 Appendix A Setting Up Your Computer’s IP Address When the Connection Status - KNetwork Manager window opens, click the Statistics tab to see if your connection is working properly. Figure 72 openSUSE: Connection Status - KNetwork Manager NWA1000 Series User’s Guide...
-
Page 150: Appendix B Pop-Up Windows, Javascript And Java Permissions
PP EN D I X Pop-up Windows, JavaScript and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScript (enabled by default). • Java permissions (enabled by default). Note: The screens used below belong to Internet Explorer version 6, 7 and 8. - Page 151 Appendix B Pop-up Windows, JavaScript and Java Permissions Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 74 Internet Options: Privacy Click Apply to save this setting. Enable Pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps.
- Page 152 Appendix B Pop-up Windows, JavaScript and Java Permissions Select Settings…to open the Pop-up Blocker Settings screen. Figure 75 Internet Options: Privacy Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”.
- Page 153 Appendix B Pop-up Windows, JavaScript and Java Permissions Click Add to move the IP address to the list of Allowed sites. Figure 76 Pop-up Blocker Settings Click Close to return to the Privacy screen. Click Apply to save this setting. JavaScript If pages of the web configurator do not display properly in Internet Explorer, check that JavaScript are allowed.
- Page 154 Appendix B Pop-up Windows, JavaScript and Java Permissions In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 77 Internet Options: Security Click the Custom Level... button. Scroll down to Scripting. Under Active scripting make sure that Enable is selected (the default). Under Scripting of Java applets make sure that Enable is selected (the default).
- Page 155 Appendix B Pop-up Windows, JavaScript and Java Permissions Click OK to close the window. Figure 78 Security Settings - Java Scripting Java Permissions From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM.
- Page 156 Appendix B Pop-up Windows, JavaScript and Java Permissions Click OK to close the window. Figure 79 Security Settings - Java JAVA (Sun) From Internet Explorer, click Tools, Internet Options and then the Advanced tab. Make sure that Use Java 2 for <applet> under Java (Sun) is selected. NWA1000 Series User’s Guide...
- Page 157 Appendix B Pop-up Windows, JavaScript and Java Permissions Click OK to close the window. Figure 80 Java (Sun) Mozilla Firefox Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary slightly. The steps below apply to Mozilla Firefox 3.0 as well. You can enable Java, Javascript and pop-ups in one screen.
- Page 158 Appendix B Pop-up Windows, JavaScript and Java Permissions Click Content to show the screen below. Select the check boxes as shown in the following screen. Figure 82 Mozilla Firefox Content Security Opera Opera 10 screens are used here. Screens for other versions may vary slightly. NWA1000 Series User’s Guide...
- Page 159 Appendix B Pop-up Windows, JavaScript and Java Permissions Allowing Pop-Ups From Opera, click Tools, then Preferences. In the General tab, go to Choose how you prefer to handle pop-ups and select Open all pop-ups. Figure 83 Opera: Allowing Pop-Ups Enabling Java From Opera, click Tools, then Preferences.
- Page 160 Appendix B Pop-up Windows, JavaScript and Java Permissions To customize JavaScript behavior in the Opera browser, click JavaScript Options. Figure 85 Opera: JavaScript Options Select the items you want Opera’s JavaScript to apply. NWA1000 Series User’s Guide...
-
Page 161: Appendix C Ip Addresses And Subnetting
PP EN D I X IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. - Page 162 Appendix C IP Addresses and Subnetting The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. Figure 86 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask.
- Page 163 Appendix C IP Addresses and Subnetting Subnet masks can be referred to by the size of the network number part (the bits with a “1” value). For example, an “8-bit mask” means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes.
- Page 164 Appendix C IP Addresses and Subnetting The following table shows some possible subnet masks using both notations. Table 42 Alternative Subnet Mask Notation ALTERNATIVE LAST OCTET LAST OCTET SUBNET MASK NOTATION (BINARY) (DECIMAL) 255.255.255.0 0000 0000 255.255.255.128 1000 0000 255.255.255.192 1100 0000 255.255.255.224 1110 0000...
- Page 165 Appendix C IP Addresses and Subnetting The following figure shows the company network after subnetting. There are now two sub- networks, A and B. Figure 88 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 2 –...
- Page 166 Appendix C IP Addresses and Subnetting Table 43 Subnet 1 (continued) LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE Subnet Address: Lowest Host ID: 192.168.1.1 192.168.1.0 Broadcast Address: Highest Host ID: 192.168.1.62 192.168.1.63 Table 44 Subnet 2 LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE...
- Page 167 Appendix C IP Addresses and Subnetting The following table shows IP address last octet values for each subnet. Table 47 Eight Subnets SUBNET LAST BROADCAST SUBNET FIRST ADDRESS ADDRESS ADDRESS ADDRESS Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 48 24-bit Network Number Subnet Planning NO.
- Page 168 Appendix C IP Addresses and Subnetting Table 49 16-bit Network Number Subnet Planning (continued) NO. “BORROWED” NO. HOSTS PER SUBNET MASK NO. SUBNETS HOST BITS SUBNET 255.255.255.248 (/29) 8192 255.255.255.252 (/30) 16384 255.255.255.254 (/31) 32768 Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
-
Page 169: Appendix D Ipv6
PP EN D I X IPv6 Overview IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 10 addresses. -
Page 170: Global Address
Appendix D IPv6 Global Address A global address uniquely identifies a device on the Internet. It is similar to a “public IP address” in IPv4. A global unicast address starts with a 2 or 3. Unspecified Address An unspecified address (0:0:0:0:0:0:0:0 or ::) is used as the source address when a device does not have its own address. - Page 171 Appendix D IPv6 Table 52 Reserved Multicast Address (continued) MULTICAST ADDRESS FF0A:0:0:0:0:0:0:0 FF0B:0:0:0:0:0:0:0 FF0C:0:0:0:0:0:0:0 FF0D:0:0:0:0:0:0:0 FF0E:0:0:0:0:0:0:0 FF0F:0:0:0:0:0:0:0 Subnet Masking Both an IPv6 address and IPv6 subnet mask compose of 128-bit binary digits, which are divided into eight 16-bit blocks and written in hexadecimal notation. Hexadecimal uses four bits for each character (1 ~ 10, A ~ F).
- Page 172 Appendix D IPv6 combines its interface ID and global and subnet information advertised from the router. This is a routable global IP address. DHCPv6 The Dynamic Host Configuration Protocol for IPv6 (DHCPv6, RFC 3315) is a server-client protocol that allows a DHCP server to assign and pass IPv6 network addresses, prefixes and other configuration information to DHCP clients.
- Page 173 Appendix D IPv6 such as the system name. The interface-ID option provides slot number, port information and the VLAN ID to the DHCPv6 server. The remote-ID option (if any) is stripped from the Relay-Reply messages before the relay agent sends the packets to the clients. The DHCP server copies the interface-ID option from the Relay-Forward message into the Relay-Reply message and sends it to the relay agent.
- Page 174 Appendix D IPv6 determine whether the destination address is on-link and can be reached directly without passing through a router. If the address is onlink, the address is considered as the next hop. Otherwise, the NWA determines the next-hop from the default router list or routing table. Once the next hop IP address is known, the NWA looks into the neighbor cache to get the link-layer address and sends the packet when the neighbor is reachable.
- Page 175 Appendix D IPv6 Example - Enabling IPv6 on Windows XP/2003/Vista By default, Windows XP and Windows 2003 support IPv6. This example shows you how to use the ipv6 install command on Windows XP/2003 to enable IPv6. This also displays how to use the ipconfig command to see auto-generated IP addresses.
- Page 176 Appendix D IPv6 Click Start and then OK. Now your computer can obtain an IPv6 address from a DHCPv6 server. Example - Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default. DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer.
- Page 177 Appendix D IPv6 Click Close to exit the Local Area Connection Status screen. Select Start > All Programs > Accessories > Command Prompt. Use the ipconfig command to check your dynamic IPv6 address. This example shows a global address (2001:b021:2d::1000) obtained from a DHCP server. C:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection:...
-
Page 178: Appendix E Wireless Lans
PP EN D I X Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS). - Page 179 Appendix E Wireless LANs disabled, wireless client A and B can still access the wired network but cannot communicate with each other. Figure 90 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network.
- Page 180 Appendix E Wireless LANs An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless clients within the same ESS must have the same ESSID in order to communicate. Figure 91 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by wireless devices to transmit and receive data. Channels available depend on your geographical area.
- Page 181 Appendix E Wireless LANs cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other. RTS/CTS Figure 92 When station A sends data to the AP, it might not know that the station B is already using the channel.
- Page 182 Appendix E Wireless LANs Use short preamble if you are sure all wireless devices on the network support it, and to provide more efficient communications. Use the dynamic setting to automatically use short preamble when all wireless devices on the network support it, otherwise the NWA uses long preamble.
- Page 183 Appendix E Wireless LANs The following figure shows the relative effectiveness of these wireless security methods available on your NWA. Table 56 Wireless Security Levels SECURITY SECURITY TYPE LEVEL Least Unique SSID (Default) Secure Unique SSID with Hide SSID Enabled MAC Address Filtering WEP Encryption IEEE802.1x EAP with RADIUS Server Authentication...
- Page 184 Appendix E Wireless LANs Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication: • Access-Request Sent by an access point requesting authentication. • Access-Reject Sent by a RADIUS server rejecting access. •...
- Page 185 Appendix E Wireless LANs encrypting the password with the challenge and sends back the information. Password is not sent in plain text. However, MD5 authentication has some weaknesses. Since the authentication server needs to get the plaintext passwords, the passwords must be stored. Thus someone other than the authentication server may access the password file.
- Page 186 Appendix E Wireless LANs For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, a simple user name and password pair is more practical. The following table is a comparison of the features of authentication types.
- Page 187 Appendix E Wireless LANs The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has been tampered with and the packet is dropped.
- Page 188 Appendix E Wireless LANs The RADIUS server distributes the PMK to the AP. The AP then sets up a key hierarchy and management system, using the PMK to dynamically generate unique data encryption keys. The keys are used to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients.
-
Page 189: Security Parameters Summary
Appendix E Wireless LANs The AP and wireless clients use the TKIP or AES encryption process, the PMK and information exchanged in a handshake to create temporal encryption keys. They use these keys to encrypt data exchanged between them. Figure 94 WPA2-PSK Authentication Security Parameters Summary Refer to this table to see what other security parameters you should configure for each authentication method or key management protocol type. - Page 190 Appendix E Wireless LANs Positioning the antennas properly increases the range and coverage area of a wireless LAN. Antenna Characteristics Frequency An antenna in the frequency of 2.4GHz or 5GHz is needed to communicate efficiently in a wireless Radiation Pattern A radiation pattern is a diagram that allows you to visualize the shape of the antenna’s coverage area.
- Page 191 Appendix E Wireless LANs For directional antennas, point the antenna in the direction of the desired coverage area. NWA1000 Series User’s Guide...
-
Page 192: Appendix F Customer Support
• Brief description of the problem and the steps you took to solve it. Corporate Headquarters (Worldwide) Taiwan • ZyXEL Communications Corporation • http://www.zyxel.com Asia China • ZyXEL Communications (Shanghai) Corp. ZyXEL Communications (Beijing) Corp. ZyXEL Communications (Tianjin) Corp. • http://www.zyxel.cn India • ZyXEL Technology India Pvt Ltd • http://www.zyxel.in Kazakhstan •... - Page 193 • ZyXEL Singapore Pte Ltd. • http://www.zyxel.com.sg Taiwan • ZyXEL Communications Corporation • http://www.zyxel.com Thailand • ZyXEL Thailand Co., Ltd • http://www.zyxel.co.th Vietnam • ZyXEL Communications Corporation-Vietnam Office • http://www.zyxel.com/vn/vi Europe Austria • ZyXEL Deutschland GmbH • http://www.zyxel.de Belarus • ZyXEL BY • http://www.zyxel.by...
- Page 194 Appendix F Customer Support Belgium • ZyXEL Communications B.V. • http://www.zyxel.com/be/nl/ Bulgaria • ZyXEL България • http://www.zyxel.com/bg/bg/ Czech • ZyXEL Communications Czech s.r.o • http://www.zyxel.cz Denmark • ZyXEL Communications A/S • http://www.zyxel.dk Estonia • ZyXEL Estonia • http://www.zyxel.com/ee/et/ Finland • ZyXEL Communications •...
- Page 195 • ZyXEL Communications Poland • http://www.zyxel.pl Romania • ZyXEL Romania • http://www.zyxel.com/ro/ro Russia • ZyXEL Russia • http://www.zyxel.ru Slovakia • ZyXEL Communications Czech s.r.o. organizacna zlozka • http://www.zyxel.sk Spain • ZyXEL Spain • http://www.zyxel.es Sweden • ZyXEL Communications • http://www.zyxel.se Switzerland •...
- Page 196 Ecuador • ZyXEL Communication Corporation • http://www.zyxel.com/ec/es/ Middle East Egypt • ZyXEL Communication Corporation • http://www.zyxel.com/homepage.shtml Middle East • ZyXEL Communication Corporation • http://www.zyxel.com/homepage.shtml North America • ZyXEL Communications, Inc. - North America Headquarters • http://www.us.zyxel.com/ NWA1000 Series User’s Guide...
- Page 197 Appendix F Customer Support Oceania Australia • ZyXEL Communications Corporation • http://www.zyxel.com/au/en/ Africa South Africa • Nology (Pty) Ltd. • http://www.zyxel.co.za NWA1000 Series User’s Guide...
-
Page 198: Appendix G Legal Information
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. - Page 199 Appendix G Legal Information IC Radiation Exposure Statement This equipment complies with IC radiation exposure limits set forth for an uncontrolled environment. End users must follow the specific operating instructions for satisfying RF exposure compliance. 注意 ! 依據 低功率電波輻射性電機管理辦法 第十二條 經型式認證合格之低功率射頻電機,非經許可,公司、商號或使用 者均不得擅自變更頻率、加大功率或變更原設計之特性及功能。...
-
Page 200: Regulatory Information
Appendix G Legal Information Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com. Open Source Licenses This product contains in part some free software distributed under GPL license terms and/or GPL like licenses. Open source licenses are provided with the firmware package. - Page 201 Appendix G Legal Information [Norwegian] Erklærer herved ZyXEL at dette utstyret er I samsvar med de grunnleggende kravene og andre relevante bestemmelser I direktiv 1999/5/EF. [Romanian] Prin prezenta, ZyXEL declară că acest echipament este în conformitate cu cerinţele esenţiale şi alte prevederi relevante ale Directivei 1999/5/EC.
-
Page 202: Safety Warnings
Appendix G Legal Information List of national codes COUNTRY ISO 3166 2 LETTER CODE COUNTRY ISO 3166 2 LETTER CODE Austria Malta Belgium Netherlands Cyprus Poland Czech Republic Portugal Denmark Slovakia Estonia Slovenia Finland Spain France Sweden Germany United Kingdom Greece Iceland Hungary... - Page 203 Appendix G Legal Information Environmental Product Declaration NWA1000 Series User’s Guide...
-
Page 204: Index
Index Index authentication file format Certificate Authority access privileges See CA. Accounting Server Certificates Advanced Encryption Standard Fingerprint See AES. public key Alerts SHA1 Alternative subnet mask notation Certification Authority Antenna certifications antenna notices directional viewing gain Channel omni-directional channel AP (access point) interference Applications... - Page 205 Index EAP Authentication initialization vector (IV) Encryption Internet Assigned Numbers Authority 55, 74 See IANA encryption 13, 186 Internet Explorer 52, 179 Internet Protocol version 6, see IPv6 Ethernet device Internet telephony Extended Service Set IP Address Extended Service Set, See ESS Gateway IP address Extensible Authentication Protocol IP Screen...
- Page 206 Index Lightweight Extensible Authentication Protocol Log Screens Operating Mode Logs other documentation accessing logs Output Power Management 59, 63, 65, 68 receiving logs via e-mail Logs Screen Mail Server Mail Subject Send Log to Pairwise Master Key (PMK) Syslog 186, 188 Passphrase Logs, Uses of Password...
- Page 207 Index Accounting Server FCS Error Count Accounting Server IP Address Firmware Version Interface Status RADIUS server Poll Interval Backup Retry Count Primary Statistics Rates Configuration 59, 63, 65, 69 system statistics registration WLAN product Subnet related documentation Subnet Mask 87, 162 Remote Authentication Dial In User Service subnetting remote management...
- Page 208 Index Bridge Mode Channel User Authentication Intra-BSS Traffic Operating Mode Preamble Roaming RTS/CTS Threshold Virtual Local Area Network SSID VLAN Wireless Client Mode introduction Wireless Mode VoIP 11, 72 WMM QoS WLAN interference security parameters warranty WMM QoS note WPA2 54, 186 key caching pre-authentication...
Need help?
Do you have a question about the 100-NH and is the answer not in the manual?
Questions and answers