802.11a/g/n wireless lan managed access point and 802.11a/b/g/n dual-radio managed access point and 802.11a/b/g/n dual-radio outdoor managed access point (27 pages)
Page 2
IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. This is a User’s Guide for a series of products. Not all products support all firmware features. Screenshots and graphics in this book may differ slightly from your product due to differences in your product firmware or your computer operating system.
Table of Contents Table of Contents Contents Overview ..........................3 Table of Contents ..........................4 Part I: User’s Guide ..................10 Chapter 1 Introduction............................11 1.1 Overview ............................11 1.1.1 Management Mode ........................12 1.1.2 MBSSID ...........................12 1.1.3 Dual-Radio ..........................13 1.1.4 Root AP ...........................14 1.1.5 Repeater ..........................15 1.2 Ways to Manage the NWA ........................16 1.3 Good Habits for Managing the NWA ....................16...
Page 5
Table of Contents 3.2 Dashboard ............................31 3.2.1 CPU Usage ..........................34 3.2.2 Memory Usage ........................34 Chapter 4 Monitor..............................36 4.1 Overview ............................36 4.1.1 What You Can Do in this Chapter ....................36 4.2 What You Need to Know ........................36 4.3 Network Status ..........................37 4.3.1 Network Status Graph ......................38 4.4 Radio List ............................39 4.4.1 AP Mode Radio Information ....................40...
Page 6
Table of Contents 7.4 Load Balancing ..........................62 7.4.1 Disassociating and Delaying Connections ................63 7.5 DCS ..............................64 7.6 Technical Reference ..........................66 Chapter 8 User..............................69 8.1 Overview ............................69 8.1.1 What You Can Do in this Chapter ....................69 8.1.2 What You Need To Know ......................69 8.2 User Summary ..........................70 8.2.1 Add/Edit User ..........................70 8.3 Setting ..............................72...
Page 7
Table of Contents 11.1.1 What You Can Do in this Chapter ..................98 11.2 WDS Profile .............................98 11.2.1 Add/Edit WDS Profile ......................99 Chapter 12 Certificates ............................100 12.1 Overview ............................100 12.1.1 What You Can Do in this Chapter ..................100 12.1.2 What You Need to Know ......................100 12.1.3 Verifying a Certificate ......................102 12.2 My Certificates ..........................103 12.2.1 Add My Certificates ......................104...
Page 8
Table of Contents 13.8.2 SNMP Traps ........................139 13.8.3 Configuring SNMP .......................139 13.8.4 Adding or Editing an SNMPv3 User Profile .................140 Chapter 14 Log and Report ..........................142 14.1 Overview ............................142 14.1.1 What You Can Do In this Chapter ..................142 14.2 Email Daily Report ........................142 14.3 Log Setting ...........................144 14.3.1 Log Setting ..........................144 14.3.2 Edit System Log Settings ....................146...
Page 9
Table of Contents Chapter 19 Troubleshooting..........................169 19.1 Overview ............................169 19.2 Power, Hardware Connections, and LED ..................169 19.3 NWA Access and Login ........................170 19.4 Internet Access ..........................171 19.5 Wireless Connections ........................172 19.6 Resetting the NWA ........................175 19.7 Getting More Troubleshooting Help ....................175 Appendix A Importing Certificates ....................176 Appendix B IPv6 ..........................189 Appendix C Customer Support ......................198...
Introduction 1.1 Overview This User’s Guide covers the following models: NWA5121-N, NWA5121-NI, and NWA5123-NI. Your NWA is a wireless AP (Access Point). It extends the range of your existing wired network without additional wiring, providing easy network access to mobile users.
Chapter 1 Introduction Your NWA is easy to install, configure and use. The embedded Web-based configurator enables simple, straightforward management and maintenance. See the Quick Start Guide for how to make hardware connections. 1.1.1 Management Mode An AP controller can use Control And Provisioning of Wireless Access Points (CAPWAP, see RFC 5415) to discover and configure multiple managed APs.
Chapter 1 Introduction Figure 1 Multiple BSSs 1.1.3 Dual-Radio The NWA5123-NI is equipped with dual wireless radios. This means you can configure two different wireless networks to operate simultaneously. Note: A different channel should be configured for each WLAN interface to reduce the effects of radio interference.
Chapter 1 Introduction Figure 2 Dual-Radio Application 1.1.4 Root AP In Root AP mode, the NWA (Z) can act as the root AP in a wireless network and also allow repeaters (X and Y) to extend the range of its wireless network at the same time. In the figure below, both clients A, B and C can access the wired network through the root AP.
Chapter 1 Introduction SSID to associate with the NWA in Root AP mode. A repeater must use the repeater SSID to connect to the NWA in Root AP mode. When the NWA is in Root AP mode, repeater security between the NWA and other repeater is independent of the security between the wireless clients and the AP or repeater.
Chapter 1 Introduction At the time of writing, repeater security is compatible with the NWA only. 1.2 Ways to Manage the NWA You can use the following ways to manage the NWA. Web Configurator The Web Configurator allows easy NWA setup and management using an Internet browser. This User’s Guide provides information about the Web Configurator.
Chapter 1 Introduction 1.5 LEDs The following are the LED descriptions for your NWA. Figure 5 LED Table 3 LED COLOR STATUS DESCRIPTION Amber There is system error and the NWA cannot boot up, or the NWA doesn’t have an Ethernet connection with the LAN. Flashing The NWA is starting up.
Page 18
Chapter 1 Introduction Always use Maintenance > Shutdown or the shutdown command before you turn off the NWA or remove the power. Not doing so can cause the firmware to become corrupt. Table 4 Starting and Stopping the NWA METHOD DESCRIPTION Turning on the power A cold start occurs when you turn on the power to the NWA.
H A PT ER The Web Configurator 2.1 Overview The NWA Web Configurator allows easy management using an Internet browser. In order to use the Web Configurator, you must: • Use Internet Explorer 7.0 and later versions, Mozilla Firefox 9.0 and later versions, Safari 4.0 and later versions, or Google Chrome 10.0 and later versions.
Chapter 2 The Web Configurator Click Login. If you logged in using the default user name and password, the Update Admin Info screen appears. Otherwise, the dashboard appears. The Update Admin Info screen appears every time you log in using the default user name and default password.
Chapter 2 The Web Configurator Figure 6 The Web Configurator’s Main Screen The Web Configurator’s main screen is divided into these parts: • A - Title Bar • B - Navigation Panel • C - Main Window 2.3.1 Title Bar The title bar provides some useful links that always appear over the screens below, regardless of how deep into the Web Configurator you navigate.
Page 22
Chapter 2 The Web Configurator Table 5 Title Bar: Web Configurator Icons (continued) LABEL DESCRIPTION Object Click this to open a screen where you can check which configuration items reference an Reference object. Click this to open a popup window that displays the CLI commands sent by the Web Configurator.
Page 23
Chapter 2 The Web Configurator Figure 9 Site Map Object Reference Click Object Reference to open the Object Reference screen. Select the type of object and the individual object and click Refresh to show which configuration settings reference the object. Figure 10 Object Reference NWA5120 Series User’s Guide...
Chapter 2 The Web Configurator The fields vary with the type of object. The following table describes labels that can appear in this screen. Table 7 Object References LABEL DESCRIPTION Object Name This identifies the object for which the configuration settings that use it are displayed. Click the object’s name to display the object’s configuration screen in the main window.
Page 25
Chapter 2 The Web Configurator Figure 12 Navigation Panel Dashboard The dashboard displays general device information, system status, system resource usage, and interface status in widgets that you can re-arrange to suit your needs. For details on the Dashboard’s features, see Chapter 3 on page Monitor Menu The monitor menu screens display status and statistics information.
Page 26
Chapter 2 The Web Configurator Table 9 Configuration Menu Screens Summary (continued) FOLDER OR LINK FUNCTION AP Management WLAN Setting Edit wireless AP information, remove APs, and reboot them. MON Mode Rogue/Friendly AP Configure how the NWA monitors for rogue APs. List Load Balancing Configure load balancing for traffic moving to and from wireless...
Chapter 2 The Web Configurator Table 10 Maintenance Menu Screens Summary (continued) FOLDER OR LINK FUNCTION Reboot Restart the NWA. Shutdown Turn off the NWA. 2.3.3 Warning Messages Warning messages, such as those resulting from misconfiguration, display in a popup window. Figure 13 Warning Message 2.3.4 Tables and Lists The Web Configurator tables and lists are quite flexible and provide several options for how to...
Page 28
Chapter 2 The Web Configurator • Filter by mathematical operators (<, >, or =) or searching for text. Select a column heading cell’s right border and drag to re-size the column. Select a column heading and drag and drop it to change the column order. A green check mark displays next to the column’s title when you drag the column to a valid new location.
Page 29
Chapter 2 The Web Configurator 2.3.4.2 Working with Table Entries The tables have icons for working with table entries. A sample is shown next. You can often use the [Shift] or [Ctrl] key to select multiple entries to remove, activate, or deactivate. Table 11 Common Table Icons Here are descriptions for the most common table icons.
H A PT ER Dashboard 3.1 Overview Use the Dashboard screens to check status information about the NWA. 3.1.1 What You Can Do in this Chapter • The main Dashboard screen (Section 3.2 on page 31) displays the NWA’s general device information, system status, system resource usage, and interface status.
Page 32
Chapter 3 Dashboard The following table describes the labels in this screen. Table 13 Dashboard LABEL DESCRIPTION Widget Settings (A) Use this link to re-open closed widgets. Widgets that are already open appear grayed out. Up Arrow (B) Click this to collapse a widget. Refresh Time Set the interval for refreshing the information displayed in the widget.
Page 33
Chapter 3 Dashboard Table 13 Dashboard (continued) LABEL DESCRIPTION Boot Status This field displays details about the NWA’s startup state. OK - The NWA started up successfully. Firmware update OK - A firmware update was successful. Problematic configuration after firmware update - The application of the configuration failed after a firmware upgrade.
Chapter 3 Dashboard Table 13 Dashboard (continued) LABEL DESCRIPTION Band This indicates the wireless frequency band currently being used by the radio. This shows - when the radio is in monitor mode. OP Mode This indicates the radio’s operating mode. Operating modes are AP (MBSSID), MON (monitor), Root AP or Repeater.
Page 35
Chapter 3 Dashboard Figure 17 Dashboard > Memory Usage The following table describes the labels in this screen. Table 15 Dashboard > Memory Usage LABEL DESCRIPTION The y-axis represents the percentage of RAM usage. The x-axis shows the time period over which the RAM usage occurred Refresh Interval Enter how often you want this window to be automatically updated.
H A PT ER Monitor 4.1 Overview Use the Monitor screens to check status and statistics information. 4.1.1 What You Can Do in this Chapter • The Network Status screen (Section 4.3 on page 37) displays general LAN interface information and packet statistics.
Chapter 4 Monitor 4.3 Network Status Use this screen to look at general Ethernet interface information and packet statistics. To access this screen, click Monitor > Network Status. Figure 18 Monitor > Network Status The following table describes the labels in this screen. Table 16 Monitor >...
Chapter 4 Monitor Table 16 Monitor > Network Status (continued) LABEL DESCRIPTION Action Use this field to get or to update the IP address for the interface. Click Renew to send a new DHCP request to a DHCP server. If the interface cannot use one of these ways to get or to update its IP address, this field displays n/a.
Chapter 4 Monitor Figure 19 Monitor > Network Status > Switch to Graphic View The following table describes the labels in this screen. Table 17 Monitor > Network Status > Switch to Graphic View LABEL DESCRIPTION Refresh Interval Enter how often you want this window to be automatically updated. Refresh Now Click this to update the information in the window right away.
Chapter 4 Monitor Figure 20 Monitor > Wireless > AP Information > Radio List The following table describes the labels in this screen. Table 18 Monitor > Wireless > AP Information > Radio List LABEL DESCRIPTION More Click this to view additional information about the selected radio’s wireless traffic and Information station count.
Page 41
Chapter 4 Monitor Figure 21 Monitor > Wireless > AP Information > Radio List > More Information NWA5120 Series User’s Guide...
Chapter 4 Monitor The following table describes the labels in this screen. Table 19 Monitor > Wireless > AP Information > Radio List > More Information LABEL DESCRIPTION SSID Detail This list shows information about all the wireless clients that have connected to the specified radio over the preceding 24 hours.
Chapter 4 Monitor The following table describes the labels in this screen. Table 20 Monitor > Wireless > Station Info LABEL DESCRIPTION This is the station’s index number in this list. MAC Address This is the station’s MAC address. Radio This is the radio number on the NWA to which the station is connected.
Chapter 4 Monitor The following table describes the labels in this screen. Table 21 Monitor > Wireless > WDS Link Info LABEL DESCRIPTION WDS Uplink Info Uplink refers to the WDS link from the repeaters to the root AP. WDS Downlink Downlink refers to the WDS link from the root AP to the repeaters.
Chapter 4 Monitor Figure 24 Monitor > Wireless > Detected Device The following table describes the labels in this screen. Table 22 Monitor > Wireless > Detected Device LABEL DESCRIPTION Mark as Rogue Click this button to mark the selected AP as a rogue AP. A rogue AP can be contained in the Configuration >...
Page 46
Chapter 4 Monitor To access this screen, click Monitor > Log. The log is displayed in the following screen. Note: When a log reaches the maximum number of log messages, new log messages automatically overwrite existing log messages, starting with the oldest existing log message first.
Page 47
Chapter 4 Monitor The following table describes the labels in this screen. Table 23 Monitor > Log > View Log LABEL DESCRIPTION Show Filter / Click this button to show or hide the filter settings. Hide Filter If the filter settings are hidden, the Display, Email Log Now, Refresh, and Clear Log fields are available.
Page 48
Chapter 4 Monitor The Web Configurator saves the filter settings if you leave the View Log screen and return to it later. NWA5120 Series User’s Guide...
H A PT ER Management Mode 5.1 Overview This chapter discusses using the NWA in management mode, which determines whether the NWA is used in its default standalone mode, or as part of a Control And Provisioning of Wireless Access Points (CAPWAP) network.
Chapter 5 Management Mode An AP in managed AP mode joins a wired network (receives a dynamic IP address). The AP sends out a discovery request, looking for a CAPWAP AP controller. If there is an AP controller on the network, it receives the discovery request. If the AP controller is in Manual mode it adds the details of the AP to its Unmanaged Access Points list, and you decide which available APs to manage.
Chapter 5 Management Mode Figure 27 CAPWAP and DHCP Option 138 5.2.4 Notes on CAPWAP This section lists some additional features of ZyXEL’s implementation of the CAPWAP protocol. • When the AP controller uses its internal Remote Authentication Dial In User Service (RADIUS) server, managed APs also use the AP controller’s authentication server to authenticate wireless clients.
Page 52
Chapter 5 Management Mode Figure 28 Configuration > MGNT Mode Each field is described in the following table. Table 24 Configuration > MGNT Mode LABEL DESCRIPTION Standalone AP Select this to manage the NWA using its own web configurator, neither managing nor managed by other devices.
H A PT ER Network 6.1 Overview This chapter describes how you can configure the management IP address and VLAN settings of your NWA. The Internet Protocol (IP) address identifies a device on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network.
Page 54
Chapter 6 Network Figure 30 Configuration > Network > IP Setting Each field is described in the following table. Table 25 Configuration > Network > IP Setting LABEL DESCRIPTION IP Address Assignment Select this to make the interface a DHCP client and automatically get the IP address, Automatically subnet mask, and gateway address from a DHCP server.
Chapter 6 Network Table 25 Configuration > Network > IP Setting (continued) LABEL DESCRIPTION Link-Local This displays the IPv6 link-local address and the network prefix that the NWA generates Address itself for the LAN interface. IPv6 Address/ Enter the IPv6 address and the prefix length for the LAN interface if you want to use a Prefix Length static IP address.
Page 56
Chapter 6 Network A Virtual Local Area Network (VLAN) allows a physical network to be partitioned into multiple logical networks. Devices on a logical network belong to one group. A device can belong to more than one group. With VLAN, a device cannot directly talk to or hear from devices that are not in the same group(s);...
H A PT ER Wireless 7.1 Overview This chapter discusses how to configure the wireless network settings in your NWA. The following figure provides an example of a wireless network. Figure 33 Example of a Wireless Network The wireless network is the part in the blue circle. In this wireless network, devices A and B are called wireless clients.
Chapter 7 Wireless 7.1.2 What You Need to Know The following terms and concepts may help as you read this chapter. Station / Wireless Client A station or wireless client is any wireless-capable device that can connect to an AP using a wireless signal.
Page 59
Chapter 7 Wireless Each field is described in the following table. Table 27 Configuration > Wireless > AP Management LABEL DESCRIPTION Model This field displays the NWA’s model name. Radio 1 Activate Select the check box to enable the NWA’s first (default) radio. Radio 1 OP Mode Select the operating mode for radio 1.
Chapter 7 Wireless Table 27 Configuration > Wireless > AP Management (continued) LABEL DESCRIPTION Radio 2 WDS Profile This field is available only when the radio is in Root AP or Repeater mode. Select the WDS profile the radio uses to connect to a root AP or repeater. Uplink Selection This field is available only when the radio is in Repeater mode.
Chapter 7 Wireless Each field is described in the following table. Table 28 Configuration > Wireless > MON Mode LABEL DESCRIPTION Rogue/Friendly AP List Click this button to add an AP to the list and assign it either friendly or rogue status.
Chapter 7 Wireless Table 29 Configuration > Wireless > MON Mode > Add/Edit Rogue/Friendly AP List (continued) LABEL DESCRIPTION Role Select either Rogue AP or Friendly AP for the AP’s role. Click OK to save your changes back to the NWA. Cancel Click Cancel to close the window with changes unsaved.
Chapter 7 Wireless Table 30 Configuration > Wireless > Load Balancing (continued) LABEL DESCRIPTION Disassociate Select this option to disassociate wireless clients connected to the AP when it becomes station when overloaded. If you do not enable this option, then the AP simply delays the connection overloaded until it can afford the bandwidth it requires, or it transfers the connection to another AP within its broadcast radius.
Chapter 7 Wireless Figure 39 Kicking a Connection Connections are kicked based on either idle timeout or signal strength. The NWA first looks to see which devices have been idle the longest, then starts kicking them in order of highest idle time. If no connections are idle, the next criteria the NWA analyzes is signal strength.
Page 65
Chapter 7 Wireless Figure 40 Configuration > Wireless > DCS Each field is described in the following table. Table 31 Configuration > Wireless > DCS LABEL DESCRIPTION Select Now Click this to have the NWA scan for and select an available channel immediately. Enable Dynamic Select this to have the NWA automatically select the radio channel upon which it Channel Selection...
Chapter 7 Wireless Table 31 Configuration > Wireless > DCS (continued) LABEL DESCRIPTION 2.4 GHz Channel Select how you want to specify the channels the NWA switches between for 2.4 GHz Selection Method operation. Select auto to have the NWA display a 2.4 GHz Channel Deployment field you can use to limit channel switching to 3 or 4 channels.
Page 67
Chapter 7 Wireless In the 2.4 GHz spectrum, each channel from 1 to 13 is broken up into discrete 22 MHz segments that are spaced 5 MHz apart. Channel 1 is centered on 2.412 GHz while channel 13 is centered on 2.472 GHz.
Page 68
Chapter 7 Wireless Load Balancing Because there is a hard upper limit on an AP’s wireless bandwidth, load balancing can be crucial in areas crowded with wireless users. Rather than let every user connect and subsequently dilute the available bandwidth to the point where each connecting device receives a meager trickle, the load balanced AP instead limits the incoming connections as a means to maintain bandwidth integrity.
H A PT ER User 8.1 Overview This chapter describes how to set up user accounts and user settings for the NWA. 8.1.1 What You Can Do in this Chapter • The User screen (see Section 8.2 on page 70) provides a summary of all user accounts. •...
Chapter 8 User 8.2 User Summary The User screen provides a summary of all user accounts. To access this screen click Configuration > Object > User. Figure 44 Configuration > Object > User The following table describes the labels in this screen. Table 33 Configuration >...
Page 71
Chapter 8 User • Alphanumeric A-z 0-9 (there is no unicode support) • _ [underscores] • - [dashes] The first character must be alphabetical (A-Z a-z), an underscore (_), or a dash (-). Other limitations on user names are: • User names are case-sensitive. If you enter a user 'bob' but use 'BOB' when connecting via CIFS or FTP, it will use the account settings used for 'BOB' not ‘bob’.
Chapter 8 User The following table describes the labels in this screen. Table 34 Configuration > User > User > Add/Edit A User LABEL DESCRIPTION User Name Type the user name for this user account. You may use 1-31 alphanumeric characters, underscores( ), or dashes (-), but the first character cannot be a number.
Page 73
Chapter 8 User Figure 46 Configuration > Object > User > Setting The following table describes the labels in this screen. Table 35 Configuration > Object > User > Setting LABEL DESCRIPTION User Default Setting Default Authentication These authentication timeout settings are used by default when you create a Timeout Settings new user account.
Chapter 8 User Table 35 Configuration > Object > User > Setting (continued) LABEL DESCRIPTION User Logon Settings Limit the number of Select this check box if you want to set a limit on the number of simultaneous simultaneous logons for logins by admin users.
Page 75
Chapter 8 User The following table describes the labels in this screen. Table 36 User > Setting > Edit User Authentication Timeout Settings LABEL DESCRIPTION User Type This read-only field identifies the type of user account for which you are configuring the default settings.
H A PT ER AP Profile 9.1 Overview This chapter shows you how to configure preset profiles for the NWA. 9.1.1 What You Can Do in this Chapter • The Radio screen (Section 9.2 on page 77) creates radio configurations that can be used by the APs.
Chapter 9 AP Profile WEP (Wired Equivalent Privacy) encryption scrambles all data packets transmitted between the AP and the wireless stations associated with it in order to keep network communications private. Both the wireless stations and the access points must use the same WEP key for data encryption and decryption.
Chapter 9 AP Profile Table 37 Configuration > Object > AP Profile > Radio (continued) LABEL DESCRIPTION Remove Click this to remove the selected radio profile. Activate To turn on an entry, select it and click Activate. Inactivate To turn off an entry, select it and click Inactivate. Object Reference Click this to view which other objects are linked to the selected radio profile.
Page 79
Chapter 9 AP Profile Figure 49 Configuration > Object > AP Profile > Add/Edit Profile NWA5120 Series User’s Guide...
Page 80
Chapter 9 AP Profile The following table describes the labels in this screen. Table 38 Configuration > Object > AP Profile > Add/Edit Profile LABEL DESCRIPTION Hide / Show Click this to hide or show the Advanced Settings in this window. Advanced Settings Create New Object Select an item from this menu to create a new object of that type.
Page 81
Chapter 9 AP Profile Table 38 Configuration > Object > AP Profile > Add/Edit Profile (continued) LABEL DESCRIPTION Enable A-MSDU Select this to enable A-MSDU aggregation. Aggregation Mac Service Data Unit (MSDU) aggregation collects Ethernet frames without any of their 802.11n headers and wraps the header-less payload in a single 802.11n MAC header.
Chapter 9 AP Profile Table 38 Configuration > Object > AP Profile > Add/Edit Profile (continued) LABEL DESCRIPTION Rate Configuration This section controls the data rates permitted for clients. For each rate, select a rate option from its list. The rates are: •...
Chapter 9 AP Profile Note: You can have a maximum of 32 SSID profiles on the NWA. Figure 50 Configuration > Object > AP Profile > SSID List The following table describes the labels in this screen. Table 39 Configuration > Object > AP Profile > SSID List LABEL DESCRIPTION Click this to add a new SSID profile.
Page 84
Chapter 9 AP Profile Figure 51 Configuration > Object > AP Profile > Add/Edit SSID Profile The following table describes the labels in this screen. Table 40 Configuration > Object > AP Profile > Add/Edit SSID Profile LABEL DESCRIPTION Create new Select an object type from the list to create a new one associated with this SSID profile.
Chapter 9 AP Profile Table 40 Configuration > Object > AP Profile > Add/Edit SSID Profile (continued) LABEL DESCRIPTION Select a Quality of Service (QoS) access category to associate with this SSID. Access categories minimize the delay of data packets across a wireless network. Certain categories, such as video or voice, are given a higher priority due to the time sensitive nature of their data packets.
Chapter 9 AP Profile Figure 52 Configuration > Object > AP Profile > SSID > Security List The following table describes the labels in this screen. Table 41 Configuration > Object > AP Profile > SSID > Security List LABEL DESCRIPTION Click this to add a new security profile.
Page 87
Chapter 9 AP Profile Figure 53 SSID > Security Profile > Add/Edit Security Profile The following table describes the labels in this screen. Table 42 SSID > Security Profile > Add/Edit Security Profile LABEL DESCRIPTION Profile Name Enter up to 31 alphanumeric characters for the profile name. This name is only visible in the Web Configurator and is only for management purposes.
Page 88
Chapter 9 AP Profile Table 42 SSID > Security Profile > Add/Edit Security Profile (continued) LABEL DESCRIPTION Radius Server Type This shows External and the NWA uses an external RADIUS server for authentication. Primary / Select this to have the NWA use the specified RADIUS server. Secondary Radius Server Activate Radius Server...
Chapter 9 AP Profile Table 42 SSID > Security Profile > Add/Edit Security Profile (continued) LABEL DESCRIPTION Cipher Type Select an encryption cipher type from the list. • auto - This automatically chooses the best available cipher based on the cipher in use by the wireless client that is attempting to make a connection.
Chapter 9 AP Profile Table 43 Configuration > Object > AP Profile > SSID > MAC Filter List (continued) LABEL DESCRIPTION This field is a sequential value, and it is not associated with a specific user. Profile Name This field indicates the name assigned to the MAC filtering profile. Filter Action This field indicates this profile’s filter action (if any).
Chapter 9 AP Profile Table 44 SSID > MAC Filter List > Add/Edit MAC Filter Profile (continued) LABEL DESCRIPTION Description This field displays a description for the MAC address associated with this profile. You can click the description to make it editable. Enter up to 60 characters, spaces and underscores allowed.
Chapter 9 AP Profile Figure 57 Configuration > Object > AP Profile > SSID > Layer-2 Isolation List The following table describes the labels in this screen. Table 45 Configuration > Object > AP Profile > SSID > Layer-2 Isolation List LABEL DESCRIPTION Click this to add a new MAC filtering profile.
Page 93
Chapter 9 AP Profile Figure 58 SSID > MAC Filter List > Add/Edit Layer-2 Isolation Profile The following table describes the labels in this screen. Table 46 SSID > MAC Filter List > Add/Edit Layer-2 Isolation Profile LABEL DESCRIPTION Profile Name Enter up to 31 alphanumeric characters for the profile name.
HAPTER MON Profile 10.1 Overview This screen allows you to set up monitor mode configurations that allow your NWA to scan for other wireless devices in the vicinity. Once detected, you can use the Wireless > MON Mode screen (Section 7.3 on page 60) to classify them as either rogue or friendly.
Chapter 10 MON Profile Table 47 Configuration > Object > MON Profile (continued) LABEL DESCRIPTION Inactivate To turn off an entry, select it and click Inactivate. Object Reference Click this to view which other objects are linked to the selected monitor mode profile (for example, an AP management profile).
Chapter 10 MON Profile The following table describes the labels in this screen. Table 48 Configuration > Object > MON Profile > Add/Edit MON Profile LABEL DESCRIPTION Activate Select this to activate this monitor mode profile. Profile Name This field indicates the name assigned to the monitor mode profile. Channel dwell time Enter the interval (in milliseconds) before the NWA switches to another channel for monitoring.
Page 97
Chapter 10 MON Profile Figure 61 Rogue AP Example In the example above, a corporate network’s security is compromised by a rogue AP (RG) set up by an employee at his workstation in order to allow him to connect his notebook computer wirelessly (A).
HAPTER WDS Profile 11.1 Overview This chapter shows you how to configure WDS profiles for the NWA to form a WDS with other APs. 11.1.1 What You Can Do in this Chapter The WDS Profile screen (Section 11.2 on page 98) creates preset WDS configurations that can be used by the NWA.
Chapter 11 WDS Profile 11.2.1 Add/Edit WDS Profile This screen allows you to create a new WDS profile or edit an existing one. To access this screen, click the Add button or select and existing profile and click the Edit button. Figure 63 Configuration >...
HAPTER Certificates 12.1 Overview The NWA can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication. 12.1.1 What You Can Do in this Chapter •...
Page 101
Chapter 12 Certificates Additionally, Jenny uses her own private key to sign a message and Tim uses Jenny’s public key to verify the message. The NWA uses certificates based on public-key cryptology to authenticate users attempting to establish a connection, not to encrypt the data that you send after establishing a connection. The method used to secure the data that you send through an established connection depends on the type of connection.
Chapter 12 Certificates • Binary PKCS#12: This is a format for transferring public key and private key certificates.The private key in a PKCS #12 file is within a password-encrypted envelope. The file’s password is not connected to your certificate’s public or private passwords. Exporting a PKCS #12 file creates this and you must provide it to decrypt the contents when you import the file into the NWA.
Chapter 12 Certificates 12.2 My Certificates Click Configuration > Object > Certificate > My Certificates to open this screen. This is the NWA’s summary list of certificates and certification requests. Figure 64 Configuration > Object > Certificate > My Certificates The following table describes the labels in this screen.
Chapter 12 Certificates Table 51 Configuration > Object > Certificate > My Certificates (continued) LABEL DESCRIPTION Subject This field displays identifying information about the certificate’s owner, such as CN (Common Name), OU (Organizational Unit or department), O (Organization or company) and C (Country).
Page 106
Chapter 12 Certificates The following table describes the labels in this screen. Table 52 Configuration > Object > Certificate > My Certificates > Add LABEL DESCRIPTION Name Type a name to identify this certificate. You can use up to 31 alphanumeric and ;‘~!@#$%^&()_+[]{}’,.=- characters.
Page 107
Chapter 12 Certificates Table 52 Configuration > Object > Certificate > My Certificates > Add (continued) LABEL DESCRIPTION Create a certification Select this to have the NWA generate a request for a certificate and apply to a request and enroll for certification authority for a certificate.
Chapter 12 Certificates 12.2.2 Edit My Certificates Click Configuration > Object > Certificate > My Certificates and then the Edit icon to open the My Certificate Edit screen. You can use this screen to view in-depth certificate information and change the certificate’s name. Figure 66 Configuration >...
Page 109
Chapter 12 Certificates The following table describes the labels in this screen. Table 53 Configuration > Object > Certificate > My Certificates > Edit LABEL DESCRIPTION Name This field displays the identifying name of this certificate. You can use up to 31 alphanumeric and ;‘~!@#$%^&()_+[]{}’,.=- characters.
Chapter 12 Certificates Table 53 Configuration > Object > Certificate > My Certificates > Edit LABEL DESCRIPTION MD5 Fingerprint This is the certificate’s message digest that the NWA calculated using the MD5 algorithm. SHA1 Fingerprint This is the certificate’s message digest that the NWA calculated using the SHA1 algorithm.
Chapter 12 Certificates Figure 67 Configuration > Object > Certificate > My Certificates > Import The following table describes the labels in this screen. Table 54 Configuration > Object > Certificate > My Certificates > Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it.
Page 112
Chapter 12 Certificates Figure 68 Configuration > Object > Certificate > Trusted Certificates The following table describes the labels in this screen. Table 55 Configuration > Object > Certificate > Trusted Certificates LABEL DESCRIPTION PKI Storage This bar displays the percentage of the NWA’s PKI storage space that is currently in use. Space in Use When the storage space is almost full, you should consider deleting expired or unnecessary certificates before adding more certificates.
Chapter 12 Certificates 12.3.1 Edit Trusted Certificates Click Configuration > Object > Certificate > Trusted Certificates and then a certificate’s Edit icon to open the Trusted Certificates Edit screen. Use this screen to view in-depth information about the certificate, change the certificate’s name and set whether or not you want the NWA to check a certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority.
Page 114
Chapter 12 Certificates The following table describes the labels in this screen. Table 56 Configuration > Object > Certificate > Trusted Certificates > Edit LABEL DESCRIPTION Name This field displays the identifying name of this certificate. You can change the name. You can use up to 31 alphanumeric and ;‘~!@#$%^&()_+[]{}’,.=- characters.
Chapter 12 Certificates Table 56 Configuration > Object > Certificate > Trusted Certificates > Edit (continued) LABEL DESCRIPTION Signature Algorithm This field displays the type of algorithm that was used to sign the certificate. Some certification authorities use rsa-pkcs1-sha1 (RSA public-private key encryption algorithm and the SHA1 hash algorithm).
Chapter 12 Certificates Figure 70 Configuration > Object > Certificate > Trusted Certificates > Import The following table describes the labels in this screen. Table 57 Configuration > Object > Certificate > Trusted Certificates > Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it.
HAPTER System 13.1 Overview Use the system screens to configure general NWA settings. 13.1.1 What You Can Do in this Chapter • The Host Name screen (Section 13.2 on page 117) configures a unique name for the NWA in your network. •...
Chapter 13 System The following table describes the labels in this screen. Table 58 Configuration > System > Host Name LABEL DESCRIPTION System Name Choose a descriptive name to identify your NWA device. This name can be up to 64 alphanumeric characters long.
Page 119
Chapter 13 System The following table describes the labels in this screen. Table 59 Configuration > System > Date/Time LABEL DESCRIPTION Current Time and Date Current Time This field displays the present time of your NWA. Current Date This field displays the present date of your NWA. Time and Date Setup Manual...
Chapter 13 System Table 59 Configuration > System > Date/Time (continued) LABEL DESCRIPTION End Date Configure the day and time when Daylight Saving Time ends if you selected Enable Daylight Saving. The at field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the first Sunday of November.
Chapter 13 System The Current Time and Current Date fields will display the appropriate settings if the synchronization is successful. If the synchronization was not successful, a log displays in the View Log screen. Try re-configuring the Date/Time screen. To manually set the NWA date and time: Click System >...
Chapter 13 System Figure 74 Secure and Insecure Service Access From the WAN 13.4.1 Service Access Limitations A service cannot be used to access the NWA when you have disabled that service in the corresponding screen. 13.4.2 System Timeout There is a lease timeout for administrators. The NWA automatically logs you out if the management session remains idle for longer than this timeout period.
Chapter 13 System Please refer to the following figure. HTTPS connection requests from an SSL-aware web browser go to port 443 (by default) on the NWA’s web server. HTTP connection requests from a web browser go to port 80 (by default) on the NWA’s web server. Figure 75 HTTP/HTTPS Implementation Note: If you disable HTTP in the WWW screen, then the NWA blocks all HTTP connection attempts.
Chapter 13 System The following table describes the labels in this screen. Table 61 Configuration > System > WWW > Service Control LABEL DESCRIPTION HTTPS Enable Select the check box to allow or disallow the computer with the IP address that matches the IP address(es) in the Service Control table to access the NWA Web Configurator using secure HTTPs connections.
Page 125
Chapter 13 System Figure 77 Security Alert Dialog Box (Internet Explorer) Select Continue to this website. to proceed to the Web Configurator login screen. Otherwise, select Click here to close this webpage. to block the access. 13.4.5.2 Mozilla Firefox Warning Messages When you attempt to access the NWA HTTPS server, a The Connection is Untrusted screen appears as shown in the following screen.
Page 126
Chapter 13 System Figure 78 Security Certificate 1 (Firefox) Figure 79 Security Certificate 2 (Firefox) 13.4.5.3 Avoiding Browser Warning Messages Here are the main reasons your browser displays warnings about the NWA’s HTTPS server certificate and what you can do to avoid seeing the warnings: •...
Page 127
Chapter 13 System • For the browser to trust a self-signed certificate, import the self-signed certificate into your operating system as a trusted certificate. • To have the browser trust the certificates issued by a certificate authority, import the certificate authority’s certificate into your operating system as a trusted certificate.
Page 128
Chapter 13 System 13.4.5.5 Installing the CA’s Certificate Double click the CA’s trusted certificate to produce a screen similar to the one shown next. Click Install Certificate and follow the wizard as shown earlier in this appendix. 13.4.5.6 Installing a Personal Certificate You need a password in advance.
Page 129
Chapter 13 System Click Next to begin the wizard. The file name and path of the certificate you double-clicked should automatically appear in the File name text box. Click Browse if you wish to import a different certificate. NWA5120 Series User’s Guide...
Page 130
Chapter 13 System Enter the password given to you by the CA. Have the wizard determine where the certificate should be saved on your computer or select Place all certificates in the following store and choose a different location. NWA5120 Series User’s Guide...
Page 131
Chapter 13 System Click Finish to complete the wizard and begin the import process. You should see the following screen when the certificate is correctly installed on your computer. 13.4.5.7 Using a Certificate When Accessing the NWA To access the NWA via HTTPS: Enter ‘https://NWA IP Address/ in your browser’s web address field.
Chapter 13 System When Authenticate Client Certificates is selected on the NWA, the following screen asks you to select a personal certificate to send to the NWA. This screen displays even if you only have a single certificate as in the example. You next see the Web Configurator login screen.
Chapter 13 System Figure 82 How SSH v1 Works Example Host Identification The SSH client sends a connection request to the SSH server. The server identifies itself with a host key. The client encrypts a randomly generated session key with the host key and server key and sends the result back to the server.
Chapter 13 System 13.5.3 Requirements for Using SSH You must install an SSH client program on a client computer (Windows or Linux operating system) that is used to connect to the NWA over SSH. 13.5.4 Configuring SSH Click Configuration > System > SSH to open the following screen. Use this screen to configure your NWA’s Secure Shell settings.
Page 135
Chapter 13 System Launch the SSH client and specify the connection information (IP address, port number) for the NWA. Configure the SSH client to accept connection using SSH version 1. A window displays prompting you to store the host key in you computer. Click Yes to continue. Figure 84 SSH Example 1: Store Host Key Enter the password to log in to the NWA.
Chapter 13 System The CLI screen displays next. 13.6 Telnet You can use Telnet to access the NWA’s command line interface. Click Configuration > System > TELNET to configure your NWA for remote Telnet access. Use this screen to enable or disable Telnet and set the server port number.
Chapter 13 System Figure 88 Configuration > System > FTP The following table describes the labels in this screen. Table 64 Configuration > System > FTP LABEL DESCRIPTION Enable Select the check box to allow or disallow the computer with the IP address that matches the IP address(es) in the Service Control table to access the NWA using this service.
Chapter 13 System Figure 89 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the NWA). An agent translates the local management information from the managed device into a form compatible with SNMP.
Chapter 13 System is to let administrators collect statistical data and monitor status and performance. You can download the NWA’s MIBs from www.zyxel.com. 13.8.2 SNMP Traps The NWA will send traps to the SNMP manager when any one of the following events occurs. Table 65 SNMP Traps OBJECT LABEL OBJECT ID...
Chapter 13 System Table 66 Configuration > System > SNMP (continued) LABEL DESCRIPTION Trap Community Type the trap community, which is the password sent with each trap to the SNMP manager. The default is public and allows all requests. Destination Type the IP address of the station to send your SNMP traps to.
Page 141
Chapter 13 System The following table describes the labels in this screen. Table 67 Configuration > System > SNMP LABEL DESCRIPTION User Name Select the user name of the user account for which this SNMPv3 user profile is configured. Authentication Select the type of authentication the SNMPv3 user must use to connect to the NWA using this SNMPv3 user profile.
HAPTER Log and Report 14.1 Overview Use the system screens to configure daily reporting and log settings. 14.1.1 What You Can Do In this Chapter • The Email Daily Report screen (Section 14.2 on page 142) configures how and where to send daily reports and what reports to send.
Page 143
Chapter 14 Log and Report Figure 92 Configuration > Log & Report > Email Daily Report The following table describes the labels in this screen. Table 68 Configuration > Log & Report > Email Daily Report LABEL DESCRIPTION Enable Email Select this to send reports by e-mail every day.
Chapter 14 Log and Report Table 68 Configuration > Log & Report > Email Daily Report (continued) LABEL DESCRIPTION Mail From Type the e-mail address from which the outgoing e-mail is delivered. This address is used in replies. Mail To Type the e-mail address (or addresses) to which the outgoing e-mail is delivered.
Page 145
Chapter 14 Log and Report Figure 93 Configuration > Log & Report > Log Setting The following table describes the labels in this screen. Table 69 Configuration > Log & Report > Log Setting LABEL DESCRIPTION Edit Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings.
Chapter 14 Log and Report 14.3.2 Edit System Log Settings This screen controls the detailed settings for each log in the system log (which includes the e-mail profiles). Select a system log entry in the Log Setting screen and click the Edit icon. Figure 94 Configuration >...
Page 147
Chapter 14 Log and Report The following table describes the labels in this screen. Table 70 Configuration > Log & Report > Log Setting > Edit System Log Setting LABEL DESCRIPTION E-Mail Server 1/2 Active Select this to send log messages and alerts according to the information in this section.
Chapter 14 Log and Report Table 70 Configuration > Log & Report > Log Setting > Edit System Log Setting (continued) LABEL DESCRIPTION E-mail Server 2 Use the E-Mail Server 2 drop-down list to change the settings for e-mailing logs to e-mail server 2 for all log categories.
Page 149
Chapter 14 Log and Report Figure 95 Configuration > Log & Report > Log Setting > Edit Remote Server NWA5120 Series User’s Guide...
Chapter 14 Log and Report The following table describes the labels in this screen. Table 71 Configuration > Log & Report > Log Setting > Edit Remote Server LABEL DESCRIPTION Log Settings for Remote Server Active Select this check box to send log information according to the information in this section. You specify what kinds of messages are included in log information in the Active Log section.
Page 151
Chapter 14 Log and Report Figure 96 Active Log Summary This screen provides a different view and a different way of indicating which messages are included in each log and each alert. (The Default category includes debugging messages generated by open source software.) NWA5120 Series User’s Guide...
Page 152
Chapter 14 Log and Report The following table describes the fields in this screen. Table 72 Configuration > Log & Report > Log Setting > Active Log Summary LABEL DESCRIPTION Active Log If the NWA is set to controller mode, the AC section controls logs generated by the Summary controller and the AP section controls logs generated by the managed APs.
Page 153
Chapter 14 Log and Report Table 72 Configuration > Log & Report > Log Setting > Active Log Summary (continued) LABEL DESCRIPTION E-mail Server 1 Select whether each category of events should be included in the log messages when it is E-mail e-mailed (green check mark) and/or in alerts (red exclamation point) for the e-mail settings specified in E-Mail Server 1.
HAPTER File Manager 15.1 Overview Configuration files define the NWA’s settings. Shell scripts are files of commands that you can store on the NWA and run when you need them. You can apply a configuration file or run a shell script without the NWA restarting.
Chapter 15 File Manager While configuration files and shell scripts have the same syntax, the NWA applies configuration files differently than it runs shell scripts. This is explained below. Table 73 Configuration Files and Shell Scripts in the NWA Configuration Files (.conf) Shell Scripts (.zysh) •...
Page 156
Chapter 15 File Manager configuration files from the NWA to your computer and upload configuration files from your computer to the NWA. Once your NWA is configured and functioning properly, it is highly recommended that you back up your configuration file before making further configuration changes. The backup configuration file will be useful in case you need to return to your previous settings.
Page 157
Chapter 15 File Manager The following table describes the labels in this screen. Table 74 Maintenance > File Manager > Configuration File LABEL DESCRIPTION Rename Use this button to change the label of a configuration file on the NWA. You can only rename manually saved configuration files.
Page 158
Chapter 15 File Manager Table 74 Maintenance > File Manager > Configuration File (continued) LABEL DESCRIPTION Apply Use this button to have the NWA use a specific configuration file. Click a configuration file’s row to select it and click Apply to have the NWA use that configuration file.
Chapter 15 File Manager Table 74 Maintenance > File Manager > Configuration File (continued) LABEL DESCRIPTION File Name This column displays the label that identifies a configuration file. You cannot delete the following configuration files or change their file names. The system-default.conf file contains the NWA’s default settings.
Chapter 15 File Manager Use "get” to download files. Transfer the configuration file on the NWA to your computer. Type get followed by the name of the configuration file. This examples uses get startup-config.conf. C:\>ftp 192.168.1.2 Connected to 192.168.1.2. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220-You are user number 1 of 5 allowed.
Page 161
Chapter 15 File Manager Figure 98 Maintenance > File Manager > Firmware Package The following table describes the labels in this screen. Table 75 Maintenance > File Manager > Firmware Package LABEL DESCRIPTION Boot This is the version of the boot module that is currently on the NWA. Module Current This is the firmware version and the date created.
Chapter 15 File Manager 15.3.1 Example of Firmware Upload Using FTP This procedure requires the NWA’s firmware. Download the firmware package from www.zyxel.com and unzip it. The firmware file uses a .bin extension, for example, "410AAHY1C0.bin". Do the following after you have obtained the firmware file. Connect your computer to the NWA.
Page 163
Chapter 15 File Manager Click Maintenance > File Manager > Shell Script to open this screen. Use the Shell Script screen to store, name, download, upload and run shell script files. You can store multiple shell script files on the NWA at the same time. Note: You should include write commands in your scripts.
Page 164
Chapter 15 File Manager Table 76 Maintenance > File Manager > Shell Script (continued) LABEL DESCRIPTION This column displays the number for each shell script file entry. File Name This column displays the label that identifies a shell script file. Size This column displays the size (in KB) of a shell script file.
HAPTER Diagnostics 16.1 Overview Use the diagnostics screen for troubleshooting. 16.1.1 What You Can Do in this Chapter • The Diagnostics screen (Section 16.2 on page 165) generates a file containing the NWA’s configuration and diagnostic information if you need to provide it to customer support during troubleshooting.
Page 166
Chapter 16 Diagnostics Table 77 Maintenance > Diagnostics LABEL DESCRIPTION Collect Now Click this to have the NWA create a new diagnostic file. Download Click this to save the most recent diagnostic file to a computer. NWA5120 Series User’s Guide...
HAPTER Reboot 17.1 Overview Use this screen to restart the device. 17.1.1 What You Need To Know If you applied changes in the Web configurator, these were saved automatically and do not change when you reboot. If you made changes in the CLI, however, you have to use the write command to save the configuration before you reboot.
HAPTER Shutdown 18.1 Overview Use this screen to shutdown the device. Always use Maintenance > Shutdown > Shutdown or the shutdown command before you turn off the NWA or remove the power. Not doing so can cause the firmware to become corrupt. 18.1.1 What You Need To Know Shutdown writes all cached data to the local storage and stops the system processes.
HAPTER Troubleshooting 19.1 Overview This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LED • NWA Access and Login • Internet Access • Wireless Connections •...
Chapter 19 Troubleshooting If the problem continues, contact the vendor. 19.3 NWA Access and Login I forgot the IP address for the NWA. The default IP address (in standalone AP mode) is 192.168.1.2. If you changed the IP address and have forgotten it, you have to reset the device to its factory defaults.
Chapter 19 Troubleshooting • Try to access the NWA using another service, such as Telnet. If you can access the NWA, check the remote management settings to find out why the NWA does not respond to HTTP. • If your computer is connected wirelessly, use a computer that is connected to a LAN/ETHERNET port.
Chapter 19 Troubleshooting Make sure the NWA is connected to a broadband modem or router with Internet access and your computer is set to obtain an dynamic IP address. If you are trying to access the Internet wirelessly, make sure the wireless settings on the wireless client are the same as the settings on the NWA.
Page 173
Chapter 19 Troubleshooting Make sure the wireless LAN (wireless radio) is enabled on the NWA. Make sure the radio or at least one of the NWA’s radios is operating in AP mode. Make sure the wireless adapter (installed on your computer) is working properly. Make sure the wireless adapter (installed on your computer) is IEEE 802.11 compatible and supports the same wireless standard as the NWA’s active radio.
Page 174
Chapter 19 Troubleshooting • PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses lowercase letters, uppercase letters and numerals to convert a binary PKCS#7 certificate into a printable form. • Binary PKCS#12: This is a format for transferring public key and private key certificates.The private key in a PKCS #12 file is within a password-encrypted envelope.
Chapter 19 Troubleshooting In the Monitor > Wireless > AP Information > Radio List screen, there is no load balancing indicator associated with any APs assigned to the load balancing task. • Check to be sure that the AP profile which contains the load balancing settings is correctly assigned to the APs in question.
PP EN D I X Importing Certificates This appendix shows you how to import public key certificates into your web browser. Public key certificates are used by web browsers to ensure that a secure web site is legitimate. When a certificate authority such as VeriSign, Comodo, or Network Solutions, to name a few, receives a certificate request from a website operator, they confirm that the web domain and contact information in the request match those on public record with a domain name registrar.
Page 177
Appendix A Importing Certificates If your device’s Web Configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error. Click Continue to this website (not recommended). In the Address Bar, click Certificate Error > View certificates. NWA5120 Series User’s Guide...
Page 178
Appendix A Importing Certificates In the Certificate dialog box, click Install Certificate. In the Certificate Import Wizard, click Next. NWA5120 Series User’s Guide...
Page 179
Appendix A Importing Certificates If you want Internet Explorer to Automatically select certificate store based on the type of certificate, click Next again and then go to step 9. Otherwise, select Place all certificates in the following store and then click Browse. In the Select Certificate Store dialog box, choose a location in which to save the certificate and then click OK.
Page 180
Appendix A Importing Certificates In the Completing the Certificate Import Wizard screen, click Finish. 10 If you are presented with another Security Warning, click Yes. 11 Finally, click OK when presented with the successful certificate installation message. NWA5120 Series User’s Guide...
Page 181
Appendix A Importing Certificates 12 The next time you start Internet Explorer and go to a ZyXEL Web Configurator page, a sealed padlock icon appears in the address bar. Click it to view the page’s Website Identification information. Installing a Stand-Alone Certificate File in Internet Explorer Rather than browsing to a ZyXEL Web Configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you.
Page 182
Appendix A Importing Certificates Removing a Certificate in Internet Explorer This section shows you how to remove a public key certificate in Internet Explorer 7 on Windows XP. Open Internet Explorer and click Tools > Internet Options. In the Internet Options dialog box, click Content > Certificates. NWA5120 Series User’s Guide...
Page 183
Appendix A Importing Certificates In the Certificates dialog box, click the Trusted Root Certificates Authorities tab, select the certificate that you want to delete, and then click Remove. In the Certificates confirmation, click Yes. In the Root Certificate Store dialog box, click Yes. The next time you go to the web site that issued the public key certificate you just removed, a certification error appears.
Page 184
Appendix A Importing Certificates Firefox The following example uses Mozilla Firefox 2 on Windows XP Professional; however, the screens can also apply to Firefox 2 on all platforms. If your device’s Web Configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error.
Page 185
Appendix A Importing Certificates Installing a Stand-Alone Certificate File in Firefox Rather than browsing to a ZyXEL Web Configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you. Open Firefox and click Tools >...
Page 186
Appendix A Importing Certificates In the Certificate Manager dialog box, click Web Sites > Import. Use the Select File dialog box to locate the certificate and then click Open. The next time you visit the web site, click the padlock in the address bar to open the Page Info > Security window to see the web page’s security information.
Page 187
Appendix A Importing Certificates Open Firefox and click Tools > Options. In the Options dialog box, click Advanced > Encryption > View Certificates. NWA5120 Series User’s Guide...
Page 188
Appendix A Importing Certificates In the Certificate Manager dialog box, select the Web Sites tab, select the certificate that you want to remove, and then click Delete. In the Delete Web Site Certificates dialog box, click OK. The next time you go to the web site that issued the public key certificate you just removed, a certification error appears.
PP EN D I X IPv6 Overview IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 10 addresses.
Page 190
Appendix B IPv6 Global Address A global address uniquely identifies a device on the Internet. It is similar to a “public IP address” in IPv4. A global unicast address starts with a 2 or 3. Unspecified Address An unspecified address (0:0:0:0:0:0:0:0 or ::) is used as the source address when a device does not have its own address.
Page 191
Appendix B IPv6 Table 80 Reserved Multicast Address (continued) MULTICAST ADDRESS FF0A:0:0:0:0:0:0:0 FF0B:0:0:0:0:0:0:0 FF0C:0:0:0:0:0:0:0 FF0D:0:0:0:0:0:0:0 FF0E:0:0:0:0:0:0:0 FF0F:0:0:0:0:0:0:0 Subnet Masking Both an IPv6 address and IPv6 subnet mask compose of 128-bit binary digits, which are divided into eight 16-bit blocks and written in hexadecimal notation. Hexadecimal uses four bits for each character (1 ~ 10, A ~ F).
Appendix B IPv6 combines its interface ID and global and subnet information advertised from the router. This is a routable global IP address. DHCPv6 The Dynamic Host Configuration Protocol for IPv6 (DHCPv6, RFC 3315) is a server-client protocol that allows a DHCP server to assign and pass IPv6 network addresses, prefixes and other configuration information to DHCP clients.
Page 193
Appendix B IPv6 such as the system name. The interface-ID option provides slot number, port information and the VLAN ID to the DHCPv6 server. The remote-ID option (if any) is stripped from the Relay-Reply messages before the relay agent sends the packets to the clients. The DHCP server copies the interface-ID option from the Relay-Forward message into the Relay-Reply message and sends it to the relay agent.
Page 194
Appendix B IPv6 determine whether the destination address is on-link and can be reached directly without passing through a router. If the address is onlink, the address is considered as the next hop. Otherwise, the NWA determines the next-hop from the default router list or routing table. Once the next hop IP address is known, the NWA looks into the neighbor cache to get the link-layer address and sends the packet when the neighbor is reachable.
Page 195
Appendix B IPv6 Example - Enabling IPv6 on Windows XP/2003/Vista By default, Windows XP and Windows 2003 support IPv6. This example shows you how to use the ipv6 install command on Windows XP/2003 to enable IPv6. This also displays how to use the ipconfig command to see auto-generated IP addresses.
Page 196
Appendix B IPv6 Click Start and then OK. Now your computer can obtain an IPv6 address from a DHCPv6 server. Example - Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default. DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer.
Page 197
Appendix B IPv6 Click Close to exit the Local Area Connection Status screen. Select Start > All Programs > Accessories > Command Prompt. Use the ipconfig command to check your dynamic IPv6 address. This example shows a global address (2001:b021:2d::1000) obtained from a DHCP server. C:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection:...
• Brief description of the problem and the steps you took to solve it. Corporate Headquarters (Worldwide) Taiwan • ZyXEL Communications Corporation • http://www.zyxel.com Asia China • ZyXEL Communications (Shanghai) Corp. ZyXEL Communications (Beijing) Corp. ZyXEL Communications (Tianjin) Corp. • http://www.zyxel.cn India • ZyXEL Technology India Pvt Ltd • http://www.zyxel.in Kazakhstan •...
Page 200
Appendix C Customer Support Belgium • ZyXEL Communications B.V. • http://www.zyxel.com/be/nl/ Bulgaria • ZyXEL България • http://www.zyxel.com/bg/bg/ Czech • ZyXEL Communications Czech s.r.o • http://www.zyxel.cz Denmark • ZyXEL Communications A/S • http://www.zyxel.dk Estonia • ZyXEL Estonia • http://www.zyxel.com/ee/et/ Finland • ZyXEL Communications •...
Page 201
• ZyXEL Communications Poland • http://www.zyxel.pl Romania • ZyXEL Romania • http://www.zyxel.com/ro/ro Russia • ZyXEL Russia • http://www.zyxel.ru Slovakia • ZyXEL Communications Czech s.r.o. organizacna zlozka • http://www.zyxel.sk Spain • ZyXEL Spain • http://www.zyxel.es Sweden • ZyXEL Communications • http://www.zyxel.se Switzerland •...
Page 202
Ecuador • ZyXEL Communication Corporation • http://www.zyxel.com/ec/es/ Middle East Egypt • ZyXEL Communication Corporation • http://www.zyxel.com/homepage.shtml Middle East • ZyXEL Communication Corporation • http://www.zyxel.com/homepage.shtml North America • ZyXEL Communications, Inc. - North America Headquarters • http://www.us.zyxel.com/ NWA5120 Series User’s Guide...
Page 203
Appendix C Customer Support Oceania Australia • ZyXEL Communications Corporation • http://www.zyxel.com/au/en/ Africa South Africa • Nology (Pty) Ltd. • http://www.zyxel.co.za NWA5120 Series User’s Guide...
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved.
Page 205
Appendix D Legal Information IC Radiation Exposure Statement This equipment complies with IC radiation exposure limits set forth for an uncontrolled environment. End users must follow the specific operating instructions for satisfying RF exposure compliance. 率 輻 理 率 不 更...
Appendix D Legal Information Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com. Open Source Licenses This product contains in part some free software distributed under GPL license terms and/or GPL like licenses. Open source licenses are provided with the firmware package.
Page 207
Appendix D Legal Information [Norwegian] Erklærer herved ZyXEL at dette utstyret er I samsvar med de grunnleggende kravene og andre relevante bestemmelser I direktiv 1999/5/EF. [Romanian] Prin prezenta, ZyXEL declară că acest echipament este în conformitate cu cerinţele esenţiale şi alte prevederi relevante ale Directivei 1999/5/EC.
Appendix D Legal Information List of national codes COUNTRY ISO 3166 2 LETTER CODE COUNTRY ISO 3166 2 LETTER CODE Austria Malta Belgium Netherlands Cyprus Poland Czech Republic Portugal Denmark Slovakia Estonia Slovenia Finland Spain France Sweden Germany United Kingdom Greece Iceland Hungary...
Page 209
Appendix D Legal Information Environmental Product Declaration NWA5120 Series User’s Guide...
Index Index Certificate Management Protocol (CMP) Symbols Certificate Revocation List (CRL) vs OCSP certificates advantages of and CA and FTP and HTTPS access and SSH and WWW access privileges certification path 101, 109, 114 access users expired see also users factory-default admin users file formats...
Page 211
Index configuration files dual-radio application at restart dynamic channel selection backing up downloading downloading with FTP editing how applied lastgood.conf e-mail 156, 159 managing daily statistics report startup-config.conf encryption startup-config-bad.conf syntax ESSID system-default.conf Extended Service Set IDentification uploading uploading with FTP use without restart contact information Control and Provisioning of Wireless Access Points...
Page 212
Index over SSL, see HTTPS permissions redirect to HTTPS JavaScripts vs HTTPS HTTPS and certificates authenticating clients avoiding warning messages key pairs example vs HTTP with Internet Explorer with Netscape Navigator HyperText Transfer Protocol over Secure Socket Layer, see HTTPS lastgood.conf 156, 159 layer-2 isolation...
Page 213
Index Management Mode CAPWAP and DHCP CAPWAP and IP Subnets packet managed AP statistics standalone mode physical ports management mode packet statistics managing the device pop-up windows good habits power off using FTP. See FTP. power on MBSSID product registration memory usage 32, 34 Public-Key Infrastructure (PKI)
Page 214
Index Rivest, Shamir and Adleman public-key algorithm for secure Telnet (RSA) how connection is established root AP versions with Linux 106, 109, 115 with Microsoft Windows RSSI threshold SSID SSID profile pre-configured SSID profiles SCEP (Simple Certificate Enrollment Protocol) starting the device screen resolution startup-config.conf Secure Socket Layer, see SSL...