NWA-1100 802.11b/g Wireless Access Point User’s Guide Version 1.00 7/2008 Edition 1 www.zyxel.
About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the ZyXEL Device using the web configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology. Related Documentation • Quick Start Guide The Quick Start Guide is designed to help you get up and running right away. It contains information on setting up your network and configuring for Internet access.
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. 1 " Warnings tell you about things that could harm you or your device. Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations. Syntax Conventions • The NWA-1100 may be referred to as the “ZyXEL Device”, the “device” or the “system” in this User’s Guide.
Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device.
Safety Warnings Safety Warnings 1 For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. • Do NOT store things on the device. • Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning. • Connect ONLY suitable accessories to the device.
Safety Warnings ZyXEL NWA-1100 User’s Guide 7
Safety Warnings 8 ZyXEL NWA-1100 User’s Guide
Contents Overview Contents Overview Introduction ............................................................................................................................ 23 Introducing the ZyXEL Device ................................................................................................... 25 Introducing the Web Configurator .............................................................................................. 35 Status Screens ........................................................
Contents Overview 10 ZyXEL NWA-1100 User’s Guide
Table of Contents Table of Contents About This User's Guide .......................................................................................................... 3 Document Conventions............................................................................................................ 4 Safety Warnings........................................................................................................................ 6 Contents Overview .......................................................
Table of Contents Chapter 3 Status Screens ........................................................................................................................ 39 3.1 The Status Screen ............................................................................................................... 39 3.1.1 System Statistics Screen ............................................................................................ 41 Chapter 4 Tutorial ............................................................
Table of Contents 6.5.1 WMM QoS .................................................................................................................. 71 6.5.2 Spanning Tree Protocol (STP) ................................................................................... 71 6.5.2.1 Rapid STP ........................................................................................................ 71 6.5.2.2 STP Terminology ..........................................................................................
Table of Contents 10.1 Overview ............................................................................................................................ 97 10.2 What You Can Do in the IP Screen ................................................................................... 97 10.3 What You Need to Know About IP ..................................................................................... 97 10.4 IP Screen .......................................................................................
Table of Contents 13.7.2 Displaying Logs ...................................................................................................... 120 13.7.3 Command List ........................................................................................................ 120 Chapter 14 Maintenance .......................................................................................................................... 121 14.1 Overview ......................................................................
Table of Contents Index.......................................................................................................................................
List of Figures List of Figures Figure 1 Access Point Application .......................................................................................................... 26 Figure 2 Wireless Client Application ....................................................................................................... 26 Figure 3 Bridge Application .................................................................................................................... 27 Figure 4 Bridging Example .................
List of Figures Figure 39 Security:WPA2 or WPA2-MIX for Access Point ...................................................................... 85 Figure 40 Security: WPA2 or WPA2-MIX for Wireless Client .................................................................. 86 Figure 41 Security: WPA-PSK, WPA2-PSK or WPA2-PSK-MIX ............................................................. 87 Figure 42 RADIUS Server Setup .............................................................................................
List of Figures Figure 82 Macintosh OS 8/9: Apple Menu ............................................................................................ 149 Figure 83 Macintosh OS 8/9: TCP/IP ................................................................................................... 149 Figure 84 Macintosh OS X: Apple Menu .............................................................................................. 150 Figure 85 Macintosh OS X: Network ...................................................
List of Figures 20 ZyXEL NWA-1100 User’s Guide
List of Tables List of Tables Table 1 LEDs ......................................................................................................................................... 32 Table 2 The Status Screen .................................................................................................................... 39 Table 3 System Status: Show Statistics ................................................................................................. 41 Table 4 Private IP Address Ranges .......
List of Tables Table 39 Log Categories and Available Settings ................................................................................. 120 Table 40 Log Command List ................................................................................................................ 120 Table 41 Association List ..................................................................................................................... 122 Table 42 Channel Usage ..................................................
P ART I Introduction Introducing the ZyXEL Device (25) Status Screens (39) Introducing the Web Configurator (35) Tutorial (43) 23
CHAPTER 1 Introducing the ZyXEL Device This chapter introduces the main applications and features of the ZyXEL Device. It also discusses the ways you can manage your ZyXEL Device. 1.1 Introducing the ZyXEL Device Your ZyXEL Device extends the range of your existing wired network without additional wiring, providing easy network access to mobile users. It controls network access with MAC address filtering and RADIUS server authentication.
Chapter 1 Introducing the ZyXEL Device Figure 1 Access Point Application AP2 BSS1 BSS2 AP1 A B C 1.2.2 Wireless Client The ZyXEL Device can be used as a wireless client to communicate with an existing network. In the figure below, the printer can receive requests from the wired computer clients A and B via the ZyXEL Device in Wireless Client mode.
Chapter 1 Introducing the ZyXEL Device 1.2.3 Bridge The ZyXEL Device can act as a wireless network bridge and establish wireless links with other APs. In the figure below, the ZyXEL Devices (A, B and Z) are connected to independent wired networks and have a bridge connection (A can communicate with B and Z) at the same time. Security between bridged APs (the Wireless Distribution System or WDS) is independent of the security between the wired networks and their respective APs.
Chapter 1 Introducing the ZyXEL Device Figure 4 Bridging Example Be careful to avoid bridge loops when you enable bridging in the ZyXEL Device. Bridge loops cause broadcast traffic to circle the network endlessly, resulting in possible throughput degradation and disruption of communications. The following examples show two network topologies that can lead to this problem: • If two or more ZyXEL Devices (in bridge mode) are connected to the same hub.
Chapter 1 Introducing the ZyXEL Device Figure 6 Bridge Loop: Bridge Connected to Wired LAN To prevent bridge loops, ensure that you enable STP in the Wireless screen or your ZyXEL Device is not set to bridge mode while connected to both wired and wireless segments of the same LAN. 1.2.4 AP + Bridge In AP+Bridge mode, the ZyXEL Device supports both AP and bridge connection at the same time. Using AP + Bridge mode, your ZyXEL Device can extend the range of the WLAN.
Chapter 1 Introducing the ZyXEL Device Figure 7 AP + Bridge Application 1.3 Ways to Manage the ZyXEL Device Use any of the following methods to manage the ZyXEL Device. • Web Configurator. This is recommended for everyday management of the ZyXEL Device using a (supported) web browser. • CLI (Command Line Interface). Line commands are mostly used for troubleshooting by service engineers. • FTP (File Transfer Protocol) for firmware upgrades. • SNMP (Simple Network Management Protocol).
Chapter 1 Introducing the ZyXEL Device • Change any default passwords on the ZyXEL Device, such as the password used for accessing the ZyXEL Device’s web configurator (if it has a web configurator). Use a password with a combination of letters and numbers and change your password regularly. Write down the password and put it in a safe place. • Avoid setting a long timeout period before the ZyXEL Device’s web configurator automatically times out.
Chapter 1 Introducing the ZyXEL Device 1.6 Hardware Connections See your Quick Start Guide for information on making hardware connections. 1.7 LEDs Figure 8 LEDs Table 1 LEDs LABEL LED COLOR STATUS DESCRIPTION 1 SYS Green On The ZyXEL Device is in AP + Bridge or Bridge mode, and has successfully established a Wireless Distribution System (WDS) connection. Amber Flashing The ZyXEL Device is starting up. Off Either • The ZyXEL Device is in Access Point or mode and is functioning normally.
Chapter 1 Introducing the ZyXEL Device Table 1 LEDs (continued) LABEL 3 LED ETHERNET COLOR Green Yellow ZyXEL NWA-1100 User’s Guide STATUS DESCRIPTION Blinking The wireless adaptor WLAN is active, and transmitting or receiving data. Off The wireless adaptor WLAN is not active. On The ZyXEL Device has a 10 Mbps Ethernet connection. Blinking The ZyXEL Device has a 10 Mbps Ethernet connection and is sending or receiving data. On The ZyXEL Device has a 100 Mbps Ethernet connection.
Chapter 1 Introducing the ZyXEL Device 34 ZyXEL NWA-1100 User’s Guide
CHAPTER 2 Introducing the Web Configurator This chapter describes how to access the ZyXEL Device’s web configurator and provides an overview of its screens. 2.1 Accessing the Web Configurator 1 Make sure your hardware is properly connected and prepare your computer or computer network to connect to the ZyXEL Device (refer to the Quick Start Guide). 2 Launch your web browser. 3 Type "192.168.1.2" as the URL (default). 4 Type "1234" (default) as the password and click Login.
Chapter 2 Introducing the Web Configurator " The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the ZyXEL Device if this happens. 2.2 Resetting the ZyXEL Device If you forget your password or cannot access the web configurator, you will need to use the RESET button. This replaces the current configuration file with the factory-default configuration file.
Chapter 2 Introducing the Web Configurator Figure 10 Status Screen of the Web Configurator • Click the links on the left of the screen to configure advanced features such as SYSTEM (General, Password and Time), WIRELESS (Wireless Settings, Security, RADIUS, MAC Filter), IP, REMOTE MGNT (Telnet, FTP, WWW and SNMP), CERTIFICATES, and LOGS (View Log and Log Settings). • Click MAINTENANCE to view information about your ZyXEL Device or upgrade configuration and firmware files.
Chapter 2 Introducing the Web Configurator 38 ZyXEL NWA-1100 User’s Guide
CHAPTER 3 Status Screens The Status screens display when you log into the ZyXEL Device, or click Status in the navigation menu. Use the Status screens to look at the current status of the device, system resources, and interfaces. The Status screens also provide detailed information about system statistics, associated wireless clients, and logs. 3.1 The Status Screen Use this screen to get a quick view of system, Ethernet, WLAN and other information regarding your ZyXEL Device. Click Status.
Chapter 3 Status Screens Table 2 The Status Screen LABEL DESCRIPTION Device Name This field displays the ZyXEL Device system name. It is used for identification. You can change this in the System > General screen’s Device Name field. Operation Mode This field displays the current operating mode of the first wireless module (AP, Wireless Client, Bridge or AP+Bridge). You can change the operating mode in the Wireless > Wireless Settings screen.
Chapter 3 Status Screens Table 2 The Status Screen LABEL DESCRIPTION LAN This field displays the number of wireless clients currently associated to the first wireless module. Each wireless module supports up to 32 concurrent associations. WLAN This field displays the number of wireless clients currently associated to the second wireless module. Each wireless module supports up to 32 concurrent associations. System Status Statistics Click this link to view port status and packet specific statistics.
Chapter 3 Status Screens 42 ZyXEL NWA-1100 User’s Guide
CHAPTER 4 Tutorial This chapter first provides an overview of how to configure the wireless LAN on your ZyXEL Device, and then gives step-by-step guidelines showing how to configure your ZyXEL Device for some example scenarios. 4.1 How to Configure the Wireless LAN This section illustrates how to choose which wireless operating mode to use on the ZyXEL Device and how to set up the wireless LAN in each wireless mode. See Section 4.1.3 on page 44 for links to more information on each step. 4.1.
Chapter 4 Tutorial Figure 13 Configuring Wireless LAN Select the WLAN Adaptor you want to configure. Select Operating Mode. Access Point Mode. Wireless Client Mode. AP + Bridge Mode. Select 802.11 Mode and Channel ID. Select AP you want to connect to. Select 802.11 Mode and Channel ID. Select 802.11 Mode and Channel ID. Configure RADIUS authentication (optional). Configure RADIUS authentication (optional). Configure Security Configure RADIUS authentication (optional). Settings.
Chapter 4 Tutorial 4.2.1 Scenario In the figure below, there are two ZyXEL Devices (A and B) in the network. A is in Access Point (AP) mode while B is in Wireless Client mode. Station B is connected to a File Transfer Protocol (FTP) server. You want only specified wireless clients to be able to access station B. You also want to allow wireless traffic between B and wireless clients connected to A (W, Y and Z). Other wireless devices (X) must not be able to connect to the FTP server.
Chapter 4 Tutorial Figure 15 Access Point Mode Wireless Setttings 1 2 3 4 5 6 Set the Operation Mode to AP. Enter an SSID name, such as “NWA-1100 A”. Choose the channel you want the ZyXEL Device to use. Select the Wireless Mode. Set the Intra-BSS Traffic to Enable. Go to Wireless > Security to configure the ZyXEL Device to use WPA-PSK security mode. Figure 16 Access Point Mode Security Setttings 4.2.
Chapter 4 Tutorial 2 You should now see a tab that says Site Survey (refer to Figure 18). Click on this. A window should pop up which contains a list of all available wireless devices within your ZyXEL Device’s range. Copy the SSID of the AP you want your wireless client to connect to (refer to Figure 19). 3 For this example, you want to connect to the access point, A.The SSID that you should copy is ZyXEL NWA-1100 A (refer to Figure 15 to check the SSID of Station A). 4 Go back to the screen in Figure 17.
Chapter 4 Tutorial Figure 18 Site Survey Figure 19 Wireless Client Mode 6 Go to Wireless > Security to configure the ZyXEL Device to use WPA-PSK security mode.
Chapter 4 Tutorial Figure 20 Wireless Client Mode Security Setttings 7 One way to ensure that only specified wireless clients can access the FTP server is by enabling MAC filtering on the ZyXEL Device. See Chapter 9 on page 93 for more information on the MAC Filter screen. 8 Still in the Web Configurator, go to Wireless > MAC Filter. Click on Active then highlight Allow the following MAC Address to associate.
Chapter 4 Tutorial 50 ZyXEL NWA-1100 User’s Guide
P ART II The Web Configurator System Screens (53) Wireless Settings Screen (61) Wireless Security Screen (75) RADIUS Screen (89) MAC Filter Screen (93) IP Screen (97) Remote Management (101) Certificate Screen (111) Log Screens (115) Maintenance (121) Troubleshooting (129) 51
CHAPTER 5 System Screens 5.1 Overview This chapter provides information and instructions on how to identify and manage your ZyXEL Device over the network. Figure 22 ZyXEL Device Setup In the figure above, the ZyXEL Device connects to a Domain Name Server (DNS) server to avail of a domain name. It also connects to an Network Time Protocol (NTP) server to set the time on the device. 5.
Chapter 5 System Screens 5.3 What You Need To Know About the System Screens IP Address Assignment Every computer on the Internet must have a unique IP address. If your networks are isolated from the Internet, for instance, only between your two branch offices, you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks. Table 4 Private IP Address Ranges 10.0.
Chapter 5 System Screens The subnet mask specifies the network number portion of an IP address. Your device will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the device unless you are instructed to do otherwise. 5.4 General Screen Use the General screen to identify your ZyXEL Device over the network. Click System > General. The following screen displays.
Chapter 5 System Screens Table 5 System: General LABEL DESCRIPTION Apply Click Apply to save your changes. Reset Click Reset to reload the previous configuration for this screen. 5.4.1 Password Screen Use this screen to control access to your ZyXEL Device by assigning a password to it. Click System > Password. The following screen displays. Figure 24 System: Password. The following table describes the labels in this screen.
Chapter 5 System Screens Figure 25 System: Time The following table describes the labels in this screen. Table 7 System: Time LABEL DESCRIPTION Current Time and Date Current Date This field displays the last updated date from the time server. Current Time This field displays the time of your ZyXEL Device. Each time you reload this page, the ZyXEL Device synchronizes the time with the time server (if configured).
Chapter 5 System Screens Table 7 System: Time LABEL DESCRIPTION Start Date Configure the day and time when Daylight Saving Time starts if you selected Enable Daylight Saving. The at field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time starts in most parts of the United States on the second Sunday of March. Each time zone in the United States starts using Daylight Saving Time at 2 A.M. local time. So in the United States you would select Second, Sunday, March and 2:00.
Chapter 5 System Screens Table 8 Default Time Servers (continued) ntp3.cs.wisc.edu ntp.cs.strath.ac.uk ntp1.sp.se time1.stupi.se tick.stdtime.gov.tw tock.stdtime.gov.tw time.stdtime.gov.tw When the ZyXEL Device uses the pre-defined list of NTP time servers, it randomly selects one server and tries to synchronize with it.
Chapter 5 System Screens 60 ZyXEL NWA-1100 User’s Guide
CHAPTER 6 Wireless Settings Screen 6.1 Overview This chapter discusses the steps to configure the Wireless Settings screen on the ZyXEL Device. It also introduces the wireless LAN (WLAN) and some basic scenarios. Figure 26 Wireless Mode In the figure above, the ZyXEL Device allows access to another bridge device (A) and a notebook computer (B) upon verifying their settings and credentials.
Chapter 6 Wireless Settings Screen 6.3 What You Need To Know About Wireless Settings Screen BSS A Basic Service Set (BSS) exists when all communications between wireless clients or between a wireless client and a wired network client go through one access point (AP). IntraBSS traffic is traffic between wireless clients in the BSS. ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network.
Chapter 6 Wireless Settings Screen Wireless Mode The IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional accounting and control features. Your ZyXEL Device can support 802.11b Only, 802.11g Only and 802.11b+g. 6.4 Wireless Settings Screen Use this screen to choose the operating mode for your ZyXEL Device. Click Wireless > Wireless Settings. The screen varies depending upon the operating mode you select. 6.4.
Chapter 6 Wireless Settings Screen The following table describes the general wireless LAN labels in this screen. Table 9 Wireless: Access Point LABEL DESCRIPTION Basic Settings Operation Mode Select AP from the drop-down list. SSID The SSID (Service Set IDentifier) identifies the Service Set with which a wireless station is associated. Wireless stations associating to the access point (AP) must have the same SSID. Select an SSID Profile from the drop-down list box.
Chapter 6 Wireless Settings Screen Table 9 Wireless: Access Point LABEL DESCRIPTION Number of Wireless Stations Allowed to Associate Specify how many wireless stations can associate with your ZyXEL Device. Radio Enable Select Yes to enable WLAN radio, and No to turn it off. The ZyXEL Device cannot be accessed wirelessly if radio is turned off. Output Power Management Set the output power of the ZyXEL Device in this field.
Chapter 6 Wireless Settings Screen Figure 28 Wireless: Wireless Client The following table describes the general wireless LAN labels in this screen. Table 10 Wireless: Wireless Client LABEL DESCRIPTION Basic Settings Operation Mode Select Wireless Client from the drop-down list. Click Apply to make the Site Survey button appear next to the SSID field. Click this button to get a pop up window of available APs.
Chapter 6 Wireless Settings Screen Table 10 Wireless: Wireless Client LABEL DESCRIPTION Site Survey Click this to view a list of available wireless access points within the range. Wireless Mode Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to associate with the ZyXEL Device. Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to associate with the ZyXEL Device. Select 802.11b+g to allow both IEEE802.11b and IEEE802.
Chapter 6 Wireless Settings Screen 6.4.3 Bridge Mode Use this screen to have the ZyXEL Device act as a wireless network bridge and establish wireless links with other APs. You need to know the MAC address of the peer device, which also must be in bridge mode. Use this screen to use the ZyXEL Device as a wireless bridge. Select Bridge as the Operation Mode. Figure 29 Wireless: Bridge The following table describes the bridge labels in this screen.
Chapter 6 Wireless Settings Screen Table 11 Wireless: Bridge LABEL DESCRIPTIONS Channel Set the operating frequency/channel depending on your particular region. To manually set the ZyXEL Device to use a channel, select a channel from the drop-down list box. Click MAINTENANCE and then the Channel Usage tab to open the Channel Usage screen to make sure the channel is not already used by another AP or independent peer-to-peer wireless network.
Chapter 6 Wireless Settings Screen Table 11 Wireless: Bridge LABEL DESCRIPTIONS Enable Antenna Diversity Select this to use antenna diversity. Antenna diversity uses multiple antennas to reduce signal interference. Enable Spanning Tree Protocol(STP) (R)STP detects and breaks network loops and provides backup links between switches, bridges or routers.
Chapter 6 Wireless Settings Screen See the tables describing the fields in the Access Point and Bridge operating modes for descriptions of the fields in this screen. 6.5 Technical Reference This section provides technical background information about the topics covered in this chapter. Refer to Appendix E on page 153 for further readings on Wireless LAN. 6.5.1 WMM QoS WMM (Wi-Fi MultiMedia) QoS (Quality of Service) ensures quality of service in wireless networks.
Chapter 6 Wireless Settings Screen Path cost is the cost of transmitting a frame onto a LAN through that port. It is assigned according to the speed of the link to which a port is attached. The slower the media, the higher the cost - see the following table.
Chapter 6 Wireless Settings Screen 6.5.3 Additional Wireless Terms Table 14 Additional Wireless Terms TERM DESCRIPTION Intra-BSS Traffic This describes direct communication (not through the ZyXEL Device) between two wireless devices within a wireless network. You might disable this kind of communication to enhance security within your wireless network. RTS/CTS Threshold In a wireless network which covers a large area, wireless devices are sometimes not aware of each other’s presence.
Chapter 6 Wireless Settings Screen 74 ZyXEL NWA-1100 User’s Guide
CHAPTER 7 Wireless Security Screen 7.1 Overview This chapter describes how to use the Wireless Security screen. This screen allows you to configure the security mode for your ZyXEL Device. Wireless security is vital to your network. It protects communications between wireless stations, access points and the wired network. Figure 31 Securing the Wireless Network In the figure above, the ZyXEL Device checks the identity of devices before giving them access to the network.
Chapter 7 Wireless Security Screen 7.3 What You Need To Know About Wireless Security User Authentication Authentication is the process of verifying whether a wireless device is allowed to use the wireless network. You can make every user log in to the wireless network before they can use it. However, every device in the wireless network has to support IEEE 802.1x to do this. For wireless networks, you can store the user names and passwords for each user in a RADIUS server.
Chapter 7 Wireless Security Screen • WPA2-PSK-MIX. This commands the ZyXEL Device to use either WPA-PSK or WPA2-PSK depending on which security mode the wireless client uses. " In Bridge and Bridge + AP operating modes, the only available security modes are WEP and WPA2-PSK. Passphrase A passphrase functions like a password. In WEP security mode, it is further converted by the ZyXEL Device into a complicated string that is referred to as the “key”.
Chapter 7 Wireless Security Screen Figure 32 Security: None The default security mode is set to None. Note that some screens display differently depending on the operating mode selected in the Wireless > Wireless Settings screen. " You must enable the same wireless security settings on the ZyXEL Device and on all wireless clients that you want to associate with it. 7.4.1 Security: WEP Use this screen to use WEP as the security mode for your ZyXEL Device.
Chapter 7 Wireless Security Screen The following table describes the labels in this screen. Table 16 Security: WEP LABEL DESCRIPTION Security Mode Choose WEP in this field. Authentication Method Select Open or Shared Key from the drop-down list box. The default setting is Auto. Data Encryption Select Disable to allow wireless stations to communicate with the access points without any data encryption. Select 64-bit WEP, 128-bit WEP or 152-bit WEP to enable data encryption.
Chapter 7 Wireless Security Screen Figure 34 Security: 802.1x Only for Access Point The following table describes the labels in this screen. Table 17 Security: 802.1x Only for Access Point LABEL DESCRIPTION Security Mode Choose 802.1x Only in this field. ReAuthentication Time Specify how often wireless stations have to resend user names and passwords in order to stay connected. Enter a time interval between 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes).
Chapter 7 Wireless Security Screen Figure 35 Security: 802.1x Only for Wireless Client The following table describes the labels in this screen. Table 18 Security: 802.1x Only for Wireless Client LABEL DESCRIPTION Security Mode Choose the same security mode used by the AP. Data Encryption Select between None and Dynamic WEP. Refer to Section on page 161 for information on using Dynamic WEP. IEEE802.1x Authentication EAP Type The options on the left refer to EAP methods.
Chapter 7 Wireless Security Screen Figure 36 Security: 802.1x Static 64-bit, 802.1x Static 128-bit (AP mode) The following table describes the labels in this screen. Table 19 Security: 802.1x Static 64-bit, 802.1x Static 128-bit LABEL DESCRIPTION Security Mode Choose 802.1x Static 64 or 802.1x Static 128 in this field. Passphrase Enter the passphrase or string of text used for automatic WEP key generation on wireless client adapters (AP mode).
Chapter 7 Wireless Security Screen Table 19 Security: 802.1x Static 64-bit, 802.1x Static 128-bit LABEL DESCRIPTION Group-Key Update The ZyXEL Device automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the user name and password again before access to the wired network is allowed. The default time interval is 3600 seconds (or 1 hour). Apply Click Apply to save your changes.
Chapter 7 Wireless Security Screen Table 20 Security: WPA for Access Point LABEL DESCRIPTION Group Key Update The Group Key Update Timer is the rate at which the AP sends a new group key out to all clients. The re-keying process is the WPA equivalent of automatically changing the group key for an AP and all stations in a WLAN on a periodic basis. Setting of the Group Key Update Timer is also supported in WPA-PSK mode. The ZyXEL Device default is 3800 seconds (or 1 hour).
Chapter 7 Wireless Security Screen Table 21 Security: WPA for Wireless Client LABEL DESCRIPTION Apply Click Apply to save your changes. Reset Click Reset to begin configuring this screen afresh. 7.4.5 Security: WPA2 or WPA2-MIX This screen varies depending on whether you select Access Point or Wireless Client in the Wireless > Wireless Settings screen. 7.4.5.1 Access Point Use this screen to use WAP2 or WPA2-MIX as the security mode for your ZyXEL Device that is in Access Point operating mode.
Chapter 7 Wireless Security Screen Table 22 Security: WPA2 or WPA2-MIX for Access Point LABEL DESCRIPTIONS Apply Click Apply to save your changes. Reset Click Reset to begin configuring this screen afresh. 7.4.5.2 Wireless Client Use this screen to employ WPA2 or WPA2-MIX as the security mode of your ZyXEL Device that is in Wireless Client operating mode. Select WPA2 or WPA2-MIX in the Security Mode field to display the following screen.
Chapter 7 Wireless Security Screen 7.4.6 Security: WPA-PSK, WPA2-PSK, WPA2-PSK-MIX Use this screen to employ WPA-PSK, WPA2-PSK or WPA2-PSK-MIX as the security mode of your ZyXEL Device. Select WPA-PSK, WPA2-PSK or WPA2-PSK-MIX in the Security Mode field to display the following screen.
Chapter 7 Wireless Security Screen 88 ZyXEL NWA-1100 User’s Guide
CHAPTER 8 RADIUS Screen 8.1 Overview This chapter describes how you can use the Wireless > RADIUS screen. Remote Authentication Dial In User Service (RADIUS) is a protocol that can be used to manage user access to large networks. It is based on a client-server model that supports authentication, authorization and accounting. The access point is the client and the server is the RADIUS server.
Chapter 8 RADIUS Screen • Accounting which keeps track of the client’s network activity. RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server. You should know the IP addresses, ports and share secrets of the external RADIUS server and/ or the external RADIUS accounting server you want to use with your ZyXEL Device. You can configure a primary and backup RADIUS and RADIUS accounting server for your ZyXEL Device. 8.
Chapter 8 RADIUS Screen Table 25 Wireless > RADIUS LABEL DESCRIPTION RADIUS Server Port Enter the port number of the external authentication server. The default port number is 1812. You need not change this value unless your network administrator instructs you to do so. This field is not available when you select Internal. Share Secret Enter a password (up to 128 alphanumeric characters) as the key to be shared between the external authentication server and the ZyXEL Device.
Chapter 8 RADIUS Screen 92 ZyXEL NWA-1100 User’s Guide
CHAPTER 9 MAC Filter Screen 9.1 Overview This chapter discusses how you can use the Wireless > MAC Filter screen. The MAC filter function allows you to configure the ZyXEL Device to grant access to the ZyxEL Device from other wireless devices (Allow Association) or exclude devices from accessing the ZyXEL Device (Deny Association).
Chapter 9 MAC Filter Screen 9.4 MAC Filter Screen Use this screen to enable MAC address filtering in your ZyXEL Device.You can specify up to 64 MAC addresses to either allow or deny association with your ZyXEL Device. Click Wireless > MAC Filter. The screen displays as shown. Figure 45 Wireless > MAC Filter The following table describes the labels in this screen. Table 26 Wireless > MAC Filter 94 LABEL DESCRIPTION Active Click this to enable this feature.
Chapter 9 MAC Filter Screen Table 26 Wireless > MAC Filter LABEL DESCRIPTION Apply Click Apply to save your changes. Reset Click Reset to begin configuring this screen afresh.
Chapter 9 MAC Filter Screen 96 ZyXEL NWA-1100 User’s Guide
CHAPTER 10 IP Screen 10.1 Overview This chapter describes how you can configure the IP address of your ZyXEL Device. The Internet Protocol (IP) address identifies a device on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts. Figure 46 IP Setup The figure above illustrates one possible setup of your ZyXEL Device. The gateway IP address is 192.168.1.
Chapter 10 IP Screen 10.4 IP Screen Use this screen to configure the IP address for your ZyXEL Device. Click IP to display the following screen. Figure 47 IP Setup The following table describes the labels in this screen. Table 27 IP Setup LABEL DESCRIPTION IP Address Assignment Get automatically from DHCP Select this option if your ZyXEL Device is using a dynamically assigned IP address from a DHCP server each time.
Chapter 10 IP Screen 10.5 Technical Reference This section provides the technical background information about the topics covered in this chapter. 10.5.1 WAN IP Address Assignment Every computer on the Internet must have a unique IP address. If your networks are isolated from the Internet (only between your two branch offices, for instance) you can assign any IP addresses to the hosts without problems.
Chapter 10 IP Screen 100 ZyXEL NWA-1100 User’s Guide
CHAPTER 11 Remote Management 11.1 Overview This chapter shows you how to enable remote management of your ZyXEL Device. It provides information on determining which services or protocols can access which of the ZyXEL Device’s interfaces. Remote Management allows a user to administrate the device over the network.
Chapter 11 Remote Management 11.2 What You Can Do in the Remote Management Screens • Use the Telnet screen (see Section 11.4 on page 104) to configure through which interface(s) and from which IP address(es) you can use Telnet to manage the ZyXEL Device. A Telnet connection is prioritized by the ZyXEL Device over other remote management sessions. • Use the FTP screen (see Section 11.
Chapter 11 Remote Management Figure 49 SNMP Management Mode An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the ZyXEL Device). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions.
Chapter 11 Remote Management 11.4 The Telnet Screen Use this screen to configure your ZyXEL Device for remote Telnet access. You can use Telnet to access the ZyXEL Device’s Command Line Interface (CLI). Click REMOTE MGNT > TELNET. The following screen displays. Figure 50 Remote Management: Telnet The following table describes the labels in this screen.
Chapter 11 Remote Management Figure 51 Remote Management: FTP The following table describes the labels in this screen. Table 30 Remote Management: FTP LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Server Access Select the interface(s) through which a computer may access the ZyXEL Device using this service.
Chapter 11 Remote Management Figure 52 Remote Management: WWW The following table describes the labels in this screen. Table 31 Remote Management: WWW LABEL DESCRIPTION WWW Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Server Access Select the interface(s) through which a computer may access the ZyXEL Device using this service.
Chapter 11 Remote Management Figure 53 Remote Management: SNMP The following table describes the labels in this screen. Table 32 Remote Management: SNMP LABEL DESCRIPTION SNMP Configuration Get Community Enter the Get Community, which is the password for the incoming Get and GetNext requests from the management station. The default is public and allows all requests. Set Community Enter the Set community, which is the password for incoming Set requests from the management station.
Chapter 11 Remote Management Table 32 Remote Management: SNMP LABEL DESCRIPTION Secured Client MAC Address Select All to allow any computer to access the ZyXEL Device using this service. Choose Selected to just allow the computer with the MAC address that you specify to access the ZyXEL Device using this service. Apply Click Apply to save your customized settings and exit this screen. Reset Click Reset to begin configuring this screen afresh. 11.
Chapter 11 Remote Management Table 33 SNMP Traps OBJECT IDENTIFIER # (OID) TRAP NAME DESCRIPTION warmStart 1.3.6.1.6.3.1.1.5.2 This trap is sent after booting (software reboot). This trap is defined in RFC-1215. linkDown 1.3.6.1.6.3.1.1.5.3 This trap is sent when the Ethernet link is down. linkUp 1.3.6.1.6.3.1.1.5.4 This trap is sent when the Ethernet link is up. authenticationFailure (defined in RFC-1215) 1.3.6.1.6.3.1.1.5.
Chapter 11 Remote Management 110 ZyXEL NWA-1100 User’s Guide
CHAPTER 12 Certificate Screen 12.1 Overview This chapter describes how your ZyXEL Device can use certificates as a means of authenticating wireless clients. It gives background information about public-key certificates and explains how to use them. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication.
Chapter 12 Certificate Screen 12.4 Certificate Screen Use this screen to view, delete and import certificates. Click CERTIFICATE to open the ZyXEL Device’s summary list of certificates and to import a new certificate. See the following figure. Figure 55 Certificate The following table describes the labels in this screen. Table 35 Certificate LABEL DESCRIPTION Delete Certificate You can delete a certificate Select the certificate from the list that you want to delete.
Chapter 12 Certificate Screen 12.5.1 Private-Public Certificates When using public-key cryptology for authentication, each host has two keys. One key is public and can be made openly available. The other key is private and must be kept secure. These keys work like a handwritten signature (in fact, certificates are often referred to as “digital signatures”). Only you can write your signature exactly as it should look.
Chapter 12 Certificate Screen 3 Double-click the certificate’s icon to open the Certificate window. Click the Details tab and scroll down to the Thumbprint Algorithm and Thumbprint fields. Figure 57 Certificate Details 4 Use a secure method to verify that the certificate owner has the same information in the Thumbprint Algorithm and Thumbprint fields. The secure method may vary according to your situation. Possible examples would be over the telephone or through an HTTPS connection.
CHAPTER 13 Log Screens 13.1 Overview This chapter provides information on viewing and generating logs on your ZyXEL Device. Logs are files that contain recorded network activity over a set period. They are used by administrators to monitor the health of the system(s) they are managing. Logs enable administrators to effectively monitor events, errors, progress, etc. so that when network problems or system failures occur, the cause or origin can be traced.
Chapter 13 Log Screens 13.3 What You Need To Know About Logs Alerts and Logs An alert is a type of log that warrants more serious attention. Some categories such as System Errors consist of both logs and alerts. You can differentiate them by their color in the View Log screen. Alerts are displayed in red and logs are displayed in black.
Chapter 13 Log Screens 13.5 Log Settings Screen Use this screen to configure to where and when the ZyXEL Device is to send the logs and which logs and/or immediate alerts it is to send. To change your ZyXEL Device’s log settings, click LOGS > Log Settings. The screen appears as shown. Figure 60 Log Settings The following table describes the labels in this screen.
Chapter 13 Log Screens Table 37 Log Settings LABEL DESCRIPTION User Name If your e-mail account requires SMTP authentication, enter the username here. Password Enter the password associated with the above username. Syslog Logging Syslog logging sends a log to an external syslog server used to store logs. Active Click Active to enable syslog logging. Syslog IP Address Enter the IP address of the syslog server that will log the selected categories of logs.
Chapter 13 Log Screens 13.6.1 Example Log Messages The following tables provide descriptions of some example log messages that the ZyXEL Device generates. Table 38 System Maintenance Logs LOG MESSAGE DESCRIPTION WLAN: Radar interference 2412 MHz. Wireless driver receives radar pulse at center frequency 2412 MHz. WLAN: CW interference 2412 MHz. Wireless driver receives noise interference pulse at center frequency 2412 MHz. WLAN service started. Wireless port ath0 started. WLAN service stopped.
Chapter 13 Log Screens Use sys logs category followed by a log category and a parameter to decide what to record Table 39 Log Categories and Available Settings LOG CATEGORIES AVAILABLE PARAMETERS error 0, 1, 2, 3 mten 0, 1 Use 0 to not record logs for that category, 1 to record only logs for that category, 2 to record only alerts for that category, and 3 to record both logs and alerts for that category.
CHAPTER 14 Maintenance 14.1 Overview This chapter describes the maintenance screens. It discusses how you can view the association list and channel usage, upload new firmware, manage configuration and restart your ZyXEL Device without turning it off and on. 14.2 What You Can Do in the Maintenance Screens • Use the Association List screen (see Section 14.4 on page 121) to view the wireless stations that are currently associated with the ZyXEL Device. • Use the Channel Usage screen (see Section 14.
Chapter 14 Maintenance Figure 61 Association List The following table describes the labels in this screen. Table 41 Association List LABEL DESCRIPTION # This is the index number of an associated wireless station. MAC Address This field displays the MAC address of an associated wireless station. IP Address This identifies the individual devices on a network. Association Time This field displays the time a wireless station first associated with the ZyXEL Device.
Chapter 14 Maintenance The following table describes the labels in this screen. Table 42 Channel Usage LABEL DESCRIPTION SSID This is the Service Set IDentification name of the AP in an Infrastructure wireless network or wireless station in an Ad-Hoc wireless network. For our purposes, we define an Infrastructure network as a wireless network that uses an AP and an Ad-Hoc network (also known as Independent Basic Service Set (IBSS)) as one that doesn’t.
Chapter 14 Maintenance 1 Do not turn off the ZyXEL Device while firmware upload is in progress! After you see the Firmware Upload in Process screen, wait two minutes before logging into the ZyXEL Device again. Figure 64 Firmware Upload In Process The ZyXEL Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop.
Chapter 14 Maintenance Figure 67 Configuration 14.7.1 Backup Configuration Backup configuration allows you to back up (save) the ZyXEL Device’s current configuration to a file on your computer. Once your ZyXEL Device is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes. The backup configuration file will be useful in case you need to return to your previous settings.
Chapter 14 Maintenance After you see a “restore configuration successful” screen, you must then wait one minute before logging into the ZyXEL Device again. Figure 68 Configuration Upload Successful The ZyXEL Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop.
Chapter 14 Maintenance Figure 71 Reset Warning Message You can also press the RESET button to reset your ZyXEL Device to its factory default settings. Refer to Section 2.2 on page 36 for more information. 14.8 Restart Screen Use this screen to reboot the ZyXEL Device without turning the power off. Click Maintenance > Restart. The following screen displays. Figure 72 Restart Screen Click Restart to have the ZyXEL Device reboot. This does not affect the ZyXEL Device's configuration.
Chapter 14 Maintenance 128 ZyXEL NWA-1100 User’s Guide
CHAPTER 15 Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • ZyXEL Device Access and Login • Internet Access 15.1 Power, Hardware Connections, and LEDs V The ZyXEL Device does not turn on. None of the LEDs turn on. 1 Make sure you are using the power adaptor or cord included with the ZyXEL Device.
Chapter 15 Troubleshooting 1 The default IP address is 192.168.1.2. 2 If you changed the IP address and have forgotten it, you might get the IP address of the ZyXEL Device by looking up the IP address of the default gateway for your computer. To do this in most Windows computers, click Start > Run, enter “cmd”, and then enter “ipconfig”. The IP address of the Default Gateway might be the IP address of the ZyXEL Device (it depends on the network), so enter this IP address in your Internet browser.
Chapter 15 Troubleshooting V I can see the Login screen, but I cannot log in to the ZyXEL Device. 1 Make sure you have entered the user name and password correctly. The default password is 1234. This fields are case-sensitive, so make sure [Caps Lock] is not on. 2 You cannot log in to the web configurator while someone is using the Telnet to access the ZyXEL Device. Log out of the ZyXEL Device in the other session, or ask the person who is logged in to log out.
Chapter 15 Troubleshooting 3 If the problem continues, contact your ISP or network administrator. V The Internet connection is slow or intermittent. 1 There might be a lot of traffic on the network. Look at the LEDs, and check Section 1.7 on page 32. If the ZyXEL Device is sending or receiving a lot of information, try closing some programs that use the Internet, especially peer-to-peer applications. 2 Check the signal strength.
P ART III Appendices and Index Product Specifications (135) Power over Ethernet (PoE) Specifications (137) Power Adaptor Specifications (139) Setting up Your Computer’s IP Address (141) Wireless LANs (153) Pop-up Windows, JavaScripts and Java Permissions (167) IP Addresses and Subnetting (173) Text File Based Auto Configuration (181) How to Access and Use the CLI (187) Legal Information (191) Customer Support (195) Index (201) 133
APPENDIX A Product Specifications The following tables summarize the ZyXEL Device’s hardware and firmware features. Table 45 Hardware Specifications Power Specification 12 V DC, 1 A Reset button Returns all settings to their factory defaults. Ethernet Port • • Auto-negotiating: 10 Mbps or 100 Mbps in either half-duplex or fullduplex mode. Auto-crossover: Use either crossover or straight-through Ethernet cables. Power over Ethernet (PoE) IEEE 802.3af compliant.
Appendix A Product Specifications Table 46 Firmware Specifications 136 SSL Passthrough SSL (Secure Sockets Layer) uses a public key to encrypt data that's transmitted over an SSL connection. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with “https” instead of “http”.
APPENDIX B Power over Ethernet (PoE) Specifications You can use a power over Ethernet injector to power this device. The injector must comply to IEEE 802.3af.-7 Table 47 Power over Ethernet Injector Specifications Power Output 15.
Appendix B Power over Ethernet (PoE) Specifications 138 ZyXEL NWA-1100 User’s Guide
APPENDIX C Power Adaptor Specifications Table 49 North American Plug Standards AC Power Adaptor Model ADS6818-1812-W 1215 Input Power 100~240 Volts AC, 50~60 Hz, 0.5 A Output Power 12 Volts DC, 1.5A, 18W Power Consumption 6 W Max Safety Standards UL, CUL (UL60950 Third Edition, CSA C22.2 No. 60950) Table 50 European Plug Standards AC Power Adaptor Model ADS6818-1812-B 1215 Input Power 100~240 Volts AC, 50~60 Hz, 0.5 A Output Power 12 Volts DC, 1.
Appendix C Power Adaptor Specifications 140 ZyXEL NWA-1100 User’s Guide
APPENDIX D Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer. Windows 3.1 requires the purchase of a third-party TCP/IP application package.
Appendix D Setting up Your Computer’s IP Address Figure 73 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add. 2 Select Adapter and then click Add. 3 Select the manufacturer and model of your network adapter and then click OK.
Appendix D Setting up Your Computer’s IP Address Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • If your IP address is dynamic, select Obtain an IP address automatically. • If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields. Figure 74 Windows 95/98/Me: TCP/IP Properties: IP Address 3 Click the DNS Configuration tab.
Appendix D Setting up Your Computer’s IP Address Figure 75 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window. 6 Click OK to close the Network window. Insert the Windows CD if prompted. 7 Turn on your ZyXEL Device and restart your computer when prompted.
Appendix D Setting up Your Computer’s IP Address Figure 76 Windows XP: Start Menu 2 For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Figure 77 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties.
Appendix D Setting up Your Computer’s IP Address Figure 78 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. Figure 79 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). • If you have a dynamic IP address click Obtain an IP address automatically.
Appendix D Setting up Your Computer’s IP Address Figure 80 Windows XP: Advanced TCP/IP Settings 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: • In the IP Settings tab, in IP addresses, click Add. • In TCP/IP Address, type an IP address in IP address and a subnet mask in Subnet mask, and then click Add.
Appendix D Setting up Your Computer’s IP Address Figure 81 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click OK to close the Local Area Connection Properties window. 10 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings 1 Click Start, All Programs, Accessories and then Command Prompt. 2 In the Command Prompt window, type "ipconfig" and then press [ENTER].
Appendix D Setting up Your Computer’s IP Address Figure 82 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 83 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: • From the Configure box, select Manually.
Appendix D Setting up Your Computer’s IP Address • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. 5 Close the TCP/IP Control Panel. 6 Click Save if prompted, to save changes to your configuration. 7 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the TCP/IP Control Panel window.
Appendix D Setting up Your Computer’s IP Address Figure 85 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. 5 Click Apply Now and close the window. 6 Turn on your ZyXEL Device and restart your computer (if prompted).
Appendix D Setting up Your Computer’s IP Address 152 ZyXEL NWA-1100 User’s Guide
APPENDIX E Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS).
Appendix E Wireless LANs Figure 87 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood.
Appendix E Wireless LANs Figure 88 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference. Interference occurs when radio signals from different access points overlap causing interference and degrading performance.
Appendix E Wireless LANs Figure 89 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations. RTS/CTS is designed to prevent collisions due to hidden nodes.
Appendix E Wireless LANs Fragmentation Threshold A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes) that can be sent in the wireless network before the AP will fragment the packet into smaller data frames. A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference.
Appendix E Wireless LANs Wireless Security Overview Wireless security is vital to your network to protect wireless communication between wireless clients, access points and the wired network. Wireless security methods available on the ZyXEL Device are data encryption, wireless client authentication, restricting access by device MAC address and hiding the ZyXEL Device identity. The following figure shows the relative effectiveness of these wireless security methods available on your ZyXEL Device.
Appendix E Wireless LANs RADIUS RADIUS is based on a client-server model that supports authentication, authorization and accounting. The access point is the client and the server is the RADIUS server. The RADIUS server handles the following tasks: • Authentication Determines the identity of the users. • Authorization Determines the network services available to authenticated users once they are connected to the network. • Accounting Keeps track of the client’s network activity.
Appendix E Wireless LANs EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication. The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that supports IEEE 802.1x. .
Appendix E Wireless LANs LEAP LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x. Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed. If this feature is enabled, it is not necessary to configure a default encryption key in the Wireless screen.
Appendix E Wireless LANs If both an AP and the wireless clients support WPA2 and you have an external RADIUS server, use WPA2 for stronger data encryption. If you don't have an external RADIUS server, you should use WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client. As long as the passwords match, a wireless client will be granted access to a WLAN.
Appendix E Wireless LANs User Authentication WPA and WPA2 apply IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients using an external RADIUS database. WPA2 reduces the number of key exchange messages from six to four (CCMP 4-way handshake) and shortens the time required to connect to a network. Other WPA2 authentication features that are different from WPA include key caching and pre-authentication.
Appendix E Wireless LANs Figure 90 WPA(2) with RADIUS Application Example WPA(2)-PSK Application Example A WPA(2)-PSK application looks as follows. 1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters or 64 hexadecimal characters (including spaces and symbols). 2 The AP checks each wireless client's password and (only) allows it to join the network if the password matches.
Appendix E Wireless LANs Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. MAC address filters are not dependent on how you configure these security features. Table 56 Wireless Security Relational Matrix AUTHENTICATION ENCRYPTIO METHOD/ KEY MANAGEMENT PROTOCOL N METHOD ENTER MANUAL KEY IEEE 802.
Appendix E Wireless LANs Antenna Gain Antenna gain, measured in dB (decibel), is the increase in coverage within the RF beam width. Higher antenna gain improves the range of the signal for better communications. For an indoor site, each 1 dB increase in antenna gain results in a range increase of approximately 2.5%. For an unobstructed outdoor site, each 1dB increase in gain results in a range increase of approximately 5%. Actual results may vary depending on the network environment.
APPENDIX F Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). " Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary. Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device.
Appendix F Pop-up Windows, JavaScripts and Java Permissions 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 93 Internet Options: Privacy 3 Click Apply to save this setting. Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab.
Appendix F Pop-up Windows, JavaScripts and Java Permissions Figure 94 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites.
Appendix F Pop-up Windows, JavaScripts and Java Permissions 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. 1 In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 96 Internet Options: Security 2 3 4 5 6 170 Click the Custom Level... button. Scroll down to Scripting.
Appendix F Pop-up Windows, JavaScripts and Java Permissions Figure 97 Security Settings - Java Scripting Java Permissions 1 2 3 4 5 From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM. Under Java permissions make sure that a safety level is selected. Click OK to close the window.
Appendix F Pop-up Windows, JavaScripts and Java Permissions JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for
APPENDIX G IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts. Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks.
Appendix G IP Addresses and Subnetting Figure 100 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation). The term “subnet” is short for “subnetwork”. A subnet mask has 32 bits.
Appendix G IP Addresses and Subnetting Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Table 58 Subnet Masks BINARY DECIMAL 1ST OCTET 2ND OCTET 3RD OCTET 4TH OCTET 8-bit mask 11111111 00000000 00000000 00000000 255.0.0.0 16-bit mask 11111111 11111111 00000000 00000000 255.255.0.0 24-bit mask 11111111 11111111 11111111 00000000 255.255.255.
Appendix G IP Addresses and Subnetting Table 60 Alternative Subnet Mask Notation (continued) SUBNET MASK ALTERNATIVE NOTATION LAST OCTET (BINARY) LAST OCTET (DECIMAL) 255.255.255.192 /26 1100 0000 192 255.255.255.224 /27 1110 0000 224 255.255.255.240 /28 1111 0000 240 255.255.255.248 /29 1111 1000 248 255.255.255.252 /30 1111 1100 252 Subnetting You can use subnetting to divide one network into multiple sub-networks.
Appendix G IP Addresses and Subnetting Figure 102 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 27 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address). 192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127 with mask 255.255.255.128 is its broadcast address.
Appendix G IP Addresses and Subnetting Table 62 Subnet 2 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 64 IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.64 Lowest Host ID: 192.168.1.65 Broadcast Address: 192.168.1.127 Highest Host ID: 192.168.1.126 Table 63 Subnet 3 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1.
Appendix G IP Addresses and Subnetting Table 65 Eight Subnets (continued) SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS 5 128 129 158 159 6 160 161 190 191 7 192 193 222 223 8 224 225 254 255 Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 66 24-bit Network Number Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 1 255.255.255.128 (/25) 2 126 2 255.
Appendix G IP Addresses and Subnetting Table 67 16-bit Network Number Subnet Planning (continued) NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 14 255.255.255.252 (/30) 16384 2 15 255.255.255.254 (/31) 32768 1 Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
APPENDIX H Text File Based Auto Configuration This chapter describes how administrators can use text configuration files to configure the wireless LAN settings for multiple APs. Text File Based Auto Configuration Overview You can use plain text configuration files to configure the wireless LAN settings on multiple APs. The AP can automatically get a configuration file from a TFTP server at startup or after renewing DHCP client information.
Appendix H Text File Based Auto Configuration " If adjacent APs use the same configuration file, you should leave out the channel setting since they could interfere with each other’s wireless traffic. Auto Configuration by DHCP A DHCP response can use options 66 and 67 to assign a TFTP server IP address and a filename. If the AP is configured as a DHCP client, these settings can be used to perform auto configuration.
Appendix H Text File Based Auto Configuration Troubleshooting Via SNMP If you have any difficulties with the configuration file upload, you can try using the following MIB 10 to 20 seconds after using SNMP to have the AP download the configuration file. Table 71 Displaying the File Version ITEM OBJECT ID DESCRIPTION pwTftpOpStatus 1.3.6.1.4.1.890.1.9.1.6 This displays the current operating status of the TFTP client.
Appendix H Text File Based Auto Configuration You can zip each configuration file. You must use the store compression method and a .zip file extension. When zipping a configuration file, you can also add password protection using the same password that you use to log into the AP. Wcfg Command Configuration File Examples These example configuration files use the wcfg command to configure security and SSID profiles.
Appendix H Text File Based Auto Configuration Figure 107 WPA-PSK Configuration File Example !#ZYXEL PROWLAN !#VERSION 13 wcfg security 3 name Test-wpapsk wcfg security 3 mode wpapsk wcfg security 3 passphrase qwertyuiop wcfg security 3 reauthtime 1800 wcfg security 3 idletime 3600 wcfg security 3 groupkeytime 1800 wcfg security save wcfg ssid 3 name ssid-wpapsk wcfg ssid 3 security Test-wpapsk wcfg ssid 3 qos 4 wcfg ssid 3 l2siolation disable wcfg ssid 3 macfilter disable wcfg ssid save Figure 108 WPA Conf
Appendix H Text File Based Auto Configuration !#ZYXEL PROWLAN !#VERSION 15 wcfg ssid 1 name ssid-wep wcfg ssid 1 security Test-wep wcfg ssid 2 name ssid-8021x wcfg ssid 2 security Test-8021x wcfg ssid 2 radius radius-rd wcfg ssid 3 name ssid-wpapsk wcfg ssid 3 security Test-wpapsk wcfg ssid 4 name ssid-wpa2psk wcfg ssid 4 security Test-wpa2psk wcfg ssid save !line starting with '!' is comment !change to channel 8 wlan chid 8 !change operating mode -> AP mode, !then select ssid-wep as running WLAN profile w
APPENDIX I How to Access and Use the CLI This chapter introduces the command line interface (CLI). Accessing the CLI Use Telnet to access the CLI. 1 Connect your computer to one of the Ethernet ports. 2 Open a Telnet session to the ZyXEL Device’s IP address. If this is your first login, use the default values. Table 73 Default Management IP Address SETTING DEFAULT VALUE IP Address 192.168.1.1 Subnet Mask 255.255.255.
Appendix I How to Access and Use the CLI Command Conventions Command descriptions follow these conventions: • Commands are in courier new font. • Required input values are in angle brackets <>; for example, ping means that you must specify an IP address for this command. • Optional fields are in square brackets []; for instance in the show logins [name]command, the name field is optional.
Appendix I How to Access and Use the CLI Copy and Paste Commands You can copy and paste commands directly from this document into your terminal emulation console window (such as HyperTerminal). Use right-click (not [CTRL]-[V]) to paste your command into the console window as shown next. Using Shortcuts and Getting Help This table identifies some shortcuts in the CLI, as well as how to get help.
Appendix I How to Access and Use the CLI Saving Your Configuration In the ZyXEL Device some commands are saved as you run them and others require you to run a save command. See the related section of this guide to see if a save command is required. " Unsaved configuration changes are lost once you restart the ZyXEL Device Logging Out Use the exit command to log out of the CLI.
APPENDIX J Legal Information Copyright Copyright © 2007 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
Appendix J Legal Information If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures: 1 Reorient or relocate the receiving antenna. 2 Increase the separation between the equipment and the receiver. 3 Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
Appendix J Legal Information 3 Select the certification you wish to view from this page. ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase.
Appendix J Legal Information 194 ZyXEL NWA-1100 User’s Guide
APPENDIX K Customer Support In the event of problems that cannot be solved by using this manual, you should contact your vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in which you bought the device. Regional offices are listed below (see also http:// www.zyxel.com/web/contact_us.php). Please have the following information ready when you contact an office. Required Information • • • • Product model and serial number. Warranty Information.
Appendix K Customer Support • Address: 1005F, ShengGao International Tower, No.137 XianXia Rd., Shanghai • Web: http://www.zyxel.cn Costa Rica • • • • • • Support E-mail: soporte@zyxel.co.cr Sales E-mail: sales@zyxel.co.cr Telephone: +506-2017878 Fax: +506-2015098 Web: www.zyxel.co.cr Regular Mail: ZyXEL Costa Rica, Plaza Roble Escazú, Etapa El Patio, Tercer Piso, San José, Costa Rica Czech Republic • • • • • E-mail: info@cz.zyxel.com Telephone: +420-241-091-350 Fax: +420-241-091-359 Web: www.zyxel.
Appendix K Customer Support Germany • • • • • • Support E-mail: support@zyxel.de Sales E-mail: sales@zyxel.de Telephone: +49-2405-6909-69 Fax: +49-2405-6909-99 Web: www.zyxel.de Regular Mail: ZyXEL Deutschland GmbH., Adenauerstr. 20/A2 D-52146, Wuerselen, Germany Hungary • • • • • • Support E-mail: support@zyxel.hu Sales E-mail: info@zyxel.hu Telephone: +36-1-3361649 Fax: +36-1-3259100 Web: www.zyxel.hu Regular Mail: ZyXEL Hungary, 48, Zoldlomb Str.
Appendix K Customer Support Malaysia • • • • • • Support E-mail: support@zyxel.com.my Sales E-mail: sales@zyxel.com.my Telephone: +603-8076-9933 Fax: +603-8076-9833 Web: http://www.zyxel.com.my Regular Mail: ZyXEL Malaysia Sdn Bhd., 1-02 & 1-03, Jalan Kenari 17F, Bandar Puchong Jaya, 47100 Puchong, Selangor Darul Ehsan, Malaysia North America • • • • • • • Support E-mail: support@zyxel.com Support Telephone: +1-800-978-7222 Sales E-mail: sales@zyxel.
Appendix K Customer Support Singapore • • • • • • Support E-mail: support@zyxel.com.sg Sales E-mail: sales@zyxel.com.sg Telephone: +65-6899-6678 Fax: +65-6899-8887 Web: http://www.zyxel.com.sg Regular Mail: ZyXEL Singapore Pte Ltd., No. 2 International Business Park, The Strategy #03-28, Singapore 609930 Spain • • • • • • Support E-mail: support@zyxel.es Sales E-mail: sales@zyxel.es Telephone: +34-902-195-420 Fax: +34-913-005-345 Web: www.zyxel.
Appendix K Customer Support Turkey • • • • • Support E-mail: cso@zyxel.com.tr Telephone: +90 212 222 55 22 Fax: +90-212-220-2526 Web: http:www.zyxel.com.tr Address: Kaptanpasa Mahallesi Piyalepasa Bulvari Ortadogu Plaza N:14/13 K:6 Okmeydani/Sisli Istanbul/Turkey Ukraine • • • • • • Support E-mail: support@ua.zyxel.com Sales E-mail: sales@ua.zyxel.com Telephone: +380-44-247-69-78 Fax: +380-44-494-49-32 Web: www.ua.zyxel.com Regular Mail: ZyXEL Ukraine, 13, Pimonenko Str.
Index Index Numbers C 802.1x-Only 76 802.1x-Static128 76 802.1x-Static64 76 CA 160 Certificate authentication 111 file format 111 Certificate Authority See CA.
Index Domain Name Server (DNS) 53 DS 62 DTIM Interval 64 Dynamic WEP key exchange 161 E EAP 77 EAP authentication 159 Enable Antenna Diversity 67, 70 Enable Spanning Tree Control (STP) 67 Enable Spanning Tree Protocol(STP) 70 Encryption 77, 79, 81, 84, 161, 162 ESS 62, 154 Ethernet device 93 Ethernet Port 135 Extended Service Set 62 see ESS Extensible Authentication Protocol 77 F Factory Defaults 126 restoring 36 FCC interference statement 191 File Version 182 Firmware 121 Firmware, uploading via web con
Index Blinking 33 ETHERNET 33 Flashing 32 Off 32 On 32 SYS 32 WLAN 32 legacy authentication methods 160 Lightweight Extensible Authentication Protocol 77 Log Commands 119 Log Messages 119 Log Screens 115 Login 187 Logs accessing logs 115 Command List 120 displaying logs 120 receiving logs via e-mail 116 Logs Screen Mail Server 117 Mail Subject 117 Send Log to 117 Syslog 118 Logs, Uses of 115 loss of messages 156 M MAC Address Clone 67 MAC Filter Allow Association 93 Deny Association 93 MAC Filter Screen 9
Index Authentication 89 Authorization 89 message types 159 messages 159 shared secret key 159 RADIUS Screen 89 Accounting Server 91 Accounting Server IP Address 91 Accounting Server Port 91 Backup 90 Primary 90 Server IP Address 90 Server Port 91 Share Secret 91 RADIUS server 76 Rates Configuration 65, 67, 69 registration product 193 Related documentation 3 Remote Authentication Dial In User Service 89 remote management 31 remote management limitations 102 Reset button 135 Rijndael 162 RJ-45 Port Pin Assig
Index T telnet 104 Telnet (accessing the CLI) 187 Temperature 135 Temporal Key Integrity Protocol 77 Temporal Key Integrity Protocol (TKIP) 162 Text file based auto configuration 136, 181 TFTP restrictions 103 Thumbprint Algorithm 114 Time Servers List 58 timeout 31 TKIP 77 TLS 77 Tracing 136 Trademarks 191 Transport Layer Security 77 Troubleshooting 129 connection is slow or intermittent 132 DHCP 130 factory defaults 131 firmware 131 Internet 131 LAN/ETHERNET port 130 QoS 132 WAN port 130 Web Configurator
Index pre-authentication 163 user authentication 163 vs WPA-PSK 162 wireless client supplicant 163 with RADIUS application example 163 WPA capability to Windows XP 163 WPA2 76, 161 user authentication 163 vs WPA2-PSK 162 wireless client supplicant 163 with RADIUS application example 163 WPA2-MIX 76 WPA2-Pre-Shared Key 162 WPA2-PSK 162 application example 164 WPA2-PSK-MIX 77 WPA-PSK 162 application example 164 Z ZyXEL Device Ethernet parameters 97 good habits 31 Introduction 25 managing 30 resetting 36, 12
