NWA5120 Series 802.11 a/b/g/n Unified Access Point Version 2.25 Edition 1, 01/2013 Quick Start Guide User’s Guide Default Login Details LAN IP Address http://192.168.1.2 User Name www.zyxel.
IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. This is a User’s Guide for a series of products. Not all products support all firmware features. Screenshots and graphics in this book may differ slightly from your product due to differences in your product firmware or your computer operating system. Every effort has been made to ensure that the information in this manual is accurate.
Contents Overview Contents Overview User’s Guide ....................................................................................................................................... 11 Introduction .............................................................................................................................................13 The Web Configurator .............................................................................................................................
Contents Overview 4 NWA5120 Series User’s Guide
Table of Contents Table of Contents Contents Overview ..............................................................................................................................3 Table of Contents .................................................................................................................................5 Part I: User’s Guide ......................................................................................... 11 Chapter 1 Introduction...........................................
Table of Contents 3.2.2 Memory Usage ........................................................................................................................37 Chapter 4 Monitor.................................................................................................................................................39 4.1 Overview ...........................................................................................................................................39 4.1.
Table of Contents Chapter 8 AP Profile.............................................................................................................................................73 8.1 Overview ...........................................................................................................................................73 8.1.1 What You Can Do in this Chapter ............................................................................................73 8.1.2 What You Need To Know .............
Table of Contents 11.3.2 Time Server Synchronization ............................................................................................... 116 11.4 WWW Overview ............................................................................................................................ 118 11.4.1 Service Access Limitations .................................................................................................. 118 11.4.2 System Timeout ....................................................
Table of Contents Chapter 14 Diagnostics .......................................................................................................................................163 14.1 Overview .......................................................................................................................................163 14.1.1 What You Can Do in this Chapter ........................................................................................163 14.2 Diagnostics ..............................
Table of Contents 10 NWA5120 Series User’s Guide
P ART I User’s Guide 11
C HAPT ER 1 Introduction 1.1 Overview This User’s Guide covers the following models: NWA5121-N, NWA5121-NI, and NWA5123-NI. Your NWA is a wireless AP (Access Point). It extends the range of your existing wired network without additional wiring, providing easy network access to mobile users. Table 1 NWA Series Comparison Table FEATURES NWA5121-N NWA5121-NI NWA5123-NI IEEE 802.11b IEEE 802.11g IEEE 802.11n IEEE 802.11b IEEE 802.11g IEEE 802.11n IEEE IEEE IEEE IEEE 2.4 GHz 2.4 GHz 2.
Chapter 1 Introduction 1.1.1 MBSSID A Basic Service Set (BSS) is the set of devices forming a single wireless network (usually an access point and one or more wireless clients). The Service Set IDentifier (SSID) is the name of a BSS. In Multiple BSS (MBSSID) mode, the NWA provides multiple virtual APs, each forming its own BSS and using its own individual SSID profile. You can configure multiple SSID profiles, and have all of them active at any one time.
Chapter 1 Introduction Note: A different channel should be configured for each WLAN interface to reduce the effects of radio interference. You could use the 2.4 GHz band for regular Internet surfing and downloading while using the 5 GHz band for time sensitive traffic like high-definition video, music, and gaming. Figure 2 Dual-Radio Application 1.1.3 Management Mode The NWA is a standalone AP by default.
Chapter 1 Introduction Web Configurator The Web Configurator allows easy NWA setup and management using an Internet browser. This User’s Guide provides information about the Web Configurator. Command-Line Interface (CLI) The CLI allows you to use text-based commands to configure the NWA. You can access it using remote management (for example, SSH or Telnet). See the Command Reference Guide for more information.
Chapter 1 Introduction 1.5 LEDs The following are the LED descriptions for your NWA. Figure 3 LED Table 3 LED COLOR STATUS DESCRIPTION Amber On There is system error and the NWA cannot boot up, or the NWA doesn’t have an Ethernet connection with the LAN. Green Flashing The NWA is starting up. Off The NWA is receiving power and ready for use. On The WLAN is active. Blinking The WLAN is active, and transmitting or receiving data. Off The WLAN is not active. 1.
Chapter 1 Introduction Always use Maintenance > Shutdown or the shutdown command before you turn off the NWA or remove the power. Not doing so can cause the firmware to become corrupt. Table 4 Starting and Stopping the NWA METHOD DESCRIPTION Turning on the power A cold start occurs when you turn on the power to the NWA. The NWA powers up, checks the hardware, and starts the system processes.
C HAPT ER 2 The Web Configurator 2.1 Overview The NWA Web Configurator allows easy management using an Internet browser. In order to use the Web Configurator, you must: • Use Internet Explorer 7.0 and later or Firefox 1.5 and later • Allow pop-up windows • Enable JavaScript (enabled by default) • Enable Java permissions (enabled by default) • Enable cookies The recommended screen resolution is 1024 x 768 pixels and higher. 2.2 Access 1 Make sure your NWA hardware is properly connected.
Chapter 2 The Web Configurator 4 Click Login. If you logged in using the default user name and password, the Update Admin Info screen appears. Otherwise, the dashboard appears. The Update Admin Info screen appears every time you log in using the default user name and default password. If you change the password for the default user account, this screen does not appear anymore.
Chapter 2 The Web Configurator 2.3 Navigating the Web Configurator The following summarizes how to navigate the web configurator from the Dashboard screen. This guide uses the NWA5123-NI screens as an example. The screens may vary slightly for different models. Figure 4 The Web Configurator’s Main Screen A C B The Web Configurator’s main screen is divided into these parts: • A - Title Bar • B - Navigation Panel • C - Main Window 2.3.
Chapter 2 The Web Configurator The icons provide the following functions. Table 5 Title Bar: Web Configurator Icons LABEL DESCRIPTION Logout Click this to log out of the Web Configurator. Help Click this to open the help page for the current screen. About Click this to display basic information about the NWA. Site Map Click this to see an overview of links to the Web Configurator screens.
Chapter 2 The Web Configurator Site Map Click Site MAP to see an overview of links to the Web Configurator screens. Click a screen’s link to go to that screen. Figure 7 Site Map Object Reference Click Object Reference to open the Object Reference screen. Select the type of object and the individual object and click Refresh to show which configuration settings reference the object.
Chapter 2 The Web Configurator The fields vary with the type of object. The following table describes labels that can appear in this screen. Table 7 Object References LABEL DESCRIPTION Object Name This identifies the object for which the configuration settings that use it are displayed. Click the object’s name to display the object’s configuration screen in the main window. # This field is a sequential value, and it is not associated with any entry.
Chapter 2 The Web Configurator drag it to resize them. The following sections introduce the NWA’s navigation panel menus and their screens. Figure 10 Navigation Panel Dashboard The dashboard displays general device information, system status, system resource usage, and interface status in widgets that you can re-arrange to suit your needs. For details on the Dashboard’s features, see Chapter 3 on page 33. Monitor Menu The monitor menu screens display status and statistics information.
Chapter 2 The Web Configurator Table 9 Configuration Menu Screens Summary (continued) FOLDER OR LINK TAB FUNCTION MON Mode Configure how the NWA monitors for rogue APs. Load Balancing Configure load balancing for traffic moving to and from wireless clients. DCS Configure dynamic wireless channel selection. Object Users AP Profile User Create and manage users. Setting Manage default settings for all users, general settings for user sessions, and rules to force user authentication.
Chapter 2 The Web Configurator 2.3.3 Warning Messages Warning messages, such as those resulting from misconfiguration, display in a popup window. Figure 11 Warning Message 2.3.4 Tables and Lists The Web Configurator tables and lists are quite flexible and provide several options for how to display their entries. 2.3.4.1 Manipulating Table Display Here are some of the ways you can manipulate the Web Configurator tables.
Chapter 2 The Web Configurator • Filter by mathematical operators (<, >, or =) or searching for text. 28 3 Select a column heading cell’s right border and drag to re-size the column. 4 Select a column heading and drag and drop it to change the column order. A green check mark displays next to the column’s title when you drag the column to a valid new location.
Chapter 2 The Web Configurator 2.3.4.2 Working with Table Entries The tables have icons for working with table entries. A sample is shown next. You can often use the [Shift] or [Ctrl] key to select multiple entries to remove, activate, or deactivate. Table 11 Common Table Icons Here are descriptions for the most common table icons. Table 12 Common Table Icons LABEL DESCRIPTION Add Click this to create a new entry.
Chapter 2 The Web Configurator 30 NWA5120 Series User’s Guide
P ART II Technical Reference 31
C HAPT ER 3 Dashboard 3.1 Overview Use the Dashboard screens to check status information about the NWA. 3.1.1 What You Can Do in this Chapter • The main Dashboard screen (Section 3.2 on page 33) displays the NWA’s general device information, system status, system resource usage, and interface status. You can also display other status screens for more information. 3.2 Dashboard This screen is the first thing you see when you log into the NWA.
Chapter 3 Dashboard The following table describes the labels in this screen. Table 13 Dashboard LABEL DESCRIPTION Widget Settings (A) Use this link to re-open closed widgets. Widgets that are already open appear grayed out. Up Arrow (B) Click this to collapse a widget. Refresh Time Setting (C) Set the interval for refreshing the information displayed in the widget. Refresh Now (D) Click this to update the widget’s information immediately. Close Widget (E) Click this to close the widget.
Chapter 3 Dashboard Table 13 Dashboard (continued) LABEL Boot Status DESCRIPTION This field displays details about the NWA’s startup state. OK - The NWA started up successfully. Firmware update OK - A firmware update was successful. Problematic configuration after firmware update - The application of the configuration failed after a firmware upgrade. System default configuration - The NWA successfully applied the system default configuration.
Chapter 3 Dashboard Table 13 Dashboard (continued) LABEL Band DESCRIPTION This indicates the wireless frequency band currently being used by the radio. This shows - when the radio is in monitor mode. OP Mode This indicates the radio’s operating mode. Operating modes are AP (access point), AP (MBSSID) or MON (monitor). Channel This indicates the channel number the radio is using. Station This displays the number of wireless clients connected to the NWA. 3.2.
Chapter 3 Dashboard 3.2.2 Memory Usage Use this screen to look at a chart of the NWA’s recent memory (RAM) usage. To access this screen, click Memory Usage in the dashboard. Figure 15 Dashboard > Memory Usage The following table describes the labels in this screen. Table 15 Dashboard > Memory Usage LABEL DESCRIPTION The y-axis represents the percentage of RAM usage.
Chapter 3 Dashboard 38 NWA5120 Series User’s Guide
C HAPT ER 4 Monitor 4.1 Overview Use the Monitor screens to check status and statistics information. 4.1.1 What You Can Do in this Chapter • The LAN Status screen (Section 4.3 on page 40) displays general LAN interface information and packet statistics. • The LAN Status Graph screen (Section 4.3.1 on page 42) displays a line graph of packet statistics for the NWA’s physical LAN port. • The Radio List screen (Section 4.4 on page 43) displays statistics about the wireless radio transmitters in the NWA.
Chapter 4 Monitor 4.3 LAN Status Use this screen to look at general LAN interface information and packet statistics. To access this screen, click Monitor > LAN Status. Figure 16 Monitor > LAN Status The following table describes the labels in this screen. Table 16 Monitor > LAN Status LABEL DESCRIPTION Poll Interval Enter how often you want this window to be updated automatically, and click Set Interval. Set Interval Click this to set the Poll Interval the screen uses.
Chapter 4 Monitor Table 16 Monitor > LAN Status (continued) LABEL DESCRIPTION Action Use this field to get or to update the IP address for the interface. Click Renew to send a new DHCP request to a DHCP server. If the interface cannot use one of these ways to get or to update its IP address, this field displays n/a. Port Statistics Table Switch to Graphic View Click this to display the port statistics as a line graph. Status This field displays the current status of the physical port.
Chapter 4 Monitor 4.3.1 LAN Status Graph Use the port statistics graph to look at a line graph of packet statistics for the NWA’s physical LAN port. To view, in the LAN Status screen click the Switch to Graphic View button. Figure 17 Monitor > LAN Status > Switch to Graphic View The following table describes the labels in this screen. Table 17 Monitor > LAN Status > Switch to Graphic View 42 LABEL DESCRIPTION Refresh Interval Enter how often you want this window to be automatically updated.
Chapter 4 Monitor 4.4 Radio List Use this screen to view statistics for the NWA’s wireless radio transmitters. To access this screen, click Monitor > Wireless > AP Information > Radio List. Figure 18 Monitor > Wireless > AP Information > Radio List The following table describes the labels in this screen. Table 18 Monitor > Wireless > AP Information > Radio List LABEL DESCRIPTION More Information Click this to view additional information about the selected radio’s wireless traffic and station count.
Chapter 4 Monitor 4.4.1 AP Mode Radio Information This screen allows you to view a selected radio’s SSID details, wireless traffic statistics and station count for the preceding 24 hours. To access this window, select a radio and click the More Information button in the Radio List screen.
Chapter 4 Monitor The following table describes the labels in this screen. Table 19 Monitor > Wireless > AP Information > Radio List > More Information LABEL DESCRIPTION SSID Detail This list shows information about all the wireless clients that have connected to the specified radio over the preceding 24 hours. # This is the items sequential number in the list. It has no bearing on the actual data in this list. SSID Name This displays an SSID associated with this radio.
Chapter 4 Monitor The following table describes the labels in this screen. Table 20 Monitor > Wireless > Station Info LABEL DESCRIPTION # This is the station’s index number in this list. MAC Address This is the station’s MAC address. Radio This is the radio number on the NWA to which the station is connected. SSID Name This indicates the name of the wireless network to which the station is connected. A single AP can have multiple SSIDs or networks.
Chapter 4 Monitor Table 21 Monitor > Wireless > Rogue AP (continued) LABEL DESCRIPTION Status This indicates the detected device’s status. Device This indicates the type of device detected. Role This indicates the detected device’s role (such as friendly or rogue). MAC Address This indicates the detected device’s MAC address. SSID Name This indicates the detected device’s SSID. Channel ID This indicates the detected device’s channel ID. 802.11 Mode This indicates the 802.
Chapter 4 Monitor Events that generate an alert (as well as a log message) display in red. Regular logs display in black. Click a column’s heading cell to sort the table entries by that column’s criteria. Click the heading cell again to reverse the sort order. Figure 22 Monitor > Log > View Log The following table describes the labels in this screen. Table 22 Monitor > Log > View Log LABEL DESCRIPTION Show Filter / Hide Filter Click this button to show or hide the filter settings.
Chapter 4 Monitor Table 22 Monitor > Log > View Log (continued) LABEL DESCRIPTION Destination Address This displays when you show the filter. Type the IP address of the destination of the incoming packet when the log message was generated. Do not include the port in this filter. Source Interface This displays when you show the filter. Select the source interface of the packet that generated the log message. Destination Interface This displays when you show the filter.
Chapter 4 Monitor 50 NWA5120 Series User’s Guide
C HAPT ER 5 LAN Setting 5.1 Overview This chapter describes how you can configure the management IP address of your NWA. The Internet Protocol (IP) address identifies a device on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts. Figure 23 IP Setup The figure above illustrates one possible setup of your NWA. The gateway IP address is 192.168.1.
Chapter 5 LAN Setting 5.2 LAN Setting Use this screen to configure the IP address for your NWA. To access this screen, click Configuration > LAN Setting. Figure 24 Configuration > LAN Setting Each field is described in the following table. Table 23 Configuration > LAN Setting LABEL DESCRIPTION IP Address Assignment Get Automatically Select this to make the interface a DHCP client and automatically get the IP address, subnet mask, and gateway address from a DHCP server.
C HAPT ER 6 Wireless 6.1 Overview This chapter discusses how to configure the wireless network settings in your NWA. The following figure provides an example of a wireless network. Figure 25 Example of a Wireless Network The wireless network is the part in the blue circle. In this wireless network, devices A and B are called wireless clients. The wireless clients use the access point (AP) to interact with other devices (such as the printer) or with the Internet. Your NWA is the AP. 6.1.
Chapter 6 Wireless 6.1.2 What You Need to Know The following terms and concepts may help as you read this chapter. Station / Wireless Client A station or wireless client is any wireless-capable device that can connect to an AP using a wireless signal.
Chapter 6 Wireless Each field is described in the following table. Table 24 Configuration > Wireless > AP Management LABEL DESCRIPTION Model This field displays the NWA’s model name. Radio 1 Activate Select the check box to enable the NWA’s first (default) radio. Radio 1 OP Mode Select the operating mode for radio 1.
Chapter 6 Wireless Click Configuration > Wireless > MON Mode to access this screen. Figure 27 Configuration > Wireless > MON Mode Each field is described in the following table. Table 25 Configuration > Wireless > MON Mode LABEL DESCRIPTION Rogue/Friendly AP List Add Click this button to add an AP to the list and assign it either friendly or rogue status. Edit Select an AP in the list to edit and reassign its status. Remove # Select an AP in the list to remove.
Chapter 6 Wireless 6.3.1 Add/Edit Rogue/Friendly List Click Add or select an AP and click the Edit button in the Configuration > Wireless > MON Mode table to display this screen. Figure 28 Configuration > Wireless > MON Mode > Add/Edit Rogue/Friendly AP List Each field is described in the following table. Table 26 Configuration > Wireless > MON Mode > Add/Edit Rogue/Friendly AP List LABEL DESCRIPTION MAC Enter the MAC address of the AP you want to add to the list.
Chapter 6 Wireless Each field is described in the following table. Table 27 Configuration > Wireless > Load Balancing LABEL DESCRIPTION Enable Load Balancing Select this to enable load balancing on the NWA. Mode Select a mode by which load balancing is carried out. Select By Station Number to balance network traffic based on the number of specified stations connect to an AP. Select By Traffic Level to balance network traffic based on the volume generated by the stations connected to an AP.
Chapter 6 Wireless until it can afford the bandwidth or the laptop is picked up by a different AP with bandwidth to spare. Figure 30 Delaying a Connection The second response your AP can take is to kick the connections that are pushing it over its balanced bandwidth allotment. Figure 31 Kicking a Connection Connections are kicked based on either idle timeout or signal strength. The NWA first looks to see which devices have been idle the longest, then starts kicking them in order of highest idle time.
Chapter 6 Wireless 6.5 DCS Use this screen to configure dynamic radio channel selection. Click Configuration > Wireless > DCS to access this screen. Figure 32 Configuration > Wireless > DCS Each field is described in the following table.
Chapter 6 Wireless Table 28 Configuration > Wireless > DCS (continued) LABEL DESCRIPTION DCS Sensitivity Level Select the AP’s sensitivity level toward other channels. Options are High, Medium, and Low. Generally, as long as the area in which your AP is located has minimal interference from other devices you can set the DCS Sensitivity Level to Low. This means that the AP has a very broad tolerance.
Chapter 6 Wireless 6.6 Technical Reference The following section contains additional technical information about the features described in this chapter. Dynamic Channel Selection When numerous APs broadcast within a given area, they introduce the possibility of heightened radio interference, especially if some or all of them are broadcasting on the same radio channel.
Chapter 6 Wireless Finally, there is an alternative four channel scheme for ETSI, consisting of channels 1, 5, 9, 13. This offers significantly less overlap that the other one. Figure 35 An Alternative Four-Channel Deployment Load Balancing Because there is a hard upper limit on an AP’s wireless bandwidth, load balancing can be crucial in areas crowded with wireless users.
Chapter 6 Wireless 64 NWA5120 Series User’s Guide
C HAPT ER 7 User 7.1 Overview This chapter describes how to set up user accounts and user settings for the NWA. 7.1.1 What You Can Do in this Chapter • The User screen (see Section 7.2 on page 66) provides a summary of all user accounts. • The Setting screen (see Section 7.3 on page 68) controls default settings, login settings, lockout settings, and other user settings for the NWA. 7.1.2 What You Need To Know The following terms and concepts may help as you read this chapter.
Chapter 7 User 7.2 User Summary The User screen provides a summary of all user accounts. To access this screen click Configuration > Object > User. Figure 36 Configuration > Object > User The following table describes the labels in this screen. Table 30 Configuration > Object > User LABEL DESCRIPTION Add Click this to create a new entry. Edit Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings.
Chapter 7 User • Alphanumeric A-z 0-9 (there is no unicode support) • _ [underscores] • - [dashes] The first character must be alphabetical (A-Z a-z), an underscore (_), or a dash (-). Other limitations on user names are: • User names are case-sensitive. If you enter a user 'bob' but use 'BOB' when connecting via CIFS or FTP, it will use the account settings used for 'BOB' not ‘bob’. • User names have to be different than user group names.
Chapter 7 User The following table describes the labels in this screen. Table 31 Configuration > User > User > Add/Edit A User LABEL DESCRIPTION User Name Type the user name for this user account. You may use 1-31 alphanumeric characters, underscores(_), or dashes (-), but the first character cannot be a number. This value is case-sensitive. User names have to be different than user group names, and some words are reserved. User Type Select what type of user this is.
Chapter 7 User To access this screen, login to the Web Configurator, and click Configuration > Object > User > Setting. Figure 38 Configuration > Object > User > Setting The following table describes the labels in this screen. Table 32 Configuration > Object > User > Setting LABEL DESCRIPTION User Default Setting Default Authentication Timeout Settings These authentication timeout settings are used by default when you create a new user account.
Chapter 7 User Table 32 Configuration > Object > User > Setting (continued) LABEL Reauthentication Time DESCRIPTION This is the default reauthentication time in minutes for each type of user account. It defines the number of minutes the user can be logged into the NWA in one session before having to log in again. Unlike Lease Time, the user has no opportunity to renew the session without logging out.
Chapter 7 User The following table describes the labels in this screen. Table 33 User > Setting > Edit User Authentication Timeout Settings LABEL DESCRIPTION User Type This read-only field identifies the type of user account for which you are configuring the default settings. • • Lease Time admin - this user can look at and change the configuration of the NWA. limited-admin - this user can look at the configuration of the NWA but not to change it.
Chapter 7 User 72 NWA5120 Series User’s Guide
C HAPT ER 8 AP Profile 8.1 Overview This chapter shows you how to configure preset profiles for the NWA. 8.1.1 What You Can Do in this Chapter • The Radio screen (Section 8.2 on page 74) creates radio configurations that can be used by the APs. • The SSID screen (Section 8.3 on page 79) configures three different types of profiles for your networked APs. 8.1.2 What You Need To Know The following terms and concepts may help as you read this chapter.
Chapter 8 AP Profile WEP WEP (Wired Equivalent Privacy) encryption scrambles all data packets transmitted between the AP and the wireless stations associated with it in order to keep network communications private. Both the wireless stations and the access points must use the same WEP key for data encryption and decryption. WPA and WPA2 Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE 802.
Chapter 8 AP Profile Table 34 Configuration > Object > AP Profile > Radio (continued) LABEL DESCRIPTION Remove Click this to remove the selected radio profile. Activate To turn on an entry, select it and click Activate. Inactivate To turn off an entry, select it and click Inactivate. Object Reference Click this to view which other objects are linked to the selected radio profile. # This field is a sequential value, and it is not associated with a specific user.
Chapter 8 AP Profile 8.2.1 Add/Edit Radio Profile This screen allows you to create a new radio profile or edit an existing one. To access this screen, click the Add button or select a radio profile from the list and click the Edit button.
Chapter 8 AP Profile The following table describes the labels in this screen. Table 35 Configuration > Object > AP Profile > Add/Edit Profile LABEL DESCRIPTION Hide / Show Advanced Settings Click this to hide or show the Advanced Settings in this window. Create New Object Select an item from this menu to create a new object of that type. Any objects created in this way are automatically linked to this radio profile. General Settings Activate Select this option to make this profile active.
Chapter 8 AP Profile Table 35 Configuration > Object > AP Profile > Add/Edit Profile (continued) LABEL DESCRIPTION Enable A-MSDU Aggregation Select this to enable A-MSDU aggregation. Disable-Channel Switch for DFS This field is available only if you set 802.11 Band to 5G. Mac Service Data Unit (MSDU) aggregation collects Ethernet frames without any of their 802.11n headers and wraps the header-less payload in a single 802.11n MAC header. This method is useful for increasing bandwidth throughput.
Chapter 8 AP Profile Table 35 Configuration > Object > AP Profile > Add/Edit Profile (continued) LABEL DESCRIPTION Multicast Settings Transmission Mode Specify how the NWA handles wireless multicast traffic. Select Multicast to Unicast to broadcast wireless multicast traffic to all of the wireless clients as unicast traffic. Unicast traffic dynamically changes the data rate based on the application’s bandwidth requirements.
Chapter 8 AP Profile Note: You can have a maximum of 32 SSID profiles on the NWA. Figure 42 Configuration > Object > AP Profile > SSID List The following table describes the labels in this screen. Table 36 Configuration > Object > AP Profile > SSID List 80 LABEL DESCRIPTION Add Click this to add a new SSID profile. Edit Click this to edit the selected SSID profile. Remove Click this to remove the selected SSID profile.
Chapter 8 AP Profile 8.3.1.1 Add/Edit SSID Profile This screen allows you to create a new SSID profile or edit an existing one. To access this screen, click the Add button or select an SSID profile from the list and click the Edit button. Figure 43 Configuration > Object > AP Profile > Add/Edit SSID Profile The following table describes the labels in this screen.
Chapter 8 AP Profile Table 37 Configuration > Object > AP Profile > Add/Edit SSID Profile (continued) LABEL DESCRIPTION Layer-2 Isolation Profile Select a layer-2 isolation profile from the list to associate with this SSID. If none exist, you can sue the Create new Object menu to create one. Layer-2 isolation allows you to prevent wireless clients associated with your NWA from communicating with other wireless clients, APs, computers or routers in a network.
Chapter 8 AP Profile Note: You can have a maximum of 32 security profiles on the NWA. Figure 44 Configuration > Object > AP Profile > SSID > Security List The following table describes the labels in this screen. Table 38 Configuration > Object > AP Profile > SSID > Security List LABEL DESCRIPTION Add Click this to add a new security profile. Edit Click this to edit the selected security profile. Remove Click this to remove the selected security profile.
Chapter 8 AP Profile Note: This screen’s options change based on the Security Mode selected. Only the default screen is displayed here.
Chapter 8 AP Profile The following table describes the labels in this screen. Table 39 SSID > Security Profile > Add/Edit Security Profile LABEL DESCRIPTION Profile Name Enter up to 31 alphanumeric characters for the profile name. This name is only visible in the Web Configurator and is only for management purposes. Spaces and underscores are allowed. Security Mode Select a security mode from the list: none, wep, wpa, wpa2, or wpa2-mix.
Chapter 8 AP Profile Table 39 SSID > Security Profile > Add/Edit Security Profile (continued) LABEL DESCRIPTION Key 1~4 Based on your Key Length selection, enter the appropriate length hexadecimal or ASCII key. PSK This field is available when you select the wpa, wpa2, or wpa2-mix security mode. Select this option to use a Pre-Shared Key with WPA encryption.
Chapter 8 AP Profile The following table describes the labels in this screen. Table 40 Configuration > Object > AP Profile > SSID > MAC Filter List LABEL DESCRIPTION Add Click this to add a new MAC filtering profile. Edit Click this to edit the selected MAC filtering profile. Remove Click this to remove the selected MAC filtering profile. Object Reference Click this to view which other objects are linked to the selected MAC filtering profile (for example, SSID profile).
Chapter 8 AP Profile Table 41 SSID > MAC Filter List > Add/Edit MAC Filter Profile (continued) LABEL DESCRIPTION Add Click this to add a MAC address to the profile’s list. Edit Click this to edit the selected MAC address in the profile’s list. Remove Click this to remove the selected MAC address from the profile’s list. # This field is a sequential value, and it is not associated with a specific user. MAC This field specifies a MAC address associated with this profile.
Chapter 8 AP Profile This screen allows you to specify devices you want the users on your wireless networks to access. To access this screen click Configuration > Object > AP Profile > SSID > Layer-2 Isolation List. Figure 49 Configuration > Object > AP Profile > SSID > Layer-2 Isolation List The following table describes the labels in this screen. Table 42 Configuration > Object > AP Profile > SSID > Layer-2 Isolation List LABEL DESCRIPTION Add Click this to add a new MAC filtering profile.
Chapter 8 AP Profile Note: You need to know the MAC address of each wireless client, AP, computer or router that you want to allow to communicate with the NWA's wireless clients. Figure 50 SSID > MAC Filter List > Add/Edit Layer-2 Isolation Profile The following table describes the labels in this screen. Table 43 SSID > MAC Filter List > Add/Edit Layer-2 Isolation Profile 90 LABEL DESCRIPTION Profile Name Enter up to 31 alphanumeric characters for the profile name.
C HAPT ER 9 MON Profile 9.1 Overview This screen allows you to set up monitor mode configurations that allow your NWA to scan for other wireless devices in the vicinity. Once detected, you can use the Wireless > MON Mode screen (Section 6.3 on page 55) to classify them as either rogue or friendly. 9.1.1 What You Can Do in this Chapter The MON Profile screen (Section 9.2 on page 91) creates preset monitor mode configurations that can be used by the NWA. 9.
Chapter 9 MON Profile Table 44 Configuration > Object > MON Profile (continued) LABEL DESCRIPTION Inactivate To turn off an entry, select it and click Inactivate. Object Reference Click this to view which other objects are linked to the selected monitor mode profile (for example, an AP management profile). # This field is a sequential value, and it is not associated with a specific profile. Status This field shows whether or not the entry is activated.
Chapter 9 MON Profile The following table describes the labels in this screen. Table 45 Configuration > Object > MON Profile > Add/Edit MON Profile LABEL DESCRIPTION Activate Select this to activate this monitor mode profile. Profile Name This field indicates the name assigned to the monitor mode profile. Channel dwell time Enter the interval (in milliseconds) before the NWA switches to another channel for monitoring.
Chapter 9 MON Profile or set up their own rogue APs in order to capture information from wireless clients. If a scan reveals a rogue AP, you can use commercially-available software to physically locate it. Figure 53 Rogue AP Example X A RG C B In the example above, a corporate network’s security is compromised by a rogue AP (RG) set up by an employee at his workstation in order to allow him to connect his notebook computer wirelessly (A).
C HAPTER 10 Certificates 10.1 Overview The NWA can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication. 10.1.1 What You Can Do in this Chapter • The My Certificate screens (Section 10.
Chapter 10 Certificates 5 Additionally, Jenny uses her own private key to sign a message and Tim uses Jenny’s public key to verify the message. The NWA uses certificates based on public-key cryptology to authenticate users attempting to establish a connection, not to encrypt the data that you send after establishing a connection. The method used to secure the data that you send through an established connection depends on the type of connection.
Chapter 10 Certificates • Binary PKCS#12: This is a format for transferring public key and private key certificates.The private key in a PKCS #12 file is within a password-encrypted envelope. The file’s password is not connected to your certificate’s public or private passwords. Exporting a PKCS #12 file creates this and you must provide it to decrypt the contents when you import the file into the NWA. Note: Be careful not to convert a binary file to text during the transfer process.
Chapter 10 Certificates 10.2 My Certificates Click Configuration > Object > Certificate > My Certificates to open this screen. This is the NWA’s summary list of certificates and certification requests. Figure 54 Configuration > Object > Certificate > My Certificates The following table describes the labels in this screen.
Chapter 10 Certificates Table 46 Configuration > Object > Certificate > My Certificates (continued) LABEL DESCRIPTION Subject This field displays identifying information about the certificate’s owner, such as CN (Common Name), OU (Organizational Unit or department), O (Organization or company) and C (Country). It is recommended that each certificate have unique subject information.
Chapter 10 Certificates 10.2.1 Add My Certificates Click Configuration > Object > Certificate > My Certificates and then the Add icon to open the Add My Certificates screen. Use this screen to have the NWA create a self-signed certificate, enroll a certificate with a certification authority or generate a certification request.
Chapter 10 Certificates The following table describes the labels in this screen. Table 47 Configuration > Object > Certificate > My Certificates > Add LABEL DESCRIPTION Name Type a name to identify this certificate. You can use up to 31 alphanumeric and ;‘~!@#$%^&()_+[]{}’,.=- characters. Subject Information Use these fields to record information that identifies the owner of the certificate.
Chapter 10 Certificates Table 47 Configuration > Object > Certificate > My Certificates > Add (continued) LABEL DESCRIPTION Create a certification request and enroll for a certificate immediately online Select this to have the NWA generate a request for a certificate and apply to a certification authority for a certificate. You must have the certification authority’s certificate already imported in the Trusted Certificates screen.
Chapter 10 Certificates 10.2.2 Edit My Certificates Click Configuration > Object > Certificate > My Certificates and then the Edit icon to open the My Certificate Edit screen. You can use this screen to view in-depth certificate information and change the certificate’s name.
Chapter 10 Certificates The following table describes the labels in this screen. Table 48 Configuration > Object > Certificate > My Certificates > Edit LABEL DESCRIPTION Name This field displays the identifying name of this certificate. You can use up to 31 alphanumeric and ;‘~!@#$%^&()_+[]{}’,.=- characters. Certification Path This field displays for a certificate, not a certification request.
Chapter 10 Certificates Table 48 Configuration > Object > Certificate > My Certificates > Edit LABEL DESCRIPTION MD5 Fingerprint This is the certificate’s message digest that the NWA calculated using the MD5 algorithm. SHA1 Fingerprint This is the certificate’s message digest that the NWA calculated using the SHA1 algorithm. Certificate in PEM (Base-64) Encoded Format This read-only text box displays the certificate or certification request in Privacy Enhanced Mail (PEM) format.
Chapter 10 Certificates You must remove any spaces in the certificate’s filename before you can import it. Figure 57 Configuration > Object > Certificate > My Certificates > Import The following table describes the labels in this screen. Table 49 Configuration > Object > Certificate > My Certificates > Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it.
Chapter 10 Certificates being trustworthy; thus you do not need to import any certificate that is signed by one of these certificates. Figure 58 Configuration > Object > Certificate > Trusted Certificates The following table describes the labels in this screen. Table 50 Configuration > Object > Certificate > Trusted Certificates LABEL DESCRIPTION PKI Storage Space in Use This bar displays the percentage of the NWA’s PKI storage space that is currently in use.
Chapter 10 Certificates 10.3.1 Edit Trusted Certificates Click Configuration > Object > Certificate > Trusted Certificates and then a certificate’s Edit icon to open the Trusted Certificates Edit screen. Use this screen to view in-depth information about the certificate, change the certificate’s name and set whether or not you want the NWA to check a certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority.
Chapter 10 Certificates The following table describes the labels in this screen. Table 51 Configuration > Object > Certificate > Trusted Certificates > Edit LABEL DESCRIPTION Name This field displays the identifying name of this certificate. You can change the name. You can use up to 31 alphanumeric and ;‘~!@#$%^&()_+[]{}’,.=- characters.
Chapter 10 Certificates Table 51 Configuration > Object > Certificate > Trusted Certificates > Edit (continued) LABEL DESCRIPTION Signature Algorithm This field displays the type of algorithm that was used to sign the certificate. Some certification authorities use rsa-pkcs1-sha1 (RSA public-private key encryption algorithm and the SHA1 hash algorithm). Other certification authorities may use rsapkcs1-md5 (RSA public-private key encryption algorithm and the MD5 hash algorithm).
Chapter 10 Certificates Note: You must remove any spaces from the certificate’s filename before you can import the certificate. Figure 60 Configuration > Object > Certificate > Trusted Certificates > Import The following table describes the labels in this screen. Table 52 Configuration > Object > Certificate > Trusted Certificates > Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it.
Chapter 10 Certificates 112 NWA5120 Series User’s Guide
C HAPTER 11 System 11.1 Overview Use the system screens to configure general NWA settings. 11.1.1 What You Can Do in this Chapter • The Host Name screen (Section 11.2 on page 113) configures a unique name for the NWA in your network. • The Date/Time screen (Section 11.3 on page 114) configures the date and time for the NWA. • The WWW screens (Section 11.4 on page 118) configure settings for HTTP or HTTPS access to the NWA. • The SSH screen (Section 11.
Chapter 11 System The following table describes the labels in this screen. Table 53 Configuration > System > Host Name LABEL DESCRIPTION System Name Choose a descriptive name to identify your NWA device. This name can be up to 64 alphanumeric characters long. Spaces are not allowed, but dashes (-) underscores (_) and periods (.) are accepted. Domain Name Enter the domain name (if you know it) here. This name is propagated to DHCP clients connected to interfaces with the DHCP server enabled.
Chapter 11 System The following table describes the labels in this screen. Table 54 Configuration > System > Date/Time LABEL DESCRIPTION Current Time and Date Current Time This field displays the present time of your NWA. Current Date This field displays the present date of your NWA. Time and Date Setup Manual Select this radio button to enter the time and date manually.
Chapter 11 System Table 54 Configuration > System > Date/Time (continued) LABEL DESCRIPTION End Date Configure the day and time when Daylight Saving Time ends if you selected Enable Daylight Saving. The at field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the first Sunday of November. Each time zone in the United States stops using Daylight Saving Time at 2 A.M. local time.
Chapter 11 System The Current Time and Current Date fields will display the appropriate settings if the synchronization is successful. If the synchronization was not successful, a log displays in the View Log screen. Try re-configuring the Date/Time screen. To manually set the NWA date and time: 1 Click System > Date/Time. 2 Select Manual under Time and Date Setup. 3 Enter the NWA’s time in the New Time field. 4 Enter the NWA’s date in the New Date field.
Chapter 11 System 11.4 WWW Overview The following figure shows secure and insecure management of the NWA coming in from the WAN. HTTPS and SSH access are secure. HTTP, Telnet, and FTP management access are not secure. Figure 64 Secure and Insecure Service Access From the WAN 11.4.1 Service Access Limitations A service cannot be used to access the NWA when you have disabled that service in the corresponding screen. 11.4.2 System Timeout There is a lease timeout for administrators.
Chapter 11 System HTTPS on the NWA is used so that you can securely access the NWA using the Web Configurator. The SSL protocol specifies that the HTTPS server (the NWA) must always authenticate itself to the HTTPS client (the computer which requests the HTTPS connection with the NWA), whereas the HTTPS client only should authenticate itself when the HTTPS server requires it to do so (select Authenticate Client Certificates in the WWW screen).
Chapter 11 System 11.4.4 Configuring WWW Service Control Click Configuration > System > WWW to open the WWW screen. Use this screen to specify HTTP or HTTPS settings. Figure 66 Configuration > System > WWW > Service Control The following table describes the labels in this screen.
Chapter 11 System Table 56 Configuration > System > WWW > Service Control (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the NWA. Reset Click Reset to return the screen to its last-saved settings. 11.4.5 HTTPS Example If you haven’t changed the default HTTPS port on the NWA, then in your browser enter “https:// NWA IP Address/” as the web site address where “NWA IP Address” is the IP address or domain name of the NWA you wish to access. 11.4.5.
Chapter 11 System Figure 68 Security Certificate 1 (Firefox) Figure 69 Security Certificate 2 (Firefox) 11.4.5.3 Avoiding Browser Warning Messages Here are the main reasons your browser displays warnings about the NWA’s HTTPS server certificate and what you can do to avoid seeing the warnings: • The issuing certificate authority of the NWA’s HTTPS server certificate is not one of the browser’s trusted certificate authorities.
Chapter 11 System • For the browser to trust a self-signed certificate, import the self-signed certificate into your operating system as a trusted certificate. • To have the browser trust the certificates issued by a certificate authority, import the certificate authority’s certificate into your operating system as a trusted certificate. Refer to Appendix A on page 177 for details. 11.4.5.
Chapter 11 System 11.4.5.5 Installing the CA’s Certificate 1 Double click the CA’s trusted certificate to produce a screen similar to the one shown next. 2 Click Install Certificate and follow the wizard as shown earlier in this appendix. 11.4.5.6 Installing a Personal Certificate You need a password in advance. The CA may issue the password or you may have to specify it during the enrollment.
Chapter 11 System 1 Click Next to begin the wizard. 2 The file name and path of the certificate you double-clicked should automatically appear in the File name text box. Click Browse if you wish to import a different certificate.
Chapter 11 System 126 3 Enter the password given to you by the CA. 4 Have the wizard determine where the certificate should be saved on your computer or select Place all certificates in the following store and choose a different location.
Chapter 11 System 5 Click Finish to complete the wizard and begin the import process. 6 You should see the following screen when the certificate is correctly installed on your computer. 11.4.5.7 Using a Certificate When Accessing the NWA To access the NWA via HTTPS: 1 Enter ‘https://NWA IP Address/ in your browser’s web address field.
Chapter 11 System 2 When Authenticate Client Certificates is selected on the NWA, the following screen asks you to select a personal certificate to send to the NWA. This screen displays even if you only have a single certificate as in the example. 3 You next see the Web Configurator login screen. 11.5 SSH You can use SSH (Secure SHell) to securely access the NWA’s command line interface.
Chapter 11 System 11.5.1 How SSH Works The following figure is an example of how a secure connection is established between two remote hosts using SSH v1. Figure 72 How SSH v1 Works Example 1 Host Identification The SSH client sends a connection request to the SSH server. The server identifies itself with a host key. The client encrypts a randomly generated session key with the host key and server key and sends the result back to the server. The client automatically saves any new server public keys.
Chapter 11 System 11.5.2 SSH Implementation on the NWA Your NWA supports SSH versions 1 and 2 using RSA authentication and four encryption methods (AES, 3DES, Archfour, and Blowfish). The SSH server is implemented on the NWA for management using port 22 (by default). 11.5.3 Requirements for Using SSH You must install an SSH client program on a client computer (Windows or Linux operating system) that is used to connect to the NWA over SSH. 11.5.
Chapter 11 System 11.5.5 Examples of Secure Telnet Using SSH This section shows two examples using a command interface and a graphical interface SSH client program to remotely access the NWA. The configuration and connection steps are similar for most SSH client programs. Refer to your SSH client program user’s guide. 11.5.5.1 Example 1: Microsoft Windows This section describes how to access the NWA using the Secure Shell Client program.
Chapter 11 System 2 Enter “ssh –1 192.168.1.2”. This command forces your computer to connect to the NWA using SSH version 1. If this is the first time you are connecting to the NWA using SSH, a message displays prompting you to save the host information of the NWA. Type “yes” and press [ENTER]. Then enter the password to log in to the NWA. Figure 76 SSH Example 2: Log in $ ssh –1 192.168.1.2 The authenticity of host '192.168.1.2 (192.168.1.2)' can't be established.
Chapter 11 System 11.7 FTP You can upload and download the NWA’s firmware and configuration files using FTP. To use this feature, your computer must have an FTP client. See Chapter 13 on page 151 for more information about firmware and configuration files. To change your NWA’s FTP settings, click Configuration > System > FTP tab. The screen appears as shown. Use this screen to specify FTP settings. Figure 78 Configuration > System > FTP The following table describes the labels in this screen.
Chapter 11 System (SNMPv1), version two (SNMPv2c), and version three (SNMPv3). The next figure illustrates an SNMP management operation. Figure 79 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the NWA). An agent translates the local management information from the managed device into a form compatible with SNMP.
Chapter 11 System 11.8.1 Supported MIBs The NWA supports MIB II that is defined in RFC-1213 and RFC-1215. The NWA also supports private MIBs (ZYXEL-ES-CAPWAP.MIB, ZYXEL-ES-COMMON.MIB, ZYXEL-ES-HYBRIDAP.MIB, ZYXEL-ESPROWLAN.MIB, ZYXEL-ES-RFMGMT.MIB, ZYXEL-ES-SMI.MIB, and ZYXEL-ES-WIRELESS.MIB) to collect information about CPU and memory usage and VPN total throughput. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance.
Chapter 11 System The following table describes the labels in this screen. Table 61 Configuration > System > SNMP LABEL DESCRIPTION Enable Select the check box to allow or disallow users to access the NWA using SNMP. Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Trap 136 Community Type the trap community, which is the password sent with each trap to the SNMP manager.
Chapter 11 System 11.8.4 Adding or Editing an SNMPv3 User Profile This screen allows you to add or edit an SNMPv3 user profile. To access this screen, click the Configuration > System > SNMP screen’s Add button or select a SNMPv3 user profile from the list and click the Edit button. Figure 81 Configuration > System > SNMP > Add The following table describes the labels in this screen.
Chapter 11 System 138 NWA5120 Series User’s Guide
C HAPTER 12 Log and Report 12.1 Overview Use the system screens to configure daily reporting and log settings. 12.1.1 What You Can Do In this Chapter • The Email Daily Report screen (Section 12.2 on page 139) configures how and where to send daily reports and what reports to send. • The Log Setting screens (Section 12.3 on page 141) specify which logs are e-mailed, where they are e-mailed, and how often they are e-mailed. 12.
Chapter 12 Log and Report Click Configuration > Log & Report > Email Daily Report to display the following screen. Configure this screen to have the NWA e-mail you system statistics every day. Figure 82 Configuration > Log & Report > Email Daily Report The following table describes the labels in this screen. Table 63 Configuration > Log & Report > Email Daily Report 140 LABEL DESCRIPTION Enable Email Daily Report Select this to send reports by e-mail every day.
Chapter 12 Log and Report Table 63 Configuration > Log & Report > Email Daily Report (continued) LABEL DESCRIPTION Mail Subject Type the subject line for the outgoing e-mail. Select Append system name to add the NWA’s system name to the subject. Select Append date time to add the NWA’s system date and time to the subject. Mail From Type the e-mail address from which the outgoing e-mail is delivered. This address is used in replies.
Chapter 12 Log and Report 12.3.1 Log Setting To access this screen, click Configuration > Log & Report > Log Setting. Figure 83 Configuration > Log & Report > Log Setting The following table describes the labels in this screen. Table 64 Configuration > Log & Report > Log Setting LABEL DESCRIPTION Edit Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings. Activate To turn on an entry, select it and click Activate.
Chapter 12 Log and Report Table 64 Configuration > Log & Report > Log Setting (continued) LABEL DESCRIPTION Active Log Summary Click this button to open the Active Log Summary screen. Apply Click this button to save your changes (activate and deactivate logs) and make them take effect. 12.3.2 Edit System Log Settings This screen controls the detailed settings for each log in the system log (which includes the e-mail profiles).
Chapter 12 Log and Report The following table describes the labels in this screen. Table 65 Configuration > Log & Report > Log Setting > Edit System Log Setting LABEL DESCRIPTION E-Mail Server 1/2 Active Select this to send log messages and alerts according to the information in this section. You specify what kinds of log messages are included in log information and what kinds of log messages are included in alerts in the Active Log and Alert section.
Chapter 12 Log and Report Table 65 Configuration > Log & Report > Log Setting > Edit System Log Setting (continued) LABEL E-mail Server 2 DESCRIPTION Use the E-Mail Server 2 drop-down list to change the settings for e-mailing logs to e-mail server 2 for all log categories. Using the System Log drop-down list to disable all logs overrides your e-mail server 2 settings. enable normal logs (green check mark) - e-mail log messages for all categories to e-mail server 2.
Chapter 12 Log and Report 12.3.3 Edit Remote Server This screen controls the settings for each log in the remote server (syslog). Select a remote server entry in the Log Setting screen and click the Edit icon.
Chapter 12 Log and Report The following table describes the labels in this screen. Table 66 Configuration > Log & Report > Log Setting > Edit Remote Server LABEL DESCRIPTION Log Settings for Remote Server Active Select this check box to send log information according to the information in this section. You specify what kinds of messages are included in log information in the Active Log section. Log Format This field displays the format of the log information. It is read-only.
Chapter 12 Log and Report example, where and how often log information is e-mailed or remote server names). To access this screen, go to the Log Setting screen, and click the Active Log Summary button. Figure 86 Active Log Summary This screen provides a different view and a different way of indicating which messages are included in each log and each alert. (The Default category includes debugging messages generated by open source software.
Chapter 12 Log and Report The following table describes the fields in this screen. Table 67 Configuration > Log & Report > Log Setting > Active Log Summary LABEL DESCRIPTION Active Log Summary If the NWA is set to controller mode, the AC section controls logs generated by the controller and the AP section controls logs generated by the managed APs. System log Use the System Log drop-down list to change the log settings for all of the log categories.
Chapter 12 Log and Report Table 67 Configuration > Log & Report > Log Setting > Active Log Summary (continued) LABEL DESCRIPTION E-mail Server 1 E-mail Select whether each category of events should be included in the log messages when it is e-mailed (green check mark) and/or in alerts (red exclamation point) for the e-mail settings specified in E-Mail Server 1. The NWA does not e-mail debugging information, even if it is recorded in the System log.
C HAPTER 13 File Manager 13.1 Overview Configuration files define the NWA’s settings. Shell scripts are files of commands that you can store on the NWA and run when you need them. You can apply a configuration file or run a shell script without the NWA restarting. You can store multiple configuration files and shell script files on the NWA. You can edit configuration files or shell scripts in a text editor and upload them to the NWA. Configuration files use a .conf extension and shell scripts use a .
Chapter 13 File Manager While configuration files and shell scripts have the same syntax, the NWA applies configuration files differently than it runs shell scripts. This is explained below. Table 68 Configuration Files and Shell Scripts in the NWA Configuration Files (.conf) Shell Scripts (.zysh) • • • • • Resets to default configuration. Goes into CLI Configuration mode. Runs the commands in the configuration file. Goes into CLI Privilege mode. Runs the commands in the shell script.
Chapter 13 File Manager configuration files from the NWA to your computer and upload configuration files from your computer to the NWA. Once your NWA is configured and functioning properly, it is highly recommended that you back up your configuration file before making further configuration changes. The backup configuration file will be useful in case you need to return to your previous settings. Configuration File Flow at Restart • If there is not a startup-config.
Chapter 13 File Manager The following table describes the labels in this screen. Table 69 Maintenance > File Manager > Configuration File LABEL DESCRIPTION Rename Use this button to change the label of a configuration file on the NWA. You can only rename manually saved configuration files. You cannot rename the lastgood.conf, systemdefault.conf and startup-config.conf files. You cannot rename a configuration file to the name of another configuration file in the NWA.
Chapter 13 File Manager Table 69 Maintenance > File Manager > Configuration File (continued) LABEL DESCRIPTION Apply Use this button to have the NWA use a specific configuration file. Click a configuration file’s row to select it and click Apply to have the NWA use that configuration file. The NWA does not have to restart in order to use a different configuration file, although you will need to wait for a few minutes while the system reconfigures.
Chapter 13 File Manager Table 69 Maintenance > File Manager > Configuration File (continued) LABEL DESCRIPTION File Name This column displays the label that identifies a configuration file. You cannot delete the following configuration files or change their file names. The system-default.conf file contains the NWA’s default settings. Select this file and click Apply to reset all of the NWA settings to the factory defaults. This configuration file is included when you upload a firmware package.
Chapter 13 File Manager 8 Use "get” to download files. Transfer the configuration file on the NWA to your computer. Type get followed by the name of the configuration file. This examples uses get startup-config.conf. C:\>ftp 192.168.1.2 Connected to 192.168.1.2. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------220-You are user number 1 of 5 allowed. 220-Local time is now 21:28. Server port: 21.
Chapter 13 File Manager The firmware update can take up to five minutes. Do not turn off or reset the NWA while the firmware update is in progress! Figure 88 Maintenance > File Manager > Firmware Package The following table describes the labels in this screen. Table 70 Maintenance > File Manager > Firmware Package LABEL DESCRIPTION Boot Module This is the version of the boot module that is currently on the NWA. Current Version This is the firmware version and the date created.
Chapter 13 File Manager 13.3.1 Example of Firmware Upload Using FTP This procedure requires the NWA’s firmware. Download the firmware package from www.zyxel.com and unzip it. The firmware file uses a .bin extension, for example, "225AAHY0C0.bin". Do the following after you have obtained the firmware file. 1 Connect your computer to the NWA. 2 The FTP server IP address of the NWA in standalone AP mode is 192.168.1.2, so set your computer to use a static IP address from 192.168.1.3 ~192.168.1.254.
Chapter 13 File Manager Click Maintenance > File Manager > Shell Script to open this screen. Use the Shell Script screen to store, name, download, upload and run shell script files. You can store multiple shell script files on the NWA at the same time. Note: You should include write commands in your scripts. If you do not use the write command, the changes will be lost when the NWA restarts. You could use multiple write commands in a long script.
Chapter 13 File Manager Table 71 Maintenance > File Manager > Shell Script (continued) LABEL DESCRIPTION # This column displays the number for each shell script file entry. File Name This column displays the label that identifies a shell script file. Size This column displays the size (in KB) of a shell script file. Last Modified This column displays the date and time that the individual shell script files were last changed or saved.
Chapter 13 File Manager 162 NWA5120 Series User’s Guide
C HAPTER 14 Diagnostics 14.1 Overview Use the diagnostics screen for troubleshooting. 14.1.1 What You Can Do in this Chapter • The Diagnostics screen (Section 14.2 on page 163) generates a file containing the NWA’s configuration and diagnostic information if you need to provide it to customer support during troubleshooting. 14.2 Diagnostics This screen provides an easy way for you to generate a file containing the NWA’s configuration and diagnostic information.
Chapter 14 Diagnostics Table 72 Maintenance > Diagnostics 164 LABEL DESCRIPTION Collect Now Click this to have the NWA create a new diagnostic file. Download Click this to save the most recent diagnostic file to a computer.
C HAPTER 15 Reboot 15.1 Overview Use this to restart the device. 15.1.1 What You Need To Know If you applied changes in the Web configurator, these were saved automatically and do not change when you reboot. If you made changes in the CLI, however, you have to use the write command to save the configuration before you reboot. Otherwise, the changes are lost when you reboot. Reboot is different to reset; reset returns the device to its default configuration. 15.
Chapter 15 Reboot 166 NWA5120 Series User’s Guide
C HAPTER 16 Shutdown 16.1 Overview Use this screen to shutdown the device. Always use Maintenance > Shutdown > Shutdown or the shutdown command before you turn off the NWA or remove the power. Not doing so can cause the firmware to become corrupt. 16.1.1 What You Need To Know Shutdown writes all cached data to the local storage and stops the system processes. Shutdown is different to reset; reset returns the device to its default configuration. 16.
Chapter 16 Shutdown 168 NWA5120 Series User’s Guide
C HAPTER 17 Troubleshooting 17.1 Overview This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LED • NWA Access and Login • Internet Access • Wireless Connections • Resetting the NWA 17.2 Power, Hardware Connections, and LED The NWA does not turn on. The LED is not on. 1 Make sure you are using the power adaptor included with the NWA or a PoE power injector.
Chapter 17 Troubleshooting 5 If the problem continues, contact the vendor. 17.3 NWA Access and Login I forgot the IP address for the NWA. 1 The default IP address is 192.168.1.2. 2 If you changed the IP address and have forgotten it, you have to reset the device to its factory defaults. See Section 17.6 on page 175. 3 If your NWA is a DHCP client, you can find your IP address from the DHCP server. This information is only available from the DHCP server which allocates IP addresses on your network.
Chapter 17 Troubleshooting • Try to access the NWA using another service, such as Telnet. If you can access the NWA, check the remote management settings to find out why the NWA does not respond to HTTP. • If your computer is connected wirelessly, use a computer that is connected to a LAN/ETHERNET port. I forgot the password. 1 The default password is 1234. 2 If this does not work, you have to reset the device to its factory defaults. See Section 17.6 on page 175.
Chapter 17 Troubleshooting 2 Make sure the NWA is connected to a broadband modem or router with Internet access and your computer is set to obtain an dynamic IP address. 3 If you are trying to access the Internet wirelessly, make sure the wireless settings on the wireless client are the same as the settings on the NWA. 4 Disconnect all the cables from your device, and follow the directions in the Quick Start Guide again. 5 If the problem continues, contact your ISP.
Chapter 17 Troubleshooting 1 Make sure the wireless LAN (wireless radio) is enabled on the NWA. 2 Make sure the radio or at least one of the NWA’s radios is operating in AP mode. 3 Make sure the wireless adapter (installed on your computer) is working properly. 4 Make sure the wireless adapter (installed on your computer) is IEEE 802.11 compatible and supports the same wireless standard as the NWA’s active radio.
Chapter 17 Troubleshooting • PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses lowercase letters, uppercase letters and numerals to convert a binary PKCS#7 certificate into a printable form. • Binary PKCS#12: This is a format for transferring public key and private key certificates.The private key in a PKCS #12 file is within a password-encrypted envelope. The file’s password is not connected to your certificate’s public or private passwords.
Chapter 17 Troubleshooting In the Monitor > Wireless > AP Information > Radio List screen, there is no load balancing indicator associated with any APs assigned to the load balancing task. • Check to be sure that the AP profile which contains the load balancing settings is correctly assigned to the APs in question. • The load balancing task may have been terminated because further load balancing on the APs in question is no longer required. 17.
Chapter 17 Troubleshooting 176 NWA5120 Series User’s Guide
A PPENDIX A Importing Certificates This appendix shows you how to import public key certificates into your web browser. Public key certificates are used by web browsers to ensure that a secure web site is legitimate. When a certificate authority such as VeriSign, Comodo, or Network Solutions, to name a few, receives a certificate request from a website operator, they confirm that the web domain and contact information in the request match those on public record with a domain name registrar.
Appendix A Importing Certificates 178 1 If your device’s Web Configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error. 2 Click Continue to this website (not recommended). 3 In the Address Bar, click Certificate Error > View certificates.
Appendix A Importing Certificates 4 In the Certificate dialog box, click Install Certificate. 5 In the Certificate Import Wizard, click Next.
Appendix A Importing Certificates 180 6 If you want Internet Explorer to Automatically select certificate store based on the type of certificate, click Next again and then go to step 9. 7 Otherwise, select Place all certificates in the following store and then click Browse. 8 In the Select Certificate Store dialog box, choose a location in which to save the certificate and then click OK.
Appendix A Importing Certificates 9 In the Completing the Certificate Import Wizard screen, click Finish. 10 If you are presented with another Security Warning, click Yes. 11 Finally, click OK when presented with the successful certificate installation message.
Appendix A Importing Certificates 12 The next time you start Internet Explorer and go to a ZyXEL Web Configurator page, a sealed padlock icon appears in the address bar. Click it to view the page’s Website Identification information. Installing a Stand-Alone Certificate File in Internet Explorer Rather than browsing to a ZyXEL Web Configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you.
Appendix A Importing Certificates Removing a Certificate in Internet Explorer This section shows you how to remove a public key certificate in Internet Explorer 7 on Windows XP. 1 Open Internet Explorer and click Tools > Internet Options. 2 In the Internet Options dialog box, click Content > Certificates.
Appendix A Importing Certificates 184 3 In the Certificates dialog box, click the Trusted Root Certificates Authorities tab, select the certificate that you want to delete, and then click Remove. 4 In the Certificates confirmation, click Yes. 5 In the Root Certificate Store dialog box, click Yes. 6 The next time you go to the web site that issued the public key certificate you just removed, a certification error appears.
Appendix A Importing Certificates Firefox The following example uses Mozilla Firefox 2 on Windows XP Professional; however, the screens can also apply to Firefox 2 on all platforms. 1 If your device’s Web Configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error. 2 Select Accept this certificate permanently and click OK. 3 The certificate is stored and you can now connect securely to the Web Configurator.
Appendix A Importing Certificates Installing a Stand-Alone Certificate File in Firefox Rather than browsing to a ZyXEL Web Configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you. 186 1 Open Firefox and click Tools > Options. 2 In the Options dialog box, click Advanced > Encryption > View Certificates.
Appendix A Importing Certificates 3 In the Certificate Manager dialog box, click Web Sites > Import. 4 Use the Select File dialog box to locate the certificate and then click Open. 5 The next time you visit the web site, click the padlock in the address bar to open the Page Info > Security window to see the web page’s security information. Removing a Certificate in Firefox This section shows you how to remove a public key certificate in Firefox 2.
Appendix A Importing Certificates 188 1 Open Firefox and click Tools > Options. 2 In the Options dialog box, click Advanced > Encryption > View Certificates.
Appendix A Importing Certificates 3 In the Certificate Manager dialog box, select the Web Sites tab, select the certificate that you want to remove, and then click Delete. 4 In the Delete Web Site Certificates dialog box, click OK. 5 The next time you go to the web site that issued the public key certificate you just removed, a certification error appears.
Appendix A Importing Certificates 190 NWA5120 Series User’s Guide
A PPENDIX B Legal Information Copyright Copyright © 2013 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
Appendix B Legal Information IC Radiation Exposure Statement This equipment complies with IC radiation exposure limits set forth for an uncontrolled environment. End users must follow the specific operating instructions for satisfying RF exposure compliance.
Appendix B Legal Information Open Source Licenses This product contains in part some free software distributed under GPL license terms and/or GPL like licenses. Open source licenses are provided with the firmware package. You can download the latest firmware at www.zyxel.com. To obtain the source code covered under those Licenses, please contact support@zyxel.com.tw to get it. Regulatory Information European Union The following information applies if you use the product within the European Union.
Appendix B Legal Information National Restrictions This product may be used in all EU countries (and other countries following the EU directive 1999/5/EC) without any limitation except for the countries mentioned below: Ce produit peut être utilisé dans tous les pays de l’UE (et dans tous les pays ayant transposés la directive 1999/5/CE) sans aucune limitation, excepté pour les pays mentionnés ci-dessous: Questo prodotto è utilizzabile in tutte i paesi EU (ed in tutti gli altri paesi che seguono le diretti
Appendix B Legal Information List of national codes COUNTRY ISO 3166 2 LETTER CODE COUNTRY ISO 3166 2 LETTER CODE Austria AT Malta MT Belgium BE Netherlands NL Cyprus CY Poland PL PT Czech Republic CR Portugal Denmark DK Slovakia SK Estonia EE Slovenia SI Finland FI Spain ES France FR Sweden SE Germany DE United Kingdom GB Greece GR Iceland IS Hungary HU Liechtenstein LI Ireland IE Norway NO Italy IT Switzerland CH Latvia LV Bulgaria BG Lithuania
Appendix B Legal Information RoHS ENGLISH DEUTSCH ESPAÑOL FRANÇAIS Green Product Declaration Grünes Produkt Erklärung Declaración de Producto Ecológico Déclaration de Produit Vert RoHS Directive 2011/65/EU RoHS Richtlinie 2011/65/EU Directiva RoHS 2011/65/UE Directive RoHS 2011/65/UE WEEE Directive 2002/96/EC (WEEE: Waste Electrical and Electronic Equipment) 2003/108/EC;2008/34/EC ElektroG Richtlinie 2002/96/EG (ElektroG: Über Elektro- und Elektronik-Altgeräte) 2003/108/EG;2008/34/EG Directiv
Index Index Symbols A access 19 access privileges 14 access users 65 see also users 65 admin users 65 multiple logins 70 see also users 65 alerts 141, 144, 145, 147, 148, 149 applications MBSSID 14 B backing up configuration files 153 Basic Service Set see BSS boot module 158 BSS 14 certificates 95 advantages of 96 and CA 96 and FTP 133 and HTTPS 118 and SSH 130 and WWW 120 certification path 96, 104, 109 expired 96 factory-default 96 file formats 96 fingerprints 105, 110 importing 99 not used for encry
Index editing 151 how applied 152 lastgood.conf 153, 156 managing 152 startup-config.conf 156 startup-config-bad.conf 153 syntax 151 system-default.
Index HyperText Transfer Protocol over Secure Socket Layer, see HTTPS regular 47 types of 47 logout Web Configurator 22 I IEEE 802.
Index daily 140 daily e-mail 140 O objects certificates 95 users, account user 65 reset 175 vs reboot 165 vs shutdown 167 Online Certificate Status Protocol (OCSP) 111 vs CRL 111 restart 165 other documentation 2 overview 13 RESET button 18, 175 RF interference 15 RFC 2510 (Certificate Management Protocol or CMP) 102 Rivest, Shamir and Adleman public-key algorithm (RSA) 101 P packet statistics 42 physical ports packet statistics 42 pop-up windows 19 power off 18 power on 18 product registration 192
Index MIB 134, 135 network components 134 Set 134 Trap 134 traps 135 versions 133 SSH 128 and certificates 130 client requirements 130 encryption methods 130 for secure Telnet 131 how connection is established 129 versions 130 with Linux 131 with Microsoft Windows 131 SSID 14 SSID profile pre-configured 14 SSID profiles 14 SSL 118 starting the device 17 startup-config.conf 156 if errors 153 missing at restart 153 present at restart 153 startup-config-bad.
Index V Vantage Report (VRPT) 142, 147 VoIP 14 VRPT (Vantage Report) 142, 147 W warm start 18 warning message popup 27 warranty 192 note 192 Web Configurator 16, 19 access 19 requirements 19 supported browsers 19 web configurator 13 WEP (Wired Equivalent Privacy) 74 Wi-Fi Protected Access 74 wireless channel 173 wireless client 54 wireless LAN 173 Wireless network overview 53 wireless network example 53 wireless profile 73 layer-2 isolation 73 MAC filtering 73 radio 73 security 73 SSID 73 wireless securit
