NWA1121-NI 802.11b/g/n PoE Access Point Default Login Details IP Address http://192.168.1.2 User Name admin Password 1234 Version 1.00 Edition 1, 03/2012 IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. www.zyxel.com www.zyxel.
IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. Graphics in this book may differ slightly from the product due to differences in operating systems, operating system versions, or if you installed updated firmware/software for your device. Every effort has been made to ensure that the information in this manual is accurate. Related Documentation • Quick Start Guide The Quick Start Guid is designed to help you get up and running right away.
Contents Overview Contents Overview User’s Guide .........................................................................................................................................9 Introducing the NWA1121-NI ................................................................................................................... 11 Introducing the Web Configurator ...........................................................................................................19 Dashboard ........................
Contents Overview 4 NWA1121-NI User’s Guide
Table of Contents Table of Contents Contents Overview ..............................................................................................................................3 Table of Contents .................................................................................................................................5 Part I: User’s Guide ........................................................................................... 9 Chapter 1 Introducing the NWA1121-NI............................
Table of Contents 4.1 How to Configure the Wireless LAN ..................................................................................................29 4.1.1 Choosing the Wireless Mode ...................................................................................................29 4.1.2 Further Reading .......................................................................................................................29 4.2 How to Configure Multiple Wireless Networks ...........................
Table of Contents 6.6.2 Security: 802.1x Only ..............................................................................................................77 6.6.3 Security: 802.1x Static WEP ....................................................................................................79 6.6.4 Security: WPA, WPA2, WPA2-MIX ..........................................................................................83 6.6.5 Security: WPA-PSK, WPA2-PSK, WPA2-PSK-MIX ......................................
Table of Contents 10.1 Overview ....................................................................................................................................... 115 10.2 What You Can Do in this Chapter ................................................................................................. 115 10.3 What You Need To Know .............................................................................................................. 116 10.4 Log Settings Screen .................................
P ART I User’s Guide 9
C HAPT ER 1 Introducing the NWA1121-NI This chapter introduces the main applications and features of the NWA1121-NI. It also discusses the ways you can manage your NWA1121-NI. 1.1 Introducing the NWA1121-NI Your NWA1121-NI is an IPv6 wireless AP (Access Point) that can function in several wireless modes. It extends the range of your existing wired network without additional wiring, providing easy network access to mobile users.
Chapter 1 Introducing the NWA1121-NI Multiple BSS (MBSSID) mode, the NWA1121-NI provides multiple virtual APs, each forming its own BSS and using its own individual SSID profile. You can configure multiple SSID profiles, and have all of them active at any one time. You can assign different wireless and security settings to each SSID profile. This allows you to compartmentalize groups of users, set varying access privileges, and prioritize network traffic to and from certain BSSs.
Chapter 1 Introducing the NWA1121-NI 1.2.2 Wireless Client The NWA1121-NI can be used as a wireless client to communicate with an existing network. In the figure below, the printer can receive requests from the wired computer clients A and B via the NWA1121-NI in Client mode (Z).
Chapter 1 Introducing the NWA1121-NI 1.2.3 Root AP In Root AP mode, the NWA1121-NI (Z) can act as the root AP in a wireless network and also allow repeaters (X and Y) to extend the range of its wireless network at the same time. In the figure below, both clients A, B and C can access the wired network through the root AP.
Chapter 1 Introducing the NWA1121-NI between associated wireless clients and the wired LAN. Clients A, B and C access the AP and the wired network behind the AP throught repeaters Z and Y. Figure 4 Repeater Application When the NWA1121-NI is in Repeater mode, universal repeater security between the NWA1121-NI and other repeater is independent of the security between the wireless clients and the AP or repeater. If you do not enable universal repeater security, traffic between APs is not encrypted.
Chapter 1 Introducing the NWA1121-NI 1.4 Configuring Your NWA1121-NI’s Security Features Your NWA1121-NI comes with a variety of security features. This section summarizes these features and provides links to sections in the User’s Guide to configure security settings on your NWA1121-NI. Follow the suggestions below to improve security on your NWA1121-NI and network. 1.4.1 Control Access to Your Device Ensure only people with permission can access your NWA1121-NI.
Chapter 1 Introducing the NWA1121-NI • Back up the configuration (and make sure you know how to restore it). Restoring an earlier working configuration may be useful if the device becomes unstable or even crashes. If you forget your password, you will have to reset the NWA1121-NI to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the NWA1121-NI. You could simply restore your last configuration. 1.
Chapter 1 Introducing the NWA1121-NI 18 NWA1121-NI User’s Guide
C HAPT ER 2 Introducing the Web Configurator This chapter describes how to access the NWA1121-NI’s web configurator and provides an overview of its screens. 2.1 Accessing the Web Configurator 1 Make sure your hardware is properly connected and prepare your computer or computer network to connect to the NWA1121-NI (refer to the Quick Start Guide). 2 Launch your web browser. 3 Type "192.168.1.2" as the URL (default). The login screen appears.
Chapter 2 Introducing the Web Configurator Note: If you do not change the password, the following screen appears every time you login. Figure 7 Change Password Screen You should now see the Dashboard screen. See Chapter 2 on page 19 for details about the Dashboard screen. 2.2 Resetting the NWA1121-NI If you forget your password or cannot access the web configurator, you will need to use the RESET button at the rear panel of the NWA1121-NI.
Chapter 2 Introducing the Web Configurator factory-default configuration file. This means that you will lose all the settings you previously configured. The password will be reset to “1234”. Figure 8 The RESET Button 2.2.1 Methods of Restoring Factory-Defaults You can erase the current configuration and restore factory defaults in two ways: Use the RESET button to upload the default configuration file. Hold this button in for about 3 seconds (the light will begin to blink).
Chapter 2 Introducing the Web Configurator 2.3 Navigating the Web Configurator The following summarizes how to navigate the web configurator from the Dashboard screen. Figure 9 Status Screen of the Web Configurator A B C As illustrated above, the Web Configurator screen is divided into these parts: • A - title bar • B - navigation panel • C - main window 2.3.1 Title Bar Click Logout at any time to exit the Web Configurator.
Chapter 2 Introducing the Web Configurator 2.3.2 Navigation Panel Use the menu items on the navigation panel to open screens to configure NWA1121-NI features. The following tables describe each menu item. Table 2 Navigation Panel Summary LINK TAB Dashboard FUNCTION This screen shows the NWA1121-NI’s general device and network status information. Use this screen to access the statistics and client list. Monitor Logs View Log Use this screen to view the logs for the categories that you selected.
Chapter 2 Introducing the Web Configurator Table 2 Navigation Panel Summary LINK TAB FUNCTION Configuration File Use this screen to backup and restore your device’s configuration (settings) or reset the factory default settings. Restart Use this screen to reboot the NWA1121-NI without turning the power off. 2.3.3 Main Window The main window displays information and configuration fields. It is discussed in the rest of this document.
C HAPT ER 3 Dashboard The Dashboard screens display when you log into the NWA1121-NI, or click Dashboard in the navigation menu. Use the Dashboard screen to look at the current status of the device, system resources, and interfaces. The Dashboard screens also provide detailed information about system statistics, associated wireless clients, and logs. 3.1 The Dashboard Screen Use this screen to get a quick view of system, Ethernet, WLAN and other information regarding your NWA1121-NI. Click Dashboard.
Chapter 3 Dashboard The following table describes the labels in this screen. Table 3 The Dashboard Screen LABEL DESCRIPTION Refresh Interval Select how often you want the NWA1121-NI to update this screen. Refresh Now Click this to update this screen immediately. System Information System Name This field displays the NWA1121-NI system name. It is used for identification. You can change this in the Maintenance > General screen’s System Name field.
Chapter 3 Dashboard Table 3 The Dashboard Screen (continued) LABEL Current Date/Time DESCRIPTION This field displays the date and time configured on the NWA1121-NI. You can change this in the Maintenance > Time screen. System Resource CPU Usage This field displays what percentage of the NWA1121-NI’s processing ability is currently being used. The higher the CPU usage, the more likely the NWA1121-NI is to slow down.
Chapter 3 Dashboard 28 NWA1121-NI User’s Guide
C HAPT ER 4 Tutorial This chapter first provides an overview of how to configure the wireless LAN on your NWA1121-NI, and then gives step-by-step guidelines showing how to configure your NWA1121-NI for some example scenarios. 4.1 How to Configure the Wireless LAN This section illustrates how to choose which wireless operating mode to use on the NWA1121-NI and how to set up the wireless LAN in each wireless mode. See Section 4.1.2 on page 29 for links to more information on each step. 4.1.
Chapter 4 Tutorial 6.4.4 on page 69) to provide multiple wireless networks. Each wireless network will cater to a different type of user. You want to make three wireless networks: one standard office wireless network with all the same settings you already have, another wireless network with high priority QoS settings for Voice over IP (VoIP) users, and a guest network that allows visitors to access only the Internet and the network printer.
Chapter 4 Tutorial To configure these settings, you need to know the Media Access Control (MAC) addresses of the devices you want to allow users of the guest network to access. The following table shows the addresses used in this example. Table 4 Tutorial: Example Information Network router (A) MAC address 00:AA:00:AA:00:AA Network printer (B) MAC address AA:00:AA:00:AA:00 4.2.1 Configure the SSID Profiles 1 Log in to the NWA1121-NI (see Section 2.1 on page 19). Click Wireless LAN > SSID.
Chapter 4 Tutorial 4.2.1.1 MBSSID 32 1 Go to Wireless LAN > Wireless Settings. Select MBSSID from the Operation Mode drop-down list box. 2 SSID01 is the standard network, so select SSID01 as the first profile. It is always active. 3 Select VoIP_SSID as the second profile, and Guest_SSID as the third profile. Select the corresponding Active check-boxes. 4 Click Apply to save your settings. Now the three SSIDs are activated.
Chapter 4 Tutorial 4.2.2 Configure the Standard Network 1 Click Wireless LAN > SSID. Click the Edit icon next to SSID01. 2 Select SecProfile1 as SSID01’s security profile. Select the Hidden SSID checkbox as you want only authorized company employees to use this network, so there is no need to broadcast the SSID to wireless clients scanning the area. Also, the clients on SSID01 might need to access other clients on the same wireless network. Do not select the Intra-BSS Traffic blocking check-box.
Chapter 4 Tutorial 3 Next, click Wireless LAN > Security. Click the Edit icon next to SecProfile1. 4 Since SSID01 is the standard network that has access to all resources, assign a more secure security mode. Select WPA2-PSK-MIX as the Security Mode, and enter the Pre-Shared Key. In this example, use ThisisSSID01PreSharedKey. Click Apply. 5 You have finished configuring the standard network, SSID01. 4.2.3 Configure the VoIP Network 34 1 Go to Wireless LAN > SSID.
Chapter 4 Tutorial 3 Select WMM_VOICE in the QoS field to give VoIP the highest priority in the wireless network. Click Apply. 4 Next, click Wireless LAN > Security. Click the Edit icon next to SecProfile2.
Chapter 4 Tutorial 5 Select WPA2-PSK as the Security Mode, and enter the Pre-Shared Key. In this example, use ThisisVoIPPreSharedKey. Click Apply. 6 Your VoIP wireless network is now ready to use. Any traffic using the VoIP_SSID profile will be given the highest priority across the wireless network. 4.2.
Chapter 4 Tutorial 4 Select the check-box of Intra-BSS Traffic blocking Enabled. Click Apply. 5 Next, click Wireless LAN > Security. Click the Edit icon next to SecProfile3. 6 Select WPA-PSK in the Security Mode field. WPA-PSK provides strong security that is supported by most wireless clients. Even though your Guest_SSID clients do not have access to sensitive information on the network, you should not leave the network without security.
Chapter 4 Tutorial 7 Enter the PSK you want to use in your network in the Pre Shared Key field. In this example, the PSK is ThisismyGuestWPApre-sharedkey. Click Apply. 8 Your guest wireless network is now ready to use. 4.2.5 Testing the Wireless Networks To make sure that the three networks are correctly configured, do the following. • On a computer with a wireless client, scan for access points. You should see the Guest_SSID network, but not the SSID01 and VoIP_SSID networks.
Chapter 4 Tutorial to allow wireless traffic between B and wireless clients connected to A (W, Y and Z). Other wireless devices (X) must not be able to connect to the FTP server. Figure 11 FTP Server Connected to a Wireless Client 4.3.2 Configuring the NWA1121-NI in MBSSID or Root AP Mode Before setting up the NWA1121-NI as a wireless client (B), you need to make sure there is an access point to connect to. Use the Ethernet port on NWA1121-NI (A) to configure it via a wired connection.
Chapter 4 Tutorial Log into the Web Configurator on NWA1121-NI (A) and go to the Wireless LAN > Wireless Settings screen. 40 1 Set the Operation Mode to Root AP. 2 Select the Wireless Mode. In this example, select 802.11b/g/n. 3 Select Profile1 as the SSID Profile. 4 Choose the Channel you want NWA1121-NI (A) to use. 5 Click Apply.
Chapter 4 Tutorial 6 Go to Wireless LAN > SSID. Click the Edit icon next to Profile1. 7 Change the SSID to AP-A. 8 Select SecProfile1 in the Security field. 9 Select the check-box for Intra-BSS Traffic blocking Enabled so the client cannot access other clients on the same wireless network. 10 Click Apply.
Chapter 4 Tutorial 11 Go to Wireless LAN > Security. Click the Edit icon next to SecProfile1. 12 Configure WPA-PSK as the Security Mode and enter ThisisMyPreSharedKey in the PreShared Key field. 13 Click Apply to finish configuration for NWA1121-NI (A). 4.3.3 Configuring the NWA1121-NI in Wireless Client Mode The NWA1121-NI (B) should have a wired connection before it can be set to wireless client operating mode. Connect your NWA1121-NI to the FTP server.
Chapter 4 Tutorial 1 Select Client as Operation Mode. Click Apply. 2 Click on the Site Survey button. A window should pop up which contains a list of all available wireless devices within your NWA1121-NI’s range. 3 Find and select NWA1121-NI (A)’s SSID: AP-A.
Chapter 4 Tutorial 4 Go to Wireless LAN > Security to configure the NWA1121-NI to use the same security mode and Pre-Shared Key as NWA1121-NI (A): WPA-PSK/ThisisMyPreSharedKey. Click Apply. Figure 12 4.3.4 MAC Filter Setup One way to ensure that only specified wireless clients can access the FTP server is by enabling MAC filtering on NWA1121-NI (B) (See Section 6.8 on page 89 for more information on MAC Filter). 1 Go to Wireless LAN > MAC Filter. Click the Edit icon next to MacProfile1.
Chapter 4 Tutorial 4.3.5 Testing the Connection and Troubleshooting This section discusses how you can check if you have correctly configured your network setup as described in this tutorial. • Try accessing the FTP server from wireless clients W, Y or Z. Test if you can send or retrieve a file. If you cannot establish a connection with the FTP server, do the following steps. 1 Make sure W, Y and Z use the same wireless security settings as A and can access A.
Chapter 4 Tutorial 46 NWA1121-NI User’s Guide
P ART II Technical Reference The appendices provide general information. Some details may not apply to your NWA1121-NI.
C HAPT ER 5 Monitor 5.1 Overview This chapter discusses read-only information related to the device state of the NWA1121-NI. Note: To access the Monitor screens, you can also click the links in the Summary table of the Dashboard screen to view the wireless packets sent/received as well as the status of clients connected to the NWA1121-NI. 5.2 What You Can Do • Use the Logs screen to see the logs for the categories that you selected in the Configuration > Log Settings screen (see Section 5.3 on page 49).
Chapter 5 Monitor Click Monitor > Logs. Figure 13 Logs The following table describes the labels in this screen. Table 5 Logs LABEL DESCRIPTION Display Select a category of logs to view. Select All Log to view logs from all of the log categories that you selected in the Configuration > Log Settings screen.
Chapter 5 Monitor Click Monitor > Statistics. The following screen pops up. Figure 14 Statistics The following table describes the labels in this screen. Table 6 Statistics LABEL DESCRIPTION Description This is the wireless interface on the NWA1121-NI. 802.11 Mode This field shows which 802.11 mode the NWA1121-NI is using. Channel ID This shows the channel number which the NWA1121-NI is currently using over the wireless LAN. RX Pkts This is the number of received packets on this port.
Chapter 5 Monitor Click Monitor > Association List to display the screen as shown next. Figure 15 Association List The following table describes the labels in this screen. Table 7 Association List LABEL DESCRIPTION # This is the index number of an associated wireless device. MAC Address This field displays the MAC address of an associated wireless device. SSID This field displays the SSID to which the wireless device is associated.
Chapter 5 Monitor Wait a moment while the NWA1121-NI compiles the information. Figure 16 Channel Usage The following table describes the labels in this screen. Table 8 Channel Usage LABEL DESCRIPTION SSID This is the Service Set IDentification (SSID) name of the AP in an Infrastructure wireless network or wireless station in an Ad-Hoc wireless network.
Chapter 5 Monitor 54 NWA1121-NI User’s Guide
C HAPT ER 6 Wireless LAN 6.1 Overview This chapter discusses the steps to configure the Wireless Settings screen on the NWA1121-NI. It also introduces the wireless LAN (WLAN) and some basic scenarios. Figure 17 Wireless Mode In the figure above, the NWA1121-NI allows access to another bridge device (A) and a notebook computer (B) upon verifying their settings and credentials. It denies access to other devices (C and D) with configurations that do not match those specified in your NWA1121-NI. 6.
Chapter 6 Wireless LAN 6.3 What You Need To Know BSS A Basic Service Set (BSS) exists when all communications between wireless clients or between a wireless client and a wired network client go through one access point (AP). Intra-BSS traffic is traffic between wireless clients in the BSS. ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network.
Chapter 6 Wireless LAN Wireless Mode The IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional accounting and control features. Your NWA1121-NI can support 802.11b/g, 802.11n and 802.11b/g/n. MBSSID Traditionally, you needed to use different APs to configure different Basic Service Sets (BSSs). As well as the cost of buying extra APs, there was also the possibility of channel interference.
Chapter 6 Wireless LAN User Authentication Authentication is the process of verifying whether a wireless device is allowed to use the wireless network. You can make every user log in to the wireless network before they can use it. However, every device in the wireless network has to support IEEE 802.1x to do this. For wireless networks, you can store the user names and passwords for each user in a RADIUS server. This is a server used in businesses more than in homes.
Chapter 6 Wireless LAN Passphrase A passphrase functions like a password. In WEP security mode, it is further converted by the NWA1121-NI into a complicated string that is referred to as the “key”. This key is requested from all devices wishing to connect to a wireless network. PSK The Pre-Shared Key (PSK) is a password shared by a wireless access point and a client during a previous secure connection. The key can then be used to establish a connection between the two parties.
Chapter 6 Wireless LAN In the figure above, wireless clients A and B are trying to access the Internet via the NWA1121-NI. The NWA1121-NI in turn queries the RADIUS server if the identity of clients A and U are allowed access to the Internet. In this scenario, only client U’s identity is verified by the RADIUS server and allowed access to the Internet. The RADIUS server handles the following tasks: • Authentication which determines the identity of the users.
Chapter 6 Wireless LAN 6.4.1 Root AP Mode Use this screen to use your NWA1121-NI as an access point. Select Root AP as the Operation Mode. The following screen displays.
Chapter 6 Wireless LAN The following table describes the general wireless LAN labels in this screen. Table 10 Wireless LAN > Wireless Settings: Root AP LABEL DESCRIPTION Basic Settings Wireless LAN Interface Select the check box to turn on the wireless LAN on the NWA1121-NI. Operation Mode Select Root AP from the drop-down list. Wireless Mode Select 802.11b/g to allow both IEEE802.11b and IEEE802.11g compliant WLAN devices to associate with the NWA1121-NI.
Chapter 6 Wireless LAN Table 10 Wireless LAN > Wireless Settings: Root AP (continued) LABEL DESCRIPTION Advanced Settings Beacon Interval When a wirelessly network device sends a beacon, it includes with it a beacon interval. This specifies the time period before the device sends the beacon again. The interval tells receiving devices on the network how long they can wait in lowpower mode before waking up to handle the beacon. A high value helps save current consumption of the access point.
Chapter 6 Wireless LAN 6.4.2 Repeater Mode Use this screen to have the NWA1121-NI act as a wireless repeater. You need to know the MAC address of the peer device, which also must be in Repeater or Root AP mode. Figure 21 Wireless LAN > Wireless Settings: Repeater The following table describes the bridge labels in this screen.
Chapter 6 Wireless LAN Table 11 Wireless LAN > Wireless Settings: Repeater (continued) LABEL DESCRIPTION Wireless Mode Select 802.11b/g to allow both IEEE802.11b and IEEE802.11g compliant WLAN devices to associate with the NWA1121-NI. The transmission rate of your NWA1121-NI might be reduced. Select 802.11b/g/n to allow IEEE802.11b, IEEE802.11g and IEEE802.11n compliant WLAN devices to associate with the NWA1121-NI. The transmission rate of the NWA1121NI might be reduced. Select 802.
Chapter 6 Wireless LAN Table 11 Wireless LAN > Wireless Settings: Repeater (continued) LABEL DESCRIPTION Preamble Type Select Dynamic to have the AP automatically use short preamble when wireless adapters support it, otherwise the AP uses long preamble. Select Long if you are unsure what preamble mode the wireless adapters support, and to provide more reliable communications in busy wireless networks. RTS/CTS Threshold (Request To Send) The threshold (number of bytes) for enabling RTS/CTS handshake.
Chapter 6 Wireless LAN 6.4.3 Wireless Client Mode Use this screen to turn your NWA1121-NI into a wireless client. Select Client as the Operation Mode. The following screen displays. Figure 22 Wireless LAN > Wireless Settings: Wireless Client The following table describes the general wireless LAN labels in this screen. Table 12 Wireless LAN > Wireless Settings: Wireless Client LABEL DESCRIPTION Basic Settings Wireless LAN Interface Select the check box to turn on the wireless LAN on the NWA1121-NI.
Chapter 6 Wireless LAN Table 12 Wireless LAN > Wireless Settings: Wireless Client (continued) LABEL DESCRIPTION SSID Profile The SSID (Service Set IDentifier) identifies the Service Set with which a wireless station is associated. Wireless stations associating to the access point (AP) must have the same SSID. In this field, select the SSID profile of the AP you want to use. Click Apply. The SSID used in the selected SSID profile automatically changes to be the one you select in the Site Survey screen.
Chapter 6 Wireless LAN Table 12 Wireless LAN > Wireless Settings: Wireless Client (continued) LABEL DESCRIPTION Short GI Select Enabled to use Short GI (Guard Interval). The guard interval is the gap introduced between data transmission from users in order to reduce interference. Reducing the GI increases data transfer rates but also increases interference. Increasing the GI reduces data transfer rates but also reduces interference. Apply Click Apply to save your changes.
Chapter 6 Wireless LAN The following table describes the labels in this screen. Table 13 Wireless LAN > Wireless Settings: MBSSID LABEL DESCRIPTION Basic Settings Wireless LAN Interface Select the check box to turn on the wireless LAN on the NWA1121-NI. Operation Mode Select MBSSID from the drop-down list. Wireless Mode Select 802.11b/g to allow both IEEE802.11b and IEEE802.11g compliant WLAN devices to associate with the NWA1121-NI. The transmission rate of your NWA1121-NI might be reduced.
Chapter 6 Wireless LAN Table 13 Wireless LAN > Wireless Settings: MBSSID (continued) LABEL DESCRIPTION Preamble Type Select Dynamic to have the AP automatically use short preamble when wireless adapters support it, otherwise the AP uses long preamble. Select Long if you are unsure what preamble mode the wireless adapters support, and to provide more reliable communications in busy wireless networks. RTS/CTS Threshold (Request To Send) The threshold (number of bytes) for enabling RTS/CTS handshake.
Chapter 6 Wireless LAN 6.5 SSID Screen Use this screen to view and modify the settings of the SSID profiles on the NWA1121-NI. Click Wireless LAN > SSID to display the screen as shown. Figure 24 Wireless LAN > SSID The following table describes the labels in this screen. Table 14 Wireless LAN > SSID LABEL DESCRIPTION Profile Settings # 72 This field displays the index number of each SSID profile. Profile Name This field displays the identification name of each SSID profile on the NWA1121-NI.
Chapter 6 Wireless LAN 6.5.1 Configuring SSID Use this screen to configure an SSID profile. In the Wireless LAN > SSID screen, click Edit next to the SSID profile you want to configure to display the following screen. Figure 25 SSID: Edit The following table describes the labels in this screen. Table 15 SSID: Edit LABEL DESCRIPTION Profile Name This is the name that identifying this profile.
Chapter 6 Wireless LAN Table 15 SSID: Edit (continued) LABEL DESCRIPTION BSSID VLAN ID Enter a VLAN ID for the SSID profile. Packets coming from the WLAN using this SSID profile are tagged with the VLAN ID number by the NWA1121-NI. Number of Wireless Stations Allowed to Associate Use this field to set a maximum number of wireless stations that may connect to the device.
Chapter 6 Wireless LAN The Security Settings screen varies depending upon the security mode you select. Figure 27 Security: None Note that some screens display differently depending on the operating mode selected in the Wireless LAN > Wireless Settings screen. Note: You must enable the same wireless security settings on the NWA1121-NI and on all wireless clients that you want to associate with it.
Chapter 6 Wireless LAN 6.6.1 Security: WEP Use this screen to use WEP as the security mode for your NWA1121-NI. Select WEP in the Security Mode field to display the following screen. Figure 28 Security: WEP The following table describes the labels in this screen. Table 16 Security: WEP 76 LABEL DESCRIPTION Profile Name This is the name that identifying this profile. Security Mode Choose WEP in this field. Authentication Type Select Open or Shared from the drop-down list box.
Chapter 6 Wireless LAN Table 16 Security: WEP (continued) LABEL DESCRIPTION Key 1 to The WEP keys are used to encrypt data. Both the NWA1121-NI and the wireless stations must use the same WEP key for data transmission. Key 4 If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F"). If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal characters ("0-9", "A-F").
Chapter 6 Wireless LAN Table 17 Security: 802.1x Only for Access Point (continued) LABEL DESCRIPTION Reauthentication Time Specify how often wireless stations have to resend user names and passwords in order to stay connected. Enter a time interval between 100 and 3600 seconds. Alternatively, enter “0” to turn reauthentication off. Note: If wireless station authentication is done using a RADIUS server, the reauthentication timer on the RADIUS server has priority.
Chapter 6 Wireless LAN Table 18 Security: 802.1x Only for Wireless Client (continued) LABEL DESCRIPTION Security Mode Choose the same security mode used by the AP. IEEE802.1x Authentication Eap Type The options on the left refer to EAP methods. You can choose either TLS, LEAP, PEAP or TTLS. If you select TTLS or PEAP, the options on the right refer to authentication protocols. You can choose between PAP, CHAP, MSCHAP, MSCHAPv2 and/or GTC.
Chapter 6 Wireless LAN 6.6.3.1 Access Point Use this screen to use 802.1x static WEP security mode for your NWA1121-NI that is in root AP, MBSSID or repeater operating mode. Select 802.1X-Static WEP in the Security Mode field to display the following screen. Figure 31 Security: 802.1X-Static WEP for Access Point The following table describes the labels in this screen. Table 19 Security: 802.
Chapter 6 Wireless LAN Table 19 Security: 802.1X-Static WEP for Access Point (continued) LABEL DESCRIPTION Key 1 to The WEP keys are used to encrypt data. Both the NWA1121-NI and the wireless stations must use the same WEP key for data transmission. Key 4 If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F"). If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal characters ("0-9", "A-F").
Chapter 6 Wireless LAN 6.6.3.2 Wireless Client Use this screen to use 802.1x-Only security mode for your NWA1121-NI that is in wireless client operating mode. Select 802.1X-Static WEP in the Security Mode field to display the following screen. Figure 32 Security: 802.1X-Static WEP for Wireless Client The following table describes the labels in this screen. Table 20 Security: 802.
Chapter 6 Wireless LAN Table 20 Security: 802.1X-Static WEP for Wireless Client (continued) LABEL DESCRIPTION Data Encryption Select 64-bit WEP or 128-bit WEP to enable data encryption. Passphrase Enter the passphrase or string of text used for automatic WEP key generation. Generate Click this to get the keys from the Passphrase you entered. Key 1 to The WEP keys are used to encrypt data. Both the NWA1121-NI and the AP must use the same WEP key for data transmission.
Chapter 6 Wireless LAN 6.6.4.1 Access Point Use this screen to employ WPA or WPA2 as the security mode for your NWA1121-NI that is in root AP, MBSSID or repeater operating mode. Select WPA, WPA2 or WPA2-MIX in the Security Mode field to display the following screen. Figure 33 Security: WPA/WPA2 for Access Point The following table describes the labels in this screen.
Chapter 6 Wireless LAN 6.6.4.2 Wireless Client Use this screen to employ WPA or WPA2 as the security mode for your NWA1121-NI that is in wireless client operating mode. Select WPA or WPA2 in the Security Mode field to display the following screen. Figure 34 Security: WPA for Wireless Client The following table describes the labels in this screen. Table 22 Security: WPA/WPA2 for Wireless Client LABEL DESCRIPTION Security Settings Profile Name This is the name that identifying this profile.
Chapter 6 Wireless LAN Table 22 Security: WPA/WPA2 for Wireless Client (continued) LABEL DESCRIPTION Back Click Back to return to the previous screen. Apply Click Apply to save your changes. Cancel Click Cancel to begin configuring this screen afresh. 6.6.5 Security: WPA-PSK, WPA2-PSK, WPA2-PSK-MIX Use this screen to employ WPA-PSK, WPA2-PSK or WPA2-PSK-MIX as the security mode of your NWA1121-NI. Select WPA-PSK, WPA2-PSK or WPA2-PSK-MIX in the Security Mode field to display the following screen.
Chapter 6 Wireless LAN 6.7 RADIUS Screen Use this screen to set up your NWA1121-NI’s RADIUS server settings. Click Wireless LAN > RADIUS. The screen appears as shown. Figure 36 Wireless LAN > RADIUS Select a profile you want to configure and click Edit.
Chapter 6 Wireless LAN The following table describes the labels in this screen. Table 24 Wireless LAN > RADIUS LABEL DESCRIPTION Profile Name This is the name that identifying this RADIUS profile. Primary RADIUS Server Select the check box to enable user authentication through an external authentication server. Primary Server IP Address Enter the IP address of the RADIUS server to be used for authentication.
Chapter 6 Wireless LAN Table 24 Wireless LAN > RADIUS (continued) LABEL DESCRIPTION Apply Click Apply to save your changes. Cancel Click Cancel to begin configuring this screen afresh. 6.8 MAC Filter Screen Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. You need to know the MAC address of each device to configure MAC filtering on the NWA1121-NI.
Chapter 6 Wireless LAN Use this screen to enable MAC address filtering in your NWA1121-NI. You can specify MAC addresses to either allow or deny association with your NWA1121-NI. Click Wireless LAN > MAC Filter. The screen displays as shown. Figure 39 Wireless LAN > MAC Filter Select a profile you want to configure and click Edit.
Chapter 6 Wireless LAN The following table describes the labels in this screen. Table 25 Wireless LAN > MAC Filter LABEL DESCRIPTION Profile Name This is the name that identifying this profile. Access Control Mode Select Disabled if you do not want to use this feature. Select Allow to permit access to the NWA1121-NI. MAC addresses not listed will be denied access to the NWA1121-NI. Select Deny to block access to theNWA1121-NI. MAC addresses not listed will be allowed to access the NWA1121-NI.
Chapter 6 Wireless LAN TERM DESCRIPTION Roaming If you have two or more NWA1121-NIs (or other wireless access points) on your wireless network, you can enable this option so that wireless devices can change locations without having to log in again. This is useful for devices, such as notebooks, that move around a lot. Antenna An antenna couples Radio Frequency (RF) signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air.
Chapter 6 Wireless LAN 6.9.3 Security Mode Guideline The following is a general guideline in choosing the security mode for your NWA1121-NI. • Use WPA(2)-PSK if you have WPA(2)-aware wireless clients but no RADIUS server. • Use WPA(2) security if you have WPA(2)-aware wireless clients and a RADIUS server. WPA has user authentication and improved data encryption over WEP. • Use WPA(2)-PSK if you have WPA(2)-aware wireless clients but no RADIUS server.
C HAPT ER 7 LAN 7.1 Overview This chapter describes how you can configure the IP address of your NWA1121-NI. The Internet Protocol (IP) address identifies a device on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts. Figure 41 IPv4 Setup The figure above illustrates one possible setup of your NWA1121-NI. The gateway IPv4 address is 192.168.1.
Chapter 7 LAN IPv6 IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 1038 IP addresses. IPv6 Addressing The 128-bit IPv6 address is written as eight 16-bit hexadecimal blocks separated by colons (:). This is an example IPv6 address 2001:0db8:1a2b:0015:0000:0000:1a2f:0000. IPv6 addresses can be abbreviated in two ways: • Leading zeros in a block can be omitted.
Chapter 7 LAN 7.4 LAN IP Screen Use this screen to configure the IP address for your NWA1121-NI. Click Network > LAN to display the following screen. Figure 42 LAN IP The following table describes the labels in this screen. Table 29 LAN IP LABEL DESCRIPTION IPv4 Address Assignment Obtain IP Address Automatically Select this option if your NWA1121-NI is using a dynamically assigned IPv4 address from a DHCP server each time.
Chapter 7 LAN Table 29 LAN IP (continued) LABEL DESCRIPTION IPv6 Address Assignment Enable Stateful Address Autoconfiguration Select this to turn on IPv6 stateful autoconfiguration to have the NWA1121-NI obtain an IPv6 global address from a DHCPv6 server in your network. IPv6 Address/Prefix Length Enter your IPv6 address and prefix manually. System DNS Servers Primary DNS Server Enter the IPv4 address of the first DNS (Domain Name Service) server, if provided.
C HAPT ER 8 VLAN 8.1 Overview This chapter discusses how to configure the NWA1121-NI’s VLAN settings. Figure 43 Management VLAN Setup B A In the figure above, to access and manage the NWA1121-NI from computer A, the NWA1121-NI and switch B’s ports to which computer A and the NWA1121-NI are connected should be in the same VLAN. 8.1.1 What You Can Do in This Chapter The VLAN screens let you set up the NWA1121-NI’s mangement VLAN (Section 8.3 on page 99). 8.
Chapter 8 VLAN VLAN also increases network performance by limiting broadcasts to a smaller and more manageable logical broadcast domain. In traditional switched environments, all broadcast packets go to each and every individual port. With VLAN, all broadcasts are confined to a specific broadcast domain. IEEE 802.1Q Tag The IEEE 802.1Q standard defines an explicit VLAN tag in the MAC header to identify the VLAN membership of a frame across bridges.
Chapter 8 VLAN 100 NWA1121-NI User’s Guide
C HAPT ER 9 System 9.1 Overview This chapter shows you how to enable remote management of your NWA1121-NI. It provides information on determining which services or protocols can access which of the NWA1121-NI’s interfaces. Remote Management allows a user to administrate the device over the network.
Chapter 9 System • Use the Telnet screen to configure through which interface(s) and from which IP address(es) you can use Telnet to manage the NWA1121-NI. A Telnet connection is prioritized by the NWA1121-NI over other remote management sessions (see Section 9.6 on page 106). • Use the SNMP screen to configure through which interface(s) and from which IP address(es) a network systems manager can access the NWA1121-NI (see Section 9.7 on page 107).
Chapter 9 System The next figure illustrates an SNMP management operation. Figure 47 SNMP Management Mode An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the NWA1121-NI). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions.
Chapter 9 System • You may only have one remote management session running at one time. The NWA1121-NI automatically disconnects a remote management session of lower priority when another remote management session of higher priority starts. The priorities for the different types of remote management sessions are as follows: 1 Telnet 2 HTTP Certificate A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication.
Chapter 9 System To change your NWA1121-NI’s WWW settings, click System > WWW. The following screen shows. Figure 49 System > WWW The following table describes the labels in this screen. Table 30 System > WWW LABEL DESCRIPTION WWW HTTP Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. HTTPS Port The HTTPS proxy server listens on port 443 by default.
Chapter 9 System Click System > Certificates. The following screen shows. Figure 50 System > Certificates The following table describes the labels in this screen. Table 31 System > Certificates LABEL DESCRIPTION Import Certificate Import Certificate Enter the location of a previously-saved certificate to upload to the NWA1121-NI. Alternatively, click the Browse button to locate a list. Browse Click this button to locate a previously-saved certificate to upload to the NWA1121-NI.
Chapter 9 System The following table describes the labels in this screen. Table 32 System > Telnet LABEL DESCRIPTION TELNET Port You can change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Server Access Select the interface(s) through which a computer may access the NWA1121-NI using Telnet and to which the IP and MAC filtering rules you specified below are applied.
Chapter 9 System manager. To change your NWA1121-NI’s SNMP settings, click System > SNMP. The following screen displays. Figure 52 System > SNMP The following table describes the labels in this screen. Table 33 System > SNMP LABEL DESCRIPTION SNMP Port 108 You can change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
Chapter 9 System Table 33 System > SNMP (continued) LABEL DESCRIPTION Server Access Select the interface(s) through which a computer may access the NWA1121-NI using SNMP and to which the IP and MAC filtering rules you specified below are applied. Otherwise, select Disable to allow any computer to access the NWA1121-NI through any interface using SNMP. Secured Client IP Address A secured client is a “trusted” computer that is allowed to communicate with the NWA1121-NI using this service.
Chapter 9 System Table 33 System > SNMP (continued) LABEL DESCRIPTION SNMPv3 User Settings SNMPv3 User Select the check box to enable the SNMP user account for authentication with SNMP managers using SNMP v3. User Name Specify the user name of the SNMP user account. Password Enter the password for SNMP user authentication. Confirm Password Retype the password for confirmation. Access Type Specify the SNMP user’s access rights to MIBs.
Chapter 9 System The following table describes the labels in this screen. Table 34 System > FTP LABEL DESCRIPTION FTP Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Server Access Select the interface(s) through which a computer may access the NWA1121-NI using this service and to which the IP and MAC filtering rules you specified below are applied.
Chapter 9 System 9.9.2 Supported MIBs The NWA1121-NI supports MIB II that is defined in RFC-1213 and RFC-1215 as well as the proprietary ZyXEL private MIB. The purpose of the MIBs is to let administrators collect statistical data and monitor status and performance. 9.9.3 Private-Public Certificates When using public-key cryptology for authentication, each host has two keys. One key is public and can be made openly available. The other key is private and must be kept secure.
Chapter 9 System 2 Make sure that the certificate has a “.cer” or “.crt” file name extension. Figure 54 Certificates on Your Computer 3 Double-click the certificate’s icon to open the Certificate window. Click the Details tab and scroll down to the Thumbprint Algorithm and Thumbprint fields. Figure 55 Certificate Details 4 Use a secure method to verify that the certificate owner has the same information in the Thumbprint Algorithm and Thumbprint fields.
Chapter 9 System 114 NWA1121-NI User’s Guide
C HAPTER 10 Log Settings 10.1 Overview This chapter provides information on viewing and generating logs on your NWA1121-NI. Logs are files that contain recorded network activity over a set period. They are used by administrators to monitor the health of the system(s) they are managing. Logs enable administrators to effectively monitor events, errors, progress, etc. so that when network problems or system failures occur, the cause or origin can be traced.
Chapter 10 Log Settings 10.3 What You Need To Know Alerts and Logs An alert is a type of log that warrants more serious attention. Some categories such as System Error consist of both logs and alerts. You can differentiate them by their color in the Monitor > Logs screen. Alerts are displayed in red and logs are displayed in black.
Chapter 10 Log Settings To change your NWA1121-NI’s log settings, click Configuration > Log Settings. The screen appears as shown. Figure 57 Log Settings The following table describes the labels in this screen. Table 35 Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and alert messages will not be sent via e-mail.
Chapter 10 Log Settings Table 35 Log Settings (continued) LABEL DESCRIPTION SMTP Authentication SMTP (Simple Mail Transfer Protocol) is the message-exchange standard for the Internet. Select the check box to activate SMTP authentication. If mail server authentication is needed but this feature is disabled, you will not receive the e-mail logs. If you use SMTP authentication, the mail receiver should be the owner of the SMTP account.
C HAPTER 11 Maintenance 11.1 Overview This chapter describes the maintenance screens. It discusses how you can upload new firmware, manage configuration and restart your NWA1121-NI without turning it off and on. This chapter provides information and instructions on how to identify and manage your NWA1121NI over the network. Figure 58 NWA1121-NI Setup In the figure above, the NWA1121-NI connects to a Domain Name Server (DNS) server to avail of a domain name.
Chapter 11 Maintenance 11.3 What You Need To Know You can find the firmware for your device at www.zyxel.com. It is a file that (usually) uses the system model name with a "*.bin" extension, for example "[Model #].bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot. 11.4 General Screen Use the General screen to identify your NWA1121-NI over the network. Click Maintenance > General. The following screen displays.
Chapter 11 Maintenance 11.5 Password Screen Use this screen to control access to your NWA1121-NI by assigning a password to it. Click Maintenance > Password. The following screen displays. Figure 60 Maintenance > Password The following table describes the labels in this screen. Table 37 Maintenance > Password LABEL DESCRIPTIONS Current Password Type in your existing system password. New Password Type your new system password. Note that as you type a password, the screen displays a dot (.
Chapter 11 Maintenance 11.6 Time Screen Use this screen to change your NWA1121-NI’s time and date, click Maintenance > Time. The following screen displays. Figure 61 Maintenance > Time The following table describes the labels in this screen. Table 38 Maintenance > Time LABEL DESCRIPTION Current Time and Date Current Time This field displays the time of your NWA1121-NI. Each time you reload this page, the NWA1121-NI synchronizes the time with the time server (if configured).
Chapter 11 Maintenance 11.7 Firmware Upgrade Screen Use this screen to upload a firmware to your NWA1121-NI. Click Maintenance > Firmware Upgrade. Follow the instructions in this section to upload firmware to your NWA1121-NI. Figure 62 Maintenance > Firmware Upgrade The following table describes the labels in this screen. Table 39 Maintenance > Firmware Upgrade LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse...
Chapter 11 Maintenance 11.8 Configuration File Screen Use this screen to backup, restore and reset the configuration of your NWA1121-NI. Click Maintenance > Configuration File. The screen appears as shown next. Figure 65 Maintenance > Configuration File 11.8.1 Backup Configuration Backup configuration allows you to back up (save) the NWA1121-NI’s current configuration to a file on your computer.
Chapter 11 Maintenance The NWA1121-NI automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 66 Network Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default NWA1121-NI IP address (192.168.1.2). See Appendix A on page 131 for details on how to set up your computer’s IP address. 11.8.
Chapter 11 Maintenance Click Restart to have the NWA1121-NI reboot. This does not affect the NWA1121-NI's configuration.
C HAPTER 12 Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • NWA1121-NI Access and Login • Internet Access 12.1 Power, Hardware Connections, and LEDs The NWA1121-NI does not turn on. None of the LEDs turn on. 1 Make sure you are using the power adaptor or cord included with the NWA1121-NI.
Chapter 12 Troubleshooting 12.2 NWA1121-NI Access and Login I forgot the IP address for the NWA1121-NI. 1 The default IP address is 192.168.1.2. 2 If you changed the IP address and have forgotten it, you might get the IP address of the NWA1121NI by looking up the IP address of the default gateway for your computer. To do this in most Windows computers, click Start > Run, enter “cmd”, and then enter “ipconfig”.
Chapter 12 Troubleshooting 6 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions • Try to access the NWA1121-NI using another service, such as Telnet. If you can access the NWA1121-NI, check the remote management settings to find out why the NWA1121-NI does not respond to HTTP. • If your computer is connected wirelessly, use a computer that is connected to a LAN/Ethernet port.
Chapter 12 Troubleshooting 5 If the problem continues, contact your ISP. I cannot access the Internet anymore. I had access to the Internet (with the NWA1121-NI), but my Internet connection is not available anymore. 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.7 on page 17. 2 Reboot the NWA1121-NI. 3 If the problem continues, contact your ISP or network administrator. The Internet connection is slow or intermittent.
A PPENDIX A Setting Up Your Computer’s IP Address Note: Your specific NWA1121-NI may not support all of the operating systems described in this appendix. See the product specifications for more information about which operating systems are supported. This appendix shows you how to configure the IP settings on your computer in order for it to be able to communicate with the other devices on your network.
Appendix A Setting Up Your Computer’s IP Address 132 1 Click Start > Control Panel. 2 In the Control Panel, click the Network Connections icon. 3 Right-click Local Area Connection and then select Properties.
Appendix A Setting Up Your Computer’s IP Address 4 On the General tab, select Internet Protocol (TCP/IP) and then click Properties.
Appendix A Setting Up Your Computer’s IP Address 5 The Internet Protocol TCP/IP Properties window opens. 6 Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically. Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP.
Appendix A Setting Up Your Computer’s IP Address Windows Vista This section shows screens from Windows Vista Professional. 1 Click Start > Control Panel. 2 In the Control Panel, click the Network and Internet icon. 3 Click the Network and Sharing Center icon.
Appendix A Setting Up Your Computer’s IP Address 4 Click Manage network connections. 5 Right-click Local Area Connection and then select Properties. Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue.
Appendix A Setting Up Your Computer’s IP Address 6 Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties.
Appendix A Setting Up Your Computer’s IP Address 7 The Internet Protocol Version 4 (TCP/IPv4) Properties window opens. 8 Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically. Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP.
Appendix A Setting Up Your Computer’s IP Address Windows 7 This section shows screens from Windows 7 Enterprise. 1 Click Start > Control Panel. 2 In the Control Panel, click View network status and tasks under the Network and Internet category. 3 Click Change adapter settings.
Appendix A Setting Up Your Computer’s IP Address 4 Double click Local Area Connection and then select Properties. Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue.
Appendix A Setting Up Your Computer’s IP Address 5 Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties.
Appendix A Setting Up Your Computer’s IP Address 6 The Internet Protocol Version 4 (TCP/IPv4) Properties window opens. 7 Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically. Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP.
Appendix A Setting Up Your Computer’s IP Address 3 The IP settings are displayed as follows. Mac OS X: 10.3 and 10.4 The screens in this section are from Mac OS X 10.4 but can also apply to 10.3. 1 Click Apple > System Preferences.
Appendix A Setting Up Your Computer’s IP Address 144 2 In the System Preferences window, click the Network icon. 3 When the Network preferences pane opens, select Built-in Ethernet from the network connection type list, and then click Configure.
Appendix A Setting Up Your Computer’s IP Address 4 For dynamically assigned settings, select Using DHCP from the Configure IPv4 list in the TCP/IP tab. 5 For statically assigned settings, do the following: • From the Configure IPv4 list, select Manually. • In the IP Address field, type your IP address. • In the Subnet Mask field, type your subnet mask. • In the Router field, type the IP address of your device. 6 Click Apply Now and close the window.
Appendix A Setting Up Your Computer’s IP Address Verifying Settings Check your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then selecting the appropriate Network Interface from the Info tab. Figure 69 Mac OS X 10.4: Network Utility Mac OS X: 10.5 and 10.6 The screens in this section are from Mac OS X 10.5 but can also apply to 10.6. 1 146 Click Apple > System Preferences.
Appendix A Setting Up Your Computer’s IP Address 2 In System Preferences, click the Network icon. 3 When the Network preferences pane opens, select Ethernet from the list of available connection types. 4 From the Configure list, select Using DHCP for dynamically assigned settings.
Appendix A Setting Up Your Computer’s IP Address • From the Configure list, select Manually. • In the IP Address field, enter your IP address. • In the Subnet Mask field, enter your subnet mask. • In the Router field, enter the IP address of your NWA1121-NI. 6 148 Click Apply and close the window.
Appendix A Setting Up Your Computer’s IP Address Verifying Settings Check your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then selecting the appropriate Network interface from the Info tab. Figure 70 Mac OS X 10.5: Network Utility Linux: Ubuntu 8 (GNOME) This section shows you how to configure your computer’s TCP/IP settings in the GNU Object Model Environment (GNOME) using the Ubuntu 8 Linux distribution.
Appendix A Setting Up Your Computer’s IP Address 150 2 When the Network Settings window opens, click Unlock to open the Authenticate window. (By default, the Unlock button is greyed out until clicked.) You cannot make changes to your configuration unless you first enter your admin password. 3 In the Authenticate window, enter your admin account name and password then click the Authenticate button.
Appendix A Setting Up Your Computer’s IP Address 4 In the Network Settings window, select the connection that you want to configure, then click Properties. 5 The Properties dialog box opens. • In the Configuration list, select Automatic Configuration (DHCP) if you have a dynamic IP address. • In the Configuration list, select Static IP address if you have a static IP address. Fill in the IP address, Subnet mask, and Gateway address fields.
Appendix A Setting Up Your Computer’s IP Address 152 7 If you know your DNS server IP address(es), click the DNS tab in the Network Settings window and then enter the DNS server information in the fields provided. 8 Click the Close button to apply the changes.
Appendix A Setting Up Your Computer’s IP Address Verifying Settings Check your TCP/IP properties by clicking System > Administration > Network Tools, and then selecting the appropriate Network device from the Devices tab. The Interface Statistics column shows data if your connection is working properly. Figure 71 Ubuntu 8: Network Tools Linux: openSUSE 10.3 (KDE) This section shows you how to configure your computer’s TCP/IP settings in the K Desktop Environment (KDE) using the openSUSE 10.
Appendix A Setting Up Your Computer’s IP Address 154 1 Click K Menu > Computer > Administrator Settings (YaST). 2 When the Run as Root - KDE su dialog opens, enter the admin password and click OK.
Appendix A Setting Up Your Computer’s IP Address 3 When the YaST Control Center window opens, select Network Devices and then click the Network Card icon. 4 When the Network Settings window opens, click the Overview tab, select the appropriate connection Name from the list, and then click the Configure button.
Appendix A Setting Up Your Computer’s IP Address 5 When the Network Card Setup window opens, click the Address tab Figure 72 openSUSE 10.3: Network Card Setup 6 Select Dynamic Address (DHCP) if you have a dynamic IP address. Select Statically assigned IP Address if you have a static IP address. Fill in the IP address, Subnet mask, and Hostname fields. 7 156 Click Next to save the changes and close the Network Card Setup window.
Appendix A Setting Up Your Computer’s IP Address 8 If you know your DNS server IP address(es), click the Hostname/DNS tab in Network Settings and then enter the DNS server information in the fields provided. 9 Click Finish to save your settings and close the window. Verifying Settings Click the KNetwork Manager icon on the Task bar to check your TCP/IP properties. From the Options sub-menu, select Show Connection Information. Figure 73 openSUSE 10.
Appendix A Setting Up Your Computer’s IP Address When the Connection Status - KNetwork Manager window opens, click the Statistics tab to see if your connection is working properly.
A PPENDIX B Pop-up Windows, JavaScript and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScript (enabled by default). • Java permissions (enabled by default). Note: The screens used below belong to Internet Explorer version 6, 7 and 8. Screens for other Internet Explorer versions may vary. Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device.
Appendix B Pop-up Windows, JavaScript and Java Permissions 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 76 Internet Options: Privacy 3 Click Apply to save this setting. Enable Pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 160 In Internet Explorer, select Tools, Internet Options and then the Privacy tab.
Appendix B Pop-up Windows, JavaScript and Java Permissions 2 Select Settings…to open the Pop-up Blocker Settings screen. Figure 77 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1.
Appendix B Pop-up Windows, JavaScript and Java Permissions 4 Click Add to move the IP address to the list of Allowed sites. Figure 78 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScript If pages of the web configurator do not display properly in Internet Explorer, check that JavaScript are allowed.
Appendix B Pop-up Windows, JavaScript and Java Permissions 1 In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 79 Internet Options: Security 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default).
Appendix B Pop-up Windows, JavaScript and Java Permissions 6 Click OK to close the window. Figure 80 Security Settings - Java Scripting Java Permissions 164 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected.
Appendix B Pop-up Windows, JavaScript and Java Permissions 5 Click OK to close the window. Figure 81 Security Settings - Java JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for
Appendix B Pop-up Windows, JavaScript and Java Permissions 3 Click OK to close the window. Figure 82 Java (Sun) Mozilla Firefox Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary slightly. The steps below apply to Mozilla Firefox 3.0 as well. You can enable Java, Javascript and pop-ups in one screen. Click Tools, then click Options in the screen that appears.
Appendix B Pop-up Windows, JavaScript and Java Permissions Click Content to show the screen below. Select the check boxes as shown in the following screen. Figure 84 Mozilla Firefox Content Security Opera Opera 10 screens are used here. Screens for other versions may vary slightly.
Appendix B Pop-up Windows, JavaScript and Java Permissions Allowing Pop-Ups From Opera, click Tools, then Preferences. In the General tab, go to Choose how you prefer to handle pop-ups and select Open all pop-ups. Figure 85 Opera: Allowing Pop-Ups Enabling Java From Opera, click Tools, then Preferences. In the Advanced tab, select Content from the leftside menu. Select the check boxes as shown in the following screen.
Appendix B Pop-up Windows, JavaScript and Java Permissions To customize JavaScript behavior in the Opera browser, click JavaScript Options. Figure 87 Opera: JavaScript Options Select the items you want Opera’s JavaScript to apply.
Appendix B Pop-up Windows, JavaScript and Java Permissions 170 NWA1121-NI User’s Guide
A PPENDIX C IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts. Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks.
Appendix C IP Addresses and Subnetting The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. Figure 88 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask.
Appendix C IP Addresses and Subnetting Subnet masks can be referred to by the size of the network number part (the bits with a “1” value). For example, an “8-bit mask” means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes. Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks.
Appendix C IP Addresses and Subnetting The following table shows some possible subnet masks using both notations. Table 44 Alternative Subnet Mask Notation SUBNET MASK ALTERNATIVE NOTATION LAST OCTET (BINARY) LAST OCTET (DECIMAL) 255.255.255.0 /24 0000 0000 0 255.255.255.128 /25 1000 0000 128 255.255.255.192 /26 1100 0000 192 255.255.255.224 /27 1110 0000 224 255.255.255.240 /28 1111 0000 240 255.255.255.248 /29 1111 1000 248 255.255.255.
Appendix C IP Addresses and Subnetting The following figure shows the company network after subnetting. There are now two subnetworks, A and B. Figure 90 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 27 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address). 192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127 with mask 255.255.255.
Appendix C IP Addresses and Subnetting Table 45 Subnet 1 (continued) IP/SUBNET MASK NETWORK NUMBER Subnet Address: 192.168.1.0 Lowest Host ID: 192.168.1.1 Broadcast Address: 192.168.1.63 Highest Host ID: 192.168.1.62 LAST OCTET BIT VALUE Table 46 Subnet 2 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 64 IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.
Appendix C IP Addresses and Subnetting The following table shows IP address last octet values for each subnet. Table 49 Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS 1 0 1 30 31 2 32 33 62 63 3 64 65 94 95 4 96 97 126 127 5 128 129 158 159 6 160 161 190 191 7 192 193 222 223 8 224 225 254 255 Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number.
Appendix C IP Addresses and Subnetting Table 51 16-bit Network Number Subnet Planning (continued) NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 13 255.255.255.248 (/29) 8192 6 14 255.255.255.252 (/30) 16384 2 15 255.255.255.254 (/31) 32768 1 Configuring IP Addresses Where you obtain your network number depends on your particular situation.
A PPENDIX D Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS).
Appendix D Wireless LANs disabled, wireless client A and B can still access the wired network but cannot communicate with each other. Figure 92 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN.
Appendix D Wireless LANs An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless clients within the same ESS must have the same ESSID in order to communicate. Figure 93 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by wireless devices to transmit and receive data. Channels available depend on your geographical area.
Appendix D Wireless LANs cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other. Figure 94 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
Appendix D Wireless LANs If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Preamble Type Preamble is used to signal that data is coming to the receiver. Short and long refer to the length of the synchronization field in a packet.
Appendix D Wireless LANs The following figure shows the relative effectiveness of these wireless security methods available on your NWA1121-NI. Table 53 Wireless Security Levels SECURITY LEVEL Least Secure SECURITY TYPE Unique SSID (Default) Unique SSID with Hide SSID Enabled MAC Address Filtering WEP Encryption IEEE802.
Appendix D Wireless LANs RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server. Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication: • Access-Request Sent by an access point requesting authentication. • Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access.
Appendix D Wireless LANs EAP-MD5 (Message-Digest Algorithm 5) MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless client. The wireless client ‘proves’ that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text. However, MD5 authentication has some weaknesses.
Appendix D Wireless LANs If this feature is enabled, it is not necessary to configure a default encryption key in the wireless security configuration screen. You may still configure and store keys, but they will not be used while dynamic WEP is enabled. Note: EAP-MD5 cannot be used with Dynamic WEP Key Exchange For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption.
Appendix D Wireless LANs called Rijndael. They both include a per-packet key mixing function, a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. WPA and WPA2 regularly change and rotate the encryption keys so that the same encryption key is never used twice.
Appendix D Wireless LANs WPA(2) with RADIUS Application Example To set up WPA(2), you need the IP address of the RADIUS server, its port number (default is 1812), and the RADIUS shared secret. A WPA(2) application example with an external RADIUS server looks as follows. "A" is the RADIUS server. "DS" is the distribution system. 1 The AP passes the wireless client's authentication request to the RADIUS server.
Appendix D Wireless LANs 4 The AP and wireless clients use the TKIP or AES encryption process, the PMK and information exchanged in a handshake to create temporal encryption keys. They use these keys to encrypt data exchanged between them. Figure 96 WPA(2)-PSK Authentication Security Parameters Summary Refer to this table to see what other security parameters you should configure for each authentication method or key management protocol type.
Appendix D Wireless LANs Positioning the antennas properly increases the range and coverage area of a wireless LAN. Antenna Characteristics Frequency An antenna in the frequency of 2.4GHz or 5GHz is needed to communicate efficiently in a wireless LAN Radiation Pattern A radiation pattern is a diagram that allows you to visualize the shape of the antenna’s coverage area. Antenna Gain Antenna gain, measured in dB (decibel), is the increase in coverage within the RF beam width.
Appendix D Wireless LANs For directional antennas, point the antenna in the direction of the desired coverage area.
A PPENDIX E Legal Information Copyright Copyright © 2012 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
Appendix E Legal Information If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures: 1 Reorient or relocate the receiving antenna. 2 Increase the separation between the equipment and the receiver. 3 Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
Appendix E Legal Information IC Radiation Exposure Statement This equipment complies with IC radiation exposure limits set forth for an uncontrolled environment. End users must follow the specific operating instructions for satisfying RF exposure compliance.
Appendix E Legal Information components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL.
Appendix E Legal Information [Estonian] Käesolevaga kinnitab ZyXEL seadme seadmed vastavust direktiivi 1999/5/EÜ põhinõuetele ja nimetatud direktiivist tulenevatele teistele asjakohastele sätetele. English Hereby, ZyXEL declares that this equipment is in compliance with the essential requirements and other relevant provisions of Directive 1999/5/EC.
Appendix E Legal Information Ce produit peut être utilisé dans tous les pays de l’UE (et dans tous les pays ayant transposés la directive 1999/5/CE) sans aucune limitation, excepté pour les pays mentionnés ci-dessous: Questo prodotto è utilizzabile in tutte i paesi EU (ed in tutti gli altri paesi che seguono le direttive EU 1999/5/EC) senza nessuna limitazione, eccetto per i paesii menzionati di seguito: Das Produkt kann in allen EU Staaten ohne Einschränkungen eingesetzt werden (sowie in anderen Staaten d
Appendix E Legal Information Pour la bande 2.4 GHz, la puissance est limitée à 10 mW en p.i.r.e. pour les équipements utilisés en extérieur dans la bande 2454 - 2483.5 MHz. Il n'y a pas de restrictions pour des utilisations en intérieur ou dans d'autres parties de la bande 2.4 GHz. Consultez http://www.arcep.fr/ pour de plus amples détails. R&TTE 1999/5/EC WLAN 2.4 – 2.4835 GHz IEEE 802.11 b/g/n Location Frequency Range(GHz) Power (EIRP) Indoor (No restrictions) 2.4 – 2.4835 100mW (20dBm) Outdoor 2.
Appendix E Legal Information • Place connecting cables carefully so that no one will step on them or stumble over them. • Always disconnect all cables from this device before servicing or disassembling. • Use ONLY an appropriate power adaptor or cord for your device. Connect it to the right supply voltage (for example, 110V AC in North America or 230V AC in Europe). • Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord.
Index Index Numbers BSS 11, 12, 56, 179 802.1x-Only 58 802.1x-Static128 58 C 802.1x-Static64 58 CA 186 A access privileges 12 Accounting Server 88 Certificate authentication 104 file format 104 Certificate Authority See CA. Alerts 116 Certificates Fingerprint 112 MD5 112 public key 104 SHA1 112 Alternative subnet mask notation 174 Certification Authority 112 Antenna 92 certifications 193 notices 195 viewing 195 Advanced Encryption Standard See AES.
Index E IEEE 802.11g 183 EAP 59 Import Certificate 106 EAP Authentication 185 Encryption 59, 76, 80, 83, 85 Independent Basic Service Set See IBSS 179 encryption 14, 187 initialization vector (IV) 188 ESS 56, 180 Internet Assigned Numbers Authority See IANA Ethernet device 89 Extended Service Set 56 Extended Service Set, See ESS 180 Extensible Authentication Protocol 59 IEEE 802.
Index Syslog 118 Logs, Uses of 115 Password 128 PEAP 59 Personal Information Exchange Syntax Standard 104 M MAC Filter Allow Association 89 Deny Association 89 Maintenance 119 Association List 120 Backup 124 Restore 124 Management Information Base (MIB) 111 managing the device good habits 16 MBSSID 11 Media Access Control 89 Message Integrity Check (MIC) 187 message relay 60 PFX PKCS#12 104 Preamble 91 preamble mode 183 Preamble Type 63, 66, 68, 71 Pre-Shared Key 59 priorities 92 product registration 19
Index RootAP 14 subnetting 174 RTS (Request To Send) 182 threshold 181, 182 Syslog Logging 116 RTS/CTS Threshold 63, 66, 68, 71, 91 S System Screens General 120 Password 121 Time Time and Date Setup 122 Time Zone 122 Security Mode, Choosing the 93 Security Modes 802.1x-Static64 58 IEEE 802.1x-Only 58 IEEE 802.1x-Static128 58 IEEE 802.
Index VoIP 12, 73 Intra-BSS Traffic 91 Operating Mode 56 Preamble 91 Roaming 92 RTS/CTS Threshold 91 SSID 56 Wireless Client Mode 67 Wireless Mode 57 WMM QoS 91 W warranty 195 note 196 WDS 14 Web Configurator 19 password 19 WEP 58 WLAN interference 181 security parameters 190 WEP key encrypting 93 WMM 73 Wi-Fi Multimedia QoS 92 WMM QoS 91 Wi-Fi Protected Access 58, 187 WPA 58, 187 key caching 188 pre-authentication 188 user authentication 188 vs WPA-PSK 188 wireless client supplicant 188 with RADI
Index 206 NWA1121-NI User’s Guide
