ZyXEL Communications NWA-3500 manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation ZyXEL Communications NWA-3500. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel ZyXEL Communications NWA-3500 ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation ZyXEL Communications NWA-3500 décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation ZyXEL Communications NWA-3500 devrait contenir:
- informations sur les caractéristiques techniques du dispositif ZyXEL Communications NWA-3500
- nom du fabricant et année de fabrication ZyXEL Communications NWA-3500
- instructions d'utilisation, de réglage et d’entretien de l'équipement ZyXEL Communications NWA-3500
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage ZyXEL Communications NWA-3500 ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles ZyXEL Communications NWA-3500 et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service ZyXEL Communications en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées ZyXEL Communications NWA-3500, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif ZyXEL Communications NWA-3500, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation ZyXEL Communications NWA-3500. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    www .zyxel.com www .zyxel.com NW A-3500/NW A-3550 802.1 1a/g Dual Radio Wireless Business AP 802.1 1a/g Dual Radio Outdoor WLAN Business AP Copyright © 2009 ZyXEL Communications Corporation Firmware V ersion 3.7 Edition 1, 1/2009 Default Login Details IP Address http://192.168.1.2 Pa ss wo rd 12 34[...]

  • Page 2

    [...]

  • Page 3

    About This User's Guide NWA-3500/NWA-3550 User’s Guide 3 About This User's Guide Intended Audience This manual is intended for people who want to configure the NW A using the web configurator . Y ou should have at least a basi c knowledge of TCP/IP netw orking concepts and topology . Related Document ation •Q u i c k S t a r t G u i d[...]

  • Page 4

    About This User's Guide NWA-3500/NWA-3550 User’s Guide 4 Customer Support In the event of probl ems that cannot be solved by using t his manua l, you s hould contact your vendor . If y ou canno t cont act your vendor , then contact a Z yXEL office for the region in wh ich you bought the dev ice. See http:/ /www.zyxel.com/ web/contact_us.php [...]

  • Page 5

    Document Conventions NWA-3500/NWA-3550 User’s Guide 5 Document Conventions W arnings and Notes These are how warnings and notes are shown in this User’ s Guide. W arnings tell you about things th at could harm you or your NW A. Note: Notes tell you other import ant informat ion (for e xample, other things you may need to configure or help ful t[...]

  • Page 6

    Document Conventions NWA-3500/NWA-3550 User’s Guide 6 Icons Used in Figures Figures in this User’ s Guide ma y use the following generic icons. The NW A icon is not an exact representation of y our NW A. T able 1 Common Icons NWA Computer Notebook Server Printer T elephone Switch R outer Internet Cloud Firewall DSLAM Wireless Signal[...]

  • Page 7

    Safety Warnings NWA-3500/NWA-3550 User’s Guide 7 Safety Warnings • Do NO T use this product near water , for exam ple, in a wet basement or near a swimming pool. • Do NO T expose your device to dampness, dust or corrosive liquids. • Do NO T store things on the device. • Do NOT install, use, or service this device during a thunderstorm. Th[...]

  • Page 8

    Safety Warnings NWA-3500/NWA-3550 User’s Guide 8[...]

  • Page 9

    Contents Overview NWA-3500/NWA-3550 User’s Guide 9 Contents Overview Introduction .......................................... ..................................................... ................... .......... 21 Introducing the NWA ........... ................ ................ ............. ................ ................ ................ ... [...]

  • Page 10

    Contents Overview NWA-3500/NWA-3550 User’s Guide 10[...]

  • Page 11

    Table of Contents NWA-3500/NWA-3550 User’s Guide 11 Table of Contents About This User's Guide ........................................... ............................................................. .. 3 Document Conventions.................................................................. ......................................... .5 Safety[...]

  • Page 12

    Table of Contents NWA-3500/NWA-3550 User’s Guide 12 Chapter 3 St atus Screens ........................... ................................................................ ...................... ....... 39 3.1 The S tatus Screen ........................ ............. ................ ................ ............. ................ ....... ...... 4[...]

  • Page 13

    Table of Contents NWA-3500/NWA-3550 User’s Guide 13 6.2.2.2 Activ ate the V oIP Profile .................. ................. ............ ................. . 77 6.2.3 Configure the Guest Network . ............. ................ ................ ................ ............. .......... 77 6.2.3.1 Set Up Security for the Guest P rofile ...........[...]

  • Page 14

    Table of Contents NWA-3500/NWA-3550 User’s Guide 14 7.5 Configuring the Pass word ............... ............. ................ ............. ................ ................ ......... 11 3 7.6 Configuring Time Setting .......... ................ ............. ................ ................ ................ .......... ..1 16 7.7 T echnical R[...]

  • Page 15

    Table of Contents NWA-3500/NWA-3550 User’s Guide 15 10.1 Overview ........... ................ ............. ................ ................ ............. ................ ............ ......... 1 47 10.2 What Y ou Can Do in the Security Screen ......... ................. ................ ................ ............. . 147 10.3 What Y o u Nee[...]

  • Page 16

    Table of Contents NWA-3500/NWA-3550 User’s Guide 16 14.5.1 W AN IP Address Assignment ............... ............. ............. ................ ............. ........... 177 Chapter 15 Rogue AP Detection ............................. ............................................................... ................. 17 9 15.1 Overview ..........[...]

  • Page 17

    Table of Contents NWA-3500/NWA-3550 User’s Guide 17 18.4.3 My Certificates Details Screen ............. ................ ................ ............. ................ ..... 214 18.5 T rusted CAs Screen ...................... ................ ............. ................ ................ ............. ....... .2 1 8 18.5.1 T rusted CAs Import [...]

  • Page 18

    Table of Contents NWA-3500/NWA-3550 User’s Guide 18 21.2 The Load Bala nc ing Screen ............. ............. ................ ............. ................ ................ ..... 257 21.2.1 Disassociating and Delaying Connection s ..... ............. ................ ............. .............. 258 Chapter 22 Dynamic Channel Selection .....[...]

  • Page 19

    Table of Contents NWA-3500/NWA-3550 User’s Guide 19 Appendix C Pop-up Win dows, JavaScripts and Java Permissions ...................................... 335 Appendix D Importing Certificates ....................................... ................................................. 343 Appendix E IP Addresses a nd Subnetting ..... ..................[...]

  • Page 20

    Table of Contents NWA-3500/NWA-3550 User’s Guide 20[...]

  • Page 21

    21 P ART I Introduction Introducing the NWA (23) Introducing the W eb Configur ator (35) Status Screens (39) Management Mode (47) T utorial (67)[...]

  • Page 22

    22[...]

  • Page 23

    NWA-3500/NWA-3550 User’s Guide 23 C HAPTER 1 Introducing the NWA This chapter introduces the main applications and features of the NWA. It also introduces the wa ys you can manage the NWA. 1.1 Introducing the NW A Y our NWA extends the range of y our exis ting wired network without additi onal wiring, providing easy net work access to mobile user[...]

  • Page 24

    Chapter 1 Introducing the NWA NWA-3500/NWA-3550 User’s Guide 24 • Access P oint ( AP) • Bridge/R epeater •A P + B r i d g e •M B S S I D Applications for each oper ating mode are shown below . Note: A different channel should be configured for each WLAN interface to reduce the effect s of radio interference. 1.2.1 Access Point The NWA i s[...]

  • Page 25

    Chapter 1 In troducing the NWA NWA-3500/NWA-3550 User’s Guide 25 When the NWA is in Bridge / Repeater mode, security between APs (the Wireless Distribution System or WDS) is independent of the security between the wireless stations and the AP . If yo u do not enable WDS securit y , traffic between APs is not encrypted. When WDS security is enab l[...]

  • Page 26

    Chapter 1 Introducing the NWA NWA-3500/NWA-3550 User’s Guide 26 In the figure below , A and B us e X as an AP to access the wired network, while X and Y communicate in bridge mode. When the NWA is in AP + Bridge mode, security between APs (the Wireless Distribution Syst em or WDS) is independ ent of the security between the wireless stations and [...]

  • Page 27

    Chapter 1 In troducing the NWA NWA-3500/NWA-3550 User’s Guide 27 T o the wireless clients in the network, ea ch SSID appears to be a different access point. As in any wireless network, clients can associate only with the S SIDs for which they have the correct security settings. For example, you might w ant to set up a wireless network in your off[...]

  • Page 28

    Chapter 1 Introducing the NWA NWA-3500/NWA-3550 User’s Guide 28 2 Guest_SSID . This profile is int ended for use by visitors and others who req uire access to certain resources on the netw ork (an Internet gatewa y or a network printer , fo r example) but must not have a ccess to the rest of the network. Lay er 2 isolation is enabled (s ee Sectio[...]

  • Page 29

    Chapter 1 In troducing the NWA NWA-3500/NWA-3550 User’s Guide 29 Z yXEL ’s CAPW AP allows a single access point to manage up to eight other access points. The managed APs receive all their confi guration information from the controller AP . The CAPWAP dataflow is protected by DTLS (Datagr am T ransport Layer Security). At the time of writing, t[...]

  • Page 30

    Chapter 1 Introducing the NWA NWA-3500/NWA-3550 User’s Guide 30 • SMT . System Management T erminal is a text -based configur ation menu that y ou can use to configure your device. Use T elnet to access the SMT . • FTP . File T ransfer Protocol for firmware upgr ades and configurati on backup and restore. • SNMP . The device can be monitore[...]

  • Page 31

    Chapter 1 In troducing the NWA NWA-3500/NWA-3550 User’s Guide 31 • Enable wireless securit y on your NW A. Choose the most secure encryption method that all devices on your network support. See Section 10.4 on page 150 for directions on configur ing en cryption. If you have a RADIUS server , enable IEEE 802.1x or WP A(2) user identification on [...]

  • Page 32

    Chapter 1 Introducing the NWA NWA-3500/NWA-3550 User’s Guide 32 1.8 LEDs This section applies to the NW A-3500 only . Figure 8 LEDs T able 3 LEDs LABEL LED COLOR STATUS DESCRIPTION 1 WL1 Green On The wireless adaptor WLAN1 is active. Blinking The wireless adaptor WLAN1 is active, and transmitting or receiving data. Off The wireless adaptor WLAN1 [...]

  • Page 33

    Chapter 1 In troducing the NWA NWA-3500/NWA-3550 User’s Guide 33 2 WDS/SYS Green On The NWA is in AP + Bridge or Bridge/ Repeater mode, and has successfully established a Wireless Distribution System (WDS) connection. Red Flashing The NWA is starting up. Off Either The NW A is in Access Point or MBSSID mode and is functioning normally . The NW A [...]

  • Page 34

    Chapter 1 Introducing the NWA NWA-3500/NWA-3550 User’s Guide 34[...]

  • Page 35

    NWA-3500/NWA-3550 User’s Guide 35 C HAPTER 2 Introducing the Web Configurator This chapter describes how to access the NWA’ s web configurator and provides an overview of its screens. 2.1 Accessing the W eb Configurator 1 Make sur e you r ha rdwar e is pro per ly connected and prepare your computer or computer network to connect to the NW A ( r[...]

  • Page 36

    Chapter 2 Introducing the Web Configur ator NWA-3500/NWA-3550 User’s Guide 36 Note: If you do not change the password, the following screen appears every time you login. Figure 9 Change Password Screen 6 Click Apply in the Replace Certificate screen to create a certificate using y our NWA’ s MAC address that will be specific to this device. Fig[...]

  • Page 37

    Chapter 2 Introducing the Web Configurator NWA-3500/NWA-3550 User’s Guide 37 2.2 Resetting the NW A This replaces the current configur ation fi le with the factory -default configur ation file. This means that you will lose all th e settings you previously configured. The password will be reset t o 1234. 2.2.1 Methods of Restoring Factory-Default[...]

  • Page 38

    Chapter 2 Introducing the Web Configur ator NWA-3500/NWA-3550 User’s Guide 38 • Check the status bar at the bottom of the screen when you click Apply or OK to verify that the c onfiguration has been updated. Figure 1 1 The S tatus Screen of the W eb Configurator • Click the links on the left of the screen to configure advanced features such a[...]

  • Page 39

    NWA-3500/NWA-3550 User’s Guide 39 C HAPTER 3 Status Screens The Status screen di splays when you log into the NWA, or click STATUS in the navigation menu. Use the Status screens to look at the current status of the device, sys tem resources, interfaces and SSID status. The Status screen also provides detailed information about associat ed wireles[...]

  • Page 40

    Chapter 3 Sta tus Screens NWA-3500/NWA-3550 User’s Guide 40 3.1 The S t atus Screen Cluck Status . The following screen displays. The Status screen v aries slightly depending on the NWA’ s management mode you configured in the MGMT MODE screen. The NWA works as a standalone AP by default. Figure 12 The S tatus Screen (S tandalone AP) Figure 13 [...]

  • Page 41

    Chapter 3 Status Screens NWA-3500/NWA-3550 User’s Guide 41 System Information System Name This field displays the NW A system name. It is used for identification. Y ou can change this in the System > General screen’ s System Name field. Model This field displays the NW A’s exact model name. Firmware V ersion This field displays the current[...]

  • Page 42

    Chapter 3 Sta tus Screens NWA-3500/NWA-3550 User’s Guide 42 R egistration T ype This field is av ailable only when the NWA is in AP controller management mode. This displays Manual when an access point in managed AP mode needs to register to the NW A manually or Always Accept when the NW A automatically adds any detected access point in managed A[...]

  • Page 43

    Chapter 3 Status Screens NWA-3500/NWA-3550 User’s Guide 43 SSID This field displays the SSID(s) currently used by each wireless module. BSSID This field displays the MAC address of the wireless adaptor . Security This field displays the type of wireless security used by each S SID. V L A N T h i s f i e l d d i s p l a y s t h e V L A N I D o f e[...]

  • Page 44

    Chapter 3 Sta tus Screens NWA-3500/NWA-3550 User’s Guide 44 3.1.1 AP List Click the AP List link the Status screen when the NW A is in AP controller management mode. Figure 14 S tatus > AP List The following table describes t he labels in this screen. Show Statistics This link is not available when the NWA is in AP controller management mode. [...]

  • Page 45

    Chapter 3 Status Screens NWA-3500/NWA-3550 User’s Guide 45 3.1.2 AP S t atistics Click the AP Statistics link the Status screen when the NW A is in AP controller management mode. Figure 15 S tatus > AP S tatistics The following table describes t he labels in this screen. Channel ID This is the channel ID number used by each wireless module on [...]

  • Page 46

    Chapter 3 Sta tus Screens NWA-3500/NWA-3550 User’s Guide 46 3.1.3 SSID Information Click the SSID Information link the Status screen when the NWA is in AP controller management mode . Figure 16 S tatus > SSID Information The following table describes t he labels in this screen. T able 7 Status > SSID Information LABEL DESCRIPTION SSI D Secu[...]

  • Page 47

    NWA-3500/NWA-3550 User’s Guide 47 C HAPTER 4 Management Mode This chapter discusses the MGNT MODE (Management Mode) screen. This screen determines whether the NW A is used in i ts default standalone AP mode or as part of a CAPWAP (Control An d Provisioni ng of Wireless Access Points) network. 4.1 About CAPW AP The NWA support s CAPWAP (Control An[...]

  • Page 48

    Chapter 4 Manage ment Mode NWA-3500/NWA-3550 User’s Guide 48 4.1.1 CAPW AP Discovery and Management The link between CAPWAP-enabled a ccess points proceeds as follows: 1 An AP in managed AP mode joins a wi red network (receives a d ynamic IP address). 2 The AP sends out a management request, looking for an AP in CAPW AP AP controller mode. 3 If t[...]

  • Page 49

    Chapter 4 Manag ement Mode NWA-3500/NWA-3550 User’s Guide 49 DHCP Option 43 allows the CAPWAP management request (from the AP in managed AP mode) to reach th e AP control ler in a diff erent subnet, as shown in the following figure . Figure 18 CAPW AP and DHCP Option 43 4.1.4 Notes on CAPW AP This section lists some additional features of Z yXEL [...]

  • Page 50

    Chapter 4 Manage ment Mode NWA-3500/NWA-3550 User’s Guide 50 Click MGNT MODE in the NW A’ s navigation menu . The following screen displa ys. Figure 19 The Ma nagement Mode Screen The following table describes t he labels in this screen. T able 8 The Management Mode Screen LABEL DESCRIPTION AP Controller Select this to manage ot her APs (in Man[...]

  • Page 51

    Chapter 4 Manag ement Mode NWA-3500/NWA-3550 User’s Guide 51 Manual AP Controller IP Check this is you know the IP address of the controller AP that you w ant to manage this AP . • Primary AP Controller IP - Enter the IP address of the primary controller AP . • Secondary AP Controller IP - Enter the IP address of the secondary controller AP .[...]

  • Page 52

    Chapter 4 Manage ment Mode NWA-3500/NWA-3550 User’s Guide 52[...]

  • Page 53

    NWA-3500/NWA-3550 User’s Guide 53 C HAPTER 5 Controller AP Mode 5.1 Overview This chapter discusses the Controller AP management mode. When the NW A is used as a CAPW AP (Control And Pro visioning of Wireless Access P oints) controll er AP , the We b Configurator changes to reflect this by including the Controller and Profile Edit screens. Ref e [...]

  • Page 54

    Chapter 5 C ontroller AP Mo de NWA-3500/NWA-3550 User’s Guide 54 In the figure below , an administr ator is ab le to manage t he security settings of 5 APs (1 controller AP and 4 managed APs ). He changes the s ecurity mode to WP A- PSK just by accessing the W eb Configurator of the controller AP ( C ). Figure 20 CAPW AP Controller Note: Be caref[...]

  • Page 55

    Chapter 5 Controller AP Mode NWA-3500/NWA-3550 User’s Guide 55 After logging in again, the na vigation menu changes to include links f or the Controller and Profile Edit screens. The items marked below are scree ns that can be configured for all APs managed by the NWA. Figure 22 Controller AP Na vigation Links In the figure above, changes made in[...]

  • Page 56

    Chapter 5 C ontroller AP Mo de NWA-3500/NWA-3550 User’s Guide 56 Figure 23 AP Controller: the S tatus Screen The following table describes the new labels in this screen. T able 9 AP Con troller: the S tatus Scre en LABEL DESCRIPTION Registration T ype This field displ ays how the managed APs are registered with the NWA. • Manual displays if yo [...]

  • Page 57

    Chapter 5 Controller AP Mode NWA-3500/NWA-3550 User’s Guide 57 5.4 AP List Screen Use this screen to view and add manage d APs. By default, the NW A is always included in this tabl e. Although you cann ot remov e it, you can edit i ts settings. Click Controller > AP Lists . The following screen displa ys. Figure 24 The Controller > AP Lists[...]

  • Page 58

    Chapter 5 C ontroller AP Mo de NWA-3500/NWA-3550 User’s Guide 58 Status This displays whether the man aged AP is active, not active or upgrading its firmware. • Red : the AP is not active. • Green : the AP is active. • Yellow : the AP is upgrading its firmw are. Note: Y ou can still edit a managed AP’ s settings even if it is offline. How[...]

  • Page 59

    Chapter 5 Controller AP Mode NWA-3500/NWA-3550 User’s Guide 59 5.4.1 The AP List s Edit Screen Use this screen to change th e description or radio profile of an AP managed by the NWA. Click Edit in the CONTROLL ER > AP Lists screen. The following screen displays. Figure 25 The Controller > AP C onfiguration Scre en The following table descr[...]

  • Page 60

    Chapter 5 C ontroller AP Mo de NWA-3500/NWA-3550 User’s Guide 60 5.5 Configuration Screen Use this screen to control the way in which the NWA acc epts new APs to manage. Y ou can also configure the pre-shared key (PSK) that is use to secure t he data transmit ted between the NWA and the APs it manages. When the NWA is in AP controller mode, click[...]

  • Page 61

    Chapter 5 Controller AP Mode NWA-3500/NWA-3550 User’s Guide 61 5.6 Redundancy Screen Use this screen to set t he controller AP as a primary or secondary controller . If you set your NW A as a primary controller AP , you can hav e a secondary controller AP to serve as a backup. All configurations are synchronized between the NWA and t he secondary[...]

  • Page 62

    Chapter 5 C ontroller AP Mo de NWA-3500/NWA-3550 User’s Guide 62 5.7 The Profile Edit Screens This section describes the Profile Edit screens, which are available on ly in A P controller mode. The following Profile Edit screens are identical to those in regular mode: •T h e Profile Edit > SSID screen (see Section 9.2 on page 129 ). •T h e [...]

  • Page 63

    Chapter 5 Controller AP Mode NWA-3500/NWA-3550 User’s Guide 63 The following table describes t he labels in this screen. T able 13 The Profile Edit > Radio Screen LABEL DESCRIPTION Index This field displays the inde x number of each r adio profile. Profile Name This field displays the identification name of each r adio profile on the NWA. 802.[...]

  • Page 64

    Chapter 5 C ontroller AP Mo de NWA-3500/NWA-3550 User’s Guide 64 5.8 The Radio Profile Edit Screen Use this screen to conf igure a specific r adio profile. In the Profile Edit > Radio screen, select a profile and click Edit . The following screen displays. Figure 30 The Profile Edit > Radio > Edit Screen[...]

  • Page 65

    Chapter 5 Controller AP Mode NWA-3500/NWA-3550 User’s Guide 65 The following table describes t he labels in this screen. T able 14 The Profile Edit > Radio > Edit Screen LABEL DESCRIPTION Profile Name Enter a name identifying this profile. 802.11 Mode Select 802.11 b Only to allow only IEEE 802.11b compliant WLAN devices to associate with t[...]

  • Page 66

    Chapter 5 C ontroller AP Mo de NWA-3500/NWA-3550 User’s Guide 66 Rates Configuration This section controls the data r ates permitted for clients of an AP using this radio profile. For e a c h Rate , select an option from the Configuration list. The options are: Basic (1~11 Mbps only): Clients can always connect to the access point at this speed. [...]

  • Page 67

    NWA-3500/NWA-3550 User’s Guide 67 C HAPTER 6 Tutorial This chapter first provides an overview of how to configure the wireless LAN on your NW A, and then gives step -by-step gu idelines showing how to configure your NWA for some example scenarios. 6.1 How to Configure the Wireless LAN This section shows how to choose which wireless oper ating mod[...]

  • Page 68

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 68 6.1.1.1 Configuring Dual WLAN Adaptors The NWA i s equipped with dual wireless adaptors. This means you can configure two different wireless networks to operate simultaneously . See Section 1.2.6 on page 28 for details. Y ou can configure each wireless adaptor separ ately in the WIRELESS > W[...]

  • Page 69

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 69 Figure 31 Configuring Wireless L AN S elect Operating Mode Access Point Bridge / Repeater Mo de. AP + Bridge Mode. MBSSID Mode. Select 802.1 1 Mode and Channel ID . Select SSID Configure SSID P rofile . Edit Security Pr ofile . Configure RADIUS authentication (optional). Configure internal AUTH[...]

  • Page 70

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 70 6.1.3 Further Reading Use these links to find more information on the steps: • Choosing 802.11 Mode : see Section 8.4.1 on page 123 . • Choosing a wireless Channel ID : see Section 8.4.1 on page 123 . • Selecting and configuring SSID profile (s): see Section 8.4.1 on page 123 and Section [...]

  • Page 71

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 71 The following figure shows the multiple ne tworks you want to set up. Y our NWA is marked Z , the main network router is marked A , and your network printer is marked B . Figure 32 T utorial: Example MBSSID Setup The standard network ( SSID04 ) has access to all resources. The V oIP network ( V[...]

  • Page 72

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 72 6.2.1 Change the Operating Mode Log in to the NWA (see Section 2.1 on page 35 ). Clic k WIRELESS > Wireless . The Wireless screen appears. In this exampl e, the NW A is using WLAN Interface 1 in Access Point oper ating mode, and is currently set to use the SSID04 profile. Figure 33 T utorial[...]

  • Page 73

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 73 Select MBSSID from the Operat ing Mode dr op-down list box. The screen displays as foll ows. Figure 34 T utorial: Wireless LAN: Change Mode This Select SSID Profile table allows you to activate or deactivate SSID profiles. Y our wireless network was previously using the SSID0 4 profile, so sele[...]

  • Page 74

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 74 network’ s par ameters, so when you set up security for the VoIP_SSID and Guest_SSID profiles you will need to set different security profiles. Figure 35 T u torial: WIRELESS > SSID The V oice ov er IP (V oIP) network will use the pre-configured SSID profile, so select VoIP_SSID ’ s r ad[...]

  • Page 75

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 75 • Choose a new SSID for the V oIP ne twork. In this example, enter VOIP_SSID_Example . Note that al though the SSID changes, the S SID profile name ( VoIP_SSID ) remains the same as before. • Select Enable from the Hide Na me (SSID) list box. Y ou want only authorized company employ ees to [...]

  • Page 76

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 76 Y ou already chose to use the security02 profile for this netw ork, so select the radio button for security02 and click Edit . The following screen appears. Figure 38 T utorial: V oIP Security Profile Edit • Change the Name field to “V oIP_Security” to mak e it easier to remember and iden[...]

  • Page 77

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 77 6.2.2.2 Activate the V oIP Profile Y ou need to activate the VoIP_SSID profil e before it can be used. Click the Wireless tab. In the Select SSID Profile table, select the VoIP_SSID profile’s Active checkbox and click Apply . Figure 40 T utorial: Activate V oIP Profile Y our V oIP wireless ne[...]

  • Page 78

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 78 Click WIRELESS > SSID . Selec t Guest_SSID ’ s entry in the list and click Edit . The following screen appears. Figure 41 T utorial: Guest Edit • Choose a new SSID for the guest network. In this example, enter Guest_SSID_Example . Note that although the SSID changes, the S SID profile na[...]

  • Page 79

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 79 Y ou already chose to use the security03 profile for this ne twork, so select security03 ’ s entry in the list and click Edit . The following screen appears. Figure 42 T utorial: Guest Security Profile Edit • Change the Name field to “ Guest_Security ” to make it easier to re member and[...]

  • Page 80

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 80 6.2.3.2 Set up Layer 2 Isolation Configure layer 2 isolation to control the speci fic devices you w ant the users on your guest network to access. Click WIRELESS > Layer-2 Isolation . The following screen appears. Figure 44 T utorial: Layer 2 Isolation[...]

  • Page 81

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 81 The Guest_SSID network uses the l2isolation01 profile by defau lt, so select its entry and click Edit . The following screen displays. Figure 45 T utorial: Layer 2 Isolation Profile Enter the MAC ad dresses and descriptions of the two network devices you want users on the guest network to be ab[...]

  • Page 82

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 82 6.2.3.3 Activate the Guest Profile Y ou need to activate the Guest_SSID prof ile before it can be us ed. Click the Wireless tab. In the Select SSID Profile table, select the check box for the Guest_SSID profile and click Apply . Figure 46 T utorial: Activate Guest Profile Y our guest wireless n[...]

  • Page 83

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 83 6.3 How to Set Up and Use Rogue AP Detection This example shows you how to configur e the rogue AP detection feature on the NWA. A rogue AP is a wireless access point oper ating in a network’ s coverage area that is not a sanctioned part of that networ k. The example also shows how to set the[...]

  • Page 84

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 84 E , and a computer , marked F , connected to the wired network. The coffee shop’ s access point is marked 1 . Figure 47 T utorial: Wireless Network Example In the figure, the solid ci rcle represents the r ange of y our wireless network, and the dashed circle represents the extent of the coff[...]

  • Page 85

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 85 Note: The NW A can detect the MAC addre sses of APs automatically . However , it is more secure to obt ain the correct MAC addresses from an other source and add them to the friendly AP list manually . For example, an attacker’s AP mimicking the correct SSID could be placed on the friendly AP[...]

  • Page 86

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 86 Note: Y ou can add APs that are not p art of your network to the friendly AP list, as lo ng as you know that they do not pose a threat to your network’s security . The Friendly AP screen now appears as follows. Figure 49 T utorial: Friendly AP (After Dat a Entry) T able 17 Tutorial: Friendly [...]

  • Page 87

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 87 3 Next, you will sa ve the list of friendly APs i n order to provide a backup and upload it to your ot her access points. Click the Configuration tab.The following screen appears. Figure 50 T utorial: Configuration 4 Click Export . If a window si milar to the following appears, click Save . Fig[...]

  • Page 88

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 88 5 Save the friendly AP list somewhere it can be accessed by al l the other access points on the network. In this example, save it on the net work file server ( E in Figure 47 on page 84 ). The default filename is “Flist” . Figure 52 T utorial: Save Friendly AP list 6.3.2 Activate Periodic R[...]

  • Page 89

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 89 4 Click Apply . 6.3.3 Set Up E-mail Logs In this section, you will configure the firs t of y our four APs to send a log message to your e-mail inbox whenever a rogue AP is disco vered in your wireless network’ s cover age area. 1 Click LOGS > Log Settings . The following screen appears. Fi[...]

  • Page 90

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 90 • Enter a subject line for the alert e-mails in the Mail Subject field. Choose a subject that is eye- catching and identifi es the access point - in this examp le, “ ALER T_Access_P oint_A ” . • Enter the emai l address to which y ou want alerts to be s ent ( myname@myfirm.com , in this[...]

  • Page 91

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 91 • Log into each AP’ s W e b configur ator and click ROGUE AP > Rogue AP . Click Refresh . If any of the MAC addresses from T able 17 on page 86 appear in the list, the fr iendly A P function may be incorrectly configured - check t he ROGUE AP > Friendly AP screen. If any entries appea[...]

  • Page 92

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 92 NWA i s marked Z . C is a workstatio n on your wired netw ork, D is your main network switch, and E is the security gateway you use to connect to the Internet. Figure 55 T utorial: Example Network 6.4.2 Y our Requirement s 1 Y ou want to set up a wireless network to allow only Alice t o access [...]

  • Page 93

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 93 1 Configure th e SERVER_1 network’ s SSID pr ofile to use specific MAC filter and layer -2 isolation profiles. 2 Configure th e SERVER_1 network’ s MAC filter profile. 3 Configure th e SERVER_1 network’ s lay er-2 isolation profile. 4 Repeat steps 1 ~ 3 for the SERVER_2 network. 5 Check y[...]

  • Page 94

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 94 1 Log into the NW A’ s W eb Configur ator and click WIRELESS > SSID . The following screen displays, showing the SS ID profiles you already configured. Figure 56 T utorial: SSID Profile 2 Select SERVER_1 ’ s entry and click Edit . The following screen displays. Figure 57 T utorial: SSID [...]

  • Page 95

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 95 3 Click the Layer-2 Iso lation tab . When the Layer-2 Isolation screen appears, select L2Isolation03 ’s e n t r y a n d c l i c k Edit . The following screen displ ays. Figure 58 T utorial: Layer-2 Isolation Edit Enter the n etwork switch’s MAC Address and add a De scription (“NET_SWIT CH[...]

  • Page 96

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 96 6.4.5 Configure the SER VER_2 Network Next, you will configure the SERVER_2 network that allows Bob to access secure server 2 and the Internet. T o do this, repeat the procedure in Sect ion 6.4.4 on page 93 , subst ituting the following in formation . 6.4.6 Checking your Settings and T esting t[...]

  • Page 97

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 97 1 Click WIRELESS > Wireless . Check that the Operating Mode is MBSSID and that the correct SSID profiles are selected and activ ated, as shown in the following figure. Figure 60 T utorial: SSID Profi les Activa ted 2 Next, click the SSID tab . Check that each configured SSID profile uses the[...]

  • Page 98

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 98 6.4.6.2 T esting the Configuration Before you allow employ ees to use the ne twork, y ou need to thoroughly test whether the setup behaves as it should. T ake the following steps to do this. 1 Te s t t h e SERV ER_1 network. • Using Alice’ s computer and wireless cli ent, and the correct se[...]

  • Page 99

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 99 6.5 How to Configure Management Modes This example shows you how t o configure the NW A’ s controller AP and manage AP modes. 6.5.1 Scenario In this example, you are the administr ator of a company network wherein a gr oup of users need stable wireless connection. These users are employees wh[...]

  • Page 100

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 100 6.5.3 Setup In this example, each of your NWA standalo ne AP mirror each other . They all have the same SSID profiles stored. First you need to download the configuration file from one of your NWAs for backup purposes. Re fer to Section 23.8.1 on page 272 for information on how to download the[...]

  • Page 101

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 101 6.5.4 Configure Y our NW A in Controller AP Mode The NWA i s set to Standalone AP mode by default. After y ou have made sure you ha ve the correct configur ation (see Secti on 23.8 on page 272 ) in the NW As ( A and E ) of the 1st floor , you need to set both of them to controller AP mode, one[...]

  • Page 102

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 102 1 T o set your NWA in secondary controller AP mode, open the Controller > Redundacy screen (this screen only appears when the NW A is in Controller AP mode) in the W eb Configurator of the NW A that you want to serv e as backup. Figure 64 T utorial: Secondary Controller AP 2 Enable Redundan[...]

  • Page 103

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 103 6.5.5 Setting Y our NW A in Managed AP Mode After setting the NW As ( A and E ) to controller AP modes, y ou can now transform the NWAs ( B , C and D ) in the 2nd, 3rd and 4th floors of your company building to manage d APs. It is very important to note that once an NW A is in managed AP mode,[...]

  • Page 104

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 104 6.5.6 Configuring the Managed Access Point s List At this point, you have 3 NWA managed APs ( B , C and D ) that can now be managed b y the prima ry controlle r AP . First in the W eb Config urator of your primary control ler AP ( A ), go to Cont roller > Configuration . Figure 67 T utorial[...]

  • Page 105

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 105 2 Select the NW A managed APs from the Un- Managed Access Points List as shown in the screen above. Y ou can also id entify these managed APs by filling in the Description field. Click Add . 3 The 2nd, 3rd and 4th floor NW A managed APs ( B , C and D ) should now be in the Manged Access Points[...]

  • Page 106

    Chapter 6 Tutorial NWA-3500/NWA-3550 User’s Guide 106 In this example, the 1st floor NWA managed AP uses radio06 for its WLAN1 Radio Profile . The WLAN2 r adio is disabled . Refer t o Section 5.7.1 on page 62 for instructions on how to set up WLAN r adio profiles i n the NW A controller APs. 6.5.7 Checking your Settings and T esting the Configura[...]

  • Page 107

    107 P ART II The W eb Configurator System Screens (109) Wireless Configur ation (119) SSID Screen (141) Wireless Security Screen (147) RADIUS Screen (161) Layer -2 Isolation Screen (165) MAC Filter Screen (171) IP Screen (175) Rog ue AP Detection (179) Re mote Management Screens (187) Internal RADIUS Server (199) Certificates (207) Log Screens (227[...]

  • Page 108

    108[...]

  • Page 109

    NWA-3500/NWA-3550 User’s Guide 109 C HAPTER 7 System Screens 7.1 Overview This chapter provides information and i nstructions on how to identify and manage your NW A ov er the network. Figure 72 NW A Setup In the figure above, the NWA connects to a Domain Name Server (DNS) server to av ail of a domain name. It also connects to an Network Time Pro[...]

  • Page 110

    Chapter 7 System Screens NWA-3500/NWA-3550 User’s Guide 11 0 •U s e t h e Time Setting screen (see Section 7.6 on page 116 ) to change your NWA’ s time and date. This screen allows you to configure the NW A’ s time based on your local time zone. 7.3 What Y ou Need T o Know IP Address Assignment Every computer on the Internet must have a uni[...]

  • Page 111

    Chapter 7 S ystem Scre ens NWA-3500/NWA-3550 User’s Guide 111 reserved this block of addresses specifical ly for priv ate use; please do not use any other number unless you are told otherwise. Let's say y ou select 192.168.1.0 as the network number; which c overs 254 indi vidual addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are [...]

  • Page 112

    Chapter 7 System Screens NWA-3500/NWA-3550 User’s Guide 11 2 7.4 General Setup Screen Use the General screen to identify your NWA over the network. Click System > General . The following screen displays. Figure 73 System > General The following table describes t he labels in this screen. T able 23 System > General LABEL DESCRIPTION Gener[...]

  • Page 113

    Chapter 7 S ystem Scre ens NWA-3500/NWA-3550 User’s Guide 11 3 7.5 Configuring the Password It is strongly recommended that you change your NWA’ s password. Click SYSTEM > Password . The screen appears as shown. If you forget your NW A’ s password (or IP address), you will need to reset the device. Se e the sectio n on resetting the NWA fo[...]

  • Page 114

    Chapter 7 System Screens NWA-3500/NWA-3550 User’s Guide 11 4 Note: Regardless of how you configure this screen, you st ill use the local system password to log in via the console port (for internal use only). Figure 74 System > Password. The following table describes t he labels in this screen. T able 24 System > Password LABEL DESCRIPTIONS[...]

  • Page 115

    Chapter 7 S ystem Scre ens NWA-3500/NWA-3550 User’s Guide 11 5 P assword T ype a password (up to 31 ASCII characters) for this user profile. Note that as you type a password, the screen displays a (*) for each character y ou type. Spaces are allowed. Note: If you are using PEAP a uthentication, this password field is limited to 14 ASCII character[...]

  • Page 116

    Chapter 7 System Screens NWA-3500/NWA-3550 User’s Guide 11 6 7.6 Configuring T ime Setting T o change your NWA’ s time and date, cli ck SYSTEM > Time Setting . The screen appears as shown. Use this screen to configure the NWA’ s time based on your local tim e zone. Figure 75 System > T i me Setting The following table describes t he lab[...]

  • Page 117

    Chapter 7 S ystem Scre ens NWA-3500/NWA-3550 User’s Guide 11 7 New Date (yyyy:mm:dd) This field displays the last updated date from the time server or the last date configured manually . When you set Time and Date Setup to Manual , enter the new date in this field and then click Apply . Get from Time Server Select this radio button to ha ve the N[...]

  • Page 118

    Chapter 7 System Screens NWA-3500/NWA-3550 User’s Guide 11 8 7.7 T echnical Reference This section provides technical background information about the topics cov ered in this chapter . Pre-defined NTP Time Servers List When you turn on the NW A for the first ti me, the date and time start at 2000-01- 01 00:00:00. When you select Auto in the SYSTE[...]

  • Page 119

    NWA-3500/NWA-3550 User’s Guide 11 9 C HAPTER 8 Wireless Configuration 8.1 Overview This chapter discusses the steps to confi g ure the Wireless Settings screen on the NWA. It also introduces the Wireless LA N (WLAN) and some basic scenarios. Figure 76 Wirele ss Mode In the figure above, the NWA all ows access to another bridge device ( A ) and a [...]

  • Page 120

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 120 8.3 What Y ou Need T o Know The following are wireless network terminol og ies that are relevant to this chapter . BSS A Basic Service Set (BS S) exists when all communicat ions between wireless stations or between a wireless station an d a wired network client go through one acc[...]

  • Page 121

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 121 their associated wireless stations within the same ESS must hav e the same ESSID in order to comm unicate. Figure 78 Extended Service Set 8.3.1 Operating Mode The NWA can run in four operating modes as fol lows: • AP (Access Point) . The NWA is wireless access point that all ow[...]

  • Page 122

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 122 SSID The SSID (Service Set IDenti fier) identifies the Service Set wi th which a wireless station is associated. Wireless stations a ssociating to the access point (AP) must have the same SSID . Normally , the ZyXEL Device acts like a be acon and regularly broadcast s the SSID in[...]

  • Page 123

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 123 MBSSID should not replace but r ather be used in conjunction with 802.1x securit y . 8.4 Configuring Wireless Settings Click WIRELESS > Wireless . The sc reen vari es depending upon the oper ating mode you select. 8.4.1 Access Point Mode Select Access Point as the Op erating M[...]

  • Page 124

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 124 The following table describes t he genera l wireless L AN labels in this screen. T able 27 Wireless: Access Point LABEL DESCRIPTION WLAN Interface Select which WLAN adapter you w ant to configure. It is recommended that you configure the first WLAN adapter for AP functions and us[...]

  • Page 125

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 125 RT S / C T S Threshold The threshold (number of bytes) fo r enabling RT S/CTS handshake. Data with its frame size larger than this value will perform the R TS/CT S handshake. Setting this attribute to be larger than the maximum MSDU (MAC service data unit) size turns off the R TS[...]

  • Page 126

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 126 8.4.2 Bridge / Repeater Mode The NWA can act as a wireless network bridge and establis h wireless links with other APs. Y o u need to know th e MAC addr ess of the peer device, which also must be in bridge mode. The NWA can est ablish up to fiv e wireless links with other APs. Ra[...]

  • Page 127

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 127 T o have the NWA act as a wireless bridge only , click WIRELESS > Wireless and select Bridge / Repeater as the Operating Mode . Figure 80 Wireless: Bridge / Repeater[...]

  • Page 128

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 128 The following table describes t he bridge labels in this screen. T able 28 Wireless: Bridge / Repeater LABEL DESCRIPTIONS Operating Mode Select Bridge / Repeater in this field. Enable WDS Security Select this to turn on security for the NW A’ s Wireless Distribution System (WDS[...]

  • Page 129

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 129 See T able 27 on page 124 for information on the other label s in this screen. 8.4.3 AP + Bridge Mode Select AP + Bridge as the Operating Mode in the WIRELESS > Wireless screen to hav e the NWA function as a br idge and access point simultaneously . See the section on applicat[...]

  • Page 130

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 130 See the tables describing the fields in the Access Point and Bridge / Repeater operating modes for descriptions of the fields in this screen. 8.4.4 MBSSID Mode Use this screen to have the NW A function in MBSSID mode. Select MBSSID as the Operating Mode . The following screen dip[...]

  • Page 131

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 131 The following table describes t he labels in this screen. See T able 27 on page 124 for information on the other label s in this screen. 8.5 T echnical Reference This section provides technical background information about the topics cov ered in this chapter . Refer to Appendix B[...]

  • Page 132

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 132 to propagate to the root bridge and unw anted learned addresses are flushed from the filtering database. In RSTP , the port states are Discarding, Learning, and For w a rd i n g . 8.5.1.2 STP T erminology The root bridge is the base of the spanning tree; it is the bridge with the[...]

  • Page 133

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 133 8.5.1.4 STP Port St ates STP assigns five port states (see next table) to eliminate pack et looping. A bridge port is not allowed to go directly from blocking state to forwardi ng state so as to eliminate transient loops. 8.5.2 DFS When you choose 802.1 1a in Access Point mode, t[...]

  • Page 134

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 134 The roaming feature on the access points allows the acces s points to relay information about t he wireless stations to each other . When a wireless stat ion moves from a cover age area to another , it scans and use s th e channel of a new access point, which then i nforms the ot[...]

  • Page 135

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 135 5 Access point AP 1 updates the new position of wireless station Y . 8.5.3.1 Requirement s for Roaming The following requirements must be met in order for wireless stations to roam between the cover age areas. • All the access points must be on the same subnet and configured wi[...]

  • Page 136

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 136 8.5.4 Bridge / Repeater Example This section shows an example of two NW As in Bridge/Repeater mode forming a WDS (Wireless Distribution S ystem) and allowing the computers in LAN 1 to connect to the computers in LAN 2 . This is shown in the following figure. Figure 85 Bridging Ex[...]

  • Page 137

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 137 • If your NWA (in bridge mode) is connec ted to a wired LAN while communicating with another wireless bridge that is also connected to the same wired LAN. Figure 87 Bridge Loop: Brid ge Connected to Wired LAN T o prevent bridge loops, ensure that you enable STP in the Wireless [...]

  • Page 138

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 138 reductions in data tr ansmission for applications that are sensitive to l atency (delay) and jit ter (variations in delay). 8.5.6.1 WMM QoS Priorities The following table descri bes the WMM QoS priority lev els that the NW A uses. 8.5.7 A TC Automatic T raffic Classifi er (A TC) [...]

  • Page 139

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 139 When A TC is activ ated, the device sends tr affic with smaller packets before tr affic with larger packets if the network is congested. A TC assigns priorit y to packets as shown in the following table. Y ou should activate A TC on the NW A if yo u r wireless network includes ne[...]

  • Page 140

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 140 The following table shows how priorit ies are assigned for packets coming from the LAN to the WLAN. 8.5.8.2 A TC+WMM from WLAN to LAN A TC+WMM from WLAN to LAN automatically prioritizes (assigns an A TC value to) all packets comi ng from the WLAN. P ackets are assigned an A TC va[...]

  • Page 141

    NWA-3500/NWA-3550 User’s Guide 141 C HAPTER 9 SSID Screen 9.1 Overview This chapter describes how y ou can configure Service Set Identifier (SSID) profiles in your NWA. Figure 88 Sample SSID Profiles In the figure above, the NWA has thre e SSID profiles configured: a standard profile ( SSID04 ), a p rofile with high QoS settings for V oice ov er [...]

  • Page 142

    Chapter 9 SSID Screen NWA-3500/NWA-3550 User’s Guide 142 9.3 What Y ou Need T o Know When the NWA is set to Access Point , AP + Bridge or MBSSID mode, you ne ed to choose the SSID profile(s) you want to use in your wireless network (see Chapter 1 on page 31 for more informatio n on operating modes). T o configure the settings of your SSID pr ofil[...]

  • Page 143

    Chapter 9 SSID Screen NWA-3500/NWA-3550 User’s Guide 143 9.4 The SSID Screen Use this screen to select the SSID pr ofile you want to configure. Click Wireless > SSID to display the screen as shown. Figure 89 Wirele ss > SSID The following table describes t he labels in this screen. T able 37 Wireless > SSID LABEL DESCRIPTION Index This f[...]

  • Page 144

    Chapter 9 SSID Screen NWA-3500/NWA-3550 User’s Guide 144 9.4.1 Configuring SSID Use this screen to configure an SSID profile. Select a n SSID profile in Wireless > SSID and click Edit to display the following screen. Figure 90 Wireless > SSI D > Edit The following table describes t he labels in this screen. Layer 2 Isolation This field d[...]

  • Page 145

    Chapter 9 SSID Screen NWA-3500/NWA-3550 User’s Guide 145 QoS Select the Quality of Service priority for this BS S’s tr affic. • In the pre-configured VoIP_SSID profile, the QoS setting is VoIP . This is not user-configur able. The VoIP setting is available only o n the VoIP_SSID profile, and provides the highest level of QoS . • If you sele[...]

  • Page 146

    Chapter 9 SSID Screen NWA-3500/NWA-3550 User’s Guide 146[...]

  • Page 147

    NWA-3500/NWA-3550 User’s Guide 147 C HAPTER 10 Wireless Security Screen 10.1 Overview This chapter describes how to use t he Wireless Secu rity screen. This screen allows y ou to configure the security mode for your N WA. Wireless security is vital to your net w ork. It protects communications between wireless stations, access poi nts and the wir[...]

  • Page 148

    Chapter 10 Wire less Security Screen NWA-3500/NWA-3550 User’s Guide 148 10.3 What Y ou Need T o Know User Authentication Authentication is the process of v erifying whether a wireless device is allowed to use the wireless network. Y ou can make every user log in to the wireless ne twork before they can use it. However , every device in the wirele[...]

  • Page 149

    Chapter 10 Wire less Security Sc reen NWA-3500/NWA-3550 User’s Guide 149 • 802.1x-Only. This is a standard that extends the features of IEEE 802. 11 to support extended authentication. It prov ides additional accounting and control features. This option do es not support data encryption. • 802.1x-Static64. This provides 802.1x -Only authentic[...]

  • Page 150

    Chapter 10 Wire less Security Screen NWA-3500/NWA-3550 User’s Guide 150 Microsoft Challenge Handshake Authenticati on Protocol V ersion 2 (MSCHAPv2) or Generic T oken Card (GTC). Further information on these terms can be found in Appendix B on page 233 . 10.4 The Security Screen Note: The following screens are configurable only in Access Point, A[...]

  • Page 151

    Chapter 10 Wire less Security Sc reen NWA-3500/NWA-3550 User’s Guide 151 After selecting the securit y profile y ou want to edit, the following screen appears. Enter the na me you want to call th is security pr ofile in the Profile Name field. Figure 93 Security: Profile Name The next screen varies according to the Se curity Mode you select. 10.4[...]

  • Page 152

    Chapter 10 Wire less Security Screen NWA-3500/NWA-3550 User’s Guide 152 The following table describes t he labels in this screen. T able 41 Wireless > Security: WEP LABEL DESCRIPTION Profile Name T ype a name to identify this security profile. Security Mode Choose WEP in this field . WEP Encryption Select Disable to allow wireless stations to [...]

  • Page 153

    Chapter 10 Wire less Security Sc reen NWA-3500/NWA-3550 User’s Guide 153 10.4.2 Security: 802.1x Only Use this screen to set t he selected profile to 802.1x Only securit y mode. Select 802.1x-Only in the Security Mode field to dis play the following screen. Figure 95 Wirele ss > Security: 802.1x Only The following table describes t he labels i[...]

  • Page 154

    Chapter 10 Wire less Security Screen NWA-3500/NWA-3550 User’s Guide 154 10.4.3 Security: 802.1x S t atic 64-bit, 802.1x S t atic 128-bit Use this screen to set the selected prof ile to 802.1x Static 64 or 802.1x Stati c 128 security mode. Select 802.1x Static 64 or 802.1x Static 128 in the Security Mode field to display the following screen. Figu[...]

  • Page 155

    Chapter 10 Wire less Security Sc reen NWA-3500/NWA-3550 User’s Guide 155 10.4.4 Security: WP A Use this screen to set the select ed profil e to Wi -Fi Protected Access (WP A) security mode.Select WPA in the Security Mode field to display the foll owing screen. Figure 97 Wirele ss > Security: WP A The following table describes t he labels in th[...]

  • Page 156

    Chapter 10 Wire less Security Screen NWA-3500/NWA-3550 User’s Guide 156 10.4.5 Security: WP A2 or WP A2-MIX Use this screen to set the selected prof ile to WP A2 or WP A2-MIX security mode. Select WPA2 or WPA2-MIX in the Security Mode field to displa y the following screen. Figure 98 Wireless > Security:WP A2 or WP A2-MIX R eAuthentication Tim[...]

  • Page 157

    Chapter 10 Wire less Security Sc reen NWA-3500/NWA-3550 User’s Guide 157 The following table descri bes the labels not previously discus sed T able 45 Wireless > Security: WPA2 or WPA2-MIX LABEL DESCRIPTIONS Profile Name T ype a name to identify this security profile. Security Mode Choose WPA2 or WPA2-MIX in this field. R eAuthentication Timer[...]

  • Page 158

    Chapter 10 Wire less Security Screen NWA-3500/NWA-3550 User’s Guide 158 10.4.6 Security: WP A-PSK , WP A2-PSK, WP A2-PSK-MIX Use this screen to set the selected prof ile to WP A -PSK, WP A2-PSK or WP A2-PSK - MIX security mode. Select WPA-PSK , WPA2-PSK or WPA2-PSK-MIX in the Security Mode field to display the following screen. Figure 99 Wireless[...]

  • Page 159

    Chapter 10 Wire less Security Sc reen NWA-3500/NWA-3550 User’s Guide 159 10.5 T e chnical Reference This section provi des technical background information on the topics discussed in this chapter . The following is a gener al guideline in ch oosing the securit y mode for your NW A. • Use WP A(2) security i f you have WPA(2) -aware wireless clie[...]

  • Page 160

    Chapter 10 Wire less Security Screen NWA-3500/NWA-3550 User’s Guide 160[...]

  • Page 161

    NWA-3500/NWA-3550 User’s Guide 161 C HAPTER 11 RADIUS Screen 1 1.1 Overview This chapter describes how y ou can use the Wireless > RADIUS screen. Remote A uthentication Dial In User Serv ice (RADIUS) is a protocol that can be used to manage user access to large networks. It is based on a client -server model that supports authentica tion, auth[...]

  • Page 162

    Chapter 11 RADIUS Screen NWA-3500/NWA-3550 User’s Guide 162 1 1.3 What Y ou Need T o Know The RADIUS server handles the following tasks: • Authentication which determines the identity of the users. • Authorization which determines the networ k services avai lable to authenticated users once they are connected to the network. • Accounting wh[...]

  • Page 163

    Chapter 11 RADIUS Screen NWA-3500/NWA-3550 User’s Guide 163 1 1.4 The RADIUS Screen Use this screen to set up y our NW A’ s RADIUS server settings. Cl ick Wireless > RADIUS . The screen appears as shown. Figure 101 Wireless > RADIUS The following table describes t he labels in this screen. T able 47 Wireless > RADIUS LABEL DESCRIPTION [...]

  • Page 164

    Chapter 11 RADIUS Screen NWA-3500/NWA-3550 User’s Guide 164 Internal Select this check box to use the NW A’ s internal authentication server . The Active , RADIUS Serv er IP Address , RADIUS Serv er Port and Share Secret fields are not available when you use the internal authentication server . External Select this check box to use an external [...]

  • Page 165

    NWA-3500/NWA-3550 User’s Guide 165 C HAPTER 12 Layer-2 Isolation Screen 12.1 Overview This chapter describes ho w y ou can configure th e Layer-2 Isolation screen on your NWA. Layer -2 isolation is used to prevent wireless clients associated with your NW A from communicating with other wireless c lients, APs, computers or rout ers in a network. I[...]

  • Page 166

    Chapter 12 Layer-2 Iso lation Screen NWA-3500/NWA-3550 User’s Guide 166 MAC addresses that are not listed in the Allow devices with these MAC addresses table of the Wireless > Layer-2 Isolation screen are blocked from communicating with the NW A’ s wireless c lients except for broadcast packets. Layer -2 isolation does not check the tr aff i[...]

  • Page 167

    Chapter 12 Layer-2 Isolation Screen NWA-3500/NWA-3550 User’s Guide 167 12.4 The Layer-2 Isolation Screen Use this screen to select and configure a layer-2 is olation profile. Click Wireless > Layer-2 Isolation . The screen appears as shown next. Figure 103 Wireless > Layer 2 Isolation The following table describes t he labels in this screen[...]

  • Page 168

    Chapter 12 Layer-2 Iso lation Screen NWA-3500/NWA-3550 User’s Guide 168 Note: When configuring this screen, remember to select the correct layer-2 isolation profile in the Wireless> SSID > Edit screen of the relevant SSID profile. Figure 104 Wireless > Layer-2 Isolation > Edit The following table describes t he labels in this screen. [...]

  • Page 169

    Chapter 12 Layer-2 Isolation Screen NWA-3500/NWA-3550 User’s Guide 169 12.5 T e chnical Reference This section provi des technical background information on the topics discussed in this chapter . The figure that follows i llustrates two ex ample layer -2 isolation configurations on your NWA ( A ). Figure 105 Layer-2 Isolation Exa mple Configurati[...]

  • Page 170

    Chapter 12 Layer-2 Iso lation Screen NWA-3500/NWA-3550 User’s Guide 170 •E n t e r C ’ s MAC address in the MAC Address field, and enter “File Server C” in the Description field. Figure 106 Layer-2 Isolation Exa mple 1 Example 2: Restricti ng Access to Client In the following example wireless clients 1 and 2 can communicate with access po[...]

  • Page 171

    NWA-3500/NWA-3550 User’s Guide 171 C HAPTER 13 MAC Filter Screen 13.1 Overview This chapter discusses how you can use the Wireless > MAC Filter screen. The MAC filter function allows you to configure the NW A to grant access to devices (Allow Association) or ex clude devices from accessing the NW A (Den y Association). Figure 108 MAC Filtering[...]

  • Page 172

    Chapter 13 MAC Filt er Screen NWA-3500/NWA-3550 User’s Guide 172 13.3 What Y ou Should Know About MAC Filter Every Ethernet dev ice has a unique MAC (Media Access Cont rol) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. Y ou need to know the MAC address of e[...]

  • Page 173

    Chapter 13 MAC Filter Scr een NWA-3500/NWA-3550 User’s Guide 173 The following table describes t he labels in this screen. 13.4.1 Configuring the MAC Filter T o change your NWA’s MAC filter setti ngs, click WIRELESS > MAC Filter > Edit . The screen appears as shown. Figure 1 10 Wireless > MAC Filter > Edit The following table descri[...]

  • Page 174

    Chapter 13 MAC Filt er Screen NWA-3500/NWA-3550 User’s Guide 174 Note: T o activate MAC filtering on an SSID profile , select the correct filter from the Enable MAC Filtering drop-down list box in the Wir ele ss > SSID > Edit screen and click Apply Index This is the index number of the MAC address. MAC Address Enter the MAC addresses (in XX[...]

  • Page 175

    NWA-3500/NWA-3550 User’s Guide 175 C HAPTER 14 IP Screen 14.1 Overview This chapter describes how y ou can co nfigure the IP addr ess of your NW A. The Internet Protocol (IP) address iden tifies a devi ce on a network. Every networking device (inclu ding computers, se rvers, routers, printers, etc.) needs an IP address to communicate across the n[...]

  • Page 176

    Chapter 14 IP Screen NWA-3500/NWA-3550 User’s Guide 176 14.3 What Y ou Need T o Know About IP The Ethernet parameters of the NW A are pr eset in the factory with the following val u e s : 1 IP address of 192.168.1.2 2 Subnet mask of 255.255.255.0 ( 24 bits) These parameters should work fo r the majority of installations. 14.4 The IP Screen Use th[...]

  • Page 177

    Chapter 14 IP Scree n NWA-3500/NWA-3550 User’s Guide 177 14.5 T e chnical Reference This section provides technical background information about the topics cov ered in this chapter . 14.5.1 W AN IP Address Assignment Every computer on the Internet must have a unique IP address. If your networks are isolated from the Internet (only betwee n your t[...]

  • Page 178

    Chapter 14 IP Screen NWA-3500/NWA-3550 User’s Guide 178[...]

  • Page 179

    NWA-3500/NWA-3550 User’s Guide 179 C HAPTER 15 Rogue AP Detection 15.1 Overview This chapter discusses rogue wireless a ccess points and how to configure the NWA’ s rogue AP detection feature. Rogue APs are wireless access points oper at ing in a network’ s cover age area that are not under the control of the network’ s administr ators, and[...]

  • Page 180

    Chapter 15 Rogue AP Detection NWA-3500/NWA-3550 User’s Guide 180 (the dashed ellipse B ) is well-secured, but the rogue AP uses inferior security that is easily broken by an attacker ( X ) runni ng readily av ailable encryption-crac king software. In thi s example, the attacker now has access to the compan y network, including sensitive data stor[...]

  • Page 181

    Chapter 15 Rogue AP Detectio n NWA-3500/NWA-3550 User’s Guide 181 that of a neighbor (for example) you should also add these APs to the list, as they do not compromise your own network’ s security . If you do not add them to the friendly AP list, these access points will appear in the Rogue AP list each time the NWA sc ans. “Honeypot” Att a[...]

  • Page 182

    Chapter 15 Rogue AP Detection NWA-3500/NWA-3550 User’s Guide 182 15.3.1 Configuration Screen Use this screen to enable your NW A’ s Rogue AP detection settings. Cl ick Rogue AP > Configuration . The following screen appears: Figure 1 15 Rogue AP > Configuration The following table describes t he labels in this screen. T able 54 Rogue AP &[...]

  • Page 183

    Chapter 15 Rogue AP Detectio n NWA-3500/NWA-3550 User’s Guide 183 15.3.2 Friendly AP Screen Use this screen to specif y APs as trusted. Click Rogue AP > Friendly AP . The following screen appears: Figure 1 16 Rogue AP > Friendly AP The following table describes t he labels in this screen. T able 55 Rogue AP > Friendly AP LABEL DESCRIPTIO[...]

  • Page 184

    Chapter 15 Rogue AP Detection NWA-3500/NWA-3550 User’s Guide 184 15.3.3 Rogue AP Screen Use this scren to dis play details of al l wireless access points within the NW A’ s cover age area. Click Rogue AP > Rogue AP . The following screen displays . Figure 1 17 Rogue AP > Rogue AP The following table describes t he labels in this screen. T[...]

  • Page 185

    Chapter 15 Rogue AP Detectio n NWA-3500/NWA-3550 User’s Guide 185 Description If you w ant to move the AP’ s entry to the friendly AP list, enter a short, explanatory description iden tifying the AP before you click Add to Friendly AP List . A maximum of 32 alphanumeric characters are allowed in this field. Spaces, underscores (_) and dashes (-[...]

  • Page 186

    Chapter 15 Rogue AP Detection NWA-3500/NWA-3550 User’s Guide 186[...]

  • Page 187

    NWA-3500/NWA-3550 User’s Guide 187 C HAPTER 16 Remote Management Screens 16.1 Overview This chapter shows you how t o enable remote management of your NW A. It provides information on determining whic h services or protocols can access whic h of the NWA’ s interfaces. Re mote Management allows a user to admi nistr ate the device over the networ[...]

  • Page 188

    Chapter 16 Remo te Management Scree ns NWA-3500/NWA-3550 User’s Guide 188 16.2 What Y ou Can Do in the Remote Management Screens •U s e t h e Telnet screen (see Section 16.4 on page 190 ) to con figure through which interface(s) and from which IP address(es) y ou can use T elnet to manage the Z yXEL Device. A T elnet connection is prioritized b[...]

  • Page 189

    Chapter 16 Remot e Management Screens NWA-3500/NWA-3550 User’s Guide 189 versi on o ne ( SN MPv1 ) an d ve rsio n tw o ( SNM Pv2c). The next figure illustr ates an SNMP management oper ation. Note: SNMP is only available if TCP/IP is con figured. Figure 1 19 SNMP Management Mode An SNMP managed network consists of two main types of component: age[...]

  • Page 190

    Chapter 16 Remo te Management Scree ns NWA-3500/NWA-3550 User’s Guide 190 1. T elnet 2. HTTP System Timeout There is a default system management idle timeout of five minutes (three hundred seconds). The NWA automatically logs you out if the management session remains idle for longer t han this timeout period. The ma nagement session does not time[...]

  • Page 191

    Chapter 16 Remot e Management Screens NWA-3500/NWA-3550 User’s Guide 191 16.5 The FTP Screen Y ou can upload and download the NWA’ s firmware and configuration files using FTP . T o use th is feature, your computer must have an FTP client. T o change your NW A’ s FTP settings, click REMOTE MGMT > FTP . The following screen displays. Figure[...]

  • Page 192

    Chapter 16 Remo te Management Scree ns NWA-3500/NWA-3550 User’s Guide 192 The following table describes t he labels in this screen. 16.6 The WWW Screen Y ou can choose to conf igure your NWA via the W orld Wide W eb ( WWW) using a W eb browser . This lets you specify which IP addresses or computers are able to communicate with and access the NW A[...]

  • Page 193

    Chapter 16 Remot e Management Screens NWA-3500/NWA-3550 User’s Guide 193 The following table describes t he labels in this screen. T able 59 Remote MGNT > WWW LABEL DESCRIPTION WWW Server P ort Y ou may change the serv er port number for a service if needed, however you must u se the same port number in order to use that service for remote man[...]

  • Page 194

    Chapter 16 Remo te Management Scree ns NWA-3500/NWA-3550 User’s Guide 194 16.7 The SNMP Screen Use this screen to ha ve a manager stat ion administrate y our NW A over the network. T o change your NW A’ s SNMP settings, click REMOTE MGMT > SNMP . The following screen displays. Figure 123 Remote MGNT > SNMP The following table describes t [...]

  • Page 195

    Chapter 16 Remot e Management Screens NWA-3500/NWA-3550 User’s Guide 195 16.8 T e chnical Reference This section provi des some technical background informatio n about the topics covered in th is chapte r . 16.8.1 MIB Managed devices in an SMNP managed network contain ob ject variables or managed objects that define each piece of information to b[...]

  • Page 196

    Chapter 16 Remo te Management Scree ns NWA-3500/NWA-3550 User’s Guide 196 device. Examples of v ariables include such as number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects.SNMP itself is a simple request/ response protocol based on the manager/ agent model. The manager issues a[...]

  • Page 197

    Chapter 16 Remot e Management Screens NWA-3500/NWA-3550 User’s Guide 197 Some traps include an SNMP interface i n dex. The following table maps the SNMP interface indexes to the NW A’ s physical and virtual ports. authenticationF ailure (defined in RFC-1215 ) 1.3.6.1.6.3 .1.1.5.5 The device sends this trap when it receives any SNMP get or set r[...]

  • Page 198

    Chapter 16 Remo te Management Scree ns NWA-3500/NWA-3550 User’s Guide 198[...]

  • Page 199

    NWA-3500/NWA-3550 User’s Guide 199 C HAPTER 17 Internal RADIUS Server 17.1 Overview This chapter describes how the NWA can use its internal RADIUS server to authenticate wireless clients. Remote A uthentication Dial In User Serv ice (RADIUS) is a protocol that enables you to control access to a network by aut henticating user credentials. The fol[...]

  • Page 200

    Chapter 17 Internal RADIUS Server NWA-3500/NWA-3550 User’s Guide 200 17.2 What Y ou Can Do in the Internal Radius Server Screens •U s e t h e AUTH. SERVER > Setting screen (see Section 17.4 on page 200 ) to turn the NW A’s internal RADIUS server o ff or on and to view information about the NWA’ s certificates. •U s e t h e AUTH. SERVER[...]

  • Page 201

    Chapter 17 Internal RADIUS Server NWA-3500/NWA-3550 User’s Guide 201 Click AUTH. SERVER > Setting . The following screen displays. Figure 125 Setting Screen The following table describes t he labels in this screen. T able 63 Internal RADIUS Server Setting Screen LABEL DESCRIPTION Active Select the Active check box to have the NW A use its inte[...]

  • Page 202

    Chapter 17 Internal RADIUS Server NWA-3500/NWA-3550 User’s Guide 202 17.5 The T rusted AP Screen Use this screen to specif y APs as trusted. Click AUTH. SERVER > Trusted AP. The following screen displays: Subject This field displays identifying in formation about the certificate’s owner , such as CN (Common Name), OU (Organizational Unit or [...]

  • Page 203

    Chapter 17 Internal RADIUS Server NWA-3500/NWA-3550 User’s Guide 203 Figure 126 T rusted AP Scree n The following table describes t he labels in this screen. T able 64 Trusted AP Screen LABEL DESCRIPTION # This field displays the trusted AP index number . Active Select this check bo x to have the NW A use the IP Address and Shared Secret to authe[...]

  • Page 204

    Chapter 17 Internal RADIUS Server NWA-3500/NWA-3550 User’s Guide 204 17.6 The T rusted Users Screen Use this screen to conf igure trusted user entries. Click AUTH. SERVER > Trusted Users . The following screen displays. Figure 127 T rusted Users Screen The following table describes t he labels in this screen. T able 65 Trusted Users LABEL DESC[...]

  • Page 205

    Chapter 17 Internal RADIUS Server NWA-3500/NWA-3550 User’s Guide 205 17.7 T e chnical Reference This section provi des some technical background informatio n about the topics covered in th is chapte r . A trusted AP is an AP that uses the NW A’ s internal RADI US server to a uthentica te its wireless client s. Each wireless client must hav e a [...]

  • Page 206

    Chapter 17 Internal RADIUS Server NWA-3500/NWA-3550 User’s Guide 206 Note: The internal RADIUS server does not support domain acco unts (DOMAIN/ user). When you configure your Windows XP SP2 Wireless Zero Configuration PEAP/MS-CHAPv2 settings, deselect the Use Windows logon name and password check box. When authe ntication begins, a pop-up dialog[...]

  • Page 207

    NWA-3500/NWA-3550 User’s Guide 207 C HAPTER 18 Certificates 18.1 Overview This chapter describes how your NWA can use certificates as a means of authenticating wireless cl ients. It giv e s background information about public -key certificates and explains how to use them. A certificate contains the certificate owner’ s identit y and public key[...]

  • Page 208

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 208 18.3 What Y ou Need T o Know A Certification Authorit y (CA) issues certificates and guarantees the identit y of each certificate owner . There are comm ercial certification aut horities like CyberT rust or V eriSign and gov ernment certification authorities. Note that t he NWA als o trus[...]

  • Page 209

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 209 Note: Certificates display in black and certification requests display in gray . Figure 130 Certificates > My Certif icates The following table describes t he labels in this screen. T able 66 Certificates > My Certificates LABEL DESCRIPTION PKI Storage Space in Use This bar displays[...]

  • Page 210

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 210 18.4.1 My Certificates Import Screen Use this screen if you ha ve an existing CA -issued certificate you want to use for authentication. F ollow the instructions in th i s screen to sav e it to the NW A. Click Certificates > My Certificates and then Import to open the My Certificate Im[...]

  • Page 211

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 21 1 Note: Y ou can import only a certificate th at matches a corresponding certification request that was generated by the NW A. Note: The certificate you import replace s the corresponding request in the My Certificates screen. Note: Y ou must remove any sp aces from th e certificate’ s f[...]

  • Page 212

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 212 Click Certificates > My Certificates and then Create to open the My Certificate Create screen. The following figure displ ays. Figure 132 Certificates > My Certif icate Create The following table describes t he labels in this screen. T able 68 Certificates > My Certificate Create[...]

  • Page 213

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 213 Organization T ype up to 127 characters to identify the company or group to which the certificate owner belongs. Y ou may use any char acter , including spaces, but the NW A drops trailing spaces. Country T ype up to 127 characters to identify the nation where th e certificate owner is lo[...]

  • Page 214

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 214 After you cl ick Apply in the My Certificate Create screen, you see a screen that tells you the NWA is generating the s elf-signed certifica te or certific ation request . After the NW A successfully enrolls a certif icate or generates a certification request or a self -signed certificate[...]

  • Page 215

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 215 Click Certificates > My Certificates to open the My Certificates screen ( Figure 130 on page 209 ). Clic k the details button to open the My Certificate Details screen. Figure 133 Certificates > My Certif icate Details[...]

  • Page 216

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 216 The following table describes t he labels in this screen. T able 69 Certificates > My Certificate Details LABEL DESCRIPTION Name This field displays the identifying na me of this certificate. If you want to change the name, type up to 31 char acters to identify this certificate. Y ou m[...]

  • Page 217

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 217 V alid From This field displays the date that the certificate becomes applicable. The text displays in red and includes a Not Y e t V alid! message if the certificate has not yet become applicable. V alid T o This field displays the date th at the certific ate expires. The text displays i[...]

  • Page 218

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 218 18.5 T rusted CAs Screen Use this screen to view the list of trus t ed certificates. The NW A accepts an y val id certificate signed by a certi fication authorit y on this list as being trustworthy . Y ou do not need to import any certificate that is signed by any certification authority [...]

  • Page 219

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 219 18.5.1 T rusted CAs Import Screen Use this screen to sa ve a trusted certif ication authority’ s certifi cate to the NW A. Click Certificates > Trusted CAs to op en the Trusted CAs screen and then click Import to open the Trusted CAs Import screen. The following figure displa ys. Not[...]

  • Page 220

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 220 The following table describes t he labels in this screen. 18.5.2 T rusted CAs Det ails Screen Use this screen to view in-depth inform ation about the certification authority’ s certificate, change the certificate’ s na me and set whether or not you want the NWA to check a certificatio[...]

  • Page 221

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 221 Click Certificates > Trusted CAs to open the Trusted CAs screen. Click the details icon to open the Trusted CAs Details screen. Figure 136 Certificates > T rusted CAs Details The following table describes t he labels in this screen. T able 72 Certificates > T rusted CAs Details L[...]

  • Page 222

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 222 Certificate Path Click the Refresh button to have this read-only text box display the end entity’ s certificate and a list of certification authority certificates that shows the hierarch y of certification authorities that validate the end entity’ s certificate. If the issuin g certif[...]

  • Page 223

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 223 18.6 T e chnical Reference This section provides technical background information about the topics cov ered in this chapter . K ey Usage This field displays for what func tions the certificate’ s key can be used. For example, “DigitalSignature” me ans that the k ey can be used to si[...]

  • Page 224

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 224 18.6.1 Private-Public Certificates When using public-k ey cryptology for auth entic ation, each host has two keys. One key is public and can be made openl y available. The other key is private and must be kept secure. These keys work like a handwritten sign ature (in fact, certificates ar[...]

  • Page 225

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 225 18.6.3 Checking the Fingerprin t of a Certificate on Y our Computer A certificate’ s fingerprints are message di gests calcul ated using the MD5 or SHA1 algorithms. The following procedure describes how to check a certific ate’ s fingerpr int to verify that you h ave the actual certi [...]

  • Page 226

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 226 4 Use a secure method to verify t hat the certificate owner has the same information in the Thumbp rint Algorithm and Thumbprint fi elds. The secure method may vary acc ording to your s ituation. Possi bl e examples would be over the telephone or through an HT TPS connection.[...]

  • Page 227

    NWA-3500/NWA-3550 User’s Guide 227 C HAPTER 19 Log Screens 19.1 Overview This chapter provides information on vi ewing and generating logs on y our NW A. Logs are files that contain recorded netw ork activity ov er a set period. They are used by administr ators to monitor the he alth of the computer system(s) they are managing. Logs enable admini[...]

  • Page 228

    Chapter 19 Log Scre ens NWA-3500/NWA-3550 User’s Guide 228 19.2 What Y ou Can Do in the Log Screens •U s e t h e View Log screen ( Section 19.4 on page 228 ) to display all logs or logs for a certain category . Y ou can view logs and alert messages in this page. Once the log entries are all used, the log will wr ap around and the old logs will [...]

  • Page 229

    Chapter 19 Log Screens NWA-3500/NWA-3550 User’s Guide 229 Click Logs > V iew Log . The followi ng screen displays. Figure 140 Logs > V iew Log The following table describes t he labels in this screen. 19.5 The Log Settings Screen Use this screen to configure w here an d when the NWA wi ll send the logs, and which logs and/or immediat e aler[...]

  • Page 230

    Chapter 19 Log Scre ens NWA-3500/NWA-3550 User’s Guide 230 Click Logs > Log Settings . The following screen displa ys. Figure 141 Logs > Log Settings The following table describes t he labels in this screen. T able 74 Logs > Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the serv er name or the IP add ress of the mail serv[...]

  • Page 231

    Chapter 19 Log Screens NWA-3500/NWA-3550 User’s Guide 231 Send Alerts to Enter the e-mail address where the alert messages will be sent. If this field is left blank, alert messages will not be sent via e-mail. SMTP Authentication If you use SMTP authentication, th e mail receiver should be the owner of the SMTP account. User Name If your e-mail a[...]

  • Page 232

    Chapter 19 Log Scre ens NWA-3500/NWA-3550 User’s Guide 232 19.6 T e chnical Reference This section provi des some technical background informatio n about the topics covered in th is chapte r . 19.6.1 Example Log Messages This section provi des descriptions of some example log mes sages. T able 75 System Maintenance Logs LOG MESSAGE DESCRIPTION Ti[...]

  • Page 233

    Chapter 19 Log Screens NWA-3500/NWA-3550 User’s Guide 233 19.6.2 Log Commands Go to the command interpreter interface (refer to Appendix F on page 379 for a discussion on how to access and use the commands). 19.6.3 Configuring What Y ou W ant the NW A to Log Use the sys logs load command to load the log setting buffer that allows you to configure[...]

  • Page 234

    Chapter 19 Log Scre ens NWA-3500/NWA-3550 User’s Guide 234 Use sys logs category followed by a log category and a parameter to decide what to record Use the sys logs save command to store the settings in the NW A (you must do this in order to record logs). 19.6.4 Displaying Logs Use the sys logs display command to show all of the logs in the NWA?[...]

  • Page 235

    NWA-3500/NWA-3550 User’s Guide 235 C HAPTER 20 VLAN 20.1 Overview This chapter discusses how to conf igure VLAN on the NWA. A VLAN (Virtual Local Area Network) allo ws a ph ysical network to be partitioned into multiple logi cal networks. Stations on a logical network can belong to one or more groups. Only stations within th e same group can talk[...]

  • Page 236

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 236 20.3 What Y ou Need T o Know About VLAN When you use wireless VLAN an d RADIUS VLAN together , the NW A first tries to assign VLAN IDs based on RADIUS VLAN co nfigur ation. If a client’s user name does not match an entry in the RADIU S VLAN screen, the NWA assigns a VLAN ID based on the setting[...]

  • Page 237

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 237 20.4 Wireless VLAN Screen Use this scre en to enable and configur e your Wireless V irtual LAN s etup. Click VLAN > Wireless VLAN . The following screen appears. Figure 143 VLAN > W ireless VLAN[...]

  • Page 238

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 238 The following table describes t he labels in this screen T able 79 VLAN > Wireless VLAN FIELD DESCRIPTION Enable VIRT UAL LAN Select this box to enable VLAN tagging. Management VLAN ID Enter a number from 1 to 4094 to define this VLAN group. At least one device in your netwo rk must belong to [...]

  • Page 239

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 239 20.4.1 RADIUS VLAN Screen Use this screen to configure your RADIUS Virtual LAN setup . Click VLAN > RADIUS VLAN . The following screen appears. Figure 144 VLAN > RADIUS VLAN The following table describes t he labels in this screen. T able 80 VLAN > RADIUS VLAN LABEL DESCRIPTION Block sta[...]

  • Page 240

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 240 20.5 T e chnical Reference This section provi des some technical background information and configur ation examples about the t opics covered in this chapter . 20.5.1 VLAN T agging The NWA support s IEEE 802.1q VLAN tagging. T agged VLAN us es an explicit tag (VLAN ID) in the MAC header of a fram[...]

  • Page 241

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 241 On an Ethernet switch, create a VLAN that has the same management VLAN ID as the NW A. The following figure has the NW A connected to port 2 of the switch and your computer connected to port 1. The management VLAN ID is ten. Figure 145 Manageme nt VLAN Configuration Example P erform the following[...]

  • Page 242

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 242 8 Click Apply . The following scre en displays. Figure 147 VLAN-A ware Switch 9 Click VLAN S tatus to di splay the following screen. Figure 148 VLAN-A ware Switch - VLAN S tatus Fol low the instructions in the Quick Start Gui de to set up your NW A for configuration. The N WA should be connec ted[...]

  • Page 243

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 243 3 Click Apply . Figure 149 VLAN Setup 4 The NWA attempts to con nect with a VL AN-aware device. Y ou can now access an d mange the NW A though the Ethernet switch. Note: If you do not connect the NW A to a correctly configured VLAN-aware device, you will lock yourself out of the NW A. If this hap[...]

  • Page 244

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 244 Z yXEL uses the following standard RADIUS attributes returned from Microsoft’ s IAS RADIUS service to place the wirele ss station into the correct VLAN: The following occurs under Dynamic VLAN Assignment: 1 When you configure your wireless credenti als, the NW A sends the information to the IAS[...]

  • Page 245

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 245 1d Click OK . Figure 150 New Global Security Group 2 In VLAN Group ID Properties , click th e Members tab. • The IAS uses group memberships to d e termine wh ich user ac counts be long to which VLAN groups. Click the Add butt on and configure the VLAN group details. 3 Re peat the previous step [...]

  • Page 246

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 246 1 Using the Remote Access Policy option on the Internet Authentication Service management interface, create a new VLAN Po licy for each VLA N Group defined in the previous section. The order of the remote acce ss policies is important . The most specific policies should be placed at the top of th[...]

  • Page 247

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 247 4 The Select Groups window displays. Select a remote access policy and click the Add button. The policy is added to the fi eld below. Only one VLAN Group should be associated with each policy . 5 Click OK and Next in the next few screens to accept th e group value. Figure 154 Adding VL AN Group 6[...]

  • Page 248

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 248 7b Clear the check boxes for all other authentication types lis ted below the drop- down list box. Figure 156 Authentication T ab Settings 8 Click the Encryption tab. Select the Strongest encryption option. This step is not required for EAP-MD5, but is performed as a safeguard. Figure 157 Encryp [...]

  • Page 249

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 249 •C l i c k t h e Add button to add an additional three RADIUS VLAN attrib utes required for 802.1X Dynamic VLAN Assignment. Figure 158 Connection Attr ibutes Screen 11 The RADIUS Attribute screen di splays. From the list, three RADIUS attributes will be added: •T unnel-Medium - T ype •T unn[...]

  • Page 250

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 250 11 c Click the Add button. Figure 159 RADIUS Attribute Screen 12 The Enumerable Attribute Information screen displays. Select the 802 va lu e from the Attribute va lue drop-down list box. •C l i c k OK . Figure 160 802 Attribute Setting for T unnel-Medium-T ype 13 Return to the RADIUS Attribute[...]

  • Page 251

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 251 the VLAN Group specified in this policy will be give n a VLAN ID speci fied in the NWA VLA N table. 14b Click OK . Figure 161 VLAN ID Attribute Se tting for T unnel-Pvt-Group-ID 15 Return to the RADIUS Attribute Screen shown as Figure 159 on page 250 . 15a Select Tunnel-Type . 15b Click Add . 16 [...]

  • Page 252

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 252 17b The completed Advanced tab config uration should resemble the fo llowing screen. Figure 163 Completed Advanced T ab Note: Repeat the Configuring Remote Ac cess Policies procedure for each VLAN Group defined in the Active Dire ctory . Remember to place the most gene ral Remote Access Policies [...]

  • Page 253

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 253 20.5.4 Second Rx VLAN ID Example In this example, the NWA is configured to tag packets from SSID01 with VLAN ID 1 and tag packets from SSID02 with VLAN ID 2. VLAN 1 and VLAN 2 ha ve access to a server , S , and the Internet, as shown in the following figure. Figure 164 Second Rx VLAN ID Example P[...]

  • Page 254

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 254 2 Click VLAN > Wireless VLAN . 3 If VLAN is not already enabled, click Ena ble Virtual LAN and set up th e Management VLAN ID (see Section 20.5.2 on page 2 40 ). Note: If no devices are in the management VLAN, then no one will be able to access the NW A and you will have to restor e the defaul[...]

  • Page 255

    NWA-3160 Series User’s Guide 255 C HAPTER 21 Load Balancing 21.1 Overview Wireless load balancing is the process whereby you limit the number of connections allowed on an wireless acce ss point or you limit the amount of wireless tr affic transmi tted and received on it. Because there is a hard upper limit on the AP’ s wireless bandwidth, this [...]

  • Page 256

    Chapter 21 Load Balancing NWA-3160 Series User’s Guide 256 Imagine a coffee shop in a crowded business distri ct that offers free wireless connectivity to i ts customers. The coffee shop owner can’t possibly know how many connections his NWA will hav e at an y given moment. As such, he decides to put a limit the bandwidth that is av ailabl e to[...]

  • Page 257

    Chapter 21 L oad Balancing NWA-3160 Series User’s Guide 257 The requirements for load balancing are fairly straight forw ard and should be met in order for a group of similar NWAs to tak e advantage of the feature: • They should all be within t he same subnet. • They should all have the same SSID , r adio mode, and security mode. • There sh[...]

  • Page 258

    Chapter 21 Load Balancing NWA-3160 Series User’s Guide 258 21.2.1 Disassociating and Delaying Connections When your AP becomes ov erloaded, th ere are two basic responses it can take. The first one is to “de lay” a client conn ection. This m eans that the A P withholds the connection unt il the data transfer throug hput either is lowered or t[...]

  • Page 259

    Chapter 21 L oad Balancing NWA-3160 Series User’s Guide 259 can afford the bandwidth for it or the red la pt op is picked up by a different AP that has bandwidth to spare. Figure 168 Delaying a Co nnection The second response your AP can take is to kick the con nections tha t are pushing it ov er its balanced bandwi dth allotment. Figure 169 Kick[...]

  • Page 260

    Chapter 21 Load Balancing NWA-3160 Series User’s Guide 260[...]

  • Page 261

    NWA-3160 Series User’s Guide 261 C HAPTER 22 Dynamic Channel Selection 22.1 Overview This chapter discusses how to configure dynamic channel selection on the NWA. Dynamic channel selection is a feature that allows y our NWA to automatically select the r adio channel upon which it broa dcasts by scanning the area around and determining what channe[...]

  • Page 262

    Chapter 22 Dynamic Channel Selection NWA-3160 Series User’s Guide 262 In this example, if the NW A attempts t o broadcast on channels 1, 2, or 3 it is met with cross-channel interf erence from the othe r AP that shares the channel. This can result in noticeably sl ower data tr ansfer rates, the droppi ng of the connection al together , or even lo[...]

  • Page 263

    Chapter 22 Dynamic Channel Selection NWA-3160 Series User’s Guide 263 DCS Client Aware Selec t Enable to hav e the NWA w ait until all connected clients have disconnected before switching channels. If you select Disab le then the NWA switches chan nels immediately regardless of any client connections. In this instance, clients that are connected [...]

  • Page 264

    Chapter 22 Dynamic Channel Selection NWA-3160 Series User’s Guide 264[...]

  • Page 265

    NWA-3500/NWA-3550 User’s Guide 265 C HAPTER 23 Maintenance 23.1 Overview This chapter describes the maintenance screens. It discusses how y ou can view the association list and channel us age, upload new firmware, manage configur ation and restart y our NW A without turning it off and on. 23.2 What Y ou Can Do in the Maintenance Screens The follo[...]

  • Page 266

    Chapter 23 Maintenance NWA-3500/NWA-3550 User’s Guide 266 23.3 What Y ou Need T o Know About the Maintenance Screens Find firmw are at www .zyxel .com in a file that (usually) uses the system model name with a "*.b in" exte nsion, for example "[Model # ].bin". T he upload process uses HT TP (Hypertext T ransfer Prot ocol) and [...]

  • Page 267

    Chapter 23 Maintenance NWA-3500/NWA-3550 User’s Guide 267 Note: The Poll Interval field is configurable. The fields in this screen va ry according to the current wireless mode of ea ch WLAN adaptor . Figure 173 Maintenance > System S tatus: Show S tatistics The following table describes t he labels in this screen. T able 85 Maintenance > Sy[...]

  • Page 268

    Chapter 23 Maintenance NWA-3500/NWA-3550 User’s Guide 268 23.5 Association List Screen Use this screen to know which wireless cl ients are associated with the NW A. Click Maintenance > Association List . The following screen displays. Figure 174 Maintenance > Association List The following table describes t he labels in this screen. WLAN1 T[...]

  • Page 269

    Chapter 23 Maintenance NWA-3500/NWA-3550 User’s Guide 269 23.6 Channel Usage Screen Use this screen to see what channel the wireless clients are using to associate with the NWA, as well as the signal strength and network mode. Click Maintenance > Channel Usage . The following figure displays . W ait a moment whil e the NW A compiles the inform[...]

  • Page 270

    Chapter 23 Maintenance NWA-3500/NWA-3550 User’s Guide 270 The following table describes t he labels in this screen. 23.7 F/W Upload Screen Use this scren to upload firmware to your NW A. Click MAINTENANCE > F/W Up load . The following screen displays. . Figure 176 Maintenance > F /W Upload T able 87 Maintenance > Channel Usage LABEL DESC[...]

  • Page 271

    Chapter 23 Maintenance NWA-3500/NWA-3550 User’s Guide 271 The following table describes t he labels in this screen. Do not turn off the NW A while firmware upload is in progress! After you see the Firmware Upload in Process screen, wait tw o minute s before logging into the NWA again. Figure 177 Firmware Upload In Process The NWA automatic ally r[...]

  • Page 272

    Chapter 23 Maintenance NWA-3500/NWA-3550 User’s Guide 272 If the upload was not successful, the following screen will appear . Click Return to go back to the F/W Upload screen. Figure 179 Firmware Upload Error 23.8 Configuration Screen Use this screen backup or upload your NW A’ s configur ation file. Y ou can also reset the configuratio n of y[...]

  • Page 273

    Chapter 23 Maintenance NWA-3500/NWA-3550 User’s Guide 273 it is highly recommended that you b ack up y our configuration file before making configur ation changes. The backup configur ation file will be useful in case you need to return to your previous settings. Click Backup to sa ve the NW A’ s current configur ation to your computer . 23.8.2[...]

  • Page 274

    Chapter 23 Maintenance NWA-3500/NWA-3550 User’s Guide 274 If you uploaded the default con figuration file you may need to change the IP address of your computer to be in t he sa me subnet as that of the default NWA IP address (192.168.1.2). See your Quick Start Guide for details on how to set up your computer’ s IP address. If the upload was no[...]

  • Page 275

    Chapter 23 Maintenance NWA-3500/NWA-3550 User’s Guide 275 Click Maintenance > Restart . The following screen displays. Click Restart to have the NW A reboot. This does not affect the NW A's configuration. Figure 185 Rest art Screen[...]

  • Page 276

    Chapter 23 Maintenance NWA-3500/NWA-3550 User’s Guide 276[...]

  • Page 277

    277 P ART III T roubleshooting and S pecifications T roubleshooting (279) Product Specifications (285)[...]

  • Page 278

    278[...]

  • Page 279

    NWA-3500/NWA-3550 User’s Guide 279 C HAPTER 24 Troubleshooting This chapter offers some suggesti ons to solve problems you mi ght encounter . The potential problems are divided into the following categories. • P ower and Hardware Connections • NWA Acc ess and Login • Internet Access • Wireless R outer/A P T roubleshooting 24.1 Power and H[...]

  • Page 280

    Chapter 24 Trou bleshooting NWA-3500/NWA-3550 User’s Guide 280 2 If you changed the st atic IP address and have f orgotten it, you ha ve to reset the device to its factory d efaults. Contact yo ur vendor . If you set the NWA t o get a dynamically as signed IP address from a DHCP server , check your DHCP server for the IP address assi gned to the [...]

  • Page 281

    Chapter 24 Trou bleshooting NWA-3500/NWA-3550 User’s Guide 281 • T ry to access the NWA using another serv ice, such as T elnet. If you can access the NWA, check the remote management settings to find out why the NWA does not respond to HT TP . I can see the Login screen, but I cannot log in to the NW A. 1 Make sure you ha ve entered the user n[...]

  • Page 282

    Chapter 24 Trou bleshooting NWA-3500/NWA-3550 User’s Guide 282 1 Check the hardware connections, and ma k e sure the NWA is connected to a broadband modem or router that provides Internet access. See the Quick Start Guide. 2 Make sure your Int ernet account is activ ated and you entered y our ISP account information correctly in the broadband mod[...]

  • Page 283

    Chapter 24 Trou bleshooting NWA-3500/NWA-3550 User’s Guide 283 Advanced Suggestions • Check the settings for QoS . If it is disabled, y ou might consider activ ating it. If it is enabled, you might cons ider raising or lowering th e priority for so me applications. 24.4 Wireless Router/AP T roubleshooting I cannot access the NW A or ping any co[...]

  • Page 284

    Chapter 24 Trou bleshooting NWA-3500/NWA-3550 User’s Guide 284[...]

  • Page 285

    NWA-3500/NWA-3550 User’s Guide 285 C HAPTER 25 Product Specifications The following tables summarize the NW A’ s hardware and firmwa re features. T able 91 NWA-3500 Hardware Specifications T able 90 NWA-3550 Hardware Specifications SPECIFICATION DESCRIPTION Dimensions 256 (W) x 246 (D) x 82 (H) mm We i g h t 2000 g Po w e r P oE draw: 48V 20W a[...]

  • Page 286

    Chapter 25 Product Specifications NWA-3500/NWA-3550 User’s Guide 286 T able 92 Firmware Specifications Antenna Specifications SMA antenna connectors, equipped by default with 2dBi omni antenna, 60° When facing the front of the NW A, the antenna on the right is used by wireless LAN adaptor WLAN 1, and the antenna on the left is used by wireless L[...]

  • Page 287

    Chapter 25 Product Specifications NWA-3500/NWA-3550 User’s Guide 287 SSL P assthrough SSL (Secure Sock ets Layer) uses a public k ey to encrypt data that's transmitted ov er an SSL connection. Both Netscape Navigator and Internet Explorer support SSL, and many W eb sites use the protocol to obtain confidential u ser information, such as cred[...]

  • Page 288

    Chapter 25 Product Specifications NWA-3500/NWA-3550 User’s Guide 288 T able 93 Other Specifications Approvals Radi o •U S A : FCC P art 15C 15.247 FCC P art 15E 15.40 7 FCC OET65 •E U : ETSI EN 300 328 V1.7.1 ETSI EN 301 893 V1.2.3 •T a i w a n : DGT LP0002 • Canada: Industry Canada RSS-210 • Austr alia: AS/NZS 4268 EMC/ EMI •U S A : [...]

  • Page 289

    Chapter 25 Product Specifications NWA-3500/NWA-3550 User’s Guide 289 Comp atible ZyXEL Antennas At the time of writing, yo u can use the followi ng antennas in your NWA. T able 94 NWA Compatible Antennas MODEL FEATURE S EXT -108 EXR-109 EXT -1 14 EXT -1 18 ANT2206 ANT3108 ANT3218 Frequency Band (MHz) 2400 ~ 2500 2400 ~ 2500 2400 ~ 2500 2400 ~ 250[...]

  • Page 290

    Chapter 25 Product Specifications NWA-3500/NWA-3550 User’s Guide 290 Comp atible ZyXEL Antenna Cables The following table shows you the cables you can use in the NW A to extend your connection to ant ennas at the time of writing. Power over Ethernet (PoE) S pecifications Y ou can use a power over Ethernet injector to power this device. The inject[...]

  • Page 291

    291 P ART IV Appendices and Index Setting Up Y our Computer ’ s IP Address (293) Wireless LANs (319) P op-up Windows, Jav aScripts and Java P ermissions (335) Importing Certificates (343) IP Addresses and Subnetting (369) T ext File Based Auto Configurati on (379) Legal Information (387) Index (391)[...]

  • Page 292

    292[...]

  • Page 293

    NWA-3500/NWA-3550 User’s Guide 293 A PPENDIX A Setting Up Y our Computer ’ s IP Address Note: Y our specific ZyXEL device ma y not support all of the operating systems described in this appendix. See the produc t specifications for mo re information about which operating systems are sup ported. This appendix shows you how to conf igure the IP s[...]

  • Page 294

    Appendix A Se tting Up Your Computer’s IP Addres s NWA-3500/NWA-3550 User’s Guide 294 1 Click Start > Control Panel . Figure 186 Windows XP: S tart Menu 2 In the Control Panel , click the Network Connections icon. Figure 187 Windows XP: Control Panel[...]

  • Page 295

    Appendix A Setting Up Your Compu ter’s IP Address NWA-3500/NWA-3550 User’s Guide 295 3 Right- click Local Area Connection and then select Properties . Figure 188 Windows XP: Control Panel > Ne twork Connections > Properties 4 On the General tab, select Internet Protocol (TCP/IP) and then click Properties . Figure 189 Windows XP: Local Are[...]

  • Page 296

    Appendix A Se tting Up Your Computer’s IP Addres s NWA-3500/NWA-3550 User’s Guide 296 5 The Internet Protocol TCP/IP Properties window opens. Figure 190 Windows XP: Internet Protocol (T CP/IP) Properties 6 Select Obtain an IP address automatically if your network admi nistrator or ISP assigns your IP addres s dynamically . Select Use the follow[...]

  • Page 297

    Appendix A Setting Up Your Compu ter’s IP Address NWA-3500/NWA-3550 User’s Guide 297 Windows V ist a This section shows screens from Windows Vista Professional. 1 Click Start > Control Panel . Figure 191 Windows V ista: S tart Menu 2 In the Control Panel , click the Network and Internet icon. Figure 192 Windows V ista: Control Panel 3 Click [...]

  • Page 298

    Appendix A Se tting Up Your Computer’s IP Addres s NWA-3500/NWA-3550 User’s Guide 298 4 Click Manage network conne ctions . Figure 194 Windows V ista: Network and Sharing Center 5 Right- click Local Area Connection and then select Properties . Figure 195 Windows V ista: Network and Sharing Center Note: During this procedure, click Continue when[...]

  • Page 299

    Appendix A Setting Up Your Compu ter’s IP Address NWA-3500/NWA-3550 User’s Guide 299 6 Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties . Figure 196 Windows V ista: Local Area Connection Properties[...]

  • Page 300

    Appendix A Se tting Up Your Computer’s IP Addres s NWA-3500/NWA-3550 User’s Guide 300 7 The Internet Protocol Versio n 4 (TCP/IPv4) Properties window opens. Figure 197 Windows V ista: Intern et Protocol V ersion 4 (TCP/IPv4) Properties 8 Select Obtain an IP address automatically if your network admi nistrator or ISP assigns your IP addres s dyn[...]

  • Page 301

    Appendix A Setting Up Your Compu ter’s IP Address NWA-3500/NWA-3550 User’s Guide 301 Mac OS X: 10.3 and 10.4 The screens in this section are from Mac OS X 10.4 but can also apply to 10.3. 1 Click Apple > System Preferences . Figure 198 Mac OS X 10.4: Apple Menu 2 In the System Preferences window , click the Network icon. Figure 199 Mac OS X [...]

  • Page 302

    Appendix A Se tting Up Your Computer’s IP Addres s NWA-3500/NWA-3550 User’s Guide 302 3 When the Network preferences pane opens, select Built-in Ethernet from the network connection type list, and then click Configure. Figure 200 Mac OS X 10.4: Network Preferences 4 For d ynamically assigned settings, select Using DHCP from the Configure IPv4 l[...]

  • Page 303

    Appendix A Setting Up Your Compu ter’s IP Address NWA-3500/NWA-3550 User’s Guide 303 5 For s tatically assigned settings, do t he following: •F r o m t h e Configure IPv4 lis t, sele ct Manually . •I n t h e IP Address field, type your IP address. •I n t h e Subnet Mask field, t ype your subnet mask. •I n t h e Router field, t ype the I[...]

  • Page 304

    Appendix A Se tting Up Your Computer’s IP Addres s NWA-3500/NWA-3550 User’s Guide 304 Click Apply No w and close the window . V erifying Settings Check your TCP/IP properties by clicking Applications > Utilities > Network Utilities , and then selecting the appropriat e Network Interface from the Info tab. Figure 203 Mac OS X 10.4: Network[...]

  • Page 305

    Appendix A Setting Up Your Compu ter’s IP Address NWA-3500/NWA-3550 User’s Guide 305 2 In System Preferences , click the Net work icon. Figure 205 Mac OS X 10.5: Systems Preferences[...]

  • Page 306

    Appendix A Se tting Up Your Computer’s IP Addres s NWA-3500/NWA-3550 User’s Guide 306 3 When the Network preferences pane opens, select Ethe rnet from the list of available conn ecti on types. Figure 206 Mac OS X 10.5: Network Preferences > Ethernet 4 From the Configure lis t, sele ct Using DHCP for dynamically assigned settings. 5 For s tat[...]

  • Page 307

    Appendix A Setting Up Your Compu ter’s IP Address NWA-3500/NWA-3550 User’s Guide 307 •I n t h e Router field, enter the IP address of your NW A. Figure 207 Mac OS X 10.5: Network Preferences > Ethernet 6 Click Apply and close the wi ndow .[...]

  • Page 308

    Appendix A Se tting Up Your Computer’s IP Addres s NWA-3500/NWA-3550 User’s Guide 308 V erifying Settings Check your TCP/IP properties by clicking Applications > Utilities > Network Utilities , and then selecting the appropriat e Network interface from the Info tab. Figure 208 Mac OS X 10.5: Network Utility Linux: Ubuntu 8 (GNOME) This se[...]

  • Page 309

    Appendix A Setting Up Your Compu ter’s IP Address NWA-3500/NWA-3550 User’s Guide 309 1 Click System > Administration > Network . Figure 209 Ubuntu 8: System > Administration Menu 2 When the Network Settings wi ndow opens, click Unlock to open the Authenticate window . (By defa ult, the Unlock button is greyed out until clicked.) Y ou c[...]

  • Page 310

    Appendix A Se tting Up Your Computer’s IP Addres s NWA-3500/NWA-3550 User’s Guide 310 3 In the Authenticate window , enter your admin a ccount name and password then click the Authenticate button. Figure 21 1 Ubuntu 8: Administrator Account Authentica tion 4 In the Network Settings window , select the connection that you wa nt to configure, the[...]

  • Page 311

    Appendix A Setting Up Your Compu ter’s IP Address NWA-3500/NWA-3550 User’s Guide 31 1 5 The Properties dialog box opens. Figure 213 Ubuntu 8: Network Settings > Properties •I n t h e Configuration list, select Automatic Configuration (DHCP) if you have a dynamic IP address. •I n t h e Configuration li st, select Static IP address if you [...]

  • Page 312

    Appendix A Se tting Up Your Computer’s IP Addres s NWA-3500/NWA-3550 User’s Guide 312 7 If you know yo ur DNS server IP address(es), click the DNS tab in the Net work Settings window and then enter the DNS se rv er information in the fields provided. Figure 214 Ubuntu 8: Network Settings > DNS 8 Click the Close button to apply the changes. V[...]

  • Page 313

    Appendix A Setting Up Your Compu ter’s IP Address NWA-3500/NWA-3550 User’s Guide 313 tab. The Interface Statistics column shows data if your connection is working properly . Figure 215 Ubuntu 8: Network T ools Linux: openSUSE 10.3 (KDE) This section shows y ou how to configure y o ur computer’s T CP/IP settings in the K Desktop Environment (K[...]

  • Page 314

    Appendix A Se tting Up Your Computer’s IP Addres s NWA-3500/NWA-3550 User’s Guide 314 1 Click K Menu > Computer > Administrator Se ttings (YaST) . Figure 216 openSUSE 10.3: K Menu > Computer Menu 2 When the Run as R oot - KDE su dialog opens, enter the admin password and click OK . Figure 217 openSUSE 10.3: K Menu > Computer Menu[...]

  • Page 315

    Appendix A Setting Up Your Compu ter’s IP Address NWA-3500/NWA-3550 User’s Guide 315 3 When the YaST Contro l Center window opens, select Network Devices and then clic k the Network Card icon. Figure 218 openSUSE 10.3: Y aST Control Center 4 When the Network Settings window opens, click the Overview tab, select the appropriate connection Name f[...]

  • Page 316

    Appendix A Se tting Up Your Computer’s IP Addres s NWA-3500/NWA-3550 User’s Guide 316 5 When the Network Card Setup window opens, click the Address tab Figure 220 openSUSE 10.3: Ne twork Card Setup 6 Select Dynamic Address (DHCP) if you ha ve a dynamic IP add ress. Select Statically assigned IP Address if y ou have a stat ic IP address. Fill in[...]

  • Page 317

    Appendix A Setting Up Your Compu ter’s IP Address NWA-3500/NWA-3550 User’s Guide 317 8 If you know yo ur DNS server IP address(es), click the Hostname/DNS tab in Network Settings and then enter the DNS server informat ion in the fields provided. Figure 221 openSUSE 10.3: Ne twork Settings 9 Click Finish to sa ve your settings and close the wind[...]

  • Page 318

    Appendix A Se tting Up Your Computer’s IP Addres s NWA-3500/NWA-3550 User’s Guide 318 V erifying Settings Click the KNetwork Manager icon on the Task bar t o check your T CP/IP properties. From the Option s sub-m enu, se lect Show Connectio n Information . Figure 222 openSUSE 10.3: KNet work Manager When the Connection Statu s - KNetwork Manage[...]

  • Page 319

    NWA-3500/NWA-3550 User’s Guide 319 A PPENDIX B W ireless LANs Wireless LAN T opologies This section discuss es ad-hoc and infr astructure wi reless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configur ation is an in dependent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B , C). Any time t wo or[...]

  • Page 320

    Appendix B Wireless LANs NWA-3500/NWA-3550 User’s Guide 320 with each other . When Intra-BSS i s disabled, wireless client A and B can still access the wired network but cannot communicate with eac h other . Figure 225 Basic Service Set ESS An Extended Service Set (ESS) c onsists of a series of overlapping BS Ss, each containing an access point, [...]

  • Page 321

    Appendix B Wir eless LANs NWA-3500/NWA-3550 User’s Guide 321 An ESSID (ES S IDentification) uniquely id entifies each ESS . All access points and their associated wirel ess clients within the same ESS must have the same ESSID in order to comm unicate. Figure 226 Infrastructure WLAN Channel A channel is the radio frequency(ies) us ed by IEEE 802.1[...]

  • Page 322

    Appendix B Wireless LANs NWA-3500/NWA-3550 User’s Guide 322 wireless gatewa y , but out-of -range of ea ch other , so they canno t "hear" each other , that is they do not know if the channel is currently being used. Therefore, they are consider ed hi dden from each other . Figure 227 RTS /C T S When station A sends data to the AP , it m[...]

  • Page 323

    Appendix B Wir eless LANs NWA-3500/NWA-3550 User’s Guide 323 Fragment ation Threshold A Fragmentation Threshold is the maximum data fr agment size (between 256 and 2432 bytes) that can be sent in th e wireless network before the AP will fragment the packet into smaller dat a frames. A large Fragmentation Threshold is recommended for networks not [...]

  • Page 324

    Appendix B Wireless LANs NWA-3500/NWA-3550 User’s Guide 324 sever al intermediate rate steps between the maximum and minimum data r ates. The IEEE 802.11g data rate and modulation are as follows: Wireless Security Overview Wireless security is vital to your ne twork to protect wireless communication between wireless client s, acce ss points and t[...]

  • Page 325

    Appendix B Wir eless LANs NWA-3500/NWA-3550 User’s Guide 325 IEEE 802.1x In June 2001, the IEEE 802.1x standard w a s designed to extend the features of IEEE 802.11 to support extended authentica tion as well as providing addi tional accounting and control features. It is su pported by Windows XP and a number of network devices. Some advantages o[...]

  • Page 326

    Appendix B Wireless LANs NWA-3500/NWA-3550 User’s Guide 326 • Access-Challeng e Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access- Request message . The following types of RADIUS messages are exchanged between the access point and th[...]

  • Page 327

    Appendix B Wir eless LANs NWA-3500/NWA-3550 User’s Guide 327 However , MD5 authenti cation has s ome weaknesses. Since the authentication server needs to get the plaintext password s, t he passwords must be stored. Thus someone other th an the authenti cation server m ay access the pas sword file. In addition, it is possible to impersonate an aut[...]

  • Page 328

    Appendix B Wireless LANs NWA-3500/NWA-3550 User’s Guide 328 Dynamic WEP Key Exchange The AP maps a unique key that is generated with t he RADIUS server . This key expires when the wireless connection ti me s out, disconnec ts or reauthentication times out. A new WEP key is generated ea ch time reauthenticati on is performed. If this feature is en[...]

  • Page 329

    Appendix B Wir eless LANs NWA-3500/NWA-3550 User’s Guide 329 If the AP or the wireless clients do no t support WP A2, just use WP A or WPA -PSK depending on whether you hav e an external RADIUS server or not. Select WEP only when the AP and/or wirel ess clients do not support WP A or WP A2. WEP is less secure than WP A or WP A2. Encryption Both W[...]

  • Page 330

    Appendix B Wireless LANs NWA-3500/NWA-3550 User’s Guide 330 keys. This prev ent all wireless d evices sharing the same encryption ke ys. (a weakness of WEP) User Authentication WP A and WPA2 ap ply IEEE 802.1x and Extens ible Authentication Protocol (EAP) to authenticate wireless clients using an ex ternal RADIUS database. WP A2 reduces the numbe[...]

  • Page 331

    Appendix B Wir eless LANs NWA-3500/NWA-3550 User’s Guide 331 3 The RADIUS server distributes a Pairwi se Master K ey (PMK) key to the AP that then sets up a key hier archy and management system, using the pair-wise key to dynamically gener ate unique data encryption keys to encrypt every data pack et that is wirele ssly comm unicate d between th [...]

  • Page 332

    Appendix B Wireless LANs NWA-3500/NWA-3550 User’s Guide 332 4 The AP and wireless clients use the TKIP or AES encryption process to encrypt data exchanged between them. Figure 229 WP A(2)-PSK Authentication Security Parameters Summary Re fer to this table to see what other secu rity parameters you should configure for each Authenti cation Meth od[...]

  • Page 333

    Appendix B Wir eless LANs NWA-3500/NWA-3550 User’s Guide 333 Antenna Overview An antenna couples RF signals onto air . A tr ansmitter within a wireless d evice sends an RF signal to the antenna, whic h propagates the signal through the air . The antenna also operates in reverse by capturing RF signals from the air . P ositioning the antennas prop[...]

  • Page 334

    Appendix B Wireless LANs NWA-3500/NWA-3550 User’s Guide 334 • Omni-directional antennas send the RF sign al out in all directions on a horizontal plane. The cover age area is torus-sh aped (like a donut) which makes these antennas ideal for a room environment. With a wide cove rage area, it is possible to make circular ov erlapping cov erage ar[...]

  • Page 335

    NWA-3500/NWA-3550 User’s Guide 335 A PPENDIX C Pop-up Windows, JavaScript s and Java Permissions In order to use the web configurator you need to allow: • W eb browser pop-up wind ows from your device. • Jav aScripts (enabled by default). • Jav a permissions (enabled by default). Note: Internet Explorer 6 screens are used here . Screens for[...]

  • Page 336

    Appendix C Pop-up Windows, JavaScripts and Java Perm issions NWA-3500/NWA-3550 User’s Guide 336 1 In Internet Explorer , select Tools , Internet Options , Privacy . 2 Clear the Block pop-ups check box in the Pop-up Blocker sect ion of the screen. This disables an y web pop-up block ers you may have enabled. Figure 231 Internet Options: Privacy 3 [...]

  • Page 337

    Appendix C Pop-up Windows, JavaScripts and Java Per missions NWA-3500/NWA-3550 User’s Guide 337 2 Select Settings… to open the Pop-up Blocker Settings screen. Figure 232 Internet Options: Privacy 3 T ype the IP address of y our device (the web page that you do not want to have blocked) wi th the prefix “http://” . For example, http://192.16[...]

  • Page 338

    Appendix C Pop-up Windows, JavaScripts and Java Perm issions NWA-3500/NWA-3550 User’s Guide 338 4 Click Add to mo ve the IP address to the list of Allowed sites . Figure 233 Pop-up Blo cker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScript s If pages of the web configur ator do not display prop[...]

  • Page 339

    Appendix C Pop-up Windows, JavaScripts and Java Per missions NWA-3500/NWA-3550 User’s Guide 339 1 In Internet Explorer , click Tools , Internet Options and then the Security tab. Figure 234 Internet Options: Secu rity 2 Click the Custom Level... button . 3 Scroll down to Scriptin g . 4 Under Active scripting make sure that Enable is selected (the[...]

  • Page 340

    Appendix C Pop-up Windows, JavaScripts and Java Perm issions NWA-3500/NWA-3550 User’s Guide 340 6 Click OK to close the window . Figure 235 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer , click Tools , Internet Options and then the Security tab. 2 Click the Custom Level... button . 3 Scroll down to Microsoft VM . 4 [...]

  • Page 341

    Appendix C Pop-up Windows, JavaScripts and Java Per missions NWA-3500/NWA-3550 User’s Guide 341 5 Click OK to close the window . Figure 236 Security Settings - Java JA V A (Sun) 1 From Internet Explorer , click Tools , Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected.[...]

  • Page 342

    Appendix C Pop-up Windows, JavaScripts and Java Perm issions NWA-3500/NWA-3550 User’s Guide 342 3 Click OK to close the window . Figure 237 Java (Sun)[...]

  • Page 343

    NWA-3500/NWA-3550 User’s Guide 343 A PPENDIX D Importing Certificates This appendix shows you how to import public key certificates into your web browser . Public key certificates are used by web br owsers to ensure that a secure web site is legitimate. When a certificate authorit y such as V eriSign, Comodo , or Network Solutions, to name a few [...]

  • Page 344

    Appendix D Importing Certificates NWA-3500/NWA-3550 User’s Guide 344 1 If your device’ s web configur ator is set to use S SL certification, then the first time you browse to i t you are presented with a certificati on error . Figure 238 Internet Explorer 7: Cert ification Error 2 Click Continue to this website (not recommended) . Figure 239 In[...]

  • Page 345

    Appendix D Importi ng Certificates NWA-3500/NWA-3550 User’s Guide 345 4 In the Certificate dialog bo x, click Install Certificate . Figure 241 Internet Explorer 7: Cert ificate 5 In the Certificate Import Wizard , click Next . Figure 242 Internet Explorer 7: Cert ificate Import Wizard[...]

  • Page 346

    Appendix D Importing Certificates NWA-3500/NWA-3550 User’s Guide 346 6 If you w ant Internet E xplorer to Automatically select certificate store based on the type of certificate , click Next again and then go to step 9. Figure 243 Internet Explorer 7: Cert ificate Import Wizard 7 Otherwise, select Place all certifica tes in the following store an[...]

  • Page 347

    Appendix D Importi ng Certificates NWA-3500/NWA-3550 User’s Guide 347 8 In the Select Certificate Store dialog box, choose a location in which to sa ve the certificate and then clic k OK . Figure 245 Internet Explorer 7: Select Certificate S tor e 9 In the Completing the Certificate Import Wizard screen, click Finish . Figure 246 Internet Explore[...]

  • Page 348

    Appendix D Importing Certificates NWA-3500/NWA-3550 User’s Guide 348 10 If you are presented with another Security Warning , c lick Yes . Figure 247 Internet Explorer 7: Security W arning 11 Finally , click OK when presented with the successful certif icate installation message. Figure 248 Internet Explorer 7: Cert ificate Import Wizard 12 The ne[...]

  • Page 349

    Appendix D Importi ng Certificates NWA-3500/NWA-3550 User’s Guide 349 Inst alling a St and-Alone Certific ate File in Internet Explorer Rather t han browsing to a Z yXEL web co nfigur ator and installing a public key certificate when prompted, y ou can install a stand- alone certific ate file if one has been issued to you. 1 Double-click the publ[...]

  • Page 350

    Appendix D Importing Certificates NWA-3500/NWA-3550 User’s Guide 350 1 Open Internet Explorer and click Tools > Internet Options . Figure 252 Internet Explorer 7: T ools Menu 2 In the Internet Options dialog box, cl ick Conte nt > Certificates . Figure 253 Internet Explorer 7: I nternet Options[...]

  • Page 351

    Appendix D Importi ng Certificates NWA-3500/NWA-3550 User’s Guide 351 3 In the Certificates dialog box, click the Trusted Root Certificates Authorities tab, select the certificat e that yo u w ant to delete, and then click Remove . Figure 254 Internet Explorer 7: Cert ificates 4 In the Certificates confirmation, click Yes . Figure 255 Internet Ex[...]

  • Page 352

    Appendix D Importing Certificates NWA-3500/NWA-3550 User’s Guide 352 6 The next time you go to the web site that issued the public k ey certificate you just removed, a certification error appears. Firefox The following example uses Mozilla Firefox 2 on Windows XP Professional; however , the screens can also apply to Firefox 2 on all platforms. 1 [...]

  • Page 353

    Appendix D Importi ng Certificates NWA-3500/NWA-3550 User’s Guide 353 3 The certificate is stored an d you can now connect securely to the web configurator . A sealed padlock appears in the address bar , which you can click to open the Page Info > Security window to view the web page’ s securi ty information. Figure 258 Firefox 2: Page Info [...]

  • Page 354

    Appendix D Importing Certificates NWA-3500/NWA-3550 User’s Guide 354 2 In the Options dialog bo x, click Advanced > Encryption > View Certificat es . Figure 260 Firefox 2: Options 3 In the Certificate Manager dialog box, cl ick Web S ites > Import . Figure 261 Firefox 2: Cert ificate Manager[...]

  • Page 355

    Appendix D Importi ng Certificates NWA-3500/NWA-3550 User’s Guide 355 4 Use the Select File dialog bo x to locate the certificate and then click Op en . Figure 262 Firefox 2: Select File 5 The next time you visit the web site, click the padlock in the address bar to open the Page Info > Security window to see the web page ’ s security inform[...]

  • Page 356

    Appendix D Importing Certificates NWA-3500/NWA-3550 User’s Guide 356 2 In the Options dialog bo x, click Advanced > Encryption > View Certificat es . Figure 264 Firefox 2: Options 3 In the Certificate Manager dialog box, select the Web Sites tab , select the certificate that you w ant to remove, and then click Delete . Figure 265 Firefox 2:[...]

  • Page 357

    Appendix D Importi ng Certificates NWA-3500/NWA-3550 User’s Guide 357 4 In the Delete Web Site Certificates dialog bo x, click OK . Figure 266 Firefox 2: Delete W eb Site Certificates 5 The next time you go to the web site that issued the public k ey certificate you just removed, a certification error appears. Opera The following example uses Ope[...]

  • Page 358

    Appendix D Importing Certificates NWA-3500/NWA-3550 User’s Guide 358 3 The next time you visit the web site, click the padlock in the address bar to open the Security information window to view the web page’ s securit y details. Figure 268 Opera 9: Security information Inst alling a St and-Alone Ce rtificate File in Opera Rather t han browsing [...]

  • Page 359

    Appendix D Importi ng Certificates NWA-3500/NWA-3550 User’s Guide 359 2 In Preferences , click Advanced > Security > Manage certificates . Figure 270 Opera 9: Prefer ences[...]

  • Page 360

    Appendix D Importing Certificates NWA-3500/NWA-3550 User’s Guide 360 3 In the Certificates Manager , click Authorities > Import . Figure 271 Opera 9: Certificate manager 4 Use the Import certificate dialog box to locate the certificate and then click Open. Figure 272 Opera 9: Import certif icate[...]

  • Page 361

    Appendix D Importi ng Certificates NWA-3500/NWA-3550 User’s Guide 361 5 In the Install authority certificate dialog box, c lick Ins tall . Figure 273 Opera 9: Inst all authority certificate 6 Next, click OK . Figure 274 Opera 9: Inst all authority certificate 7 The next time you visit the web site, click the padlock in the address bar to open the[...]

  • Page 362

    Appendix D Importing Certificates NWA-3500/NWA-3550 User’s Guide 362 1 Open Opera and click Tools > Preferences . Figure 275 Opera 9: T ools Menu 2 In Preferences , Advanced > Security > Manage certificates . Figure 276 Opera 9: Prefer ences[...]

  • Page 363

    Appendix D Importi ng Certificates NWA-3500/NWA-3550 User’s Guide 363 3 In the Certificates manager , select the Authorities tab, select th e certific ate that you wan t to rem ove, a nd th en cl ick Delete . Figure 277 Opera 9: Certificate manager 4 The next time you go to the web site that issued the public k ey certificate you just removed, a [...]

  • Page 364

    Appendix D Importing Certificates NWA-3500/NWA-3550 User’s Guide 364 2 Click Continue . Figure 278 Konquero r 3.5: Server Authentication 3 Click Forever when prompted to accept the certificate. Figure 279 Konquero r 3.5: Server Authentication 4 Click the padlock in the addr ess bar to open the KDE SSL Information window and view the web page’ s[...]

  • Page 365

    Appendix D Importi ng Certificates NWA-3500/NWA-3550 User’s Guide 365 Inst alling a St and-Alone Ce rtificate File in Konqueror Rather t han browsing to a Z yXEL web co nfigur ator and installing a public key certificate when prompted, y ou can install a stand- alone certific ate file if one has been issued to you. 1 Double-click the public key c[...]

  • Page 366

    Appendix D Importing Certificates NWA-3500/NWA-3550 User’s Guide 366 3 The next time you visit the web site, click the padlock in the address bar to open the KDE SSL Inf ormation window to view the web page’ s security details. Removing a Certificate in Konqueror This section shows y ou how to remove a public k ey certificate in K onqueror 3.5.[...]

  • Page 367

    Appendix D Importi ng Certificates NWA-3500/NWA-3550 User’s Guide 367 4 The next time you go to the web site that issued the public k ey certificate you just removed, a certification error appears. Note: There is no confirmation wh en you remove a certificate authority , so be absolutely certain you want to go through with it before clicking the [...]

  • Page 368

    Appendix D Importing Certificates NWA-3500/NWA-3550 User’s Guide 368[...]

  • Page 369

    NWA-3500/NWA-3550 User’s Guide 369 A PPENDIX E IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify indi vidual devices on a network. Every networking device (including computers, serv ers, routers, printers, etc.) needs an IP address to communicate across the netw ork. These networking devices[...]

  • Page 370

    Appendix E IP Addre sses and Sub netting NWA-3500/NWA-3550 User’s Guide 370 The following figure shows an example IP address in which the first three octets (192.168.1) are the network number , and the fourth octet (16) is the host ID . Figure 286 Network Number and Host ID How much of the IP address is the networ k number and how much is the hos[...]

  • Page 371

    Appendix E IP Addresses and Subnetting NWA-3500/NWA-3550 User’s Guide 371 By conv ention, subnet masks alw ays cons ist of a continuous sequence of ones beginning from the leftmost bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits. Subnet masks can be referred to by the size of the network number part (the[...]

  • Page 372

    Appendix E IP Addre sses and Sub netting NWA-3500/NWA-3550 User’s Guide 372 As these two IP addresses cannot be us ed for individual hosts, calculat e the maximum number of possible host s in a network as follows: Not ation Since the mask is alw ays a continuo us number of ones beginning f rom the left, followed by a continuous number of zeros fo[...]

  • Page 373

    Appendix E IP Addresses and Subnetting NWA-3500/NWA-3550 User’s Guide 373 Subnetting Y ou can use subnetting to divide one netw ork into multiple sub-networks. In the following example a network administrator creates t wo sub-networks to isolate a group of servers from the rest of th e compan y network for security reasons. In this example, the c[...]

  • Page 374

    Appendix E IP Addre sses and Sub netting NWA-3500/NWA-3550 User’s Guide 374 The following figure shows the company network after subnet ting. There are now two sub-n etworks, A and B . Figure 288 Subnetting Example: Af ter Subnetting In a 25-bit subnet the host ID has 7 bits , so each sub-network has a maximum of 2 7 – 2 or 126 possibl e hosts [...]

  • Page 375

    Appendix E IP Addresses and Subnetting NWA-3500/NWA-3550 User’s Guide 375 Each subnet contains 6 host ID bit s, giving 2 6 - 2 or 62 hosts for each subnet (a host ID of all zeroes i s the subnet it self , all ones is the subnet’s broadcast address). T able 106 Subnet 1 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VA L U E IP Address (Decimal) 1[...]

  • Page 376

    Appendix E IP Addre sses and Sub netting NWA-3500/NWA-3550 User’s Guide 376 Example: Eight Subnet s Similarly , use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each sub net. Subnet Planning The following table is a summary for subnet planning on a ne[...]

  • Page 377

    Appendix E IP Addresses and Subnetting NWA-3500/NWA-3550 User’s Guide 377 The following table is a summary for subnet planning on a network with a 16-bit network number . Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrat or assigns you a block of registered I[...]

  • Page 378

    Appendix E IP Addre sses and Sub netting NWA-3500/NWA-3550 User’s Guide 378 you entered. Y ou don't need to change the subnet mask computed by the NW A unless you are instructed to do otherwise. Private IP Addresses Every machine on the In ternet must ha ve a uni que address. If your ne tworks are isolated from the Internet (running only bet[...]

  • Page 379

    NWA-3500/NWA-3550 User’s Guide 379 A PPENDIX F T ext File Based Auto Configuration This chapter describes how administ rators can use text confi guration files to configure the wireless LAN setti ngs for multiple APs. T ext File Based Auto Configuration Overview Y ou can use plain text con figuration files to configure the wirele ss LAN sett ings[...]

  • Page 380

    Appendix F Text File Ba sed Auto Configuration NWA-3500/NWA-3550 User’s Guide 380 Y ou can have a different configuration file for each AP . Y ou can also have multiple APs use the same configur ation file. Note: If adjacent APs use the same configu ration file, you should leave out the channel setting since they could interf er e with each other[...]

  • Page 381

    Appendix F Text File Ba sed Auto Con figuration NWA-3500/NWA-3550 User’s Guide 381 Use the following procedure to have the AP download the configur ation file. V erifying Y our Configuration File Upload Via SNMP Y ou can use SNMP management software to display the configuration file v ersion currently on the device by using the foll owing MIB. T [...]

  • Page 382

    Appendix F Text File Ba sed Auto Configuration NWA-3500/NWA-3550 User’s Guide 382 The second line must speci fy the file v ersion. The AP compares the file versi on with the version of th e last configu ration file that it do wnloaded. If th e version of the downloaded file is the same or smalle r (older), the AP ignores the fi le. If the version[...]

  • Page 383

    Appendix F Text File Ba sed Auto Con figuration NWA-3500/NWA-3550 User’s Guide 383 Wcfg Command Configuration File Examples These example configur ation fi les use the wcfg command to configure security and SSID profiles. Figure 291 WEP Configura tion File Example Figure 292 802.1X Configura tion File Example !#ZYXEL PROWLAN !#VERSION 11 wcfg sec[...]

  • Page 384

    Appendix F Text File Ba sed Auto Configuration NWA-3500/NWA-3550 User’s Guide 384 Figure 293 WP A-PSK Configuration File Example Figure 294 WP A Configuration File Example Wlan Command Configuration File Example This example configur ation file uses the wlan command to configure the AP to use the security and SSID profiles from the wcfg command c[...]

  • Page 385

    Appendix F Text File Ba sed Auto Con figuration NWA-3500/NWA-3550 User’s Guide 385 commands that create security and S SID pr ofiles before the commands that tell the AP to use thos e profiles. Figure 295 Wlan Configura tion File Example !#ZYXEL PROWLAN !#VERSION 15 wcfg ssid 1 name ssid-wep wcfg ssid 1 security Test-wep wcfg ssid 2 name ssid-802[...]

  • Page 386

    Appendix F Text File Ba sed Auto Configuration NWA-3500/NWA-3550 User’s Guide 386[...]

  • Page 387

    NWA-3500/NWA-3550 User’s Guide 387 A PPENDIX G Legal Information Copyright Copyright © 2009 by Z yXEL Communications Corpor ation. The contents of this publication ma y not be reproduced in any p art or as a whole, transcrib ed, stored in a retriev al syst em, tr anslated into an y language , or transmitted in an y form or by any me ans, electro[...]

  • Page 388

    Appendix G Legal Information NWA-3500/NWA-3550 User’s Guide 388 • This dev ice must accept any inte rference received, including interference that may cause undesired operations. This device has been tested and found to comply with the limits for a Clas s B digital device pursuant to P art 15 of th e FCC Rules. These limi ts are designed to pro[...]

  • Page 389

    Appendix G Legal Information NWA-3500/NWA-3550 User’s Guide 389 前項合法通信,指依電信規定作 業之無線電信。低功率射頻電機須 忍 受合法通信或工業、科學及醫療 用電波輻射性電機設備之干擾。 在 5250MHz~5350M Hz 頻帶內操作之無 線資訊傳輸設 備,限於室內使用 。 本機限在?[...]

  • Page 390

    Appendix G Legal Information NWA-3500/NWA-3550 User’s Guide 390 Note Re pair or replacement, as provided under this wa rranty , is the exclusiv e remedy of the purchaser . This w arranty is in lieu of all other warr anties, express or implied, including any implied w arranty of merchantabilit y or fitness for a particular use or purpose. Z yXEL s[...]

  • Page 391

    Index NWA-3500/NWA-3550 User’s Guide 391 Index A access 24 access point 24 access privileges 26 address 11 0 address assignment 11 0 , 177 address filtering 23 administrator authentication on RADIUS 111 Advanced Encryption Standard See AES. AES 329 alternative subnet mask notation 372 antenna 285 , 28 6 directional 334 gain 333 omni-directional 3[...]

  • Page 392

    Index NWA-3500/NWA-3550 User’s Guide 392 dimensions 285 disclaimer 387 Distribution System 120 Dynamic Frequency Selection 133 dynamic WEP key exchange 328 E EAP authentication 326 encryption 26 , 329 ESS 120 , 320 ESS IDentification 120 ESSID 28 3 Extended Service Set 120 see ESS Extended Service Set IDentification 122 , 125 , 131 F FCC interfer[...]

  • Page 393

    Index NWA-3500/NWA-3550 User’s Guide 393 maintenance 23 management 23 Management Information Base (MIB) 196 management VLAN 240 managing the device good habits 31 usi ng FT P . See FTP . using T elnet. See command interface. using the command interface. See command interface. mask 11 0 max age 132 MBSSID 23 , 26 Message Integrity Check (MIC) 329 [...]

  • Page 394

    Index NWA-3500/NWA-3550 User’s Guide 394 S safety warnings 7 security 24 security profiles 23 server 23 Service Set 122 , 125 , 131 Service Set Identifier see SSID SNMP 287 MIBs 196 traps 196 specifications 290 SSID 26 SSID profile 142 pre-configured 27 SSID profiles 26 , 27 STP 131 STP - how it works 132 STP (Spanning T ree Protocol) 286 STP pat[...]

  • Page 395

    Index NWA-3500/NWA-3550 User’s Guide 395 WPA2 23 , 328 user authentication 330 vs WP A2-PSK 329 wireless client supplicant 330 with RADIUS application example 330 WPA2-Pre- Shared Key 328 WPA2-PSK 328 , 329 application example 331 WPA -PSK 329 application example 331[...]

  • Page 396

    Index NWA-3500/NWA-3550 User’s Guide 396[...]