ZyXEL Communications NWA3550 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of ZyXEL Communications NWA3550, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of ZyXEL Communications NWA3550 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of ZyXEL Communications NWA3550. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of ZyXEL Communications NWA3550 should contain:
- informations concerning technical data of ZyXEL Communications NWA3550
- name of the manufacturer and a year of construction of the ZyXEL Communications NWA3550 item
- rules of operation, control and maintenance of the ZyXEL Communications NWA3550 item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of ZyXEL Communications NWA3550 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of ZyXEL Communications NWA3550, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the ZyXEL Communications service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of ZyXEL Communications NWA3550.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the ZyXEL Communications NWA3550 item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    www .zyxel.com NW A3550 IEEE 802.1 1a/b/g Outdoor WLAN Access Point User ’ s Guide V ersion 3.60 6/2008 Edition 2 DEFAULT LOGIN IP Address http://1 92 .168.1.2 Password 1234[...]

  • Page 2

    [...]

  • Page 3

    About This User's Guide NWA3550 User’s Guide 3 About This User's Guide Intended Audience This manual is intended for people who want to configure the ZyXEL Device using the web configurator . Y ou should have at leas t a basic knowledge of TCP/IP networking concepts and topology . Related Document ation • Quick Start Guide The Quick S[...]

  • Page 4

    Document Conventions NWA3550 User’s Guide 4 Document Conventions W arnings and Notes These are how warnings and notes are shown in this User ’ s Guide. 1 W arnings tell you about things that could harm you or your device. " Notes tell you other important informati on (for example, other things you may need to configure or helpful tip s) or[...]

  • Page 5

    Document Conventions NWA3550 User’s Guide 5 Icons Used in Figures Figures in this User ’ s Guide may use the followi ng generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Computer Notebook computer Server DSLAM Firewall T ele phone Switch Router[...]

  • Page 6

    Safety Warnings NWA3550 User’s Guide 6 Safety Warnings 1 For your safety , be sure to read and follow all warni ng notices and instructions. • Do NOT use this product near water , for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. • Do NOT store thin gs on the device. [...]

  • Page 7

    Safety Warnings NWA3550 User’s Guide 7[...]

  • Page 8

    Safety Warnings NWA3550 User’s Guide 8[...]

  • Page 9

    Contents Overview NWA3550 User’s Guide 9 Contents Overview Introduction .......................................... ........................................................................ .......... 31 Introducing the ZyXEL Device ............... ................ ................ ................ ................. ................ .. .3 3 Introdu[...]

  • Page 10

    Contents Overview NWA3550 User’s Guide 10[...]

  • Page 11

    Table of Contents NWA3550 User’s Guide 11 Table of Contents About This User's Guide ................................ ........................................................................ .. 3 Document Conventions.................................................................. ......................................... .4 Safety Warnings [...]

  • Page 12

    Table of Contents NWA3550 User’s Guide 12 2.3 Navigating the Web Configurator ..................... ................ ................ ................. ................ ... 45 Chapter 3 St atus Screens ...................................... ........................................................................... ....... 47 3.1 The S tatus Scre[...]

  • Page 13

    Table of Contents NWA3550 User’s Guide 13 5.4.5 Configure the SERVER_2 Network ............... ................ ................ ................ ............. 79 5.4.6 Checking your Settings and T esting the Conf iguration .............. ................ ................ 80 5.4.6.1 Checki ng Settings ...... ................ ................ ....[...]

  • Page 14

    Table of Contents NWA3550 User’s Guide 14 7.7.3 AP+Bridge Mode .......... ................ ................. ................ ................ ................ ........... 106 7.7.4 MBSSID Mode .......................... ................ ............. ................ ................. ................ . 108 Chapter 8 Wireless Security Configura [...]

  • Page 15

    Table of Contents NWA3550 User’s Guide 15 10.5 Configuring Roaming ............... ................ ... ................ ............. ................ ................ ....... .1 3 7 10.5.1 Requirements fo r Roaming .. ............. ................ ................ ................ ................ ..... 138 Chapter 1 1 IP Screen...............[...]

  • Page 16

    Table of Contents NWA3550 User’s Guide 16 13.1 1.2 Configuring SNMP . ................ ............. ................ ................ ................. ................ . 165 13.1 1.2. 1 The SNMPv3 User Pr ofile Screen ................... ................ ............. .............. 167 Chapter 14 Internal RADIUS Server ........................[...]

  • Page 17

    Table of Contents NWA3550 User’s Guide 17 17.2 Configuring VLAN .......... ...... ............. ................ ................. ................ ............. .............. ... 204 17.2.1 Wireless VLAN ........... .... ................ ................ ................ ............. ................ ........... 204 17.2.2 RADIUS VLAN ........[...]

  • Page 18

    Table of Contents NWA3550 User’s Guide 18 Appendix C Pop-up Windows, JavaScripts and Java Permissions ...................................... 283 Appendix D Importing Certificates .................................................. ...................................... 289 Appendix E IP Addresses and Subnetting ....................................[...]

  • Page 19

    List of Figures NWA3550 User’s Guide 19 List of Figures Figure 1 Access Point Application ............ ....... ......... ............. ................. ................ ................ ... ............. 34 Figure 2 Bridge Application ................................ ................ ................ ................ ................... ....... [...]

  • Page 20

    List of Figure s NWA3550 User’s Guide 20 Figure 39 T utorial: Example Network .... .......... ...... ............. ................ ................ ................. ......... .......... 76 Figure 40 T utorial: SSID Profile .................... ... ................ ................ ............. ................ .......... ............. ... 78 F[...]

  • Page 21

    List of Figures NWA3550 User’s Guide 21 Figure 82 ROGUE AP > Configuration ............ ................ ................ ................ ................ ................ .... . 148 Figure 83 ROGUE AP > Friendly AP ............... ................ ................ ................... ................. ........... ...... 1 49 Figure 84 ROG[...]

  • Page 22

    List of Figure s NWA3550 User’s Guide 22 Figure 125 S pecifying Windows-Group C ondition ..................... ................ ................ ................... ........ 2 12 Figure 126 Adding VLAN Group . .................... ............. ................ ................ ................ ............. .. ......... 213 Figure 127 Granting P[...]

  • Page 23

    List of Figures NWA3550 User’s Guide 23 Figure 168 Mac OS X 10.4: Network Preferences > Et hernet ...... ................ ................ ................ ........ 255 Figure 169 Mac OS X 10.4: Network Utility ........ ... ............. ................ ................ ................. ............ ..... 255 Figure 170 Mac OS X 10.5: Apple [...]

  • Page 24

    List of Figure s NWA3550 User’s Guide 24 Figure 21 1 Internet Explorer 7: Select Certificate S tore ............ ................ ................ ................ .......... .2 9 2 Figure 212 Internet Explorer 7: Certificate I mport Wizard .................. ................ ................. ................ . 2 93 Figure 213 Internet Explorer [...]

  • Page 25

    List of Figures NWA3550 User’s Guide 25 Figure 254 Subnetting Example: After Subnetting .................... ................ ................ ................ ........... 317 Figure 255 T ext File Based Auto Configuration ........ ................. ................ ................ ................ ........ ... 321 Figure 256 Configuration File [...]

  • Page 26

    List of Figure s NWA3550 User’s Guide 26[...]

  • Page 27

    List of Tables NWA3550 User’s Guide 27 List of Tables T able 1 The St atus Screen .......................... ................ ................ ................ ................ .......... ............. ... 47 T able 2 The Management Mode Screen ................. ................. ................... ................ ................ ...... .... 5[...]

  • Page 28

    List of Tables NWA3550 User’s Guide 28 T able 39 WIR ELESS > MAC Filter .... ................ ................ ................ ................ ................. .......... ....... 135 T able 40 MAC Address Filter ....................... ................ ................ ................ ................ ........... ............ . 136 T able [...]

  • Page 29

    List of Tables NWA3550 User’s Guide 29 T able 82 ZyXEL Device Compatible Antenna Cables .................... ................ ................ ................ ..... 240 T able 83 Power over Ethernet Injector S pecifications ................ ................... ................ ................ ..... 241 T able 84 Power over Ethernet Inject or RJ[...]

  • Page 30

    List of Tables NWA3550 User’s Guide 30[...]

  • Page 31

    31 P ART I Introduction Introducing the ZyXEL Device (33) Introducing the W eb Configurator (43) S tatus Screens (47) T utorial (55)[...]

  • Page 32

    32[...]

  • Page 33

    NWA3550 User’s Guide 33 C HAPTER 1 Introducing the ZyXEL Device This chapter introduces the main applications and features of the ZyXEL Device. It also introduces the ways yo u can manage the ZyXEL Device. 1.1 Introducing the ZyXEL Device Y our ZyXEL Device extends the range of your existing wired networ k wi thout additional wiring, providing ea[...]

  • Page 34

    Chapter 1 Introducing the ZyXEL Device NWA3550 User’s Guide 34 1.2.1 Access Point The ZyXEL Device is an ideal access solution fo r wireless Internet connection. A typical Internet access application for your ZyX EL Device is shown as follows. Clients A , B and C can access the wired network through the ZyXEL Devices. Figure 1 Access Point Applic[...]

  • Page 35

    Chapter 1 Introducing the ZyXEL Device NWA3550 User’s Guide 35 Figure 2 Bridge Application Figure 3 Repeater Application 1.2.3 AP + Bridge In AP+Bridge mode, the ZyXEL Device supports both AP and bridge connectio n at the same time. In the figure below , A and B use X as an AP to access the wired network, while X and Y communicate in bridge mode.[...]

  • Page 36

    Chapter 1 Introducing the ZyXEL Device NWA3550 User’s Guide 36 Figure 4 AP+Bridge Application 1.2.4 MBSSID A BSS (Basic Service Set) is the set of devices forming a single wireless network (usually an access point and one or more wireless clients). An SSID (Se rvice Set IDentifier) is the name of a BSS. In MBSSID (Multiple BSS) mode, the ZyXEL De[...]

  • Page 37

    Chapter 1 Introducing the ZyXEL Device NWA3550 User’s Guide 37 Figure 5 Multiple BSSs 1.2.5 Pre-Configured SSID Profiles The ZyXEL Device has two pre-configured SSID profiles. 1 V oIP_SSID . This profile is intended for use by wireless clients requiring the highest QoS (Quality of Service) level for V o IP (V oi ce ov er IP) telephony and ot her [...]

  • Page 38

    Chapter 1 Introducing the ZyXEL Device NWA3550 User’s Guide 38 Figure 6 Dual WLAN Ad aptors Examp le 1.3 CAPW AP The ZyXEL Device supports CAPW AP (Control And Provisioning of W ireless Access Points). This is ZyXEL ’ s implementation of the IETF’ s (Internet Engineering T ask Force) CAPW AP protocol. ZyXEL ’ s CAPW AP allows a single acces[...]

  • Page 39

    Chapter 1 Introducing the ZyXEL Device NWA3550 User’s Guide 39 Figure 7 CAPW AP Network Example 1.4 W ays to Manage the ZyXEL Device Use any of the following method s to manage the ZyXEL Device. • W eb Configurator . This is recommended fo r everyday management of the ZyXEL Device using a (s upported) we b browser . • Command Line Interface. [...]

  • Page 40

    Chapter 1 Introducing the ZyXEL Device NWA3550 User’s Guide 40 • Change any default passwords on the ZyX EL Device, such as the password used for accessing the ZyXEL Device’ s web configurator (if it has a web configurator). Use a password with a combination of letters and nu mbers and change your password regularly . W rite down the password[...]

  • Page 41

    Chapter 1 Introducing the ZyXEL Device NWA3550 User’s Guide 41 " Y our ZyXEL Device has two wirele ss LAN adaptors, WLAN1 and WLAN2. WLAN1 uses the RF1 antenna and WLAN2 uses the RF2 antenna. If you connect only one antenna, you can use only the associated wireless LAN adaptor .[...]

  • Page 42

    Chapter 1 Introducing the ZyXEL Device NWA3550 User’s Guide 42[...]

  • Page 43

    NWA3550 User’s Guide 43 C HAPTER 2 Introducing the Web Configurator This chapter describes how to access the ZyXEL Device’ s web configura tor and provides an overview of its screens. 2.1 Accessing the W eb Configurator 1 Make sure your hardware is properly connected a nd prepare your com puter or computer network to connect to th e ZyXEL Devic[...]

  • Page 44

    Chapter 2 Introducing the Web Configur ator NWA3550 User’s Guide 44 Figure 8 Change Password Screen 6 Click Apply in the Replace Certificate screen to create a certificate using your ZyXEL Device’ s MAC address that will be specific to this device. Figure 9 Replace Certificate Screen Y ou should now see the St a t u s screen. See Chapter 2 on p[...]

  • Page 45

    Chapter 2 Introducing the Web Configurator NWA3550 User’s Guide 45 2.2.1 Methods of Restoring Factory-Default s Y ou can erase the current configuration and rest ore factory defaults in the following ways: • Use the web configurator to restore defaults (refer to Chapter 18 on page 221 ). • T ransfer the configuration file to your ZyXEL Device[...]

  • Page 46

    Chapter 2 Introducing the Web Configur ator NWA3550 User’s Guide 46[...]

  • Page 47

    NWA3550 User’s Guide 47 C HAPTER 3 Status Screens The St a t u s screen displays wh en you log in to the ZyXEL Device, or click ST A TUS in the navigation menu. Use the St a t u s screens to look at the current status of the device, system resources, interface s and SSID status. The St a t u s screen also provides detaile d information about asso[...]

  • Page 48

    Chapter 3 Sta tus Screens NWA3550 User’s Guide 48 System Information System Name This field displays the ZyXE L Device system name. It is used for identification. Y ou can chan ge this in the System > General screen’s System Name field. Model This field displ ays the ZyXEL Device’s exact model name. Firmware V ersion This field displays th[...]

  • Page 49

    Chapter 3 Status Screens NWA3550 User’s Guide 49 S tatus This field indicate s whether or not the Z yXEL Device is using the interface. For each interface, this field displays Up when the ZyXEL Device is using the interface and Down when the ZyXEL Device is n ot using the interface. Rate For the LAN port this displays the port speed and duplex se[...]

  • Page 50

    Chapter 3 Sta tus Screens NWA3550 User’s Guide 50[...]

  • Page 51

    NWA3550 User’s Guide 51 C HAPTER 4 Management Mode This chapter discusses the MGNT MODE (Management Mode) screen. This screen determines whether the ZyXEL Device is used in its default, standalone mode, or as part of a CAPW AP (Control And Provisioning of W ireless Access Points) network. 4.1 About CAPW AP The ZyXEL Device supports CAPW AP (Contr[...]

  • Page 52

    Chapter 4 Manage ment Mode NWA3550 User’s Guide 52 4.1.1 CAPW AP Discovery and Management The link between CAPW AP-enabled access points proceeds as follows: 1 An AP in managed AP mo de joins a wired network (receives a dynamic IP address). 2 The AP sends out a management request, looking for an AP in CAPW AP AP controller mode. 3 If there is an [...]

  • Page 53

    Chapter 4 Manag ement Mode NWA3550 User’s Guide 53 Figure 13 CAPW AP and DHCP Option 43 4.1.4 Notes on CAPW AP This section lists some add itional features of ZyXEL ’ s implementation of the CAPW AP protocol. • When the AP controller uses its internal RADIUS serve r , managed APs also use the AP controller ’ s authentication server to authe[...]

  • Page 54

    Chapter 4 Manage ment Mode NWA3550 User’s Guide 54 The following table describes the labels in this screen. T able 2 The Management Mode Screen LABEL DESCRIPTION S tandalone AP Select this to manage the ZyXEL Device usi ng its own web configurator , neither managing nor managed by other devices. Managed AP Select this to have the ZyXEL Device man[...]

  • Page 55

    NWA3550 User’s Guide 55 C HAPTER 5 Tutorial This chapter first provides an overview of ho w to configure the wireless LAN on your ZyXEL Device, and then gives step-by- step guidelines showing how to configure your ZyXEL Device for some example scenarios. 5.1 How to Configure the Wireless LAN This section shows how to choose which wire less operat[...]

  • Page 56

    Chapter 5 Tutorial NWA3550 User’s Guide 56 5.1.1.1 Configuring Dual WLAN Adaptors The ZyXEL Device is equipped with dual wire less adaptors. This means you can configure two dif fe rent wireless networks to operate simultaneously . See Section 1.2.6 on pa ge 37 for details. Y ou can configure each wireless adaptor separately in the WIRELESS > [...]

  • Page 57

    Chapter 5 T utorial NWA3550 User’s Guide 57 Figure 15 Configuring Wireless LAN S elect Operating Mode Access Point Bridge / Repeater Mo de. AP + Bridge Mode. MBSSID Mode. Select 802.1 1 Mode and Channel ID . Select SSID Configure SSID P rofile . Edit Security Pr ofile . Configure RADIUS authentication (optional). Configure internal AUTH. SER VER [...]

  • Page 58

    Chapter 5 Tutorial NWA3550 User’s Guide 58 5.1.3 Further Reading Use these links to find more information on the steps: • Choosing 802.1 1 Mode : see Section 7.7. 1 on page 98 . • Choosing a wireless Channel ID : see Section 7.7. 1 on page 98 . • Selecting and configuring SSID pr ofile (s): see Section 7.7.1 on page 98 and Section 9.2.1 on [...]

  • Page 59

    Chapter 5 T utorial NWA3550 User’s Guide 59 Figure 16 T utorial: Example MBSSID Set up The standard network ( SSID04 ) has ac cess to all resources. The V oIP ne twork ( V oIP_SSID ) has access to a ll resources and a high Quality of Service (QoS) setting (see Chapter 7 on page 91 for information on QoS). The guest network ( Guest_SSID ) has acce[...]

  • Page 60

    Chapter 5 Tutorial NWA3550 User’s Guide 60 Figure 17 T utorial: Wireless LAN: Before Select MBSSID from the Operating Mode drop-down list box. The screen displays as follows. Figure 18 T utorial: Wireless LAN: Change Mode[...]

  • Page 61

    Chapter 5 T utorial NWA3550 User’s Guide 61 This Select SSID Pr ofile table allows you to activate or deactivate SSID profiles. Y our wireless network was previously using the SSID04 profile, so select SSID04 in on e of the Profile list b oxes (number 3 in this example). Select the Active box for the entry and click Apply to activate the profile.[...]

  • Page 62

    Chapter 5 Tutorial NWA3550 User’s Guide 62 Figure 20 T utorial: V oIP SSID Profile Edit • Choose a new SSID for the V oIP network. In this example, enter V OIP_SSID_Example . Note that although the SSID chan ges, the SSID profile name ( V oIP_SSID ) remains the same as before. • Select Enable from the Hide Name (SSID) list box. Y ou want only[...]

  • Page 63

    Chapter 5 T utorial NWA3550 User’s Guide 63 Figure 21 T utorial: V oIP Sec urity Y ou already chose to use the security02 profile for this network, so select the radio button for security02 and click Edit . The following screen appears. Figure 22 T utorial: V oIP Security Profile Edit •C h a n g e t h e Name field to “V oIP_Security” to mak[...]

  • Page 64

    Chapter 5 Tutorial NWA3550 User’s Guide 64 • Click Apply . The WIRELESS > Security screen displays. Ensure that the Prof ile Name for entry 2 displays “ Vo I P _ S e c u r i t y ” and that the Security Mode is WP A2-PSK . Figure 23 T utorial: V oIP Sec urity: Updated 5.2.2.2 Activate the V oIP Profile Y ou need to activate the Vo I P _ S[...]

  • Page 65

    Chapter 5 T utorial NWA3550 User’s Guide 65 Figure 25 T utorial: Guest Edit • Choose a new SSID for the guest network. In this example, enter Guest_SSID_Example . Note that although the SSID chan ges, the SSID profile name ( Guest_SSID ) remains the same as before. • Select Disable from the Hide Nam e (SSID) list box. This makes it easier for[...]

  • Page 66

    Chapter 5 Tutorial NWA3550 User’s Guide 66 • Select WP A-PSK in the Security Mode field. WP A-PSK provides strong security that is supported by most wireless clients. Even though your Guest_SSID clients d o not have access to sensitive information on the network, you should not leave the network without security . An attacker could still cause [...]

  • Page 67

    Chapter 5 T utorial NWA3550 User’s Guide 67 Figure 29 T utorial: Layer 2 Isolation Profile Enter the MAC addresses and descriptions of the two network devices you want users on the guest network to be able to access: the main network router (00: AA:00:AA:00:AA) and the network printer (AA:00:AA:00:AA:00). Click Apply . 5.2.3.3 Activate the Guest [...]

  • Page 68

    Chapter 5 Tutorial NWA3550 User’s Guide 68 Figure 30 T utorial: Activate G uest Profile Y our guest wireless network is now ready to use. 5.2.4 T esting the Wireless Networks T o make sure that the three networks ar e correctly configured, do the following. • On a computer with a wireless client, scan for access points. Y ou should see the Gues[...]

  • Page 69

    Chapter 5 T utorial NWA3550 User’s Guide 69 Y our wireless network operates in an of fice bu ilding. It consists of four access points (all ZyXEL Devices) and a variable number of wireless clients. Y ou also know that the cof fee shop on the ground floor has a wireless network consisting of a sin gle access point, which ca n be detected and acces[...]

  • Page 70

    Chapter 5 Tutorial NWA3550 User’s Guide 70 " The ZyXEL Device can detect the MA C addresses of APs automatically . However , it is more secure to obtai n the correct MAC addr esses from another source and add them to the friendly AP list ma nually . For example, an attacker’s AP mimicking the correct SSID could be pl aced on the friendly A[...]

  • Page 71

    Chapter 5 T utorial NWA3550 User’s Guide 71 2 Fill in the MAC Addr ess and Description fields as in the following table. Click Add after you enter the details of each AP to include it in the list. " Y ou can add APs that are not part of your network to the friendly AP list, as long as you know that th ey do not pose a threat to your network?[...]

  • Page 72

    Chapter 5 Tutorial NWA3550 User’s Guide 72 Figure 34 T utorial: Configurat ion 4 Click Export . If a window similar to th e following appears, click Save . Figure 35 T utorial: Warning 5 Save the friendly AP list somewhere it can be accessed by all the other access points on the network. In this example, save it on the network file server ( E in [...]

  • Page 73

    Chapter 5 T utorial NWA3550 User’s Guide 73 5.3.2 Activate Period ic Rogue AP Detection T ake the following steps to activ ate rogue AP detection on the first of your ZyXEL Devices. 1 In the ROGUE AP > Configuration screen, select Enable from the Rogue AP Period Detection field. Figure 37 T utorial: Periodic Rogue AP Detection 2 In the Period [...]

  • Page 74

    Chapter 5 Tutorial NWA3550 User’s Guide 74 Figure 38 T utorial: Log Settings • In this example, your mail server ’ s IP address is 192.1 68.1.25 . Enter this IP address in the Mail Server field. • Enter a subject line for the alert e-mails in the Mail Subject field. Choose a subject that is eye-catching and identifies the access point - in [...]

  • Page 75

    Chapter 5 T utorial NWA3550 User’s Guide 75 Now you need to config ure the other wireless access points on your network to do the same things. For each access point, take the following steps. 1 From a computer on the wired network, ente r the access point’ s IP address and login to its W eb configurator . See T able 4 on page 69 for the example[...]

  • Page 76

    Chapter 5 Tutorial NWA3550 User’s Guide 76 Y ou have tw o secure servers ( 1 and 2 in the following figure). W ireless user “Alice” ( A ) needs to access server 1 (but should not access server 2 ) and wireless user “Bob” ( B ) needs to access server 2 (but should not access server 1 ). Y our ZyXEL Device is marked Z . C is a workstation o[...]

  • Page 77

    Chapter 5 T utorial NWA3550 User’s Guide 77 2 Configure the SER VER_1 network’ s MAC filter profile . 3 Configure the SER VER_1 network’ s layer-2 isolation profile. 4 Repeat steps 1 ~ 3 for the SER VER_2 network. 5 Check your settings and test the configuration. T o configure layer -2 isolation, you need to know the MAC addresses o f the dev[...]

  • Page 78

    Chapter 5 Tutorial NWA3550 User’s Guide 78 Figure 40 T utorial: SSID Profile 2 Select SER VER_1 ’ s entry and click Edit . The following screen displays. Figure 41 T utorial: SSID Edit Select l2Isolation03 in the L2 Isolatio n field, a nd select macf ilter03 in the MAC Filtering field. Click Apply . 3 Click the Layer -2 Isolation tab. When the [...]

  • Page 79

    Chapter 5 T utorial NWA3550 User’s Guide 79 Figure 42 T utorial: Layer-2 Isolation Edit Enter the network switch’ s MAC Address and add a Description (“NET_SWITCH” in this case) in Set 1 ’s e n t r y. Enter server 1’ s MAC Address and add a Description (“SER VER_1” in this case) in Set 2 ’s e n t r y. Change the Profile Name to ?[...]

  • Page 80

    Chapter 5 Tutorial NWA3550 User’s Guide 80 T o do this, repeat the procedure in Section 5.4.4 on page 77 , substituting the following information. 5.4.6 Checking your Settings and T esting the Configuration Use the following sections to ensure that yo ur wireless networks are set up correctly . 5.4.6.1 Checking Settings T ake the following steps [...]

  • Page 81

    Chapter 5 T utorial NWA3550 User’s Guide 81 Figure 44 T utorial: SSID Profiles Activated 2 Next, click the SSID tab. Check that each configured SSID profile uses the correct Security , Layer -2 Is olation and MAC Filter profiles, as shown in the following figure. Figure 45 T utorial: SSID T ab Correct Settings V If the settings are not as s hown,[...]

  • Page 82

    Chapter 5 Tutorial NWA3550 User’s Guide 82 Attempt to access the Internet. Y o u should be able to do so. Attempt to access Server 2 . Y ou should be unable to do so. If you can do so , layer-2 isolation is misconfigured. • Using Alice’ s computer and wireless client, and incorrect security settings, attempt to associate with the SER VER_1 ne[...]

  • Page 83

    83 P ART II The W eb Configurator System Screens (85) W ireless Config uration (91) W ireless Security Configuration (109) MBSSID and SSID (121) Other W ireless Configuration (129) IP Screen (141) Rogue AP (145) Remote Management Screens (151) Internal RADIUS Server (169) Certificates (177) Log Screens (195) VLAN (203) Maintenance (221)[...]

  • Page 84

    84[...]

  • Page 85

    NWA3550 User’s Guide 85 C HAPTER 6 System Screens 6.1 System Overview This section provides information on general system setup. 6.2 Configuring General Setup Click SYSTEM > General . Figure 46 System > General The following table describes the labels in this screen. T able 10 System > General LABEL DESCRIPTION General Setup System Name [...]

  • Page 86

    Chapter 6 System Screens NWA3550 User’s Guide 86 6.3 Administrator Authentication on RADIUS The administrator authentication on RADIUS fe ature lets a (external or internal) RADIUS server authenticate management logins t o the Zy XEL Device. This is u s eful if you need to regularly change a password that you u se to manage several ZyXEL De vices[...]

  • Page 87

    Chapter 6 S ystem Screen s NWA3550 User’s Guide 87 Figure 47 SYSTEM > Password. The following table describes the labels in this screen. Ta b l e 1 1 Password LABEL DESCRIPTIONS Enable Admin at Local Select this check box to have the de vice authenticate ma nagement l ogins to the device. Use old setting Select this to have the ZyXEL Device us[...]

  • Page 88

    Chapter 6 System Screens NWA3550 User’s Guide 88 6.4 Configuring T ime Setting T o change your ZyX EL Device’ s time and date, click SYSTEM > T ime Setting . The screen appears as shown. Use this screen to configur e the ZyXEL Device’ s time based on yo ur local time zone. Figure 48 SYSTEM > T ime Setting RADIUS Select the RADIUS server[...]

  • Page 89

    Chapter 6 S ystem Screen s NWA3550 User’s Guide 89 The following table describes the labels in this screen. T able 12 SYSTEM > Time Setting LABEL DESCRIPTION Current T ime This field displays the time of your ZyXEL Device. Each time you reload this page, th e ZyXEL Device synchronizes the tim e with the time server (if configured). Current Dat[...]

  • Page 90

    Chapter 6 System Screens NWA3550 User’s Guide 90 6.5 Pre-defined NTP T ime Servers List When you turn on the ZyXEL De vice for the first time, the date and time start at 2000-01-01 00:00:00. When you select Auto in the SYSTEM > Time Setting screen, the ZyXEL Device then attempts to synchronize w ith one of the following pre-defined list of NTP[...]

  • Page 91

    NWA3550 User’s Guide 91 C HAPTER 7 Wireless Configuration This chapter discusses how to configure the ZyXEL Device’ s Wire l es s screens. 7.1 Wireless Network Overview The following figure provides an exampl e of a wireless network. Figure 49 Example of a Wireless Network The wireless network is the part in the blue circle. In this wireless ne[...]

  • Page 92

    Chapter 7 Wireless Configuration NWA3550 User’s Guide 92 Like radio stations or television channels, e ach wireless network uses a spec ific channel, or frequency , to send and receive information. • Every device in the same wireless networ k must use security compatible with the AP . Security stops unauthorized devices from using the wireless [...]

  • Page 93

    Chapter 7 Wireless Configuration NWA3550 User’s Guide 93 7.3.1.1 WMM QoS Priorities The following table describes the WMM QoS pr iority levels that the ZyXEL Device uses. 7.3.2 A TC Automatic T raffic Classifier (A TC) is a bandwidth management tool that prioritizes data packets sent across the network. A TC assigns each packet a priority and the[...]

  • Page 94

    Chapter 7 Wireless Configuration NWA3550 User’s Guide 94 Y ou should activate A TC on the ZyXEL Device if your wireless network includes netw orking devices that do no t support WMM QoS, or if you want to prioritize traf fic but do not want to configure WMM QoS settings. 7.3.3 A TC+WM M The ZyXEL Device can use a mapping mechan ism to use both A [...]

  • Page 95

    Chapter 7 Wireless Configuration NWA3550 User’s Guide 95 7.3.4 T ype Of Service (T oS) Network traffic can be classified by setting the T o S (T ype Of Service) values at the data source (for example, at the ZyXEL Device) so a server can decide the best method of delivery , that is the least cost, fastest route and so on. 7.3.4.1 DiffServ DiffSer[...]

  • Page 96

    Chapter 7 Wireless Configuration NWA3550 User’s Guide 96 The following table lists which WMM QoS priori ty level the ZyXEL Device uses for specific DSCP values. 7.4 Sp anning T ree Protocol (STP) STP detects and breaks network loops and provide s backup links betw een switches, bridge s or routers. It allows a bridge to interact with o ther STP-c[...]

  • Page 97

    Chapter 7 Wireless Configuration NWA3550 User’s Guide 97 For each LAN segment, a designated bridge is sel ected. This bridge has the lowest cost to the root among the bridges co nnected to the LAN. 7.4.3 How STP Works After a bridge determines the lowest cost-spanni ng tree with STP , it enables the root port and the ports that are the designat e[...]

  • Page 98

    Chapter 7 Wireless Configuration NWA3550 User’s Guide 98 7.6 Wireless Screen Overview The following is a list of the wireless scree ns you can configure on the ZyXEL Device. 1 Configure the ZyXEL Device to operate in AP , Bridge/Repeater , AP+Bridge or MBSSID mode in the W i reless screen. Y ou can a lso select an SSID Pr ofile in the Wir eless s[...]

  • Page 99

    Chapter 7 Wireless Configuration NWA3550 User’s Guide 99 Figure 51 Wireless: Access Point The following table describes the general wireless LAN labels in this screen. T able 22 Wireless: Access Point LABEL DESCRIPTION WLAN Interface Select which WLAN adapter you want to configure. It is recommended that you configure the first WLAN adapter for A[...]

  • Page 100

    Chapter 7 Wireless Configuration NWA3550 User’s Guide 100 Disable channel switching for DFS This field displays only when you select 802.1 1a in the 802.1 1 Mde field. Select this if you do not want to use DFS (Dynamic Frequency Selection) . Choose Channel ID Set the operating frequency/channel de pending on your particular region. T o manu ally [...]

  • Page 101

    Chapter 7 Wireless Configuration NWA3550 User’s Guide 101 7.7.2 Bridge/Repeater Mode The ZyXEL Device can act as a wireless network bridge and establish wireless links with other APs. Y ou need to know the MAC address of the peer device, which also must be in bridge mode. The ZyXEL Device can establish up to five wireless links with other APs. In[...]

  • Page 102

    Chapter 7 Wireless Configuration NWA3550 User’s Guide 102 Figure 52 Bridging Example Be careful to avoid bridg e loops when you enable bridging in th e ZyXEL Device. Bridge loops cause broadcast traffic to circ le the network endlessly , resulting in possible throughput degradation and disru ption of communications. Th e following examples show t[...]

  • Page 103

    Chapter 7 Wireless Configuration NWA3550 User’s Guide 103 Figure 54 Bridge Loop: Bridge Connected to Wired LAN T o prevent bridge loops, ensu re that you enable STP in the Wi re l e ss screen or your ZyXEL Device is not set to bridge mode while co nnec ted to both wired and wireless segments of the same LAN. T o have the ZyXEL Device act as a wir[...]

  • Page 104

    Chapter 7 Wireless Configuration NWA3550 User’s Guide 104 Figure 55 Wireless: Brid ge/Repeate r The following table describes the bridge labels in this screen. T able 23 Wireless: Bridge/Repeater LABEL DESCRIPTIONS WLAN Interface Select which WLAN adap ter you want to config ure. It is recommended that you configure the first WLAN adapter for AP [...]

  • Page 105

    Chapter 7 Wireless Configuration NWA3550 User’s Guide 105 802.1 1 mode Select 802.1 1b Only to allow only IEEE 802.1 1b compliant WLAN devices to associate with the ZyXEL Device. Select 802.1 1g Only to allow only IEEE 802.1 1g compliant WLAN devices to associate with the ZyXEL Device. Select 802.1 1b+g to allow both IEEE802 .1 1b and IEEE802.1 1[...]

  • Page 106

    Chapter 7 Wireless Configuration NWA3550 User’s Guide 106 See T able 22 on page 99 for information on the ot her labels in this screen. 7.7.3 AP+Bridge Mode Select AP+Bridge as the Operating Mo de in the WIRELESS > Wir eless screen to have the ZyXEL Device function as a bridge and access point simultaneously . See the section on applications f[...]

  • Page 107

    Chapter 7 Wireless Configuration NWA3550 User’s Guide 107 Figure 56 Wireless: AP+Bridge See the tables describing the fields in the Access Point and Bridge/Repeater operating modes for descriptions of the fields in this screen.[...]

  • Page 108

    Chapter 7 Wireless Configuration NWA3550 User’s Guide 108 7.7.4 MBSSID Mode Select MBSSID as the Operating Mode . Refer to Chapter 9 on page 121 for configuration instructions and deta iled informati on. See Chapter 8 o n page 109 for details on the security settings.[...]

  • Page 109

    NWA3550 User’s Guide 109 C HAPTER 8 Wireless Security Configuration This chapter describes how to use the Security and RADIUS screens to configure wireless security on your ZyXEL Device. 8.1 Wireless Security Overview The following sections introduce different types of wireless security you can set up in the wireless network. 8.1.1 SSID Normally [...]

  • Page 110

    Chapter 8 Wireless Secu rity Configuration NWA3550 User’s Guide 11 0 8.1.3 User Authentication Authentication is the process of verifying whet her a wireless device is allowed to use the wireless network. Y ou can make every user log in to the wireless network before they can use it. However , every device in the wireless network has to support I[...]

  • Page 111

    Chapter 8 Wireless Se curity Configuration NWA3550 User’s Guide 111 When you use WP A2 or WP A2-PSK in your ZyXEL Device, you can select WP A2-MIX or WP A2-PSK-MIX to support WP A as well. In this c ase, if some of the devices support WP A and some support WP A2, you should set up WP A2-PSK-MIX or WP A2-MIX (dependi ng on the type of wireless net[...]

  • Page 112

    Chapter 8 Wireless Secu rity Configuration NWA3550 User’s Guide 11 2 Figure 57 Wireless > Security The following table describes the labels in this screen. The next screen varies according to the Security Mode you select. 8.3.1 Security: WEP Select WEP in the Security Mode field to display the following screen. T able 26 WIRELESS > Security[...]

  • Page 113

    Chapter 8 Wireless Se curity Configuration NWA3550 User’s Guide 11 3 Figure 58 WIRELESS > Security: WEP The following table describes the labels in this screen. 8.3.2 Security: 802.1x Only Select 8021x-Only in the Secu rity Mode field to display the following screen. T able 27 Security: WEP LABEL DESCRIPTION Profile Name T ype a name to iden t[...]

  • Page 114

    Chapter 8 Wireless Secu rity Configuration NWA3550 User’s Guide 11 4 Figure 59 Security: 802.1x Only The following table describes the labels in this screen. 8.3.3 Security: 802.1x S tatic 64-bit, 802.1x S t atic 128-bit Select 8021x-S tatic64 or 802 1x-S tatic128 in the Security Mode field to display the following screen. T able 28 Security: 802[...]

  • Page 115

    Chapter 8 Wireless Se curity Configuration NWA3550 User’s Guide 11 5 Figure 60 Security: 802.1x Static 64-bit, 802.1x Static 128-bit The following table describes the labels in this screen. T able 29 Security: 802.1x Static 64-b it, 802.1x Sta t ic 128-bit LABEL DESCRIPTION Profile Name T ype a name to i dentify this security profile. Security Mo[...]

  • Page 116

    Chapter 8 Wireless Secu rity Configuration NWA3550 User’s Guide 11 6 8.3.4 Security: WP A Select WP A in t he Security Mode field to display the followi ng screen. Figure 61 Security: WP A The following table describes the labels in this screen. 8.3.5 Security: WP A2 or WP A2-MIX Select WP A2 or WP A2-M IX in the Security Mode field to display th[...]

  • Page 117

    Chapter 8 Wireless Se curity Configuration NWA3550 User’s Guide 11 7 Figure 62 Security:WP A2 or WP A2-MIX The following table describes the labels not previously discussed T able 31 Security: WPA2 or WPA2-MIX LABEL DESCRIPTIONS Profile Name T ype a name to iden tify this security profile. Security Mode Choose WP A2 or WP A2-MIX in this field. Re[...]

  • Page 118

    Chapter 8 Wireless Secu rity Configuration NWA3550 User’s Guide 11 8 8.3.6 Security: WP A-PSK, WP A2-PSK, WP A2-PSK-MIX Select WP A-PSK , WP A2-PSK or WP A2-PSK-MIX in the Security Mode field to display the following screen. Figure 63 Security: WP A-PSK, W P A2-PSK or WP A2-PSK-MIX The following table describes the labels not previously discussed[...]

  • Page 119

    Chapter 8 Wireless Se curity Configuration NWA3550 User’s Guide 11 9 8.4 Introduction to RADIUS RADIUS is based on a client-sever model that supports authentication and accounting, where the access point is the client and the server is the RADIUS server . The RADIUS server handles the following tasks, among others: • Authentication Determines t[...]

  • Page 120

    Chapter 8 Wireless Secu rity Configuration NWA3550 User’s Guide 120 The following table describes the labels in this screen. T able 33 RADIUS LABEL DESCRIPTION Index Sel ect the RADIUS profile you want to configure from the drop-down list box. Profile Name T ype a name for the RAD IUS profile associated with the Index number above. Primary Config[...]

  • Page 121

    NWA3550 User’s Guide 121 C HAPTER 9 MBSSID and SSID This chapter describes how to configure and use your ZyXEL Device’ s MBSSID mode and configure SSID profiles. 9.1 Wireless LAN Infrastructures See the W ireless LAN chapter for some basic WLAN scenarios and terminology . 9.1.1 MBSSID T raditionally , you needed to u se different APs to configu[...]

  • Page 122

    Chapter 9 MBSSID and SSID NWA3550 User’s Guide 122 The switch adds PVID (Port VLAN IDentit y) tags to incoming frames that don’t already have tags (on switch ports wh ere PVI D is enabled). Figure 65 Multiple BSS with VLAN Example 9.1.5 Configuring Multiple BSSs Click WIRELESS > Wir eless and select MBSSID in the Operating Mode drop-down lis[...]

  • Page 123

    Chapter 9 MBSSID and SSID NWA3550 User’s Guide 123 Figure 66 Wireless: Multiple BSS The following table describes the labels in this screen. T able 34 Wireless: Multiple BSS LABEL DESCRIPTION WLAN Interface Select which WLAN adapter you want to configure. It is recommended that you configure t he first WLAN adapter for AP functions and use the se[...]

  • Page 124

    Chapter 9 MBSSID and SSID NWA3550 User’s Guide 124 802.1 1 Mode Select 802.1 1b Only to allow only I EEE 802.1 1b compliant WLAN devices to associate with the ZyXEL Device. Select 802.1 1g Only to allow only I EEE 802.1 1g compliant WLAN devices to associate with the ZyXEL Device. Select 802.1 1b+g to allow both IEEE802.1 1b and IEEE802.1 1g comp[...]

  • Page 125

    Chapter 9 MBSSID and SSID NWA3550 User’s Guide 125 9.2 SSID When the ZyXEL Device is set to Access Point, AP+Bridge or MBSSID mode, you need to choose the SSID profile(s) you want to use in your wireless network (see Section 7.6 on page 98 for more information on operating modes). Use the WIRELESS > SSID screen to see information ab out the SS[...]

  • Page 126

    Chapter 9 MBSSID and SSID NWA3550 User’s Guide 126 Figure 67 SSID The following table describes the labels in this screen. T able 35 SSID LABEL DESCRIPTION Index This field displays the index number of each SSID profile. Name This field displays the identification name of each SSID profile on the ZyXEL Device. SSID This field displays the name of[...]

  • Page 127

    Chapter 9 MBSSID and SSID NWA3550 User’s Guide 127 9.2.2 Configuring SSID Each SSID profile references the settings configured in the following screens: • WIRELESS > Security (one of the security profil es). • WIRELESS > RADIUS (one of the RADIUS profiles). • WIRELESS > MAC Filter (the MAC filter list , if activated in the SSID pro[...]

  • Page 128

    Chapter 9 MBSSID and SSID NWA3550 User’s Guide 128 QoS Select the Quality of Service priority for this BSS’ s traffic. • In the pre-configured V oIP_SSID profile, the QoS setting is Vo I P . This is not user-con figurable. The Vo I P setting is avail able only on the Vo I P _ S S I D profile, and provides the highest level of Qo S. • If you[...]

  • Page 129

    NWA3550 User’s Guide 129 C HAPTER 10 Other Wireless Configuration This chapter describes how to configure the Layer -2 Isolation and MAC Filter screens on your ZyXEL Device. 10.1 Layer-2 Isolation Introduction Layer-2 isol ation is used to prevent wireless clients associated with your ZyXEL Device from communicating with other wire less c lients,[...]

  • Page 130

    Chapter 10 Other Wire less Configuration NWA3550 User’s Guide 130 Figure 69 Layer-2 Isolation Application MAC addresses that are not listed in the Allow devices with these MAC addresses table are blocked from communica ting with the ZyXEL Devi ce’ s wireless clients except for broadcast packets. Layer-2 isolation does not check th e traffic bet[...]

  • Page 131

    Chapter 10 Other Wireless Configu ration NWA3550 User’s Guide 131 Figure 70 WIRELESS > Layer 2 Isolation The following table describes the labels in this screen. 10.3 Configuring Layer-2 Isolation T o configure layer-2 isolation, click WIRELESS > Layer-2 Isolation > Edit . The screen appears as shown. " If layer-2 isolation is enabl[...]

  • Page 132

    Chapter 10 Other Wire less Configuration NWA3550 User’s Guide 132 Figure 71 WIRELESS > Layer-2 Isolat ion Configuration Screen The following table describes th e labels in this screen. T able 38 WIRELESS > Layer-2 Isol ation Configuration LABEL DESCRIPTION Profile Name T ype a name to identify this layer-2 isolation profile. Allow devices w[...]

  • Page 133

    Chapter 10 Other Wireless Configu ration NWA3550 User’s Guide 133 10.3.1 Layer-2 Isolation Examples The following section sho ws you example laye r -2 isolation configur ations on the ZyXEL Device ( A ). " When configuring, remember to select the correct laye r-2 isolation profile in the WIRELESS > SSID > Edit screen of the relevant SS[...]

  • Page 134

    Chapter 10 Other Wire less Configuration NWA3550 User’s Guide 134 10.3.1.2 Layer-2 Isolation Ex ample 2 In the following exam ple wireless clients 1 and 2 can communicate with access point D and file server C but not wireless client 3 . • Enter the router ’ s, server ’ s and access point D ’ s MAC addresses in the MAC Address fields. Ente[...]

  • Page 135

    Chapter 10 Other Wireless Configu ration NWA3550 User’s Guide 135 Figure 75 WIRELESS > MAC Filter The following table describes the labels in this screen. 10.4.1 Configuring MAC Filtering T o change your ZyXEL Device ’ s MAC filter settings, click WIRELESS > MAC Filter > Edit . The screen appears as shown. T able 39 WIRELESS > MAC F[...]

  • Page 136

    Chapter 10 Other Wire less Configuration NWA3550 User’s Guide 136 Figure 76 MAC Addres s Filter The following table describes the labels in this screen. T able 40 MAC Address Filter LABEL DESCRIPTION Profile Name Ty p e a name to identify this profile. Filter Action Define the filter action for the list of MAC addresses in the MAC address filter [...]

  • Page 137

    Chapter 10 Other Wireless Configu ration NWA3550 User’s Guide 137 " T o a ctivate MAC fi ltering on an SSID p rof ile, select the corr ect filter from the Enable MAC Filtering drop-down list box in the WIRELESS > SSID > Edit screen and click Apply . 10.5 Configuring Roaming A wireless station is a device with an I EEE 802.1 1 a/b/g com[...]

  • Page 138

    Chapter 10 Other Wire less Configuration NWA3550 User’s Guide 138 Figure 77 Roaming Example The steps below describe the roaming process. 1 W ireless station Y moves from the coverage area of access point AP 1 to that of access point AP 2 . 2 W ireless station Y sc ans and detects the signal of access point AP 2 . 3 W ireless station Y se nds an [...]

  • Page 139

    Chapter 10 Other Wireless Configu ration NWA3550 User’s Guide 139 Figure 78 Roaming Select the Enable Roaming check box and click Apply .[...]

  • Page 140

    Chapter 10 Other Wire less Configuration NWA3550 User’s Guide 140[...]

  • Page 141

    NWA3550 User’s Guide 141 C HAPTER 11 IP Screen This chapter discusses how to config ure IP settings on the ZyXEL Device. 1 1.1 Factory Ethernet Default s The Ethernet parameters of the ZyXEL Device are preset in the fact ory with the following values: 1 IP address of 192.168.1.2 2 Subnet mask of 25 5.255.255.0 (24 bits) These parameters should wo[...]

  • Page 142

    Chapter 11 IP Screen NWA3550 User’s Guide 142 " Regardless of your particular situation, do not create an ar bitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocati on for Private Internets and RFC 1466, Guideli nes for Management of IP Address S pace. 1 1[...]

  • Page 143

    Chapter 11 IP Scree n NWA3550 User’s Guide 143 Apply Click Apply to save your changes. Reset Click Reset to begin configuring this screen afresh. T able 42 IP Setup LABEL DESCRIPTI ON[...]

  • Page 144

    Chapter 11 IP Screen NWA3550 User’s Guide 144[...]

  • Page 145

    NWA3550 User’s Guide 145 C HAPTER 12 Rogue AP This chapter discusses rogue wireless access poin ts (APs) and how to c onfigure the ZyXEL Device’ s rogue AP detection feature. 12.1 Rogue AP Introduction A rogue AP is a wireless access point operating in a network’ s coverage area that is not a sanctioned part of that network. Rogu e APs are no[...]

  • Page 146

    Chapter 12 Rogue AP NWA3550 User’s Guide 146 Figure 80 Rogue AP: Example 12.2.1 “Honeypot” Att ack Rogue APs need not be co nnected to the legitimate network to pose a severe security threat. In the following example, an attacke r ( X ) is stationed in a vehicle outside a company building, using a rogue access point equipped with a powerful a[...]

  • Page 147

    Chapter 12 Rogue AP NWA3550 User’s Guide 147 Figure 81 “Honeypot” Att a ck 12.3 Configuring Rogue AP Detection Y ou can configure the ZyXEL Device to de tect rogue IEEE 802.1 1a (5 GHz) and IEEE 802.1 1b/g (2.4 GHz) APs. If you have more than one AP in your wireless network, you must also configure the list of “friendly” APs. Friendly APs[...]

  • Page 148

    Chapter 12 Rogue AP NWA3550 User’s Guide 148 Figure 82 ROGUE AP > Configuration The following table describes the labels in this screen. 12.3.2 Rogue AP: Friendly AP The friendly AP list displays deta ils of all the access points in your area that you know are not a threat. If you have mo re than one AP in your network, you need to configure t[...]

  • Page 149

    Chapter 12 Rogue AP NWA3550 User’s Guide 149 Figure 83 ROGUE AP > Friendly AP The following table describes the labels in this screen. 12.3.3 Rogue AP List This list displays details of all IEEE 802.1 1a /b/g wireless access poin ts within the ZyXEL Device’ s coverage area, except for the ZyXEL De vice itself and the access points included i[...]

  • Page 150

    Chapter 12 Rogue AP NWA3550 User’s Guide 150 Figure 84 ROGUE AP > Rogue AP The following table describes the labels in this screen. T able 45 ROGUE AP > Rogue AP LABEL DESCRIPTION Rogue AP List This displays details o f access points in the ZyXEL Device’s coverage area that are not listed in the friendly AP list (see Sect ion 12.3.2 o n p[...]

  • Page 151

    NWA3550 User’s Guide 151 C HAPTER 13 Remote Management Screens This chapter provides information on the Remote Management screens. 13.1 Remote Management Overview Remote management allows you to determ ine which services/protocols can access which ZyXEL Device interface (if any) from which computers. Y ou may manage your ZyXEL De vice from a remo[...]

  • Page 152

    Chapter 13 Remo te Management Screens NWA3550 User’s Guide 152 13.1.2 System T imeout There is a default system management idle tim eout of five minutes (three hundre d seconds). The ZyXEL Device automatically logs you out if the management session remains idle for longer than this timeout period. The manage ment session does not time out when a [...]

  • Page 153

    Chapter 13 Remot e Management Screens NWA3550 User’s Guide 153 The SSH client sends a connection request to the SSH server . The server identifies itself with a host key . The client encrypts a rand omly generated session ke y with the host key and server key and sends the result back to the server . The client automatically saves any new server [...]

  • Page 154

    Chapter 13 Remo te Management Screens NWA3550 User’s Guide 154 Figure 86 Remote Management: T elnet The following table describes the labels in this screen. T able 47 Remote Management: Telnet LABEL DESCRIPTION TELNET Server Port Y ou can change the server port number fo r a service if needed, however you must use the same port numb er in order t[...]

  • Page 155

    Chapter 13 Remot e Management Screens NWA3550 User’s Guide 155 13.6 Configuring FTP Y ou can use FTP (File T ransfer Protocol) to upload and download the ZyXEL Device’ s firmware and configuration files, please see the User ’ s Guide chapter on firmware and configuration file maintenance for details. T o use this fea ture, your computer must [...]

  • Page 156

    Chapter 13 Remo te Management Screens NWA3550 User’s Guide 156 13.7 WWW (HTTP and HTTPS) HTTPS (HyperT ext T ransfer Protocol over Secure Socket Layer , or HTTP over SSL) is a web protocol that encrypts and decrypts web pages. Secure Socket Layer (SSL) is an application- level protocol that enables secure transactions of data by ensuring confiden[...]

  • Page 157

    Chapter 13 Remot e Management Screens NWA3550 User’s Guide 157 13.8 Configuring WWW T o change your ZyXEL Device’ s W orld W ide W eb settings, click REMOTE MGNT > WWW . Figure 89 Remote Management: WWW The following table describes the labels in this screen. T able 49 Remote Managemen t : WWW LABEL DESCRIPTION WWW Server Port Y ou may chang[...]

  • Page 158

    Chapter 13 Remo te Management Screens NWA3550 User’s Guide 158 13.9 HTTPS Example If you haven’t changed the default HTTPS port on the ZyXEL Device, then in your browser enter “https://ZyXEL Device IP Address/” as the web site ad dress where “ZyXEL Device IP Address” is the IP address or domain na me of the ZyXEL Device you wish to acce[...]

  • Page 159

    Chapter 13 Remot e Management Screens NWA3550 User’s Guide 159 13.9.2 Net scape Navigator W arning Messages When you attempt to access the ZyXEL Device HTTPS server , a W ebsite Certified by an Unknown Authority screen pops up asking if you trust the server certificate. Click Examine Certificate if you want to verify that the certificate is from [...]

  • Page 160

    Chapter 13 Remo te Management Screens NWA3550 User’s Guide 160 • The issuing certificate author ity of the ZyXEL Device’ s HT TPS server certificate is not one of the browser ’ s trusted certificate authoritie s. The issuing certificate authority of the ZyXEL Device's factory default certificate is the ZyXEL Device itself since the cer[...]

  • Page 161

    Chapter 13 Remot e Management Screens NWA3550 User’s Guide 161 Figure 93 Example: Lock Denoting a Secure Conn ection Click Login and you then see the next sc reen. The factory default certificate is a common de fault certificate for all ZyXEL Device models. Figure 94 Replace Certificate Click Apply in the Replace Certificate scre en to create a c[...]

  • Page 162

    Chapter 13 Remo te Management Screens NWA3550 User’s Guide 162 Figure 95 Device-specific Certificate Click Ignore in the Replace Certificate screen to use the common ZyXEL Device certificate. Y ou will then see this information in the My Certificates screen. Figure 96 Common ZyXEL Device Certificate 13.10 SNMP Simple Network Management Protocol ([...]

  • Page 163

    Chapter 13 Remot e Management Screens NWA3550 User’s Guide 163 " SNMP is available only if TCP/IP is configured. Figure 97 SNMP Management Model An SNMP managed network consis ts of two main types of comp onent: ag ents and a manager . An agent is a management software module that resi des in a managed device (the ZyXEL Device). An agent tra[...]

  • Page 164

    Chapter 13 Remo te Management Screens NWA3550 User’s Guide 164 13.10.1 Supported MIBs The ZyXEL Device supports MIB II, which is defined in RFC-1213 and RFC- 1215, as well as the proprietary ZyXEL private MIB. The purpose of the MIBs is to let administrators collect statistical data and monito r status and performance. 13.10.2 SNMP T rap s The Zy[...]

  • Page 165

    Chapter 13 Remot e Management Screens NWA3550 User’s Guide 165 13.1 1 SNMP T rap Interface Index Some traps include an SNMP in terface index. The following ta ble maps the SNMP interface indexes to the ZyXEL Device’ s physical and virtual ports. 13.1 1.1 SNMP v3 and Security SNMP v3 enhances security for SNMP manage ment. SNMP managers can be r[...]

  • Page 166

    Chapter 13 Remo te Management Screens NWA3550 User’s Guide 166 Figure 98 Remote Management: SNMP The following table describes the labels in this screen. T able 52 Remote Managemen t : SNMP LABEL DESCRIPTION SNMP Configuration Get Community Enter the Get Community , which is the password for the incoming Get and GetNext requests from the manageme[...]

  • Page 167

    Chapter 13 Remot e Management Screens NWA3550 User’s Guide 167 13.1 1.2.1 The SNMPv3 User Profile Screen Use this screen to set up the details of SNMPv3 users. Click Configure SNMPv3 User Profile in the REMOTE MGNT > SNMP scree n. The following screen displays. Figure 99 Remote Management: SN MPv3 User Profile The following table describes the[...]

  • Page 168

    Chapter 13 Remo te Management Screens NWA3550 User’s Guide 168 Confirm Password Re-enter the Password . Access T ype For the administrator , this is always Set . SNMP Set commands allow the administrator to make configuratio n changes. Authentication Protoc ol Select an authentication algorithm. MD5 (Message Digest 5) and SHA (Se cure Hash Algori[...]

  • Page 169

    NWA3550 User’s Guide 169 C HAPTER 14 Internal RADIUS Server The ZyXEL Device can use its interna l RADIUS server to authenticate wireless clients. It ca n also serve as a RADIUS server to authenticate other APs and their wireless clients. For more background information on RADIUS, see Section 8.4 on page 1 19 . 14.1 Internal RADIUS Overview The Z[...]

  • Page 170

    Chapter 14 Internal RADIUS Server NWA3550 User’s Guide 170 " The internal RADIUS server does not support domain account s (DOMAIN/ user). When you configur e your Windows XP SP2 Wire less Zero Configuration PEAP/MS-CHAPv2 settings, deselec t the Use Windows logon name and password check box. When authenticat ion begins, a pop-up dialog box r[...]

  • Page 171

    Chapter 14 Internal RADIUS Server NWA3550 User’s Guide 171 14.3 T rusted AP Overview A trusted AP is an AP that uses the ZyXEL De vice’ s internal RADIUS server to authenticate its wireless clients. Each wireless client must ha ve a user name and password configured in the AUTH. SER VER > T rusted Users screen. The following figure shows how[...]

  • Page 172

    Chapter 14 Internal RADIUS Server NWA3550 User’s Guide 172 Figure 101 T rusted AP Overview 1 Configure an IP address and shared secret in the T rusted AP database to authenticate an AP as a trusted AP . 2 Configure wireless client user names and passwords in the T rus ted Users database to use a trusted AP as a relay between the ZyXEL Device’ s[...]

  • Page 173

    Chapter 14 Internal RADIUS Server NWA3550 User’s Guide 173 Figure 102 T rusted AP Screen The following table describes the labels in this screen. T able 55 Trusted AP LABEL DESCRIPTION Index This field displays the trusted AP index number . Active Select this check box to have the ZyXEL Device use the IP Address and Shared Secret to authen ticate[...]

  • Page 174

    Chapter 14 Internal RADIUS Server NWA3550 User’s Guide 174 14.5 Configuring T rusted Users A trusted user entry consists of a wireless client user name and password. T o configure trusted user entries, click AUTH SERV ER > T rusted Users . The screen appears as shown. Figure 103 T rusted Users Screen The following table describes the labels in[...]

  • Page 175

    Chapter 14 Internal RADIUS Server NWA3550 User’s Guide 175 Password T ype a password (up to 31 ASCII cha racters) for this user profile. Note that as you type a password, the screen displays a (*) for each character you type. The password on the wireless client’s utilit y must be the same as this password. Note: If you are using PEAP authentica[...]

  • Page 176

    Chapter 14 Internal RADIUS Server NWA3550 User’s Guide 176[...]

  • Page 177

    NWA3550 User’s Guide 177 C HAPTER 15 Certificates This chapter gives background in formation about public-key certificates and explains how to use them. 15.1 Certificates Overview The ZyXEL Device can use certificates (also ca lled digital IDs) to authenticate users. Certificates are based on public -private key pairs. A certificate contains the [...]

  • Page 178

    Chapter 15 Certificates NWA3550 User’s Guide 178 Certification authorities maintain directory ser vers with databases of valid and revoked certificates. A directory of certificates that have been revoked before the scheduled exp iration is called a CRL (Certificate Revocation List ). The ZyXEL Device can check a peer ’ s certificate against a d[...]

  • Page 179

    Chapter 15 Certificates NWA3550 User’s Guide 179 Figure 105 Certificate Details 4 Use a secure method to verify that the certificate owner ha s the same information in the Thumbprint Algorithm and Thumbprint fields. The secure method may vary according to your situation. Possible examples would be over the telephon e or through an HTTPS connectio[...]

  • Page 180

    Chapter 15 Certificates NWA3550 User’s Guide 180 Figure 106 My Certificates The following table describes the labels in this screen. T able 57 My Certificates LABEL DESCRIPTION PKI S torage S pace in Use This bar displays the percentage of the Zy XEL Device’s PKI storage space that is currently in use. When you are using 80% or less of the stor[...]

  • Page 181

    Chapter 15 Certificates NWA3550 User’s Guide 181 15.6 Certificate File Format s The certification authority certific ate that yo u want to import ha s to be in one of these file formats: • Binary X.509: This is an ITU-T recommen dation that defines th e formats for X.509 certificates. • PEM (Base-64) encoded X.509: This Priv acy Enhanced Mail[...]

  • Page 182

    Chapter 15 Certificates NWA3550 User’s Guide 182 15.7 Importing a Certificate Click CER TIFICA TES > My Certificates and then Import to open the My Certificate Import screen. Follow the instructions in this sc reen to save an exis ting certificate to the ZyXEL Device. " Y ou can import only a certificate that matches a corresponding certi[...]

  • Page 183

    Chapter 15 Certificates NWA3550 User’s Guide 183 The following table describes the labels in this screen. 15.8 Creating a Certificate Click CER TIFICA TES > My Certificates and then Create to open the My Certifica te Create screen. Use this screen to have the ZyXEL Device create a self-signed certificate, enroll a certificate with a certificat[...]

  • Page 184

    Chapter 15 Certificates NWA3550 User’s Guide 184 The following table describes the labels in this screen. T able 59 My Certificate Create LABEL DESCRIPTION Certificate Name T ype up to 31 ASC II characters (not including spaces) to identify this certificate. Subject Information Use these fields to record informati on that ident ifies the owner of[...]

  • Page 185

    Chapter 15 Certificates NWA3550 User’s Guide 185 After you click Apply in the My Certificate Create screen, you see a screen that tells you the ZyXEL Device is generating the self-signe d certificate or certification request. After the ZyXEL Device successfully enrolls a ce rtificate or generates a certification request or a self-signed certifica[...]

  • Page 186

    Chapter 15 Certificates NWA3550 User’s Guide 186 Figure 109 My Certificate Details The following table describes the labels in this screen. T able 60 My Certificate Details LABEL DESCRIPTION Name This field displays the ide ntifying name of this certificate. If you want to change the name, type up to 31 characters to ident ify this certificate. Y[...]

  • Page 187

    Chapter 15 Certificates NWA3550 User’s Guide 187 Certificate Path Cl ick the Refresh button to have this read -only te xt box display the hierarchy o f certification authorities that validate th e ce rtificate (and th e certificate itself). If the issuing certification authority is one that you have imported as a trusted certification author ity [...]

  • Page 188

    Chapter 15 Certificates NWA3550 User’s Guide 188 15.10 T rusted CAs Click CER TIFICA TES > T rusted CAs to open the Tr u s t e d C A s screen. Thi s screen displays a summary list of certificates of the certification authorities that you ha ve set the ZyXEL Device to accept as trusted. The ZyXEL De vice accepts any valid certificate signe d by[...]

  • Page 189

    Chapter 15 Certificates NWA3550 User’s Guide 189 The following table describes the labels in this screen. 15.1 1 Importing a T rusted CA ’ s Certificate Click CER TIFICA TES > T rusted CAs to open the T rusted CAs screen and then click Import to open the T rusted CA Import screen. Follow the instructions in this screen to save a trusted cert[...]

  • Page 190

    Chapter 15 Certificates NWA3550 User’s Guide 190 " Y ou must remove any spaces from th e certificate’s filename before you can import the certificate. Figure 1 1 1 T ruste d CA Import The following table describes the labels in this screen. 15.12 T rusted CA Certificate Det ails Click CER TIFICA TES > T rusted CAs to open the Tr u s t e[...]

  • Page 191

    Chapter 15 Certificates NWA3550 User’s Guide 191 Figure 1 12 T rusted CA Details The following table describes the labels in this screen. T able 63 T rusted CA Details LABEL DESCRIPTION Name This field displays the identifying name of this certific ate. If you want to change the name, type up to 31 characters to i dentify this ke y cert ificate. [...]

  • Page 192

    Chapter 15 Certificates NWA3550 User’s Guide 192 Certifica te Information These read-only fields disp lay detailed information about the certificate . T ype This field displays genera l information about the certificat e. CA-signed me ans that a Certification Authorit y sig ned the certificate. Self-signed means that the certificate’s owner sig[...]

  • Page 193

    Chapter 15 Certificates NWA3550 User’s Guide 193 SHA1 Fingerprin t This is the cert ificate’s message digest that the ZyXEL Device calculated using the SHA1 algo rithm. Y ou cannot use this va lue to verify that this is the remote host’s actual certificate because the ZyXEL Device has signed the certificate; thus causing this valu e to be dif[...]

  • Page 194

    Chapter 15 Certificates NWA3550 User’s Guide 194[...]

  • Page 195

    NWA3550 User’s Guide 195 C HAPTER 16 Log Screens This chapter contains inform ation about configuring genera l log settings and viewing the ZyXEL Device’ s logs. 16.1 Configuring V iew Log The web confi gurator allows you to look at a ll of the ZyXEL Device’ s logs in one location. Click LOGS > V iew Log . U se the Vi e w L o g screen to s[...]

  • Page 196

    Chapter 16 Log Scre ens NWA3550 User’s Guide 196 16.2 Configuring Log Settings T o change your ZyXEL De vice’ s log settings, click LOGS > Log Settings . The scre en appears as shown. Use the Log Settings screen to configure to where and when the ZyX EL Device is to send the logs and which logs and/or im mediate alerts it is to send. An aler[...]

  • Page 197

    Chapter 16 Log Screens NWA3550 User’s Guide 197 Figure 1 14 Log Settings The following table describes the labels in this screen. T able 65 Log Settings LABEL DESCRIPTI ON Address Info Mail Server Enter the server name or the IP address of the ma il server for the e-mail addresses specified below . If this field is left blank, logs and alert mess[...]

  • Page 198

    Chapter 16 Log Scre ens NWA3550 User’s Guide 198 16.3 Example Log Messages This section provides descriptions of some example log messages. SMTP Authentication If you us e SMTP authenticat ion, the mail receiver shoul d be the owner of the SMTP account. User Name If your e-mail account requires SMTP authentication, enter the username here. Passwo[...]

  • Page 199

    Chapter 16 Log Screens NWA3550 User’s Guide 199 DHCP client gets %s A DHCP client got a new IP address from the DHCP server . DHCP client IP expired A DHCP client's IP address has expired. DHCP server assigns %s The DHCP server assigned an IP add ress to a client. SMT Login Successfully Someone has logged on to the router's SMT interfac[...]

  • Page 200

    Chapter 16 Log Scre ens NWA3550 User’s Guide 200 16.4 Log Commands Go to the command inte rpreter interface (see Chapter 25 on page 257 for how to access and use the commands). 16.4.1 Configuring What Y ou W ant the ZyXEL Device to Log Use the sys logs load command to load the log se tting buffer th at allows you to configure wh ich logs the ZyXE[...]

  • Page 201

    Chapter 16 Log Screens NWA3550 User’s Guide 201 16.5 Log Command Example This example shows how to set the ZyXEL Device to record the error logs and alerts and then view the results. ras> sys logs load ras> sys logs category error 3 ras> sys logs save ras> sys logs display access #. time source destination notes message 0 | 11/11/2002[...]

  • Page 202

    Chapter 16 Log Scre ens NWA3550 User’s Guide 202[...]

  • Page 203

    NWA3550 User’s Guide 203 C HAPTER 17 VLAN This chapter discusses how to configure VLAN on the ZyXEL Device. 17.1 VLAN A VLAN (V irtual Local Area Network) allows a physical network to be partitioned into multiple logical networks. Stations on a logical network can belong to one or more groups. Only stations within the same group can t a lk to eac[...]

  • Page 204

    Chapter 17 VLAN NWA3550 User’s Guide 204 17.2 Configuring VLAN The ZyXEL Device allows you to configure VL AN based on SSID profile (wireless VLAN), and / or based on your RA DIUS server (RADIUS VLAN). • When you use wireless VLAN, the ZyXEL Devi ce tags all packets from an SSID with the VLAN ID you set in the Wir eless VLA N screen. • When y[...]

  • Page 205

    Chapter 17 VLAN NWA3550 User’s Guide 205 Figure 1 15 Wireless VLAN The following table describes the labels in this screen T able 70 Wireless VLAN FIELD DESCRIPTION Enable VIRTUAL LAN Select this box to enable VLAN tagging. Management VLAN ID Enter a number from 1 to 4094 to define this VLAN group. At least one device in your network must belong [...]

  • Page 206

    Chapter 17 VLAN NWA3550 User’s Guide 206 17.2.2 RADIUS VLAN Click VLAN > RADIUS VLAN . The following screen appe ars. Figure 1 16 RADIUS VLAN Name This is the name of the SSID profile. SSID This is the SSID the profile uses. VLAN ID Enter a VLAN ID numbe r from 1 to 4094. Packets coming from the WLAN using this SSID profile are tagged with the[...]

  • Page 207

    Chapter 17 VLAN NWA3550 User’s Guide 207 The following table describes the labels in this screen. 17.2.3 Configuring Ma nagement VLAN Example This section shows you how to create a VLAN on an Ethernet switch. By default, the port on the ZyXEL Device is a member of the management VLAN (VLAN ID 1). The followi ng procedure shows you how to configur[...]

  • Page 208

    Chapter 17 VLAN NWA3550 User’s Guide 208 Figure 1 17 Management VLAN Configuration Example Perform the following steps in the switch we b configurator . This example us es the ZyXEL switch screenshots. 1 Click VLAN under Advanced Appli c ation . 2 Click St a t i c V L A N . 3 Select the ACTIVE check box. 4 Ty p e a Name for the VLAN ID. 5 Ty p e [...]

  • Page 209

    Chapter 17 VLAN NWA3550 User’s Guide 209 Figure 120 VLAN-Aware Switch - VLAN S tatus Follow the instructions in the Quick S tart Guide to set up yo ur ZyXEL Device for configuration. The ZyXEL Dev ice should be connected to the VLAN-aware switch. In the above example, the switch is using port 1 to connec t to your computer and po rt 2 to connect [...]

  • Page 210

    Chapter 17 VLAN NWA3550 User’s Guide 210 17.2.4 Configuring Microsof t’ s IAS Server Example Dynamic VLAN assignme nt can be used with the ZyXEL Device . Dynamic VLAN assignment allows network admi nistrators to assign a speci fic VLAN (configured on the ZyXEL Device) to an individual’ s W indows Us er Account. When a wireless station is succ[...]

  • Page 211

    Chapter 17 VLAN NWA3550 User’s Guide 21 1 Figure 122 New Global Security Group 2 In VLAN Group ID Pr operties , click the Members tab. • The IAS uses group memberships to determ ine whic h user accounts belong to which VLAN groups. Click the Add button and co nfigure the VLAN group details. 3 Repeat the previous step to add each VLAN group requ[...]

  • Page 212

    Chapter 17 VLAN NWA3550 User’s Guide 212 •E n t e r a Policy friendly name that describes the policy . Each Remote Access Policy will be matched to one VLAN Gr oup. An example may be, Allow - VLAN 10 Policy . • Click Nex t . Figure 124 New Remote Access Policy for VLAN Group 2 The Conditions window displays. Select Add to add a condition for [...]

  • Page 213

    Chapter 17 VLAN NWA3550 User’s Guide 213 Figure 126 Adding VLAN Group 6 When the Permissions options screen displays, select Grant r emote access permission . • Click Nex t to grant access based on group membership. • Click the Edit Profile button. Figure 127 Granting Permission s and User Profile Screen s 7 The Edit Dial-in Pr ofile screen d[...]

  • Page 214

    Chapter 17 VLAN NWA3550 User’s Guide 214 Figure 128 Authentication T ab Settings 8 Click the Encryption tab. Select the St r o n g e s t encryption option. This step is not required for EAP-MD5, but is performed as a safeguard. Figure 129 Encryption T ab Settings 9 Click the IP tab and select the Client may re quest an IP address check box for DH[...]

  • Page 215

    Chapter 17 VLAN NWA3550 User’s Guide 215 Figure 130 Connection Attributes Screen 11 The RADIUS Attribute screen displays. From the list, three RADIUS attributes will be added: • T unnel-Medium-T ype • T unnel-Pvt-Group-ID • T unnel-T ype • Click the Add button • Select T unnel-Medium-T ype • Click the Add button. Figure 131 RADIUS Att[...]

  • Page 216

    Chapter 17 VLAN NWA3550 User’s Guide 216 Figure 132 802 Attribute Setting for T unnel-Medium-T ype 13 Return to the RADIUS Attribute Sc reen shown as Figure 131 on page 215 . • Select T unnel-Pvt-Group-ID. • Click Add . 14 The Attribute Information screen displays. •I n t h e Enter the attribute value in: field select St r i n g and type a [...]

  • Page 217

    Chapter 17 VLAN NWA3550 User’s Guide 217 Figure 134 VLAN Attribute Setting for T unnel-T ype 17 Return to the RADIUS Attribute Sc reen shown as Figure 131 on page 215 . • Click the Close button. • The completed Advanced tab configuration should rese mble the following screen. Figure 135 Completed Adva nced T ab " Repeat the Configuring R[...]

  • Page 218

    Chapter 17 VLAN NWA3550 User’s Guide 218 17.2.5 Second Rx VLAN ID Example In this example, the ZyXEL Device is configured to tag packets from SSID01 with VLAN ID 1 and tag packets from SSID02 with VLAN ID 2. VLAN 1 and VLAN 2 have access to a server , S , and the Internet, as shown in the following figure. Figure 136 Second Rx VLAN ID Example Pac[...]

  • Page 219

    Chapter 17 VLAN NWA3550 User’s Guide 219 4 Select the SSID profile you want to configure ( SSID03 in this example), and enter the VLAN ID number (between 1 and 4094). 5 Enter a Second Rx VLAN ID . The following screen shows SSID03 tagged with a VLAN ID of 3 and a Second Rx VLAN ID of 4 . Figure 137 Configuring SSID: Second Rx VLAN ID Example 6 Cl[...]

  • Page 220

    Chapter 17 VLAN NWA3550 User’s Guide 220[...]

  • Page 221

    NWA3550 User’s Guide 221 C HAPTER 18 Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 18.1 Maintenance Overview The maintenanc e screens can help you view system in forma tion, upload new firmware, manage configuratio n and restart your ZyXEL Device. 18.2 System S tatus Sc[...]

  • Page 222

    Chapter 18 Maintenance NWA3550 User’s Guide 222 18.2.1 System St atistics Click Maintenance > Show S tatistics . Read-only information here includes port status, packet specific statistics and bridge link status . Also provided are "system up time" and "poll interval(s)". The Poll Interval field is configurable. The fields [...]

  • Page 223

    Chapter 18 Maintenance NWA3550 User’s Guide 223 The following table describes the labels in this screen. 18.3 Association List V iew the wireless stations tha t are curren tly associated with the ZyXEL Device in the Association List screen. Click MAINTENANCE > Association List to display the screen as shown next. T able 74 System Status: Show [...]

  • Page 224

    Chapter 18 Maintenance NWA3550 User’s Guide 224 Figure 140 Associa tion List The following table describes the labels in this screen. 18.4 Channel Usage The Channel Usage screen shows whether a channel is used by another wireless network or not. If a chan nel is being used, you should select a channel removed from it by five channels to completel[...]

  • Page 225

    Chapter 18 Maintenance NWA3550 User’s Guide 225 Figure 141 Channel Usage The following table describes the labels in this screen. 18.5 F/W Upload Screen Find firmware at www .zyxel.com in a file that (usually) uses the system model name with a "*.bin" extension, for example "NW A-Series. bin". The upload process uses HTTP (Hyp[...]

  • Page 226

    Chapter 18 Maintenance NWA3550 User’s Guide 226 Figure 142 Firmware Uplo ad The following table describes the labels in this screen. 1 Do not turn off the ZyXEL Device wh ile firmware uploa d is in progress! After you see the Firmware Upload in Pr ocess screen, wait two minutes before logging into the ZyXEL Device again. Figure 143 Firmware Uplo [...]

  • Page 227

    Chapter 18 Maintenance NWA3550 User’s Guide 227 Figure 144 Network T emporarily Disconnected After two minutes, log in again an d check your new firmware version in the System S tatus screen. If the upload was not successful, the following screen will appear . Click Return to go back to the F/W Upload screen. Figure 145 Firmware Upload Error 18.6[...]

  • Page 228

    Chapter 18 Maintenance NWA3550 User’s Guide 228 Figure 146 Configuration 18.6.1 Backup Configuration Backup configuration allows you to b ack up (save) the ZyXEL Device’ s current configuration to a file on your co mputer . Once your ZyXEL Dev ice is configured and functionin g properly , it is highly recommended that you b ack up your configur[...]

  • Page 229

    Chapter 18 Maintenance NWA3550 User’s Guide 229 1 Do not turn off the ZyXEL Device while configuration file upload is in progress. After you see a “restore configuration successf ul” scree n, you must then wait one minute before logging into th e ZyXEL Device again. Figure 147 Configuration Upload Successfu l The ZyXEL Device automatically re[...]

  • Page 230

    Chapter 18 Maintenance NWA3550 User’s Guide 230 18.6.3 Back to Factory Default s Pressing the Reset button in this section clears al l user-e ntered configuration information and returns the ZyXEL Device to its factory defau lts as shown on the screen. The following warning screen will appear . Figure 150 Reset W arning Message Y ou can also pres[...]

  • Page 231

    231 P ART III T roubleshooting and S pecifications T roubleshooting (233) Product Specification s (237)[...]

  • Page 232

    232[...]

  • Page 233

    NWA3550 User’s Guide 233 C HAPTER 19 Troubleshooting This chapter offers some sugg estions to solve problems you might encounter . The potential problems are divided into the following categories. • Power and Hardware Connections • ZyXEL Device Access and Login • Internet Access • W ireless Router/A P T roubles hooting 19.1 Power and Hard[...]

  • Page 234

    Chapter 19 Trou bleshooting NWA3550 User’s Guide 234 V I forgot the password. 1 The default password is 1234 . 2 If this does not work, yo u have to reset the device to its factory defaults. Contact yo ur vendor . V I cannot see or access the Login screen in the web configurator . 1 Make sure you are using the correct IP address. • The default [...]

  • Page 235

    Chapter 19 Trou bleshooting NWA3550 User’s Guide 235 4 If this does not work, yo u have to reset the device to its factory defaults. Contact yo ur vendor . V I cannot access the SMT . See the troubleshooting suggestions for I cannot see or access the Login screen in the web configurator . Ignore the suggestions about your bro wser . V I cannot us[...]

  • Page 236

    Chapter 19 Trou bleshooting NWA3550 User’s Guide 236 V The Internet conn ection is slow or intermi ttent. 1 There might be a lot of traf fic on the ne twork. If the ZyXEL Device is sending or receiving a lot of information, try closing so me programs that use the Internet, especially peer-to-peer applications. 2 Make sure the ZyXEL Device is inst[...]

  • Page 237

    NWA3550 User’s Guide 237 C HAPTER 20 Product Specifications The following tables summarize the ZyXEL De vice’ s hardware and firmware features. T able 79 Hardware Specifications SPECIFICATIO N DESC RIPTION Dimensions 256 (W) x 246 (D) x 82 (H) mm Weight 2000 g Power PoE draw: 48V 2 0W at least Ethernet Port Auto -negoti ating: 10 Mbps or 100 Mb[...]

  • Page 238

    Chapter 20 Product Specifications NWA3550 User’s Guide 238 S torage Environmen t T emperature: -40º C ~ 60º C Humidity: 5% ~ 95% RH Approvals Radio • USA: FCC Part 15C 15.247 FCC Part 15E 15.407 FCC OET65 •E U : ETSI EN 300 328 V1.7.1 ETSI EN 301 893 V1.2.3 • T aiwan : DG T LP0002 • Canada: Industry Canada RSS-210 •A u s t r a l i a :[...]

  • Page 239

    Chapter 20 Product Specifications NWA3550 User’s Guide 239 STP (S panning T ree Protocol ) / RSTP (Rapid STP) (R)STP detects and breaks network loops and provides backup links between switches, bridges or routers. It allows a bridg e to interact with other (R)STP-compliant bri dges in your netw ork to ensure that only o ne path exists between any[...]

  • Page 240

    Chapter 20 Product Specifications NWA3550 User’s Guide 240 Comp atible ZyXEL Antennas At the time of writing, you can use the fo llowing antennas in your ZyXEL Device. Comp atible ZyXEL Antenna Cables The following table shows you the cables you ca n use in the ZyXEL Devi ce to extend your connection to antennas at the time of writing. T able 81 [...]

  • Page 241

    Chapter 20 Product Specifications NWA3550 User’s Guide 241 Power over Ethernet (PoE) S pecifications Y ou can use a power over Et hernet injector to power this device . The injector must comply to IEEE 802.3af. T able 83 Power over Ethernet Inje ctor Specifications Power Output 15.4 Watt s ma ximum Power Current 400 mA maximum T able 84 Power ove[...]

  • Page 242

    Chapter 20 Product Specifications NWA3550 User’s Guide 242[...]

  • Page 243

    243 P ART IV Appendices and Index Setting Up Y our Computer ’ s IP Address (245) W ireless LANs (269) Pop-up W indows, JavaScripts and Java Permissions (283) Importing Certificates (289) IP Addresses and Subnetting (313) T ext File Based Auto Configuration (321) Legal Information (329) Customer Support (333) Index (339)[...]

  • Page 244

    244[...]

  • Page 245

    NWA3550 User’s Guide 245 A PPENDIX A Setting Up Y our Computer ’ s IP Address " Y our specific ZyXEL device may not support all of the operating systems described in this appendix. See the product specifications for more information about which operating systems are supported. This appendix shows you how to configure the IP settings on you[...]

  • Page 246

    Appendix A Se tting Up Your Co mputer’s IP Address NWA3550 User’s Guide 246 Figure 152 Windows XP: S tart Menu 2 In the Control Panel , click the Network Connections icon. Figure 153 Windows XP: Control Panel 3 Right-click Local Area Connection and then select Properties . Figure 154 Windows XP: Control Panel > Network Conn ections > Prop[...]

  • Page 247

    Appendix A Setting Up Your Compu t er’s IP Address NWA3550 User’s Guide 247 4 On the General tab, select Internet Protocol (TCP/IP) and t hen click Properties . Figure 155 Windows XP: Local Area Conne ction Properties 5 The Internet Protocol TCP/IP Pr operties window ope ns.[...]

  • Page 248

    Appendix A Se tting Up Your Co mputer’s IP Address NWA3550 User’s Guide 248 Figure 156 Windows XP: Internet Protocol (TCP/IP) Propert ies 6 Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically . Select Use the following IP Address and fill in the IP address , Su bnet mask , and Defau[...]

  • Page 249

    Appendix A Setting Up Your Compu t er’s IP Address NWA3550 User’s Guide 249 1 Click St a r t > Control Panel . Figure 157 Windows V ista: S tart Menu 2 In the Control Panel , click the Network and Intern et icon. Figure 158 Windows V ista: Control Panel 3 Click the Network and Sharing Center icon. Figure 159 Windows V ista: Network And Inter[...]

  • Page 250

    Appendix A Se tting Up Your Co mputer’s IP Address NWA3550 User’s Guide 250 Figure 160 Windows V ista: Network and Sharing Center 5 Right-click Local Area Connection and then select Properties . Figure 161 Windows V ista: Network and Sharing Center " During this procedure, click Continue whenever Windows displays a screen saying that it ne[...]

  • Page 251

    Appendix A Setting Up Your Compu t er’s IP Address NWA3550 User’s Guide 251 Figure 162 Windows V ista: Local Area Connection Properties 7 The Internet Protocol V ersion 4 (TCP/IPv4) Properties window opens.[...]

  • Page 252

    Appendix A Se tting Up Your Co mputer’s IP Address NWA3550 User’s Guide 252 Figure 163 Windows V ista: Internet Protocol V ersion 4 (TCP/IPv4) Prope rties 8 Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically . Select Use the following IP Address and fill in the IP address , Su bnet[...]

  • Page 253

    Appendix A Setting Up Your Compu t er’s IP Address NWA3550 User’s Guide 253 1 Click Apple > System Preferences . Figure 164 Mac OS X 10.4: Apple Menu 2 In the System Prefer ences window , click the Network icon. Figure 165 Mac OS X 10.4: System Preferences 3 When the Ne twork preferences pane opens, select Built-in Ethernet from the network [...]

  • Page 254

    Appendix A Se tting Up Your Co mputer’s IP Address NWA3550 User’s Guide 254 Figure 166 Mac OS X 10.4: Network Preference s 4 For dynamically assigned settings, select Using DHCP from the Configure IPv4 list in the TCP/IP tab. Figure 167 Mac OS X 10.4: Network Preference s > TCP/IP T ab. 5 For statically assigned settings, do the following: ?[...]

  • Page 255

    Appendix A Setting Up Your Compu t er’s IP Address NWA3550 User’s Guide 255 •I n t h e Subnet Mask field, type your subnet mask. •I n t h e Router field, type the IP address of your device. Figure 168 Mac OS X 10.4: Network Preference s > Ethernet 6 Click Apply Now and clo se the window . V erifying Settings Check your TCP/IP properties [...]

  • Page 256

    Appendix A Se tting Up Your Co mputer’s IP Address NWA3550 User’s Guide 256 Mac OS X: 10.5 The screens in this section are from Mac OS X 10.5. 1 Click Apple > System Preferences . Figure 170 Mac OS X 10.5: Apple Menu 2 In System Prefer ences , click the Network icon. Figure 171 Mac OS X 10.5: Systems Preferences 3 When the Ne twork preferenc[...]

  • Page 257

    Appendix A Setting Up Your Compu t er’s IP Address NWA3550 User’s Guide 257 Figure 172 Mac OS X 10.5: Network Preference s > Ethernet 4 From the Configure list, select Using DHCP for dynamically assigned settings. 5 For statically assigned settings, do the following: •F r o m t h e Configure list, select Manually . •I n t h e IP Address [...]

  • Page 258

    Appendix A Se tting Up Your Co mputer’s IP Address NWA3550 User’s Guide 258 Figure 173 Mac OS X 10.5: Network Preference s > Ethernet 6 Click Apply and close the window . V erifying Settings Check your TCP/IP properties by clicking Applications > Utilities > Network Utilities , and then selecting the appropriate Network interface from [...]

  • Page 259

    Appendix A Setting Up Your Compu t er’s IP Address NWA3550 User’s Guide 259 Linux: Ubuntu 8 (GNOME) This section shows you how to co nfigure your computer ’ s TCP/IP settings in the GNU Object Model Environment (GNOME) us ing the Ubuntu 8 Linux distribution. The procedure, screen s and file locations may vary depending on your specific distri[...]

  • Page 260

    Appendix A Se tting Up Your Co mputer’s IP Address NWA3550 User’s Guide 260 3 In the Authenticate window , enter your admin acc ount name and pa ssword then click the Authenticate button. Figure 177 Ubuntu 8: Administrato r Acco unt Authentication 4 In the Network Settings window , select the connection that you want to configure, then click Pr[...]

  • Page 261

    Appendix A Setting Up Your Compu t er’s IP Address NWA3550 User’s Guide 261 Figure 179 Ubuntu 8: Network Settings > Properties •I n t h e Configuration list, select Automatic Configuration (DHCP) if you have a dynamic IP address. •I n t h e Configuration list, select S tatic IP address if you have a sta tic IP address. Fill in the IP add[...]

  • Page 262

    Appendix A Se tting Up Your Co mputer’s IP Address NWA3550 User’s Guide 262 V erifying Settings Check your TCP/IP properties by clicking System > Administration > Network T ools , and then selecting the appropriate Network device from the Devices tab. The Interface S tatistics column shows data if your co nnection is work ing properly . F[...]

  • Page 263

    Appendix A Setting Up Your Compu t er’s IP Address NWA3550 User’s Guide 263 " Make sure you are logged in as the root administrator . Follow the steps below to configure yo ur computer IP address in the KDE: 1 Click K Menu > Computer > Administrator Settings (Y aST) . Figure 182 openSUSE 10.3: K Menu > Computer Menu 2 When the Run[...]

  • Page 264

    Appendix A Se tting Up Your Co mputer’s IP Address NWA3550 User’s Guide 264 Figure 184 openSUSE 10.3: Y aST Control Center 4 When the Network Settings window opens, click the Overview tab, select the appropriat e connection Name from the list, and then click the Configure button. Figure 185 openSUSE 10.3: Network Settings 5 When the Network Car[...]

  • Page 265

    Appendix A Setting Up Your Compu t er’s IP Address NWA3550 User’s Guide 265 Figure 186 openSUSE 10.3: Network Card Setup 6 Select Dynamic Address (DHCP) if you have a dy namic IP address. Select S tatically assigned IP Address if you have a static IP address. Fill in the IP address , Subnet mask , and Hostname fields. 7 Click Next to save the c[...]

  • Page 266

    Appendix A Se tting Up Your Co mputer’s IP Address NWA3550 User’s Guide 266 Figure 187 openSUSE 10.3: Network Settings 9 Click Finish to save your settings and close the window . V erifying Settings Click the KNetwork Manager icon on the Ta s k b a r to check your TCP/IP properties. From the Options sub-menu, select Show Connecti on Information[...]

  • Page 267

    Appendix A Setting Up Your Compu t er’s IP Address NWA3550 User’s Guide 267 Figure 189 openSUSE: Connection S tatus - KNetwork Manager[...]

  • Page 268

    Appendix A Se tting Up Your Co mputer’s IP Address NWA3550 User’s Guide 268[...]

  • Page 269

    NWA3550 User’s Guide 269 A PPENDIX B W ireless LANs Wireless LAN T opologies This section discusses ad-hoc and in frastructure w ireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an inde pendent (Ad-hoc) WLAN that connects a se t of computers with wireless adapters (A, B, C). An y time two or more wirele[...]

  • Page 270

    Appendix B Wireless LANs NWA3550 User’s Guide 270 Figure 191 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlappi ng BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN[...]

  • Page 271

    Appendix B Wir eless LANs NWA3550 User’s Guide 271 Figure 192 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.1 1a/b/g wireless devices. Channels available depend on your ge ographical area. Y ou may have a choice of channels (for your region) so you should use a dif ferent channel th an an adjacent AP (access p[...]

  • Page 272

    Appendix B Wireless LANs NWA3550 User’s Guide 272 Figure 193 RTS /C T S When station A sends data to the AP , it might not know that the station B is already using the channel. If these two stations se nd data at the same time, collis ions may occur when both sets of data arrive at the AP at the same time, r esulting in a loss of me ssages for bo[...]

  • Page 273

    Appendix B Wir eless LANs NWA3550 User’s Guide 273 If the Fragmentation Threshold value is smaller than the RT S /C T S value (see previously) you set then the R TS (Request T o Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmen ted before they reach R TS/CTS size. Preamble T ype Preamble is used to signal that da[...]

  • Page 274

    Appendix B Wireless LANs NWA3550 User’s Guide 274 W ireless security methods availabl e on the ZyXEL Device are data encryption, wireless client authentication, restricting access by devi ce MAC address and hiding the ZyXEL Device identity . The following figure shows th e relative effectiveness of th ese wireless security methods available on yo[...]

  • Page 275

    Appendix B Wir eless LANs NWA3550 User’s Guide 275 Determines the network services available to authenticated users once they are connected to the network. • Accounting Keeps track of the client’ s network activity . RADIUS is a simple package exchange in whic h your AP acts as a message rela y between the wireless client and the network RADI[...]

  • Page 276

    Appendix B Wireless LANs NWA3550 User’s Guide 276 For EAP-TLS authentication type, you must firs t hav e a wired connection to the network and obtain the certificate(s) from a certificate authorit y (CA). A certificate (als o called digital IDs) can be used to authenticate users and a CA issu es certificates and guar antees the identity of each c[...]

  • Page 277

    Appendix B Wir eless LANs NWA3550 User’s Guide 277 Dynamic WEP Key Exchange The AP maps a unique ke y that is generated w ith the RADIUS se rver . This key expires when the wireless connection times out, disconnects or reauthentic ation times out. A new WEP key is generated each time r eauthentication is performed. If this feature is enabled, it [...]

  • Page 278

    Appendix B Wireless LANs NWA3550 User’s Guide 278 Encryption Both WP A and WP A2 improve data encryp tion by using T emporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IE EE 802.1x. WP A and WP A2 use Advanced Encryption S tandard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP[...]

  • Page 279

    Appendix B Wir eless LANs NWA3550 User’s Guide 279 Wireless Client WP A Supplicant s A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WP A. At the time of writing, the most widely available supplicant is the WP A patch for W indows XP , Funk Software's Odyssey client. Th[...]

  • Page 280

    Appendix B Wireless LANs NWA3550 User’s Guide 280 4 The AP and wireless clients use the TKIP or AES encryption process to encrypt data exchanged between them. Figure 195 WP A(2)-PSK Authentication Security Parameters Summary Refer to this table to see what other secur ity parameters you should configure for each Authentication Method/ key managem[...]

  • Page 281

    Appendix B Wir eless LANs NWA3550 User’s Guide 281 Positioning the antennas properly increases the range and coverage area of a wireless LAN. Antenna Characteristics Frequency An antenna in the frequency of 2.4GHz (IEEE 802.11 b) or 5GHz(IEEE 802.1 1a) is needed to communicate efficiently in a wireless LAN. Radiation Pattern A radiation pattern i[...]

  • Page 282

    Appendix B Wireless LANs NWA3550 User’s Guide 282 For omni-directional antennas mounted on a table, desk, and so on, point the antenna up. For omni-directional antennas mounted on a wall or ceiling, point the antenn a down. For a single AP application, place omni-directional antennas as close to the center of the coverage area as possible. For di[...]

  • Page 283

    NWA3550 User’s Guide 283 A PPENDIX C Pop-up Windows, JavaScript s and Java Permissions In order to use the web configurator you need to allow: • W eb browser pop-u p windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). " Internet Explorer 6 screens are used here. Screens for other Inter[...]

  • Page 284

    Appendix C Pop-up Windows, JavaScripts and Java Perm issions NWA3550 User’s Guide 284 2 Clear the Block pop-ups check box in the Pop-up Block e r section of the screen. This disables any web po p-up blockers you may have enabled . Figure 197 Internet Options: Privacy 3 Click Apply to save this setting. Enable pop-up Blockers with Exceptions Alter[...]

  • Page 285

    Appendix C Pop-up Windows, JavaScripts and Java Per m issions NWA3550 User’s Guide 285 Figure 198 Internet Options: Privacy 3 T ype the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites . Fi[...]

  • Page 286

    Appendix C Pop-up Windows, JavaScripts and Java Perm issions NWA3550 User’s Guide 286 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScript s If pages of the web configura tor do not display properly in Internet Explorer , ch eck that JavaScripts are allowed. 1 In Internet Explorer , click T ools , Internet[...]

  • Page 287

    Appendix C Pop-up Windows, JavaScripts and Java Per m issions NWA3550 User’s Guide 287 Figure 201 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer , click To o l s , Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM . 4 Under Java permissions make sure that a [...]

  • Page 288

    Appendix C Pop-up Windows, JavaScripts and Java Perm issions NWA3550 User’s Guide 288 JA V A (Sun) 1 From Internet Explorer , click To o l s , Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is sele cted. 3 Click OK to clos e the window . Figure 203 Java (Sun)[...]

  • Page 289

    NWA3550 User’s Guide 289 A PPENDIX D Importing Certificates This appendix shows you how to import pub lic key certificates into your web browser . Public key certificates are used by web browsers to ensure that a secure web site is legitimate. When a certificate authority such as V eriSign, Comodo, or Network Solutions, to name a few , receives a[...]

  • Page 290

    Appendix D Importing Certificates NWA3550 User’s Guide 290 Figure 204 Internet Explorer 7: Certification Erro r 2 Click Continue to this website (not r e commended) . Figure 205 Internet Explorer 7: Certification Erro r 3 In the Address Bar , click Certificate Error > View certificates . Figure 206 Internet Explorer 7: Certificate Error 4 In t[...]

  • Page 291

    Appendix D Importi ng Certificates NWA3550 User’s Guide 291 Figure 207 Internet Explorer 7: Certificate 5 In the Certificate Import Wizard , click Nex t . Figure 208 Internet Explorer 7: Certificate Import Wizar d 6 If you want Internet Expl orer to Automatically select certificate store based on the type of certificate , click Next again and the[...]

  • Page 292

    Appendix D Importing Certificates NWA3550 User’s Guide 292 Figure 209 Internet Explorer 7: Certificate Import Wizar d 7 Otherwise, select Place all certificates in the following store and then click Br owse . Figure 210 Internet Explorer 7: Certificate Import Wizar d 8 In the Select Certificate S tore dialog box, choose a lo cation in which to sa[...]

  • Page 293

    Appendix D Importi ng Certificates NWA3550 User’s Guide 293 Figure 212 Internet Explorer 7: Certificate Import Wizar d 10 If you are presented with anot her Security W arning , click Ye s . Figure 213 Internet Explorer 7: Security Warning 11 Finally , click OK when presented with the successf ul certificate installation message. Figure 214 Intern[...]

  • Page 294

    Appendix D Importing Certificates NWA3550 User’s Guide 294 12 The next time you start Internet Explorer a nd go to a ZyXEL web configurator page, a sealed padlock icon appears in the address bar . Click it to view the page’ s We b s i t e Identification information. Figure 215 Internet Explorer 7: Website Identification Inst allin g a St and-Al[...]

  • Page 295

    Appendix D Importi ng Certificates NWA3550 User’s Guide 295 Figure 217 Internet Explorer 7: Open File - Security W arning 3 Refer to steps 4-12 in the Internet Explorer procedure beginning on page 289 to complete the installation process. Removing a Certificate in Internet Explorer This section shows yo u how to remove a pub lic key certificate i[...]

  • Page 296

    Appendix D Importing Certificates NWA3550 User’s Guide 296 Figure 219 Internet Explorer 7: Internet Options 3 In the Certificates dialog box, click the T rusted Root Certificates Authorities tab, select the certificate that you wa nt to delete, and then click Remove . Figure 220 Internet Explorer 7: Certificates 4 In the Certificates confirmation[...]

  • Page 297

    Appendix D Importi ng Certificates NWA3550 User’s Guide 297 Figure 221 Internet Explorer 7: Certificates 5 In the Root Certificate S tore dialo g box, click Ye s . Figure 222 Internet Explorer 7: Root Certificate S tore 6 The next time you go to the web site that issued the public key c ertificate you just removed, a certific ation error appears.[...]

  • Page 298

    Appendix D Importing Certificates NWA3550 User’s Guide 298 3 The certificate is stored and you can now c onnect securely to the web configurator . A sealed padlock appears in th e address bar , which you can click to op en the Page Info > Security window to view the web pa ge’ s security information . Figure 224 Firefox 2: Page Info Inst all[...]

  • Page 299

    Appendix D Importi ng Certificates NWA3550 User’s Guide 299 Figure 226 Firefox 2: Options 3 In the Certificate Manager dialo g box, click W eb Sites > Import . Figure 227 Firefox 2: Certificate Manager 4 Use the Select File dialog box to locate the certificate and then click Open .[...]

  • Page 300

    Appendix D Importing Certificates NWA3550 User’s Guide 300 Figure 228 Firefox 2: Select File 5 The next time you visit the web site, click th e padlock in the address bar to open the Page Info > Security window to see the web pa ge’ s security information. Removing a Certificate in Firefox This section shows yo u how to remove a public key c[...]

  • Page 301

    Appendix D Importi ng Certificates NWA3550 User’s Guide 301 Figure 230 Firefox 2: Options 3 In the Certificate Manager dialog box, select the W eb Sites tab, select the certificate that you want to remove, and then click Delete . Figure 231 Firefox 2: Certificate Manager 4 In the Delete W eb Site Certificates dialog box, click OK .[...]

  • Page 302

    Appendix D Importing Certificates NWA3550 User’s Guide 302 Figure 232 Firefox 2: Delete Web Site Certificates 5 The next time you go to the web site that issued the public key c ertificate you just removed, a certific ation error appears. Opera The following example uses Opera 9 on W indow s XP Professional; however , the sc reens can apply to Op[...]

  • Page 303

    Appendix D Importi ng Certificates NWA3550 User’s Guide 303 Figure 234 Opera 9: Security infor mation Inst allin g a St and-Alone Ce rtificate File in Opera Rather than browsing to a Z yXEL web configur ator and installing a public key certificate when prompted, you ca n install a stand-alone certificate file if one has been issued to you. 1 Open[...]

  • Page 304

    Appendix D Importing Certificates NWA3550 User’s Guide 304 Figure 236 Opera 9: Prefer ences 3 In the Certificates Manager , click Authorities > Import . Figure 237 Opera 9 : Certificate manager[...]

  • Page 305

    Appendix D Importi ng Certificates NWA3550 User’s Guide 305 4 Use the Import certificate dialog box to locate the certificate and then click Open. Figure 238 Opera 9: Import certifica te 5 In the Install authority certificate dialog box, click Instal l . Figure 239 Opera 9: Install authority certificate 6 Next, click OK .[...]

  • Page 306

    Appendix D Importing Certificates NWA3550 User’s Guide 306 Figure 240 Opera 9: Install authority certificate 7 The next time you visit the web site, click th e padlock in the address bar to open the Security information window to view the web page’ s security details. Removing a Certificate in Opera This section shows yo u how to remove a publi[...]

  • Page 307

    Appendix D Importi ng Certificates NWA3550 User’s Guide 307 Figure 242 Opera 9: Prefer ences 3 In the Certificates manager , select the Authorities tab, select the certificate that you want to remove, and then click Delete .[...]

  • Page 308

    Appendix D Importing Certificates NWA3550 User’s Guide 308 Figure 243 Opera 9 : Certificate manager 4 The next time you go to the web site that issued the public key c ertificate you just removed, a certific ation error appears. " There is no confirmation when you delet e a certificate au thority , so be absolutely certain that you want to g[...]

  • Page 309

    Appendix D Importi ng Certificates NWA3550 User’s Guide 309 Figure 244 Konqueror 3.5: Serve r Authentication 3 Click For ever when prompted to accept the certificate. Figure 245 Konqueror 3.5: Serve r Authentication 4 Click the padlock in the address bar to open the KDE SSL Inf ormation w indow and view the web page’ s security details. Figure [...]

  • Page 310

    Appendix D Importing Certificates NWA3550 User’s Guide 310 Figure 247 Konqueror 3.5: Public Key Certificate File 2 In the Certificate Import Result - Kleopatra dialog box, click OK . Figure 248 Konqueror 3.5: Certificate Im port Result The public key certificate appears in the KDE certificat e manager , Kleopatra . Figure 249 Konqueror 3.5: Kleop[...]

  • Page 311

    Appendix D Importi ng Certificates NWA3550 User’s Guide 31 1 Figure 250 Konqueror 3.5: Settings Men u 2 In the Configure d ialog box, select Crypto . 3 On the Peer SSL Certificates tab, select the certificate you wa nt to delete and then click Remove . Figure 251 Konqueror 3.5: Co nfigure 4 The next time you go to the web site that issued the pub[...]

  • Page 312

    Appendix D Importing Certificates NWA3550 User’s Guide 312[...]

  • Page 313

    NWA3550 User’s Guide 313 A PPENDIX E IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify ind ividual devices on a network. Every networking device (includin g computers, servers, routers, printe rs, etc.) ne eds an IP address to communicate across the network. These networking devices a re als[...]

  • Page 314

    Appendix E IP Addre sses and Subnetting NWA3550 User’s Guide 314 Figure 252 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the s ubnet mask. Subnet Masks A subnet mask is used to dete rmine which bits are part of th e network number , and which bits are part of the host [...]

  • Page 315

    Appendix E IP Addresses and Subnetting NWA3550 User’s Guide 315 Subnet masks are expressed in dotted decimal no tation just like IP addresses. The follow ing examples show the binary and decimal not ation for 8-bit, 16-bit, 24-bit an d 29-bit subnet masks. Network Size The size of the network number determines the maximum number of possib le host[...]

  • Page 316

    Appendix E IP Addre sses and Subnetting NWA3550 User’s Guide 316 Subnetting Y ou can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the c ompany network for security reasons. In this example, the company netwo[...]

  • Page 317

    Appendix E IP Addresses and Subnetting NWA3550 User’s Guide 317 Figure 254 Subnetting Example: Af ter Subnetting In a 25-bit subnet the host ID has 7 bits , so each sub-network has a maximum of 2 7 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’ s address itself, all ones is the subnet’ s broadcast address). 192.168.1.0 wi[...]

  • Page 318

    Appendix E IP Addre sses and Subnetting NWA3550 User’s Guide 318 Example: Eight Subnet s Similarly , use a 27-bit mask to create eight subnets (000, 00 1, 010, 01 1, 100, 101, 1 10 and 111 ) . The following table shows IP address last octet values for each subnet. T able 94 Subnet 2 IP/SUBNET MASK NETWORK NUMBER LAST O CTET BIT VA L U E IP Addres[...]

  • Page 319

    Appendix E IP Addresses and Subnetting NWA3550 User’s Guide 319 Subnet Planning The following table is a summary for su bnet planning on a network with a 24-bit network number . The following table is a summary for su bnet planning on a network with a 16-bit network number . 5 128 129 158 159 6 160 161 190 191 7 192 193 222 223 8 224 225 254 255 [...]

  • Page 320

    Appendix E IP Addre sses and Subnetting NWA3550 User’s Guide 320 Configuring IP Addresses Where you obtain your netwo rk number depends on yo ur particular situation. If the ISP or your network administrator assigns yo u a bloc k of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask. If the ISP di[...]

  • Page 321

    NWA3550 User’s Guide 321 A PPENDIX F T ext File Based Auto Configuration This chapter describes how admini strators can use text configuration files to configure the wireless LAN settings for multiple APs. T ext File Based Auto Configuration Overview Y ou can use plain text configuration files to configure the wireless LAN settings on multiple AP[...]

  • Page 322

    Appendix F Text File Ba sed Auto Configuration NWA3550 User’s Guide 322 " If adjacent APs use the sa me configuration file, you should leave out the channel setting since they could interfere with each other ’s wireless traffic. Auto Configuration by DHCP A DHCP response can use options 66 and 67 to assign a TFTP server IP address and a fi[...]

  • Page 323

    Appendix F Text File Ba sed Auto Con figuration NWA3550 User’s Guide 323 Use the following procedure to have th e AP download the configuration file. V erifying Y our Configuration File Upload Via SNMP Y ou can use SNMP management software t o disp lay the configuration file version cu rrently on the device by using the fol lowing MIB. T roublesh[...]

  • Page 324

    Appendix F Text File Ba sed Auto Configuration NWA3550 User’s Guide 324 Configuration File Rules Y ou can only use the wlan and wcfg commands in the configur ation file. The AP ignores other ZyNOS commands but continues to check the next command. The AP ignores any improperly formatted commands and con tinues to check the next line. If there are [...]

  • Page 325

    Appendix F Text File Ba sed Auto Con figuration NWA3550 User’s Guide 325 Figure 258 802.1X Configuration File Example Figure 259 WP A-PSK Configuration File Example !#ZYXEL PROWLAN !#VERSION 12 wcfg security 2 name Test-8021x wcfg security 2 mode 8021x-static12 8 wcfg security 2 wep key1 abcdefghijk lm wcfg security 2 wep key2 bcdefghijkl mn wcfg[...]

  • Page 326

    Appendix F Text File Ba sed Auto Configuration NWA3550 User’s Guide 326 Figure 260 WP A Configuration File Example Wlan Command Configuration File Example This example configur ation file uses the wlan command to configure the AP to use the security and SSID profiles from the wcfg command co nfiguration f ile examples and general wireless setting[...]

  • Page 327

    Appendix F Text File Ba sed Auto Con figuration NWA3550 User’s Guide 327 Figure 261 Wlan Configuration File Example !#ZYXEL PROWLAN !#VERSION 15 wcfg ssid 1 name ssid-wep wcfg ssid 1 security Test-wep wcfg ssid 2 name ssid-8021x wcfg ssid 2 security Test-8021x wcfg ssid 2 radius radius-rd wcfg ssid 3 name ssid-wpapsk wcfg ssid 3 security Test-wpa[...]

  • Page 328

    Appendix F Text File Ba sed Auto Configuration NWA3550 User’s Guide 328[...]

  • Page 329

    NWA3550 User’s Guide 329 A PPENDIX G Legal Information Copyright Copyright © 2008 by ZyXEL Communications Corporation. The contents of this publication may not be reprod uced in any part or as a whole, transcribed, stored in a retrieval system, tran slated into any language, or transmitted in any form or by any means, el ectronic, mechanical , m[...]

  • Page 330

    Appendix G Legal Information NWA3550 User’s Guide 330 If this device does cause harmful inte rference to radio/television reception, which can be determined by turning th e device off and on, the user is enc ouraged to try to correct the interference by one or more of the following measures: 1 Reorient or relocate the receiving antenna. 2 Increas[...]

  • Page 331

    Appendix G Legal Information NWA3550 User’s Guide 331 Vie wing Certifications 1 Go to http://www .zyxel.com . 2 Select your product on the ZyXEL home pag e to go to that product's page. 3 Select the certification you wish to view from this page. ZyXEL Limited W arranty ZyXEL warrants to the original en d user (purchaser) that this product is[...]

  • Page 332

    Appendix G Legal Information NWA3550 User’s Guide 332[...]

  • Page 333

    NWA3550 User’s Guide 333 A PPENDIX H Customer Support In the event of problems that cannot be solved by using this manual, you should contact your vendor . If you cannot contact yo ur vendor , then contac t a ZyXEL office for the region in which you bought the dev ice. Regional of fices are listed below (see also http:// www .zyxel.com/web/conta [...]

  • Page 334

    Appendix H Custo mer Support NWA3550 User’s Guide 334 • Address: 1005F , ShengGao Internationa l T ower , No.137 XianXia Rd., Shanghai • W eb: http://www .zyxel.cn Cost a Rica • Support E-mail: soporte@zyxel.co.cr • Sales E-mail: sales@zyxel.co.cr • T elephone: +506-2017878 • Fax: +506-2 015098 • W eb: www .zyxel.co.cr • Re g u l [...]

  • Page 335

    Appendix H Customer Support NWA3550 User’s Guide 335 Germany • Support E-mail: support@zyxel.de • Sales E-mail: sales@zyxel.de • T elephone: +49-2405-6909-69 • Fax: +49-2405-6909-99 • W eb: www .zyxel.de • Re g ul a r Ma i l: ZyXEL Deut schland GmbH., Adenauerstr . 20/A2 D-52146, W u erselen, Germany Hungary • Support E-mail: suppor[...]

  • Page 336

    Appendix H Custo mer Support NWA3550 User’s Guide 336 Malaysia • Support E-mail: support@zyxel.com.my • Sales E-mail: sales@zyxel.com.my • T elephone: +603-8076-9933 • Fax: +603-8076- 9833 • W eb: http://www .zyxel.com.my • Regular Mail: ZyXEL Malaysia Sdn Bhd., 1-02 & 1-03, Jalan Kenari 17F , Bandar Puchong Jaya, 47100 Puchong, S[...]

  • Page 337

    Appendix H Customer Support NWA3550 User’s Guide 337 Singapore • Support E-mail: support@zyxel.com.sg • Sales E-mail: sales@zyxel.com.sg • T elephone: +65-6899-6678 • Fax: +65-6899-8887 • W eb: http://www .zyxel.com.sg • Regular Mail: ZyXEL Singapore Pte Ltd., No. 2 International Business Park, The Strategy #03-28, Sin gapore 609930 S[...]

  • Page 338

    Appendix H Custo mer Support NWA3550 User’s Guide 338 T urkey • Support E-mail: cso@zyxel.com.tr • T elephone: +90 212 222 55 22 • Fax: +90-212-220-2 526 • W eb: http:www .zyxel.com.tr • Address: Kaptanpasa Mahallesi Piyalep asa Bulvari Ortadogu Plaza N:14/13 K:6 Okmeydani/Sisli Istanbul/T urkey Ukraine • Support E-mail: su pport@ua.z[...]

  • Page 339

    Index NWA3550 User’s Guide 339 Index A access 34 access point 34 access privileges 36 address assignment 141 address filtering 33 administrator authentication on RADIU S 86 Advanced Encryption St andard See AES. AES 278 alternative subnet mask notation 315 antenna 237 directional 281 gain 281 omni-directional 281 AP 33 , 34 , 35 , 145 , 27 1 AP+B[...]

  • Page 340

    Index NWA3550 User’s Guide 340 dynamic WEP key exchange 277 E EAP authentication 275 encryption 35 , 278 ESS 270 ESSID 236 Extended Service Se t see ESS Extended Service Se t IDentification 101 , 125 F FCC interf erence statemen t 329 file version 323 filtering 33 firmware file maintenance 225 fragment ation threshold 272 friendly AP list 148 FTP[...]

  • Page 341

    Index NWA3550 User’s Guide 341 N NA T 320 network 33 network access 33 network bridge 34 network traffic 33 O operating mode 33 out-of-band management 207 P Pairwise Master Key (PMK) 278 , 279 passwor d 86 , 238 path cost 96 Per-Hop Behavior 95 PHB (Per-Hop Behavior) 95 PoE 241 power specification 237 power specifications 241 preamble mode 273 pr[...]

  • Page 342

    Index NWA3550 User’s Guide 342 STP - how it works 97 STP (S panning T ree Protocol) 23 9 STP path cost s 96 STP port states 97 STP terminology 96 subnet 313 subnet mask 238 , 314 subnetting 316 syntax conventions 4 system name 85 system timeout 152 T tagged VLAN example 207 Te l n e t 153 telnet 153 temperature 237 T emporal Ke y Integrity Protoc[...]

  • Page 343

    Index NWA3550 User’s Guide 343[...]

  • Page 344

    Index NWA3550 User’s Guide 344[...]