ZyXEL Communications ZyXEL NWA3160 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of ZyXEL Communications ZyXEL NWA3160, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of ZyXEL Communications ZyXEL NWA3160 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of ZyXEL Communications ZyXEL NWA3160. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of ZyXEL Communications ZyXEL NWA3160 should contain:
- informations concerning technical data of ZyXEL Communications ZyXEL NWA3160
- name of the manufacturer and a year of construction of the ZyXEL Communications ZyXEL NWA3160 item
- rules of operation, control and maintenance of the ZyXEL Communications ZyXEL NWA3160 item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of ZyXEL Communications ZyXEL NWA3160 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of ZyXEL Communications ZyXEL NWA3160, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the ZyXEL Communications service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of ZyXEL Communications ZyXEL NWA3160.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the ZyXEL Communications ZyXEL NWA3160 item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    www .zyxel.com NW A-3160 Series IEEE 802.1 1a/b/g Business WLAN Access Point IEEE 802.1 1b/g Business WLAN Access Point IEEE WirelessN Busine ss WLAN Access Point User ’ s Guide V ersion 3.60 07/2008 Edition 3 DEFAULT LOGIN IP Address http://1 92 .168.1.2 Password 1234[...]

  • Page 2

    [...]

  • Page 3

    About This User's Guide ZyXEL NWA-3160 Series User’s Guide 3 About This User's Guide Intended Audience This manual is intended for people who want to configure the ZyXEL Device using the web configurator . Y ou should have at leas t a basic knowledge of TCP/IP networking concepts and topology . Related Document ation • Quick Start Gui[...]

  • Page 4

    Document Conventions ZyXEL NWA-3160 Series User’s Guide 4 Document Conventions W arnings and Notes These are how warnings and notes are shown in this User ’ s Guide. 1 W arnings tell you about things that could harm you or your device. " Notes tell you other import ant information (for example, other things yo u may need to configure or he[...]

  • Page 5

    Document Conventions ZyXEL NWA-3160 Series User’s Guide 5 Icons Used in Figures Figures in this User ’ s Guide may use the followi ng generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Computer Notebook computer Server DSLAM Firewall T ele phone Switch Router[...]

  • Page 6

    Safety Warnings ZyXEL NWA-3160 Series User’s Guide 6 Safety Warnings 1 For your safety , be sure to read and follow all warning notices and instructions. • Do NOT use this product near water , for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. • Do NOT store thin gs on[...]

  • Page 7

    Safety Warnings ZyXEL NWA-3160 Series User’s Guide 7[...]

  • Page 8

    Safety Warnings ZyXEL NWA-3160 Series User’s Guide 8[...]

  • Page 9

    Contents Overview ZyXEL NWA-3160 Series User’s Guide 9 Contents Overview Introduction .......................................... ........................................................................ .......... 29 Introducing the ZyXEL Device ............... ................ ................ ................ ................. ................ .[...]

  • Page 10

    Contents Overview ZyXEL NWA-3160 Series User’s Guide 10[...]

  • Page 11

    Table of Contents ZyXEL NWA-3160 Series User’s Guide 11 Table of Contents About This User's Guide ................................ ........................................................................ .. 3 Document Conventions.................................................................. ......................................... .4 Sa[...]

  • Page 12

    Table of Contents ZyXEL NWA-3160 Series User’s Guide 12 Chapter 3 T utorial ........................................................................ ............................................... .............. 45 3.1 How to Configure the Wirele ss LAN ...... ................. ............. ................ ................ ............. ... 45 [...]

  • Page 13

    Table of Contents ZyXEL NWA-3160 Series User’s Guide 13 5.2 The Management Mode Screen ................ ................ ................ ................ ................ .......... 79 Chapter 6 AP Controller Mode (NW A-3160 Only) .................................................................................. 81 6.1 S tatus Screen ...........[...]

  • Page 14

    Table of Contents ZyXEL NWA-3160 Series User’s Guide 14 8.3.3.2 A T C+WMM from WLAN to LAN .......... ................ ................ .......... 107 8.3.4 T ype Of Service (T oS) .................. ................. ................ ................ ................ ........... 107 8.3.4.1 DiffServ ............ ................. ...............[...]

  • Page 15

    Table of Contents ZyXEL NWA-3160 Series User’s Guide 15 9.10 Introduction to RADIUS ................. ................ ................ ................ ................. ................ . 134 9.1 1 Conf iguring RADIUS ... ................ ................ ................ ................ ............. ................ ....... .1 3 4 Chapter 10[...]

  • Page 16

    Table of Contents ZyXEL NWA-3160 Series User’s Guide 16 13.3.3 Rogue AP List ...................... ................ ................ ................ ................. ................ . 16 1 Chapter 14 Remote Management Screens .................................. ........................................................... 163 14.1 Remote Managem[...]

  • Page 17

    Table of Contents ZyXEL NWA-3160 Series User’s Guide 17 Chapter 17 Log Screens ............................................................................................... ..................... ...... 199 17.1 Configuring View Log ..... .......... ................ ............. ................ ................ ................ ......... .. 19[...]

  • Page 18

    Table of Contents ZyXEL NWA-3160 Series User’s Guide 18 Chapter 20 T roubleshooting ......................................................................................... ........................... 235 20.1 Power , Hardwa re Connections, and LEDs ................. ................ ................ ................ ..... 235 20.2 ZyXEL Device [...]

  • Page 19

    List of Figures ZyXEL NWA-3160 Series User’s Guide 19 List of Figures Figure 1 Access Point Application ............ ....... ......... ............. ................. ................ ................ ... ............. 32 Figure 2 Bridge Application ................................ ................ ................ ................ ..............[...]

  • Page 20

    List of Figure s ZyXEL NWA-3160 Series User’s Guide 20 Figure 39 T utorial: Layer-2 Isol ation Edit .. ................ ................. ............. ................ ................ .... ............ 68 Figure 40 T utorial: MAC Filter Edit (SERVER_1) .. ................ ................. ............ ................. ................ ... 69 [...]

  • Page 21

    List of Figures ZyXEL NWA-3160 Series User’s Guide 21 Figure 82 Multiple BSS with VLAN Example ......... ................ ................. ............................................ .. 138 Figure 83 Wireless: Mu ltiple BSS ....... ................................................ ............. .......................... ........... 1 38 Figure [...]

  • Page 22

    List of Figure s ZyXEL NWA-3160 Series User’s Guide 22 Figure 125 RADIUS VLAN ................. ................ ................ ................ ................ ................. ...... ........... 2 10 Figure 126 Management VLAN Conf iguration Example .................. ................ ................ ................ ..... 212 Figure 127 V[...]

  • Page 23

    List of Figures ZyXEL NWA-3160 Series User’s Guide 23 Figure 168 Windows XP: Control Panel: Network Conn ections: Properties ........... ................ .............. 256 Figure 169 Windows XP: Local Area Connection Prop erties .... ............. ................ ................ .............. 256 Figure 170 Windows XP: Advanced TCP/ IP Settin[...]

  • Page 24

    List of Figure s ZyXEL NWA-3160 Series User’s Guide 24[...]

  • Page 25

    List of Tables ZyXEL NWA-3160 Series User’s Guide 25 List of Tables T able 1 Models Cov ered .... ................ ................ ................ ................ .................... ............... .......... ....... 31 T able 2 LEDs .............. ................ ................. ................ ................ ................ ........[...]

  • Page 26

    List of Tables ZyXEL NWA-3160 Series User’s Guide 26 T able 39 Wireless Security Levels .. ............. ... ................ ............. ................ ................ ............. .......... . 126 T able 40 WIRELES S > Security .............. ................ ................. ............. ................ ................ ..... .....[...]

  • Page 27

    List of Tables ZyXEL NWA-3160 Series User’s Guide 27 T able 82 Sys log ... ................ ................ ................ ................ ................. ................ ......... ................ ..... 204 T able 83 Log Categories and Ava ilable Settings ..... ................. ................ ................ ................ .........[...]

  • Page 28

    List of Tables ZyXEL NWA-3160 Series User’s Guide 28[...]

  • Page 29

    29 P ART I Introduction Introducing the ZyXEL Device (31) Introducing the W eb Configurator (41) T utorial (45) S tatus Screens (73) Management Mod e (77) AP Controller Mode (NW A-3160 Only) (81)[...]

  • Page 30

    30[...]

  • Page 31

    ZyXEL NWA-3160 Series User’s Guide 31 C HAPTER 1 Introducing the ZyXEL Device This chapter introduces the main applications and features of the ZyXEL Device. It also introduces the ways yo u can manage the ZyXEL Device. 1.1 Introducing the ZyXEL Device Y our ZyXEL Device extends the range of your existing wired networ k wi thout additional wiring[...]

  • Page 32

    Chapter 1 Introducing the ZyXEL Device ZyXEL NWA-3160 Series User’s Guide 32 " A different channel should be configured for each WLAN interface to reduce the effect s of radio interference. 1.2.1 Access Point The ZyXEL Device is an ideal access solution fo r wireless Internet connection. A typical Internet access application for your ZyXEL D[...]

  • Page 33

    Chapter 1 Introducing the ZyXEL Device ZyXEL NWA-3160 Series User’s Guide 33 Figure 2 Bridge Application Figure 3 Repeater Application 1.2.3 AP + Bridge (NW A -3160 and NW A-3163 Only) In AP+Bridge mode, the ZyXEL Device supports both AP and bridge connectio n at the same time.[...]

  • Page 34

    Chapter 1 Introducing the ZyXEL Device ZyXEL NWA-3160 Series User’s Guide 34 In the figure below , A and B use X as an AP to access the wired network, while X and Y communicate in bridge mode. When the ZyXEL Device is in AP + Bridge mode, security between APs (the W ireless Distribution System or WDS) is independent of the security between the wi[...]

  • Page 35

    Chapter 1 Introducing the ZyXEL Device ZyXEL NWA-3160 Series User’s Guide 35 For example, you might want to set up a wire less network in your office where Internet telephony (V oice over IP , or V oIP) users have priority . Y ou also want a regular wireless network for standard users, as well as a ‘guest ’ wireless network for vis itors. In [...]

  • Page 36

    Chapter 1 Introducing the ZyXEL Device ZyXEL NWA-3160 Series User’s Guide 36 1.3 CAPW AP (NW A-3160 and NW A-3163 Only) CAPW AP allows a single access point (the AP cont roller) to manage up to eight other access points (the managed APs ). The managed APs r eceive all their configura tion information from the AP controller . This includes radio c[...]

  • Page 37

    Chapter 1 Introducing the ZyXEL Device ZyXEL NWA-3160 Series User’s Guide 37 1.6 Hardware Connections See your Quick S tart Guide for informa tion on making hardware connections. 1.6.1 Antennas The ZyXEL Device has two antennas. When yo u are looking at the ZyXEL Device from the front, the main antenna is on the left. The main antenna can both tr[...]

  • Page 38

    Chapter 1 Introducing the ZyXEL Device ZyXEL NWA-3160 Series User’s Guide 38 Figure 7 LEDs T able 2 LEDs LABEL COLOR STATUS DESCRIPTION WDS (NW A-31 60 and NW A- 3163 only) Off Either • The ZyXEL Device is in Acces s Point or MBSSID mode and is functioning normally . or • The ZyXEL Device is in AP+Bridge o r Bridge/ Repeater mode and has not [...]

  • Page 39

    Chapter 1 Introducing the ZyXEL Device ZyXEL NWA-3160 Series User’s Guide 39 ETHERNET Green On The ZyXEL Device has a 10 Mbps Ethernet connection. Blinking The ZyXEL Device has a 10 Mbps Ethernet connection and is sending or receivin g data. Y ellow O n The ZyXEL Device has a 100 Mbps Ethernet connection. Blinking The ZyXEL Device has a 100 Mbps [...]

  • Page 40

    Chapter 1 Introducing the ZyXEL Device ZyXEL NWA-3160 Series User’s Guide 40[...]

  • Page 41

    ZyXEL NWA-3160 Series User’s Guide 41 C HAPTER 2 Introducing the Web Configurator This chapter describes how to access the ZyXEL Device’ s web configura tor and provides an overview of its screens. " When your ZyXEL Device is in (CAPW AP) Managed AP mode (NW A-3160 and NW A-3163 only) the Web Configurator is not available. Th e ZyXEL Devic[...]

  • Page 42

    Chapter 2 Introducing the Web Configur ator ZyXEL NWA-3160 Series User’s Guide 42 If you have more than one ZyXEL Device on yo ur network (t hat uses the default System Name) or if you are not sure of your ZyX EL Device’ s System Name, use one of the following methods to access the web configurator: • Enter the ZyXEL Device’ s LAN IP addres[...]

  • Page 43

    Chapter 2 Introducing the Web Configurator ZyXEL NWA-3160 Series User’s Guide 43 6 Click Apply in the Replace Certificate screen to create a certificate using your ZyXEL Device’ s MAC address that will be specific to this device. Figure 10 Replace Certificate Screen Y ou should now see the St a t u s screen. See Chapter 2 on pa ge 41 for detail[...]

  • Page 44

    Chapter 2 Introducing the Web Configur ator ZyXEL NWA-3160 Series User’s Guide 44 2.3 Navigating the W eb Configurator The following summarizes how to navigate the web configurator from the St a t u s screen. Click LOGOUT at any time to exit the web configurator . Check the status bar at the botto m of the screen wh en you click Apply or OK to ve[...]

  • Page 45

    ZyXEL NWA-3160 Series User’s Guide 45 C HAPTER 3 Tutorial This chapter first provides an overview of ho w to configure the wireless LAN on your ZyXEL Device, and then gives step-by- step guidelines showing how to configure your ZyXEL Device for some example scenarios. 3.1 How to Configure the Wireless LAN This section shows how to choose which wi[...]

  • Page 46

    Chapter 3 Tutorial ZyXEL NWA-3160 Series User’s Guide 46 3.1.2 Wireless LAN Configuration Overview The following figure shows th e steps you should take to configure t h e wireless settings according to the operatin g mode you select. Use the W eb Configurato r to set up your ZyXEL Device’ s wireless network (see your Quick Start Guide for info[...]

  • Page 47

    Chapter 3 T utorial ZyXEL NWA-3160 Series User’s Guide 47 Figure 12 Configuring Wireless LAN S elect Operating Mode Access Point Bridge / Repeater Mo de. AP + Bridge Mode. MBSSID Mode. Select 802.1 1 Mode and Channel ID . Select SSID Configure SSID P rofile. Edit Security Pr ofile . Configure RADIUS authentication (optional). Configure internal A[...]

  • Page 48

    Chapter 3 Tutorial ZyXEL NWA-3160 Series User’s Guide 48 3.1.3 Further Reading Use these links to find more information on the steps: • Choosing 802.1 1 Mode : see Section 8.7. 1 on page 1 11 . • Choosing a wireless Channel ID : see Section 8.7. 1 on page 1 11 . • Selecting and configurin g SSID profile (s): see Section 8.7.1 on page 1 1 1 [...]

  • Page 49

    Chapter 3 T utorial ZyXEL NWA-3160 Series User’s Guide 49 Figure 13 T utorial: Example MBSSID Set up The standard network ( SSID04 ) has ac cess to all resources. The V oIP ne twork ( V oIP_SSID ) has access to a ll resources and a high Quality of Service (QoS) setting (see Chapter 8 on page 103 for information on QoS). The guest network ( Guest_[...]

  • Page 50

    Chapter 3 Tutorial ZyXEL NWA-3160 Series User’s Guide 50 Figure 14 T utorial: Wireless LAN: Before Select MBSSID from the Operating Mode drop-down list box. The screen displays as follows. Figure 15 T utorial: Wireless LAN: Change Mode This Select SSID Pr ofile table allows you to activate or deactivate SSID profiles. Y our wireless network was p[...]

  • Page 51

    Chapter 3 T utorial ZyXEL NWA-3160 Series User’s Guide 51 Select the Index box for the en try and click Apply to activate the profile. Y our standard wireless network ( SSID04 ) is now accessible to your wireless clients as before. Y ou do not need to configure anything el se for your standard n etwork. 3.2.2 Configure the V oIP Network Next, cli[...]

  • Page 52

    Chapter 3 Tutorial ZyXEL NWA-3160 Series User’s Guide 52 Figure 17 T utorial: V oIP SSID Profile Edit • Choose a new SSID for the V oIP network. In this example, enter V OIP_SSID_Example . Note that although the SSID chan ges, the SSID profile name ( V oIP_SSID ) remains the same as before. • Select Enable from the Hide Name (SSID) list box. [...]

  • Page 53

    Chapter 3 T utorial ZyXEL NWA-3160 Series User’s Guide 53 Figure 18 T utorial: V oIP Sec urity Y ou already chose to use the security02 profile for this network, so select the radio button for security02 and click Edit . The following screen appears. Figure 19 T utorial: V oIP Security Profile Edit •C h a n g e t h e Name field to “V oIP_Secu[...]

  • Page 54

    Chapter 3 Tutorial ZyXEL NWA-3160 Series User’s Guide 54 • Click Apply . The WIRELESS > Security screen displays. Ensure that the Prof ile Name for entry 2 displays “ Vo I P _ S e c u r i t y ” and that the Security Mode is WP A2-PSK . Figure 20 T utorial: V oIP Sec urity: Updated 3.2.2.2 Activate the V oIP Profile Y ou need to activate [...]

  • Page 55

    Chapter 3 T utorial ZyXEL NWA-3160 Series User’s Guide 55 Figure 22 T utorial: Guest Edit • Choose a new SSID for the guest network. In this example, enter Guest_SSID_Example . Note that although the SSID chan ges, the SSID profile name ( Guest_SSID ) remains the same as before. • Select Disable from the Hide Nam e (SSID) list box. This makes[...]

  • Page 56

    Chapter 3 Tutorial ZyXEL NWA-3160 Series User’s Guide 56 • Select WP A-PSK in the Security Mode field. WP A-PSK provides strong security that is supported by most wireless clients . Even though your Guest_S SID clients do not have access to sensitive information on the network, you should not leave the network without security . An attacker cou[...]

  • Page 57

    Chapter 3 T utorial ZyXEL NWA-3160 Series User’s Guide 57 Figure 26 T utorial: Layer 2 Isolation Profile Enter the MAC addresses of the two network devi ces you want users on the guest network to be able to access: the main network router (00:AA:00:AA:00:AA) and the network printer (AA:00:AA:00:AA:00). Cl ick Apply . 3.2.3.3 Activate the Guest Pr[...]

  • Page 58

    Chapter 3 Tutorial ZyXEL NWA-3160 Series User’s Guide 58 • T ry to access each network using the corre ct security settings, and then using incorrect security settings, such as the WP A-PSK for an other active network. If the behavior is dif ferent from expected (for example, if you can access the V oIP wireless netwo rk using the security sett[...]

  • Page 59

    Chapter 3 T utorial ZyXEL NWA-3160 Series User’s Guide 59 Figure 28 T utorial: Wireless Netw ork Example In the figure, the solid circle represents the range of your wireless network, and the dashed circle represents the extent of the coffee shop’ s wireless networ k. Note that the two networks overlap. This means that one or more of your APs c[...]

  • Page 60

    Chapter 3 Tutorial ZyXEL NWA-3160 Series User’s Guide 60 " The ZyXEL Device can detect the MAC addresse s of APs automatically . However , it is more secure to obt ain the correct MAC addresses from another source and add them to the friendly AP list manually . For example, an attacker’s AP mimicking the correct SSID could be placed on the[...]

  • Page 61

    Chapter 3 T utorial ZyXEL NWA-3160 Series User’s Guide 61 " Y ou can add APs that are not p art of your network to the friendly AP list, as long as you know that they do not pose a threat to your network’ s security . The Friendly AP screen now appears as follows. Figure 30 T utorial: Friendly AP (After Data Entry) 3 Next, you will save th[...]

  • Page 62

    Chapter 3 Tutorial ZyXEL NWA-3160 Series User’s Guide 62 Figure 32 T utorial: Warning 5 Save the friendly AP list somewhere it can be accessed by all the other access points on the network. In this example, save it on the network file server ( E in Figure 28 on page 59 ). The default filename is “Flist”. Figure 33 T utorial: Save Friendly AP [...]

  • Page 63

    Chapter 3 T utorial ZyXEL NWA-3160 Series User’s Guide 63 2 In the Period (min.) field, enter how often yo u want the ZyXEL Device to scan for rogue APs. Y ou can have the ZyXEL Device sca n anywhere from once every ten minutes to once every hour . In this example, enter “10”. 3 Click Apply . 3.3.3 Set Up E-mail Logs In this section, you will[...]

  • Page 64

    Chapter 3 Tutorial ZyXEL NWA-3160 Series User’s Guide 64 •I n t h e Send Immediate Alert section, select the events you want to trigger immediate e- mails. Ensure that Rogue AP is selected. • Click Apply . 3.3.4 Configure Y our Other Access Points Access point A is now configured to do the following. • Scan for access points in its coverage[...]

  • Page 65

    Chapter 3 T utorial ZyXEL NWA-3160 Series User’s Guide 65 3.4 Using Multiple MAC Filters and L-2 Isolation Profiles This example shows you how to allow certain users to access only specific parts of your network. Y ou can do this by using multiple MAC filters and layer-2 isolation profiles. 3.4.1 Scenario In this example, you run a company networ[...]

  • Page 66

    Chapter 3 Tutorial ZyXEL NWA-3160 Series User’s Guide 66 Each SSID profile already uses a different pre-shared key . In this example, you will configure access limitations for each SSID pr ofile. T o do this, you will take the following steps. 1 Configure the SER VER_1 network’ s SSID profile to use speci fic MAC filter and layer-2 isolation pr[...]

  • Page 67

    Chapter 3 T utorial ZyXEL NWA-3160 Series User’s Guide 67 Figure 37 T utorial: SSID Profile 2 Select SER VER_1 ’ s entry and click Edit . The following screen displays. Figure 38 T utorial: SSID Edit Select l2Isolation03 in the L2 Isolatio n field, a nd select macf ilter03 in the MAC Filtering field. Click Apply . 3 Click the Layer -2 Isolation[...]

  • Page 68

    Chapter 3 Tutorial ZyXEL NWA-3160 Series User’s Guide 68 Figure 39 T utorial: Layer-2 Isolation Edit Enter the network router ’ s MAC Address and add a Description (“NET_ROUTER” in this case) in Set 1 ’s e n t r y. Enter server 1’ s MAC Address and add a Description (“SER VER_1” in this case) in Set 2 ’s e n t r y. Change the Prof[...]

  • Page 69

    Chapter 3 T utorial ZyXEL NWA-3160 Series User’s Guide 69 3.4.5 Configure the SER V ER_2 Network Next, you will configure the SER VER_2 network that allows Bob to access secure server 2 and the Internet. T o do this, repeat the procedure in Section 3.4.4 on page 66 , substituting the following information. 3.4.6 Checking your Settings and T estin[...]

  • Page 70

    Chapter 3 Tutorial ZyXEL NWA-3160 Series User’s Guide 70 Figure 41 T utorial: SSID Profiles Activated 2 Next, click the SSID tab. Check that each configured SSID profile uses the correct Security , Layer -2 Is olation and MAC Filter profiles, as shown in the following figure. Figure 42 T utorial: SSID T ab Correct Settings V If the settings are n[...]

  • Page 71

    Chapter 3 T utorial ZyXEL NWA-3160 Series User’s Guide 71 • Using another computer and wireless clie nt, but with the correct security settings, attempt to associate with the SER VER_1 ne twork. Y ou should be unab le to do so. If you can do so, MAC filte ring is misconfigured. 2 T est the SER VER_2 network. • Using Bob’ s computer and wire[...]

  • Page 72

    Chapter 3 Tutorial ZyXEL NWA-3160 Series User’s Guide 72[...]

  • Page 73

    ZyXEL NWA-3160 Series User’s Guide 73 C HAPTER 4 Status Screens The St a t u s screen displays wh en you log in to the ZyXEL Device, or click ST A TUS in the navigation menu. Use the St a t u s screens to look at the current status of the device, system resources, interface s and SSID status. The St a t u s screen also provides detaile d informat[...]

  • Page 74

    Chapter 4 Sta tus Screens ZyXEL NWA-3160 Series User’s Guide 74 Figure 43 The S tatus Screen The following table describes the labels in this screen. T able 10 The Stat us Screen LABEL DESCRIPTION Automati c Refresh Interval Enter how often you want the ZyXEL Device to upda te this screen. Refresh Click this to update this screen immediately . Sy[...]

  • Page 75

    Chapter 4 Status Screens ZyXEL NWA-3160 Series User’s Guide 75 System Resources Flash This field displays the amount of the ZyXEL Device’s flash memory currently in use. The flash memory is used to store firmware and SSID profiles. Memory This field displa ys what percentage of the ZyXEL Device’s volatile memory is currently in use. The highe[...]

  • Page 76

    Chapter 4 Sta tus Screens ZyXEL NWA-3160 Series User’s Guide 76[...]

  • Page 77

    ZyXEL NWA-3160 Series User’s Guide 77 C HAPTER 5 Management Mode This chapter discusses the MGNT MODE (Management Mode) screen (NW A-3160 and NW A-3163 only). This screen de termines whether the ZyXEL Devi ce is used in its default, standalone mode, or as part of a CAPW AP (Control And Provisioning of W irele ss Access Points) network. 5.1 About [...]

  • Page 78

    Chapter 5 Manage ment Mode ZyXEL NWA-3160 Series User’s Guide 78 2 The AP sends out a management request, looking for an AP in CAPW AP AP controller mode. 3 If there is an AP controller on the network, it receives the manageme nt request. If the AP controller is in Manual mode (see Section 6.3.3 on page 89 ) it adds the details of the AP to its U[...]

  • Page 79

    Chapter 5 Manag ement Mode ZyXEL NWA-3160 Series User’s Guide 79 5.1.4 Notes on CAPW AP This section lists some add itional features of ZyXEL ’ s implementation of the CAPW AP protocol. • When the ZyXEL Device is in AP controller mode and uses its internal RADIUS server (see Chapter 15 on page 1 75 ), managed APs also use the ZyXEL Device’ [...]

  • Page 80

    Chapter 5 Manage ment Mode ZyXEL NWA-3160 Series User’s Guide 80 Managed AP Select this to have the ZyXEL Device managed by ano ther ZyXEL Device on your network. When you do this, the ZyXEL Device can be configured ONL Y by the management AP . If you do not have an AP controller on your network and want to return the ZyXEL Device to standalone m[...]

  • Page 81

    ZyXEL NWA-3160 Series User’s Guide 81 C HAPTER 6 AP Controller Mode (NWA-3160 Only) When the ZyXEL Device is an AP controller , it can manage other acces s points. Y ou configure settings for the AP controller and the managed ac cess points in the AP controller , which then sends the configuration de tails to the managed APs. The ZyXEL Device can[...]

  • Page 82

    Chapter 6 AP Co ntroller Mode (NWA-3160 Only) ZyXEL NWA-3160 Series User’s Guide 82 The following table describes the new labels in this screen. 6.1.1 The AP List St atus Screen Use this screen to see a list of the APs ma naged by the ZyXEL Device. When the ZyXEL Device is in AP controller mode, cli ck AP List in the St a t u s screen. The follow[...]

  • Page 83

    Chapter 6 AP Controller Mo de (NWA-3160 Only) ZyXEL NWA-3160 Series User’s Guide 83 The following table describes the labels in this screen. 6.1.2 The AP St atistics Screen Use this screen to statistics relating to th e APs managed by the ZyXEL Device. When the ZyXEL Device is in AP controller mode, click AP S tatistics in the St a t u s screen. [...]

  • Page 84

    Chapter 6 AP Co ntroller Mode (NWA-3160 Only) ZyXEL NWA-3160 Series User’s Guide 84 6.1.3 The AP Association List Screen Use this screen to see information about the wi reless clients associated to the APs managed by the ZyXEL Device. When the ZyXEL Devi ce is in AP controller mode, click A ssociation List in the St a t u s screen. The following [...]

  • Page 85

    Chapter 6 AP Controller Mo de (NWA-3160 Only) ZyXEL NWA-3160 Series User’s Guide 85 When the ZyXEL Device is in AP controller mode, click SSID Information in the St a t u s screen. The following screen displays. Figure 51 SSID Informa tion The following table describes the labels in this screen. 6.2 Navigation Bar When the ZyXEL Device is in AP c[...]

  • Page 86

    Chapter 6 AP Co ntroller Mode (NWA-3160 Only) ZyXEL NWA-3160 Series User’s Guide 86 6.3 The Controller Screens This section discusses the Controller screens that display when the ZyXEL Device is in AP controller mode (NW A-3 160 only). 6.3.1 The AP Lists Screen When the ZyXEL Device is in AP controller mode, click CONTROLLER > AP Lists . The f[...]

  • Page 87

    Chapter 6 AP Controller Mo de (NWA-3160 Only) ZyXEL NWA-3160 Series User’s Guide 87 Figure 53 The Controller > AP List s Screen The following table describes the labels in this screen. T able 18 The Controller > AP Lists Screen LABEL DESCRIPTION Managed Access Points List This secti on lists t he access points currently controlled by the Zy[...]

  • Page 88

    Chapter 6 AP Co ntroller Mode (NWA-3160 Only) ZyXEL NWA-3160 Series User’s Guide 88 6.3.2 The AP List s Edit Screen Use this screen to change the descriptio n or radio profile of an AP managed by the ZyXEL Device. Click Edit in the CONTROL LER > AP Lists screen. The following screen displays. Figure 54 The Controller > AP List s > Edit S[...]

  • Page 89

    Chapter 6 AP Controller Mo de (NWA-3160 Only) ZyXEL NWA-3160 Series User’s Guide 89 6.3.3 The Configuration Screen Use this screen to control th e way in which the ZyXEL Device accepts new APs to manage. Y ou can also configure the pre-shared key (PSK) that is use to secure the data transmitted between the ZyXEL Device and the APs it manages. Whe[...]

  • Page 90

    Chapter 6 AP Co ntroller Mode (NWA-3160 Only) ZyXEL NWA-3160 Series User’s Guide 90 6.4 The Profile Edit Screens This section describes the Profile Edit screens, which are availabl e only in AP controller mode (NW A-3160 only). The following Profil e Edit screens are identical to those available in sta ndalone mode: •T h e Profile Edit > SSI[...]

  • Page 91

    Chapter 6 AP Controller Mo de (NWA-3160 Only) ZyXEL NWA-3160 Series User’s Guide 91 6.5 The Radio Profile Edit Screen Use this screen to configure a specific radio profile. In the Profile Edit > Ra dio screen, select a profile and click Edit . The following screen displays. Figure 57 The Profile Edit > Radio > Edit Screen 802.1 1 Mode Th[...]

  • Page 92

    Chapter 6 AP Co ntroller Mode (NWA-3160 Only) ZyXEL NWA-3160 Series User’s Guide 92 The following table describes the labels in this screen. T able 22 The Profile Edit > Radio > Edit Screen LABEL DESCRIPTION Profile Name Enter a name identifying thi s profile. 802.1 1 Mode Select 802.1 1b Only to allow only IEEE 802.1 1 b compliant WLAN dev[...]

  • Page 93

    Chapter 6 AP Controller Mo de (NWA-3160 Only) ZyXEL NWA-3160 Series User’s Guide 93 Apply Click this to save your changes. Reset Click this to reload the previous configuration for this screen. T able 22 The Profile Edit > Radio > Edit Screen LABEL DESCRIPTION[...]

  • Page 94

    Chapter 6 AP Co ntroller Mode (NWA-3160 Only) ZyXEL NWA-3160 Series User’s Guide 94[...]

  • Page 95

    95 P ART II The W eb Configurator System Screens (97) W ireless Config uration (103) W ireless Security Configuration (121) MBSSID and SSID (137) Other W ireless Configuration (145) IP Screen (155) Rogue AP (157) Remote Management Screens (163) Internal RADIUS Server (175) Certificates (181) Log Screens (199) VLAN (207) Maintenance (225)[...]

  • Page 96

    96[...]

  • Page 97

    ZyXEL NWA-3160 Series User’s Guide 97 C HAPTER 7 System Screens 7.1 System Overview This section provides information on general system setup. 7.2 Configuring General Setup Click SYSTEM > General . Figure 58 System > General The following table describes the labels in this screen. T able 23 System > General LABEL DESCRIPTION General Setu[...]

  • Page 98

    Chapter 7 System Screens ZyXEL NWA-3160 Series User’s Guide 98 7.3 Administrator Authentication on RADIUS The administrator authentication on RADIUS fe ature lets a (external or internal) RADIUS server authenticate management logins t o the Zy XEL Device. This is u s eful if you need to regularly change a password that you u se to manage several [...]

  • Page 99

    Chapter 7 S ystem Screen s ZyXEL NWA-3160 Series User’s Guide 99 Figure 59 SYSTEM > Password. The following table describes the labels in this screen. T able 24 Password LABEL DESCRIPTIONS Enable Admin at Local Select this check box to have the de vice authenticate ma nagement l ogins to the device. Use old setting Select this to have the ZyXE[...]

  • Page 100

    Chapter 7 System Screens ZyXEL NWA-3160 Series User’s Guide 100 7.4 Configuring T ime Setting T o change your ZyX EL Device’ s time and date, click SYSTEM > T ime Setting . The screen appears as shown. Use this screen to configur e the ZyXEL Device’ s time based on yo ur local time zone. Figure 60 SYSTEM > T ime Setting RADIUS Select th[...]

  • Page 101

    Chapter 7 S ystem Screen s ZyXEL NWA-3160 Series User’s Guide 101 The following table describes the labels in this screen. T able 25 SYSTEM > Time Setting LABEL DESCRIPTION Current T ime This field displays the time of your ZyXEL Device. Each time you reload this page, th e ZyXEL Device synchronizes the tim e with the time server (if configure[...]

  • Page 102

    Chapter 7 System Screens ZyXEL NWA-3160 Series User’s Guide 102 7.5 Pre-defined NTP T ime Servers List When you turn on the ZyXEL De vice for the first time, the date and time start at 2000-01-01 00:00:00. When you select Auto in the SYSTEM > Time Setting screen, the ZyXEL Device then attempts to synchronize w ith one of the following pre-defi[...]

  • Page 103

    ZyXEL NWA-3160 Series User’s Guide 103 C HAPTER 8 Wireless Configuration This chapter discusses how to configure the ZyXEL Device’ s Wire l es s screens. 8.1 Wireless LAN Overview This section introduces the wireless LAN (WLAN) and some basic scenarios. 8.1.1 BSS A Basic Service Set (BSS) exists when all co mmunications between wireless station[...]

  • Page 104

    Chapter 8 Wireless Configuration ZyXEL NWA-3160 Series User’s Guide 104 8.1.2 ESS An Extended Service Set (ESS) consists of a series of overlappi ng BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distributio n System (DS). An ESSID (ESS IDentificat[...]

  • Page 105

    Chapter 8 Wireless Configuration ZyXEL NWA-3160 Series User’s Guide 105 8.3 Quality of Service This section discusses the Quality of Service (QoS) fe atures available on the ZyXEL Device. 8.3.1 WMM QoS WMM (W i-Fi MultiMedia) QoS (Qua lity of Service) ensures quality of ser vice in wireless networks. It controls WLAN transmission priority on pack[...]

  • Page 106

    Chapter 8 Wireless Configuration ZyXEL NWA-3160 Series User’s Guide 106 A TC assigns priority based on packet size, since time-sensitive applications such as Internet telephony (V oice over IP or V oIP) tend to have smaller pa cket sizes than non-time sensitive applications such as FTP (File T ransfer Protoc ol). The following tabl e shows some c[...]

  • Page 107

    Chapter 8 Wireless Configuration ZyXEL NWA-3160 Series User’s Guide 107 The following table shows how priorities are ass igned for packets coming from the LAN to the WLAN. 8.3.3.2 A TC+WMM from WLAN to LAN A TC+WMM from WLAN to LAN automatically pr ioritizes (assigns an A TC value to) all packets coming from the WLAN. Packets are a ssigned an A T[...]

  • Page 108

    Chapter 8 Wireless Configuration ZyXEL NWA-3160 Series User’s Guide 108 DSCP is backward compatible with the three precedence bits in the T oS octet so that non- DiffServ compliant , T oS-enabled network device will not conflict with the DSCP mapping. The DSCP value determines the forwardi ng behavior , the PHB (Per-Hop Behavior), that each packe[...]

  • Page 109

    Chapter 8 Wireless Configuration ZyXEL NWA-3160 Series User’s Guide 109 8.4.2 STP T erminolo gy The root bridge is the base of the spannin g tree; it is the bridge with the l owest identifier value (MAC address). Path cost is the cost of tr ansmitting a frame onto a LAN thro ugh that port. It is assigned according to the speed of the link to whic[...]

  • Page 110

    Chapter 8 Wireless Configuration ZyXEL NWA-3160 Series User’s Guide 11 0 8.4.4 STP Port St ates STP assigns five port states (see next table) to eliminate packet looping. A bridge port is not allowed to go directly fro m blocking state to forwarding state so as to eliminate transient loops. 8.5 DFS When you ch oose 802.1 1a in Access Point , Brid[...]

  • Page 111

    Chapter 8 Wireless Configuration ZyXEL NWA-3160 Series User’s Guide 111 6 Use the MAC Filter screen to allow or res trict access to your wireless network based on a client’ s MAC addres s. 8.7 Configuring Wireless Settings Click WIRELESS > Wir eless . The screen varies depending upon the op erating mode you select. 8.7.1 Access Point Mode : [...]

  • Page 112

    Chapter 8 Wireless Configuration ZyXEL NWA-3160 Series User’s Guide 11 2 Figure 64 Wireless: Access Point (NW A-3160 and NW A-3163) The following table describes the general wireless LAN labels in this screen. T able 35 Wireless: Access Point (NWA-3160 and NWA-3163) LABEL DESCRIPTION Operating Mode Select Access Point from the drop -down list. 80[...]

  • Page 113

    Chapter 8 Wireless Configuration ZyXEL NWA-3160 Series User’s Guide 11 3 Choose Channel ID Set the operating frequency/channel de pending on your particular region. T o manu ally set the ZyXEL Device to use a channel, select a channel from the drop - down list box. Click MAINTENANCE and then the Ch annel Usage tab to open the Channel Usage screen[...]

  • Page 114

    Chapter 8 Wireless Configuration ZyXEL NWA-3160 Series User’s Guide 11 4 8.7.2 Access Point Mode: NW A-3165 This section describes the Access Point mode screen for the NW A-3165 . For the NW A-3160 and NW A-3163, see Section 8.7.1 on page 1 1 1 . Select Access Point as the Operating Mode to display the scree n shown next. Figure 65 Wireless: Acce[...]

  • Page 115

    Chapter 8 Wireless Configuration ZyXEL NWA-3160 Series User’s Guide 11 5 Channel Width This field is available only when 802.1 1n/g is selected as the 802.1 1 Mode . Select whether the ZyXEL Device uses a wireless channel bandwidth of 20 or 40 MHz. A standard 20MHz channel offers transfer speeds of up to 150 Mbps whereas a 40MHz channel uses two [...]

  • Page 116

    Chapter 8 Wireless Configuration ZyXEL NWA-3160 Series User’s Guide 11 6 8.7.3 Bridge/Repeater Mode (NW A-3160 and NW A-3163 Only) The ZyXEL Device can act as a wireless network bridge and establish wireless links with other APs. Y ou need to know the MAC address of the peer device, which also must be in bridge mode. The ZyXEL Device can establis[...]

  • Page 117

    Chapter 8 Wireless Configuration ZyXEL NWA-3160 Series User’s Guide 11 7 Figure 67 Bridge Loop: T wo Bridges Connected to Hub • If your ZyXEL Device (in bridge mode) is connec ted to a wired LAN while communicating with another wireless bridge that is also connected to the same wired LAN. Figure 68 Bridge Loop: Bridge Connected to Wired LAN T o[...]

  • Page 118

    Chapter 8 Wireless Configuration ZyXEL NWA-3160 Series User’s Guide 11 8 Figure 69 Wireless: Bridge/Repeater (N WA-3160 and NW A-3163 Only) The following table describes the bridge labels in this screen. T able 37 Wireless: Bridge/Repeater (NW A-3160 and NWA-3163 Only) LABEL DESCRIPTIONS Operating Mode Select Bridge/Repeater in this field. 802.1 [...]

  • Page 119

    Chapter 8 Wireless Configuration ZyXEL NWA-3160 Series User’s Guide 11 9 See T able 35 on page 1 12 for information on the other labels in this screen. Output Power Set the output po wer of the ZyXEL D evice in this field. If there is a high density of APs in an area, decrease the output power of the ZyXEL Device to reduce interference with other[...]

  • Page 120

    Chapter 8 Wireless Configuration ZyXEL NWA-3160 Series User’s Guide 120 8.7.4 AP+Bridge Mode (N W A-3160 and NW A-3163 Only) Select AP+Bridge as the Operating Mo de in the WIRELESS > Wir eless screen to have the ZyXEL Device function as a bridge and access point simultaneously . See the section on applications for more information. Figure 70 W[...]

  • Page 121

    ZyXEL NWA-3160 Series User’s Guide 121 C HAPTER 9 Wireless Security Configuration This chapter describes how to use the Security and RADIUS screens to configure wireless security on your ZyXEL Device. 9.1 Wireless Security Overview W ireless security is vital to your network to pr otect wireless communicat ion between wirele ss stations, access p[...]

  • Page 122

    Chapter 9 Wireless Secu rity Configuration ZyXEL NWA-3160 Series User’s Guide 122 Y our ZyXEL Device allows you to configure up to four 64-bit, 128-bit or 152-bit WEP keys but only one key can be enabled at any one time. 9.2 802.1x Overview The IEEE 802.1x standard outlines enhanced security methods for both the authentication of wireless station[...]

  • Page 123

    Chapter 9 Wireless Se curity Configuration ZyXEL NWA-3160 Series User’s Guide 123 9.4.1 User Authentication WP A applies IEEE 802.1x and Extensible Auth entication Protocol (EAP) to authenticate wireless clients using a RADIUS database. See later in this chapter and the appendices for more information on IEEE 80 2.1x, RADIUS, EAP and PEAP . If yo[...]

  • Page 124

    Chapter 9 Wireless Secu rity Configuration ZyXEL NWA-3160 Series User’s Guide 124 3 The AP derives and distrib utes key informatio n to the wireless clients. The key itself is not sent over the network, but i s derived from the PSK an d information exchanged between the AP and the client. 4 The AP and wireless clients use the TKIP or AES encrypti[...]

  • Page 125

    Chapter 9 Wireless Se curity Configuration ZyXEL NWA-3160 Series User’s Guide 125 Figure 73 WP A(2) with RAD IUS Application Example 9.6 Security Modes The following table describes the security modes you can configure. T able 38 Security Modes SECURITY MODE DESCRIPTION None Select this to have no data encryption. WEP Select this to use WEP encry[...]

  • Page 126

    Chapter 9 Wireless Secu rity Configuration ZyXEL NWA-3160 Series User’s Guide 126 9.7 Wireless Client WP A Supplicant s A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WP A. At the time of writing, the most widely available supplicant is the WP A patch for W indows XP , Funk[...]

  • Page 127

    Chapter 9 Wireless Se curity Configuration ZyXEL NWA-3160 Series User’s Guide 127 Figure 74 Wireless > Security The following table describes the labels in this screen. The next screen varies according to the Security Mode you select. 9.9.1 Security: WEP Select WEP in the Security Mode field to display the following screen. " If you use W[...]

  • Page 128

    Chapter 9 Wireless Secu rity Configuration ZyXEL NWA-3160 Series User’s Guide 128 Figure 75 WIRELESS > Security: WEP The following table describes the labels in this screen. 9.9.2 Security: 802.1x Only Select 802.1x-Only in the Security Mode field to display the following screen. T able 41 Security: WEP LABEL DESCRIPTION Name T ype a name to i[...]

  • Page 129

    Chapter 9 Wireless Se curity Configuration ZyXEL NWA-3160 Series User’s Guide 129 Figure 76 Security: 802.1x Only The following table describes the labels in this screen. 9.9.3 Security: 802.1x S tatic 64-bit, 802.1x S t atic 128-bit Select 802.1x S tatic 64 or 802.1x S tatic 128 in the Security Mode field to display the following screen. T able [...]

  • Page 130

    Chapter 9 Wireless Secu rity Configuration ZyXEL NWA-3160 Series User’s Guide 130 Figure 77 Security: 802.1x Static 64-bit, 802.1x Static 128-bit The following table describes the labels in this screen. T able 43 Security: 802.1x Static 64-b it, 802.1x Sta t ic 128-bit LABEL DESCRIPTION Name T ype a name to i dentify this security profile. Securi[...]

  • Page 131

    Chapter 9 Wireless Se curity Configuration ZyXEL NWA-3160 Series User’s Guide 131 9.9.4 Security: WP A Select WP A in t he Security Mode field to display the followi ng screen. Figure 78 Security: WP A The following table describes the labels in this screen. 9.9.5 Security: WP A2 or WP A2-MIX Select WP A2 or WP A2-M IX in the Security Mode field [...]

  • Page 132

    Chapter 9 Wireless Secu rity Configuration ZyXEL NWA-3160 Series User’s Guide 132 Figure 79 Security:WP A2 or WP A2-MIX The following table describes the labels not previously discussed T able 45 Security: WPA2 or WPA2-MIX LABEL DESCRIPTIONS Name T ype a name to identify this security profile. Security Mode Choose WP A2 or WP A2-MIX in this field[...]

  • Page 133

    Chapter 9 Wireless Se curity Configuration ZyXEL NWA-3160 Series User’s Guide 133 9.9.6 Security: WP A-PSK, WP A2-PSK, WP A2-PSK-MIX Select WP A-PSK , WP A2-PSK or WP A2-PSK-MIX in the Security Mode field to display the following screen. Figure 80 Security: WP A-PSK, W P A2-PSK or WP A2-PSK-MIX The following table describes the labels not previou[...]

  • Page 134

    Chapter 9 Wireless Secu rity Configuration ZyXEL NWA-3160 Series User’s Guide 134 9.10 Introduction to RADIUS RADIUS is based on a client-sever model that supports authentication and accounting, where the access point is the client and the server is the RADIUS server . The RADIUS server handles the following tasks, among others: • Authenticatio[...]

  • Page 135

    Chapter 9 Wireless Se curity Configuration ZyXEL NWA-3160 Series User’s Guide 135 Backup If the ZyXEL Device ca nnot communicate with the Primary accounting server , you can have the ZyXEL Device use a Backu p RADIUS server . Make sure the Active check boxes are selected if you want to use backup servers. The ZyXEL Device will attempt to communic[...]

  • Page 136

    Chapter 9 Wireless Secu rity Configuration ZyXEL NWA-3160 Series User’s Guide 136[...]

  • Page 137

    ZyXEL NWA-3160 Series User’s Guide 137 C HAPTER 10 MBSSID and SSID This chapter describes how to configure and use your ZyXEL Device’ s MBSSID mode and configure SSID profiles. 10.1 Wireless LAN Infrastructures See the W ireless LAN chapter for some basic WLAN scenarios and terminology . 10.1.1 MBSSID T raditionally , you needed to u se differe[...]

  • Page 138

    Chapter 10 MBSSID and SSID ZyXEL NWA-3160 Series User’s Guide 138 The switch adds PVID (Port VLAN IDentit y) tags to incoming frames that don’t already have tags (on switch ports wh ere PVI D is enabled). Figure 82 Multiple BSS with VLAN Example 10.1.5 Configur ing Multiple BSSs Click WIRELESS > Wir eless and select MBSSID in the Operating M[...]

  • Page 139

    Chapter 10 MBSSID and SSID ZyXEL NWA-3160 Series User’s Guide 139 The following table describes the labels in this screen. T able 48 Wireless: Multiple BSS LABEL DESCRIPTION Operating Mode Select MBSSID in this field to display the screen as shown 802.1 1 Mode Select 802.1 1b Only to allow only I EEE 802.1 1b compliant WLAN devices to associate w[...]

  • Page 140

    Chapter 10 MBSSID and SSID ZyXEL NWA-3160 Series User’s Guide 140 10.2 SSID When the ZyXEL Device is set to Access Point, AP+Bridge (NW A-3160 and NW A -3163 only) or MBSSID mode, you n e ed to choose the SSID pro file(s) you want to use in your wireless network (see Section 8.6 on page 1 10 for more information on operating modes). Use the WIREL[...]

  • Page 141

    Chapter 10 MBSSID and SSID ZyXEL NWA-3160 Series User’s Guide 141 Figure 84 SSID The following table describes the labels in this screen. 10.2.2 Configuring SSID Each SSID profile references the settings configured in the following screens: T able 49 SSID LABEL DESCRIPTION Index This field displays the index number of each SSID profile. Profile N[...]

  • Page 142

    Chapter 10 MBSSID and SSID ZyXEL NWA-3160 Series User’s Guide 142 • WIRELESS > Security (one of the security profil es). • WIRELESS > RADIUS (one of the RADIUS profiles). • WIRELESS > MAC Filter (the MAC filter list , if activated in the SSID profile). • WIRELESS > Layer 2 Isolation (the layer 2 isolation list, if activated in[...]

  • Page 143

    Chapter 10 MBSSID and SSID ZyXEL NWA-3160 Series User’s Guide 143 QoS Select the Quality of Service priority for this BSS’ s traffic. • In the pre-configured V oIP_SSID profile, the QoS setting is Vo I P . This is not user-con figurable. The Vo I P setting is avail able only on the Vo I P _ S S I D profile, and provides the highest level of Q[...]

  • Page 144

    Chapter 10 MBSSID and SSID ZyXEL NWA-3160 Series User’s Guide 144[...]

  • Page 145

    ZyXEL NWA-3160 Series User’s Guide 145 C HAPTER 11 Other Wireless Configuration This chapter describes how to configure the Layer -2 Isolation and MAC Filter screens on your ZyXEL Device. 1 1.1 Layer-2 Isolation Introduction Layer-2 isol ation is used to prevent wireless clients associated with your ZyXEL Device from communicating with other wire[...]

  • Page 146

    Chapter 11 Other Wire less Configuration ZyXEL NWA-3160 Series User’s Guide 146 Figure 86 Layer-2 Isolation Application MAC addresses that are not listed in the Allow devices with these MAC addresses table are blocked from communica ting with the ZyXEL Devi ce’ s wireless clients except for broadcast packets. Layer-2 isolation does not check th[...]

  • Page 147

    Chapter 11 Other Wireless Configu ration ZyXEL NWA-3160 Series User’s Guide 147 Figure 87 WIRELESS > Layer 2 Isolation The following table describes the labels in this screen. 1 1.3 Configuring Layer-2 Isolation T o configure layer-2 isolation, click WIRELESS > Layer-2 Isolation > Edit . The screen appears as shown. " If layer-2 iso[...]

  • Page 148

    Chapter 11 Other Wire less Configuration ZyXEL NWA-3160 Series User’s Guide 148 Figure 88 WIRELESS > Layer-2 Isolat ion Configuration Screen The following table describes th e labels in this screen. 1 1.3.1 Layer-2 Isolation Examples The following section sho ws you example laye r -2 isolation configur ations on the ZyXEL Device ( A ). T able [...]

  • Page 149

    Chapter 11 Other Wireless Configu ration ZyXEL NWA-3160 Series User’s Guide 149 " When configuring, remember to select the correct layer-2 isolat ion profile in the WIRELESS > SSID > Edit screen of the relevant SSID profile. Figure 89 Layer-2 Isolation Example Co nfiguration 1 1.3.1.1 Layer-2 Isolation Example 1 In the following exampl[...]

  • Page 150

    Chapter 11 Other Wire less Configuration ZyXEL NWA-3160 Series User’s Guide 150 Figure 91 Layer-2 Isolation Example 2 1 1.4 The MAC Filter Screen The MAC filter function allows you to configur e the ZyXEL Device to give exclusive access to devices (Allow Association) or exclude de vices from accessing the ZyXEL Device (Deny Association). Every Et[...]

  • Page 151

    Chapter 11 Other Wireless Configu ration ZyXEL NWA-3160 Series User’s Guide 151 The following table describes the labels in this screen. 1 1.4.1 Configuring MAC Filtering T o change your ZyXEL Device ’ s MAC filter settings, click WIRELESS > MAC Filter > Edit . The screen appears as shown. Figure 93 MAC Addres s Filter T able 53 WIRELESS [...]

  • Page 152

    Chapter 11 Other Wire less Configuration ZyXEL NWA-3160 Series User’s Guide 152 The following table describes the labels in this screen. " T o activate MAC filtering on an SSID profi le, select the correct filter from the Enable MAC Filtering drop-down list box in the WIRELESS > SSID > Edit screen and click Apply . 1 1.5 Configuring Ro[...]

  • Page 153

    Chapter 11 Other Wireless Configu ration ZyXEL NWA-3160 Series User’s Guide 153 Figure 94 Roaming Example The steps below describe the roaming process. 1 W ireless station Y moves from the coverage area of access point AP 1 to that of access point AP 2 . 2 W ireless station Y sc ans and detects the signal of access point AP 2 . 3 W ireless statio[...]

  • Page 154

    Chapter 11 Other Wire less Configuration ZyXEL NWA-3160 Series User’s Guide 154 Figure 95 Roaming Select the Roaming Active check box and click Apply .[...]

  • Page 155

    ZyXEL NWA-3160 Series User’s Guide 155 C HAPTER 12 IP Screen This chapter discusses how to config ure IP settings on the ZyXEL Device. 12.1 Factory Ethernet Default s The Ethernet parameters of the ZyXEL Device are preset in the fact ory with the following values: 1 IP address of 192.168.1.2 2 Subnet mask of 25 5.255.255.0 (24 bits) These paramet[...]

  • Page 156

    Chapter 12 IP Screen ZyXEL NWA-3160 Series User’s Guide 156 " Regardless of your p articular situation, do not create an arbitrary IP address; always follow the guidelines above. For more informa tion on address assignment, please refer to RFC 1597, Address Alloc ation for Private Internets and RFC 1466, Guidelines for Manage ment of IP Addr[...]

  • Page 157

    ZyXEL NWA-3160 Series User’s Guide 157 C HAPTER 13 Rogue AP This chapter discusses rogue wireless access poin ts (APs) and how to c onfigure the ZyXEL Device’ s rogue AP detection feature. " Rogue AP detection features are availab le on the NW A-3160 and NW A-3163 only . 13.1 Rogue AP Introduction A rogue AP is a wireless access point oper[...]

  • Page 158

    Chapter 13 Rogue AP ZyXEL NWA-3160 Series User’s Guide 158 Figure 97 Rogue AP: Example 13.2.1 “Honeypot” Att ack Rogue APs need not be co nnected to the legitimate network to pose a severe security threat. In the following example, an attacke r ( X ) is stationed in a vehicle outside a company building, using a rogue access point equipped wit[...]

  • Page 159

    Chapter 13 Rogue AP ZyXEL NWA-3160 Series User’s Guide 159 Figure 98 “Honeypot” Att a ck 13.3 Configuring Rogue AP Detection (NW A-3160 and NW A- 3163 Only) Y ou can configure the ZyXEL Device to detect rogue IEEE 802.1 1a (5 GHz - NW A-3160 only) and IEEE 802.1 1b/g/n (2.4 GHz) APs. " Rogue AP detection is not available on the NW A-3165[...]

  • Page 160

    Chapter 13 Rogue AP ZyXEL NWA-3160 Series User’s Guide 160 13.3.1 Rogue AP: Configuration Click ROGUE AP > Configu r ation . The following screen appears. Figure 99 ROGUE AP > Configuration The following table describes the labels in this screen. 13.3.2 Rogue AP: Friendly AP The friendly AP list displays deta ils of all the access points in[...]

  • Page 161

    Chapter 13 Rogue AP ZyXEL NWA-3160 Series User’s Guide 161 Figure 100 ROGUE AP > Friendly AP The following table describes the labels in this screen. 13.3.3 Rogue AP List This list displays details of all IEEE 802.1 1a (NW A-3160 only) and IEEE 802.1 1b/g/n wireless access points within the ZyXEL Device’ s coverage area, except for the ZyXEL[...]

  • Page 162

    Chapter 13 Rogue AP ZyXEL NWA-3160 Series User’s Guide 162 Figure 101 ROGUE AP > Rogue AP The following table describes the labels in this screen. T able 59 ROGUE AP > Rogue AP LABEL DESCRIPTION Rogue AP List This displays details o f access points in the ZyXEL Device’s coverage area that are not listed in the friendly AP list (see Sect i[...]

  • Page 163

    ZyXEL NWA-3160 Series User’s Guide 163 C HAPTER 14 Remote Management Screens This chapter provides information on the Remote Management screens. 14.1 Remote Management Overview Remote management allows you to determin e which services/protocols can access which of the ZyXEL Device’ s inte rfaces (if any) from which computers. Y ou may manage yo[...]

  • Page 164

    Chapter 14 Remo te Management Screens ZyXEL NWA-3160 Series User’s Guide 164 14.2 Configuring T elnet Y ou can configure your ZyXEL Device for remote T elnet access as show n next. The administrator uses T elnet from a computer on a remote netw ork to access the ZyXEL Device. Figure 102 T elnet Configuration on a TCP/IP Network Click the REMOTE M[...]

  • Page 165

    Chapter 14 Remot e Management Screens ZyXEL NWA-3160 Series User’s Guide 165 14.3 Configuring FTP Y ou can upload and download the ZyXEL Devi ce’ s firmw are and configuration files using FTP , please see the chapter on firmware and configuration file maintenance for details. T o use this feature, your computer must have an FTP client. T o chan[...]

  • Page 166

    Chapter 14 Remo te Management Screens ZyXEL NWA-3160 Series User’s Guide 166 14.4 Configuring WWW T o change your ZyXEL Device’ s W orld W ide W eb settings, click REMOTE MGNT > WWW . Figure 105 Remote Mana gement: WWW The following table describes the labels in this screen. Secured Client IP Address A secured client is a “trusted” compu[...]

  • Page 167

    Chapter 14 Remot e Management Screens ZyXEL NWA-3160 Series User’s Guide 167 14.5 SNMP Simple Network Management Protocol (SNM P) i s a protocol used for ex changing management information b e tween network devices. SNMP is a memb er of the TCP/IP protocol suite. Y our ZyXEL Device support s SNMP agent functiona lity , which allows a manager stat[...]

  • Page 168

    Chapter 14 Remo te Management Screens ZyXEL NWA-3160 Series User’s Guide 168 Figure 106 SNMP Managemen t Model An SNMP managed network consis ts of two main types of comp onent: ag ents and a manager . An agent is a management software module that resi des in a managed device (the ZyXEL Device). An agent translates the local manageme nt informati[...]

  • Page 169

    Chapter 14 Remot e Management Screens ZyXEL NWA-3160 Series User’s Guide 169 14.5.2 SNMP T rap s The ZyXEL Device can send the following traps to the SNMP manager . 14.6 SNMP T rap Interface Index Some traps include an SNMP in terface index. The following ta ble maps the SNMP interface indexes to the ZyXEL Device’ s physical and virtual ports. [...]

  • Page 170

    Chapter 14 Remo te Management Screens ZyXEL NWA-3160 Series User’s Guide 170 14.6.1 SNMP v3 and Security SNMP v3 enhances security for SNMP manage ment. SNMP managers can be required to authenticate with agents before co nducting SNMP mana gement sessions. Security can be further enhanced by encryp ting the SNMP mes sages sent from the managers. [...]

  • Page 171

    Chapter 14 Remot e Management Screens ZyXEL NWA-3160 Series User’s Guide 171 Figure 107 Remote Mana gement: SNMP The following table describes the labels in this screen. T able 66 Remote Managemen t : SNMP LABEL DESCRIPTION SNMP Configuration Get Community Enter the Get Community , which is the password for the incoming Get and GetNext requests f[...]

  • Page 172

    Chapter 14 Remo te Management Screens ZyXEL NWA-3160 Series User’s Guide 172 14.6.2.1 The SNMPv3 User Profi le Screen (NW A-3165 Only) Use this screen to set up the details of SNMPv3 users. Click Configure SNMPv3 User Profile in the REMOTE MGNT > SNMP scree n. The following screen displays. Figure 108 Remote Manage ment: SNMPv3 User Profile Co[...]

  • Page 173

    Chapter 14 Remot e Management Screens ZyXEL NWA-3160 Series User’s Guide 173 The following table describes the labels in this screen. T able 67 Remote Management: SNMP User Profile LABEL DESCRIPTION Enable SNMPv3A dmin Select this box to activate the SNMPv3 administration account. The SNMPv3 administrator can issue Get and Set commands to the ZyX[...]

  • Page 174

    Chapter 14 Remo te Management Screens ZyXEL NWA-3160 Series User’s Guide 174[...]

  • Page 175

    ZyXEL NWA-3160 Series User’s Guide 175 C HAPTER 15 Internal RADIUS Server The ZyXEL Device can use its interna l RADIUS server to authenticate wireless clients. It ca n also serve as a RADIUS server to authenticate other APs and their wireless clients. For more background information on RADIUS, see Section 9.10 on page 134 . 15.1 Internal RADIUS [...]

  • Page 176

    Chapter 15 Internal RADIUS Server ZyXEL NWA-3160 Series User’s Guide 176 " The internal RADIUS server does not s upport domain accounts (DOMAIN/user). When you configure your W indows XP SP2 Wireless Zero Configuration PEAP/ MS-CHAPv2 settings, deselect the Use W indows logon name and p assword check box. When authentication beg ins, a pop-u[...]

  • Page 177

    Chapter 15 Internal RADIUS Server ZyXEL NWA-3160 Series User’s Guide 177 15.3 T rusted AP Overview A trusted AP is an AP that uses the ZyXEL De vice’ s internal RADIUS server to authenticate its wireless clients. Each wireless client must ha ve a user name and password configured in the AUTH. SER VER > T rusted Users screen. The following fi[...]

  • Page 178

    Chapter 15 Internal RADIUS Server ZyXEL NWA-3160 Series User’s Guide 178 Figure 1 10 T rusted AP Overview 1 Configure an IP address and shared secret in the T rusted AP database to authenticate an AP as a trusted AP . 2 Configure wireless client user names and passwords in the T rus ted Users database to use a trusted AP as a relay between the Zy[...]

  • Page 179

    Chapter 15 Internal RADIUS Server ZyXEL NWA-3160 Series User’s Guide 179 Figure 1 1 1 T ruste d AP Screen The following table describes the labels in this screen. 15.5 Configuring T rusted Users A trusted user entry consists of a wireless client user name and password. T o configure trusted user entries, click AUTH SERV ER > T rusted Users . T[...]

  • Page 180

    Chapter 15 Internal RADIUS Server ZyXEL NWA-3160 Series User’s Guide 180 Figure 1 12 T rusted Users Screen The following table describes the labels in this screen. T able 70 Trusted Users LABEL DESCRIPTION # This field displays the trusted user index number . Active Select this check box to have the ZyAIR authenticate wireless c lients with the s[...]

  • Page 181

    ZyXEL NWA-3160 Series User’s Guide 181 C HAPTER 16 Certificates This chapter gives background in formation about public-key certificates and explains how to use them. 16.1 Certificates Overview The ZyXEL Device can use certificates (also ca lled digital IDs) to authenticate users. Certificates are based on public -private key pairs. A certificate[...]

  • Page 182

    Chapter 16 Certificates ZyXEL NWA-3160 Series User’s Guide 182 Certification authorities maintain directory ser vers with databases of valid and revoked certificates. A directory of certificates that have been revoked before the scheduled exp iration is called a CRL (Certificate Revocation List ). The ZyXEL Device can check a peer ’ s certifica[...]

  • Page 183

    Chapter 16 Certificates ZyXEL NWA-3160 Series User’s Guide 183 Figure 1 14 Certificate Det ails 4 Use a secure method to verify that the certificate owner ha s the same information in the Thumbprint Algorithm and Thumbprint fields. The secure method may vary according to your situation. Possible examples would be over the telephon e or through an[...]

  • Page 184

    Chapter 16 Certificates ZyXEL NWA-3160 Series User’s Guide 184 Figure 1 15 My Certificates The following table describes the labels in this screen. T able 71 My Certificates LABEL DESCRIPTION PKI S torage S pace in Use This bar displays the percentage of the Zy XEL Device’s PKI storage space that is currently in use. When you are using 80% or l[...]

  • Page 185

    Chapter 16 Certificates ZyXEL NWA-3160 Series User’s Guide 185 16.6 Certificate File Format s The certification authority certific ate that yo u want to import ha s to be in one of these file formats: • Binary X.509: This is an ITU-T recommen dation that defines th e formats for X.509 certificates. • PEM (Base-64) encoded X.509: This Priv acy[...]

  • Page 186

    Chapter 16 Certificates ZyXEL NWA-3160 Series User’s Guide 186 16.7 Importing a Certificate Click CER TIFICA TES > My Certificates and then Import to open the My Certificate Import screen. Follow the instructions in this sc reen to save an exis ting certificate to the ZyXEL Device. " Y ou can import only a certificate that matches a corre[...]

  • Page 187

    Chapter 16 Certificates ZyXEL NWA-3160 Series User’s Guide 187 16.8 Creating a Certificate Click CER TIFICA TES > My Certificates and then Create to open the My Certifica te Create screen. Use this screen to have the ZyXEL Device create a self-signed certificate, enroll a certificate with a certification authorit y or generate a certification [...]

  • Page 188

    Chapter 16 Certificates ZyXEL NWA-3160 Series User’s Guide 188 Common Name Select a radio button to identify th e certifica te’s owner by IP address, domain name or e-mail address. T y pe the IP address (in dotted decimal notation), domain name or e-mail address in the field provide d. The domain name or e- mail address can be up to 31 ASCII ch[...]

  • Page 189

    Chapter 16 Certificates ZyXEL NWA-3160 Series User’s Guide 189 After you click Apply in the My Certificate Create screen, you see a screen that tells you the ZyXEL Device is generating the self-signe d certificate or certification request. After the ZyXEL Device successfully enrolls a ce rtificate or generates a certification request or a self-si[...]

  • Page 190

    Chapter 16 Certificates ZyXEL NWA-3160 Series User’s Guide 190 Figure 1 18 My Certificate Details The following table describes the labels in this screen. T able 74 My Certificate Details LABEL DESCRIPTION Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to ident ify this [...]

  • Page 191

    Chapter 16 Certificates ZyXEL NWA-3160 Series User’s Guide 191 Certificate Path Click the Refresh button to have th is read-only te xt box display the h ierarchy of certification authorities that validate th e ce rtificate (and th e certificate itself). If the issuing certification authority is one that you have imported as a trusted certificatio[...]

  • Page 192

    Chapter 16 Certificates ZyXEL NWA-3160 Series User’s Guide 192 16.10 T rusted CAs Click CER TIFICA TES > T rusted CAs to open the Tr u s t e d C A s screen. Thi s screen displays a summary list of certificates of the certification authorities that you ha ve set the ZyXEL Device to accept as trusted. The ZyXEL De vice accepts any valid certific[...]

  • Page 193

    Chapter 16 Certificates ZyXEL NWA-3160 Series User’s Guide 193 The following table describes the labels in this screen. 16.1 1 Importing a T rusted CA ’ s Certificate Click CER TIFICA TES > T rusted CAs to open the T rusted CAs screen and then click Import to open the T rusted CA Import screen. Follow the instructions in this screen to save [...]

  • Page 194

    Chapter 16 Certificates ZyXEL NWA-3160 Series User’s Guide 194 " Y ou must remove any sp aces from the certificate’ s filename before you can import the certificate. Figure 120 T rusted CA Import The following table describes the labels in this screen. 16.12 T rusted CA Certificate Det ails Click CER TIFICA TES > T rusted CAs to open th[...]

  • Page 195

    Chapter 16 Certificates ZyXEL NWA-3160 Series User’s Guide 195 Figure 121 T rusted CA Details The following table describes the labels in this screen. T able 77 T rusted CA Details LABEL DESCRIPTION Name This field displays the identifying name of this certificate . If you want to change the name, type up to 31 characters to i dentify this ke y c[...]

  • Page 196

    Chapter 16 Certificates ZyXEL NWA-3160 Series User’s Guide 196 Certifica te Information These read-only fields disp lay detailed information about the certificate . T ype This field displays genera l information about the certificat e. CA-signed me ans that a Certification Authorit y sig ned the certificate. Self-signed means that the certificate[...]

  • Page 197

    Chapter 16 Certificates ZyXEL NWA-3160 Series User’s Guide 197 SHA1 Fingerprin t This is the cert ificate’s message digest that the ZyXEL Device calculated using the SHA1 algo rithm. Y ou cannot use this va lue to verify that this is the remote host’s actual certificate because the ZyXEL Device has signed the certificate; thus causing this va[...]

  • Page 198

    Chapter 16 Certificates ZyXEL NWA-3160 Series User’s Guide 198[...]

  • Page 199

    ZyXEL NWA-3160 Series User’s Guide 199 C HAPTER 17 Log Screens This chapter contains inform ation about configuring genera l log settings and viewing the ZyXEL Device’ s logs. 17.1 Configuring V iew Log The web confi gurator allows you to look at a ll of the ZyXEL Device’ s logs in one location. Click LOGS > V iew Log . U se the Vi e w L o[...]

  • Page 200

    Chapter 17 Log Scre ens ZyXEL NWA-3160 Series User’s Guide 200 17.2 Configuring Log Settings T o change your ZyXEL De vice’ s log settings, click LOGS > Log Settings . The scre en appears as shown. Use the Log Settings screen to configure to where and when the ZyX EL Device is to send the logs and which logs and/or im mediate alerts it is to[...]

  • Page 201

    Chapter 17 Log Screens ZyXEL NWA-3160 Series User’s Guide 201 Figure 123 Log Settings The following table describes the labels in this screen. T able 79 Log Settings LABEL DESCRIPTI ON Address Info Mail Server Enter the server name or the IP address of the ma il server for the e-mail addresses specified below . If this field is left blank, logs a[...]

  • Page 202

    Chapter 17 Log Scre ens ZyXEL NWA-3160 Series User’s Guide 202 17.3 Example Log Messages This section provides descriptions of some example log messages. Log Facility Select a location from the drop down list box. The log facility allows you to log the messages to different files in the syslog server . Refer to the documentation of your syslog pr[...]

  • Page 203

    Chapter 17 Log Screens ZyXEL NWA-3160 Series User’s Guide 203 TELNET Login Successfully Someone has logged on to the router via te lnet. TELNET Login Fail Someone has failed to log on to the router via telnet. FTP Login Successfully Someone has logged on to the router via FT P . FTP Login Fail Someone has failed to log on to the router via FTP . [...]

  • Page 204

    Chapter 17 Log Scre ens ZyXEL NWA-3160 Series User’s Guide 204 17.4 Log Commands Go to the command i nterpreter interface (the Comma nd Interpreter a ppendix explains how to access and use the commands). 17.4.1 Configuring What Y ou W ant the ZyXEL Device to Log Use the sys logs load command to load the log se tting buffer th at allows you to con[...]

  • Page 205

    Chapter 17 Log Screens ZyXEL NWA-3160 Series User’s Guide 205 17.5 Log Command Example This example shows how to set the ZyXEL Device to record the error logs and alerts and then view the results. ras> sys logs load ras> sys logs category error 3 ras> sys logs save ras> sys logs display access #. time source destination notes message [...]

  • Page 206

    Chapter 17 Log Scre ens ZyXEL NWA-3160 Series User’s Guide 206[...]

  • Page 207

    ZyXEL NWA-3160 Series User’s Guide 207 C HAPTER 18 VLAN This chapter discusses how to configure VLAN on the ZyXEL Device. 18.1 VLAN A VLAN (V irtual Local Area Network) allows a physical network to be partitioned into multiple logical networks. Stations on a logical network can belong to one or more groups. Only stations within the same group can[...]

  • Page 208

    Chapter 18 VLAN ZyXEL NWA-3160 Series User’s Guide 208 18.2 Configuring VLAN The ZyXEL Device allows you to configure VL AN based on SSID profile (wireless VLAN), and / or based on your RA DIUS server (RADIUS VLAN). • When you use wireless VLAN, the ZyXEL Devi ce tags all packets from an SSID with the VLAN ID you set in the Wir eless VLA N scre[...]

  • Page 209

    Chapter 18 VLAN ZyXEL NWA-3160 Series User’s Guide 209 Figure 124 WIRELESS VLAN The following table describes the labels in this screen T able 84 WIRELESS VLAN FIELD DESCRIPTION Enable VIRTUAL LAN Select this box to enable VLAN tagging. Management VLAN ID Enter a number from 1 to 4094 to define this VLAN group. At least one device in your network[...]

  • Page 210

    Chapter 18 VLAN ZyXEL NWA-3160 Series User’s Guide 210 18.2.2 RADIUS VLAN Click VLAN > RADIUS VLAN . The following screen appe ars. Figure 125 RADIUS VLAN VLAN ID Enter a VLAN ID number from 1 to 4094. Packets coming from the WLAN using this SSID profile are tagged with the VLAN ID number by the ZyXEL Device . Different SSID profil es can use [...]

  • Page 211

    Chapter 18 VLAN ZyXEL NWA-3160 Series User’s Guide 21 1 The following table describes the labels in this screen. 18.2.3 Configuring Ma nagement VLAN Example This section shows you how to create a VLAN on an Ethernet switch. By default, the port on the ZyXEL Device is a member of the management VLAN (VLAN ID 1). The followi ng procedure shows you [...]

  • Page 212

    Chapter 18 VLAN ZyXEL NWA-3160 Series User’s Guide 212 Figure 126 Management VLAN Con figuration Example Perform the following steps in the switch web configurator: 1 Click VLAN under Advanced Appli c ation . 2 Click St a t i c V L A N . 3 Select the ACTIVE check box. 4 Ty p e a Name for the VLAN ID. 5 Ty p e a VLAN Group ID . This should be the [...]

  • Page 213

    Chapter 18 VLAN ZyXEL NWA-3160 Series User’s Guide 213 Figure 129 VLAN-Aware Switch - VLAN S tatus Follow the instructions in the Quick S tart Guide to set up yo ur ZyXEL Device for configuration. The ZyXEL Dev ice should be connected to the VLAN-aware switch. In the above example, the switch is using port 1 to connec t to your computer and po rt[...]

  • Page 214

    Chapter 18 VLAN ZyXEL NWA-3160 Series User’s Guide 214 18.2.4 Configuring Microsof t’ s IAS Server Example Dynamic VLAN assignme nt can be used with the ZyXEL Device . Dynamic VLAN assignment allows network admi nistrators to assign a speci fic VLAN (configured on the ZyXEL Device) to an individual’ s W indows Us er Account. When a wireless s[...]

  • Page 215

    Chapter 18 VLAN ZyXEL NWA-3160 Series User’s Guide 215 Figure 131 New Global Security Group 2 In VLAN Group ID Pr operties , click the Members tab. • The IAS uses group memberships to determ ine whic h user accounts belong to which VLAN groups. Click the Add button and co nfigure the VLAN group details. 3 Repeat the previous step to add each VL[...]

  • Page 216

    Chapter 18 VLAN ZyXEL NWA-3160 Series User’s Guide 216 •E n t e r a Policy friendly name that describes the policy . Each Remote Access Policy will be matched to one VLAN Gr oup. An example may be, Allow - VLAN 10 Policy . • Click Nex t . Figure 133 New Remote Access Policy for VLAN Group 2 The Conditions window displays. Select Add to add a [...]

  • Page 217

    Chapter 18 VLAN ZyXEL NWA-3160 Series User’s Guide 217 Figure 135 Adding VLAN Group 6 When the Permissions options screen displays, select Grant r emote access permission . • Click Nex t to grant access based on group membership. • Click the Edit Profile button. Figure 136 Granting Permission s and User Profile Screen s 7 The Edit Dial-in Pr [...]

  • Page 218

    Chapter 18 VLAN ZyXEL NWA-3160 Series User’s Guide 218 Figure 137 Authentication T ab Settings 8 Click the Encryption tab. Select the St r o n g e s t encryption option. This step is not required for EAP-MD5, but is performed as a safeguard. Figure 138 Encryption T ab Settings 9 Click the IP tab and select the Client may re quest an IP address ch[...]

  • Page 219

    Chapter 18 VLAN ZyXEL NWA-3160 Series User’s Guide 219 Figure 139 Connection Attributes Screen 11 The RADIUS Attribute screen displays. From the list, three RADIUS attributes will be added: • T unnel-Medium-T ype • T unnel-Pvt-Group-ID • T unnel-T ype • Click the Add button • Select T unnel-Medium-T ype • Click the Add button. Figure [...]

  • Page 220

    Chapter 18 VLAN ZyXEL NWA-3160 Series User’s Guide 220 Figure 141 802 Attribute Setting for T unnel-Medium-T ype 13 Return to the RADIUS Attribute Sc reen shown as Figure 140 on page 219 . • Select T unnel-Pvt-Group-ID. • Click Add . 14 The Attribute Information screen displays. •I n t h e Enter the attribute value in: field select St r i n[...]

  • Page 221

    Chapter 18 VLAN ZyXEL NWA-3160 Series User’s Guide 221 Figure 143 VLAN Attribute Setting for T unnel-T ype 17 Return to the RADIUS Attribute Sc reen shown as Figure 140 on page 219 . • Click the Close button. • The completed Advanced tab configuration should rese mble the following screen. Figure 144 Completed Adva nced T ab " Repeat the[...]

  • Page 222

    Chapter 18 VLAN ZyXEL NWA-3160 Series User’s Guide 222 18.2.5 Second Rx VLAN ID Example In this example, the ZyXEL Device is configured to tag packets from SSID01 with VLAN ID 1 and tag packets from SSID02 with VLAN ID 2. VLAN 1 and VLAN 2 have access to a server , S , and the Internet, as shown in the following figure. Figure 145 Second Rx VLAN [...]

  • Page 223

    Chapter 18 VLAN ZyXEL NWA-3160 Series User’s Guide 223 5 Enter a Second Rx VLAN ID . The following screen shows SSID03 tagged with a VLAN ID of 3 and a Second Rx VLAN ID of 4 . Figure 146 Configuring SSID: Second Rx VLAN ID Example 6 Click Apply to save these settings. Outgoi ng packets from clients in SSID03 are tagged with a VLAN ID of 3 , and [...]

  • Page 224

    Chapter 18 VLAN ZyXEL NWA-3160 Series User’s Guide 224[...]

  • Page 225

    ZyXEL NWA-3160 Series User’s Guide 225 C HAPTER 19 Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 19.1 Maintenance Overview The maintenanc e screens can help you view system in forma tion, upload new firmware, manage configuratio n and restart your ZyXEL Device. 19.2 Sys[...]

  • Page 226

    Chapter 19 Maintenance ZyXEL NWA-3160 Series User’s Guide 226 19.2.1 System St atistics Click Maintenance > Show S tatistics . Read-only information here includes port status, packet specific statistics and bridge link status . Also provided are "system up time" and "poll interval(s)". The Poll Interval field is configurabl[...]

  • Page 227

    Chapter 19 Maintenance ZyXEL NWA-3160 Series User’s Guide 227 Figure 149 Associa tion List The following table describes the labels in this screen. 19.4 Channel Usage (NW A-3160 and NW A-3163 Only) The Channel Usage screen shows whether a channel is used by another wireless network or not. If a chan nel is being used, you should select a channel [...]

  • Page 228

    Chapter 19 Maintenance ZyXEL NWA-3160 Series User’s Guide 228 The following table describes the labels in this screen. 19.5 F/W Upload Screen Find firmware at www .zyxel.com in a file that (usually) uses the system model name with a "*.bin" extension, for exampl e "NW A-3160.bin". The upload process uses HTTP (Hypertext T rans[...]

  • Page 229

    Chapter 19 Maintenance ZyXEL NWA-3160 Series User’s Guide 229 1 Do not turn off the ZyXEL De vice while firmware upload is in progress! After you see the Firmware Upload in Pr ocess screen, wait two minutes before logging into the ZyXEL Device again. Figure 152 Firmware Uplo ad In Process The ZyXEL Device automatically restarts in this time causi[...]

  • Page 230

    Chapter 19 Maintenance ZyXEL NWA-3160 Series User’s Guide 230 Figure 154 Firmware Upload Error 19.6 Configuration Screen See Chapter 26 on page 257 for information on how to transf er configuration files using FTP/ TFTP commands. Click MAINTENANCE > Configuration . Information related to factory defaults, back up configuration, and rest oring [...]

  • Page 231

    Chapter 19 Maintenance ZyXEL NWA-3160 Series User’s Guide 231 19.6.2 Restore Configuration Restore configuration allows you to upload a new or previously saved configuration file from your computer to your ZyXEL Device. 1 Do not turn off the ZyXEL De vice while configuration file upload is in progress. After you see a “restore configuration suc[...]

  • Page 232

    Chapter 19 Maintenance ZyXEL NWA-3160 Series User’s Guide 232 Figure 158 Configuration Upload Err or 19.6.3 Back to Factory Default s Pressing the Reset button in this section clears al l user-e ntered configuration information and returns the ZyXEL Device to its factory defau lts as shown on the screen. The following warning screen will appear .[...]

  • Page 233

    233 P ART III T roubleshooting and S pecifications T roubleshooting (235) Product Specification s (241)[...]

  • Page 234

    234[...]

  • Page 235

    ZyXEL NWA-3160 Series User’s Guide 235 C HAPTER 20 Troubleshooting This chapter offers some sugg estions to solve problems you might encounter . The potential problems are divided into the following categories. • Power , Hardware Connections, and LEDs • ZyXEL Device Access and Login • Internet Access • W ireless Router/A P T roubles hooti[...]

  • Page 236

    Chapter 20 Trou bleshooting ZyXEL NWA-3160 Series User’s Guide 236 20.2 ZyXEL Device Access and Login V I forgot the IP address for the ZyXEL Device. 1 The default IP address is 192.168.1.2 . 2 If you changed the IP addre ss and have forgotten it, you might get the IP address o f the ZyXEL Device by looking up th e IP address of the default gate [...]

  • Page 237

    Chapter 20 Trou bleshooting ZyXEL NWA-3160 Series User’s Guide 237 2 If this does not work, you have to reset the device to its factory defaults. See Section 2.2 on page 43 . V I cannot see or access the Login sc reen in the web configurator . 1 Make sure you are using the correct IP address. • The default IP address is 192.168.1.2. • If you [...]

  • Page 238

    Chapter 20 Trou bleshooting ZyXEL NWA-3160 Series User’s Guide 238 V I cannot access the SMT . See the troubleshooting suggestions for I cannot see or access the Login screen in the web configurator . Ignore the suggestions about your bro wser . V I cannot access the ZyXEL Device via th e console port. 1 Check to see if the ZyXEL Device is conn e[...]

  • Page 239

    Chapter 20 Trou bleshooting ZyXEL NWA-3160 Series User’s Guide 239 V I cannot access the Internet anymore. I had access to the Internet (with the ZyXEL Device), but my Internet connec tion is not available anymore. 1 Check the hardware connections , and make su re the LEDs are be having as expected. Se e the Quick S tart Guide and Section 1.7 on [...]

  • Page 240

    Chapter 20 Trou bleshooting ZyXEL NWA-3160 Series User’s Guide 240 7 Make sure you allow the ZyXEL Device to be remotely acces sed through the WLAN interface. Check your re mote management settings.[...]

  • Page 241

    ZyXEL NWA-3160 Series User’s Guide 241 C HAPTER 21 Product Specifications The following tables summarize the ZyXEL De vice’ s hardware and firmware features. T able 93 Hardware Specifications SPECIFICATIO N DESCRIPTION Dimensions 190x 135 x 4 0 mm Weight NW A-3160: 420g NW A-3163: 4 20g NW A-3165: 3 92g Power 12V DC, 1.5 A max. (There is no to [...]

  • Page 242

    Chapter 21 Product Specifications ZyXEL NWA-3160 Series User’s Guide 242 Output Power NW A-3160: IEEE 802.1 1b/g 54Mbps: 16dBm 24Mbps: 17dBm 6Mbps: 18dBm 1 1Mp bs: 18dBm IEEE 802.1 1a 54Mbps: 12dBm 24Mbps: 12dBm 6Mbps: 14dBm 1 1Mp bs: 14dBm NW A-3163: IEEE 802.1 1b/g 54Mbps: 20dBm 24Mbps: 21dBm 1 1Mp bs: 23dBm 6Mbps: 23dBm NW A-3165: IEEE 802.1 1[...]

  • Page 243

    Chapter 21 Product Specifications ZyXEL NWA-3160 Series User’s Guide 243 Approvals EMC: FCC Class B, CE-EMC Class B, C-T ick Class B, Safety: CSA International, CE EN60950-1 Plenum Rating The ZyXEL Device’s housing is treated with fire-retardant chemicals. In the event of fire, plenum-rated materials burn more slowly an d produce less smoke tha[...]

  • Page 244

    Chapter 21 Product Specifications ZyXEL NWA-3160 Series User’s Guide 244 W all-mounting Instructions Complete the following step s to hang your ZyXEL Device on a wall. " See T able 93 on p age 241 for the size of screws to use and how far ap art to place them. 1 Select a position free of obstructions on a sturdy wall. 2 Drill two holes for t[...]

  • Page 245

    Chapter 21 Product Specifications ZyXEL NWA-3160 Series User’s Guide 245 Figure 161 W all-mounting Example The following are dimension s of an M4 tap screw and masonry plug used for wall mounting. All measurements are in millimeters (mm). Figure 162 Masonry Plug and M4 T ap Screw Power Adaptor Specifications T able 95 North Am erican Plug St anda[...]

  • Page 246

    Chapter 21 Product Specifications ZyXEL NWA-3160 Series User’s Guide 246 Power over Ethernet (PoE) S pecifications Y ou can use a power over Et hernet injector to power this device . The injector must comply to IEEE 802.3af. Power Co nsumption 6 W Max Safety S tandards UL, CUL (UL60950 Third Ed ition, CSA C22.2 No. 60950) T able 96 European Plug [...]

  • Page 247

    Chapter 21 Product Specifications ZyXEL NWA-3160 Series User’s Guide 247 1 Output T ransmit Data + 2 Output T ransmit Data - 3 Receive Data + 4 Power + 5 Power + 6 Receive Data - 7 Power - 8 Power - T able 100 Power over Ethernet Injector RJ- 4 5 Port Pin Assignments 123456 78[...]

  • Page 248

    Chapter 21 Product Specifications ZyXEL NWA-3160 Series User’s Guide 248[...]

  • Page 249

    249 P ART IV Appendices and Index Setting up Y our Computer ’ s IP Address (263) W ireless LANs (263) Pop-up W indows, JavaScripts and Java Permissions (277) IP Addresses and Subnetting (283) T ext File Based Auto Configuration (291) Legal Information (299) Customer Support (303) Index (309)[...]

  • Page 250

    250[...]

  • Page 251

    ZyXEL NWA-3160 Series User’s Guide 251 A PPENDIX A Setting up Y our Computer ’ s IP Address All computers must have a 10M or 100M Et hernet adapter card and TCP/IP installed. W indows 95/98/Me/NT/2000/XP , Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP[...]

  • Page 252

    Appendix A Setting up Your Computer’s IP Address ZyXEL NWA-3160 Series User’s Guide 252 Figure 163 WIndows 95/98 /Me: Networ k: Configuratio n Inst alling Components The Network window Configuration tab displays a list of installed components. Y ou need a network adapter , the TCP/IP protocol and Client for Microsoft Netwo rks. If you need the [...]

  • Page 253

    Appendix A Setting up Your Computer’s IP Address ZyXEL NWA-3160 Series User’s Guide 253 Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • If your IP address is dynamic, select Obtain an IP address automatically . • If you have a static IP[...]

  • Page 254

    Appendix A Setting up Your Computer’s IP Address ZyXEL NWA-3160 Series User’s Guide 254 Figure 165 Windows 95/98/Me : TCP/IP Pr operties: DNS Configuration 4 Click the Gateway tab. • If you do not know you r gateway’ s IP addr ess, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field a[...]

  • Page 255

    Appendix A Setting up Your Computer’s IP Address ZyXEL NWA-3160 Series User’s Guide 255 Figure 166 Windows XP: S tart Menu 2 For W indows XP , click Network Connections . For W indows 2000/NT , click Network and Dial-up Connections . Figure 167 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Pr operties .[...]

  • Page 256

    Appendix A Setting up Your Computer’s IP Address ZyXEL NWA-3160 Series User’s Guide 256 Figure 168 Windows XP: Control Panel: Network Connections: Pro perties 4 Select Internet Protocol (TCP/IP) (under the Genera l tab in W in XP) and click Properties . Figure 169 Windows XP: Local Area Conne ction Properties 5 The Internet Protocol TCP/IP Prop[...]

  • Page 257

    Appendix A Setting up Your Computer’s IP Address ZyXEL NWA-3160 Series User’s Guide 257 Figure 170 Windows XP: Advanced TCP/IP Settings 6 If you do not know your gateway's IP address, remove any previously installe d gateways in the IP Settin gs tab and click OK . Do one or more of the fo llowing if you want to configure additi onal IP add[...]

  • Page 258

    Appendix A Setting up Your Computer’s IP Address ZyXEL NWA-3160 Series User’s Guide 258 If you have previously co nfigured DNS servers, click Advanced and then the DNS tab to order them. Figure 171 Windows XP: Internet Protocol (TCP/IP) Propert ies 8 Click OK to close the Internet Protocol (TCP/IP) Properties window . 9 Click OK to close the Lo[...]

  • Page 259

    Appendix A Setting up Your Computer’s IP Address ZyXEL NWA-3160 Series User’s Guide 259 Figure 172 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 173 Macintosh O S 8/9: TC P/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do[...]

  • Page 260

    Appendix A Setting up Your Computer’s IP Address ZyXEL NWA-3160 Series User’s Guide 260 • T ype your IP address in the IP Address box. • T ype your subnet mask in the Subnet mask box. • T ype the IP address of your ZyXEL Device in the Router address box. 5 Close the TCP/IP Contr ol Panel . 6 Click Save if prompted, to save chan ges to you[...]

  • Page 261

    Appendix A Setting up Your Computer’s IP Address ZyXEL NWA-3160 Series User’s Guide 261 Figure 175 Macintosh O S X: Netw ork 4 For statically assigned settings, do the following: •F r o m t h e Configure box, select Manually . • T ype your IP address in the IP Address box. • T ype your subnet mask in the Subnet mask box. • T ype the IP [...]

  • Page 262

    Appendix A Setting up Your Computer’s IP Address ZyXEL NWA-3160 Series User’s Guide 262[...]

  • Page 263

    ZyXEL NWA-3160 Series User’s Guide 263 A PPENDIX B W ireless LANs Wireless LAN T opologies This section discusses ad-hoc and in frastructure w ireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an inde pendent (Ad-hoc) WLAN that connects a se t of computers with wireless adapters (A, B, C). An y time two [...]

  • Page 264

    Appendix B Wireless LANs ZyXEL NWA-3160 Series User’s Guide 264 Figure 177 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlappi ng BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type o[...]

  • Page 265

    Appendix B Wir eless LANs ZyXEL NWA-3160 Series User’s Guide 265 Figure 178 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.1 1a/b/g wireless devices. Channels available depend on your ge ographical area. Y ou may have a choice of channels (for your region) so you should use a dif ferent channel th an an adjacen[...]

  • Page 266

    Appendix B Wireless LANs ZyXEL NWA-3160 Series User’s Guide 266 Figure 179 RTS /C T S When station A sends data to the AP , it might not know that the station B is already using the channel. If these two stations se nd data at the same time, collis ions may occur when both sets of data arrive at the AP at the same time, r esulting in a loss of me[...]

  • Page 267

    Appendix B Wir eless LANs ZyXEL NWA-3160 Series User’s Guide 267 If the Fragmentation Threshold value is smaller than the RT S /C T S value (see previously) you set then the R TS (Request T o Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmen ted before they reach R TS/CTS size. Preamble T ype Preamble is used to [...]

  • Page 268

    Appendix B Wireless LANs ZyXEL NWA-3160 Series User’s Guide 268 W ireless security methods availabl e on the ZyXEL Device are data encryption, wireless client authentication, restricting access by devi ce MAC address and hiding the ZyXEL Device identity . The following figure shows th e relative effectiveness of th ese wireless security methods a[...]

  • Page 269

    Appendix B Wir eless LANs ZyXEL NWA-3160 Series User’s Guide 269 Determines the network services available to authenticated users once they are connected to the network. • Accounting Keeps track of the client’ s network activity . RADIUS is a simple package exchange in whic h your AP acts as a message rela y between the wireless client and th[...]

  • Page 270

    Appendix B Wireless LANs ZyXEL NWA-3160 Series User’s Guide 270 For EAP-TLS authentication type, you must firs t hav e a wired connection to the network and obtain the certificate(s) from a certificate authorit y (CA). A certificate (als o called digital IDs) can be used to authenticate users and a CA issu es certificates and guar antees the iden[...]

  • Page 271

    Appendix B Wir eless LANs ZyXEL NWA-3160 Series User’s Guide 271 Dynamic WEP Key Exchange The AP maps a unique ke y that is generated w ith the RADIUS se rver . This key expires when the wireless connection times out, disconnects or reauthentic ation times out. A new WEP key is generated each time r eauthentication is performed. If this feature i[...]

  • Page 272

    Appendix B Wireless LANs ZyXEL NWA-3160 Series User’s Guide 272 Encryption Both WP A and WP A2 improve data encryp tion by using T emporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IE EE 802.1x. WP A and WP A2 use Advanced Encryption S tandard (AES) in the Counter mode with Cipher block chaining Message authentication code [...]

  • Page 273

    Appendix B Wir eless LANs ZyXEL NWA-3160 Series User’s Guide 273 Wireless Client WP A Supplicant s A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WP A. At the time of writing, the most widely available supplicant is the WP A patch for W indows XP , Funk Software's Odys[...]

  • Page 274

    Appendix B Wireless LANs ZyXEL NWA-3160 Series User’s Guide 274 4 The AP and wireless clients use the TKIP or AES encryption process to encrypt data exchanged between them. Figure 181 WP A(2)-PSK Authentication Security Parameters Summary Refer to this table to see what other secur ity parameters you should configure for each Authentication Metho[...]

  • Page 275

    Appendix B Wir eless LANs ZyXEL NWA-3160 Series User’s Guide 275 Antenna Characteristics Frequency An antenna in the frequency of 2.4GHz (IEEE 802.11 b) or 5GHz(IEEE 802.1 1a) is needed to communicate efficiently in a wireless LAN. Radiation Pattern A radiation pattern is a diagra m that allows you to visualize the shape of the antenna’ s cover[...]

  • Page 276

    Appendix B Wireless LANs ZyXEL NWA-3160 Series User’s Guide 276 For omni-directional antennas mounted on a table, desk, and so on, point the antenna up. For omni-directional antennas mounted on a wall or ceiling, point the antenn a down. For a single AP application, place omni-directional antennas as close to the center of the coverage area as po[...]

  • Page 277

    ZyXEL NWA-3160 Series User’s Guide 277 A PPENDIX C Pop-up Windows, JavaScript s and Java Permissions In order to use the web configurator you need to allow: • W eb browser pop-u p windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). " Internet Explorer 6 screens are u sed here. Screens [...]

  • Page 278

    Appendix C Pop-up Windows, JavaScripts and Java Perm issions ZyXEL NWA-3160 Series User’s Guide 278 2 Clear the Block pop-ups check box in the Pop-up Block e r section of the screen. This disables any web po p-up blockers you may have enabled . Figure 183 Internet Options: Privacy 3 Click Apply to save this setting. Enable pop-up Blockers with Ex[...]

  • Page 279

    Appendix C Pop-up Windows, JavaScripts and Java Per m issions ZyXEL NWA-3160 Series User’s Guide 279 Figure 184 Internet Options: Privacy 3 T ype the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allo[...]

  • Page 280

    Appendix C Pop-up Windows, JavaScripts and Java Perm issions ZyXEL NWA-3160 Series User’s Guide 280 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScript s If pages of the web configura tor do not display properly in Internet Explorer , ch eck that JavaScripts are allowed. 1 In Internet Explorer , click T o[...]

  • Page 281

    Appendix C Pop-up Windows, JavaScripts and Java Per m issions ZyXEL NWA-3160 Series User’s Guide 281 Figure 187 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer , click To o l s , Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM . 4 Under Java permissions mak[...]

  • Page 282

    Appendix C Pop-up Windows, JavaScripts and Java Perm issions ZyXEL NWA-3160 Series User’s Guide 282 JA V A (Sun) 1 From Internet Explorer , click To o l s , Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is sele cted. 3 Click OK to clos e the window . Figure 189 Java (Sun)[...]

  • Page 283

    ZyXEL NWA-3160 Series User’s Guide 283 A PPENDIX D IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify ind ividual devices on a network. Every networking device (includin g computers, servers, routers, printe rs, etc.) ne eds an IP address to communicate across the network. These networking de[...]

  • Page 284

    Appendix D IP Addresses a nd Subnetting ZyXEL NWA-3160 Series User’s Guide 284 Figure 190 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the s ubnet mask. Subnet Masks A subnet mask is used to dete rmine which bits are part of th e network number , and which bits are par[...]

  • Page 285

    Appendix D IP Addresses and Subnetting ZyXEL NWA-3160 Series User’s Guide 285 Subnet masks are expressed in dotted decimal no tation just like IP addresses. The follow ing examples show the binary and decimal not ation for 8-bit, 16-bit, 24-bit an d 29-bit subnet masks. Network Size The size of the network number determines the maximum number of [...]

  • Page 286

    Appendix D IP Addresses a nd Subnetting ZyXEL NWA-3160 Series User’s Guide 286 Subnetting Y ou can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the c ompany network for security reasons. In this example, the[...]

  • Page 287

    Appendix D IP Addresses and Subnetting ZyXEL NWA-3160 Series User’s Guide 287 Figure 192 Subnetting Example: Af ter Subnetting In a 25-bit subnet the host ID has 7 bits , so each sub-network has a maximum of 2 7 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’ s address itself, all ones is the subnet’ s broadcast address). [...]

  • Page 288

    Appendix D IP Addresses a nd Subnetting ZyXEL NWA-3160 Series User’s Guide 288 Example: Eight Subnet s Similarly , use a 27-bit mask to create eight subnets (000, 00 1, 010, 01 1, 100, 101, 1 10 and 111 ) . The following table shows IP address last octet values for each subnet. T able 1 10 Subnet 2 IP/SUBNET MASK NETWORK NUMBER LAST O CTET BIT VA[...]

  • Page 289

    Appendix D IP Addresses and Subnetting ZyXEL NWA-3160 Series User’s Guide 289 Subnet Planning The following table is a summary for su bnet planning on a network with a 24-bit network number . The following table is a summary for su bnet planning on a network with a 16-bit network number . 5 128 129 158 159 6 160 161 190 191 7 192 193 222 223 8 22[...]

  • Page 290

    Appendix D IP Addresses a nd Subnetting ZyXEL NWA-3160 Series User’s Guide 290 Configuring IP Addresses Where you obtain your netwo rk number depends on yo ur particular situation. If the ISP or your network administrator assigns yo u a bloc k of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.[...]

  • Page 291

    ZyXEL NWA-3160 Series User’s Guide 291 A PPENDIX E T ext File Based Auto Configuration This chapter describes how admini strators can use text configuration files to configure the wireless LAN settings for multiple APs. T ext File Based Auto Configuration Overview Y ou can use plain text configuration files to configure the wireless LAN settings [...]

  • Page 292

    Appendix E Tex t File Ba sed Auto Configuration ZyXEL NWA-3160 Series User’s Guide 292 " If adjacent APs use the same c onfiguration file, you should leave out the channel setting since they could in terfere with each other ’s wire less traffic. Auto Configuration by DHCP A DHCP response can use options 66 and 67 to assign a TFTP server IP[...]

  • Page 293

    Appendix E Text File Based Auto Configuration ZyXEL NWA-3160 Series User’s Guide 293 V erifying Y our Configuration File Upload Via SNMP Y ou can use SNMP management software t o disp lay the configuration file version cu rrently on the device by using the fol lowing MIB. T roubleshooting Via SNMP If you have any dif ficulties with the configurat[...]

  • Page 294

    Appendix E Tex t File Ba sed Auto Configuration ZyXEL NWA-3160 Series User’s Guide 294 If there are any errors while processing the config uration file, the AP generates a message with the line number and reason for the first error (s ubsequent errors during the processing of an individual config uration file are not recorded). Y ou can use SNMP [...]

  • Page 295

    Appendix E Text File Based Auto Configuration ZyXEL NWA-3160 Series User’s Guide 295 Figure 196 802.1X Configuration File Example Figure 197 WP A-PSK Configuration File Example !#ZYXEL PROWLAN !#VERSION 12 wcfg security 2 name Test-8021x wcfg security 2 mode 8021x-static12 8 wcfg security 2 wep key1 abcdefghijk lm wcfg security 2 wep key2 bcdefgh[...]

  • Page 296

    Appendix E Tex t File Ba sed Auto Configuration ZyXEL NWA-3160 Series User’s Guide 296 Figure 198 WP A Configuration File Example Wlan Command Configuration File Example This example configur ation file uses the wlan command to configure the AP to use the security and SSID profiles from the wcfg command co nfiguration f ile examples and general w[...]

  • Page 297

    Appendix E Text File Based Auto Configuration ZyXEL NWA-3160 Series User’s Guide 297 Figure 199 Wlan Configuration File Example !#ZYXEL PROWLAN !#VERSION 15 wcfg ssid 1 name ssid-wep wcfg ssid 1 security Test-wep wcfg ssid 2 name ssid-8021x wcfg ssid 2 security Test-8021x wcfg ssid 2 radius radius-rd wcfg ssid 3 name ssid-wpapsk wcfg ssid 3 secur[...]

  • Page 298

    Appendix E Tex t File Ba sed Auto Configuration ZyXEL NWA-3160 Series User’s Guide 298[...]

  • Page 299

    ZyXEL NWA-3160 Series User’s Guide 299 A PPENDIX F Legal Information Copyright Copyright © 2008 by ZyXEL Communications Corporation. The contents of this publication may not be reprod uced in any part or as a whole, transcribed, stored in a retrieval system, tran slated into any language, or transmitted in any form or by any means, el ectronic, [...]

  • Page 300

    Appendix F L egal Information ZyXEL NWA-3160 Series User’s Guide 300 If this device does cause harmful inte rference to radio/television reception, which can be determined by turning th e device off and on, the user is enc ouraged to try to correct the interference by one or more of the following measures: 1 Reorient or relocate the receiving ant[...]

  • Page 301

    Appendix F Legal Information ZyXEL NWA-3160 Series User’s Guide 301 Vie wing Certifications 1 Go to http://www .zyxel.com . 2 Select your product on the ZyXEL home pag e to go to that product's page. 3 Select the certification you wish to view from this page. ZyXEL Limited W arranty ZyXEL warrants to the original en d user (purchaser) that t[...]

  • Page 302

    Appendix F L egal Information ZyXEL NWA-3160 Series User’s Guide 302[...]

  • Page 303

    [Document Title] 303 A PPENDIX G Customer Support In the event of problems that cannot be solved by using this manual, you should contact your vendor . If you cannot contact yo ur vendor , then contac t a ZyXEL office for the region in which you bought the dev ice. Regional of fices are listed below (see also http:// www .zyxel.com/web/conta ct_us.[...]

  • Page 304

    Appendix G Custo mer Support [Document Title] 304 • Address: 1005F , ShengGao Internationa l T ower , No.137 XianXia Rd., Shanghai • W eb: http://www .zyxel.cn Cost a Rica • Support E-mail: soporte@zyxel.co.cr • Sales E-mail: sales@zyxel.co.cr • T elephone: +506-2017878 • Fax: +506-2 015098 • W eb: www .zyxel.co.cr • Re g u l ar M a[...]

  • Page 305

    Appendix G Custome r Support [Document Title] 305 Germany • Support E-mail: support@zyxel.de • Sales E-mail: sales@zyxel.de • T elephone: +49-2405-6909-69 • Fax: +49-2405-6909-99 • W eb: www .zyxel.de • Re g ul a r Ma i l: ZyXEL Deut schland GmbH., Adenauerstr . 20/A2 D-52146, W u erselen, Germany Hungary • Support E-mail: support@zyx[...]

  • Page 306

    Appendix G Custo mer Support [Document Title] 306 Malaysia • Support E-mail: support@zyxel.com.my • Sales E-mail: sales@zyxel.com.my • T elephone: +603-8076-9933 • Fax: +603-8076- 9833 • W eb: http://www .zyxel.com.my • Regular Mail: ZyXEL Malaysia Sdn Bhd., 1-02 & 1-03, Jalan Kenari 17F , Bandar Puchong Jaya, 47100 Puchong, Selango[...]

  • Page 307

    Appendix G Custome r Support [Document Title] 307 Singapore • Support E-mail: support@zyxel.com.sg • Sales E-mail: sales@zyxel.com.sg • T elephone: +65-6899-6678 • Fax: +65-6899-8887 • W eb: http://www .zyxel.com.sg • Regular Mail: ZyXEL Singapore Pte Ltd., No. 2 International Business Park, The Strategy #03-28, Sin gapore 609930 Spain [...]

  • Page 308

    Appendix G Custo mer Support [Document Title] 308 T urkey • Support E-mail: cso@zyxel.com.tr • T elephone: +90 212 222 55 22 • Fax: +90-212-220-2 526 • W eb: http:www .zyxel.com.tr • Address: Kaptanpasa Mahallesi Piyalep asa Bulvari Ortadogu Plaza N:14/13 K:6 Okmeydani/Sisli Istanbul/T urkey Ukraine • Support E-mail: su pport@ua.zyxel.c[...]

  • Page 309

    Index ZyXEL NWA-3160 Series User’s Guide 309 Index A access 32 access point 32 access privileges 34 address assignment 155 address filtering 31 administrator authentication on RADIU S 98 Advanced Encryption St andard See AES. AES 272 alternative subnet mask notation 285 antenna 241 directional 275 gain 275 omni-directional 275 AP 31 , 32 , 33 , 1[...]

  • Page 310

    Index ZyXEL NWA-3160 Series User’s Guide 310 Dynamic Frequency Selection 11 0 dynamic WEP key exchange 271 E EAP 121 , 122 EAP authentication 269 encryption 34 , 123 , 272 ESS 104 , 264 ESS IDentification 104 ESSID 239 Extended Service Se t 104 see ESS Extended Service Se t IDentification 11 3 , 11 5 , 139 F FCC interf erence statemen t 299 file [...]

  • Page 311

    Index ZyXEL NWA-3160 Series User’s Guide 31 1 MBSSID 31 , 34 Message Integrity Check (MIC) 272 mobile access 31 mode 31 models covered 31 MSDU 92 , 11 3 , 11 5 , 11 8 , 139 N NA T 290 network 31 network access 31 network bridge 32 network traffic 31 O operating mode 31 out-of-band management 21 1 P Pairwise Master Key (PMK) 272 , 273 passwor d 98[...]

  • Page 312

    Index ZyXEL NWA-3160 Series User’s Guide 312 STP (S panning T ree Protocol) 24 3 STP path cost s 109 STP port states 11 0 STP terminology 109 subnet 283 subnet mask 243 , 284 subnetting 286 syntax conventions 4 system name 97 system timeout 163 T tagged VLAN example 21 1 telnet 164 temperature 242 T emporal Ke y Integrity Protocol (TKIP) 272 text[...]

  • Page 313

    Index ZyXEL NWA-3160 Series User’s Guide 313[...]

  • Page 314

    Index ZyXEL NWA-3160 Series User’s Guide 314[...]