ZyXEL Communications NWA-3550 manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation ZyXEL Communications NWA-3550. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel ZyXEL Communications NWA-3550 ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation ZyXEL Communications NWA-3550 décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation ZyXEL Communications NWA-3550 devrait contenir:
- informations sur les caractéristiques techniques du dispositif ZyXEL Communications NWA-3550
- nom du fabricant et année de fabrication ZyXEL Communications NWA-3550
- instructions d'utilisation, de réglage et d’entretien de l'équipement ZyXEL Communications NWA-3550
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage ZyXEL Communications NWA-3550 ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles ZyXEL Communications NWA-3550 et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service ZyXEL Communications en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées ZyXEL Communications NWA-3550, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif ZyXEL Communications NWA-3550, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation ZyXEL Communications NWA-3550. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    www.zyxel.com www.zyxel.com NWA-3500/NWA-3550 802.11a/g Dual Radi o Wireless Business AP 802.11a/g Dual Radio Ou tdoor WLAN Business AP Copyright © 2009 ZyXEL Communications Corporation Firmware Version 3.7 Edition 2, 8/2009 Default Login Details IP Address http://192.168.1.2 Password 1234[...]

  • Page 2

    [...]

  • Page 3

    About This User's Guide NWA-3500/NWA-3550 User’s Guide 3 About This User's Guide Intended Audience This manual is intended for peo ple who want to configure the NWA using the web configurator. You should have at least a basic knowledge of TCP /IP networking concepts and topology. Related Documentation •Q u i c k S t a r t G u i d e Th[...]

  • Page 4

    About This User's Guide NWA-3500/NWA-3550 User’s Guide 4 Customer Support In the event of problems th at cannot be solved by using this manual, you should contact your vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in which you boug ht the device. See http://www.zyxel.c om/ web/contac t_us.php for conta[...]

  • Page 5

    Document Conventions NWA-3500/NWA-3550 User’s Guide 5 Document Conventions Warnings and Notes These are how warnings and notes ar e shown in this User’s Guide. Warnings tell you about things that could ha rm you or your NWA. Note: Notes tell you o ther important informat ion ( for example, other things you may need to configure or helpful tips)[...]

  • Page 6

    Document Conventions NWA-3500/NWA-3550 User’s Guide 6 Icons Used in Figures Figures in this User’s Guide may use the following generic icon s. The NWA icon i s not an exact representation of your NWA. Table 1 Common Icons NWA Computer Notebook Server Printer Telephone Switch Router Internet Cloud Firewall DSLAM Wireless Signal[...]

  • Page 7

    Safety Warnings NWA-3500/NWA-3550 User’s Guide 7 Safety Warnings • Do NOT expose your device to dampness, du st or corrosive liquids. • Do NOT store things on top of the device. • Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning. • Connect ONLY suitable accessories [...]

  • Page 8

    Safety Warnings NWA-3500/NWA-3550 User’s Guide 8[...]

  • Page 9

    Contents Overview NWA-3500/NWA-3550 User’s Guide 9 Contents Overview Introduction .......................................... ..................................................... ................... .......... 21 Introducing the NWA ............. ............. ................ ............. ................ ............. ................ ....... [...]

  • Page 10

    Contents Overview NWA-3500/NWA-3550 User’s Guide 10[...]

  • Page 11

    Table of Contents NWA-3500/NWA-3550 User’s Guide 11 Table of Contents About This User's Guide ................................................................ ........................................ .. 3 Document Conventions.................................................................. ......................................... .5 Safety[...]

  • Page 12

    Table of Contents NWA-3500/NWA-3550 User’s Guide 12 2.3.1 Methods of Restoring Fact ory-Defaults .. ............. ............. ................ ............. ............. 38 2.4 Navigating the Web Configurator ................. .......... ............. ............ ................. ............ ....... 39 Chapter 3 Tutorial ...................[...]

  • Page 13

    Table of Contents NWA-3500/NWA-3550 User’s Guide 13 3.6.4.2 Primary AP Controller ...... ................ ............. ................ ............. ..... 75 3.6.5 Setting Your NWA in Managed AP Mode ..................... ................ ................ ............. 75 3.6.6 Configuring the Managed Access Points Li s t ................ .....[...]

  • Page 14

    Table of Contents NWA-3500/NWA-3550 User’s Guide 14 7.1 Overview ... ............. ............. ................ ............. ............. ................ ............. ............. . .......... 109 7.1.1 What You C an Do in the System Screens ....... ................ ................ ............. ........... 109 7.1.2 What You N eed To Kno[...]

  • Page 15

    Table of Contents NWA-3500/NWA-3550 User’s Guide 15 9.3.3.2 ATC +WMM from WLAN to LAN ................ ................ ............. ...... 152 9.3.4 Type O f Service (ToS) ................. ............. ................. ............ ............. ................ ..... 152 9.3.4.1 DiffS erv ............... ............. ............. ........[...]

  • Page 16

    Table of Contents NWA-3500/NWA-3550 User’s Guide 16 Chapter 14 IP Screen.......................................................... ..................................................... ....... .......... 183 14.1 Overview .............. ............. ............. ................ ............. ............. ................ ............. .. ....[...]

  • Page 17

    Table of Contents NWA-3500/NWA-3550 User’s Guide 17 Chapter 18 Certificates ................................. ..................................................... ............................. ......... 217 18.1 Overview .............. ............. ............. ................ ............. ............. ................ ............. .. ....[...]

  • Page 18

    Table of Contents NWA-3500/NWA-3550 User’s Guide 18 20.3.3.2 Configuring Remo te Access Policies .............. ................ ............ 255 20.3.4 Second Rx VLAN ID Example ........... ............. ............. ............. ................ ............. . 263 20.3.4.1 Second Rx VLAN Setup Example ..................... ................ .[...]

  • Page 19

    Table of Contents NWA-3500/NWA-3550 User’s Guide 19 24.6 Wireless Router/AP Troubleshooting ......... .......... ............. ............ ................. ............ ..... 295 Chapter 25 Product Specifications ........................................................................................ ................. 297 Part IV: Appendices an[...]

  • Page 20

    Table of Contents NWA-3500/NWA-3550 User’s Guide 20[...]

  • Page 21

    21 P ART I Introduction Introducing the NWA (23) The Web Configurator (37) Status Screens (83) Management Mode (87) Tutorial (41)[...]

  • Page 22

    22[...]

  • Page 23

    NWA-3500/NWA-3550 User’s Guide 23 C HAPTER 1 Introducing the NWA Note: This User’s Guide includes the NW A-3500 and the NWA-3550. Illustrations used throughout this book are based on th e NWA-3500 (unless otherwise stated). The Web Configu ration screens are based on the NWA-3500 (unless otherwise stated). 1.1 Overview This chapter introduces t[...]

  • Page 24

    Chapter 1 Introducing the NWA NWA-3500/NWA-3550 User’s Guide 24 1.2 Applications for the NWA The NWA can be configured to use the following WLAN operating modes: • Access Point ( AP) •B r i d g e / R e p e a t e r •A P + B r i d g e •M B S S I D Applications for each operati ng mode are shown below. Note: A different channel should be con[...]

  • Page 25

    Chapter 1 In troducing the NWA NWA-3500/NWA-3550 User’s Guide 25 1.2.2 Bridge / Repeater The NWA can act as a wirele ss network bridge and establish wireless li nks with other APs. In the fig ure below, the tw o NWAs ( A and B ) are connected to independent wired net works and have a bridge connection ( A can commun icate with B ) at the same tim[...]

  • Page 26

    Chapter 1 Introducing the NWA NWA-3500/NWA-3550 User’s Guide 26 Figure 3 Repeater Application 1.2.2.1 Bridge / Re peater Mode Example In the example below, when both NWAs are in Bridge / Repeate r mode, th ey form a WDS (Wireless Distribution Syst em) allowing the computers in LAN 1 to connect to the computers in LAN 2 . Figure 4 Bridging Example[...]

  • Page 27

    Chapter 1 In troducing the NWA NWA-3500/NWA-3550 User’s Guide 27 • If two or more NWAs (in bridge mo de) are connected to the same hub. Figure 5 Bridge Loo p: Two Bridges Connected to Hub • If your NWA (in bridge mod e) is connected to a wired LAN while communicating with another wireless bridge that is also connected to the same wired LAN. F[...]

  • Page 28

    Chapter 1 Introducing the NWA NWA-3500/NWA-3550 User’s Guide 28 1.2.3 AP + Bridge In AP + Bridge mode, the NWA supports bo th AP and b ridge connection at the same time. In the figure below, A and B use X as an AP to access the wired netw ork, while X and Y communicate in bridge mode. When the NWA is in AP + Bridge mo de, security between APs (WD[...]

  • Page 29

    Chapter 1 In troducing the NWA NWA-3500/NWA-3550 User’s Guide 29 provides multiple virtual APs, each forming its own BSS and using its own individual SSID profile. You can configure up to sixt een SSID profil es, and have up to eight active at any one time. You can assign different wireless and secu rity settings to each SSID profile. This allows[...]

  • Page 30

    Chapter 1 Introducing the NWA NWA-3500/NWA-3550 User’s Guide 30 1.2.5 Pre-Configured SSID Profiles The NWA has two pre-configured SSID profiles. • VoIP_SSID . This profile is intended for use by wireless clients requiring the highest QoS level for VoIP telephony and other applications requiring low latency. The QoS level of this profile is not [...]

  • Page 31

    Chapter 1 In troducing the NWA NWA-3500/NWA-3550 User’s Guide 31 1.3 CAPWAP The NWA supports Control And Provisioning of Wireless Access Points (CAPWAP). This is ZyXEL’s implementati on of the In ternet Engineering Task Force’s (IETF) CAPWAP protocol. ZyXEL’s CAPWAP allows a single acc ess point to manage up to eight other access points. Th[...]

  • Page 32

    Chapter 1 Introducing the NWA NWA-3500/NWA-3550 User’s Guide 32 1.4 Ways to Manage the NWA Use any of the following methods to manage the NWA. • Web Configurator. This is recommended for ev eryday management of the NWA using a (supported) web browser. • Command Line In terface (CLI). Line commands are mostly used for troubleshooting by servic[...]

  • Page 33

    Chapter 1 In troducing the NWA NWA-3500/NWA-3550 User’s Guide 33 1.6.1 Control Access to Your Device Ensure only people with permission can acc ess your NWA. • Control physical access by locati ng devi ces in secure areas, such as locked rooms. Most NWAs have a re set button. If an unaut horized person has access to the reset button, they can t[...]

  • Page 34

    Chapter 1 Introducing the NWA NWA-3500/NWA-3550 User’s Guide 34 1.7 Hardware Connections See your Quick Start Guide for information on making hardware connections. 1.7.1 Antennas Your NWA has two wireless L AN adaptors, WLAN1 and WLAN2. WLAN1 uses the RF1 antenna or the antenna on the right (when facing the device). WLAN2 uses the RF2 antenna or [...]

  • Page 35

    Chapter 1 In troducing the NWA NWA-3500/NWA-3550 User’s Guide 35 The following table describes t he behavior of the device LEDs. LABEL LED COLOR STATUS DESCRIPTION 1 WL1 Green On The wireless adaptor WLAN1 is active. Blinking The wireless adaptor WLAN1 is active, and transmitting or receiving data. Off The wireless adaptor WLAN1 is not active. 2 [...]

  • Page 36

    Chapter 1 Introducing the NWA NWA-3500/NWA-3550 User’s Guide 36 5 ETHERNET Green On The NWA has a 10 Mbps Ethernet connection. Blinking The NWA has a 10 Mbps Ethernet connection and is sending or receiving data. Yellow On The NWA has a 100 Mbps Ethernet connection. Blinking The NWA has a 100 Mbps Ethernet connection and is sending/receiving data.[...]

  • Page 37

    NWA-3500/NWA-3550 User’s Guide 37 C HAPTER 2 The Web Configurator 2.1 Overview This chapter describes how t o access the NWA’s web configurator and provides an overview of its screens. 2.2 Accessing the Web Configurator 1 Make sure your hardware is properly connected and prepare your c omputer or computer network to connect to the NW A (refer t[...]

  • Page 38

    Chapter 2 The Web Configurator NWA-3500/NWA-3550 User’s Guide 38 6 Click Apply in the Replace Certificate screen to create a certificate using your NWA’s MAC address that will be specific to this device. You should now see the Status screen. Se e Chapter 2 on page 37 for details about the Status screen. Note: The management session automaticall[...]

  • Page 39

    Chapter 2 The Web Configurator NWA-3500/NWA-3550 User’s Guide 39 2.4 Navigating the Web Configurator The following summarizes how to navigate the web configurator from the Status screen. Click LOGOU T at any time to exit the web configurator. Check the status bar at the bottom of the screen when you click Apply or OK to verify that th e configur [...]

  • Page 40

    Chapter 2 The Web Configurator NWA-3500/NWA-3550 User’s Guide 40[...]

  • Page 41

    NWA-3500/NWA-3550 User’s Guide 41 C HAPTER 3 Tutorial 3.1 Overview This chapter first provides a basic overvi ew of how to configure the wireless LAN on your NWA, and then gives step-by-st ep guidelines showing how to configure your NWA for some example scenarios. 3.2 How to Configure the Wireless LAN This section shows how to choose which wirele[...]

  • Page 42

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 42 3.2.2 Wireless LAN Configuration Overview The following figure shows the steps you should take to configure the wireless settings according to the operating mode you select. Use the Web Configurator to set up your NWA’s wireless net work (see your Quick Start Guide for information on setting [...]

  • Page 43

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 43 3.2.3 Further Reading Use these links to find more information on the steps: • Choosing 802.11 Mode : see Section 8.2.1 on page 120 . • Choosing a wireless Channel ID : see Section 8.2.1 on page 120 . • Selecting and configuring SSID profile (s): see Section 8.2.1 on page 120 and Section [...]

  • Page 44

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 44 The following figure shows the multip le networks you want to set up. Your NWA is marked Z , the main network router is marked A , and your network pri nter is marked B . Figure 14 Tutorial: Example MBSSID Setup The standard network ( SSID04 ) has access to all resources. The VoIP network ( VoI[...]

  • Page 45

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 45 3.3.1 Change the Operating Mode Log in to the NWA (see Section 2.2 on pag e 37 ). Click Wire less > Wireless . The Wireless screen appears. 3.3.1.1 Access Point Set the NWA’s WLAN Interface WLAN1 is set to Access Point operating mode, and is currently using the SSID03 profile. Figure 15 Tu[...]

  • Page 46

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 46 3.3.1.2 MBSSID Select MBSSID from the Operat ing Mode drop-down list box. The screen displays as foll ows. Figure 16 Tutorial: Wireless LAN: Change Mode This Select SSID Profile table allows you to activate or deactivate SSID pr ofiles. Your wireless network was previously using the SSID03 prof[...]

  • Page 47

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 47 3.3.2 Configure the VoIP Network Next, click Wireless > SSID . The following screen displays . Note that the SSID03 SSID profile (the standard network) is using t he security01 security profile. You cannot change this security profile without changing the stand ard network’s parameters, so[...]

  • Page 48

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 48 1 Choose a new SSID for the VoIP netw ork. In this example, enter VOIP_SSID_Example . Note that although the SSID changes, the SSID profile name ( VoIP_SSID ) remains the same as before. 2 Select Enable from the Hide Name (SSID) list box. You want only authorized company employees to use this n[...]

  • Page 49

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 49 You already chose to us e the security02 profile for thi s network, so select the radio button for security02 and click Edit . The following screen appears. Figure 20 Tutorial: VoIP Security Profile Edit 1 Change the Name field to “VoIP_Security” to ma ke it easi er to remember and ident if[...]

  • Page 50

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 50 3.3.2.2 Activate the VoIP Profile You need to activate the VoIP_SSID profile before it can be used. Click the Wireless tab. In the Select SSID Profile table, select th e VoIP_SSID profile’s Active checkbox and click Apply . Figure 22 Tutorial: Activate VoIP Profile Your VoIP wireless network [...]

  • Page 51

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 51 Click Wireless > SSID . Select Guest_SSID ’s entry in the list an d click Edit . The following screen appears. Figure 23 Tutorial: Guest Edit 1 Choose a new SSID for the guest ne tw ork. In this example, enter Guest_SSID_Example . Note that although the SSID changes, the SSID profile name [...]

  • Page 52

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 52 3.3.3.1 Set Up Security for the Guest Profile Now you need to configure the security settings t o use on the guest wireless network. Click the Security tab. You already chose to us e the security03 profile for thi s network, so select security03 ’s entry in the list and cli ck Edit . The foll[...]

  • Page 53

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 53 3.3.3.2 Set up Layer 2 Isolation Configure layer 2 isolation to control the specific devices you want the users on your guest network to access. Click WIRELESS > La yer-2 Isolation . The following screen appears. Figure 26 Tutorial: Layer 2 I solation The Guest_SSID network uses the l2isolat[...]

  • Page 54

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 54 3.3.3.3 Activate the Guest Profile You need to activate the Guest_SSID profile before it can be used. Cl ick the Wireless tab. In the Select SSID Profile table, select th e check box for the Guest_SSID profile and click Apply . Figure 28 Tutorial: Activate Guest Profile Your guest wireless netw[...]

  • Page 55

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 55 3.4 How to Set Up and Use Rogue AP Detection This example shows you how to configure the rogue AP detecti on feature on the NWA. A rogue AP is a wireless access point oper ating in a network’s coverage area that is not a sanctioned part of that networ k. The example also shows how to set the [...]

  • Page 56

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 56 marked E , and a computer, marked F , connected to the wire d network. The coffee shop’s access point is marked 1 . Figure 29 Tutorial: Wireless Network Example In the figure, the solid ci rcle represents the rang e of your wireless network, an d the dashed circle represents the extent of the[...]

  • Page 57

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 57 Note: The NWA can detect the MAC addresses o f APs automatically. However, it is more secure to obtain the correct MAC addresse s from another source and add them to the friendly AP list manually. For example, an attacker’s AP mimicking the correct SSID could be placed on the friendly AP list[...]

  • Page 58

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 58 Note: You can add APs t hat are not part of yo ur network to the friendly AP list, as long as you know that they do not pose a threat to your network’s security. The Friendly AP screen now appears as follows. Figure 31 Tutorial: Friendly AP (After Data Entry) 3 Next, you will save the list of[...]

  • Page 59

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 59 4 Click Export . If a window si milar to the following appears, click S ave . Figure 33 Tutorial: Warn ing 5 Save the friendly AP list somewhere it can be accessed by all the other access points on the network. In this example, save it on the network fi le server ( E in Figure 29 on page 56 ). [...]

  • Page 60

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 60 3.4.2 Activate Periodic Rogue AP Detection Take the following steps to activate rogue AP detecti on on the first of your NWAs. 1 In the ROGUE AP > Configuration screen, sele ct Enable from the Rogue AP Period Detection field. Figure 35 Tutorial: Periodic Rogue AP Detectio n 2 In the Period f[...]

  • Page 61

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 61 3.4.3 Set Up E-mail Logs In this section, you will configure the firs t of your four APs to send a log m essage t o y o u r e - m a i l i n b o x w h e n e v e r a r o g u e A P i s d i s c o v e r e d i n y o u r w i r e l e s s n e t w o r k ’ s coverage area. 1 Click LOGS > Log Settings[...]

  • Page 62

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 62 5 In the Send Immediate Alert section, select the events you want to trigg er immediate e-mails. Ensure that Rogue AP Detection is selected. 6 Click Apply . 3.4.4 Configure Your Other Access Points Access point A is now configured to do the foll owing. • Scan for access points in its coverage[...]

  • Page 63

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 63 3.4.5 Test the Setup Next, test your setup to ensure it is correctly configured. • Log into each AP’s Web configurator and click ROGUE AP > Rogue AP . Click Refresh . If any of the MAC addresses from Section 3.4.1 on page 57 appear in the list, th e friendly AP funct ion may be incorrect[...]

  • Page 64

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 64 NWA is marked Z . C is a workstation on your wired network, D is your main network switch, and E is the securi ty gateway you use to co nnect to the Internet . Figure 37 Tutorial: Example Network 3.5.2 Your Requirements 1 You want to set up a wireless network to allow only Al ice to access Serv[...]

  • Page 65

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 65 Each SSID profile already uses a different pre-share d key. In this example, you will configure access limitations for each SSID profile. To do this, you will take the following steps. 1 Configure th e SERVER_1 network’s SSID profile to use specifi c MAC filter and layer-2 is olation pr ofile[...]

  • Page 66

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 66 Take the following steps to configure the SERVER_1 network. 1 Log into the NWA’s Web Configurator and click Wireless > SSID . The following screen displays, s howing the SSID profiles you already configured. Figure 38 Tutorial: SSID Profile[...]

  • Page 67

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 67 2 Select SERVER_1 ’s entry and click Edit . The following screen displa ys. Figure 39 Tutorial: SSID Edit Select l2Isolation03 in the L2 Isolation field, and select macfilter03 in the MAC Filtering field. Click Apply . 3 Click the Layer-2 Iso lation tab. When the Layer- 2 Isolati on screen ap[...]

  • Page 68

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 68 8 Enter the MAC address of the device Ali ce uses to connect to the network in Index 1 ’s MAC Address field and enter her name i n the Description field, as shown in the following figure. Change the Profile Name to “MacFilter_SERVER_1”. Select Allow Association fro m the Filter Action fie[...]

  • Page 69

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 69 3.5.6 Checking your Settings and Testing the Configuration Use the following sections to ensure th at your wireless networks are set up correctly. 3.5.6.1 Checking Settings Take the following steps to check that the NWA is usi ng the correct SSIDs, MA C filters and layer-2 isolation profiles. 1[...]

  • Page 70

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 70 2 Next, click the SSID tab. Check that each configured SSID profile uses the correct Security , Layer-2 Isolation and MAC Filter profiles, as shown in t he following figure. Figure 43 Tutorial: SSID Tab Correct Settings If the settings are not as s hown, follow the steps in t he relevant sectio[...]

  • Page 71

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 71 Attempt to access the Internet. You should be able to do so. Attempt to access Server 1 . You should be unable to do so. If you can do so, layer-2 is olation is misconfig ured. • Using Bob’s computer and wirel ess cl ient, and inc orrect security settings, attempt to assoc iate with the SER[...]

  • Page 72

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 72 Additionally, you want a b ackup for this controller AP. You add another NWA ( E ) in the first floor of the building, whic h you will th en set as a secondary control ler AP. Figure 44 Tutorial: Controller AP with Backup and Managed APs Example 3.6.2 Your Requirements 1 You want to manage the [...]

  • Page 73

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 73 1 Assign one NWA AP ( A ) as the controller AP for your wireless NWA AP network. This will be your primary controller AP . Acquire another NWA with the same model and firmware version as A , to serve as the secondary controller AP ( E ). Both controller APs ( A and E ) are in the 1st floor of t[...]

  • Page 74

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 74 1 Access th e Web Config urator of the NW A. Go to MGNT MODE to open the following screen. Figure 45 Tutorial: MGNT Mode (AP Controller) 2 Select AP Controller and click Apply . 3 The device reboots. You need to log in again to the Web Configurator. 3.6.4.1 Secondary AP Controller The secondary[...]

  • Page 75

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 75 2 Enable Redundancy . Then select Secondary AP Controller and cl ick Apply . 3.6.4.2 Primary AP Controller The primary controller AP manages the NWA APs (in managed AP mode) in your network. Changes made in the Web Config urator of the NWA primary AP controller are synchronized automatically wi[...]

  • Page 76

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 76 1 To set your NWA in managed AP mode, open the MGNT screen in the Web Configurator of the NWA that you want to serve as a managed AP. Figure 48 Tutorial: Ma naged AP 2 Select Managed AP and enter the IP addresses of the NWA primary and secondary controller AP (recommended). Click Apply . Note: [...]

  • Page 77

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 77 If the Registration Type is set to Manual , the control ler AP add managed APs to a queue in the Un-Managed Access Points List in the Controller > AP Lists screen. If the Registration Type is set to Always A ccept , the controller AP immediately adds the AP to the Managed Access Points List [...]

  • Page 78

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 78 Turn on a WLAN Radio Profile by sele cting the managed AP from the list and clicking Edit . Figure 51 Tutorial:AP List (Managed ) 4 In the screen that opens, choose the radi o profile for each WLAN radio and click Apply . Figure 52 Tutorial: Ma naged AP WLAN Radio Profile In this example, the 1[...]

  • Page 79

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 79 3.6.7 Checking your Settings and Testing the Configuration The NWAs should be working at this point. You can configure the settings of each NWA unit by just openi ng the Web Con fig urator of the primary controller AP. One way to test if the setup is working is to use a wireless client to chec [...]

  • Page 80

    Chapter 3 Tutorial NWA-3500/NWA-3550 User’s Guide 80[...]

  • Page 81

    81 P ART II The Web Configurator System Screens (109) Wireless Configuration (119) SSID Screen (145) Wireless Security Screen (155) RADIUS Screen (169) Layer-2 Isolation Screen (173) MAC Filter Screen (179) IP Screen (183) Rogue AP Detection (187) Remote Management Screens (195) Internal RADIUS Server (209) Certificates (217) Log Screens (235) VLAN[...]

  • Page 82

    82[...]

  • Page 83

    NWA-3500/NWA-3550 User’s Guide 83 C HAPTER 4 Status Screens 4.1 Overview The Status screen displays when you log i nto the NWA or click Status in the navigation me nu. Use this screen to look at the cu rrent status of the device, system resources, and interfaces . The Status screen al so provides detailed information about sys tem statistics, ass[...]

  • Page 84

    Chapter 4 Sta tus Screens NWA-3500/NWA-3550 User’s Guide 84 The following table describes t he labels in this screen. Table 8 The Status Screen LABEL DESCRIPTION Automatic Refresh Interval Enter how often you want the NWA to update this screen. Refresh Click this to update this screen immediately. System Information System Name This fie ld displa[...]

  • Page 85

    Chapter 4 Status Screens NWA-3500/NWA-3550 User’s Guide 85 WLAN1 Associations This field displays the number of wireless clients currently associated with the first wireless module. It supports up to 128 concurrent associations. WLAN2 Associations This field displays the number of wireless clients currently associated with the second wireless mod[...]

  • Page 86

    Chapter 4 Sta tus Screens NWA-3500/NWA-3550 User’s Guide 86 4.2.1 System Statistics Screen Use this screen to view di agnostic information about the NWA. Click Show Statistics in the Status screen. The following screen pops up. Note: The Poll Interval field is configurable. The fields in this screen vary according to the current wireless mode of [...]

  • Page 87

    NWA-3500/NWA-3550 User’s Guide 87 C HAPTER 5 Management Mode 5.1 Overview This chapter discusses using the NWA in management mode. This screen determines whether the NWA is used in its default st andalone mode, or as part of a Control And Provisioning of Wirele ss Access Points (CAPWAP) network. 5.2 About CAPWAP The NWA supports CAPWAP. This is Z[...]

  • Page 88

    Chapter 5 Manage ment Mode NWA-3500/NWA-3550 User’s Guide 88 Note: The NWA can be a controller AP, standalo ne AP (default) or a CAPWAP managed AP. 5.2.1 CAPWAP Discovery and Management The link between CAPWAP-enabled a ccess points proceeds as follows: 1 An AP in managed AP mode joins a wi red network (receives a dynamic IP address). 2 The AP se[...]

  • Page 89

    Chapter 5 Manag ement Mode NWA-3500/NWA-3550 User’s Guide 89 DHCP Option 43 allows the CAPWAP ma nagement request (from the AP in managed AP mode) to reach th e AP control ler in a diff erent subnet, as shown in the following figure . Figure 57 CAPWAP and DHCP Option 43 5.2.4 Notes on CAPWAP This section lists some additional features of ZyXEL’[...]

  • Page 90

    Chapter 5 Manage ment Mode NWA-3500/NWA-3550 User’s Guide 90 5.3 The Management Mode Screen Use this screen to configure the NWA as a CAPWAP controller AP, a CAPWAP managed A P, or to use it in it s default st andalon e mode. Click MGNT MODE in the NWA’s navigation menu . The following screen displays. Figure 58 Managemen t Mode The following t[...]

  • Page 91

    Chapter 5 Manag ement Mode NWA-3500/NWA-3550 User’s Guide 91 Apply Click this to save your changes. If you change the mode in this screen, the NWA restarts. Wait a short while before you attempt to log in again. If you changed the mode to Managed AP , you cannot log in as the web configurator is disabled; you must manage the NWA through the manag[...]

  • Page 92

    Chapter 5 Manage ment Mode NWA-3500/NWA-3550 User’s Guide 92[...]

  • Page 93

    NWA-3500/NWA-3550 User’s Guide 93 C HAPTER 6 AP Controller Mode 6.1 Overview This chapter discusses the Controller AP management mode. When the NWA is used as a CAPWAP (Control And Provisioni ng of Wireless Access Points) controller AP, the Web Configurator changes to reflect this by including the Controller and Profile Edit screens. Refer to Sec[...]

  • Page 94

    Chapter 6 AP Controller Mode NWA-3500/NWA-3550 User’s Guide 94 In the figure below, an administrator is able to manage the security settings of 5 APs (1 controller AP and 4 managed APs ). He changes the s ecurity mode to WPA- PSK just by accessing the Web Conf igurator of the cont roller AP ( C ). Figure 59 CAPWAP Controller Note: Be careful when[...]

  • Page 95

    Chapter 6 AP Controller Mode NWA-3500/NWA-3550 User’s Guide 95 After logging in again, the navigation menu changes to include links for the Controller and Profile Edit screens. The items marked below are screens that can be configured for all APs managed by t he NWA. Figure 61 Controller AP Na vigation Links In the figure above, changes made in t[...]

  • Page 96

    Chapter 6 AP Controller Mode NWA-3500/NWA-3550 User’s Guide 96 Click Status . The following screen displays. Figure 62 Status Screen The following table describes t he new labels in this screen. Table 11 Status Screen LABEL DESCRIPTION System Information Registration Type This field displays how the managed APs are registered with the NWA. Manual[...]

  • Page 97

    Chapter 6 AP Controller Mode NWA-3500/NWA-3550 User’s Guide 97 6.4 AP Lists Screen Use this screen to view and add managed APs. By default, the controller NWA is always included in this table. Although you cannot remove it, you can edit its settings. 802.11b/g This field displays the number of wireless clients associated with APs managed by the N[...]

  • Page 98

    Chapter 6 AP Controller Mode NWA-3500/NWA-3550 User’s Guide 98 Click Controller > AP Lists . The following screen displays. Figure 63 AP Lists Screen The following table describes t he labels in this screen. Table 12 AP List s Screen LABEL DESCRIPTION Managed Access Points List This section lists the access point s currently controlled by the [...]

  • Page 99

    Chapter 6 AP Controller Mode NWA-3500/NWA-3550 User’s Guide 99 Status This displays whether the managed AP is activ e, not active or upgrading its firmware. • Red : the AP is not active. • Green : the AP is active. • Yellow : the AP is upgrading its firmware. Note: You can still edit a managed AP’s settings e ven if it is offline. However[...]

  • Page 100

    Chapter 6 AP Controller Mode NWA-3500/NWA-3550 User’s Guide 100 6.4.1 The AP Lists Edit Screen Use this screen to change the description or radio profile of an AP managed by the NWA. Click Edit in the CONTROLL ER > AP Lists scre en. The following screen displays. Figure 64 AP Configuration Screen The following table describes t he labels in th[...]

  • Page 101

    Chapter 6 AP Controller Mode NWA-3500/NWA-3550 User’s Guide 101 6.5 Configuration Screen Use this screen to control the way in wh ich the NWA accepts new APs to manage. You can also configure t he pre-shared key (PSK) that is used to secure the data transmitted between the NWA and the APs it manages. When the NWA is in AP controller mode, click C[...]

  • Page 102

    Chapter 6 AP Controller Mode NWA-3500/NWA-3550 User’s Guide 102 6.6 Redundancy Screen Use this screen to set t he controller AP as a primary or secondary controller. If you set your NWA as a primary controller AP, you can have a secondary controller AP to serve as a backup . All configurations are sy nchronized between the NWA and the secondary c[...]

  • Page 103

    Chapter 6 AP Controller Mode NWA-3500/NWA-3550 User’s Guide 103 •T h e Profile Edit > SSID screen (see Section 9.2 on page 151 ). •T h e Profile Edit > Security screen (see Section 10.2 on page 161 ). •T h e Profile Edit > RADIUS screen (see Section 11.2 on page 175 ). •T h e Profile Edit > Layer-2 Isolation screen (see Sectio[...]

  • Page 104

    Chapter 6 AP Controller Mode NWA-3500/NWA-3550 User’s Guide 104 6.7.2 The Radio Profile Edit Screen Use this screen to conf igure a specific radio profil e. In the Profile Edit > Radio screen, select a profile and click Edit . The following screen displays. Figure 68 Radio Edit Screen Channel ID This field displays the wireless channel the rad[...]

  • Page 105

    Chapter 6 AP Controller Mode NWA-3500/NWA-3550 User’s Guide 105 The following table describes t he labels in this screen. Table 17 Radio Edit Screen LABEL DESCRIPTION Profile Name Enter a name identifying this profile. 802.11 Mod e This makes sure that only compliant WLAN devices can associate with the NWA. Select 802.11 b Only to allow only IEEE[...]

  • Page 106

    Chapter 6 AP Controller Mode NWA-3500/NWA-3550 User’s Guide 106 RTS/CTS Threshold Use RTS/CTS to reduce data collis ions on the wireless net work if you have wireless clients that are associated with the same AP but out of range of one another . When enabled, a wireless client sends an RTS (Request To Send) and then waits for a CTS (Clear To Send[...]

  • Page 107

    Chapter 6 AP Controller Mode NWA-3500/NWA-3550 User’s Guide 107 Apply Click Apply to s ave your changes. Reset Click Reset to begin configuring this screen afresh. Table 17 Radio Edit Screen LABEL DESCRIPTION[...]

  • Page 108

    Chapter 6 AP Controller Mode NWA-3500/NWA-3550 User’s Guide 108[...]

  • Page 109

    NWA-3500/NWA-3550 User’s Guide 109 C HAPTER 7 System Screens 7.1 Overview This chapter provides information and inst ructions on how to ident ify and manage your NWA over the network. Figure 69 NWA Setup In the figure above, the NWA ( ZyXEL Device ) connects to a Domain Name Server (DNS) server to avail of a domain name . It also connects to an N[...]

  • Page 110

    Chapter 7 System Screens NWA-3500/NWA-3550 User’s Guide 110 7.1.2 What You Need To Know About the System Screens The following terms and conc epts may help as you read through t he chapter. IP Address Assignment Every computer on the Internet must have a unique IP address. If your networks are isolated from the Internet, for insta nce , only betw[...]

  • Page 111

    Chapter 7 S ystem Scre ens NWA-3500/NWA-3550 User’s Guide 111 Once you have decided on the network number , pick an IP address that is easy to remember, for instance, 192.16 8.1.2, for your device, but make sure that no other device on your networ k is using that IP address. The subnet mask specifies the network number portion of an IP address. Y[...]

  • Page 112

    Chapter 7 System Screens NWA-3500/NWA-3550 User’s Guide 112 Administrator Inactivity Timer Type how many minutes a management session can be left idle before the session times out. The default is 5 minutes. After it times out you have to log in with your password again. Very long id le timeouts may have security risks. A value of "0" me[...]

  • Page 113

    Chapter 7 S ystem Scre ens NWA-3500/NWA-3550 User’s Guide 113 7.3 Password Screen Use this screen to control access to your NWA by assigni ng a password to it. Click System > Password . The following screen displays. Figure 71 System > Password. Note: Even if you uncheck Enable Admin at L ocal, you still use the password set here to log in [...]

  • Page 114

    Chapter 7 System Screens NWA-3500/NWA-3550 User’s Guide 114 Use new setting Select this if you want to change the RADIUS username and password the NWA uses to authenticate management logon . User Name Enter the username for this user account. This n ame can be up to 31 ASCII characters long, including spaces. Password Type a password (up to 31 AS[...]

  • Page 115

    Chapter 7 S ystem Scre ens NWA-3500/NWA-3550 User’s Guide 115 7.4 Time Setting Screen Use this screen to change your NWA’s time and date, click System > Time Setting . The following screen displays. Figure 72 System > Time Setting The following table describes t he labels in this screen. Table 21 System > Time Setting LABEL DESCRIPTION[...]

  • Page 116

    Chapter 7 System Screens NWA-3500/NWA-3550 User’s Guide 116 New Date (yyyy:mm:dd) This field displays the last updated date from the time server or the last date configured manually. When you set Time and Date Setup to Manual , enter the new date in this field and then click Apply . Get from Time Server Select this radio button to have the NWA ge[...]

  • Page 117

    Chapter 7 S ystem Scre ens NWA-3500/NWA-3550 User’s Guide 117 7.5 Technical Reference This section provides some technical info rmation abou t the topic s covered in th is chapter. 7.5.1 Administrator Authentication on RADIUS The administrator authentication on RADIUS feature lets a (external or internal) RADIUS server authenticate management log[...]

  • Page 118

    Chapter 7 System Screens NWA-3500/NWA-3550 User’s Guide 118 The NWA continues to use the following pre-defined lis t of NTP time servers if you do not specify a time server or it cann ot synchronize with the time server you specified . When the NWA uses the pre-defined list of NTP time servers, it randomly selec ts one server and tries to sync hr[...]

  • Page 119

    NWA-3500/NWA-3550 User’s Guide 119 C HAPTER 8 Wireless Configuration 8.1 Overview This chapter discusses the steps to confi g ure the Wireless Settings screen on the NWA. It also int roduces the wireles s LAN (WLAN) and some basic scenarios. Figure 73 Wirele ss Mode In the figure above, the NWA ( ZyXEL Device ) allows access to another bri dge de[...]

  • Page 120

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 120 8.2.1 What You Need To Know About the Wireless Screen The following terms and conc epts may help as you read through t his chapter. BSS A Basic Service Set (BSS) exists when all communications between wireless stations or between a wireless station an d a wired network client go [...]

  • Page 121

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 121 An ESSID (ESS IDentification ) uniquely identifi es each ESS. All access p oints and their associated wireless stations within the same ESS must have the same ESSID in order to comm unicate. Figure 75 Extended Service Set Operating Mode The NWA can run in four operating modes as [...]

  • Page 122

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 122 SSID The SSID (Service Set IDenti fier) identifies the Service Set with which a wireless station is associated. Wireless stations a ssociating to the access point (AP) must have the same SSID. Normally, the NWA acts like a beacon an d regularly broadcasts the SSID in the area. Yo[...]

  • Page 123

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 123 • MBSSID should not replace but rather be used in conjunction with 802.1x security. 8.3 The Wireless Screen Use this screen to choose the oper ating mode for your NWA. Click Wireless > Wireless . The s creen varies depending upo n the operating mode you sel ect. Note: Some f[...]

  • Page 124

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 124 The following table describes t he genera l wireless LAN labels in this screen. Table 23 Wireless: Acc ess Point LABEL DESCRIPTION WLAN Interface Select which WLAN adapter you want to configure. It is recommended that you config ure the first WLAN adapter for AP functions and use[...]

  • Page 125

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 125 Disable DCS to unlock This appears if the DCS feature is enabled. Click this to disable DCS and select a channel ID manually. Note: DCS is Disabled by default Operating Channel This field displays only when you select 802.11a in the 80 2.11 Radio Mode field. This is the channel c[...]

  • Page 126

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 126 8.3.2 Bridge / Repeater Mode Use this screen to have the NWA act as a wireless network bridge / repeater and establish wireless links with ot her APs. You need to know the MAC address of the peer device, which also must be in bridge / repeater mode. SSID Profile The SSID (Service[...]

  • Page 127

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 127 Note: You can view an example of this se tup in Section 8.4.3 on page 14 1 . Figure 77 Wireless: Bridge / Repeater The following table describes t he bridge labels in this screen. Table 24 Wireless: Bridge / Repeater LABEL DESCRIPTIONS WLAN Interface Select which WLAN adapter you[...]

  • Page 128

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 128 802.11 mode This makes sure that only compliant WLAN devices can associate with the NWA. Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to associate with the NWA. Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to associate with the NW[...]

  • Page 129

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 129 Output Po wer Set the output power of the NWA in this field. If th ere is a high density of APs in an area, decrease the output power of the NWA to reduce interference with other APs. Select from 100% (Full Power) , 50% , 25% , 12 .5% and Minimum . See the product specifications [...]

  • Page 130

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 130 Remote Bridge MAC Type the MAC address of the peer device in a valid MAC address format, that is, six hexadecimal character pairs, for example, 12:34:56:78:9a:bc. PSK Type a pre-shared key (PSK) from 8 to 63 case-sensitive ASCII characters (including spaces and symbols). You must[...]

  • Page 131

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 131 8.3.3 AP + Bridge Mode Use this screen to have the NWA function as a bridge and access point simultaneously. Select AP + Bridge as the Operating Mode . The foll owing screen diplays. Figure 78 AP + Bridge[...]

  • Page 132

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 132 The following table describes t he bridge labels in this screen. Table 25 Wireless: AP + Bridge LABEL DESCRIPTIONS WLAN Interface Select which WLAN adapter you want to configure. It is recommended that you configure the first WLAN adapter for AP functions and use the second WLAN [...]

  • Page 133

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 133 RTS/CTS Threshold Use RTS/CTS to reduce data collisions on the wireless network if you have wireless clients that are associated with the same AP but out of range of one another. When enabled, a wireless client sends an RTS (Request To Send) and then waits for a CTS (Clear To Sen[...]

  • Page 134

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 134 Rates Configuration This section controls the data rates permitted for clients. For each Rate , select an option from the Configur ation list. The options are: • Basic (1~11 Mbps only): Clients can always connect to the access point at this speed. • Optional : Clients can con[...]

  • Page 135

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 135 Enable Antenna Diversity Select this to use antenna diversity. Antenna diversity uses multiple antennas to reduce signal interference. Enable Breathing LED Select this box to disable the WLAN LE D (light). Clear this box to enable the WLAN LED. Enable Spanning Tree Control (STP) [...]

  • Page 136

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 136 8.3.4 MBSSID Mode Use this screen to have the NWA function in MBSSID mode. Select MBSSID as the Operating Mode . The following screen diplays. Figure 79 Wireless: MBSSID The following table describes t he labels in this screen. Table 26 Wireless: MBSSID LABEL DESCRIPTION WLAN Int[...]

  • Page 137

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 137 802.11 Mode This makes sure that only compliant WLAN devices can associate with the NWA. Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to associate with t he NWA. Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to associate with t he [...]

  • Page 138

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 138 Fragmentation Threshold The threshold (number of bytes) for the fragmentation boundary for directed messages. It is the maximum data fragment size that can be sent. Enter an even number between 256 and 2346 . Beacon Interval When a wirelessly networked device sends a beacon, it i[...]

  • Page 139

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 139 8.4 Technical Reference This section provides technical backg round information about the topics covered in this chapter. 8.4.1 Spanning Tree Protocol (STP) Spanning Tree Protocol (STP) detects an d breaks network loops and provides backup links between switches, bridg es or ro u[...]

  • Page 140

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 140 the filtering database. In RSTP, the port states are Disc arding, Learning, and Forwarding. 8.4.1.2 STP Terminology The root bridge is the base of the spanning tree; it is the bridge with the lowest identifier value (MAC address). Path cost is the cost of t ransmitting a frame on[...]

  • Page 141

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 141 8.4.1.4 STP Port States STP assigns five port stat es (see next table) to eliminate packet loopi ng. A bridge port is not allowed to go directly from blocking state to forward ing state so as to eliminate transient loops. 8.4.2 DFS When you choose 802. 11a in Access Point mode, t[...]

  • Page 142

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 142 The roaming feature on the access points allows the acces s points to relay information about the wireles s statio ns to each other. W hen a wireless station moves from a coverage area to another, it scans and uses th e channel of a new access point, which then i nforms the ot he[...]

  • Page 143

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 143 5 Access point AP 1 updates the new position of wireless station Y . 8.4.3.1 Requirements for Roaming The following requirements must be met in order for wireless stations to roam between the coverage areas. • All the access points must be on the same subnet and configured with[...]

  • Page 144

    Chapter 8 Wireless Configuration NWA-3500/NWA-3550 User’s Guide 144[...]

  • Page 145

    NWA-3500/NWA-3550 User’s Guide 145 C HAPTER 9 SSID Screen 9.1 Overview This chapter describes how you can conf igure Service Set Identifier (SSID) profiles in your NWA. Figure 82 Sample SSID Profiles In the figure above, the NWA has thr ee SSID profiles configured: a standard profile ( SSID04 ), a p rofile with high QoS settings for Voice over IP[...]

  • Page 146

    Chapter 9 SSID Screen NWA-3500/NWA-3550 User’s Guide 146 9.1.2 What You Need To Know About SSID The following terms and conc epts may help as you read through t his chapter. When the NWA is set to Access Point, AP + Bridge or MBSSID mode, you need to choose the SSID profile(s) you want to use in your wireless network (see Sec tion 8.3 on page 123[...]

  • Page 147

    Chapter 9 SSID Screen NWA-3500/NWA-3550 User’s Guide 147 9.2 The SSID Screen Use this screen to select the SSID pr ofile you want to configure. Click Wireless > SSID to display the screen as shown. Figure 83 SSID The following table describes t he labels in this screen. Table 29 SSID LABEL DESCRIPTION Index This field displays the in dex numbe[...]

  • Page 148

    Chapter 9 SSID Screen NWA-3500/NWA-3550 User’s Guide 148 9.2.1 Configuring SSID Use this screen to configure an SSID profile. Select an SSID profile in Wireless > SSID and click Edit to display the following screen. Figure 84 Configuring SSID The following table describes t he labels in this screen. Layer-2 Isolation This field displays which [...]

  • Page 149

    Chapter 9 SSID Screen NWA-3500/NWA-3550 User’s Guide 149 9.3 Technical Reference This section provides technical backg round information about the topics covered in this chapter. 9.3.1 WMM QoS WMM (Wi-Fi MultiMedia) QoS (Quality of Servi ce) ensures quality of service in wireless networks. It controls WLAN tran smission priority on packet s to be[...]

  • Page 150

    Chapter 9 SSID Screen NWA-3500/NWA-3550 User’s Guide 150 On APs without WMM QoS, all traffic stream s are gi ven the same access priority t o the wireless network. If the introduction of another traffic stream creates a data transmission demand that exceeds the current network capacity, then the new traffic stream reduces the throughput of the ot[...]

  • Page 151

    Chapter 9 SSID Screen NWA-3500/NWA-3550 User’s Guide 151 typical data packet sizes. Note that the figures given are mere ly exa mples - sizes may differ according to app lication and circ umstances. When ATC is activated, the devi ce sends tr affic with smaller packets before traffic with larger packets if t he network is congested. ATC assigns p[...]

  • Page 152

    Chapter 9 SSID Screen NWA-3500/NWA-3550 User’s Guide 152 9.3.3.1 ATC+WMM from LAN to WLAN ATC +W MM fro m LA N ( th e wi re d Lo ca l A rea Ne two rk ) to WL AN ( th e Wi re les s Lo ca l Area Network) allow s WMM prioritizati on of packets that do not already have WMM QoS priorities assi gned. The NWA automati cally classifi es data packets usin[...]

  • Page 153

    Chapter 9 SSID Screen NWA-3500/NWA-3550 User’s Guide 153 based on the application types and traffi c flow. Packets are marked with DiffServ Code Points (DSCPs) indicating the leve l of service desire d. This all ows the intermediary DiffServ-compliant network de vices to handle the packets differentl y depending on the code points without th e ne[...]

  • Page 154

    Chapter 9 SSID Screen NWA-3500/NWA-3550 User’s Guide 154 The followin g table lis ts which WM M QoS pr iority level the NWA uses for specific DSCP values. Table 36 ToS and IEEE 802.1d t o WMM QoS Priority Level Mapping DSCP VALUE WMM QOS PRIORITY LEVEL 224, 192 voice 160, 128 video 96, 0 A A. The N WA also uses best effort for any DSCP value for [...]

  • Page 155

    NWA-3500/NWA-3550 User’s Guide 155 C HAPTER 10 Wireless Security Screen 10.1 Overview This chapter describes how to use t he Wireless Secu rity screen. This screen allows you to configure the security mode for your NWA. Wireless security is vital t o your net w ork. It protects communications between wireless stations, access poi nts and the wire[...]

  • Page 156

    Chapter 10 Wire less Security Screen NWA-3500/NWA-3550 User’s Guide 156 10.1.2 What You Need To Know About Wireless Security The following terms and conc epts may help as you read through t his chapter. User Authentication Authentication is the process of verifyin g whether a wireless device is allowed to use the w ireless net work. You can make [...]

  • Page 157

    Chapter 10 Wire less Security Sc reen NWA-3500/NWA-3550 User’s Guide 157 • 802.1x-Static64. This provides 802.1x-Only authentication with a static 64bit WEP key and an au thentic ation server. • 802.1x-Static128 . This provides 802.1x-Only authentication with a static 128bit WEP key and an au thenti cation server. • WPA. Wi-Fi Protected Acc[...]

  • Page 158

    Chapter 10 Wire less Security Screen NWA-3500/NWA-3550 User’s Guide 158 Use this screen to choose and edi t a security profile. Cli ck Wireless > Securi ty . The following screen displays. Figure 87 Wirele ss Security The following table describes t he labels in this screen. Table 38 Wireless Secu rity LABEL DESCRIPTION Index This is the index[...]

  • Page 159

    Chapter 10 Wire less Security Sc reen NWA-3500/NWA-3550 User’s Guide 159 After sele cting t he securi ty profile y ou wa nt to edit, the following screen appears. Enter the name you want to call this security profile in the Profile Name field. Figure 88 Security Profile The next screen varies according to the Security Mode you select. 10.2.1 Secu[...]

  • Page 160

    Chapter 10 Wire less Security Screen NWA-3500/NWA-3550 User’s Guide 160 Authentication Method There are two types of WEP authentication namely, O pen System and Shared Key. Open system is implemented for ease-of-use and when security is not an issue. The wireless station and the AP or peer computer do not share a secret key. Thus the wireless sta[...]

  • Page 161

    Chapter 10 Wire less Security Sc reen NWA-3500/NWA-3550 User’s Guide 161 10.2.2 Security: 802.1x Only Use this screen to set t he selected profile to 802.1x Only securi ty mode. Select 802.1x-Only in the Security Mode field to dis play the following screen. Figure 90 Security: 802.1x Only The following table describes t he labels in this screen. [...]

  • Page 162

    Chapter 10 Wire less Security Screen NWA-3500/NWA-3550 User’s Guide 162 10.2.3 Security: 802.1x Static 64-bit, 802.1x Static 128-bit Use this screen to set the selected prof ile to 802.1x Static 64 or 802.1x Stati c 128 security mode. Select 802. 1x Static 64 or 802.1x Sta tic 128 in the Security Mode field to di splay the following screen. Figur[...]

  • Page 163

    Chapter 10 Wire less Security Sc reen NWA-3500/NWA-3550 User’s Guide 163 10.2.4 Security: WPA Use this screen to set the selected profil e t o Wi-Fi Protected Access (WPA) security mode. Select WPA in the Security Mode field to display the followi ng screen. Figure 92 Security: WPA The following table describes t he labels in this screen. ReAuthe[...]

  • Page 164

    Chapter 10 Wire less Security Screen NWA-3500/NWA-3550 User’s Guide 164 10.2.5 Security: WPA2 or WPA2-MIX Use this screen to set the selected prof ile to WPA2 or WPA2-MIX security mode. Select WPA2 or WPA2-MIX in the Security Mode field to display the following screen. Figure 93 Security:WPA2 or WPA2-MIX ReAuthentication Timer Specify how often w[...]

  • Page 165

    Chapter 10 Wire less Security Sc reen NWA-3500/NWA-3550 User’s Guide 165 The following table descri bes the labels not previously dis cussed Table 43 Security: WPA2 or WPA2-MI X LABEL DESCRIPTIONS Profile Name Type a name to identify this security profile. Security Mode Choose WPA2 or WPA2-MIX in this field. ReAuthentication Timer Specify how oft[...]

  • Page 166

    Chapter 10 Wire less Security Screen NWA-3500/NWA-3550 User’s Guide 166 10.2.6 Security: WPA-PSK, WPA2-PSK, WPA2-PSK-MIX Use this screen to set the selected prof ile to WP A-PSK, WPA2 -PSK or WPA2-PSK- MIX security mode. Select WPA-PSK , WPA2-PSK or WPA2-PSK-MIX in the Security Mode field to display the following screen. Figure 94 Security: WPA-P[...]

  • Page 167

    Chapter 10 Wire less Security Sc reen NWA-3500/NWA-3550 User’s Guide 167 10.3 Technical Reference This section provides technical background information on the topics discussed in this chapter. The following is a general guideline in ch oosing the security mode for your NWA. • Use WPA or WPA2 security if you have WPA/WPA2-aware wireless clients[...]

  • Page 168

    Chapter 10 Wire less Security Screen NWA-3500/NWA-3550 User’s Guide 168[...]

  • Page 169

    NWA-3500/NWA-3550 User’s Guide 169 C HAPTER 11 RADIUS Screen 11.1 Overview This chapter describes how you can use the Wireless > RADIUS screen. Remote Authentication Dial In User Serv ice (RADIUS) is a protocol that can be used to manage user access to large ne tworks. It is based on a client-server model that supports authentica tion, auth or[...]

  • Page 170

    Chapter 11 RADIUS Screen NWA-3500/NWA-3550 User’s Guide 170 11.1.1 What You Can Do in the RADIUS Screen Use the Security > RADIUS screen (see Section 11.2 on page 171 ) if you want to authen ticate w ireless users usi ng a RADIUS Server and/or Accounting Server. 11.1.2 What You Need To Know About RADIUS The RADIUS server handles the following [...]

  • Page 171

    Chapter 11 RADIUS Screen NWA-3500/NWA-3550 User’s Guide 171 11.2 The RADIUS Screen Use this screen to set up your NWA’s RADIUS server settings. Click Wireless > RADIUS . The screen appears as shown. Figure 96 RADIUS The following table describes t he labels in this screen. Table 45 RADIUS LABEL DESCRIPTION Index Select the RADIUS profile you[...]

  • Page 172

    Chapter 11 RADIUS Screen NWA-3500/NWA-3550 User’s Guide 172 Internal Select this check box to use the NWA’s internal authentication server. The Active , RADIUS Server IP Address , RADIUS Ser ver Port and Share Secret fields are not available when you use the internal authentication server. External Select this check box to use an external authe[...]

  • Page 173

    NWA-3500/NWA-3550 User’s Guide 173 C HAPTER 12 Layer-2 Isolation Screen 12.1 Overview Layer-2 isolation is used t o prevent wireless clients associated with your NWA from communicating with other wireless c lients, APs, computers or rout ers in a network. In the following figure, layer-2 is olation is enabled on the NWA ( Z ) to allow a guest wir[...]

  • Page 174

    Chapter 12 Layer-2 Iso lation Screen NWA-3500/NWA-3550 User’s Guide 174 communicating with the NWA’s wireless clients except for broadcast packets. Layer-2 isolation does not check the traffic between wireless cl ients that are associated with the same AP. Intra-BSS Tr affic allows wireless clients associated with the same AP to communicate wit[...]

  • Page 175

    Chapter 12 Layer-2 Isolation Screen NWA-3500/NWA-3550 User’s Guide 175 12.2 The Layer-2 Isolation Screen Use this screen to select and configure a layer-2 isolation profile. Click Wire less > Layer-2 Isolation . The screen appears as shown next. Figure 98 Layer 2 Isolati on The following table describes t he labels in this screen. Table 46 Lay[...]

  • Page 176

    Chapter 12 Layer-2 Iso lation Screen NWA-3500/NWA-3550 User’s Guide 176 12.2.1 Configuring Layer-2 Isolation Use this scre en to specify th e configura tion for your lay er-2 isolat ion profile. Select a layer-2 isolation profile in Wireless > Layer-2 Isolation and clic k Edit to display the following screen. Note: When configuring this screen[...]

  • Page 177

    Chapter 12 Layer-2 Isolation Screen NWA-3500/NWA-3550 User’s Guide 177 12.3 Technical Reference This section provides technical background information on the topics discussed in this chapter. The figure that follows i llustrates two ex ample layer-2 isol ation configurations on your NWA ( A ). Figure 100 Layer-2 Isolation Exa mple Configuration S[...]

  • Page 178

    Chapter 12 Layer-2 Iso lation Screen NWA-3500/NWA-3550 User’s Guide 178 Example 1: Restricti ng Access to Server In the following example wireless clients 1 and 2 can communicate with file server C , but not access point B or wireless client 3 . •E n t e r C ’s MAC address i n the MAC Address field, and enter “F ile Server C” in the Descr[...]

  • Page 179

    NWA-3500/NWA-3550 User’s Guide 179 C HAPTER 13 MAC Filter Screen 13.1 Overview This chapter discusses how you can use the Wireless > MAC Filter sc reen. The MAC filter function allows you to co nfigure the NWA t o grant access to devices (Allow Association) or excl ude devices from access ing the NWA (Deny Association). Figure 102 MAC Filterin[...]

  • Page 180

    Chapter 13 MAC Filt er Screen NWA-3500/NWA-3550 User’s Guide 180 characters, for example, 00:A0:C5:00:00: 02. You need to know the MAC address of each device to configure MAC fi ltering on the NWA. 13.2 The MAC Filter Screen The MAC filter profile is a user-configured list of MAC addresse s. Each SSID profile can reference one MAC filter profile.[...]

  • Page 181

    Chapter 13 MAC Filter Scr een NWA-3500/NWA-3550 User’s Guide 181 The following table describes t he labels in this screen. Note: If you configure both the MAC Address Filter table and Group Settings table and a client matches a MAC address specified in both table s, the settings in the Group Settings is applied by the NWA first. Table 48 Wireless[...]

  • Page 182

    Chapter 13 MAC Filt er Screen NWA-3500/NWA-3550 User’s Guide 182[...]

  • Page 183

    NWA-3500/NWA-3550 User’s Guide 183 C HAPTER 14 IP Screen 14.1 Overview The Internet Protocol (IP) address iden tifies a devi ce on a network. Every networking device (including comput ers, se rvers, routers, printers, etc.) needs an IP address to communicate across the netw ork. These netw orking devices are also known as hosts. Figure 104 IP Set[...]

  • Page 184

    Chapter 14 IP Screen NWA-3500/NWA-3550 User’s Guide 184 These parameters should work fo r the majority of installations. 14.2 The IP Screen Use this screen to configure the IP address for y our NWA . Click IP to display the following screen. Figure 105 IP Setup The following table describes t he labels in this screen. Table 49 IP Setup LABEL DESC[...]

  • Page 185

    Chapter 14 IP Scree n NWA-3500/NWA-3550 User’s Guide 185 14.3 Technical Reference This section provides technical backg round information about the topics covered in this chapter. 14.3.1 WAN IP Address Assignment Every computer on the Internet must have a unique IP address. If your networks are isolated from the Internet (only betwee n your two b[...]

  • Page 186

    Chapter 14 IP Screen NWA-3500/NWA-3550 User’s Guide 186[...]

  • Page 187

    NWA-3500/NWA-3550 User’s Guide 187 C HAPTER 15 Rogue AP Detection 15.1 Overview Rogue APs are wireless access points operat ing in a network’s co verage area t hat are not under the control of the network’s administrators, and can open up holes in a network’s security. Atta ckers can take advantage of a rogue AP’s weaker (or non-existent)[...]

  • Page 188

    Chapter 15 Rogue AP Detection NWA-3500/NWA-3550 User’s Guide 188 In the example above, a corporate networ k’ s security is compromised by a rogue AP ( R ) set up by an employee at his workst ation in order to allow him to connect his notebook computer wirelessly ( A ). The company’s legitimate wireless net work (the dashed el lipse B ) is wel[...]

  • Page 189

    Chapter 15 Rogue AP Detectio n NWA-3500/NWA-3550 User’s Guide 189 The friend ly AP list d isplays d etails of a ll the acce ss point s in your area t hat you k n o w a r e n o t a t h r e a t . I f y o u h a v e m o r e t h a n o n e A P i n y o u r n e t w o r k , y o u n e e d t o configure this list to include your ot her AP s. If your wireles[...]

  • Page 190

    Chapter 15 Rogue AP Detection NWA-3500/NWA-3550 User’s Guide 190 This scenario can also be part of a wirele ss denial of service (DoS) attack, i n which associated wireless clients are deprived of network access. Other opportunities for the attacker include the in troduction of malware (malicious software) into the network. 15.2 Configuration Scr[...]

  • Page 191

    Chapter 15 Rogue AP Detectio n NWA-3500/NWA-3550 User’s Guide 191 15.2.1 Friendly AP Screen Use this screen to specif y APs as trusted. Click Rogue AP > Friendly AP . T he following screen appears: Figure 109 Rogue AP Friendly AP The following table describes t he labels in this screen. Import Click this button to upload the previously-saved l[...]

  • Page 192

    Chapter 15 Rogue AP Detection NWA-3500/NWA-3550 User’s Guide 192 15.2.2 Rogue AP Screen Use this scren to dis play details of all wireless access points wit hin the NWA’s coverage area. Click Rogue AP > Rogue AP . The following screen displays. Figure 110 Rogue AP The following table describes t he labels in this screen. Radio Mode The field[...]

  • Page 193

    Chapter 15 Rogue AP Detectio n NWA-3500/NWA-3550 User’s Guide 193 MAC Address This field displays the Medi a Access Control (MAC) address of the AP. All wireless devices have a MAC address that uniquely identifies them. SSID This field displays the Service Set IDentifier (also known as the networ k name) of the AP. Channel This field displays the[...]

  • Page 194

    Chapter 15 Rogue AP Detection NWA-3500/NWA-3550 User’s Guide 194[...]

  • Page 195

    NWA-3500/NWA-3550 User’s Guide 195 C HAPTER 16 Remote Management Screens 16.1 Overview This chapter shows you how to enable remote management of your NWA. It provides information on dete rmining which services or protocols can access which of the NWA’s interfac es. Remote Management allows a user to ad mi nistrate the device ov er the networ k.[...]

  • Page 196

    Chapter 16 Remo te Management Scr eens NWA-3500/NWA-3550 User’s Guide 196 16.1.1 What You Can Do in th e Remote Management Screens •U s e t h e Telnet screen (see Section 16.2 on page 198 ) to con figure through which interface(s) and from which IP a ddress(es) you can use Telnet to manage the NWA. A Telnet connection is prio ritized by the NWA[...]

  • Page 197

    Chapter 16 Remot e Manageme nt Screens NWA-3500/NWA-3550 User’s Guide 197 Note: SNMP is only available if TCP/IP is con figured. Figure 112 SNMP Manageme nt Mode An SNMP managed network consists of tw o main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the NWA). An agent tran[...]

  • Page 198

    Chapter 16 Remo te Management Scr eens NWA-3500/NWA-3550 User’s Guide 198 System Timeout There is a default system management idle timeout of five minutes (three hundred seconds). The NWA automatically logs you out if the management session remains idle for longer t han this timeout period. The manageme nt session does not time out when a statist[...]

  • Page 199

    Chapter 16 Remot e Manageme nt Screens NWA-3500/NWA-3550 User’s Guide 199 16.3 The FTP Screen You can uplo ad and download the N WA’s firmware and configuration files using FTP. To use this feature, your computer must have an FTP client. Secured Client IP Address A secured client is a “trusted” computer that is allowed to communicate with t[...]

  • Page 200

    Chapter 16 Remo te Management Scr eens NWA-3500/NWA-3550 User’s Guide 200 To change your NWA’s FTP settings, cl ick REMOTE MGMT > FTP . The following screen displays. Figure 114 Remote Manageme nt: FTP The following table describes t he labels in this screen. 16.4 The WWW Screen You can choose to configure your NWA via t he World Wide Web ( [...]

  • Page 201

    Chapter 16 Remot e Manageme nt Screens NWA-3500/NWA-3550 User’s Guide 201 To change your NWA’s WWW settings, click REMOTE MGNT > WWW . The following screen shows. Figure 115 Remote Manageme nt: WWW The following table describes t he labels in this screen. Table 56 Remote Mana gement: WWW LABEL DESCRIPTION WWW Server Port This is set to port [...]

  • Page 202

    Chapter 16 Remo te Management Scr eens NWA-3500/NWA-3550 User’s Guide 202 Server Port The HTTPS proxy server listens on port 443 by default. If you change the HTTPS proxy serv er port to a different number on the NWA, for example 8443, then you must notify people who need to access the NWA web configurator to use "https://NWA IP Address: 844[...]

  • Page 203

    Chapter 16 Remot e Manageme nt Screens NWA-3500/NWA-3550 User’s Guide 203 16.5 The SNMP Screen Use this screen to have a manager st ation administrate your NWA over the network. To change your NWA’s SNMP settings, click REMOTE MGMT > SNMP . The following screen displays. Figure 116 Remote Manageme nt: SNMP The following table describes t he [...]

  • Page 204

    Chapter 16 Remo te Management Scr eens NWA-3500/NWA-3550 User’s Guide 204 SNMP Version Select the SNMP version for the NW A. The SNMP version on the NWA must match the version on the SNMP manager. Choose SNMP version 1 ( SNMPv1 ), SNMP version 2 ( SNMPv2 ) or SNMP version 3 ( SNMPv3 ). Trap Community Type the trap community, which is the password[...]

  • Page 205

    Chapter 16 Remot e Manageme nt Screens NWA-3500/NWA-3550 User’s Guide 205 16.5.1 SNMPv3 User Profile Use this screen to configure the SNMPv3 profile. Click Conf igure SNMPv3 User Profile in the REMOTE MGMT > SNMP screen, the following screen displays. Figure 117 Remote Mana gement: SNMPv3 User Profile The following table describes t he labels [...]

  • Page 206

    Chapter 16 Remo te Management Scr eens NWA-3500/NWA-3550 User’s Guide 206 16.6 Technical Reference This section provides some technical ba ckground information about the topics covered in this chapter. 16.6.1 MIB Managed devices in an SMNP managed network contain ob ject variables or managed objects that define each piece of information to be col[...]

  • Page 207

    Chapter 16 Remot e Manageme nt Screens NWA-3500/NWA-3550 User’s Guide 207 device. Examples of variables incl ude such as number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects. SNMP itself is a si mple reques t/response protocol based on the manager/ agent model. The manager issues[...]

  • Page 208

    Chapter 16 Remo te Management Scr eens NWA-3500/NWA-3550 User’s Guide 208 Some traps include an SNMP interface index. The following table maps the SNMP interface indexes to the NWA’s physical and virtual ports. authenticationFailure (defined in RFC-1215 ) 1.3.6.1.6.3 .1.1.5.5 The device sends this trap when it receives any SNMP get or set requi[...]

  • Page 209

    NWA-3500/NWA-3550 User’s Guide 209 C HAPTER 17 Internal RADIUS Server 17.1 Overview This chapter describes how the NWA can us e its internal RADIUS server to authenticate wireless clients. Remote Authentication Dial In User Serv ice (RADIUS) is a protocol that enables you to control acce ss to a network b y authentica ting user creden tials. The [...]

  • Page 210

    Chapter 17 Internal RADIUS Server NWA-3500/NWA-3550 User’s Guide 210 17.1.1 What You Can Do in this Chapter •U s e t h e Setting screen (see Section 17.2 on page 210 ) to turn the NWA’s internal RADIUS server of f or on an d to view information about the NW A’s certificates. •U s e t h e Trusted AP screen (see Section 17.3 on page 212 ) t[...]

  • Page 211

    Chapter 17 Internal RADIUS Server NWA-3500/NWA-3550 User’s Guide 211 The following table describes t he labels in this screen. Table 61 Internal RADIUS Server Setting LABEL DESCRIPTION Active Select this to have the NWA use its internal RADIUS se rver to authenticate wireless clients or other APs. # T his field displays the certificate index numb[...]

  • Page 212

    Chapter 17 Internal RADIUS Server NWA-3500/NWA-3550 User’s Guide 212 17.3 The Trusted AP Screen Use this screen to specif y APs as trusted. Click AUTH. SERVER > Trusted AP. The following screen displays. Figure 120 Trusted AP Screen The following table describes t he labels in this screen. Table 62 Trusted AP Screen LABEL DESCRIPTION # This fi[...]

  • Page 213

    Chapter 17 Internal RADIUS Server NWA-3500/NWA-3550 User’s Guide 213 17.4 The Trusted Users Screen Use this screen to conf igure trusted user entries. Click AUTH. SERVER > Trusted Users . The following screen displays. Figure 121 Trusted Users The following table describes t he labels in this screen. Apply Click Apply to save your changes. Res[...]

  • Page 214

    Chapter 17 Internal RADIUS Server NWA-3500/NWA-3550 User’s Guide 214 17.5 Technical Reference This section provides some technical ba ckground information about the topics covered in this chapter. A trusted AP is an AP that uses the NWA’ s internal RADIUS server to authenti cate its wireless client s. Each wireless clie nt must have a user name[...]

  • Page 215

    Chapter 17 Internal RADIUS Server NWA-3500/NWA-3550 User’s Guide 215 Take the following steps to set up trusted APs and trust ed users. 1 Configure an IP address an d shared secr et in the Trusted AP database to specify an AP as trusted. 2 Configure wireless client user names and passwords in the Trusted Users database to use a trusted AP as a re[...]

  • Page 216

    Chapter 17 Internal RADIUS Server NWA-3500/NWA-3550 User’s Guide 216[...]

  • Page 217

    NWA-3500/NWA-3550 User’s Guide 217 C HAPTER 18 Certificates 18.1 Overview This chapter describes how your NWA can use certificates as a means of authenticating wireless cl ients. It give s background information about public-key certificates and explains how to use them. A certificate contains the certificate owner’ s id entity and public key. [...]

  • Page 218

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 218 18.1.2 What You Need To Know About Certificates The following terms and conc epts may help as you read through t his chapter. The NWA also trusts any valid certifi cate si gned by any of the imported trusted CA certificates . The certif ication au thority cert ificate that you want to imp[...]

  • Page 219

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 219 The following table describes t he labels in this screen. Table 64 Certificates > My Certificates LABEL DESCRIPTION PKI Storage Space in Use This bar displays the percentage of the NWA’s PKI storage space that is currently in use. When you are usi ng 80% or less of the storage spac e[...]

  • Page 220

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 220 18.2.1 My Certificates Import Screen Use this screen to import a certificate from your loc al computer to the NWA. Note: You can import only a certificate that matches a corresponding certif ication request that was generated by the NWA. Click Certificates > My Certificates and then Im[...]

  • Page 221

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 221 Note: You must remove any spaces from the certificate ’s filename before you can import it. Figure 125 Certificates > My Certif icates Import The following table describes t he labels in this screen. Table 65 Certificates > My Certificate Import LABEL DESCRIPTION File Path Type in[...]

  • Page 222

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 222 18.2.2 My Certificates Create Screen Use this screen to have the NWA create a self-signed certificate, enroll a certificate with a certification authorit y or generate a certification request. Click Certificates > My Certificates and then Create to open the My Certificate Create screen[...]

  • Page 223

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 223 Common Name Select a radio button to id entify the certificate’s owner by IP address, domain name or e-mail address. Type the IP address (in dotted decimal notation), domain name or e-mail address in the field provided. The domain name or e-mail address can be up to 31 ASCII characters.[...]

  • Page 224

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 224 After you click Apply in the My Certificate Create screen, you see a screen that tells you the NWA is generating the self-sig ned certific ate or certification request. After the NWA succes sfully enrolls a certif icate or generates a certifi cation request or a self-signed certificate, y[...]

  • Page 225

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 225 18.2.3 My Certificates Details Screen Use this screen to view in-depth ce rtificate information and change the certificate’s name. In the case of a self-si g ned certificat e, you can set it to be the one that the NWA uses to sign the trusted remote hos t certificates that you import to[...]

  • Page 226

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 226 The following table describes t he labels in this screen. Table 67 Certificates > My Certificate Details LABEL DESCRIPTION Name This field displays the identifying na me of this certificate . If you want to change the name, type up to 31 characters to identify this certificate. You may[...]

  • Page 227

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 227 Valid From This field displays the date that the certificate becomes applicable. The text displays in red and includes a Not Yet Valid! message if the certificate has not yet become applicable. Valid To This field displays the date th at the certificate expires. The text displays in red a[...]

  • Page 228

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 228 18.3 Trusted CAs Screen Use this screen to view the list of trus t ed certificates. The NWA ac cepts any valid certificate signed by a certif ication aut hority on this list as being trustworthy. You do not need to import any certi ficate that is signed . Click Certificates > Trusted C[...]

  • Page 229

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 229 18.3.1 Trusted CAs Import Screen Use this screen to save a t rusted certification authority’s certificate to the NWA. Click Certificates > Trusted CAs to op en the Trusted CAs screen and then click Import to open the Trusted CAs Import screen. The following figure dis plays. Note: Yo[...]

  • Page 230

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 230 The following table describes t he labels in this screen. 18.3.2 Trusted CAs Details Screen Use this screen to view in-depth inform ation about the certification authority’s certificate, change the certificate’s na me and set whether or not you want the NWA to check a certifi cation a[...]

  • Page 231

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 231 The following table describes t he labels in this screen. Table 70 Certificates > Trusted CAs Details LABEL DESCRIPTION Name This field displays the identifying na me of this certificate. If you want to change the name, type up to 31 characters to identify this key certificate. You may[...]

  • Page 232

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 232 Valid To This field displays the date that the certificate expires. The text displays in red and includes an Expiring! or Expired! message if the certificate is about to expire or has already expired. Key Algorithm This field displays the type of algorithm that was used to generate the ce[...]

  • Page 233

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 233 18.4 Technical Reference This section provides technical backg round information about the topics covered in this chapter. 18.4.1 Private-Public Certificates When using public-key cryptology for auth enticat ion, each host has two keys. One key is public and can be made openly available. [...]

  • Page 234

    Chapter 18 Certificates NWA-3500/NWA-3550 User’s Guide 234 18.4.3 Checking the Finger print of a Certificate A certificate’s fingerprints are message di gests calculated using the MD5 or SHA1 algorithms. The following procedure describes how to check a certi ficate’s fingerprint to verify that you have the actual certificate. 1 Browse to wher[...]

  • Page 235

    NWA-3500/NWA-3550 User’s Guide 235 C HAPTER 19 Log Screens 19.1 Overview This chapter provides information on vi ewing and generating logs on your NWA. Logs are files that contain recorded netw ork activity over a set period. They are used by administrators to monitor t he he alth of the computer system(s) they are managing. Logs enable administr[...]

  • Page 236

    Chapter 19 Log Scre ens NWA-3500/NWA-3550 User’s Guide 236 •U s e t h e Log Settings screen ( Section 19.3 on page 238 ) to configure where and when the NWA will send the logs, and which logs and/ or immediate alerts it will send. 19.1.2 What You Need To Know About Logs The following terms and conc epts may help as you read through t his chapte[...]

  • Page 237

    Chapter 19 Log Screens NWA-3500/NWA-3550 User’s Guide 237 Click Logs > V iew Log . The foll owing screen displays. Figure 134 Logs > View Log The following table describes t he labels in this screen. Table 71 Logs > View Log LABEL DESCRIPTION Display Select a log category from the drop down list box to display logs within the selected ca[...]

  • Page 238

    Chapter 19 Log Scre ens NWA-3500/NWA-3550 User’s Guide 238 19.3 The Log Settings Screen Use this screen to configure w here an d when the NWA will send the logs, and which logs and/or immediat e alerts to send. Click Logs > Log Settings . The following screen displays. Figure 135 Logs > Log Settings[...]

  • Page 239

    Chapter 19 Log Screens NWA-3500/NWA-3550 User’s Guide 239 The following table describes t he labels in this screen. Table 72 Logs > Log Setting s LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e- mail addresses specified below. If th is field is left bl ank, logs and alert messages[...]

  • Page 240

    Chapter 19 Log Scre ens NWA-3500/NWA-3550 User’s Guide 240 19.4 Technical Reference This section provides some technical ba ckground information about the topics covered in this chapter. 19.4.1 Example Log Messages This section provides description s of some exampl e log messages . Clear log after sending mail S elect the check box to clear all l[...]

  • Page 241

    Chapter 19 Log Screens NWA-3500/NWA-3550 User’s Guide 241 Table 74 ICMP Notes TYPE CODE DESCRIPTION 0 Echo Reply 0 Echo reply message 3 Destination Unreachable 0 Net unreachable 1 Host un reac hable 2 Protocol unreachable 3 Port unreachable 4 A packet that needed fragmentation was dropped because it was set to Don't Fragment (DF) 5 Source ro[...]

  • Page 242

    Chapter 19 Log Scre ens NWA-3500/NWA-3550 User’s Guide 242 19.4.2 Log Commands Go to the command interpre ter interface (ref er to Appendix E on page 357 for a discussion on how to access and use the command s). 19.4.3 Configuring What You Want the NWA to Log Use the sys logs load command to load the log s etting buffer that allows you to configu[...]

  • Page 243

    Chapter 19 Log Screens NWA-3500/NWA-3550 User’s Guide 243 19.4.5 Log Command Example This example shows how to set the NWA to record the error logs and alerts and then view the results. ras> sys logs load ras> sys logs category error 3 ras> sys logs save ras> sys logs display access #. time source destination notes message 0 | 11/11/2[...]

  • Page 244

    Chapter 19 Log Scre ens NWA-3500/NWA-3550 User’s Guide 244[...]

  • Page 245

    NWA-3500/NWA-3550 User’s Guide 245 C HAPTER 20 VLAN 20.1 Overview This chapter discusses how to conf igure VLAN on the NWA. A VLAN (Virtual Local Area Network) allo ws a physical network to be partitioned into multiple logi cal networks. Stations on a logical network can belong to one or more groups. Only stations within th e same group can talk [...]

  • Page 246

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 246 20.1.2 What You Need To Know About VLAN The following terms and conc epts may help as you read through t his chapter. When you use wirel ess VLAN and RADIUS VLAN together, the NWA first tries to assign VLAN IDs based on RADIUS VLAN co nfiguration. If a client’s user name does not match an entry[...]

  • Page 247

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 247 20.2 Wireless VLAN Screen Use this screen to enable and c onfigure your Wireless Virtual L AN setup. Click VLAN > Wireless VLAN . The following screen appears. Figure 137 VLAN > W ireless VLAN The following table describes t he labels in this screen Table 77 VLAN > Wireless VLAN FIELD DE[...]

  • Page 248

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 248 20.2.1 RADIUS VLAN Screen Use this screen to configure your RADIUS Virtual LAN setup. Your RADIUS server assigns VLAN IDs to a user or user group’ s traffic based on what you se t in this screen. Native VLAN Check this to assign the Management VLAN ID as a Native VLAN. Leave this blank if you d[...]

  • Page 249

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 249 Click VLAN > RADIUS VLAN . The following screen appears. Figure 138 VLAN > RADIUS VLAN The following table describes t he labels in this screen. Table 78 VLAN > RADIUS VLAN LABEL DESCRIPTION Block station if RADIUS server assign VLAN name error Select this to have the NWA forbid access t[...]

  • Page 250

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 250 20.3 Technical Reference This section provides some technical ba ckground information and configuration examples abou t the topic s covered in th is chapte r. 20.3.1 VLAN Tagging The NWA supports IEEE 802.1q VLAN taggi ng. Tagged VLAN uses an explicit tag (VLAN ID) in the MAC header of a frame to[...]

  • Page 251

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 251 On an Ethernet switch, create a VLAN th at has the same management VLAN ID as the NWA. The followi ng figure has the NWA connected to port 2 and your computer connected to port 1. The management VLAN ID i s 10. Figure 139 Manageme nt VLAN Configuration Example Perform the following steps in the s[...]

  • Page 252

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 252 8 Click Apply . The foll owing screen displays. Figure 141 VLAN-A ware Switch 9 Click VLAN S tatus t o display the following screen. Figure 142 VLAN-Aware Switch - VLAN Status Follow the instructions in the Quick Start Guide to set up your NWA for configura tion. The NWA should be con nec ted to [...]

  • Page 253

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 253 3 Click Apply . Figure 143 VLAN Setup 4 The NWA attempts to connect with a VL AN-aware device. You can now access and mange the NWA though the Ethernet switch. Note: If you do not connect the NWA to a correctly configured VLAN-aware device, you will lock yourself out of the NWA. If this happens, [...]

  • Page 254

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 254 ZyXEL uses the following standard RADIUS attributes returned from Microso ft’s IAS RADIUS service to place the wire less station into the correct VLAN: The following occurs under Dynamic VLAN Assignment: 1 When you configure your wireless credenti als, the NWA sends the information to the IAS s[...]

  • Page 255

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 255 1c Select the Security Group type parameter check box. 1d Click OK . Figure 144 New Global Security Group 2 In VLAN Group ID Properties , click th e Members tab. Note: The IAS uses group memberships to dete rmine which user accounts belong to which VLAN groups. Click the Add button and configure [...]

  • Page 256

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 256 1 Using the Remote Access Policy option on the Internet Authentication Service management interface, create a new VLAN Policy for each VLAN Group defined in the previous section. The or der of the remote access policies is important. The most specific policies should be placed at the top of the p[...]

  • Page 257

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 257 3 In the Select Attribute screen, click Wind ows-Groups and the Add button. Figure 147 Specifyin g Windows-Group Condition 4 The Select Groups window displ ays. Sele ct a remote ac cess poli cy and click the Add button. The policy is added to the fi eld below. Only one V LAN Group shou ld be asso[...]

  • Page 258

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 258 6b Click the Edit Profile button. Figure 149 Granting Permissions a nd User Profile Screens 7 The Edit Dial-in Profile screen displays. Click the Authentication tab and sel ect the Extensible Authentication Protocol check box. 7a Select an EAP ty pe depend ing on your authentication needs from th[...]

  • Page 259

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 259 8 Click the Encryption tab. Select the Strongest encryption option. This step is not required for EAP-MD5, but is performed as a safeguard. Figure 151 Encryp tion Tab Settings 9 Click the IP tab and select the Client may request an IP address check box for DHCP support. 10 Click the Advanced tab.[...]

  • Page 260

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 260 11 The RADIUS Attribute screen di splays. From the list, three RADIUS attributes will be added: • Tunnel-Medium-T ype • Tunnel-Pvt-Group-ID • Tunnel-Type 11a Click the Add button 11b Select Tunnel-Medium-Type 11c Click the Add button. Figure 153 RADIUS Attribute Screen 12 The Enumerable Att[...]

  • Page 261

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 261 13 Return to the RADIUS Attribute Screen shown as Figure 153 on page 260 . 13a Select Tunnel-Pvt-Group-ID. 13b Click Add . 14 The Attribute Information scre en displays. 14a In the Enter the attribute value in: field select String and type a number in the range 1 to 4094 or a Name for this policy[...]

  • Page 262

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 262 16b Click OK . Figure 156 VLAN Attribute Setting for Tunnel-Type 17 Return to the RADIUS Attribute Screen shown as Figure 153 on page 260 . 17a Click the Close button. 17b The completed Advanced tab config uration should re semble the fol lowing screen. Figure 157 Completed Advanced Tab Note: Rep[...]

  • Page 263

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 263 20.3.4 Second Rx VLAN ID Example In this example, the NWA is configured to tag packets from SSID0 1 with VLAN ID 1 and tag packets from SSID02 with VLAN ID 2. VLA N 1 and VLAN 2 have access to a server, S , and the Internet, as show n in the follo wing fi gure. Figure 158 Second Rx VLAN ID Exampl[...]

  • Page 264

    Chapter 20 VLAN NWA-3500/NWA-3550 User’s Guide 264 2 Click VLAN > Wireless VLAN . 3 If VLAN is not already enabled, click Ena ble Virtual LAN and set up the Management VLAN ID (see Section 20.3.2 on page 2 50 ). Note: If no devices are in the management VLAN, then no one will be able to access the NWA and you will have to restore the de fault [...]

  • Page 265

    NWA-3160 Series User’s Guide 265 C HAPTER 21 Load Balancing 21.1 Overview Wireless load balancing is the process whereby you limit the number of connections allowed on an wireless access point (AP) or you limit the amount of wireless traffic transmitted and received on it . Because there is a hard upper limit on the AP’s wireless bandwi dth, th[...]

  • Page 266

    Chapter 21 Load Balancing NWA-3160 Series User’s Guide 266 Imagine a coffee shop in a crowded business distri ct that offers free wireless connectivity to its customers. The c off ee shop owner can’t possibly know how many connections his NWA w ill have at an y given moment. As such, he decides t o put a limit on the ba ndwidth that is av ailab[...]

  • Page 267

    Chapter 21 L oad Balancing NWA-3160 Series User’s Guide 267 The requirements for load balanc ing are fair ly straig ht forwar d and shou ld be met in order for a gr oup of similar NWAs to ta ke advantage of the feature: • They should all be within t he same subnet. • They should all have the same SSI D, radio mode , and security mo de. • Th[...]

  • Page 268

    Chapter 21 Load Balancing NWA-3160 Series User’s Guide 268 21.2.1 Disassociating and Delaying Connections When your AP becomes overloaded, there are two basic responses it c an take. The first one is t o “delay” a cl ient connecti on. This means that the AP withholds the connection unt il the data transfe r throughput is lowere d or the clien[...]

  • Page 269

    Chapter 21 L oad Balancing NWA-3160 Series User’s Guide 269 can afford the bandwidth for it or the red la ptop is p icked up by a different AP that has bandwidth to spare. Figure 162 Delaying a Co nnection The second response your AP can take is to kick the connecti ons that are pushing it over its balanced bandwidth allotment. Figure 163 Kicking[...]

  • Page 270

    Chapter 21 Load Balancing NWA-3160 Series User’s Guide 270[...]

  • Page 271

    NWA-3160 Series User’s Guide 271 C HAPTER 22 Dynamic Channel Selection 22.1 Overview This chapter discusses how to configure dynamic channel selection on the NWA. Dynamic channel selection is a feature t h at allows your NWA to automatically select the radio channel upon which i t broadcasts by scanning the area around and determining what channe[...]

  • Page 272

    Chapter 22 Dynamic Channel Selection NWA-3160 Series User’s Guide 272 In this example, if the NWA attempts to broadcast on channels 1, 6, or 11 it is met with cross-channel interf erence from the ot her AP that share s the channel . This can result in noticeably sl ower da ta transfer rates, the dropping of the connection altogether, or even lost[...]

  • Page 273

    Chapter 22 Dynamic Channel Selection NWA-3160 Series User’s Guide 273 DCS Sensitivity Level Selec t the NWA’s sensitivity level toward other channels. Options are High , Medium , and Low . Generally, as long as the area in which your NWA is located has minimal interference from other devices you can set the DCS Sensitivity Level to Low . This m[...]

  • Page 274

    Chapter 22 Dynamic Channel Selection NWA-3160 Series User’s Guide 274[...]

  • Page 275

    NWA-3500/NWA-3550 User’s Guide 275 C HAPTER 23 Maintenance 23.1 Overview This chapter describes the maintenance screens. It discusses how you can view the association list and channel us age, upload new firmware, manage configuration and rest art your NW A without turning it of f and on. 23.2 What You Can Do in the Maintenance Screens The followi[...]

  • Page 276

    Chapter 23 Maintenance NWA-3500/NWA-3550 User’s Guide 276 Find firmware at www.zyxel.com in a fil e that (usuall y) uses the system model name with a "*.b in" exte nsion, f or examp le "[Mode l #].bin ". The u pload pr ocess uses HTTP (Hypertext Transfer Proto col) and may take up to two mi nutes. After a successful upload, th[...]

  • Page 277

    Chapter 23 Maintenance NWA-3500/NWA-3550 User’s Guide 277 Note: The Poll Interval field is configurable. The fields in this screen vary according to the current wireless mode of ea ch WLAN adaptor. Figure 167 Maintenance > System Status: Show Statistics The following table describes t he labels in this screen. Table 83 Maintenance > Syste m[...]

  • Page 278

    Chapter 23 Maintenance NWA-3500/NWA-3550 User’s Guide 278 23.5 Association List Screen Use this screen to know which wireless clie nts are associated with the NWA. Click Maintenance > Association List . The following screen displays. Figure 168 Association L ist he following tabl e describes the labels in t his screen. WLAN2 This section displ[...]

  • Page 279

    Chapter 23 Maintenance NWA-3500/NWA-3550 User’s Guide 279 23.6 Channel Usage Screen Use this screen to see what channel the wireless clients are using to associate with the NWA, as well as the signal strength and network mode. Click Maintenance > Channel Usage . The following figure displays. Wait a moment while the NWA compiles the informatio[...]

  • Page 280

    Chapter 23 Maintenance NWA-3500/NWA-3550 User’s Guide 280 The following table describes t he labels in this screen. 23.7 F/W Upload Screen Use this scren to up load firmware to your NWA. Click MAINTENANCE > F/W Up load . The following screen displays. . Figure 170 Maintenance > F /W Upload Table 85 Channel Usage LABEL DESCRIPTION SSID This [...]

  • Page 281

    Chapter 23 Maintenance NWA-3500/NWA-3550 User’s Guide 281 The following table describes t he labels in this screen. Do not turn off the NWA while firmware upload is in progress! After you see the Firmware Upload in Process screen, wait two minutes before logging into the N WA again. Figure 171 Firmware Upload In Process The NWA automatically rest[...]

  • Page 282

    Chapter 23 Maintenance NWA-3500/NWA-3550 User’s Guide 282 If the upload was not successful , the following screen will appear. Click Return to go back to the F/W Upload screen. Figure 173 Firmware Upload Error 23.8 Configuration Screen Use this screen backup or upload your NWA’s configuration file. You can also reset the configu ration o f your[...]

  • Page 283

    Chapter 23 Maintenance NWA-3500/NWA-3550 User’s Guide 283 configur ation file before making c onfigur ation changes. The backup configuration file will be us eful in case you need to return to your previo us settings . Click Backup to save the NWA’s current configuration to your computer. 23.8.2 Restore Configuration Restore configuration allow[...]

  • Page 284

    Chapter 23 Maintenance NWA-3500/NWA-3550 User’s Guide 284 address (192.168.1.2). See your Quick Star t Guide for details on how to set up your computer’s IP address. If the upload was not successful , the following screen will appear. Click Return to go back to the Configuration screen. Figure 177 Configuratio n Upload E rror 23.8.3 Back to Fac[...]

  • Page 285

    Chapter 23 Maintenance NWA-3500/NWA-3550 User’s Guide 285 Click Maintenance > Restart . The follow ing screen displays. Click Restart to have the NWA reboot. This does not affect the NWA's configuration. Figure 179 Restart Screen[...]

  • Page 286

    Chapter 23 Maintenance NWA-3500/NWA-3550 User’s Guide 286[...]

  • Page 287

    287 P ART III Troubleshooting and Specifications Troubleshooting (289) Product Specifications (297)[...]

  • Page 288

    288[...]

  • Page 289

    NWA-3500/NWA-3550 User’s Guide 289 C HAPTER 24 Troubleshooting 24.1 Overview This chapter offers some suggestions t o solve problems you might encount er. The potential problems are divided into the following categories . • Power, Hardware Connections, and LED s • NWA Access and Login • AP Management Modes • Internet Access • Wireless R[...]

  • Page 290

    Chapter 24 Trou bleshooting NWA-3500/NWA-3550 User’s Guide 290 • Inspect your cables for damage. Contact the vendor to replace any damaged cables. • Disconnect and re-connect th e power adaptor to the NWA. • If the probl em continue s, contact the vendor. 24.3 NWA Access and Login I forgot the IP address for the NWA. • The default IP addr[...]

  • Page 291

    Chapter 24 Trou bleshooting NWA-3500/NWA-3550 User’s Guide 291 • The default password is 1234 . • If this does not work, you have to rese t the device to its factory defaults. See Section 2.3 on page 38 . I cannot see or access the Login screen in the w eb configurator. • Make sure you are using the correct IP address. • The default IP ad[...]

  • Page 292

    Chapter 24 Trou bleshooting NWA-3500/NWA-3550 User’s Guide 292 • Disconnect and re-connect the po wer adaptor or cord to the NWA. • If this does not work, you have to rese t the device to its factory defaults. See Section 2.3 on page 38 . I cannot access the NWA via the console port. • Check to see if the NW A is connected to your comp uter[...]

  • Page 293

    Chapter 24 Trou bleshooting NWA-3500/NWA-3550 User’s Guide 293 The secondary controller AP’s wireless profiles do not appear in my wireless network. In case you have both primary and seco ndary controller APs in the network, the secondary controller AP’s WLAN radio is turned off as long as the primary controller AP is turned on. Thus, you wil[...]

  • Page 294

    Chapter 24 Trou bleshooting NWA-3500/NWA-3550 User’s Guide 294 24.5 Internet Access I cannot access the Internet. • Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 24.2 on page 289 . • Make sure you entered your I SP account infor mation correctly. These fields are case-se[...]

  • Page 295

    Chapter 24 Trou bleshooting NWA-3500/NWA-3550 User’s Guide 295 Check the settings for QoS. If it is disabled, you might consider activating it. If it is enabled, you might consider rais ing or lowering the priority for some applications. 24.6 Wireless Router/AP Troubleshooting I cannot access the NWA or ping any computer fr om the WLAN. • Make [...]

  • Page 296

    Chapter 24 Trou bleshooting NWA-3500/NWA-3550 User’s Guide 296[...]

  • Page 297

    NWA-3500/NWA-3550 User’s Guide 297 C HAPTER 25 Product Specifications The following tables summarize the NW A’s hardware and firmware features. Table 89 NWA-3500 Hardwar e Specifications Table 88 NWA-3550 Hardwar e Specifications SPECIFICATION DESCRIPTION Dimensions 256 (W) x 246 (D) x 82 (H) mm Weight 2000 g Power PoE draw: 48V 20W at least Et[...]

  • Page 298

    Chapter 25 Product Specifications NWA-3500/NWA-3550 User’s Guide 298 Table 90 Firmware Specifications Antenna Specifications SMA antenna connectors, equipped by default with 2dBi omni antenna, 60° When facing the front of the NWA, the antenn a on the right is used by wireless LAN adaptor WLAN 1, and the antenna on the left is used by wireless LA[...]

  • Page 299

    Chapter 25 Product Specifications NWA-3500/NWA-3550 User’s Guide 299 SSL Passthrough SSL (Secure Sockets Layer) uses a public key to encrypt data that's transmitted over an SSL connection. Both Netscape Navigator and Internet Ex plorer support SSL, and many Web sites use the protocol to obtain confidential u ser information, such as credit c[...]

  • Page 300

    Chapter 25 Product Specifications NWA-3500/NWA-3550 User’s Guide 300 Table 91 Other Specifications Approvals Radio •U S A : FCC Part 15C 15.247 FCC Part 15E 15.407 FCC OET65 •E U : ETSI EN 300 328 V1.7.1 ETSI EN 301 893 V1.2.3 •T a i w a n : DGT LP0002 • Canada: Industry Canada RSS-210 • Australia: AS/NZS 4268 EMC/ EMI •U S A : FCC Pa[...]

  • Page 301

    Chapter 25 Product Specifications NWA-3500/NWA-3550 User’s Guide 301 Compatible ZyXEL Antennas At the time of writ ing, you can use th e following antennas in your N WA. Table 92 NWA Co mpatible Antennas MODEL FEATURE S EXT-108 EXR-109 EXT-114 EXT-118 ANT2206 ANT3108 ANT3218 Frequency Band (MHz) 2400 ~ 2500 2400 ~ 2500 2400 ~ 2500 2400 ~ 2500 240[...]

  • Page 302

    Chapter 25 Product Specifications NWA-3500/NWA-3550 User’s Guide 302 Compatible ZyXEL Antenna Cables The following table shows you the cables you can use in the NWA to extend your connection to ant ennas at the time of writing. Power over Ethernet (PoE) Specifications You can use a power over Ethernet injector to power this device. The injector m[...]

  • Page 303

    303 P ART IV Appendices and Index Setting Up Your Computer’s IP Address (305) Wireless LANs (331) Pop-up Windows, JavaScripts and Java Permissions (347) Importing Certificates (355) IP Addresses and Subnetting (381) Text File Based Auto Configuration (391) Legal Information (399) Index (403)[...]

  • Page 304

    304[...]

  • Page 305

    NWA-3500/NWA-3550 User’s Guide 305 A PPENDIX A Setting Up Your Computer’s IP Address Note: Your specific ZyXEL de vice may not support all of the operatin g systems described in this appendix. See the produc t specifications for mo re information about which operating systems are sup ported. This appendix shows you how to configure the IP setti[...]

  • Page 306

    Appendix A Se tting Up Your Computer’s IP Addres s NWA-3500/NWA-3550 User’s Guide 306 1 Click Start > Control Panel . Figure 180 Windows XP: Start Menu 2 In the Control Panel , click the Network Connections icon. Figure 181 Windows XP: Control Panel[...]

  • Page 307

    Appendix A Setting Up Your Compu ter’s IP Address NWA-3500/NWA-3550 User’s Guide 307 3 Right-click Local Area Connection and then select Properti es . Figure 182 Windows XP: Control Panel > Ne twork Connections > Properties 4 On the General tab, select Internet Pr otocol (TCP/IP) and then click Properties . Figure 183 Windows XP: Local Ar[...]

  • Page 308

    Appendix A Se tting Up Your Computer’s IP Addres s NWA-3500/NWA-3550 User’s Guide 308 5 The Internet Protocol TCP/IP Properties window opens. Figure 184 Windows XP: Internet Protocol (T CP/IP) Properties 6 Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically. Select Use the following[...]

  • Page 309

    Appendix A Setting Up Your Compu ter’s IP Address NWA-3500/NWA-3550 User’s Guide 309 Windows Vista This section shows screens from Windows Vista Professional. 1 Click Start > Control Panel . Figure 185 Windows Vista: Start Menu 2 In the Control Panel , click the Network and Internet icon. Figure 186 Windows Vista: Control Panel 3 Click the N[...]

  • Page 310

    Appendix A Se tting Up Your Computer’s IP Addres s NWA-3500/NWA-3550 User’s Guide 310 4 Click Manage network conne ctions . Figure 188 Windows Vista: Network and Sharing Cen ter 5 Right-click Local Area Connection and then select Properti es . Figure 189 Windows Vista: Network and Sharing Cen ter Note: During this procedure, click Continue when[...]

  • Page 311

    Appendix A Setting Up Your Compu ter’s IP Address NWA-3500/NWA-3550 User’s Guide 311 6 Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties . Figure 190 Windows Vista: Local Area Connection Properties[...]

  • Page 312

    Appendix A Se tting Up Your Computer’s IP Addres s NWA-3500/NWA-3550 User’s Guide 312 7 The Internet Protocol Versio n 4 (TCP/IPv4) Properties window opens. Figure 191 Windows Vista: Internet Proto col Version 4 (TCP/IPv4) Properties 8 Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamic[...]

  • Page 313

    Appendix A Setting Up Your Compu ter’s IP Address NWA-3500/NWA-3550 User’s Guide 313 Mac OS X: 10.3 and 10.4 The screens in this section are from Mac OS X 10.4 but can als o apply to 10.3. 1 Click Apple > System Preferences . Figure 192 Mac OS X 10.4: Apple Menu 2 In the System Preferences window, clic k the Network icon. Figure 193 Mac OS X[...]

  • Page 314

    Appendix A Se tting Up Your Computer’s IP Addres s NWA-3500/NWA-3550 User’s Guide 314 3 When the Network preferences pane opens, select Built-in Ethernet from the network connection type list, and then click Configure. Figure 194 Mac OS X 10.4: Network Preferences 4 For dynamically assigned settings, select Using D HCP from the Configure IPv4 l[...]

  • Page 315

    Appendix A Setting Up Your Compu ter’s IP Address NWA-3500/NWA-3550 User’s Guide 315 5 For statically assigned settings, do the following: •F r o m t h e Configure IPv4 list, se lect Manually . •I n t h e IP Address field, type your IP address. •I n t h e Subnet Mask field, type your subnet mask. •I n t h e Router field, type the IP ad [...]

  • Page 316

    Appendix A Se tting Up Your Computer’s IP Addres s NWA-3500/NWA-3550 User’s Guide 316 Click Apply No w and close the window. Verifying Settings Check your TCP/IP prop erties by clicking Applications > Utilities > Network Utilities , and then selecting the appropriat e Network Interface from the Info tab. Figure 197 Mac OS X 10.4: Network [...]

  • Page 317

    Appendix A Setting Up Your Compu ter’s IP Address NWA-3500/NWA-3550 User’s Guide 317 2 In System Preferences , click the Net work ic on. Figure 199 Mac OS X 10.5: Systems Preferences[...]

  • Page 318

    Appendix A Se tting Up Your Computer’s IP Addres s NWA-3500/NWA-3550 User’s Guide 318 3 When the Network preferences pane opens, select Ethe rnet from the list of available connection types. Figure 200 Mac OS X 10.5: Network Preferences > Ethernet 4 From the Configure lis t, sele ct Using DHCP for dynamically assigned settings. 5 For statica[...]

  • Page 319

    Appendix A Setting Up Your Compu ter’s IP Address NWA-3500/NWA-3550 User’s Guide 319 •I n t h e Router field, enter the IP address of your NWA. Figure 201 Mac OS X 10.5: Network Preferences > Ethernet 6 Click Apply and close the w indow.[...]

  • Page 320

    Appendix A Se tting Up Your Computer’s IP Addres s NWA-3500/NWA-3550 User’s Guide 320 Verifying Settings Check your TCP/IP prop erties by clicking Applications > Utilities > Network Utilities , and then selecting the appropriat e Network interface from the Info tab. Figure 202 Mac OS X 10.5: Network Utility Linux: Ubuntu 8 (GNOME) This se[...]

  • Page 321

    Appendix A Setting Up Your Compu ter’s IP Address NWA-3500/NWA-3550 User’s Guide 321 1 Click System > Administration > Network . Figure 203 Ubuntu 8: System > Administration Menu 2 When the Network Settings wi ndow opens, click Unlock to open t he Authenticate window. (By default, the Unlock button is greyed out until clicke d.) You ca[...]

  • Page 322

    Appendix A Se tting Up Your Computer’s IP Addres s NWA-3500/NWA-3550 User’s Guide 322 3 In the Authenticate window, enter yo ur admin a ccount name and password then click the Authenticate button. Figure 205 Ubuntu 8: Administrator Account Authenticat ion 4 In the Network Settings window, select the connect ion that you want to configure, then [...]

  • Page 323

    Appendix A Setting Up Your Compu ter’s IP Address NWA-3500/NWA-3550 User’s Guide 323 5 The Properties dialog box opens. Figure 207 Ubuntu 8: Network Settings > Properties •I n t h e Configuration list, sele ct Automatic Configuration (DHCP) if you have a dynamic IP address. •I n t h e Configuration list, select Static IP ad dress if you [...]

  • Page 324

    Appendix A Se tting Up Your Computer’s IP Addres s NWA-3500/NWA-3550 User’s Guide 324 7 If you know your DNS server IP address(es), click the DN S tab in the Network Settings window and then enter the DNS se rver information in the fields provided. Figure 208 Ubuntu 8: Network Settings > DNS 8 Click the Close button to apply the changes. Ver[...]

  • Page 325

    Appendix A Setting Up Your Compu ter’s IP Address NWA-3500/NWA-3550 User’s Guide 325 tab. The Interface Statistics column shows data if your connection is working properly. Figure 209 Ubuntu 8: Network Tools Linux: openSUSE 10.3 (KDE) This section shows you how to configure yo ur comput er’s TCP/IP settings i n the K Desktop Environment (KDE [...]

  • Page 326

    Appendix A Se tting Up Your Computer’s IP Addres s NWA-3500/NWA-3550 User’s Guide 326 1 Click K Menu > Computer > Administrator Se ttings (YaST) . Figure 210 openSUSE 10.3: K Menu > Computer Menu 2 When the Run as R oot - KDE su dialog opens, enter the admin password and click OK . Figure 211 openSUSE 10.3: K Menu > Computer Menu[...]

  • Page 327

    Appendix A Setting Up Your Compu ter’s IP Address NWA-3500/NWA-3550 User’s Guide 327 3 When the YaST Contro l Center window opens, select Network Devices and then clic k the Network Card icon. Figure 212 openSUSE 10.3: Ya ST Control Center 4 When the Network Settings window opens, click the Overview tab, select the appropriate connection Name f[...]

  • Page 328

    Appendix A Se tting Up Your Computer’s IP Addres s NWA-3500/NWA-3550 User’s Guide 328 5 When the Network Card Setup window opens, click the Address tab Figure 214 openSUSE 10.3: Ne twork Card Setup 6 Select Dynamic Address (DHCP) if you have a dynamic IP address. Select Statically assigned IP Address if you have a static IP address. Fill in the[...]

  • Page 329

    Appendix A Setting Up Your Compu ter’s IP Address NWA-3500/NWA-3550 User’s Guide 329 8 If you know your DNS server IP address(es), click the Hostname/DNS tab in Network Settings and then enter the DNS server information in the fields provided. Figure 215 openSUSE 10.3: Ne twork Settings 9 Click Finish to save your settings and close the wi ndow[...]

  • Page 330

    Appendix A Se tting Up Your Computer’s IP Addres s NWA-3500/NWA-3550 User’s Guide 330 Verifying Settings Click the KNetwork Manager icon on the Task bar t o check your TCP/IP properties. From the Option s sub-me nu, se lect Show Connectio n Information . Figure 216 openSUSE 10.3: KNet work Manager When the Connection Statu s - KNetwork Manager [...]

  • Page 331

    NWA-3500/NWA-3550 User’s Guide 331 A PPENDIX B Wireless LANs Wireless LAN Topologies This section discuss es ad-hoc and infr as tructure wireles s LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configurat ion is an in dependent ( Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or m[...]

  • Page 332

    Appendix B Wireless LANs NWA-3500/NWA-3550 User’s Guide 332 with each other. When Int ra-BSS is disabled, wirel ess client A and B can sti ll access the wired network but cannot communicate with eac h other. Figure 219 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, wi[...]

  • Page 333

    Appendix B Wir eless LANs NWA-3500/NWA-3550 User’s Guide 333 An ESSID (ESS IDentification ) uniquely identifi es each ESS. All access p oints and their associated wirel ess clients within the same ESS must have the same ESSID in order to comm unicate. Figure 220 Infrastructure WLAN Channel A channel is the radio frequency(ies) us ed by IEEE 802.1[...]

  • Page 334

    Appendix B Wireless LANs NWA-3500/NWA-3550 User’s Guide 334 wireless gateway, but out-of-range of each other, so t hey cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are consider ed hi dden from each other. Figure 221 RTS/CTS When station A sends data to the AP, it mi ght not k[...]

  • Page 335

    Appendix B Wir eless LANs NWA-3500/NWA-3550 User’s Guide 335 Fragmentation Threshold A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes) that can be sent in the wireless network before the AP will fragment the packet into smaller data frames. A large Fragmentation Threshold is recommended for networks not pron[...]

  • Page 336

    Appendix B Wireless LANs NWA-3500/NWA-3550 User’s Guide 336 several intermediate rate steps between the maximum and minimum data rates. The IEEE 802.11g data rate and modulation are as follows: Wireless Security Overview Wireless security is vital t o your ne twork to protect wireless communication between wireless client s, acce ss point s and t[...]

  • Page 337

    Appendix B Wir eless LANs NWA-3500/NWA-3550 User’s Guide 337 IEEE 802.1x In June 2001, the IEEE 802.1x standard wa s designed to extend the features of IEEE 802.11 to support extended authentica tion as well as providing addi tional accounting and control features. It is su pported by Windows XP and a number of network devices. Some advantages of[...]

  • Page 338

    Appendix B Wireless LANs NWA-3500/NWA-3550 User’s Guide 338 • Access-Challeng e Sent by a RADIUS server reques ting more informat ion in order to allow access. The access point sends a proper response from the user and then sends another Access- Request m essage . The following types of RADIUS messages are exchanged between the access point and[...]

  • Page 339

    Appendix B Wir eless LANs NWA-3500/NWA-3550 User’s Guide 339 However, MD5 authentication has some weaknesses. Since the authentication server needs to get the plai ntext passwor d s, the passwords must be stored. Thus someone other than the auth entication server may access t he password file. In addition, it is possible to impersonat e an authen[...]

  • Page 340

    Appendix B Wireless LANs NWA-3500/NWA-3550 User’s Guide 340 Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection ti me s out, disc onnects or reauthentication times out. A new WEP key is generated ea ch time reauth entication is performed . If this featu re is en[...]

  • Page 341

    Appendix B Wir eless LANs NWA-3500/NWA-3550 User’s Guide 341 If the AP or the wireless clients do no t support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not. Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure than WPA or WPA2. Encryption Both WPA and WP[...]

  • Page 342

    Appendix B Wireless LANs NWA-3500/NWA-3550 User’s Guide 342 keys. This prevent all wireless devices s haring the same encryption keys. (a weakness of WEP) User Authentication WPA and WPA2 apply IEEE 802.1x and Extens ible Authenti cation Protocol (EAP) to authenticate wireless clients using an ex ternal RADIUS database. WPA2 reduces the number of[...]

  • Page 343

    Appendix B Wir eless LANs NWA-3500/NWA-3550 User’s Guide 343 3 The RADIUS server distributes a Pairwise Master Key (PMK) key t o the AP that then sets up a key hierar chy and management syst em, using the pair-wise key to dynamically generate unique data encrypt ion keys to encrypt every data packet that is wirele ssly comm unicate d between th e[...]

  • Page 344

    Appendix B Wireless LANs NWA-3500/NWA-3550 User’s Guide 344 4 The AP and wireless clients use the TKIP or AES encryption process to encrypt data exchanged between them. Figure 223 WPA(2)-PSK Authentication Security Parameters Summary Refer to this table to see what other secu rity parameters you should configure for each Authentication Method/ ke[...]

  • Page 345

    Appendix B Wir eless LANs NWA-3500/NWA-3550 User’s Guide 345 Antenna Overview An antenna couples RF signals onto air. A transmitter wi thin a wireless device sends an RF signal to the antenna, whic h propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air. Positioning the antennas properly [...]

  • Page 346

    Appendix B Wireless LANs NWA-3500/NWA-3550 User’s Guide 346 • Omni-directional antennas send the RF si gn al out in all directions on a horizontal plane. The coverage area is torus-sh aped (like a donut) which makes these antennas ideal for a room environment. Wi th a wi de coverage area, it is possible to make circular overlapping coverage are[...]

  • Page 347

    NWA-3500/NWA-3550 User’s Guide 347 A PPENDIX C Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your devi ce. • JavaScripts (enabled by default). • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here . Screens for oth[...]

  • Page 348

    Appendix C Pop-up Windows, JavaScripts and Java Perm issions NWA-3500/NWA-3550 User’s Guide 348 1 In Internet Explorer, select Tools , Internet Options , Privacy . 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 225 Internet Options: Privacy 3 Clic[...]

  • Page 349

    Appendix C Pop-up Windows, JavaScripts and Java Per missions NWA-3500/NWA-3550 User’s Guide 349 2 Select Settings… to open the Pop-up Blocker Settings screen. Figure 226 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want t o have blocked) with the prefix “http ://”. For example, htt p://192.168[...]

  • Page 350

    Appendix C Pop-up Windows, JavaScripts and Java Perm issions NWA-3500/NWA-3550 User’s Guide 350 4 Click Add to move the IP address to the list of Allowed si tes . Figure 227 Pop-up Blo cker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setti ng. JavaScripts If pages of the web configurator d o not display prop[...]

  • Page 351

    Appendix C Pop-up Windows, JavaScripts and Java Per missions NWA-3500/NWA-3550 User’s Guide 351 1 In Internet Explorer, click Tools , Internet Options and then the Security tab . Figure 228 Internet Options: Secu rity 2 Click the Custom Level... button . 3 Scroll down to Scriptin g . 4 Under Active scripting make sure that Enable is selected (the[...]

  • Page 352

    Appendix C Pop-up Windows, JavaScripts and Java Perm issions NWA-3500/NWA-3550 User’s Guide 352 6 Click OK to close the window. Figure 229 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer, click Tools , Internet Options and then the Security tab. 2 Click the Custom Level... button . 3 Scroll down to Microsoft VM . 4 Un[...]

  • Page 353

    Appendix C Pop-up Windows, JavaScripts and Java Per missions NWA-3500/NWA-3550 User’s Guide 353 5 Click OK to close the window. Figure 230 Security Settings - Java JAVA (Sun) 1 From Internet Explorer, click Tools , Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> un der Java (Sun) is selected.[...]

  • Page 354

    Appendix C Pop-up Windows, JavaScripts and Java Perm issions NWA-3500/NWA-3550 User’s Guide 354 3 Click OK to close the window. Figure 231 Java (Sun)[...]

  • Page 355

    NWA-3500/NWA-3550 User’s Guide 355 A PPENDIX D Importing Certificates This appendix shows you how to i mport public key c ertificates into your web browser. Public key certificates are used by web br owsers to ensure that a secure web site is legitimate. When a certificate authorit y such as VeriSign, Comodo, or Network Solutions, to name a few, [...]

  • Page 356

    Appendix D Importing Certificates NWA-3500/NWA-3550 User’s Guide 356 1 If your device’s web configurator is set to use SSL certification, then t he first time you browse to it you are presented with a certification error. Figure 232 Internet Explorer 7: Cert ification Error 2 Click Continue to this website (not recommended) . Figure 233 Interne[...]

  • Page 357

    Appendix D Importi ng Certificates NWA-3500/NWA-3550 User’s Guide 357 4 In the Certificate dialog box, c lick Install Certificate . Figure 235 Internet Explorer 7: Cert ificate 5 In the Certificate Import Wizard , click Next . Figure 236 Internet Explorer 7: Cert ificate Import Wizard[...]

  • Page 358

    Appendix D Importing Certificates NWA-3500/NWA-3550 User’s Guide 358 6 If you want Internet Explorer to Automatically select certificate store based on the type of certificate , click Next again and then go to step 9. Figure 237 Internet Explorer 7: Cert ificate Import Wizard 7 Otherwise, select Place all certifica tes in the following store and [...]

  • Page 359

    Appendix D Importi ng Certificates NWA-3500/NWA-3550 User’s Guide 359 8 In the Select Certificate Store dialog box, choose a location in which to save the certificate and then clic k OK . Figure 239 Internet Explorer 7: Select Certificate Store 9 In the Completing the Certificate Import Wizard screen, click Finish . Figure 240 Internet Explorer 7[...]

  • Page 360

    Appendix D Importing Certificates NWA-3500/NWA-3550 User’s Guide 360 10 If you are presented with another Security Warning , click Yes . Figure 241 Internet Explorer 7: Securit y Warning 11 Finally, click OK when presented with the su cces sful certificate installation message. Figure 242 Internet Explorer 7: Cert ificate Import Wizard 12 The nex[...]

  • Page 361

    Appendix D Importi ng Certificates NWA-3500/NWA-3550 User’s Guide 361 Installing a Stand-Alone Certifi cate File in Internet Explorer Rather than browsi ng to a ZyXEL web co nfigurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you. 1 Double-click the public key [...]

  • Page 362

    Appendix D Importing Certificates NWA-3500/NWA-3550 User’s Guide 362 1 Open Internet Explorer and click Tools > Internet Options . Figure 246 Internet Explorer 7: T ools Menu 2 In the Internet Options dialog box, cl ick Content > Certificates . Figure 247 Internet Explorer 7: I nternet Options[...]

  • Page 363

    Appendix D Importi ng Certificates NWA-3500/NWA-3550 User’s Guide 363 3 In the Certificates dialog box, click the Trusted Root Certificates Authorities tab, sele ct the ce rtificat e that you want to de lete, and then clic k Remov e . Figure 248 Internet Explorer 7: Cert ificates 4 In the Certificates confirmation, click Yes . Figure 249 Internet[...]

  • Page 364

    Appendix D Importing Certificates NWA-3500/NWA-3550 User’s Guide 364 6 The next time you go to the web site that issued the public key certificate you just removed, a certification error appears. Firefox The following example uses Mozilla Fi refox 2 on Windows XP Professional; however, the screens can also apply to Firefox 2 on all platforms. 1 I[...]

  • Page 365

    Appendix D Importi ng Certificates NWA-3500/NWA-3550 User’s Guide 365 3 The certificate is stored and you can now connect securely to t he web configurator. A sealed padlock appears in the address bar, which you can click to open the Page Info > Security window to view the web page’s securit y informat ion. Figure 252 Firefox 2: Page Info In[...]

  • Page 366

    Appendix D Importing Certificates NWA-3500/NWA-3550 User’s Guide 366 1 Open Firefox and click Tools > Options . Figure 253 Firefox 2: Tools Menu 2 In the Options dialog box, click Advanced > Encryption > View Certificates . Figure 254 Firefox 2: Options[...]

  • Page 367

    Appendix D Importi ng Certificates NWA-3500/NWA-3550 User’s Guide 367 3 In the Certificate Manager dialog box, cli ck Web Sites > Import . Figure 255 Firefox 2: Cert ificate Manager 4 Use the Select File dialog box to lo cate the certificate and then cli ck Open . Figure 256 Firefox 2: Select File 5 The next time you visit the web site, clic k[...]

  • Page 368

    Appendix D Importing Certificates NWA-3500/NWA-3550 User’s Guide 368 Removing a Certificate in Firefox This section shows you how to remove a public key certificate in Firef ox 2. 1 Open Firefox and click Tools > Options . Figure 257 Firefox 2: Tools Menu 2 In the Options dialog box, click Advanced > Encryption > View Certificates . Figu[...]

  • Page 369

    Appendix D Importi ng Certificates NWA-3500/NWA-3550 User’s Guide 369 3 In the Certificate Manager dialog box, select the Web Sites tab, select the certificate that you want to remove, and then click Delete . Figure 259 Firefox 2: Cert ificate Manager 4 In the Delete Web Site Certificates dialog box, click OK . Figure 260 Firefox 2: Delete Web Si[...]

  • Page 370

    Appendix D Importing Certificates NWA-3500/NWA-3550 User’s Guide 370 1 If your device’s web configurator is set to use SSL certification, then t he first time you browse to it you are presented with a certification error. 2 Click Install to accept the certi ficate. Figure 261 Opera 9: Certificate signer not found 3 The next time you visit the w[...]

  • Page 371

    Appendix D Importi ng Certificates NWA-3500/NWA-3550 User’s Guide 371 Installing a Stand-Alone Ce rtificate File in Opera Rather than browsi ng to a ZyXEL web co nfigurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you. 1 Open Opera and click Tools > Preferen[...]

  • Page 372

    Appendix D Importing Certificates NWA-3500/NWA-3550 User’s Guide 372 2 In Preferences , click Advanced > Security > Manage certificates . Figure 264 Opera 9: Prefer ences[...]

  • Page 373

    Appendix D Importi ng Certificates NWA-3500/NWA-3550 User’s Guide 373 3 In the Certificates Manager , click Authorities > Import . Figure 265 Opera 9: Certificate manager 4 Use the Import certificate dialog box to locate the certificate and then click Open. Figure 266 Opera 9: Import certif icate[...]

  • Page 374

    Appendix D Importing Certificates NWA-3500/NWA-3550 User’s Guide 374 5 In the Install authority certificate dialog box, cl ick Install . Figure 267 Opera 9: Install auth ority certificate 6 Next, click OK . Figure 268 Opera 9: Install auth ority certificate 7 The next time you visit the web site, clic k the padlock in the address bar to open the [...]

  • Page 375

    Appendix D Importi ng Certificates NWA-3500/NWA-3550 User’s Guide 375 1 Open Opera and click Tools > Preferences . Figure 269 Opera 9: Too ls Menu 2 In Preferences , Advanced > Security > Manage certificates . Figure 270 Opera 9: Prefer ences[...]

  • Page 376

    Appendix D Importing Certificates NWA-3500/NWA-3550 User’s Guide 376 3 In the Certificates manager , select the Authorities tab, select t he certificate that you want to remove, and then click Delete . Figure 271 Opera 9: Certificate manager 4 The next time you go to the web site that issued the public key certificate you just removed, a certific[...]

  • Page 377

    Appendix D Importi ng Certificates NWA-3500/NWA-3550 User’s Guide 377 2 Click Continue . Figure 272 Konquero r 3.5: Server Authentication 3 Click Forever when prompted to accept the certificate. Figure 273 Konquero r 3.5: Server Authentication 4 Click the padlock in the addr ess bar to open the KDE SSL Information window and view the web page’s[...]

  • Page 378

    Appendix D Importing Certificates NWA-3500/NWA-3550 User’s Guide 378 Installing a Stand-Alone Cert ificate File in Konqueror Rather than browsi ng to a ZyXEL web co nfigurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you. 1 Double-click the public key certifica[...]

  • Page 379

    Appendix D Importi ng Certificates NWA-3500/NWA-3550 User’s Guide 379 3 The next time you visit the web site, clic k the padlock in the address bar to open the KDE SSL Inf ormation window to view the web page’s security detail s. Removing a Certificate in Konqueror This section shows you how to remove a public key certificate in Konqueror 3.5. [...]

  • Page 380

    Appendix D Importing Certificates NWA-3500/NWA-3550 User’s Guide 380 4 The next time you go to the web site that issued the public key certificate you just removed, a certification error appears. Note: There is no confirmation wh en you remove a certificate authority, so be absolutely certain you want to go through with it before clicking the but[...]

  • Page 381

    NWA-3500/NWA-3550 User’s Guide 381 A PPENDIX E IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individ ual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the netw ork. These networking devices [...]

  • Page 382

    Appendix E IP Addre sses and Subnetting NWA-3500/NWA-3550 User’s Guide 382 The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. Figure 280 Network Number and Host ID How much of the IP address is the networ k number and how much is the host I[...]

  • Page 383

    Appendix E IP Addresses and Subnetting NWA-3500/NWA-3550 User’s Guide 383 By convention, subnet masks always cons ist of a continuous sequence of ones beginning from the leftmost bit of the mask , followed by a continuou s sequence of zeros, for a total number of 32 bits. Subnet masks can be referred to by the size of the network number p art (th[...]

  • Page 384

    Appendix E IP Addre sses and Subnetting NWA-3500/NWA-3550 User’s Guide 384 As these two IP addresses cannot be us ed for individual hosts, calculat e the maximum number of possible host s in a network as follows: Notation Since the mask is always a continuous nu mber of ones beginning from the left , followed by a c ontinuous number of ze ros for[...]

  • Page 385

    Appendix E IP Addresses and Subnetting NWA-3500/NWA-3550 User’s Guide 385 Subnetting You can use subnetting to divide one netw ork into multiple sub -networks . In the following example a network administrator creates two sub-networks to isol ate a group of servers from the rest of th e company network for security reasons. In this example, the c[...]

  • Page 386

    Appendix E IP Addre sses and Subnetting NWA-3500/NWA-3550 User’s Guide 386 The following figure shows the company network afte r subnetting. Th ere are now two sub-n etworks, A and B . Figure 282 Subnetting Example: After Sub netting In a 25-bit subnet the host ID has 7 bits , so each sub-network has a maximum of 2 7 – 2 or 126 possible hosts ([...]

  • Page 387

    Appendix E IP Addresses and Subnetting NWA-3500/NWA-3550 User’s Guide 387 Each subnet contains 6 host ID bit s, giving 2 6 - 2 or 62 hosts for each subnet (a host ID of all zeroes is t he subnet it self, all ones is the subnet’s broadc ast address). Table 104 Subnet 1 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address (Decimal) 192.1[...]

  • Page 388

    Appendix E IP Addre sses and Subnetting NWA-3500/NWA-3550 User’s Guide 388 Example: Eight Subnets Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet. Subnet Planning The following table is a summary for subnet planning on a networ[...]

  • Page 389

    Appendix E IP Addresses and Subnetting NWA-3500/NWA-3550 User’s Guide 389 The following table is a summary for subnet planning on a network with a 16-bi t network number. Configuring IP Addresses Where you obtain your networ k number depends on your partic ular situation. If the ISP or your network administrator assigns you a block of registered [...]

  • Page 390

    Appendix E IP Addre sses and Subnetting NWA-3500/NWA-3550 User’s Guide 390 you entered. You don't need to c hange the subnet mask co mputed by the NWA unless you are instru cted to do otherwise. Private IP Addresses Every machine on the Internet must have a unique address. If your networks are isolated from the Internet (running onl y betwee[...]

  • Page 391

    NWA-3500/NWA-3550 User’s Guide 391 A PPENDIX F Text File Based Auto Configuration This chapter describes how administ rators can use text configuration files to configure the wireless LAN setti ngs for multiple APs . Text File Based Auto Configuration Overview You can use plain text configuration files to configure the wireless LAN set tings on m[...]

  • Page 392

    Appendix F Text File Ba sed Auto Configuration NWA-3500/NWA-3550 User’s Guide 392 You can have a different configuration file for each AP. You can also have multiple APs use the same configuration file. Note: If adjacent APs use the same configu ration file, you should leave out the channel setting since they could interf ere with each other’s [...]

  • Page 393

    Appendix F Text File Ba sed Auto C onfiguration NWA-3500/NWA-3550 User’s Guide 393 Use the following procedure to have th e AP download the configuration file. Verifying Your Configurat ion File Upload Via SNMP You can use SNMP management software to d isplay the configu ration file version currently on the device by using the following MIB. Trou[...]

  • Page 394

    Appendix F Text File Ba sed Auto Configuration NWA-3500/NWA-3550 User’s Guide 394 The second line must speci fy the file ve rsion. The AP compares the file version with the version of the last configuration fi le t hat it downloaded. If the version of the downloaded file is the same or smalle r (older), the AP ignores the fi le. If the version of[...]

  • Page 395

    Appendix F Text File Ba sed Auto C onfiguration NWA-3500/NWA-3550 User’s Guide 395 Wcfg Command Configuration File Examples These example configuration files use the wcfg command to configure security and SSID profiles. Figure 285 WEP Configura tion File Example Figure 286 802.1X Configura tion File Example !#ZYXEL PROWLAN !#VERSION 11 wcfg secur[...]

  • Page 396

    Appendix F Text File Ba sed Auto Configuration NWA-3500/NWA-3550 User’s Guide 396 Figure 287 WPA-PSK Configuration File Example Figure 288 WPA Configura tion File Example Wlan Command Configuration File Example This example configuration file uses the wlan command to configure the AP to use the security and SSID profiles from the wcfg command con[...]

  • Page 397

    Appendix F Text File Ba sed Auto C onfiguration NWA-3500/NWA-3550 User’s Guide 397 commands that create security and SSID pr ofiles before the comm ands that tell the AP to use thos e profiles . Figure 289 Wlan Configura tion File Example !#ZYXEL PROWLAN !#VERSION 15 wcfg ssid 1 name ssid-wep wcfg ssid 1 security Test-wep wcfg ssid 2 name ssid-80[...]

  • Page 398

    Appendix F Text File Ba sed Auto Configuration NWA-3500/NWA-3550 User’s Guide 398[...]

  • Page 399

    NWA-3500/NWA-3550 User’s Guide 399 A PPENDIX G Legal Information Copyright Copyright © 2009 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval syst em, translated into any language, or transmitted in any form or by any me ans, el ectronic, mech[...]

  • Page 400

    Appendix G Legal Information NWA-3500/NWA-3550 User’s Guide 400 • This device mus t accept any interf erence received, including inter ference that may cause undesired operations. This device has been tested and found to comply with the limits for a Cl ass B digital device pursuant to Part 15 of the FCC Rules. These l imits are designed to prov[...]

  • Page 401

    Appendix G Legal Information NWA-3500/NWA-3550 User’s Guide 401 前項合法通信,指依電信規定作 業之無線電信。低功率射頻電機須 忍 受合法通信或工業、科學及醫療 用電波輻射性電機設備之干擾。 在 5250MHz~5350M Hz 頻帶內操作之無 線資訊傳輸設 備,限於室內 使用。 本機限在?[...]

  • Page 402

    Appendix G Legal Information NWA-3500/NWA-3550 User’s Guide 402 Note Repair or replacement, as provided unde r this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warrantie s, express or implied, including any implied warrant y of merchantability or fitness for a particular use or purpose. ZyXEL shall in[...]

  • Page 403

    Index NWA-3500/NWA-3550 User’s Guide 403 Index A access 24 access point 24 access privileges 29 address 110 address assignment 110 , 185 address filtering 23 administrator authentication on RADIUS 117 Advanced Encryption Standard See AES. AES 341 alternative subnet mask notation 384 antenna 297 , 29 8 directional 346 gain 345 omni-directional 346[...]

  • Page 404

    Index NWA-3500/NWA-3550 User’s Guide 404 D default 284 DFS 141 Differentiated Services 153 DiffServ 152 DiffServ Code Point (DSC P) 153 DiffServ Code Points 153 DiffServ marking rule 153 dimensions 297 disclaimer 399 Distribution System 120 DS fiel d 153 DSCPs 153 DTLS 31 , 87 dual wireless modules 23 Dynamic Frequency Selection 141 dynamic WEP k[...]

  • Page 405

    Index NWA-3500/NWA-3550 User’s Guide 405 logs 235 M MAC address 23 , 174 , 179 MAC address filter action 181 MAC filter 30 MAC filtering 299 maintenance 23 management 23 Management Information Base (MIB) 207 Management Mode CAPWAP and DHCP 88 CAPWAP and IP Subnets 88 managed AP 88 standalone mode 87 management VLAN 250 managing the device good ha[...]

  • Page 406

    Index NWA-3500/NWA-3550 User’s Guide 406 related documentation 3 remote management limitations 196 repeater 25 reset button 297 restore 283 RF interference 24 roaming 141 requirements 143 rogue AP 23 , 189 , 190 , 191 root bridge 140 RTS (Request To Send) 334 threshold 333 , 334 S safety warnings 7 security 25 security profiles 23 server 23 Servi[...]

  • Page 407

    Index NWA-3500/NWA-3550 User’s Guide 407 wireless Internet connection 24 wireless LAN 295 wireless modules (dual) 23 wireless security 29 , 155 , 295 , 33 6 WLAN interference 333 security parameters 344 WLAN interface 24 WMM 149 WPA 23 , 340 key caching 342 pre-authentication 342 user authentication 342 vs WPA-PSK 341 wireless client supplicant 3[...]

  • Page 408

    Index NWA-3500/NWA-3550 User’s Guide 408[...]